Policy

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
policy	Class	`[policy]`	No

policy (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory	Default Value
class_maps	List	`[class_maps]`	No
policy_maps	List	`[policy_maps]`	No

class_maps (iosxe.devices.configuration.policy)

Name	Type	Constraint	Mandatory
name	String		Yes
type	Choice	`control`, `subscriber`	No
subscriber	Boolean	`true`, `false`	No
prematch	Choice	`match-all`	No
match_authorization_status_authorized	Boolean	`true`, `false`	No
match_result_type_aaa_timeout	Boolean	`true`, `false`	No
match_authorization_status_unauthorized	Boolean	`true`, `false`	No
match_activated_service_templates	List	String	No
match_authorizing_method_priority_greater_than	Integer		No
match_method_dot1x	Boolean	`true`, `false`	No
match_result_type_method_dot1x_authoritative	Boolean	`true`, `false`	No
match_result_type_method_dot1x_agent_not_found	Boolean	`true`, `false`	No
match_result_type_method_dot1x_method_timeout	Boolean	`true`, `false`	No
match_method_mab	Boolean	`true`, `false`	No
match_result_type_method_mab_authoritative	Boolean	`true`, `false`	No
match_dscp	Integer		No
description	String		No

policy_maps (iosxe.devices.configuration.policy)

Name	Type	Constraint	Mandatory
name	String		Yes
type	Choice	`access-control`, `appnav`, `control`, `epbr`, `inspect`, `packet-service`, `performance-monitor`, `queueing`, `service`, `service-chain`, `umbrella`	No
subscriber	Boolean	`true`, `false`	No
description	String		No
classes	List	`[classes]`	No
events	List	`[events]`	No

classes (iosxe.devices.configuration.policy.policy_maps)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
actions	List	`[actions]`	No

events (iosxe.devices.configuration.policy.policy_maps)

Name	Type	Constraint	Mandatory
name	String		Yes
event_type	Choice	`aaa-available`, `absolute-timeout`, `agent-found`, `authentication-failure`, `authentication-success`, `authorization-failure`, `authorization-success`, `identity-update`, `inactivity-timeout`, `remote-authentication-failure`, `remote-authentication-success`, `remote-update`, `session-disconnected`, `session-started`, `tag-added`, `tag-removed`, `template-activated`, `template-activation-failed`, `template-deactivated`, `template-deactivation-failed`, `timer-expiry`, `violation`	No
match_type	Choice	`match-all`, `match-first`	No
class_numbers	List	`[class_numbers]`	No
action_numbers	List	`[action_numbers]`	No

actions (iosxe.devices.configuration.policy.policy_maps.classes)

Name	Type	Constraint	Mandatory
type	Choice	`bandwidth`, `compression`, `dbl`, `drop`, `estimate`, `fair-queue`, `forward`, `netflow-sampler`, `police`, `priority`, `queue-buffers`, `queue-limit`, `random-detect`, `service-policy`, `set`, `shape`, `trust`	No
bandwidth_bits	Integer	min: `1`, max: `100000000`	No
bandwidth_percent	Integer	min: `1`, max: `100`	No
bandwidth_remaining_option	Choice	`percent`, `ratio`	No
bandwidth_remaining_percent	Integer	min: `1`, max: `100`	No
bandwidth_remaining_ratio	Integer	min: `1`, max: `65536`	No
priority_level	Integer	min: `1`, max: `2`	No
priority_burst	Integer	min: `32`, max: `2000000`	No
queue_limit	Integer	min: `1`, max: `64000000`	No
queue_limit_type	Any	`bytes`, `ms`, `packets`, `us`	No
shape_average_bit_rate	Integer	min: `8000`, max: `100000000000`	No
shape_average_bits_per_interval_sustained	Integer	min: `256`, max: `154400000`	No
shape_average_bits_per_interval_excess	Integer	min: `0`, max: `154400000`	No
shape_average_percent	Integer	min: `0`, max: `100`	No
shape_average_burst_size_sustained	Integer	min: `10`, max: `2000`	No
shape_average_ms	Boolean	`true`, `false`	No

class_numbers (iosxe.devices.configuration.policy.policy_maps.events)

Name	Type	Constraint	Mandatory
number	Integer	min: `1`, max: `254`	Yes
class	String		Yes
execution_type	Choice	`do-all`, `do-until-failure`, `do-until-success`	No

action_numbers (iosxe.devices.configuration.policy.policy_maps.events)

Name	Type	Constraint	Mandatory
number	Integer	min: `1`, max: `254`	Yes
pause_reauthentication	Boolean	`true`, `false`	No
authorize	Boolean	`true`, `false`	No
terminate_config	Any	Choice[`dot1x`, `mab`, `webauth`] or String[Regex: `^.[\$\%]\{.$`] or String[Regex: `^.[\$\%]\{.$`]	No
activate_service_template_config_service_template	String		No
activate_service_template_config_aaa_list	String		No
activate_service_template_config_precedence	Integer	min: `1`, max: `254`	No
activate_service_template_config_replace_all	Boolean	`true`, `false`	No
activate_interface_template	String		No
activate_policy_type_control_subscriber	String		No
deactivate_interface_template	String		No
deactivate_service_template	String		No
deactivate_policy_type_control_subscriber	String		No
authenticate_using_method	Choice	`dot1x`, `mab`, `webauth`	No
authenticate_using_retries	Integer	min: `1`, max: `5`	No
authenticate_using_retry_time	Integer	min: `0`, max: `65535`	No
authenticate_using_priority	Integer	min: `1`, max: `254`	No
authenticate_using_aaa_authc_list	String		No
authenticate_using_aaa_authz_list	String		No
authenticate_using_both	Boolean	`true`, `false`	No
authenticate_using_parameter_map	String		No
replace	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No
clear_session	Boolean	`true`, `false`	No
clear_authenticated_data_hosts_on_port	Boolean	`true`, `false`	No
protect	Boolean	`true`, `false`	No
err_disable	Boolean	`true`, `false`	No
resume_reauthentication	Boolean	`true`, `false`	No
authentication_restart	Integer	min: `1`, max: `65535`	No
set_domain	Choice	`data`, `switch`, `voice`	No
unauthorize	Boolean	`true`, `false`	No
notify	Boolean	`true`, `false`	No
set_timer_name	String		No
set_timer_value	Integer	min: `0`, max: `65535`	No
map_attribute_to_service_table	String		No

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        policy: