apply policy

Syntax

apply policy <POLICY-NAME> {in|routed-in}

no apply policy <POLICY-NAME> {in|routed-in}

Description

Applies a policy to the current interface or VLAN context.

Only one policy can be applied to a port or VLAN at a time, thus using the apply command on an interface or VLAN with an already-applied policy of the same direction will replace the currently applied policy.

Using the apply command on an interface with an already-applied policy of a different direction (in vs routed-in) will not replace the currently applied policy, but the new policy will not get applied successfully.
NOTE:

VLAN only supports the in direction, while interface VLANs only support the routed-in direction.

The no form of this command removes a policy from the interface or VLAN specified by the current context.

Command context

config-if

config-vlan

Parameters

<POLICY-NAME>

Specifies the policy to apply.

in

Specifies inbound (ingress) traffic.

routed-in

Specifies routed inbound (ingress) traffic.

Authority

Administrators

Usage

  • When a policy is applied to a VLAN, it will create hardware entries on all line cards regardless of whether a VLAN member exists on any specific line card.

  • If during hotswap or switch reboot, a policy fails to be applied to a VLAN, the failed line card will shut down all its ports. The line card must be restarted (with the module command) to recover from the failure. If the 8400 has no line card installed, then the switch must be restarted. Modifying the VLAN or policy configuration will not cause the line card to be restarted.

Examples

Applying a policy to a port:

switch(config)# interface 1/1/1
switch(config-if)# apply policy MY_POLICY in

Removing a policy from a port:

switch(config)# interface 1/1/1
switch(config-if)# no apply policy MY_POLICY in

Applying a policy to a VLAN:

switch(config)# VLAN 10
switch(config-vlan-10)# apply policy MY_POLICY in

Removing a policy from a VLAN:

switch(config)# VLAN 10
switch(config-vlan-10)# no apply policy MY_POLICY in