Use this command to display policy classification and admin rule information.
| attribute | Displays the attributes of the specified rules. |
| all | admin-profile | profile-index | Displays all admin and classification rules, rules for the admin profile, or for a specific profile-index number. Valid index values are 1 - 1023 (S-, K-Series) 1 - 63 (7100-Series). |
| port-hit | Displays ports for which a policy rule-hit has occurred (S-, K-Series). |
| application | Displays based upon queries or responses from applications Link Local Multicast Name Resolution (LLMNR), Simple Service Discovery Protocol (SSDP), or Multicast Domain Name System - Self Discovery (mDNS-SD) (S-, K-Series). |
| ether | Displays Ethernet type II rules. |
| icmptype | Displays ICMP type rules (S-, K-Series). |
| ip6dest | Displays IPv6 destination address rules. |
| ip6source | Displays IPv6 source address rules (S-, K-Series). |
| ipdestsocket | Displays IP destination address rules with optional post-fixed port. |
| ipfrag | Displays IP fragmentation rules. |
| ipproto | Displays IP protocol field in IP packet rules. |
| ipsourcesocket | Displays IP source address rules with optional post-fixed port. |
| iptos | Displays Type of Service rules. |
| ipttl | Displays IP time-to-live (TTL) rules. |
| ipxclass | Displays IPX transmission control rules (S-, K-Series). |
| ipxdest | Displays destination IPX address rules (S-, K-Series). |
| ipxsource | Displays source IPX address rules (S-, K-Series). |
| ipxdestsocket | Displays destination IPX socket rules (S-, K-Series). |
| ipxsourcesocket | Displays source IPX socket rules (S-, K-Series). |
| ipxtype | Displays IPX packet type rules (S-, K-Series). |
| llcDsapSsap | Displays 802.3 DSAP/SSAP rules (S-, K-Series). |
| macdest | Displays MAC destination address rules. |
| macsource | Displays MAC source address rules. |
| port | Displays port related rules. |
| tci | Displays Tag Control Information rules (S-, K-Series). |
| tcpdestport | Displays TCP destination port rules. |
| tcpdestportip | Displays TCP destination port with optional IP address rules. |
| tcpsourceport | Displays TCP source port rules. |
| tcpsourceportip | Displays TCP source port with optional IP address rules. |
| udpdestport | Displays UDP destination port rules. |
| udpsourceport | Displays |
| udpsourceportip | Displays UDP source port with optional IP address rules. |
| vlantag | Displays VLAN tag rules (S-, K-Series). |
| data | (Not required for ipfrag classification.) Displays rules for a predefined classifier. This value is dependent on the classification type entered. Refer to Valid Values for Policy Classification Rules for valid values for each classification type. |
| mask mask | (Optional) Displays rules for a specific data mask. Refer to Valid Values for Policy Classification Rules for valid values for each classification type and data value. |
| port-string port-string | (Optional) Displays rules related to a specific ingress port. |
| rule-status active | not-in-service | not-ready | (Optional) Displays rules related to a specific rules status. |
| storage-type non-volatile | volatile | (Optional) Displays rules configured for either non-volatile or volatile storage. |
| vlan vlan | (Optional) Displays rules for a specific VLAN ID (S-, K-Series). |
| drop | forward | Displays rules based on whether matching packets specified by the vlan parameter will be dropped or forwarded. |
| dynamic-pid dynamic-pid | Displays rules associated with a specific dynamic policy profile index ID. |
| cos cos | (Optional) Displays rules for a Class-of-Service value. |
| admin-pid admin-pid | Displays rules associated with a specific administrative policy profile index ID. |
| syslog enable | disable | (Optional) Displays rules that have Syslog enabled or disabled (S-, K-Series). |
| trap enable | disable | (Optional) Displays rules that have SNMP traps enabled or disabled (S-, K-Series). |
| disable-port enable | disable | (Optional) Displays rules that have the disable port feature enabled or disabled (S-, K-Series). |
| usage-list usage-list | (Optional) Displays all rule usage for the specified port (S-, K-Series). |
| display-if-used port-list | (Optional) Displays only rule(s) used for the specified port (S-, K-Series). |
| tci-overwrite enable | disable | prohibit | (Optional) Displays TCI overwrite rules (S-, K-Series). |
| mirror-destination mirror-index | (Optional) Displays rules for the specified mirror destination index (S-, K-Series). |
| clear-mirror | (Optional) Displays clear mirror rules (S-, K-Series). |
| prohibit-mirror | (Optinal) Displays prohibit mirror rules (S-, K-Series). |
| -verbose | (Optional) Displays detailed information. |
| -wide | (Optional) Display is greater than 80 characters in width. |
All command modes.
