apply policy
(Contexts:
config-if
,
config-if-vlan
,
config-vlan
)
Syntax
Context:
config-if
:
apply policy <POLICY-NAME> {in|out|routed-in}
no apply policy <POLICY-NAME> {in|out|routed-in}
Context:
config-if-vlan
:
apply policy <POLICY-NAME> routed-in
no apply policy <POLICY-NAME> routed-in
Context:
config-vlan
:
apply policy <POLICY-NAME> {in|out}
no apply policy <POLICY-NAME> {in|out}
Description
Applies a policy to the current interface or VLAN context.
Only one direction of a policy can be applied to an interface or VLAN at a time, thus using the apply command on an interface or VLAN with an already-applied policy of the same direction will replace the currently applied policy.
The VLAN context supports the
in
and
out
directions, which apply to both bridged and routed traffic. The Interface VLAN context only supports the
routed-in
direction which applies only to routed traffic.
The
no
form of this command removes a policy from the interface or VLAN specified by the current context.
Command context
config-if
config-if-vlan
config-vlan
Parameters
<POLICY-NAME>
Specifies the policy to apply.
in
Selects the inbound (ingress) traffic direction.
out
Selects the outbound (egress) traffic direction.
routed-in
Selects routed in traffic.
Authority
Administrators or local user group members with execution rights for this command.
Usage (applies to config-vlan context)
Only one policy may be applied to a VLAN at a time. Therefore, using the
apply policy
command on a VLAN with an already-applied policy of the same type, will replace the applied policy.6300 Switch Series (standalone) only: If during switch reboot, a policy fails to be applied to a VLAN, all the ports will be shut down. The switch must be restarted to recover from the failure. Modifying the VLAN or policy configuration will not cause the ports to be restarted.
6400 Switch Series only: If during hotswap or switch reboot, a policy fails to be applied to a VLAN, the failed line card will shut down all its ports. The line card must be restarted (with the
module
command) to recover from the failure. If the 6400 has no line card installed, then the switch must be restarted. Modifying the VLAN or policy configuration will not cause the line card to be restarted.6400 Switch Series only: When a policy is applied to a VLAN, it will create hardware entries on all line cards and stack members regardless of whether a VLAN member exists on any specific line card.
Examples
On the 6400 Switch Series, interface identification differs.
Applying a policy to an interface (ingress):
switch(config)# interface 1/1/1 switch(config-if)# apply policy MY_POLICY in
Applying a policy to an interface (egress):
switch(config)# interface 1/1/2 switch(config-if)# apply policy MY_POLICY2 out
Applying a policy to an interface range (egress):
switch(config)# interface 1/1/2-1/1/5 switch(config-if-<1/1/2-1/1/5>)# apply policy MY_POLICY3 out
Removing a policy from an interface range (egress)
switch(config)# 1/1/2-1/1/5 switch(config-if)# no apply policy MY_POLICY3 out
Applying a policy to a VLAN (ingress):
switch(config)# vlan 10 switch(config-vlan-10)# apply policy MY_POLICY in
Applying a policy to multiple VLANs (egress):
switch(config)# vlan 20,30 switch(config-vlan-<20,30>)# apply policy MY_POLICY2 out
Applying a policy to an interface VLAN range routed (ingress):
switch(config)# vlan 2-5 switch(config-if-vlan-<2-5>)# apply policy MY_POLICY3 routed-in
Removing a policy from a VLAN (ingress):
switch(config)# vlan 10 switch(config-vlan-10)# no apply policy MY_POLICY in