Applying Policy Lists to Interfaces and Profiles Overview

You can assign a policy list to supported interfaces and profiles. Policy lists are supported on Frame Relay, IP, IPv6, GRE tunnel, MPLS layer 2, and VLAN interfaces. You can also specify IP, IPv6, and L2TP policies in profiles to assign a policy list to an interface. In either case, you can enable or disable the recording of statistics for bytes and packets affected by the assigned policy.

You can also preserve statistics when you attach a new policy that has a classifier list that is the same for both the original and the new policy attachments.

You can use policy commands to assign an ATM, Frame Relay, GRE tunnel, IP, IPv6, MPLS, or VLAN policy list to an interface. Also, you can use them to specify an IP, IPv6, or L2TP policy list to a profile, which then assigns the policy to the interfaces to which the profile is attached

Note:

  • The mpls policy command is used to attach policies to MPLS Layer 2 circuits only.
  • The SRP module Fast Ethernet port does not support policy attachments, nor can the module be the destination for the forward next-hop, forward next-interface, next-hop, and next-interface commands

Note: Some of the VLAN subinterfaces on a line module that are in the dormant state are deleted even before the maximum number of VLAN subinterfaces supported on the line module is reached. Such a deletion of VLAN subinterfaces in the dormant state enables input and output policy attachments to the other VLAN subinterfaces that are in the active state to occur successfully. For example, a number of subscribers might be disconnected from VLAN subinterfaces and after the maximum number of supported VLAN subinterfaces is exceeded on a line module, a certain number of clients might be logged in again. In such cases, the deletion of some of the dormant VLAN subinterfaces enables successful attachment of input and output policies to the VLAN subinterfaces for the subscribers that newly logged in.

The Ethernet application on the interface controller starts a timer for 8 milliseconds and deletes the dormant VLAN subinterfaces within this period. The number of dormant Ethernet VLAN subinterfaces that are deleted varies depending on the processor load of the line module.

Use the input or output keyword to assign the policy list to the ingress or egress of the interface. For ATM, IP, and IPv6 policy lists, use the secondary-input keyword to assign the policy list, after route lookup, to data destined for local or remote destinations. For IP and IPv6 policy lists, use the secondary-input keyword to assign the policy list, after route lookup, to data destined to local or remote destinations. The router supports secondary input policies whose principal applications are:

Note: The local-input keyword for the ip policy and ipv6 policy commands is deprecated, and may be completely removed in a future release. We recommend you remove the keyword from scripts. Re-create any local input policies using the ip classifier-list local true command and attaching the policies using the ip policy secondary-input command.

You can enable or disable the recording of routing statistics for bytes and packets affected by the policy. If you enable statistics, you can enable or disable baselining of the statistics. The router implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved. You must also enable baselining on the interface with the appropriate baseline command.

Note: The gre-tunnel policy command does not support the baseline keyword.

You can use the preserve keyword to save the existing statistics when you attach a policy to an interface that already has a policy attached. This keyword saves the statistics for any classifier-list that is the same for both the new and old policy attachments. Without the preserve keyword, all statistics are deleted when you attach the new policy.

For example, when you replace a policy attachment that references the original policy-list plOne with a new attachment referencing policy-list plTwo, the existing statistics for the classifier group referencing clOne and the default classifier group are saved.

Table 5: Replacement of Attached Policy

Original Policy Attachment

New Policy Attachment

Comment

ip policy-list plOne

ip policy-list plTwo

-

ip classifier-list clOne

ip classifier-list clOne

statistics from plOne are saved

Forward

Forward

-

ip classifier-list clTwo

ip classifier-list clFour

-

Forward

Forward

-

ip classifier-list clThree

ip classifier-list clFive

-

Forward

Forward

-

classifier-list *

classifier-list *

statistics from plOne are saved

Filter

Filter

-

You can use the merge keyword to enable merging of multiple policies to form a single policy.

host1(config)#vlan policy input VlanPolicy33 statistics enabled preserve
host1(config)#ipv6 policy secondary-input my-policy

To assign the policy list named routeForXYZCorp with statistics enabled to the ingress IP interface over an ATM subinterface:

host1(config)#interface atm 12/0.1 host1(config)#ip policy input routeForXYZCorp statistics enabled

To create an L2TP profile that applies the policy list routeForABCCorp to the egress of an interface:

host1(config)#profile bostonProfile host1(config)#l2tp policy output routeForABCCorp

Related Documentation