Configure a Listener Policy

Perform this procedure to map an ACL to an ingress policy and an egress and define actions for a matching ACL.

About this task

Each listener policy can exist as multiple instances, which are differentiated by a user-specified, unique sequence ID. A listener policy maps an ACL of each type to an egress and defines the actions for the matching ACL.

Procedure

  1. Enter the Config mode.
    device(config)# 
  2. Configure the access list and actions.
    device(config)# ip access-list acl-name
  3. Create the listener policy, match the ACL, and include any action subcommands for the policy.
    device(config)# listener-policy lp-2
    device(config-listener-policy)# match ip access-list acl5-ipv4
    
    device(config-listener-policy)# strip-brtag
    device(config-listener-policy)# vlan vl-4085
    device(config-listener-policy)# description “ABCD”
  4. Configure an egress policy, and bind the listener policy, specifying any additional egress actions.
    device(config-egress)# egress e2
    device(config-egress)# set listener-policy lp-2
    device(config-egress)# precedence 1 interface ethernet 1/14
  5. Configure an egress group and associate it with the egress policy.
    device(config-egress-group)# egress-group eg_1
    device(config-egress-group)# description egress-group_1
    device(config-egress-group)# set egress e2
  6. Configure the route map, and set any other parameters, such as forwarding actions, match ip access list, and the egress-group.
    device(config-route-map)# route-map R1 10
    device(config-route-map)# forward-action permit
    device(config-route-map)# match ip access-list test_1
    device(config-route-map)# set egress-group eg_1
  7. Configure the interface port and channel for egress traffic.
    Note

    Note

    In the following example, traffic is leaving on slot/port number 2/14.
    interface ethernet 2/14
    speed 100000
    description To_Tool
    no shutdown
  8. Configure the interface port and channel for ingress traffic.
    Note

    Note

    In the following example, traffic is coming in on slot/port number 2/3.
    interface ethernet 2/3
    description From_TAP
    ingress-group TAP_TRAFFIC
    no shutdown
  9. Configure an ingress group and associate a route map.
    ingress-group TAP_TRAFFIC
    set route-map R1 10