Home
Support
Product Support
Routers
Cisco SD-WAN
Configuration Guides

Cisco Catalyst SD-WAN Interfaces Configuration Guide, Releases 26.x and Later

What does a loopback TLOC interface enable across private WANs?
What traffic do implicit ACLs on loopback interfaces apply to?
Which command verifies implicit ACL configurations?

View all Saved Content

PDF

Is this content helpful?

Helpful Unhelpful

Suggestions for Improvement

Thank you for your feedback. Your response has been recorded.

Ask about this content

Cisco Catalyst SD-WAN Interfaces Configuration Guide, Releases 26.x and Later

What does a loopback TLOC interface enable across private WANs?
What traffic do implicit ACLs on loopback interfaces apply to?
Which command verifies implicit ACL configurations?

Expand all sections

About this content

Network Interfaces

Network Interfaces

Cellular Interfaces

Feature history for cellular interfaces
Cellular interfaces
Supported devices
Guidelines
Configure cellular interface
Reset the profile configuration of a cellular modem
Troubleshoot LTE modem crash

DSL IPoE

Configure DSL IPoE

DSL PPPoA

Configure DSL PPPoA

DSL PPPoE

Feature history for DSL PPPoe
Configure DSL PPPoE

Dynamic Interfaces

Feature history for dynamic interfaces
Configure dynamic interfaces

EtherChannels

Feature history for EtherChannels
EtherChannels on the service side
EtherChannels on the transport side
Monitor configured EtherChannel using CLI
Aggregate EtherChannel Quality of Service

IP Directed Broadcast

IP directed broadcast
Configure IP directed broadcast using CLI commands

Loopback Interfaces

Feature history for loopback interfaces
Loopback interfaces
Implicit ACLs on loopback interfaces
Loopback TLOC interface bound to a physical WAN interface
Loopback TLOC interface not bound to a physical WAN interface
Bind mode and unbind mode
Configure implicit ACL on loopback interfaces using CLI commands
Examples of implicit ACL configurations on loopback interfaces
Verify implicit ACL configurations on loopback interfaces

Subinterfaces

Subinterfaces
Configuration examples for subinterfaces
Verify configurations on subinterfaces

VPN Ethernet Interface

Configure VPN ethernet interface

VPN Interface Bridge

Configure VPN interface bridge

VPN Interface Ethernet PPPoE

Configure VPN interface ethernet PPPoE

VPN Interface GRE

Configure VPN interface GRE

VPN Interface IPsec

Feature history for VPN interface IPsec
Configure VPN interface IPsec
CLI configuration examples for VPN interface IPsec

VPN Interface Multilink

Configure VPN interface multilink

VPN Interface SVI

Feature history for VPN interface SVI
Configure VPN interface SVI

VPN Interface T1/E1

Configure VPN interface T1/E1

VRRP Interface Tracking

Feature history for VRRP interface tracking
VRRP
Restrictions for VRRP interface tracking
VRRP tracking use cases
Configure VRRP
Configure VRRP tracking using CLI templates
Configure VRRP tracking
Monitor VRRP configuration
Verify VRRP tracking

Bind mode and unbind mode

Updated: April 24, 2026

Want to summarize with AI?

On this page

Bind mode

Unbind mode

Outlines the differences between bind and unbind modes for loopback interfaces, clarifying their impact on interface configuration and traffic forwarding.

The difference between the bind mode and the unbind mode for loopback TLOC is that in a bind mode the passthrough traffic is dropped because the bound physical interface is treated as a TLOC by itself. In an unbind mode, the passthrough traffic is allowed.

Bind mode

A Cisco IOS XE Catalyst SD-WAN device has Loopback1 and Loopback2 configured as TLOCs and bound to the physical interface GigabitEthernet1. The device also has another interface, Loopback3, which is not configured as a TLOC.

Physical interface GigabitEthernet1 will be treated as a TLOC interface for incoming VPN 0.

In this example:

If the traffic is destined for Loopback1, implicit ACL rules of Loopback1 are applied.
If the traffic is destined for Loopback2, implicit ACL rules of Loopback2 are applied.
If the traffic is destined for Loopback3 on GigabitEthernet1, traffic is allowed.
If the traffic is destined for another device passing through GigabitEthernet1, it is dropped.

If the bound interface, GigabitEthernet1, is also configured as a TLOC, the traffic to Loopback3 will be subjected to implicit ACL rules on GigabitEthernet1.

Unbind mode

A Cisco IOS XE Catalyst SD-WAN device has Loopback1 configured as a TLOC and is in unbind mode. Loopback2 is not configured as a TLOC. The device also has GigabitEthernet1 interface, which is configured as a TLOC, and GigabitEthernet4 interface, which is not configured as a TLOC.

In this example:

If the traffic destined for Loopback1 arrives at GigabitEthernet1, the Loopback1 implicit ACL rules are applied. If the traffic is destined for GigabitEthernet1, the GigabitEthernet1 implicit ACL rules are applied.
If the traffic destined for Loopback1 arrives at GigabitEthernet4, the Loopback1 implicit ACL rules are applied. If the traffic is destined for GigabitEthernet4, traffic is allowed.
If the traffic destined for Loopback2 arrives on GigabitEthernet1, the GigabitEthernet1 implicit ACL rules are applied. If the traffic is destined for another device passing through GigabitEthernet1, it is dropped.

If the traffic is destined for another device passing through GigabitEthernet4, the traffic is forwarded.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.