Skip to main content

IPv4 Device Access Policy Definition

The control plane of Cisco WAN Edge devices process the data traffic for local services like, SSH and SNMP, from a set of sources. It is important to protect the CPU from device access traffic by applying the filter to avoid malicious traffic.

Access policies define the rules that traffic must meet to pass through an interface.

Diagram

Classes

definitions (sdwan.localized_policies)

NameTypeConstraintMandatoryDefault Value
ipv6_device_access_policiesList[ipv6_device_access_policies]No

ipv6_device_access_policies (sdwan.localized_policies.definitions)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[A-Za-z0-9-_]{1,128}$Yes
descriptionStringYes
default_actionChoiceaccept, dropYes
sequencesList[sequences]No

sequences (sdwan.localized_policies.definitions.ipv6_device_access_policies)

NameTypeConstraintMandatoryDefault Value
idIntegermin: 1, max: 65534Yes
nameStringNo
base_actionChoiceaccept, dropYes
match_criteriasClass[match_criterias]Yes
counter_nameStringmin: 1, max: 20No

match_criterias (sdwan.localized_policies.definitions.ipv6_device_access_policies.sequences)

NameTypeConstraintMandatoryDefault Value
destination_data_prefix_listStringRegex: ^[A-Za-z0-9-_]{1,128}$No
destination_ip_prefixIPNo
destination_portChoice22, 161Yes
source_data_prefix_listStringRegex: ^[A-Za-z0-9-_]{1,128}$No
source_ip_prefixIPNo
source_portsListInteger[min: 0, max: 65535]No

Examples

sdwan:
  localized_policies:
    definitions:
      ipv6_device_access_policies:
        - name: ACL-DEVICEACCESSPOLICY-01
          description: "SSH and SNMP access control"
          default_action: drop
          sequences:
            - id: 10
              base_action: accept
              match_criterias:
                source_ports:
                  - 1000
                  - 2001
                destination_data_prefix_list: SNMP-SERVERS
                destination_port: 161
              counter_name: SEQ10-SNMP