Sdwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2024 11:43 AM
Hello Team
I want to allow only single system ip / bfd session and block all other. How to configure this via cli mode in sdwan
- Labels:
-
Other SD-WAN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2024 12:54 PM
Most of the time once register with vManage we manage with Template - that is the reason Sd-WAN easy to manage (since moved from cli to template)
check command reference and ACL can help you :
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/sdwan-cr-book/config-cmd.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2024 12:58 PM
Config policy
Match tloc <<- the tloc you want to allow
Action accpet
Match tloc
Action reject
MHM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2024 02:09 PM
Hi,
use centralized policy > topology:
Sequence type TLOC:
sequence 10:
match: site-list = [respective_site where remote device exists]
action: accept
sequence 20:
match: [leave empty which means ALL]
action: reject
Sequence type Route:
sequence 10:
match: site-list = [respective_site where remote device exists]
action: accept
and apply this policy the the site in "OUT" direction. Remember that, if you don't do last step then all OMP routes will be discarded due to default action being "reject". Either you need explicit rule for OMP routes or you need to change default action to be "accept".
You need such config per site, if you have multiple sites.
Note: sequence numbers 10,20 just represented for easy understanding, the purpose here to do in proper sequence (first to last).
Please rate and mark as an accepted solution if you have found any of the information provided useful.
