Use this command to display policy classification and admin rule information.
rule | Show current Policy Rule. |
all | Optional, show all policy rules |
app-signature | Specifies application signature specific settings. |
profile-index | Optional: Specify the profile index |
admin-profile | Optional: Show rule based on Policy ID of 0 |
mask | Optional: Show rule based on the number of most significant bits to match data value. |
mask | Optional: Show rule based on the number of most significant bits to match data value. Range = 1–144. |
port-string | Optional: Show rule based on the port number on which this rule is applied; single port in port-string format. |
port-string | Optional: Show rule based on the port number on which this rule is applied; single port in port-string format. |
storage-type | Optional: Show rule based on its non-volatile storage type (V - volatile; NV - non-volatile). |
non-volatile | Show rule with non-volatile storage type. |
volatile | Show rule with volatile storage type. |
drop | Show rules that are set to 'drop' any packets which match this rule. |
forward | Show rules that are set to 'forward' any packets which match this rule. |
cos | Optional: Show rules with Class of Service. |
cos | Optional: Show rules with Class of Service (0–255) or -1. |
admin-pid | Policy ID. |
admin-pid | Policy ID. Range = 0 - 102. |
wide | Optional: Extend the concise view beyond 80 columns to display complete rule data. |
detail | Optional: show all rule information in detail. |
port | Port string. |
port | Port string - (data: 1; mask: 16). |
macdest | MAC destination address. |
macdest | MAC destination address - (data: a-b-c-d-e-f; mask: 1-48). |
ip6dest | IPv6 address. |
ip6dest | IPv6 address (data: aaaa::bbbb; mask 1-128). |
ipsource | Source IP address. |
ipsource | Source IP address - (data: a.b.c.d; mask: 1–32). |
ipdest | Destination IP address. |
ipdest | Destination IP address - (data: a.b.c.d.; mask: 1–32). |
ipfrag | IP fragmentation flag. |
tcpdestportIP | TCP port dst with optional post-fix IPv4 address. |
tcpdestportIP | TCP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1–48. |
udpdestportIP | UDP port dst with optional post-fix IPv4 address. |
udpdestportIP | UDP port dst with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1-48. |
tcpsourceportIP | TCP port src with optional post-fix IPv4 address. |
tcpsourceportIP | TCP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1–48. |
udpsourceportIP | UDP port src with optional post-fix IPv4 address. |
udpsourceportIP | UDP port src with optional post-fix IPv4 address - (data: ab[:c.d.e.f]); mask: 1–48. |
ipttl | IP time to live. |
ipttl | IP time to live - (data: 0–255). |
iptos | IPv4 type of service / IPv6 traffic class field. |
iptos | IPv4 type of service / IPv6 traffic class field - (data: 0–255; mask: 1–8). |
ipproto | Protocol field in IP packet. |
ipproto | Protocol field in IP packet - (data: 0–255 or 0-0xFF; mask: 1–8). |
ether | Type field in Ethernet II packet. |
ether | Type field in Ethernet II packet - (data: 0–65535 or 0x0-0xFFFF; mask: 1–16). |
icmp6type | Specifies type code in ICMPv6 packet. |
icmp6type | ICMPv6 type code [(data: 123.456 (dotted-decimal) or AB-CD (dashed-hexadecimal)] mask: 1–16). |
icmptype | Specifies type code in ICMP packet. |
icmptype | ICMP type code (data: a.b; mask: 1–16). |
Use this command to display policy classification and admin rule information.
The following example shows policy classification and admin rule information:
# show policy rule Admn|Rule Type |Rule Data |Msk|PortStr |RS|ST|dPID|aPID|Mir| admn|MACSource |00-77-77-77-00-20 | 48|1 | A| V| 5| | | admn|MACSource |00-77-77-77-00-21 | 48|4 | A| V| 5| | | admn|Port |1 | 16|1 | A|NV| | 22| | admn|Port |4 | 16|4 | A|NV| | 22| | PID |Rule Type |Rule Data |Msk|PortStr |RS|ST|VLAN|CoS |Mir| 5 |Ether |2048 (0x800) | 16|All | A|NV|fwrd| | 1| 5 |Ether |33079 (0x8137) | 16|All | A|NV|fwrd| | 1| Rule Type - Rule Description: Port, MAC Address, IP address etc. Rule Data - Varies depending on Rule Type Mask - Mask size for rule data where applicable RS - RowStatus: A-Active NS-NotInService NR-NotReady CG-CreateAndGo CW-CreateAndWait D-Destroy ST - V-Volatile NV-NonVolatile For Admin Profile Rules (Admn): dPID - Dynamic Profile Index aPID - Admin Profile Index For Profile Identifer (PID) Rules: VLAN - VLAN ID, drop or forward (fwrd) CoS - Class Of Service Mir - Mirror index if assigned
The following example shows detailed policy classification and admin rule information:
# show policy rule detail ======================================== Profile Index :Admin-Profile Rule Type :Port string Rule Data :26 Mask :16 Port :26 - - - - - - - - - - - - - - - - - - - - Status :active Storage Type :nonVolatile Operational-PID :-1 Admin-PID :1 ======================================== ======================================== Profile Index :1 Rule Type :MAC source address Rule Data :00-00-00-00-00-10 Mask :48 Port :All ports - - - - - - - - - - - - - - - - - - - - Status :active Storage Type :nonVolatile VLAN :-1 (Unconfigured) COS :-1 (Unconfigured) Mirror :0 (Prohibited) Rule Hit Count : 0 Audit Syslog Status : Prohibit Audit Trap Status : Prohibit ======================================== Profile Index :1 Rule Type :Port string Match Type 1 :MAC source address Match Data 1 : Match Mask 1 :32 Match Type 2 :IP source address Match Data 2 :00-00-00-00-00-10 Match Mask 2 :48 Port :All ports - - - - - - - - - - - - - - - - - - - - Status :active Storage Type :nonVolatile VLAN :0 (Drop) COS :-1 (Unconfigured) Mirror :0 (Prohibited) Rule Hit Count : 0 Audit Syslog Status : Enabled Audit Trap Status : Prohibit ========================================
This command was first available in ExtremeXOS release 16.1.
ICMP and ICMPv6 type information added in ExtremeXOS 22.5.
Mirror information and rule usage counter information were added in ExtremeXOS 30.2.
The app-signature option was added in ExtremeXOS 30.4.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5420, and 5520 series switches.