Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Policy Lists Overview

    You create a policy rule by specifying a policy action within a classifier group that references a CLACL. These rules become part of a policy list that you can attach to an interface as either an input policy, secondary-input policy, or output policy. The router applies the rules in the attached policy list to the packets traversing that interface.

    You can apply policy lists to packets:

    • Arriving at an interface (input policy); on IP and IPv6 interfaces the packets arrive before route lookup
    • Arriving at the interface, but after route lookup (secondary input policy); secondary input policies are supported only on IP and IPv6 interfaces
    • Leaving an interface (output policy)

    Figure 1 shows how a sample IP policy list is constructed.

    Figure 1: Constructing an IP Policy List

    Constructing an IP Policy List

    You can create a policy list with an unlimited number of classifier groups, each containing an unlimited number of rules. These rules can reference up to 512 classifier entries.

    If you enter a policy-list command and then enter exit, the router creates a policy list with no rules. If the router does not find any rules in a policy, it inserts a default filter rule. Attaching this policy list to an interface filters all packets on that interface.

    Note: If you do not specify one of the frame-relay, gre-tunnel, ip, ipv6, l2tp, mpls, or vlan keywords, the router creates an IP policy list. This version of the command has been deprecated and may be removed in a future release.

    You can create policy lists for ATM, Frame Relay, IP, IPv6, GRE tunnels, L2TP, MPLS, and VLANs.

    Note: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode.

    Published: 2014-08-14