Configure a Listener Policy

Perform this procedure to map an ACL to an ingress policy and an egress and define actions for a matching ACL.

About this task

Each listener policy can exist as multiple instances, which are differentiated by a user-specified, unique sequence ID. A listener policy maps an ACL of each type to an egress and defines the actions for the matching ACL.

Procedure

  1. Enter the Config mode. 
    device(config)#
  2. Configure the access list and actions. 
    device(config)# ip access-list acl-name
  3. Create the listener policy, match the ACL, and include any action subcommands for the policy. 
    device(config)# listener-policy lp-2
device(config-listener-policy)# match ip access-list acl5-ipv4

device(config-listener-policy)# strip-brtag
device(config-listener-policy)# vlan vl-4085
device(config-listener-policy)# description “ABCD”
  4. Configure an egress policy, and bind the listener policy, specifying any additional egress actions. 
    device(config-egress)# egress e2
device(config-egress)# set listener-policy lp-2
device(config-egress)# precedence 1 interface ethernet 1/14
  5. Configure an egress group and associate it with the egress policy. 
    device(config-egress-group)# egress-group eg_1
device(config-egress-group)# description egress-group_1
device(config-egress-group)# set egress e2
  6. Configure the route map, and set any other parameters, such as forwarding actions, match ip access list, and the egress-group. 
    device(config-route-map)# route-map R1 10
device(config-route-map)# forward-action permit
device(config-route-map)# match ip access-list test_1
device(config-route-map)# set egress-group eg_1
  7. Configure the interface port and channel for egress traffic.
    Note

    Note

    In the following example, traffic is leaving on slot/port number 2/14.
    interface ethernet 2/14
speed 100000
description To_Tool
no shutdown
  8. Configure the interface port and channel for ingress traffic.
    Note

    Note

    In the following example, traffic is coming in on slot/port number 2/3. 
    interface ethernet 2/3
description From_TAP
ingress-group TAP_TRAFFIC
no shutdown
  9. Configure an ingress group and associate a route map. 
    ingress-group TAP_TRAFFIC
set route-map R1 10
9038134-00 Rev AA