Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
7
Replies

SD-WAN force specific traffic through an interface

dbogdan
Level 1
Level 1

‎09-11-2023 10:48 AM

Hello, 

 

I have an SD-WAN setup where at one of our sites, we have a 500mbps (color green) and a 200mbps(color blue) circuit to the internet.  We are currently doing some migrations from one site to another.  I am attempting to create a policy that contains a list of source addresses that will go specifically to the color green.  It doesn't not appear to be working.  I have even attempted to use restrict on the policy entry.  this is the acl I wrote that doesn't seem to be working.  The field "Priority_Transfer" contains 5 or 6 IP addresses.

 

sequence 241
match
source-data-prefix-list Priority_Transfer
!
action accept
set
local-tloc-list
color green
restrict
!
forwarding-class Control

Labels:
0 Helpful
7 Replies 7

Kanan Huseynli
VIP
VIP

‎09-11-2023 12:27 PM

Hi,

is it centralized data policy? Can you verify policy is received as-is (show sdwan policy from-vsmart) Most probably you also have NAT on internet - transport interfaces, can you share their configuration?

How do you check that it does not work?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

dbogdan
Level 1
Level 1
In response to Kanan Huseynli

‎09-11-2023 01:14 PM

Yes it is a centralized policy and I can see it on the vSmart device. It is also on the router itself after executing the command "show sdwan policy from-vsmart"

 

I also created another rule using the same prefix list as the destination.

Do you think this rule should work?   We are just looking at the bandwidth in vmanage.

0 Helpful

Kanan Huseynli
VIP
VIP
In response to dbogdan

‎09-12-2023 01:56 PM

What section exactly you check for bandwidnth?

You can use new tool NWPI to see what actually happens when traffic passes the device.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

dbogdan
Level 1
Level 1
In response to Kanan Huseynli

‎09-13-2023 12:16 PM

we're on 17.5.  this doesn't work for us.

0 Helpful

dijix1990
VIP
VIP
In response to dbogdan

‎09-16-2023 10:46 AM

Do you use packet duplication? Can you share all policy that edge gets from vSmart? I use the same policy for nat-dia, force traffic only to the lte color with restrict and it works on 17.9.3(I have three colors).

0 Helpful

dbogdan
Level 1
Level 1

‎09-15-2023 05:37 AM - edited ‎09-15-2023 05:38 AM

still looking for an answer here.  I opened a SR with Cisco and they, as usual never, respond to a sev 3 request. I always get some person at the end of the day take the SR, then never respond from there.  Very frustrating.  I'm always wondering why we pay for support if we can't get support. 

 I guess I'll need to bump it up to a sev 2.  

0 Helpful

Kanan Huseynli
VIP
VIP

‎09-19-2023 03:51 PM

Hi,

can you share the entire router config and show sdwan policy from vsmart?

And if you will have time we can do webex session.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents