09-11-2023 10:48 AM
Hello,
I have an SD-WAN setup where at one of our sites, we have a 500mbps (color green) and a 200mbps(color blue) circuit to the internet. We are currently doing some migrations from one site to another. I am attempting to create a policy that contains a list of source addresses that will go specifically to the color green. It doesn't not appear to be working. I have even attempted to use restrict on the policy entry. this is the acl I wrote that doesn't seem to be working. The field "Priority_Transfer" contains 5 or 6 IP addresses.
sequence 241
match
source-data-prefix-list Priority_Transfer
!
action accept
set
local-tloc-list
color green
restrict
!
forwarding-class Control
09-11-2023 12:27 PM
Hi,
is it centralized data policy? Can you verify policy is received as-is (show sdwan policy from-vsmart) Most probably you also have NAT on internet - transport interfaces, can you share their configuration?
How do you check that it does not work?
09-11-2023 01:14 PM
Yes it is a centralized policy and I can see it on the vSmart device. It is also on the router itself after executing the command "show sdwan policy from-vsmart"
I also created another rule using the same prefix list as the destination.
Do you think this rule should work? We are just looking at the bandwidth in vmanage.
09-12-2023 01:56 PM
What section exactly you check for bandwidnth?
You can use new tool NWPI to see what actually happens when traffic passes the device.
09-13-2023 12:16 PM
we're on 17.5. this doesn't work for us.
09-16-2023 10:46 AM
Do you use packet duplication? Can you share all policy that edge gets from vSmart? I use the same policy for nat-dia, force traffic only to the lte color with restrict and it works on 17.9.3(I have three colors).
09-15-2023 05:37 AM - edited 09-15-2023 05:38 AM
still looking for an answer here. I opened a SR with Cisco and they, as usual never, respond to a sev 3 request. I always get some person at the end of the day take the SR, then never respond from there. Very frustrating. I'm always wondering why we pay for support if we can't get support.
I guess I'll need to bump it up to a sev 2.
09-19-2023 03:51 PM
Hi,
can you share the entire router config and show sdwan policy from vsmart?
And if you will have time we can do webex session.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide