Cisco Catalyst SD-WAN Policy Groups Configuration Guide, Releases 26.x and Later

PDF

Policy groups

Want to summarize with AI?

Log in

Explains policy groups and their role in simplifying the configuration and deployment of policies on Cisco IOS XE Catalyst SD-WAN devices.


A policy group is a collection of policies and policy parameters that

  • provides a simple, reusable, and structured approach for configuring policies and policy objects in Cisco IOS XE Catalyst SD-WAN devices

  • allows you to configure basic and necessary policies with defaults to get your systems up and running through a simplified workflow, and

  • can be associated with one or more sites or a single device at the site in the network and deployed on devices managed by configuration groups.

Policy group configuration options

Policy groups allow you to configure policies using different approaches:

  • Basic configuration: Configure the basic and necessary policies with defaults through a simplified workflow

  • Advanced layout: Switch to complete control and configure detailed policy parameters such as service-level agreement (SLA) class, Quality of Service (QoS) Maps, and Match-Action parameters pertaining to the traffic policy

After you've configured a policy group, you can deploy it on Cisco IOS XE Catalyst SD-WAN devices.


Policy group benefits

  • Simplified user experience through an intuitive UI that allows you to quickly configure the basic policies that are required to get your Cisco Catalyst SD-WAN deployments up and running.

  • Option to edit policy groups based on the changing needs of your network and save the configuration. You can choose to deploy these changes only when needed - during maintenance windows or in off-production hours.

  • A Preview CLI option to preview the difference in configuration for relevant devices such as Cisco IOS XE Catalyst SD-WAN device and Cisco SD-WAN Controller in one location.

  • Workflows to deploy policy groups.


Supported devices for policy groups

This feature is supported only on Cisco IOS XE Catalyst SD-WAN devices.


Configure prerequisites for policy groups

Before you begin

Before you begin configuring policy groups, ensure that these requirements are met:

  • Minimum software version for Cisco IOS XE Catalyst SD-WAN devices: Cisco IOS XE Catalyst SD-WAN Release 17.8.1a

    Minimum software version for Cisco SD-WAN Manager: Cisco Catalyst SD-WAN Manager Release 20.12.1

  • Ensure that these devices are deployed and managed using a configurations group. For more information about creating configuration groups, see Configuration Groups and Feature Profiles.

Follow these steps to configure RBAC for policy groups and application priority policies:

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Administration > Manage Users > User Groups.

Ensure that the granular role-based access control (RBAC) for policy groups is specified by expanding it. With specific permissions to the usergroup, ensure that you are able to access policy groups from Configuration > Policy Groups.

2.

Click Add User Group.

3.

Enter User Group Name.

4.

Select the Read or Write check box against the Policy Group and Device feature that you want to assign to a user group.

5.

Click Add.

6.

From the Cisco SD-WAN Manager menu, choose Administration > Manage Users > User Groups.

Ensure that the granular RBAC for the application priority policy is specified by expanding it. With the set permissions to the usergroup, ensure that you are able to access the application priority policy from Configuration > Policy Groups.

7.

Click Add User Group.

8.

Enter User Group Name.

9.

Select the Read or Write check box against these features that you want to assign to a user group:

  • Feature Profile > Application Priority > Qos Policy

  • Feature Profile > Application Priority > Traffic Policy

  • Feature Profile > Policy Object > App List

  • Feature Profile > Policy Object > SLA Class

  • Feature Profile > Policy Object > TLOC

  • Feature Profile > Policy Object > App Probe

  • Feature Profile > Policy Object > Preferred Color Group

  • Feature Profile > Policy Object > Class

  • Feature Profile > Policy Object > Data Prefix

  • Feature Profile > Policy Object > Data Ipv6

  • Feature Profile > Policy Object > Policer

10.

Click Add.


Restrictions for policy groups

Policy groups have several restrictions that impact configuration and deployment capabilities:

  • The Application Priority and SLA workflow does not support custom applications.

  • Before deploying policy groups to devices, they must first be managed by a configuration group.

  • The forwarding class in localized policy is not supported.

  • An error occurs when a duplicate parcel name (for example, Site27-VPN1) exists in another configuration group. Verify existing parcel names across all groups and modify the intended name to ensure exclusivity. Use descriptive naming conventions to prevent conflicts.