show policy
Syntax
Syntax that filters by policies applied to an interface or VLAN:
show policy [interface <IFNAME> [in|routed-in] |vlan <VLAN-ID> [in]]
[commands] [configuration] [vsx-peer]
Syntax that filters by the named policy:
show policy <POLICY-NAME> [commands] [configuration] [vsx-peer]
Syntax that shows statistical information in the form of hit counts:
show policy hitcounts <POLICY-NAME> [ [interface <IFNAME>|vlan <VLAN-ID>]
[in|routed-in] ] [vsx-peer]
Description
Shows information about your defined policies and where they have been applied. When
show policy
is entered without parameters, information for all policies is shown. The parameters filter the list of policies for which information is shown.
The content of a specific policy.
All policies applied to a specific interface.
All policies applied to a specific VLAN.
To display policy statistics, use the
show policy hitcounts
form of this command.
Command context
Operator (>
) or Manager (#
)
Parameters
interface <IFNAME>
Specifies the interface name.
[vlan <VLAN-ID>]
Specifies the VLAN.
in
Specifies the inbound (ingress) traffic direction.
routed-in
Specifies the routed inbound (ingress) traffic direction. Not applicable to a policy applied to a VLAN.
<POLICY-NAME>
Specifies the policy name.
[commands]
Specifies that the policy definition is to be shown as the commands and parameters used to create it rather than in tabular form.
[configuration]
Specifies that the user-configured policies be shown as entered, even if the policies are not active due to policy-definition command issues or hardware issues. This parameter is useful if there is a mismatch between the entered configuration and the previous successfully programmed (active) policies configuration.
hitcounts
Selects for showing, the policy hit counts (statistics). The switch displays the number of accepted bytes/conformed bytes (green and yellow bytes) as 0 kbps.
[vsx-peer]
Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.
Authority
Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.
Examples
Showing information for all policies:
switch# show policy Name Additional Policy Parameters Sequence Comment Class Type action ------------------------------------------------------------------------------- mypolicy 10 myipv6class ipv6 cir kbps 15000 cbs 200 exceed drop 20 myipv6class ipv6 dscp AF21
Showing a policy as commands:
switch# show policy mypolicy commands policy mypolicy 10 class ipv6 myipv6class action cir kbps 15000 cbs 200 exceed drop 20 class ipv6 myipv6class action dscp AF21 interface 1/1/1 apply policy mypolicy in
Showing policy hit counts (statistics):
switch# show policy hitcounts policyA interface 1/1/2 Statistics for Policy policyA: Interface 1/1/2* (in): Hit Count Configuration 10 class ip test action cir kbps 1 cbs 1 exceed drop 0 10 match any any any count [0 kbps conform] 0 20 match any any any count [0 kbps conform] * policy statistics are shared among each context type (interface, vlan). use 'policy NAME copy' to create a uniquely named policy
The switch displays the number of accepted bytes/conformed bytes (green and yellow bytes) as 0 kbps. The configuration from the example was created as follows:
switch(config)# class ip test switch(config-class-ip)# 10 match any any any count switch(config-class-ip)# 20 match any any any count switch(config-class-ip)# exit switch(config)# policy policyA switch(config-policy)# 10 class ip test action cir kbps 1 cbs 1 exceed drop switch(config)# interface 1/1/2 switch(config-if)# no shutdown switch(config-if)# apply policy policyA in