apply policy(Contexts: config-if, config-if-vlan, config-vlan)

Syntax

Context: config-if:

apply policy <POLICY-NAME> {in|routed-in}

no apply policy <POLICY-NAME> {in|routed-in}

Context: config-if-vlan:

apply policy <POLICY-NAME> routed-in

no apply policy <POLICY-NAME> routed-in

Context: config-vlan:

apply policy <POLICY-NAME> in

no apply policy <POLICY-NAME> in

Description

Applies a policy to the current interface or VLAN context.

Only one direction of a policy can be applied to an interface or VLAN at a time, thus using the apply command on an interface or VLAN with an already-applied policy of the same direction will replace the currently applied policy.

NOTE:

The VLAN context only supports the in direction, which applies to both bridged and routed traffic. The Interface VLAN context only supports the routed-in direction which applies only to routed traffic.

The no form of this command removes a policy from the interface or VLAN specified by the current context.

Command context

config-if

config-if-vlan

config-vlan

Parameters

<POLICY-NAME>

Specifies the policy to apply.

in

Selects the inbound (ingress) traffic direction.

routed-in

Selects routed in traffic.

Authority

Administrators or local user group members with execution rights for this command.

Usage (applies to config-vlan context)

  • Only one policy type (ip, ipv6, or mac) may be applied to a VLAN at a time. Therefore, using the apply access-list command on a VLAN with an already-applied policy of the same type, will replace the applied policy.

  • When a policy is applied to a VLAN, it will create hardware entries on all line cards regardless of whether a VLAN member exists on any specific line card.

Examples

Applying a policy to an interface (ingress):

switch(config)# interface 1/1/1
switch(config-if)# apply policy MY_POLICY in

Applying a policy to an interface range (ingress):

switch(config)# interface 1/1/2-1/1/5
switch(config-if-<1/1/2-1/1/5>)# apply policy MY_POLICY2 in

Removing a policy from an interface range (ingress):

switch(config)# 1/1/2-1/1/5
switch(config-if)# no apply policy MY_POLICY2 in

Applying a policy to a VLAN (ingress):

switch(config)# vlan 10
switch(config-vlan-10)# apply policy MY_POLICY in

Applying a policy to multiple VLANs (ingress):

switch(config)# vlan 20,30
switch(config-vlan-<20,30>)# apply policy MY_POLICY in

Applying a policy to an interface VLAN range routed (ingress):

switch(config)# vlan 2-5
switch(config-if-vlan-<2-5>)# apply policy MY_POLICY3 in

Removing a policy from a VLAN (ingress):

switch(config)# vlan 10
switch(config-vlan-10)# no apply policy MY_POLICY in