Creates a policy profile entry.
profile_index | Policy ID (1-63). |
name | Policy profile name. |
name | Profile name string 1-64 characters. |
pvid-status | PVID status (enable/disable). |
pvid | PVID value (0-4,095). Default is 1, which specifies Default VLAN. |
cos-status | CoS status (enable/disable). |
cos | Class of Service value (0-22). |
egress-vlans | Egress This command is available on the ExtremeSwitching X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, 5520 series switches. list (1-4094). |
forbidden-vlan | Forbidden VLAN list (1–4,094). |
untagged-vlans | Untagged VLAN list (1-4,094). |
append | Append to one of Egress, Forbidden, Untagged VLAN list. |
clear | Clear from one of Egress, Forbidden, Untagged VLAN list. |
tci_overwrite |
TCI-overwrite status (enable/disable). Note: The ExtremeSwitching 5520 and
X435 series switches do not support TCI-overwrite.
Note: With tci-overwrite disabled,
you can only add a VLAN to incoming packets that are untagged or priority tagged
(priority set, but vlan=0).
|
auth-override | Configures authentication override using a port profile attribute. No further authentication occurs on the port if enabled. |
auth_override | Authentication override status: "enable" or "disable". Default is disabled. |
precedence |
Specifies setting the policy classification rule precedence.
Note: You cannot set
a precedence if the rule model is set for ACL Style Policy (access-list). To set
the rule model, use the command configure policy rule-model [access-list | hierarchical].
|
precedence |
Sets the rule precedence (for example: 1–2, 10, 12–18, 20–23, 25, 31). To see the supported rules, use show policy profile {all | profile_index} {detail} . |
default | Sets the default rule precedence, rather than a custom one (1–2, 10, 12–19, 23, 20–22, 25, 31). |
web-redirect | Configures web-redirect. |
web_redir_index | Configures a web redirect index (range = 1–10). Default is 0, which is disabled. |
nsi | Network Service Identifier. For Fabric Attach and VXLAN (VNI = NSI), provides a mechanism to apply the VLAN/NSI mappings in policy using a profile-based attribute. |
nsi | NSI 24-bit value ranging from 1 to 16,777,215. |
none | No NSI for the VLAN (default). |
access-list | Designates assigning an access list to this profile. |
unassigned | Removes an assigned access list (default). |
list_name | Selects the access list name to assign to this profile. Type the access-list name as shown in the provided list. |
list_name_placeholder | Allows you to provide an access-list name that does not currently exist to assign to this profile. |
If optional parameters are not specified, none are applied.
Web direct is disabled by default.
The default for NSI is none.
If no PVID value is given, the default is 1 (Default VLAN).
If you do not set a policy classification rule precedence, the default order is used (1–2, 10, 12–19, 23, 20–22, 25, 31).
By default, not access list is assigned to a profile.
Use this command to create a policy profile entry.
This example shows how to create a policy profile 1 named "netadmin" with PVID override enabled for PVID 10, and Class-of-Service override enabled for CoS 5. This profile can use VLAN 10 for untagged egress:
# configure policy profile 1 name netadmin pvid-status enable pvid 10 cos-status enable cos 5 untagged-vlans 10
This command was first available in ExtremeXOS 16.1.
The authentication override parameter was added in ExtremeXOS 22.2.
The NSI keyword was added in ExtremeXOS 22.5.
Policy classification rule precedence re-ordering was added in ExtremeXOS 30.2.
Access list capability was added in ExtremeXOS 30.5.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.