Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
1
Helpful
3
Replies

Looking for some clarity on the SD-WAN Centralized Policies

Go to solution
m1xed0s
Spotlight
Spotlight

‎11-18-2021 08:19 AM - edited ‎11-18-2021 09:29 AM

First, according to several of Cisco documents (v19.x and v20.x), some state "You can only activate ONE centrailized policy" while others state "you can have one control-policy and one data-policy activated (e.g. one inbound; one outbound"... So which is true considering the latest version of firmware for a mixed of vEdge and cEdge environment?

 

Second, when finialize a centralized policy, depends on the content within (DATA, CONTROL/TOPOLOGY or AAR), the vManage would ask for selecting the direction the policy is applied to for vSmart (inbound or outbound; From Service or From Tunnel). I think I mostly have been using just the outbound or From Service so far...But is there a general rule of thumb or best practice regards?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎11-20-2021 10:06 AM

Hi,

You can only activate ONE centrailized policy

this means that you can have only and only one active central policy that is activated and config is pushed to vSmart(s) to further processing policy.

 

you can have one control-policy and one data-policy activated (e.g. one inbound; one outbound

this means that within activated centralized policy you may per per policy (control or data or both) per site per direction.

When data policy used, direction can be from service to tunnel or from tunnel to server (with respect to router).

When control policy used, direction can be inbound or outbound (with respect to vsmart).

Note that, one central policy can have multiple data and control policy, if different data/control policy applied to different site list.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

3 Replies 3

Go to solution
m1xed0s
Spotlight
Spotlight

‎11-18-2021 09:49 AM

I ran a quick test in lab: it does seem like you would only be able to activate ONE centralized policy at a time. I created two central policies: one just with AAR (or just Topology) and one just for DIA (Guest NAT). When I activate one, the other would be deactivated automatically...

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎11-20-2021 10:06 AM

Hi,

You can only activate ONE centrailized policy

this means that you can have only and only one active central policy that is activated and config is pushed to vSmart(s) to further processing policy.

 

you can have one control-policy and one data-policy activated (e.g. one inbound; one outbound

this means that within activated centralized policy you may per per policy (control or data or both) per site per direction.

When data policy used, direction can be from service to tunnel or from tunnel to server (with respect to router).

When control policy used, direction can be inbound or outbound (with respect to vsmart).

Note that, one central policy can have multiple data and control policy, if different data/control policy applied to different site list.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
m1xed0s
Spotlight
Spotlight
In response to Kanan Huseynli

‎11-20-2021 02:51 PM

Thanks for the information.

0 Helpful
Customers Also Viewed These Support Documents