This section presents configuration procedures and tables including command description and syntax in the following policy areas: profile, classification, and display.
Step | Task | Command(s) |
---|---|---|
1 | Create a policy role.
|
configure policy profile profile_index {name name} {pvid pvid} {pvid-status pvid_status} {cos cos} {cos-status cos_status} {egress-vlans egress_vlan_list}{forbidden-vlans forbidden_vlans} {untagged-vlans untagged_vlans} {append | clear} {tci-overwrite tci_overwrite} {precedence [precedence | default]} {auth-override auth_override} {nsi [nsi | none]} {web-redirect web_redir_index} |
2 | Optionally, for enhanced policy capable devices, assign the
action the device will apply to an invalid or unknown policy.
|
configure policy invalid action {default-policy | drop | forward} |
3 | Optionally, for enhanced policy capable devices, set a policy maptable entry that associates a VLAN with a policy profile. | configure policy maptable {vlan-list profile-index} |
4 | Optionally, set a policy maptable response.
|
configure policy maptable response {tunnel | policy | both} |
Step | Task | Command(s) |
---|---|---|
1 | Optionally set an administrative profile to assign traffic
classifications to a policy role. See Administrative Policy and Policy Rule Traffic Classifications for traffic classification-type descriptions and enhanced policy
information. See the set policy rule command discussion in the
command reference guide that comes with your device for traffic
classification data and mask information.
|
configure policy rule admin-profile {macsource | port} [data] [mask mask] port-string port-string [storage-type {non-volatile | volatile}] [admin-pid admin-pid] |
2 | Optionally configure policy rules to
associate with a policy role. See Administrative Policy and Policy Rule Traffic Classifications for traffic classification-type
descriptions and enhanced policy information. See the configure policy rule
command discussion in the command reference guide that comes with
your device for traffic classification data and mask information.
|
configure policy rule profile-index classification-type [data] [mask mask] [port-string port-string] [storage-type {non-volatile | volatile}] | [drop | forward] [admin-pid admin-pid] [cos cos] |
3 | Optionally, for enhanced policy capable devices, assign a policy role to a port. | configure policy port <ports> admin-id admin_id |
Step | Task | Command(s) |
---|---|---|
1 | Display policy role information. | show policy profile {all | profile-index [-detail]} |
2 | Display the action the device should take if asked to apply an invalid or unknown policy, or the number of times the device has detected an invalid/unknown policy, or both action and count information. | show policy invalid {action | count | all} |
3 | Display VLAN-ID to policy role mappings table. | show policy maptable [vlan-list] |
4 | Display policy classification and admin rule information. | show policy rule [classification-type] [data] [mask mask] [port-string port-string] [storage-type {non-volatile | volatile}] | [drop | forward] [dynamic-pid dynamic-pid] [cos cos] [admin-pid admin-pid] [-verbose] [-wide] |
5 | Display all policy classification capabilities for this device. | show policy capability |
6 | Display a list of currently supported traffic rules applied to the administrative profile for one or more ports. | show policy allowed-type ports [detail] |
7 | Display status of dynamically assigned roles. | show policy dynamic override |
Step | Task | Command(s) |
---|---|---|
1 | Enable policy globally on the switch. | enable policy |
2 | Enable CEP detection globally on the switch. | configure policy convergence-endpoint [enable | disable] |
3 | Enable CEP detection type on one or more ports. | configure policy convergence-endpoint ports [<port_list> | all] [cisco | lldp-med] [enable | disable] |
4 | Configure a policy to apply to the detected CEP devices. | configure policy profile profile_index {name name} {pvid pvid} {pvid-status pvid_status} {cos cos} {cos-status cos_status} {egress-vlans egress_vlan_list}{forbidden-vlans forbidden_vlans} {untagged-vlans untagged_vlans} {append | clear} {tci-overwrite tci_overwrite} {precedence [precedence | default]} {auth-override auth_override} {nsi [nsi | none]} {web-redirect web_redir_index} |
5 | Assign the configured policy to the desired CEP detection type. | configure policy convergence-endpoint index index [cisco | lldp-med] |
Step | Task | Command(s) |
---|---|---|
1 | Define a role that has a valid captive portal web redirection class index. | configure policy profile profile_index {name name} {pvid pvid} {pvid-status pvid_status} {cos cos} {cos-status cos_status} {egress-vlans egress_vlan_list}{forbidden-vlans forbidden_vlans} {untagged-vlans untagged_vlans} {append | clear} {tci-overwrite tci_overwrite} {precedence [precedence | default]} {auth-override auth_override} {nsi [nsi | none]} {web-redirect web_redir_index} |
2 | Configure a captive portal server‘s HTTP redirect URL and enable it using the previously defined captive portal web redirection class index. | configure policy captive-portal web-redirect redirect_index server server_id {url redirect_url} {status} |
3 | Configure which L4 listening ports (sockets) to be redirected when a captive portal web-redirect is defined on a policy profile. | configure policy captive-portal listening socket_list |