Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Policies

  1. Last updated
  2. Save as PDF

Use the Policies screen to create and activate centralized and localized control and data policies for vSmart controllers and vEdge routers.

Screen Elements

  • Top bar—On the left are the menu icon, for expanding and collapsing the vManage menu, and the vManage product name. On the right are a number of icons and the user profile drop-down.
  • Title bar—Includes the title of the screen and the following:
    • Policies, and the Centralized Policy/Localized Policy drop-down. When you first open the Policies screen, Centralized Policy is selected.
    • Define Lists—Click to create lists, to group related items, for use in a policy.
  • Policy tab (when you select Centralized Policy)—List all centralized or localized policies that have already been configured using either the vManage GUI policy builder or the CLI, and create new policies:
    • Assemble Full Policy—Click to assemble an application-aware routing, control, or data policy from lists and other policy components created using the vManage GUI policy builder.
    • CLI—Click to assemble an application-aware routing, control, or data policy from lists and other policy components created using the CLI.
  • Traffic tab (when you select Centralized Policy)—List all the traffic policy components that have already been configured using the vManage GUI policy builder, and create new policies:
    • Add App Route Policy—Click to create the components of an application-aware routing policy.
    • Add Data Policy—Click to create the components of a data policy.
  • Control tab (when you select Centralized Policy)—List all centralized control policy components that have already been configured using the vManage GUI policy, and create new policies:
    • Add App Route Policy—Click to create the components of an application-aware routing policy.
  • Policies tab (when you select Localized Policy)—List all localized policies that have already been configured using the CLI, and create new policies:
    • Add CLI—Click to create the components of an localized policy.
  • Search box—Includes the Search Options drop-down, for a Contains or Match string.
  • Policies table—To re-arrange the columns, drag the column title to the desired position.

g00368.png

Create an Application-Aware Routing Policy

To configure application-aware routing policy in vManage NMS, perform the following steps:

  1. Configure lists to group related items, to be called in the application-aware routing policy.
  2. Configure the application-aware routing policy policy.
  3. Apply the policy.

Configure Lists

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policies title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policy Screen, Centralized Policy is selected by default.
  3. Click Define Lists, located in the upper right corner of the screen.
  4. In the left pane, select the type of list. For application-aware routing policy, you can use Application, Data Prefix, Prefix, SLA Class, and VPN lists.
  5. To create a new list, click New List.
    To modify an existing list, click the More Actions icon to the right of the desired list, and click the pencil icon.
  6. In the List Name field, enter a name for the list. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  7. In the field below the List Name field, enter the desired values for the list. For some lists you type the desired values, and for others you select from a drop-down.
  8. Click Add (for a new list) or Save (for an existing list).

Configure an Application-Aware Routing Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policy title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policy Screen, Centralized Policy is selected by default.
  3. In the Policy bar, click Traffic.
  4. To create a new application-aware routing policy, click Add App Route Policy.
    To modify an existing policy, click the More Actions icon to the right of the desired policy, and click the pencil icon.
  5. If data traffic does not match any of the conditions in one of the sequences, it is dropped by default. If you want nonmatching routes to be accepted, click the pencil icon in the Default Action, click Accept, and click Save Match And Actions.
  6. To create a match–action sequence for data traffic:
    1. Click Sequence Type.
    2. To create a match–action rule, click Sequence Rule. The Match button is selected by default.
    3. Click the desired Match button, and enter the desired values in Match Conditions. For some conditions, you type the desired values, and for others you select from a drop-down.
    4. Click the Actions button.
    5. Click the desired action, and enter the desired values for Actions.
    6. Click Save Match and Actions.
    7. Create additional Sequence Rules or Sequence Types, as needed.
  7. To rename a Sequence Type, double-click its name in the right pane, and type the new name. The name also changes in the right pane.
  8. To re-order sequence rules and types, drag and drop them them.
  9. Click Save.

