policy

Syntax

policy <POLICY-NAME>

    [<SEQUENCE-NUMBER>]
    class {ip|ipv6|mac} <CLASS-NAME>
          action {<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}
          [{<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}]
    
    [<SEQUENCE-NUMBER>]
    comment ...

Description

Creates or modifies classifier policy and policy entries. A policy is made up of one or more policy entries ordered and prioritized by sequence numbers. Each entry has an IPv4/IPv6/MAC class and zero or more policy actions associated with it.

A policy must be applied using the apply command.

The no form of the command can be used to delete either a policy (use no with the policy command) or an individual policy entry (use no with the sequence number).

Command context

config

The policy command takes you into the config-policy context where you enter the policy entries.

Parameters

<POLICY-NAME>

Specifies the name of the policy.

<SEQUENCE-NUMBER>

Specifies a sequence number for the policy entry. Optional. Range: 1 to 4294967295.

comment

Stores the remaining entered text as a policy entry comment.

class {ip|ipv6|mac} <CLASS-NAME>

Specifies a type of class, ip for IPv4, ipv6 for IPv6 and mac for a MAC policy. And specifies a class name.

<REMARK-ACTIONS>

Remark actions can be any of the following options: {pcp <PRIORITY> | ip-precedence <IP-PRECEDENCE-VALUE> | dscp <DSCP-VALUE> | local-priority <LOCAL-PRIORITY-VALUE>} where:

pcp <PCP-VALUE>

Specifies Priority Code Point (PCP) value. Range: 0 to 7.

ip-precedence <IP-PRECEDENCE-VALUE>

Specifies the numeric IP precedence value. Range: 0 to 7.

dscp <DSCP-VALUE>

Specifies a Differentiated Services Code Point (DSCP) value. Enter either a numeric value (0 to 63) or a keyword as follows:

  • AF11 - DSCP 10 (Assured Forwarding Class 1, low drop probability)

  • AF12 - DSCP 12 (Assured Forwarding Class 1, medium drop probability)

  • AF13 - DSCP 14 (Assured Forwarding Class 1, high drop probability)

  • AF21 - DSCP 18 (Assured Forwarding Class 2, low drop probability)

  • AF22 - DSCP 20 (Assured Forwarding Class 2, medium drop probability)

  • AF23 - DSCP 22 (Assured Forwarding Class 2, high drop probability)

  • AF31 - DSCP 26 (Assured Forwarding Class 3, low drop probability)

  • AF32 - DSCP 28 (Assured Forwarding Class 3, medium drop probability)

  • AF33 - DSCP 30 (Assured Forwarding Class 3, high drop probability)

  • AF41 - DSCP 34 (Assured Forwarding Class 4, low drop probability)

  • AF42 - DSCP 36 (Assured Forwarding Class 4, medium drop probability)

  • AF43 - DSCP 38 (Assured Forwarding Class 4, high drop probability)

  • CS0 - DSCP 0 (Class Selector 0: Default)

  • CS1 - DSCP 8 (Class Selector 1: Scavenger)

  • CS2 - DSCP 16 (Class Selector 2: OAM)

  • CS3 - DSCP 24 (Class Selector 3: Signaling)

  • CS4 - DSCP 32 (Class Selector 4: Real time)

  • CS5 - DSCP 40 (Class Selector 5: Broadcast video)

  • CS6 - DSCP 48 (Class Selector 6: Network control)

  • CS7 - DSCP 56 (Class Selector 7)

  • EF - DSCP 46 (Expedited Forwarding)

local-priority <LOCAL-PRIORITY-VALUE>

Specifies a local priority value. Range: 0 to 7.

<POLICE-ACTIONS>

Police actions can be the following {cir <RATE-BPS> cbs <BYTES> exceed} where:

cir kbps <RATE-KBPS>

Specifies a Committed Information Rate value in Kilobits per second. Range: 1 to 4294967295.

cbs <BYTES>

Specifies a Committed Burst Size value in bytes. Range: 1 to 4294967295.

exceed

Specifies action to take on packets that exceed the rate limit.

<OTHER-ACTIONS>

Other actions can be the following:

drop

Specifies drop traffic.

Authority

Administrators or local user group members with execution rights for this command.

Usage

  • An applied policy will process a packet sequentially against policy entries in the list until the last policy entry in the list has been evaluated or the packet matches an entry.

  • Entering an existing <POLICY-NAME> value will cause the existing policy to be modified, with any new <SEQUENCE-NUMBER> value creating an additional policy entry, and any existing <SEQUENCE-NUMBER> value replacing the existing policy entry with the same sequence number.

  • If no sequence number is specified, a new policy entry will be appended to the end of the entry list with a sequence number equal to the highest policy entry currently in the list plus 10.

  • On an 8400 switch, IP remarking (ip-precedence, dscp) will only be performed if the packet is routed.

Examples

Creating a policy with several entries:

switch(config)# policy MY_POLICY
switch(config-policy)# 10 class ipv6 MY_CLASS1 action dscp af21 action drop
switch(config-policy)# 20 class ip MY_CLASS3 action mirror 1
switch(config-policy)# exit
switch(config)# do show policy
           Name
  Sequence Comment
           Class Type
                    action
-------------------------------------------------------------------------------
           MY_POLICY
        10
           MY_CLASS1 ipv6
                    drop
                    dscp AF21

        20
           MY_CLASS3 ipv4
                    mirror 1

Adding a comment to an existing policy entry:

switch(config)# policy MY_POLICY
switch(config-policy)# 20 comment MY_TEST_POLICY
switch(config-policy)# exit
switch(config)# do show policy
           Name
  Sequence Comment
           Class Type
                    action
-------------------------------------------------------------------------------
           MY_POLICY
        10
           MY_CLASS1 ipv6
                    drop
                    dscp AF21

        20 MY_TEST_POLICY
           MY_CLASS3 ipv4
                    mirror 1

Removing a comment from an existing policy entry:

switch(config)# policy MY_POLICY
switch(config-policy)# no 20 comment
switch(config-policy)# exit
switch(config)# do show policy
           Name
  Sequence Comment
           Class Type
                    action
-------------------------------------------------------------------------------
           MY_POLICY
        10
           MY_CLASS1 ipv6
                    drop
                    dscp AF21

        20
           MY_CLASS3 ipv4
                    mirror 1

Adding/Replacing a policy entry in an existing policy:

switch(config)# policy MY_POLICY
switch(config-policy)# 10 class ip MY_CLASS3 action drop action dscp af21
switch(config-policy)# exit
switch(config)# do show policy
           Name
  Sequence Comment
           Class Type
                    action
-------------------------------------------------------------------------------
           MY_POLICY
        10
           MY_CLASS3 ipv4
                    drop
                    dscp AF21

        20
           MY_CLASS3 ipv4
                    mirror 1

Removing a policy entry:

switch(config)# policy MY_POLICY
switch(config-policy)# no 10
switch(config-policy)# exit
switch(config)# do show policy
           Name
  Sequence Comment
           Class Type
                    action
-------------------------------------------------------------------------------
           MY_POLICY
        20
           MY_CLASS3 ipv4
                    mirror 1

Removing a policy:

switch(config)# no policy MY_POLICY
switch(config)# do show policy
           Name
  Sequence Comment
           Class Type
                    action
-------------------------------------------------------------------------------
           MY_POLICY2
         2
           MY_CLASS3 ipv4
                    mirror 1