JUNOSe 9.1.x Command Reference Guide A to M > I Commands > ip policy

ip policy

Description: 

Assigns a policy list to the ingress or egress of an interface.

For standard policy lists, specify the input or output keyword to assign the policy list to the ingress or egress of the interface. If you enter the ip policy command and the policy list does not exist, the router inserts a default filter rule. Attaching this policy list to an interface filters all packets on that interface.

For secure policy lists, which are used for packet mirroring, use the secure-input or secure-output keyword to assign the packet mirroring policy list to the ingress or egress side of the interface. If you use the ip policy command and the secure policy list does not exist, the router creates a secure policy list with a default mirror rule that disables mirroring. Attaching this policy list to an interface results in no packet mirroring.

In Profile Configuration mode, assigns the policy list to a profile, which then assigns the policy to an interface.

In Interface Configuration mode, the no version removes the association between a policy list and an interface. In Profile Configuration mode, the no version removes policy reference from the profile.

Syntax: 

For standard policy lists in Interface Configuration mode:

ip policy { input | output } policyName
[ statistics { enabled [ baseline { enabled | disabled } ] [ preserve | merge ] |
disabled [ merge ] } | merge ]

no ip policy { input | output | secondary-input } [ policyName ]

For secure policy lists in Interface Configuration mode:

ip policy { secure-input | secure-output } policyName
[ statistics { enabled [ baseline baselineValue ] [ preserve ] | disabled } ]

no ip policy { secure-input | secure-output }

For policy lists in Profile Configuration mode:

ip policy { input | output } policyName
[ statistics { enabled | disabled } ] [ merge ]

no ip policy { input | output | secondary-input } [ policyName ]

• input—Applies policy to data arriving at this interface before a route lookup
• output—Applies policy to data leaving this interface
• secondary-input—Applies policy to data that arrives at this interface after a route lookup
• secure-input—Applies secure policy to data arriving at this interface
• secure-output—Applies secure policy to data leaving this interface

 NOTE: The ip policy command used with the secure-input and secure-output keywords provides packet mirroring support. These keywords are available in Interface Configuration mode and do not support the statistics-related keywords. The ip policy command used with these keywords replaces the ip mirror command, which has been deprecated.



 

• policyName—Name of the policy; a maximum of 40 characters
• statistics—Enables or disables collection of policy routing statistics

• enabled—Enables collection of policy routing statistics
• baseline enabled—Enables baselining of policy routing statistics (Interface Configuration mode only)
• baseline disabled—Disables baselining of policy routing statistics (Interface Configuration mode only)
• preserve—Preserves existing statistics for any classifier list that is the same for both the new and old policy attachments when you attach a new policy to an interface
• disabled—Disable collection of policy routing statistics

• merge—Enables merging of multiple policies to form a single policy

 NOTE: The local-input keyword for the ip policy command is deprecated, and might be completely removed in a future release. We recommend that you remove the keyword from scripts. 



 

Mode(s): 

Interface Configuration, Profile Configuration

    Release Information    Command introduced before JUNOSe Release 7.1.0.
merge keyword added in JUNOSe Release 7.2.0.
Profile Configuration mode added in JUNOSe Release 7.2.0.

    Related Topics    

• Setting a Statistics Baseline for Policies
• Configuring CLI-Based Mirroring