- Read Me First
- What's New for Cisco Catalyst SD-WAN
- Policy Basics
- Policy Overview
- Control Policy
- Data Policy
- Policy Basics CLI Reference
- Forward Error Correction
- Packet Duplication for Noisy Channels
- Application-Aware Routing
- Information About Application-Aware Routing
- Service Chaining
- Traffic Flow Monitoring with Cflowd
- Cisco vEdge Device as a NAT Device
- Policy Applications Using CLIs
Policy Applications Using CLIs
CLI commands for configuring and monitoring policy applications.
Application-Aware Routing Command Hierarchy
Configure and apply the policy on Cisco Catalyst SD-WAN Controllers:
policy
lists
app-list list-name
(app application-name | app-family application-family)
data-prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
vpn-list list-name
vpn vpn-id
sla-class sla-class-name
jitter milliseconds
latency milliseconds
loss percentage
policy
app-route-policy policy-name
vpn-list list-name
default-action sla-class sla-class-name
sequence number
match
app-id app-id-name
app-list list-name
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dns (request | response)
dns-app-list list-name
dscp number
plp (high | low)
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
action
backup-sla-preferred-color colors
count
log
sla-class sla-class-name [strict] [preferred-color colors]
apply-policy site-list list-name
app-route-policy policy-name
Configure the data plane tunnel performance monitoring parameters on the Cisco vEdge devices:
bfd
app-route
multiplier number
poll-interval millisecondsCflowd Traffic Flow Monitoring Command Hierarchy
Configure on Cisco Catalyst SD-WAN Controllers only:
policy
lists
prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
vpn-list list-name
vpn vpn-id
cflowd-template template-name
collector vpn vpn-id address ip-address port port-number transport transport-type
flow-active-timeout seconds
flow-inactive-timeout seconds
flow-sampling-interval number
template-refresh secondspolicy
data-policy policy-name vpn-list list-name
default-action action
sequence number
match
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dscp number
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
action
count counter-name
drop
accept
cflowdapply-policy
site-list list-name
data-policy policy-name direction
cflowd-template template-nameLocal Internet Exit Command Hierarchy
Configure and apply a centralized data policy on the Cisco Catalyst SD-WAN Controller:
policy
lists
prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
vpn-list list-name
vpn vpn-id
cflowd-template template-name
collector vpn vpn-id address ip-address port port-number
flow-active-timeout seconds
flow-inactive-timeout seconds
template-refresh secondspolicy
data-policy policy-name vpn-list list-name
default-action action
sequence number
match
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dscp number
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
action
count counter-name
drop
accept
nat use-vpn 0apply-policy
site-list list-name
data-policy policy-name directionOn a Cisco vEdge device, enable NAT functionality in the WAN VPN:
vpn vpn-id
interface interface-name
nat
refresh (bi-directional | outbound)
tcp-timeout minutes
udp-timeout minutesZone-Based Firewalls
policy
lists
prefix-list list-name
ip-prefix prefix/length
tcp-syn-flood-limit number
zone (destination-zone-name | source-zone-name)
vpn vpn-id
zone-to-no-zone-internet (allow | deny)
zone-pair pair-name
source-zone source-zone-name
destination-zone destination-zone-name
zone-policy policy-name
zone-based-policy policy-name
default-action action
sequence number
match
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
protocol number
source-data-prefix-list list-name
source-ip prefix-length
source-port number
action
drop
inspect
log
passOperational Commands
clear app cflowd flow-all (on Cisco vEdge devices only)
clear app cflowd flows (on Cisco vEdge devices only)
clear app cflowd statistics (on Cisco vEdge devices only)
clear policy zbfw filter-statistics (on Cisco vEdge devices only)
clear policy zbfw global-statistics (on Cisco vEdge devices only)
clear policy zbfw sessions (on Cisco vEdge devices only)
show app-route stats (on Cisco vEdge devices only)
show app cflowd collector (on Cisco vEdge devices only)
show app cflowd flow-count (on Cisco vEdge devices only)
show app cflowd flows (on Cisco vEdge devices only)
show app cflowd statistics (on Cisco vEdge devices only)
show app cflowd template (on Cisco vEdge devices only)
show ip routes (on Cisco vEdge devices)
show policy from-vsmart (on Cisco vEdge devices only)
show policy zbfw filter-statistics (on Cisco vEdge devices only)
show policy zbfw global-statistics (on Cisco vEdge devices only)
show policy zbfw sessions (on Cisco vEdge devices only)
show running-config (on Cisco Catalyst SD-WAN Controllers only)
Feedback