Policy commands

Overview

These commands create a context that may be used to classify the policy. From the existing policy command, a new policy type called user was added. The new actions are specific to policy user:

  • redirect

  • permit

  • deny


[NOTE: ]

NOTE: Only L3 classes (IPv4 and IPv6) are currently supported.

The user policy includes “implicit deny all rules” for both IPv4 and IPv6 traffic.


policy user

Syntax

policy user <POLICY-NAME>

Description

Create and enter newly created user policy context.

Usage

Switch (config)# policy user employee

[no] policy user

Syntax

[no] policy user <POLICYNAME>

Description

Delete and remove specified user policy from switch configuration.

Operating notes

  • The user policy will include implicit “deny all” rules for both IPv4 and IPv6 traffic.

  • ipv4 or ipv6 classes must specify source address as any. Specifying host addresses or subnets will result in the following error message:

    Switch (policy-user)# class ipv4 class25 action priority 0 
    User policies cannot use classes that have a source IP address specified.
  • permit and deny are mutually exclusive.

  • ip-precedence and dscp are mutually exclusive.

Usage

Switch (config)# no policy user employee

policy resequence

Syntax

policy resequence <POLICYNAME> <START><INCREMENT>

Description

Resequence classes and remarks configured within specified user policy. The usage shows resequencing classes and remarks within user policy “employee” starting at 200 and incrementing by 2.

Usage

Switch (config)# policy user employee 200 2

Commands in the policy-user context

Create classes inside of the policy context before you apply actions to them.

(policy-user)# class

Within the policy-user context:

Syntax
(policy-user)# [no] [<SEQUENCE-NUMBER>] class ipv4 | ipv6 <CLASS-NAME> [action permit | deny | redirect captive portal] | [action dscp | ip—precedence <CODEPOINT | PRECEDENCE>] [action priority <PRIORITY>] | [action rate-limit kbps <RATE>]
Description

Associate a class with ACL or QoS actions for this policy.

Options

Options

deny

Deny all traffic.

DSCP

Specify an IP DSCP.

IP-precedence

Specify the IP precedence.

permit

Permit all traffic.

priority

Specify the priority.

rate-limit

Configure rate limiting for all traffic.

redirect

Specify a redirect destination.

Usage
Switch(policy-user)# class ipv6 employeeIpv6Http action deny
Switch(policy-user)# class ipv4 http action redirect captive-portal
Switch(policy-user)# class ipv4 dnsDhcp action permit