Policy commands
Overview
These commands create a context that may be used to classify
the policy. From the existing policy
command, a
new policy type called user was added. The new
actions are specific to policy user:
redirect
permit
deny
NOTE: Only L3 classes (IPv4 and IPv6) are currently supported. The user policy includes “implicit deny all rules” for both IPv4 and IPv6 traffic. | |
policy user
Syntax
policy user <POLICY-NAME>
Description
Create and enter newly created user policy context.
Usage
Switch (config)# policy user employee
[no] policy user
Syntax
[no] policy user <POLICYNAME>
Description
Delete and remove specified user policy from switch configuration.
Operating notes
The user policy will include implicit “deny all” rules for both IPv4 and IPv6 traffic.
ipv4 or ipv6 classes must specify source address as
any
. Specifying host addresses or subnets will result in the following error message:Switch (policy-user)# class ipv4 class25 action priority 0 User policies cannot use classes that have a source IP address specified.
permit
anddeny
are mutually exclusive.ip-precedence
anddscp
are mutually exclusive.
Usage
Switch (config)# no policy user employee
policy resequence
Syntax
policy resequence<POLICYNAME>
<START>
<INCREMENT>
Description
Resequence classes and remarks configured within specified user policy. The usage shows resequencing classes and remarks within user policy “employee” starting at 200 and incrementing by 2.
Usage
Switch (config)# policy user employee 200 2
Commands in the policy-user context
Create classes inside of the policy context before you apply actions to them.
(policy-user)# class
Within the policy-user context:
Syntax
(policy-user)# [no] [<SEQUENCE-NUMBER>
] class ipv4 | ipv6<CLASS-NAME>
[action permit | deny | redirect captive portal] | [action dscp | ip—precedence<CODEPOINT | PRECEDENCE>
] [action priority<PRIORITY>
] | [action rate-limit kbps<RATE>
]
Description
Associate a class with ACL or QoS actions for this policy.
Options
Options
deny | Deny all traffic. |
DSCP | Specify an IP DSCP. |
IP-precedence | Specify the IP precedence. |
permit | Permit all traffic. |
priority | Specify the priority. |
rate-limit | Configure rate limiting for all traffic. |
redirect | Specify a redirect destination. |
Usage
Switch(policy-user)# class ipv6 employeeIpv6Http action deny
Switch(policy-user)# class ipv4 http action redirect captive-portal
Switch(policy-user)# class ipv4 dnsDhcp action permit