You can also configure an application aware routing policy directly from the Configuration ► Policies screen:

  1. Click Assemble Full Policy.
  2. In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  3. In the Policy Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  4. Click Data in the bar located directly below the Policy Description field.
  5. In the left pane, click Add App Route Policy, and follow Steps 6, 7, and 8 above.

Apply an Application-Aware Routing Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. Click Assemble Full Policy.
  3. In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  4. In the Policy Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  5. Click App Route Policy in the bar located directly below the Policy Description field.
  6. In the left pane, select a data policy. The right pane displays the New Site List and VPN List box.
  7. Click New Site List and VPN List.
  8. Click the Select Site List field, and select a site list.
  9. Click the Select VPN List field, and select a VPN list.
  10. Click Add.
  11. To add additional components to the application-aware routing policy, repeat Steps 6 through 10.
  12. Click Save.

Create a Centralized Data Policy

To configure a centralized data policy in vManage NMS, perform the following steps:

  1. Configure lists to group related items, to be called in the centralized data policy.
  2. Configure the centralized data policy.
  3. Apply the policy.

Configure Lists

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policies title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policy Screen, Centralized Policy is selected by default.
  3. Click Define Lists, located in the upper right corner of the screen.
  4. In the left pane, select the type of list. For centralized data policy, you can use Application, Prefix, Site, TLOC, and VPN lists.
  5. To create a new list, click New List.
    To modify an existing list, click the More Actions icon to the right of the desired list, and click the pencil icon.
  6. In the List Name field, enter a name for the list. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  7. In the field below the List Name field, enter the desired values for the list. For some lists you type the desired values, and for others you select from a drop-down.
  8. Click Add (for a new list) or Save (for an existing list).

Configure a Centralized Data Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policies title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policy Screen, Centralized Policy is selected by default.
  3. In the Policy bar, click Traffic.
  4. To create a new centralized data policy, click Add Data Policy.
    To modify an existing policy, click the More Actions icon to the right of the desired policy, and click the pencil icon.
  5. If data traffic does not match any of the conditions in one of the sequences, it is dropped by default. If you want nonmatching routes to be accepted, click the pencil icon in the Default Action, click Accept, and click Save Match And Actions.
  6. To create a match–action sequence for data traffic:
    1. Click Sequence Type.
    2. In the Add Data Policy dialog box, select Application Firewall, QoS, Service Chaining, Traffic Engineering, or Custom.
    3. To create a match–action rule, click Sequence Rule. The Match button is selected by default.
    4. Click the desired Match button, and enter the desired values in Match Conditions. For some conditions, you type the desired values, and for others you select from a drop-down.
    5. Click the Actions button. The default action is Reject. To accept matching packets, click the Accept radio button. Then click the desired action, and enter the desired values for Actions.
    6. Click Save Match and Actions.
    7. Create additional Sequence Rules or Sequence Types, as needed.
  7. To rename a Sequence Type, double-click its name in the right pane, and type the new name. The name also changes in the right pane.
  8. To re-order sequence rules and types, drag and drop them them.
  9. Click Save.

You can also configure a centralized data policy directly from the Configuration ► Policies screen:

  1. Click Assemble Full Policy.
  2. In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  3. In the Policy Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  4. Click Data in the bar located directly below the Policy Description field.
  5. In the left pane, click Add Data Policy, and follow Steps 6, 7, and 8 above.

Apply a Centralized Data Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. Click Assemble Full Policy.
  3. In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  4. In the Policy Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  5. Click Data in the bar located directly below the Policy Description field.
  6. In the left pane, select a data policy. The right pane displays the New Site List and VPN List box.
  7. Click New Site List and VPN List.
  8. Click the From Tunnel, From Service, or All radio button to configure which traffic the centralized data policy applies to.
  9. Click the Select Site List field, and select a site list.
  10. Click the Select VPN List field, and select a VPN list.
  11. Click Add.
  12. To add additional components to the centralized data policy, repeat Steps 6 through 11.
  13. Click Save.

Create a Centralized Control Policy

To configure a centralized control policy in vManage NMS, perform the following steps:

  1. Configure lists to group related items to be called in the centralized control policy.
  2. Configure the centralized control policy.
  3. Apply the policy.

Configure Lists

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policies title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policy Screen, Centralized Policy is selected by default.
  3. Click Define Lists, located in the upper right corner of the screen.
  4. In the left pane, select the type of list. For centralized control policy, you can use Prefix, Site, TLOC, and VPN lists.
  5. To create a new list, click New List.
    To modify an existing list, click the More Actions icon to the right of the desired list, and click the pencil icon.
  6. In the List Name field, enter a name for the list. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  7. In the field below the List Name field, enter the desired values for the list. For some lists you type the desired values, and for others you select from a drop-down.
  8. Click Add (for a new list) or Save (for an existing list).

Configure a Centralized Control Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policy title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policy Screen, Centralized Policy is selected by default.
  3. In the Policy bar, click Control.
  4. To create a new centralized control policy, click Add Control Policy.
    To modify an existing policy, click the More Actions icon to the right of the desired policy, and click the pencil icon.
  5. If a route does not match any of the conditions in one of the sequences, it is rejected by default. If you want nonmatching routes to be accepted, click the pencil icon in the Default Action, click Accept, and click Save Match And Actions.
  6. To create a match–action sequence for routes or TLOCs:
    1. Click Sequence Type.
    2. In the Add Control Policy dialog box, select Route or TLOC.
    3. To create a match–action rule, click Sequence Rule. The Match button is selected by default.
    4. Click the desired Match button, and enter the desired values in Match Conditions. For some conditions, you type the desired values, and for others you select from a drop-down.
    5. Click the Actions button. The default action is Reject. To accept matching packets, click the Accept radio button. Then click the desired action, and enter the desired values for Actions.
    6. Click Save Match and Actions.
    7. Create additional Sequence Rules or Sequence Types, as needed.
  7. To rename a Sequence Type, double-click its name in the right pane, and type the new name. The name also changes in the right pane.
  8. To re-order sequence rules and types, drag and drop them them.
  9. Click Save.

You can also configure a centralized control policy directly from the Configuration ► Policies screen:

  1. Click Assemble Full Policy.
  2. In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  3. In the Policy Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  4. Click Control in the bar located directly below the Policy Description field.
  5. In the left pane, click Add Control Policy, and follow Steps 6, 7, and 8 above.

Apply a Centralized Control Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. Click Assemble Full Policy.
  3. In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  4. In the Policy Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  5. Click Control in the bar located directly below the Policy Description field.
  6. In the left pane, select a control policy. The right pane displays the New Site List box.
  7. Click New Site List.
  8. Click the Inbound Site List or Outbound Site List field, select a site list, and click Add.
  9. To add additional components to the centralized control policy, repeat Steps 6 through 8.
  10. Click Save.

Create a Localized Control Policy

To configure a localized control policy, also called a route policy, in vManage NMS, perform the following steps:

  1. Configure the route policy.
  2. Apply the route policy in a device template.

Configure a Route Policy

  1. In vManage NMS, select the Configuration ► Policies screen.
  2. In the Policy title bar, click the Centralized Policy/Localized Policy drop-down. When you first open the Policies screen, Centralized Policy is selected by default.
  3. Select Localized Policy.
  4. Click Add CLI.
  5. In the Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
  6. In the Description field, enter a description for the route policy. This field is mandatory, and it can contain any characters and spaces.
  7. In the CLI Configuration text box, enter the policy configuration. In this configuration, include the necessary lists (in the policy lists configuration command hierarchy) and the policy configuration itself (in one or more policy route-policy commands). You can either type the configuration directly, using the commands described in the sections below; you can copy and paste the configuration; or you can click Select a File to upload a text file that contains the policy configuration.
  8. Click Add.

