ip policy

Syntax

For standard policy lists in Interface Configuration mode:

ip policy { input | output | secondary-input } policyName
[ statistics { enabled [ baseline { enabled | disabled } ] [ preserve | merge ] |
disabled [ merge ] } | merge ]

no ip policy { input | output | secondary-input } [ policyName ]

For secure policy lists in Interface Configuration mode:

ip policy { secure-input | secure-output } policyName
[ statistics { enabled [ baseline baselineValue ] [ preserve ] | disabled } ]

no ip policy { secure-input | secure-output }

For policy lists in Profile Configuration mode:

ip policy { input | output | secondary-input } policyName
[ statistics { enabled | disabled } ] [ merge ]

no ip policy { input | output | secondary-input } [ policyName ]

Release Information

Command introduced before JunosE Release 7.1.0.
merge keyword added in JunosE Release 7.2.0.
Profile Configuration mode added in JunosE Release 7.2.0.

Description

Assigns a policy list to the ingress or egress of an interface.

For standard policy lists, specify the input or output keyword to assign the policy list to the ingress or egress of the interface. If you enter the ip policy command and the policy list does not exist, the router inserts a default filter rule. Attaching this policy list to an interface filters all packets on that interface.

For secure policy lists, which are used for packet mirroring, use the secure-input or secure-output keyword to assign the packet mirroring policy list to the ingress or egress side of the interface. If you use the ip policy command and the secure policy list does not exist, the router creates a secure policy list with a default mirror rule that disables mirroring. Attaching this policy list to an interface results in no packet mirroring.

In Profile Configuration mode, assigns the policy list to a profile, which then assigns the policy to an interface.

In Interface Configuration mode, the no version removes the association between a policy list and an interface. In Profile Configuration mode, the no version removes policy reference from the profile.

Options

• input—Applies policy to data arriving at this interface before a route lookup
• output—Applies policy to data leaving this interface
• secondary-input—Applies policy to data that arrives at this interface after a route lookup
• secure-input—Applies secure policy to data arriving at this interface
• secure-output—Applies secure policy to data leaving this interface

  Note: The ip policy command used with the secure-input and secure-output keywords provides packet mirroring support. These keywords are available in Interface Configuration mode and do not support the statistics-related keywords. The ip policy command used with these keywords replaces the ip mirror command, which has been deprecated.

• policyName—Name of the policy; a maximum of 40 characters
• statistics—Enables or disables collection of policy routing statistics
  • enabled—Enables collection of policy routing statistics
  • baseline enabled—Enables baselining of policy routing statistics (Interface Configuration mode only)
  • baseline disabled—Disables baselining of policy routing statistics (Interface Configuration mode only)
  • preserve—Preserves existing statistics for any classifier list that is the same for both the new and old policy attachments when you attach a new policy to an interface
  • disabled—Disable collection of policy routing statistics
• merge—Enables merging of multiple policies to form a single policy

  Note: The local-input keyword for the ip policy command is deprecated, and might be completely removed in a future release. We recommend that you remove the keyword from scripts.

Mode

Interface Configuration, Profile Configuration