Policy configuration provides comprehensive traffic classification and action enforcement through class-maps and policy-maps that define how network traffic should be identified, prioritized, and processed based on various criteria including DSCP markings, protocols, and authentication states. It supports both Quality of Service (QoS) policies for bandwidth management, prioritization, and queuing, as well as control policies for network access control that define actions to take based on authentication events and user authorization status. Policy framework enables fine-grained traffic engineering, security enforcement, and service differentiation by combining flexible matching criteria with configurable actions such as rate limiting, priority queuing, and service template activation.
Choice[dot1x, mab, webauth] or String[Regex: ^.*[\$\%]\{.*$] or String[Regex: ^.*[\$\%]\{.*$]
No
activate_service_template_config_service_template
String
No
activate_service_template_config_aaa_list
String
No
activate_service_template_config_precedence
Integer
min: 1, max: 254
No
activate_service_template_config_replace_all
Boolean
true, false
No
activate_interface_template
String
No
activate_policy_type_control_subscriber
String
No
deactivate_interface_template
String
No
deactivate_service_template
String
No
deactivate_policy_type_control_subscriber
String
No
authenticate_using_method
Choice
dot1x, mab, webauth
No
authenticate_using_retries
Integer
min: 1, max: 5
No
authenticate_using_retry_time
Integer
min: 0, max: 65535
No
authenticate_using_priority
Integer
min: 1, max: 254
No
authenticate_using_aaa_authc_list
String
No
authenticate_using_aaa_authz_list
String
No
authenticate_using_both
Boolean
true, false
No
authenticate_using_parameter_map
String
No
replace
Boolean
true, false
No
restrict
Boolean
true, false
No
clear_session
Boolean
true, false
No
clear_authenticated_data_hosts_on_port
Boolean
true, false
No
protect
Boolean
true, false
No
err_disable
Boolean
true, false
No
resume_reauthentication
Boolean
true, false
No
authentication_restart
Integer
min: 1, max: 65535
No
set_domain
Choice
data, switch, voice
No
unauthorize
Boolean
true, false
No
notify
Boolean
true, false
No
set_timer_name
String
No
set_timer_value
Integer
min: 0, max: 65535
No
map_attribute_to_service_table
String
No
Examples
Example 1: The example below shows basic qos class-map and policy-map configuration and include basic attributes such as matching dscp values and assigning bandwidth percentage.
iosxe:
devices:
- name: Device1
configuration:
policy:
class_maps:
- name: VOICE-CLASS
prematch: match-all
description: Voice traffic classification
match:
dscp: [46]
- name: VIDEO-CLASS
prematch: match-all
description: Video traffic classification
match:
dscp: [34, 36, 38]
- name: CONTROL-CLASS
type: control
subscriber: true
match:
authorization_status_authorized: true
method_dot1x: true
result_type_method_dot1x_authoritative: true
policy_maps:
- name: WAN-QOS-POLICY
description: WAN QoS policy with voice and video prioritization