Apply a Route Policy in a Device Template

  1. In vManage NMS, select the Configuration ► Templates screen.
  2. If you are creating a new device template:
    1. In the Device tab, click Create Template.
    2. From the Create Template drop-down, select From Feature Template.
    3. From the Device Model drop-down, select one of the vEdge devices.
    4. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
    5. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.
    6. Continue with Step 4.
  3. If you are editing an existing device template:
    1. In the Device tab, click the More Actions icon to the right of the desired template, and click the pencil icon.
    2. Click the Additional Templates tab. The screen scrolls to the Additional Templates section.
    3. From the Policy drop-down, select the name of a policy that you have configured.
  4. Click the Additional Templates tab located directly beneath the Description field. The screen scrolls to the Additional Templates section.
  5. From the Policy drop-down, select the name of the policy you configured in the above procedure.
  6. To apply a route policy to BGP:
    1. Scroll to the Service VPN section.
    2. In the Service VPN drop-down, type the service VPN number (a VPN number other than 0 or 512).
    3. From Additional VPN Templates, select BGP.
    4. From the BGP drop-down, click Create Template or View Template.
    5. Select the Neighbor tab, click the plus sign (+), and click More.
    6. In Address Family, change the scope to Device Specific. Then, Click On to enable Address Family, Click On to enable Route Policy In, and specify the name of a route policy to apply to prefixes received from the neighbor, or click On to enable Route Policy Out, and specify the name of a route policy to apply to prefixes sent to the neighbor. This name is one that you configured with a policy route-policy command.
    7. Click Save to save the neighbor configuration, and then click Save to save the BGP configuration.
  7. To apply a route policy to routes coming from all OSPF neighbors:
    1. Scroll to the Service VPN section.
    2. In the Service VPN drop-down, type the service VPN number (a VPN number other than 0 or 512).
    3. From Additional VPN Templates, select OSPF.
    4. Click Create Template or View Template.
    5. Select the Advanced tab.
    6. In Policy Name, specify the name of a route policy to apply to incoming routes. This name is one that you configured with a policy route-policy command.
    7. Click Save.
  8. To apply a route policy before redistributing routes into OSPF:
    1. Scroll to the Service VPN section.
    2. In the Service VPN drop-down, type the service VPN number (a VPN number other than 0 or 512).
    3. From Additional VPN Templates, select OSPF.
    4. Click Create Template or View Template.
    5. Select the Redistribute tab, click the plus sign (+), and select the protocol from which to redistribute routes into OSPF.
    6. Specify the name of a route policy to apply to the routes being redistributed. This name is one that you configured with a policy route-policy command.
    7. Click Save.
  9. Click Save (for a new template) or Update (for an existing template).

View a Policy

  1. In the policy table, select a policy.
  2. Click the More Actions icon to the right of the column and click View.

Edit a Policy

  1. In the policy table, select a policy.
  2. Click the More Actions icon to the right of the column and click Edit.
  3. In the Edit Policy window, edit the policy.
  4. Click Update.

Delete a Policy

  1. In the policy table, select a policy.
  2. Click the More Actions icon to the right of the column and click Delete.
  3. Click OK to confirm deletion of the policy.

Preview a Policy

You can preview a policy that has been created using the vManage GUI policy builder:

  1. In the Policy tab, select a policy from the policy table.
  2. Click the More Actions icon to the right of the column and click Preview.

Copy a Policy

You can copy a policy that has been created using the vManage GUI policy builder:

  1. In the Policy tab, select a policy from the policy table.
  2. Click the More Actions icon to the right of the column and click Preview. The Policy Copy popup window is displayed.
  3. Enter the policy name and a description of the policy.
  4. Click Copy.

Activate a Policy on vSmart Controllers

  1. In the Policy tab, select a policy from the policy table.
  2. Click the More Actions icon to the right of the column and click Activate.
  3. In the Activate Policy window, click Activate to push the policy to all vSmart controllers in the network.
  4. Click OK to confirm activation of the policy on all vSmart controllers.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. configuration 17.1