Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configure Localized Policy

You configure localized policy with a configuration wizard. The wizard is a UI policy builder that consists of five screens to configure and modify the following localized policy components:

  • Groups of interest, also called lists
  • Forwarding classes to use for QoS
  • Access control lists (ACLs)
  • Route policies
  • Policy settings

You configure some or all these components depending on the specific policy you are creating. To skip a component, click the Next button at the bottom of the screen. To return to a component, click the Back button at the bottom of the screen.

You apply localized policies to specific vEdge router interfaces. You associate a localized policy with an interface in the VPN Interface Bridge, VPN Interface Ethernet, VPN Interface GRE, VPN Interface PPP, or VPN Interface PPP Ethernet feature configuration template.

For more information about the localized policy components, see Configuring Localized Data Policy for IPv4 and Configuring Localized Data Policy for IPv6.

Step 1: Start the Policy Configuration Wizard

To start the policy configuration wizard:

  1. In vManage NMS, select the Configure ► Policies screen.
  2. Select the Localized Policy tab.
  3. Click Add Policy.

The policy configuration wizard opens, and the Create Groups of Interest screen displays.

Step 2: Configure Groups of Interest

In the Create Groups of Interest screen, create lists to use in localized policy:

G00461.png

  1. In the left pane, select the type of list to use with the localized policy. It can be one of the following:
  • AS Path
  • Community
  • Data Prefix
  • Extended Community
  • Mirror
  • Policer
  • Prefix
  1. In the right pane, click the New button. The New List portion of the screen opens. For example:

    G00462.png
  2. Enter a name for the list, and enter or select the components to include in the list. For information entering AS path, community and extended community, and data prefix and prefix values, see Configuring Localized Control Policy. For information about entering mirroring and policer parameters, see Configuring Localized Data Policy for IPv4.
  3. Click Add to create the new list.
  4. Repeat Steps 1 through 4 to create additional lists.
  5. To edit, copy, or delete an existing list, click the Edit, Copy, or Trash Bin icon in the Action column.
  6. Click Next to move to Configure Forwarding Classes/QoS in the wizard. When you first open this screen, the QoS tab is selected by default.

Step 3: Configure Forwarding Classes for QoS

When you first open the Forwarding Classes/QoS screen, the QoS tab is selected by default:

G00463.png

To configure forwarding classes for use by QoS:

  1. To create a new QoS mapping:
    1. In the QoS tab, click the Add QoS drop-down.
    2. Select Create New.
    3. Enter a name and description for the QoS mapping.
    4. Click Add Queue. The Add Queue popup displays:

      G00464.png
    5. Select the queue number from the Queue drop-down.
    6. Select the maximum bandwidth and buffer percentages, and the scheduling and drop types. Enter the forwarding class.
    7. Click Save.
  2. To import an existing QoS mapping:
    1. In the QoS tab, click the Add QoS drop-down.
    2. Select Import Existing.
    3. Select a QoS mapping.
    4. Click Import.
  3. To view or copy a QoS mapping or to remove the mapping from the localized policy, click the More Actions icon to the right of the row, and select the desired action.
  4. To configure policy rewrite rules for the QoS mapping:
    1. In the QoS tab, click the Add Rewrite Policy drop-down..
    2. Select Create New.
    3. Enter a name and description for the rewrite rule.
    4. Click Add Rewrite Rule. The Add Rule popup displays.
    5. Select a class from the Class drop-down.
    6. Select the priority (Low or High) from the Priority drop-down.
    7. Enter the DSCP value (0 through 63) in the DSCP field.
    8. Enter the class of service (CoS) value (0 through 7) in the Layer 2 Class of Service field to include an 802.1p marking in the packet.
    9. Click Save.
  5. To import an existing rewrite rule:
    1. In the QoS tab, click the Add Rewrite Policy drop-down..
    2. Select Import Existing.
    3. Select a rewrite rule.
    4. Click Import.
  6. Click Next to move to Configure Access Lists in the wizard.

