show policy rule port-hit

show policy rule port-hit {data} {detail} {wide}

Description

Shows a list of used rules when Syslog/trap actions are configured for policy.

Syntax Description

port-hit Shows ports matching the rules.
data Shows rule based on the data (corresponds to type option).
detail Shows all rule information in detail.
wide Extends the concise view beyond 80 columns to display complete rule data.

Default

N/A.

Usage Guidelines

If you have configured Syslog and/or trap actions to notify you when a policy rule is used by using the following command: configure policy rule profile_index [{app-signature group group name name} | ether ether | icmp6type icmp6type | icmptype icmptype | ip6dest ip6dest |ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP udpsourceportIP ] {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {syslog syslog} {trap trap} {cos cos } {mirror-destination control_index} {clear-mirror} , this command shows you information about the rules that have been used.

You can clear this information by using the command clear counters policy.

Example

The following example shows rule usage information:

# show policy rule port-hit
PID |Rule Type   |Rule Data            |Msk|PortStr  |RS|ST|TS|VLAN|CoS |Mir|
1   |MACSource   |00-00-77-77-00-01    | 48|25       | A|NV|TS|fwrd|    |None|
1   |MACSource   |00-00-77-77-00-02    | 48|All      | A|NV|T |fwrd|    |None|

The following example shows detailed rule usage information:

# show policy rule port-hit detail
========================================
Profile Index       :1
Rule Type           :MAC source address
Rule Data           :00-00-77-77-00-01
Mask                :48
Port                :25
- - - - - - - - - - - - - - - - - - - -
Status              :active
Storage Type        :nonVolatile
VLAN                :4095 (Forward)
COS                 :-1   (Unconfigured)
Mirror              :None 

Rule Hit Count      : 429
Audit Syslog Status : Enabled
Audit Trap Status   : Enabled
========================================
Profile Index       :1
Rule Type           :MAC source address
Rule Data           :00-00-77-77-00-02
Mask                :48
Port                :All ports
- - - - - - - - - - - - - - - - - - - -
Status              :active
Storage Type        :nonVolatile
VLAN                :4095 (Forward)
COS                 :-1   (Unconfigured)
Mirror              :None 

Rule Hit Count      : 410
Audit Syslog Status : Prohibit
Audit Trap Status   : Enabled
========================================

History

This command was first available in ExtremeXOS 30.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.