Shows a list of used rules when Syslog/trap actions are configured for policy.
port-hit | Shows ports matching the rules. |
data | Shows rule based on the data (corresponds to type option). |
detail | Shows all rule information in detail. |
wide | Extends the concise view beyond 80 columns to display complete rule data. |
N/A.
If you have configured Syslog and/or trap actions to notify you when a policy rule is used by using the following command: configure policy rule profile_index [{app-signature group group name name} | ether ether | icmp6type icmp6type | icmptype icmptype | ip6dest ip6dest |ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP udpsourceportIP ] {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {syslog syslog} {trap trap} {cos cos } {mirror-destination control_index} {clear-mirror} , this command shows you information about the rules that have been used.
You can clear this information by using the command clear counters policy.
The following example shows rule usage information:
# show policy rule port-hit PID |Rule Type |Rule Data |Msk|PortStr |RS|ST|TS|VLAN|CoS |Mir| 1 |MACSource |00-00-77-77-00-01 | 48|25 | A|NV|TS|fwrd| |None| 1 |MACSource |00-00-77-77-00-02 | 48|All | A|NV|T |fwrd| |None|
The following example shows detailed rule usage information:
# show policy rule port-hit detail ======================================== Profile Index :1 Rule Type :MAC source address Rule Data :00-00-77-77-00-01 Mask :48 Port :25 - - - - - - - - - - - - - - - - - - - - Status :active Storage Type :nonVolatile VLAN :4095 (Forward) COS :-1 (Unconfigured) Mirror :None Rule Hit Count : 429 Audit Syslog Status : Enabled Audit Trap Status : Enabled ======================================== Profile Index :1 Rule Type :MAC source address Rule Data :00-00-77-77-00-02 Mask :48 Port :All ports - - - - - - - - - - - - - - - - - - - - Status :active Storage Type :nonVolatile VLAN :4095 (Forward) COS :-1 (Unconfigured) Mirror :None Rule Hit Count : 410 Audit Syslog Status : Prohibit Audit Trap Status : Enabled ========================================
This command was first available in ExtremeXOS 30.2.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.