policy
Syntax
policy <POLICY-NAME>
[<SEQUENCE-NUMBER>]
class {ip|ipv6|mac} <CLASS-NAME>
action {<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}
[{<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}]
[<SEQUENCE-NUMBER>]
comment ...Description
Creates or modifies classifier policy and policy entries. A policy is made up of one or more policy entries ordered and prioritized by sequence numbers. Each entry has an IPv4/IPv6/MAC class and one or more policy actions associated with it.
A policy must be applied using the
apply command.
The
no form of the command can be used to delete either a policy (use
no with the policy command) or an individual policy entry (use
no with the sequence number).
Command context
config
The
policy command takes you into the
config-policy context where you enter the policy entries.
Parameters
<POLICY-NAME>Specifies the name of the policy.
<SEQUENCE-NUMBER>Specifies a sequence number for the policy entry. Optional. Range: 1-4294967295.
commentStores the remaining entered text as a policy entry comment.
class {ip|ipv6|mac} <CLASS-NAME>Specifies a type of class,
ipfor IPv4,ipv6for IPv6 andmacfor a MAC policy. And specifies a class name.<REMARK-ACTIONS>Remark actions can be any of the following options:
{pcp <PRIORITY> | ip-precedence <IP-PRECEDENCE-VALUE>| dscp <DSCP-VALUE>}where:pcp <PCP-VALUE>Specifies Priority Code Point (PCP) value. Range: 0-7.
ip-precedence <IP-PRECEDENCE-VALUE>Specifies the numeric IP precedence value. Range: 0-7.
[dscp <DSCP-VALUE>]Specifies a Differentiated Services Code Point (DSCP) value. Enter either a numeric value (0-63) or a keyword as follows:
AF11- DSCP 10 (Assured Forwarding Class 1, low drop probability)AF12- DSCP 12 (Assured Forwarding Class 1, medium drop probability)AF13- DSCP 14 (Assured Forwarding Class 1, high drop probability)AF21- DSCP 18 (Assured Forwarding Class 2, low drop probability)AF22- DSCP 20 (Assured Forwarding Class 2, medium drop probability)AF23- DSCP 22 (Assured Forwarding Class 2, high drop probability)AF31- DSCP 26 (Assured Forwarding Class 3, low drop probability)AF32- DSCP 28 (Assured Forwarding Class 3, medium drop probability)AF33- DSCP 30 (Assured Forwarding Class 3, high drop probability)AF41- DSCP 34 (Assured Forwarding Class 4, low drop probability)AF42- DSCP 36 (Assured Forwarding Class 4, medium drop probability)AF43- DSCP 38 (Assured Forwarding Class 4, high drop probability)CS0- DSCP 0 (Class Selector 0: Default)CS1- DSCP 8 (Class Selector 1: Scavenger)CS2- DSCP 16 (Class Selector 2: OAM)CS3- DSCP 24 (Class Selector 3: Signaling)CS4- DSCP 32 (Class Selector 4: Realtime)CS5- DSCP 40 (Class Selector 5: Broadcast video)CS6- DSCP 48 (Class Selector 6: Network control)CS7- DSCP 56 (Class Selector 7)EF- DSCP 46 (Expedited Forwarding)
<POLICE-ACTIONS>Police actions can be the following
{cir <RATE-BPS> cbs <BYTES> exceed}where:cir <RATE-BPS>Specifies a Committed Information Rate value in Kilobits per second. Range: 1-4294967295.
cbs <BYTES>Specifies a Committed Burst Size value in bytes. Range: 1-4294967295.
exceedSpecifies action to take on packets that exceed the rate limit.
<OTHER-ACTIONS>Other actions can be the following:
dropSpecifies drop traffic.
Authority
Administrators
Usage
An applied policy will process a packet sequentially against policy entries in the list until the last policy entry in the list has been evaluated or the packet matches an entry.
Entering an existing
<POLICY-NAME>value will cause the existing policy to be modified, with any new<SEQUENCE-NUMBER>value creating an additional policy entry, and any existing<SEQUENCE-NUMBER>value replacing the existing policy entry with the same sequence number.If no sequence number is specified, a new policy entry will be appended to the end of the entry list with a sequence number equal to the highest policy entry currently in the list plus 10.
Examples
Creating a policy with several entries:
switch(config)# policy MY_POLICY
switch(config-policy)# 10 class ipv6 MY_CLASS1 action dscp af21 action drop
switch(config-policy)# 20 class ip MY_CLASS3 action mirror 1
switch(config-policy)# exit
switch(config)# do show policy
Name
Sequence Comment
Class Type
action
-------------------------------------------------------------------------------
MY_POLICY
10
MY_CLASS1 ipv6
drop
dscp AF21
20
MY_CLASS3 ipv4
mirror 1
Adding a comment to an existing policy entry:
switch(config)# policy MY_POLICY
switch(config-policy)# 20 comment MY_TEST_POLICY
switch(config-policy)# exit
switch(config)# do show policy
Name
Sequence Comment
Class Type
action
-------------------------------------------------------------------------------
MY_POLICY
10
MY_CLASS1 ipv6
drop
dscp AF21
20 MY_TEST_POLICY
MY_CLASS3 ipv4
mirror 1
Removing a comment from an existing policy entry:
switch(config)# policy MY_POLICY
switch(config-policy)# no 20 comment
switch(config-policy)# exit
switch(config)# do show policy
Name
Sequence Comment
Class Type
action
-------------------------------------------------------------------------------
MY_POLICY
10
MY_CLASS1 ipv6
drop
dscp AF21
20
MY_CLASS3 ipv4
mirror 1
Adding/Replacing a policy entry in an existing policy:
switch(config)# policy MY_POLICY
switch(config-policy)# 10 class ip MY_CLASS3 action drop action dscp af21
switch(config-policy)# exit
switch(config)# do show policy
Name
Sequence Comment
Class Type
action
-------------------------------------------------------------------------------
MY_POLICY
10
MY_CLASS3 ipv4
drop
dscp AF21
20
MY_CLASS3 ipv4
mirror 1
Removing a policy entry:
switch(config)# policy MY_POLICY
switch(config-policy)# no 10
switch(config-policy)# exit
switch(config)# do show policy
Name
Sequence Comment
Class Type
action
-------------------------------------------------------------------------------
MY_POLICY
20
MY_CLASS3 ipv4
mirror 1
Removing a policy:
switch(config)# no policy MY_POLICY
switch(config)# do show policy
Name
Sequence Comment
Class Type
action
-------------------------------------------------------------------------------
MY_POLICY2
2
MY_CLASS3 ipv4
mirror 1