Configuring Policy

• name – (Optional) Specifies a name for this policy profile; used by the filter-ID attribute. This is a string from 1 to 64 characters.
• pvid-status – (Optional) Enables or disables PVID override for this policy profile. If all the classification rules associated with this profile are missed, then this parameter, if specified, determines the default VLAN for this profile.
• pvid – (Optional) Specifies the PVID to assign to packets, if PVID override is enabled and invoked as the default behavior.
• cos-status – (Optional) Enables or disables Class of Service override for this policy profile. If all the classification rules associated with this profile are missed, then this parameter, if specified, determines the default CoS assignment.
• cos – (Optional) Specifies a CoS value to assign to packets, if CoS override is enabled and invoked as the default behavior. Valid values are 0 to 255.
• egress-vlans – (Optional) Specifies the port to which this policy profile is applied should be added to the egress list of the VLANs defined by egress-vlans. Packets will be formatted as tagged.
• forbidden-vlans – (Optional) Specifies the port to which this policy profile is applied should be added as forbidden to the egress list of the VLANs defined by forbidden-vlans. Packets from this port will not be allowed to participate in the listed VLANs.

set policy profile profile-index [name name] [pvid-status {enable | disable}] [pvid pvid] [cos-status {enable | disable}] [cos cos] [egress-vlans egress-vlans] [forbidden-vlans forbidden-vlans] [untagged-vlans untagged-vlans] [append] [clear] [tci-overwrite {enable | disable}] (7100-Series)

• untagged-vlans – (Optional) Specifies the port to which this policy profile is applied should be added to the egress list of the VLANs defined by untagged-vlans. Packets will be formatted as untagged.
• append – (Optional) Appends any egress, forbidden, or untagged specified VLANs to the existing list. If append is not specified, all previous settings for this VLAN list are replaced
• clear – (Optional) Clears any egress, forbidden or untagged VLANs specified from the existing list.

• tci-overwrite – (Optional) Enables or disables TCI (Tag Control Information) overwrite for this profile. When enabled, rules configured for this profile are allowed to overwrite user priority and other classification information in the VLAN tag‘s TCI field. If this parameter is used in a profile, TCI overwrite must be enabled on ports. See step 3 below. TCI overwrite is always enabled on the 7100-Series.
• precedence – (Optional) Assigns a rule precedence to this profile. Lower values will be given higher precedence (S-, K-Series).
• mirror-destination – (Optional) Applies the specified mirror destination index to this profile (S-, K-Series).
• clear-mirror – (Optional) Clears mirroring on this profile (S-, K-Series).
• prohibit-mirror – (Optional) Prohibits mirroring on this profile (S-, K-Series).

• syslog – (Optional) Enables or disables syslog on this profile (S-, K-Series).
• trap – (Optional) Enables or disables traps on this profile (S-, K-Series).
• disable-port – (Optional) Enable or disables the disabling of ingress ports on profile use (S-, K-Series).
• fst – (Optional) Specifies a flow limit class to apply to this profile (S-, K-Series).
• web-redirect – (Optional) Specifies a web-redirect class index associated with this profile (S-, K-Series).

• (Optional) Assign the action the device will apply to an invalid or unknown policy.
• default-policy – Instructs the device to ignore this result and search for the next policy assignment rule.
• drop – Instructs the device to block traffic.
• forward – Instructs the device to forward traffic.

• machine-readable - (Optional) Sets the formatting of rule usage messages to raw data that a user script can format according to the needs of the enterprise, otherwise message is set to human readable.
• extended-format - (Optional) Sets the control to include additional information in the rule usage syslog messages, otherwise the original rule usage syslog message format is used.

• tunnel - Applies the VLAN tunnel attribute.
• policy - Applies the policy specified in the filter-ID.
• both - Applies either or all the filter-ID and VLAN tunnel attributes or the policy depending upon whether one or both are present.

See Administrative Policy and Policy Rule Traffic Classifications for traffic classification-type descriptions.

See the set policy rule command discussion in the command reference guide that comes with your device for traffic classification data and mask information.

• port-string - Applies this administratively-assigned rule to a specific ingress port. S- K- and 7100-Series devices with firmware versions 3.00.xx and higher also support the set policy port command as an alternative to administratively assign a profile rule to a port.
• storage-type - (Optional) Adds or removes this entry from non-volatile storage.
• admin-pid - Associates this administrative profile with a policy profile index ID. Valid values are 1 - 1023.

set policy rule admin-profile {macsource | port} [data] [mask mask] port-string port-string [storage-type {non-volatile | volatile}] [admin-pid admin-pid] (7100-Series)

• syslog - (Optional) Enables or disables sending of syslog messages on first rule use (S-, K-Series).
• trap - (Optional) Enables or disables sending SNMP trap messages on first rule use (S-, K-Series).
• disable-port - (Optional) Enables or disables the ability to disable the ingress port on first rule use (S-, K-Series).
• mirror-destination - (Optional) Applies the specified mirror destination index to this profile (S-, K-Series).

• clear-mirror - (Optional) Clears mirroring on this profile (S-, K-Series).
• prohibit-mirror - (Optional) Prohibits mirroring on this profile (S-, K-Series).

See Administrative Policy and Policy Rule Traffic Classifications for traffic classification-type descriptions.

See the set policy rule command discussion in the command reference guide that comes with your device for traffic classification data and mask information.

• port-string - (Optional) Applies this policy rule to a specific ingress port. S- K- and 7100-Series devices also support the set policy port command as an alternative way to assign a profile rule to a port.
• storage-type - (Optional) Adds or removes this entry from non-volatile storage.
• vlan - (Optional) Classifies this rule to a VLAN ID.
• drop | forward - (Optional) Specifies that packets within this classification will be dropped or forwarded.
• cos - (Optional) Specifies that this rule will classify to a Class-of-Service ID. Valid values are 0 - 255. A value of -1 indicates that no CoS forwarding behavior modification is desired.

set policy rule profile-index classification-type [data] [mask mask] [port-string port-string] [storage-type {non-volatile | volatile}] [vlan vlan] | [drop | forward] [admin-pid admin-pid] [cos cos] [quarantine-profile quarantine-profile] [clear-quarantine-profile] [prohibit-quarantine-profile] (7100-Series)

• syslog - (Optional) Enables or disables sending of syslog messages on first rule use (S-, K-Series).
• trap - (Optional) Enables or disables sending SNMP trap messages on first rule use (S-, K-Series).
• disable-port - (Optional) Enables or disables the ability to disable the ingress port on first rule use (S-, K-Series).
• mirror-destination - (Optional) Applies the specified mirror destination index to this profile (S-, K-Series).
• clear-mirror - (Optional) Clears mirroring on this profile (S-, K-Series).
• prohibit-mirror - (Optional) Prohibits mirroring on this profile (S-, K-Series).

show policy rule classification-type [data] [mask mask] [port-string port-string] [storage-type {non-volatile | volatile}] | [drop | forward] [dynamic-pid dynamic-pid] [cos cos] [admin-pid admin-pid] [-verbose] [-wide] (7100-Series)