The control plane of Cisco WAN Edge devices process the data traffic for local services like, SSH and SNMP, from a set of sources. It is important to protect the CPU from device access traffic by applying the filter to avoid malicious traffic.
Access policies define the rules that traffic must meet to pass through an interface.
Diagram Classes definitions (sdwan.localized_policies) Name Type Constraint Mandatory Default Value ipv6_device_access_policies List [ipv6_device_access_policies]
No
ipv6_device_access_policies (sdwan.localized_policies.definitions) Name Type Constraint Mandatory Default Value name String Regex: ^[A-Za-z0-9-_]{1,128}$
Yes description String Yes default_action Choice accept
, drop
Yes sequences List [sequences]
No
sequences (sdwan.localized_policies.definitions.ipv6_device_access_policies) Name Type Constraint Mandatory Default Value id Integer min: 1
, max: 65534
Yes name String No base_action Choice accept
, drop
Yes match_criterias Class [match_criterias]
Yes counter_name String min: 1
, max: 20
No
match_criterias (sdwan.localized_policies.definitions.ipv6_device_access_policies.sequences) Name Type Constraint Mandatory Default Value destination_data_prefix_list String Regex: ^[A-Za-z0-9-_]{1,128}$
No destination_ip_prefix IP No destination_port Choice 22
, 161
Yes source_data_prefix_list String Regex: ^[A-Za-z0-9-_]{1,128}$
No source_ip_prefix IP No source_ports List Integer[min: 0
, max: 65535
] No
Examples ipv6_device_access_policies :
- name : ACL-DEVICEACCESSPOLICY-01
description : " SSH and SNMP access control "
destination_data_prefix_list : SNMP-SERVERS