Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

data-policy

policy data-policy—Configure or apply a centralized data policy based on data packet header fields (on vSmart controllers only).

Command Hierarchy

Create a Centralized Data Policy

policy
  data-policy policy-name
    vpn-list list-name
      default-action action
      sequence number
        match
          app-list list-name
          destination-data-prefix-list list-name
          destination-ip prefix/length
          destination-port number
          dns (request | response)
          dns-app-list list-name
          dscp number
          packet-length bytes
          plp (high | low)
          protocol number
          source-data-prefix-list list-name
          source-ip prefix/length
          source-port number
          tcp flag
        action
          cflowd (not available for deep packet inspection)
          count counter-name
          drop          
          log
          tcp-optimization
          accept 
            nat [pool number] [use-vpn 0] (in Releases 16.2 and earlier, not available for deep packet inspection)
            redirect-dns (host | ip-address)
            set
              dscp number
              forwarding-class class
              local-tloc color color [encap encapsulation]
              local-tloc-list color color [encap encapsulation] [restrict]
              next-hop ip-address
              policer policer-name
              service service-name local [restrict] [vpn vpn-id]
              service service-name [tloc ip-address | tloc-list list-name] [vpn vpn-id]
              tloc ip-address color color [encap encapsulation]
              tloc-list list-name
              vpn vpn-id

Apply a Centralized Data Policy

apply-policy
  site-list list-name data-policy policy-name (all | from-service | from-tunnel)
  cflowd-template template-name
apply-policy
  site-list list-name vpn-membership policy-name

Options

Data Policy Name
policy-name
Name of the localized data policy to configure or to apply to a list of sites in the overlay network. policy-name can be up to 32 characters long.

Example

Configure and apply a simple data policy:

vSmart# show running-config policy
policy
 data-policy test-data-policy
  vpn-list test-vpn-list
   sequence 10
    match
     destination-ip 172.16.0.0/24
    !
    action drop
     count test-counter
    !
   !
   default-action drop
  !
 !
 lists
  vpn-list test-vpn-list
   vpn 1
  !
  site-list test-site-list
   site-id 500
  !
 !
!
vSmart# show running-config apply-policy 
apply-policy
 site-list test-site-list
  data-policy test-data-policy
 !
!

Immediately after we activate the configuration on the vSmar controller, it pushes the policy configuration to the vEdge routers in site 500. One of these routers is vEdge5, where we see that the policy has been received:

vEdge5# show omp data-policy 
policy-from-vsmart
 data-policy test-data-policy
  vpn-list test-vpn-list
   sequence 10
    match
     destination-ip 172.16.0.0/24
    !
    action drop
     count test-counter
    !
   !
   default-action drop
  !
 !
 lists
  vpn-list test-vpn-list
   vpn 1
  !
 !
!

Release Information

Command introduced in Viptela Software Release 14.1.​

Additional Information

See the Policy Overview and Configuring Centralized Data Policy articles for your software release.
vpn-membership

  • Was this article helpful?