Step 4: Configure ACLs

In the Configure Access Control Lists screen, configure ACLs:

G00465.png

  1. To create a new IPv4 ACL, click the Add Access Control List Policy drop-down. Then select Add IPv4 ACL Policy:

    G00466.png
  2. To create a new IPv6 ACL, click the Add Access Control List Policy drop-down. Then select Add IPv6 ACL Policy.
  3. Enter a name and description for the ACL.
  4. In the left pane, click Add ACL Sequence. An Access Control List box is displayed in the left pane.
  5. Double-click the Access Control List box, and type a name for the ACL.
  6. In the right pane, click Add Sequence Rule to create a single sequence in the ACL. The Match tab is selected by default.
  7. Click a match condition.
  8. On the left, enter the values for the match condition.
  9. On the right enter the action or actions to take if the policy matches.
  10. Repeat Steps 6 through 8 to add match–action pairs to the ACL.
  11. To rearrange match–action pairs in the ACL, in the right pane drag them to the desired position.
  12. To remove a match–action pair from the ACL, click the X in the upper right of the condition.
  13. Click Save Match and Actions to save a sequence rule.
  14. To rearrange sequence rules in an ACL, in the left pane drag the rules to the desired position.
  15. To copy, delete, or rename an ACL sequence rule, in the left pane, click More Options next to the rule's name and select the desired option.
  16. If no packets match any of the ACL sequence rules, the default action is to drop the packets. To change the default action:
    1. Click Default Action in the left pane.
    2. Click the Pencil icon.
    3. Change the default action to Accept.
    4. Click Save Match and Actions.
  17. Click Next to move to Configure Route Policy in the wizard.

Step 5: Configure Route Policies

In Configure Route Policy, configure route policies:

G00467.png

  1. In the Add Route Policy tab, select Create New.
  2. Enter a name and description for the route policy.
  3. In the left pane, click Add Sequence Type. A Route box is displayed in the left pane.
  4. Double-click the Route box, and type a name for the route policy.
  5. In the right pane, click Add Sequence Rule to create a single sequence in the policy. The Match tab is selected by default.
  6. Click a match condition.
  7. On the left, enter the values for the match condition.  You can select the modifiers OR, AND, or EXACT to focus the scope of a rule. OR applies to multiple community lists and is valid for all platforms; AND and EXACT apply to only one community list at a time and are not valid for vEdge devices.
  8. On the right enter the action or actions to take if the policy matches.
  9. Repeat Steps 6 through 8 to add match–action pairs to the route policy.
  10. To rearrange match–action pairs in the route policy, in the right pane drag them to the desired position.
  11. To remove a match–action pair from the route policy, click the X in the upper right of the condition.
  12. Click Save Match and Actions to save a sequence rule.
  13. To rearrange sequence rules in an route policy, in the left pane drag the rules to the desired position.
  14. To copy, delete, or rename an route policy sequence rule, in the left pane, click More Options next to the rule's name and select the desired option.
  15. If no packets match any of the route policy sequence rules, the default action is to drop the packets. To change the default action:
    1. Click Default Action in the left pane.
    2. Click the Pencil icon.
    3. Change the default action to Accept.
    4. Click Save Match and Actions.
  16. Click Next to move to Policy Overview in the wizard.

Step 6: Configure Policy Settings

In Policy Overview, configure policy settings:

G00468.png

  1. Enter a name and description for the route policy.
  2. To enable cflowd visibility so that a vEdge router can perform traffic flow monitoring on traffic coming to the router from the LAN, click Netflow.
  3. To enable application visibility so that a vEdge router can monitor and track the applications running on the LAN, click Application.
  4. To enable QoS scheduling and shaping for traffic that a vEdge Cloud router receives from transport-side interfaces, click Cloud QoS.
  5. To enable QoS scheduling and shaping for traffic that a vEdge Cloud router receives from service-side interfaces, click Cloud QoS Service Side.
  6. To log the headers of all packets that are dropped because they do not match a service configured by an Allow Service parameter on a tunnel interface, click Implicit ACL Logging.
  7. To configure how often packets flows are logged, click Log Frequency. Packet flows are those that match an access list (ACL), a cflowd flow, or an application-aware routing flow.
  8. Click Preview to view the full policy in CLI format.
  9. Click Save Policy.
  • Was this article helpful?