Policy Basics CLI Reference
CLI commands for configuring and monitoring policy.
Centralized Control Policy Command Hierarchy
Configure on vSmart controllers only.
policy lists color-list list-name color color prefix-list list-name ip-prefix prefix/length site-list list-name site-id site-id tloc-list list-name tloc address color color encap encapsulation [preference value weight value] vpn-list list-name vpn vpn-id
policy control-policy policy-name default-action action sequence number match route color color color-list list-name omp-tag number origin protocol originator ip-address preference number prefix-list list-name site-id site-id site-list list-name tloc address tloc-list list-name vpn vpn-id vpn-list list-name tloc carrier carrier-name color color color-list list-name domain-id domain-id group-id group-id omp-tag number originator ip-address preference number site-id site-id site-list list-name tloc address tloc-list list-name action reject accept export-to (vpn vpn-id | vpn-list list-name) set omp-tag number preference value service service-name (tloc ip-address | tloc-list list-name) [vpn vpn-id] tloc-action action tloc-list list-name
apply-policy site-list list-name control-policy policy-name (in | out)
Localized Control Policy Command Hierarchy
Configure on vEdge routers only.
policy lists as-path-list list-name as-path as-number community-list list-name community [aa:nn | internet | local-as | no-advertise | no-export] ext-community-list list-name community [rt (aa:nn | ip-address) | soo (aa:nn | ip-address)] prefix-list list-name ip-prefix prefix/length
policy route-policy policy-name default-action action sequence number match address list-name as-path list-name community list-name ext-community list-name local-preference number metric number next-hop list-name omp-tag number origin (egp | igp | incomplete) peer address action reject accept set aggregator as-number ip-address as-path (exclude | prepend) as-number atomic-aggregate community value local-preference number metric number metric-type (type1 | type2) next-hop ip-address omp-tag number origin (egp | igp | incomplete) originator ip-address ospf-tag number weight number
vpn vpn-id router bgp local-as-number address-family ipv4_unicast redistribute (connected | nat | omp | ospf | static) [route-policy policy-name] neighbor address address-family ipv4-unicast route-policy policy-name (in | out) ospf redistribute (bgp | connected | nat | omp | static) route-policy policy-name route-policy policy-name in
Centralized Data Policy Command Hierarchy
Configure on vSmart controllers only.
policy lists app-list list-name (app applications | app-family application-families) data-prefix-list list-name ip-prefix prefix/length site-list list-name site-id site-id tloc-list list-name tloc ip-address color color encap encapsulation [preference value weight value] vpn-list list-name vpn vpn-id
policy data-policy policy-name vpn-list list-name default-action action sequence number match app-list list-name destination-data-prefix-list list-name destination-ip prefix/length destination-port number dscp number packet-length number plp (high | low) protocol number source-data-prefix-list list-name source-ip prefix/length source-port number tcp flag action cflowd count counter-name drop log accept nat [pool number] [use-vpn-0] set dscp number forwarding-class class local-tloc color color [encap encapsulation] local-tloc-list color color [encap encapsulation] [restrict] next-hop ip-address policer policer-name service service-name local [restrict] [vpn vpn-id] service service-name [tloc ip-address | tloc-list list-name] [vpn vpn-id] tloc ip-address color color [encap encapsulation] tloc-list list-name vpn vpn-id vpn-membership policy-name default-action action sequence number match vpn vpn-id vpn-list list-name action (accept | reject)
apply-policy site-list list-name data-policy policy-name (all | from-service | from-tunnel) site-list list-name vpn-membership policy-name
Localized Data Policy Command Hierarchy
For IPv4
Configure on vEdge routers only.
policy lists prefix-list list-name ip-prefix prefix/length class-map class class-name queue number log-frequency number mirror mirror-name remote-dest ip-address source ip-address policer policer-name burst bytes exceed action rate bps qos-map map-name qos-scheduler scheduler-name qos-scheduler scheduler-name bandwidth-percent percentage buffer-percent percentage class class-name drops drop-type rewrite-rule rule-name
policy access-list acl-name default-action action sequence number match class class-name destination-data-prefix-list list-name destination-ip prefix/length destination-port number dscp number packet-length number plp (high | low) protocol number source-data-prefix-list list-name source-ip prefix-length source-port number tcp flag action drop count counter-name log accept class class-name count counter-name log mirror mirror-name policer policer-name set dscp value
vpn vpn-id interface interface-name access-list acl-name (in | out)
For IPv6
Configure on vEdge routers only.
policy ipv6 class-map class class map map mirror mirror-name remote-dest ip-address source ip-address policer policer-name rate bandwidth burst bytes exceed action
policy ipv6 access-list list-name sequence number match match-parameters action drop count counter-name log accept class class-name mirror mirror-name policer policer-name default-action (accept | drop)
vpn vpn-id interface interface-name ipv6 access-list list-name (in | out)