Re: Sdwan

MohandevTiwari · ‎01-16-2024

Hello Team

I want to allow only single system ip / bfd session and block all other. How to configure this via cli mode in sdwan

balaji.bandi · ‎01-16-2024

Most of the time once register with vManage we manage with Template - that is the reason Sd-WAN easy to manage (since moved from cli to template)

check command reference and ACL can help you :

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/sdwan-cr-book/config-cmd.html

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎01-16-2024

Config policy

Match tloc <<- the tloc you want to allow

Action accpet

Match tloc

Action reject

MHM

Kanan Huseynli · ‎01-17-2024

Hi,

use centralized policy > topology:

Sequence type TLOC:

sequence 10:
match: site-list = [respective_site where remote device exists]
action: accept

sequence 20:
match: [leave empty which means ALL]
action: reject

Sequence type Route:

sequence 10:
match: site-list = [respective_site where remote device exists]
action: accept

and apply this policy the the site in "OUT" direction. Remember that, if you don't do last step then all OMP routes will be discarded due to default action being "reject". Either you need explicit rule for OMP routes or you need to change default action to be "accept".

You need such config per site, if you have multiple sites.

Note: sequence numbers 10,20 just represented for easy understanding, the purpose here to do in proper sequence (first to last).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.