The automatic registration of mandatory policies is only for policies included with the image, i.e. only system policies can be mandatory policies.
The functionality was primarily included for the automatic registration of policies for platform specific or platform independant EEM policies. Automatic registration of non-system policies would be considered a security risk because it would allow someone to find some way to place a file into the location where EEM scripts are allowed (and with remote EEM policies in EEM 4.0 this could be even easier) and either wait for the box to restart or utilize some known vulnerability to cause the box to restart to get the policy to register. In other words the policy could be registered without entering config mode and changing the config. With the way mandatory policies work, it won't show up in the config at all. Therefor, we have isolated mandatory policies to system policies only.
Users can override mandatory policies to include additional options if needed or to change them in some way but at that point the config has to be changed to make that change and the policy is no longer a mandatory system policy, it becomes a user policy and shows up in the config.
Cisco SD-WAN Cloud OnRamp allows you to simplify and secure connectivity to cloud applications and public clouds. Interested in testing out the latest Cisco Cloud OnRamp solutions?
Sign up to try out various use cases with the Cisco SD-WAN Cloud ...
Please use the new link http://cs.co/CoR-Trial for Demo and updated guides.
Cisco SD-WAN Cloud OnRamp allows you to simplify and secure connectivity to cloud applications and public clouds. Interested in testing out the latest ...
“Catalyst 8500 Series - Deep Dive”
This event will have place on Tuesday 17th, November 2020 at 10hrs PDT
The Catalyst 8500 Series Edge Platforms are built with the highly programmable, third-generation Cisco Quantum Flow Processor and designed for ...
“Catalyst 8000 Edge Platforms Family Overview”
This event will have place on Wednesday 4th, November 2020 at 10hrs PDT
Designed for an intent-based networks, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security ...
I'm currently redistributing OSPF to BGP and setting a local pref on the routes. Currently this works fine and having no issues. ip prefix-list ospf-routes seq 10 permit 172.16.100.0/24
route-map ospf-bgp permit 10
match ip address prefix-list ...