- Read Me First
- What's New for Cisco Catalyst SD-WAN
- Policy Basics
- Policy Overview
- Control Policy
- Data Policy
- Policy Basics CLI Reference
- Forward Error Correction
- Packet Duplication for Noisy Channels
- Application-Aware Routing
- Information About Application-Aware Routing
- Service Chaining
- Traffic Flow Monitoring with Cflowd
- Cisco vEdge Device as a NAT Device
- Policy Applications Using CLIs
Policy Basics CLI Reference
CLI commands for configuring and monitoring policy.
Centralized Control Policy Command Hierarchy
Configure on Cisco Catalyst SD-WAN Controllers only.
policy
lists
color-list list-name
color color
prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
tloc-list list-name
tloc address color color encap encapsulation [preference value weight value]
vpn-list list-name
vpn vpn-id
policy
control-policy policy-name
default-action action
sequence number
match
route
color color
color-list list-name
omp-tag number
origin protocol
originator ip-address
preference number
prefix-list list-name
site-id site-id
site-list list-name
tloc address
tloc-list list-name
vpn vpn-id
vpn-list list-name
tloc
carrier carrier-name
color color
color-list list-name
domain-id domain-id
group-id group-id
omp-tag number
originator ip-address
preference number
site-id site-id
site-list list-name
tloc address
tloc-list list-name
action
reject
accept
export-to (vpn vpn-id | vpn-list list-name)
set
omp-tag number
preference value
service service-name (tloc ip-address | tloc-list list-name) [vpn vpn-id]
tloc-action action
tloc-list list-name
apply-policy
site-list list-name control-policy policy-name (in | out)
Localized Control Policy Command Hierarchy
Configure on Cisco vEdge devices only.
policy
lists
as-path-list list-name
as-path as-number
community-list list-name
community [aa:nn | internet | local-as | no-advertise | no-export]
ext-community-list list-name
community [rt (aa:nn | ip-address) | soo (aa:nn | ip-address)]
prefix-list list-name
ip-prefix prefix/length
policy
route-policy policy-name
default-action action
sequence number
match
address list-name
as-path list-name
community list-name
ext-community list-name
local-preference number
metric number
next-hop list-name
omp-tag number
origin (egp | igp | incomplete)
ospf-tag number
peer address
action
reject
accept
set
aggregator as-number ip-address
as-path (exclude | prepend) as-number
atomic-aggregate
community value
local-preference number
metric number
metric-type (type1 | type2)
next-hop ip-address
omp-tag number
origin (egp | igp | incomplete)
originator ip-address
ospf-tag number
weight number
vpn vpn-id
router
bgp local-as-number
address-family ipv4_unicast
redistribute (connected | nat | omp | ospf | static) [route-policy policy-name]
neighbor address
address-family ipv4-unicast
route-policy policy-name (in | out)
ospf
redistribute (bgp | connected | nat | omp | static) route-policy policy-name
route-policy policy-name in
Centralized Data Policy Command Hierarchy
Configure on Cisco Catalyst SD-WAN Controllers only.
policy
lists
app-list list-name
(app applications | app-family application-families)
data-prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
tloc-list list-name
tloc ip-address color color encap encapsulation [preference value weight value]
vpn-list list-name
vpn vpn-id
policy
data-policy policy-name
vpn-list list-name
default-action action
sequence number
match
app-list list-name
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dns (request | response)
dns-app-list list-name
dscp number
icmp-msg
packet-length number
plp (high | low)
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
tcp flag
action
cflowd
count counter-name
drop
log
tcp-optimization
accept
nat [pool number] [use-vpn-0]
redirect-dns (host | ip-address)
set
dscp number
forwarding-class class
local-tloc color color [encap encapsulation]
local-tloc-list color color [encap encapsulation] [restrict]
next-hop ip-address
policer policer-name
service service-name local [restrict] [vpn vpn-id]
service service-name [tloc ip-address | tloc-list list-name] [vpn vpn-id]
tloc ip-address color color [encap encapsulation]
tloc-list list-name
vpn vpn-id
vpn-membership policy-name
default-action action
sequence number
match
vpn vpn-id
vpn-list list-name
action
(accept | reject)
apply-policy
site-list list-name data-policy policy-name (all | from-service | from-tunnel)
site-list list-name vpn-membership policy-name
Localized Data Policy Command Hierarchy
For IPv4
Configure on Cisco vEdge devices only.
policy
lists
prefix-list list-name
ip-prefix prefix/length
class-map
class class-name queue number
log-frequency number
mirror mirror-name
remote-dest ip-address source ip-address
policer policer-name
burst bytes
exceed action
rate bps
qos-map map-name
qos-scheduler scheduler-name
qos-scheduler scheduler-name
bandwidth-percent percentage
buffer-percent percentage
class class-name
drops (red-drop | tail-drop)
scheduling (llq | wrr)
rewrite-rule rule-name
policy
access-list acl-name
default-action action
sequence number
match
class class-name
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dscp number
packet-length number
plp (high | low)
protocol number
source-data-prefix-list list-name
source-ip prefix-length
source-port number
tcp flag
action
drop
count counter-name
log
accept
class class-name
count counter-name
log
mirror mirror-name
policer policer-name
set dscp value
vpn vpn-id
interface interface-name
access-list acl-name (in | out)
For IPv6
Configure on Cisco vEdge devices only.
policy ipv6
class-map
class class map map
mirror mirror-name
remote-dest ip-address source ip-address
policer policer-name
rate bandwidth
burst bytes
exceed action
policy ipv6
access-list list-name
sequence number
match
match-parameters
action
drop
count counter-name
log
accept
class class-name
mirror mirror-name
policer policer-name
default-action
(accept | drop)
vpn vpn-id
interface interface-name
ipv6 access-list list-name (in | out)
Operational Commands
show running-config