This S- and K-Series example shows how to display policy classification information for macsource rules:
System(rw)->show policy rule macsource Admn|Rule Type |Rule Data |Msk|PortStr |RS|ST|STDO|dPID|aPID|Mir|U|Qua| admn|MACSource |00-00-11-00-00-11 | 48|ge.2.2 | A| V| |fwrd| | |?| | admn|MACSource |00-00-12-00-00-12 | 48|ge.2.4 | A| V| |fwrd| | |?| | admn|MACSource |00-00-21-00-00-21 | 48|ge.2.46 | A| V| |fwrd| | |?| | admn|MACSource |00-00-22-00-00-22 | 48|ge.2.48 | A| V| |fwrd| | |?| | admn|MACSource |00-01-F4-DA-04-92 | 48|ge.2.1 | A| V| |fwrd| | |?| | admn|MACSource |00-11-22-33-44-55 | 48|ge.2.10 | A| V| |fwrd| | |?| | admn|MACSource |00-11-88-15-EF-13 | 48|ge.2.1 | A| V| |fwrd| | |?| | admn|MACSource |00-11-88-BD-A9-22 | 48|ge.2.1 | A| V| |fwrd| | |?| | admn|MACSource |00-11-88-FE-52-74 | 48|ge.2.1 | A| V| |fwrd| | |?| |
This example shows how to display admin rule information for the policy profile with rule type UDP source port:
System(rw)->show policy rule udpsourceport PID |Rule Type |Rule Data |Msk|PortStr |RS|ST|STDO|VLAN|CoS |Mir|U|Qua| 4 |UDPSrcPort |67 | 16|All | A|NV| | | | |?|1 | 4 |UDPSrcPort |161 | 16|All | A|NV| |drop| | |?| | 4 |UDPSrcPort |162 | 16|All | A|NV| |drop| | |?| | 10 |UDPSrcPort |67 | 16|All | A|NV| |drop| | |?|1 | 10 |UDPSrcPort |69 | 16|All | A|NV| |drop| | |?| | 10 |UDPSrcPort |520 | 16|All | A|NV| |drop| 7| |?| | 10 |UDPSrcPort |13119 | 16|All | A|NV|Y |drop| | |?|1 |
This 7100-Series example shows how to display policy classification information for port rules:
System(rw)->show policy rule port Admn|Rule Type |Rule Data |Msk|PortStr |RS|ST||dPID|aPID| admn|Port |tg.1.11 | 16|tg.1.11 | A|NV|| | 7| admn|Port |tg.1.16 | 16|tg.1.16 | A|NV|| | 7| admn|Port |tg.1.45 | 16|tg.1.45 | A|NV|| | 7| admn|Port |tg.1.46 | 16|tg.1.46 | A|NV|| | 7| admn|Port |tg.2.11 | 16|tg.2.11 | A|NV|| | 7| admn|Port |tg.2.16 | 16|tg.2.16 | A|NV|| | 7|
This 7100-Series example shows how to display admin rule information for the policy profile with index number 7 :
System(rw)->show policy rule admin-pid 7 Admn|Rule Type |Rule Data |Msk|PortStr |RS|ST|dPID|aPID| admn|Port |tg.1.11 | 16|tg.1.11 | A|NV| | 7| admn|Port |tg.1.16 | 16|tg.1.16 | A|NV| | 7| admn|Port |tg.1.45 | 16|tg.1.45 | A|NV| | 7| admn|Port |tg.1.46 | 16|tg.1.46 | A|NV| | 7| admn|Port |tg.2.11 | 16|tg.2.11 | A|NV| | 7| admn|Port |tg.2.16 | 16|tg.2.16 | A|NV| | 7|
show policy rule Output Details provides an explanation of the command output.
show policy rule Output Details
| Output... | What it displays... |
|---|---|
| PID | Profile profile index number, indicating a classification rule is displayed. Assigned to this classification rule with the set policy profile command (set policy profile). |
| Admin | Indicates an admin rule is displayed. |
| Rule Type | Whether the rule protocol-based or port-based. Refer to Valid Values for Policy Classification Rules\ for valid classification types. |
| Rule Data | Rule data value. Refer to Valid Values for Policy Classification Rules for valid values for each classification type. |
| Msk | Rule data mask. Refer to Valid Values for Policy Classification Rules for valid values for each classification data value. |
| PortStr | Ingress port(s) to which this rule applies. |
| RS | Whether or not the status of this rule is active (A), not in service or not ready. |
| ST | Whether or not this rule‘s storage type is non-volatile (NV) or volatile (V). |
| S | Whether or not Syslog is enabled (Y) or disabled for this rule (S-, K-Series). |
| T | Whether or not SNMP traps are enabled (Y) or disabled for this rule (S-, K-Series). |
| D | Whether or not the port disable feature is enabled (Y) or disabled for this rule (S-, K-Series). |
| Vlan | VLAN ID to which this rule applies and whether or not matching packets will be dropped or forwarded. |
| CoS | Class of Service value to which this rule applies. |
| Mir | Whether or not a destination mirror is applied to this policy (S-, K-Series). |
| U | Whether or not this rule has been used (S-, K-Series). |
| dPID | Whether or not this is a dynamic profile ID. |
| aPID | Whether or not this is an administrative profile index ID. |
| Qua | The quarantine policy profile index if a quarantine policy profile is applied to the rule. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB