configure policy rule

configure policy rule profile_index [ether ether | ip6dest ip6dest |ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP udpsourceportIP ] {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {cos cos }

Description

Use this command to assign incoming untagged frames to a specific policy profile and to VLAN (Virtual LAN) or CoS (Class of Service) classification rules.

Syntax Description

port Port string.
port Port string - (data: 1; mask: 16).
macsource MAC source address.
macsource MAC source address - (data: a-b-c-d-e-f; mask: 1-48).
macdest MAC destination address.
macdest MAC destination address - (data: a-b-c-d-e-f; mask: 1-48).
ip6dest IPv6 address.
ip6dest IPv6 address (data: aaaa::bbbb; mask 1-128).
ipsourcesocket Source IP address / Source IpSocket (a.b.c.d / a.b.c.d:0-65535).
ipsourcesocket Source IP address (data: a.b.c.d; mask: 1-32).
ipdestsocket Destination IP address / Destination IpSocket (a.b.c.d / a.b.c.d:0-65535)..
ipdestsocket Destination IP address (data: a.b.c.d; mask: 1-32).
ipfrag IP fragmentation flag.
tcpdestportIP TCP port dst with optional post-fix IPv4 address.
tcpdestportIP TCP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpdestportIP UDP port dst with optional post-fix IPv4 address.
udpdestportIP UDP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
tcpsourceportIP TCP port src with optional post-fix IPv4 address.
tcpsourceportIP TCP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpsourceportIP UDP port src with optional post-fix IPv4 address.
udpsourceportIP UDP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
ipttl IP time to live.
ipttl ipttl IP time to live (data: 0-255 or 0x0-0xFF; mask:1-8).
iptos IPv4 type of service / IPv6 traffic class field.
iptos ipproto Protocol field in IP packet - (data: 0-255 or 0x0-0xFF; mask: 1-8).
ipproto Protocol field in IP packet.
ipproto Protocol field in IP packet - (data: 0-255 or 0-0xFF; mask: 1-8).
ether Type field in Ethernet II packet.
ether Type field in Ethernet II packet - (data: 0-65535 or 0x0-0xFFFF; mask: 1-16).
cos Class of Service [0-255] or -1 for no CoS or forwarding behavior modification is desired
cos Class of Service [0-255] or -1 for no CoS or forwarding behavior modification is desired.

Default

  • If mask is not specified, all data bits are considered relevant.
  • If port-string is not specified, rule is scoped to all ports.

Usage Guidelines

Classification rules are automatically enabled when created.

Note

Note

ExtremeSwitching X440-G2 and X620 series switches do not support macsource, macdest, or ip6dest classification rule types. Example:
configure policy rule 1 macsource 00-00-00-00-00-01 port-string 3 drop
ERROR: Set failed!
Note

Note

The ExtremeSwitching X870 does not support a port-string with the ip6dest classification rule type.

Example

This example shows how to create (and enable) a classification rule to associate with policy number 1. This rule will drop Ethernet II Type 1526 frames:
configure policy rule 1 ether 1526 drop
This example shows how to create (and enable) a classification rule to associate with policy profile number 5. This rule specifies that UDP frames from source port 45 will be forwarded:
configure policy rule 5 udpsourceportip 45 forward forward

History

This command was first available in ExtremeXOS 16.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.