This section presents configuration procedures and tables including command description and syntax in the following policy areas: profile, classification, and display.
Step | Task | Commands |
---|---|---|
1 | Create a policy role.
|
configure policy profile profile_index {name name} {pvid pvid} {pvid-status pvid_status} {cos cos} {cos-status cos_status} {egress-vlans egress_vlan_list}{forbidden-vlans forbidden_vlans} {untagged-vlans untagged_vlans} {append | clear} {tci-overwrite tci_overwrite} {precedence [precedence | default]} {auth-override auth_override} {nsi [nsi | none]} {web-redirect web_redir_index} {access-list [unassigned | list_name | list_name_placeholder]} |
2 | Optionally, for enhanced policy capable devices, assign the
action the device will apply to an invalid or unknown policy.
|
configure policy invalid action {default-policy | drop | forward} |
3 | Optionally, for enhanced policy capable devices, set a policy maptable entry that associates a VLAN with a policy profile. | configure policy maptable {vlan-list profile-index} |
4 | Optionally, set a policy maptable response.
|
configure policy maptable response {tunnel | policy | both} |
Step | Task | Command(s) |
---|---|---|
1 | Optionally set an administrative profile to assign traffic
classifications to a policy role. See Administrative Policy and Policy Rule Traffic Classifications for traffic classification-type descriptions and enhanced policy
information. See the set policy rule command discussion in the
command reference guide that comes with your device for traffic
classification data and mask information.
|
configure policy rule admin-profile [ macsource macsource | port port ] {mask mask } {port-string [port_string | all] } {storage-type [non-volatile | volatile]} {admin-pid admin_pid } |
2 | Optionally configure policy rules to
associate with a policy role. See Administrative Policy and Policy Rule Traffic Classifications for traffic classification-type
descriptions and enhanced policy information. See the configure policy rule
command discussion in the command reference guide that comes with
your device for traffic classification data and mask information.
|
configure policy rule profile_index [{app-signature group group name name} | ether ether | icmp6type icmp6type | icmptype icmptype | ip6dest ip6dest |ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP udpsourceportIP ] {mask mask } {port-string [ port_string | all]} {storage-type [non-volatile | volatile]} {drop | forward} {syslog syslog} {trap trap} {cos cos } {mirror-destination control_index} {clear-mirror} |
3 | Optionally, for enhanced policy capable devices, assign a policy role to a port. | configure policy port ports admin-id admin_id |
Step | Task | Command(s) |
---|---|---|
1 | Display policy role information. | show policy profile {all | profile-index [-detail]} |
2 | Display the action the device should take if asked to apply an invalid or unknown policy, or the number of times the device has detected an invalid/unknown policy, or both action and count information. | show policy invalid {action | count | all} |
3 | Display VLAN-ID to policy role mappings table. | show policy maptable [vlan-list] |
4 |