Create an Ingress Policy for a Device

An ingress policy (or route map) defines the actions to apply to inbound packets.

Before you begin

Create a policy rule match to associate with the policy. For more information, see Create a Policy Rule Match for a Device.

Create an egress group to associate with the policy. For more information, see Create an Egress Group.

About this task

Take the following steps to define the criteria for a policy. Each set of criteria is a rule. A policy can contain multiple rules.

Procedure

  1. In the Navigation menu, select Configure.
  2. In the Devices panel, select the device for which you want to create a policy.
  3. Select the Configurations tab.
  4. In the Device Config menu, select Add Policy.
  5. In the Name field, enter a unique name for the policy.
    An ingress policy cannot have the same name as an egress policy or another ingress policy.
  6. In the Policy Type field, select Ingress Policy.
  7. Select the Sequence in which to apply the rule.
  8. Select a policy rule Match.
    Note

    Note

    • If you did not create a policy rule match, select Create Match to create the match now.
    • You cannot use the same policy rule match multiple times in a policy. Rule match usage is limited to once per policy.
    • (MLX only) Do not apply an L2 rule match and a UDA rule match in the same policy. Doing so causes the related ingress group to fail.
    • (MLX only) If you add a UDA rule match to a policy that is associated with an ingress group, ensure that you first apply the associated UDA profile to that group. For more information, see Create an Ingress Group for an SLX or MLX Device.
  9. In the Egress Group field, select the group to associate with the policy.
  10. (MLX and 9920 only) In the Packet Slicing field, enter a value to represent the maximum packet size after slicing.
    The final packet size will be less than or equal to this value.
  11. (SLX only) In the Truncation Profile field, select a profile that you created for a port or port channel.
    For more information, see Create a Port Channel or Configure Port Properties.
  12. In the Advance Scope section, select one of the following:
    • Decap to remove the outer tunnel headers from the packet
    • Scope Shift to move the ACL scope for matching from the outer headers to the inner headers of a tunneled packet
    • None to perform neither action
  13. To prevent the rule from being used in the policy, select Deny.
    Tip

    Tip

    This option prevents the rule from being used, but does not delete the configuration of the rule. The rule is skipped and is not used to drop a packet. You can reinstate the rule later without having to reconfigure it.
  14. Select Add.
    The rule parameters appear in the pane on the right.
  15. Repeat steps 7 through 14 until you have added all the rules you need.
  16. Save () your selections.
9037155-00 Rev AA