show policy rule

show policy rule {all | {profile-index profile_index | admin-profile} ether {ether} | icmp6type {icmp6type} | icmptype {icmptype} | ip6dest {ip6dest} | ipdest {ipdest} | ipfrag | ipproto {ipproto} | ipsource { ipsource } | iptos { iptos } | ipttl { ipttl } | macdest { macdest } | macsource { macsource } | port { port } | tcpdestportIP { tcpdestportIP } | tcpsourceportIP { tcpsourceportIP } | udpdestportIP { udpdestportIP } | udpsourceportIP { udpsourceportIP }} {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {cos cos | admin-pid admin_pid }} {detail | wide}

Description

Use this command to display policy classification and admin rule information.

Syntax Description

rule	Show current Policy Rule.
all	Optional, show all policy rules
profile-index	Optional: Specify the profile index
admin-profile	Optional: Show rule based on Policy ID of 0
mask	Optional: Show rule based on the number of most significant bits to match data value.
mask	Optional: Show rule based on the number of most significant bits to match data value. Range = 1 - 144.
port-string	Optional: Show rule based on the port number on which this rule is applied; single port in port-string format.
port-string	Optional: Show rule based on the port number on which this rule is applied; single port in port-string format.
storage-type	Optional: Show rule based on its non-volatile storage type (V - volatile; NV - non-volatile).
non-volatile	Show rule with non-volatile storage type.
volatile	Show rule with volatile storage type.
drop	Show rules that are set to 'drop' any packets which match this rule.
forward	Show rules that are set to 'forward' any packets which match this rule.
cos	Optional: Show rules with Class of Service.
cos	Optional: Show rules with Class of Service [0-255] or -1.
admin-pid	Policy ID.
admin-pid	Policy ID. Range = 0 - 102.
wide	Optional: Extend the concise view beyond 80 columns to display complete rule data.
detail	Optional: show all rule information in detail.
port	Port string.
port	Port string - (data: 1; mask: 16).
macdest	MAC destination address.
macdest	MAC destination address - (data: a-b-c-d-e-f; mask: 1-48).
ip6dest	IPv6 address.
ip6dest	IPv6 address (data: aaaa::bbbb; mask 1-128).
ipsource	Source IP address.
ipsource	Source IP address - (data: a.b.c.d; mask: 1-32).
ipdest	Destination IP address.
ipdest	Destination IP address - (data: a.b.c.d.; mask: 1-32).
ipfrag	IP fragmentation flag.
tcpdestportIP	TCP port dst with optional post-fix IPv4 address.
tcpdestportIP	TCP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpdestportIP	UDP port dst with optional post-fix IPv4 address.
udpdestportIP	UDP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
tcpsourceportIP	TCP port src with optional post-fix IPv4 address.
tcpsourceportIP	TCP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpsourceportIP	UDP port src with optional post-fix IPv4 address.
udpsourceportIP	UDP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
ipttl	IP time to live.
ipttl	IP time to live - (data: 0-255).
iptos	IPv4 type of service / IPv6 traffic class field.
iptos	IPv4 type of service / IPv6 traffic class field - (data: 0-255; mask: 1-8).
ipproto	Protocol field in IP packet.
ipproto	Protocol field in IP packet - (data: 0-255 or 0-0xFF; mask: 1-8).
ether	Type field in Ethernet II packet.
ether	Type field in Ethernet II packet - (data: 0-65535 or 0x0-0xFFFF; mask: 1-16).
icmp6type	Specifies type code in ICMPv6 packet.
icmp6type	ICMPv6 type code [(data: 123.456 (dotted-decimal) or AB-CD (dashed-hexadecimal)] mask: 1–16).
icmptype	Specifies type code in ICMP packet.
icmptype	ICMP type code (data: a.b; mask: 1–16).

Default

If port-string, cos and storage-type are not specified, all rules related to other specifications will be displayed.
If -verbose is not specified, summary information will be displayed.
If -wide is not specified, an 80 character display width is used.

Usage Guidelines

Use this command to display policy classification and admin rule information.

Example

# show policy rule
Admn|Rule Type   |Rule Data            |Msk|PortStr  |RS|ST|VLAN|CoS|Mir|
admn|Port        |5                    | 16|5        | A|NV|    |   2|   |
PID |Rule Type   |Rule Data            |Msk|PortStr  |RS|ST|VLAN|   |Mir|
2   |Ether       |2048 (0x800)         | 16|1        | A|NV|fwrd|    |   |
3   |Ether       |2048 (0x800)         | 16|1        | A|NV|    |5   |   |
 
Rule Type - Rule Description: Port, MAC Address, IP address etc.
Rule Data - Varies depending on Rule Type
Mask      - Mask size for rule data where applicable
RS - RowStatus:
  A-Active NS-NotInService NR-NotReady CG-CreateAndGo CW-CreateAndWait D-Destroy
ST     - V-Volatile NV-NonVolatile
For Admin Profile Rules (Admn):
  dPID - Dynamic Profile Index
  aPID - Admin Profile Index
For Profile Identifer (PID) Rules:
  VLAN - VLAN ID, drop or forward (fwrd)
  CoS  - Class Of Service
Mir  - Mirror index if assigned

History

This command was first available in ExtremeXOS release 16.1.

ICMP and ICMPv6 type information added in ExtremeXOS 22.5.

Platform Availability

Published September 2018prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback