show policy rule

show policy rule {all | {profile-index profile_index | admin-profile} ether {ether} | icmp6type {icmp6type} | icmptype {icmptype} | ip6dest {ip6dest} | ipdest {ipdest} | ipfrag | ipproto {ipproto} | ipsource { ipsource } | iptos { iptos } | ipttl { ipttl } | macdest { macdest } | macsource { macsource } | port { port } | tcpdestportIP { tcpdestportIP } | tcpsourceportIP { tcpsourceportIP } | udpdestportIP { udpdestportIP } | udpsourceportIP { udpsourceportIP }} {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {cos cos | admin-pid admin_pid }} {detail | wide}

Description

Use this command to display policy classification and admin rule information.

Syntax Description

rule Show current Policy Rule.
all Optional, show all policy rules
profile-index Optional: Specify the profile index
admin-profile Optional: Show rule based on Policy ID of 0
mask Optional: Show rule based on the number of most significant bits to match data value.
mask Optional: Show rule based on the number of most significant bits to match data value. Range = 1 - 144.
port-string Optional: Show rule based on the port number on which this rule is applied; single port in port-string format.
port-string Optional: Show rule based on the port number on which this rule is applied; single port in port-string format.
storage-type Optional: Show rule based on its non-volatile storage type (V - volatile; NV - non-volatile).
non-volatile Show rule with non-volatile storage type.
volatile Show rule with volatile storage type.
drop Show rules that are set to 'drop' any packets which match this rule.
forward Show rules that are set to 'forward' any packets which match this rule.
cos Optional: Show rules with Class of Service.
cos Optional: Show rules with Class of Service [0-255] or -1.
admin-pid Policy ID.
admin-pid Policy ID. Range = 0 - 102.
wide Optional: Extend the concise view beyond 80 columns to display complete rule data.
detail Optional: show all rule information in detail.
port Port string.
port Port string - (data: 1; mask: 16).
macdest MAC destination address.
macdest MAC destination address - (data: a-b-c-d-e-f; mask: 1-48).
ip6dest IPv6 address.
ip6dest IPv6 address (data: aaaa::bbbb; mask 1-128).
ipsource Source IP address.
ipsource Source IP address - (data: a.b.c.d; mask: 1-32).
ipdest Destination IP address.
ipdest Destination IP address - (data: a.b.c.d.; mask: 1-32).
ipfrag IP fragmentation flag.
tcpdestportIP TCP port dst with optional post-fix IPv4 address.
tcpdestportIP TCP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpdestportIP UDP port dst with optional post-fix IPv4 address.
udpdestportIP UDP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
tcpsourceportIP TCP port src with optional post-fix IPv4 address.
tcpsourceportIP TCP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
udpsourceportIP UDP port src with optional post-fix IPv4 address.
udpsourceportIP UDP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48.
ipttl IP time to live.
ipttl IP time to live - (data: 0-255).
iptos IPv4 type of service / IPv6 traffic class field.
iptos IPv4 type of service / IPv6 traffic class field - (data: 0-255; mask: 1-8).
ipproto Protocol field in IP packet.
ipproto Protocol field in IP packet - (data: 0-255 or 0-0xFF; mask: 1-8).
ether Type field in Ethernet II packet.
ether Type field in Ethernet II packet - (data: 0-65535 or 0x0-0xFFFF; mask: 1-16).
icmp6type Specifies type code in ICMPv6 packet.
icmp6type ICMPv6 type code [(data: 123.456 (dotted-decimal) or AB-CD (dashed-hexadecimal)] mask: 1–16).
icmptype Specifies type code in ICMP packet.
icmptype ICMP type code (data: a.b; mask: 1–16).

Default

  • If port-string, cos and storage-type are not specified, all rules related to other specifications will be displayed.
  • If -verbose is not specified, summary information will be displayed.
  • If -wide is not specified, an 80 character display width is used.

Usage Guidelines

Use this command to display policy classification and admin rule information.

Example

# show policy rule
Admn|Rule Type   |Rule Data            |Msk|PortStr  |RS|ST|VLAN|CoS|Mir|
admn|Port        |5                    | 16|5        | A|NV|    |   2|   |
PID |Rule Type   |Rule Data            |Msk|PortStr  |RS|ST|VLAN|   |Mir|
2   |Ether       |2048 (0x800)         | 16|1        | A|NV|fwrd|    |   |
3   |Ether       |2048 (0x800)         | 16|1        | A|NV|    |5   |   |
 
Rule Type - Rule Description: Port, MAC Address, IP address etc.
Rule Data - Varies depending on Rule Type
Mask      - Mask size for rule data where applicable
RS - RowStatus:
  A-Active NS-NotInService NR-NotReady CG-CreateAndGo CW-CreateAndWait D-Destroy
ST     - V-Volatile NV-NonVolatile
For Admin Profile Rules (Admn):
  dPID - Dynamic Profile Index
  aPID - Admin Profile Index
For Profile Identifer (PID) Rules:
  VLAN - VLAN ID, drop or forward (fwrd)
  CoS  - Class Of Service
Mir  - Mirror index if assigned

History

This command was first available in ExtremeXOS release 16.1.

ICMP and ICMPv6 type information added in ExtremeXOS 22.5.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.