show policy

Syntax

Syntax that shows information for all policies: 

show policy [commands] [configuration] [vsx-peer]

Syntax that filters by policies applied to an interface or VLAN: 

show policy [interface <IFNAME> [in | routed-in] | vlan <VLAN-ID> [in]] 
            [commands] [configuration] [vsx-peer]

Syntax that filters by the named policy: 

show policy <POLICY-NAME> [commands] [configuration] [vsx-peer]

Syntax that filters by the globally applied policy: 

show policy global [commands] [configuration] [vsx-peer]

Syntax that shows statistical information in the form of hit counts: 

show policy hitcounts <POLICY-NAME> [interface <IFNAME> [in | routed-in] |
                      vlan <VLAN-ID> [in]] [vsx-peer]

Syntax that shows statistical information in the form of hit counts for the globally applied policy: 

show policy hitcounts global [vsx-peer]

Description

Shows information about your defined policies and where they have been applied. When show policy is entered without parameters, information for all policies is shown. The parameters filter the list of policies for which information is shown.

Available filtering includes:

  • The content of a specific policy.

  • All policies applied to a specific interface.

  • All policies applied to a specific VLAN.

  • The globally applied policy.

To display policy statistics, use the show policy hitcounts form of this command.

Command context

Operator (>) or Manager (#)

Parameters

interface <IFNAME>

Specifies the interface name.

vlan <VLAN-ID>

Specifies the VLAN.

in

Selects the inbound (ingress) traffic direction.

routed-in

Selects the routed inbound (ingress) traffic direction. Not applicable to a policy applied to a VLAN.

<POLICY-NAME>

Specifies the policy name.

commands

Causes the policy definition to be shown as the commands and parameters used to create it rather than in tabular form.

configuration

Causes the user-configured policies be shown as entered, even if the policies are not active due to policy-definition command issues or hardware issues. This parameter is useful if there is a mismatch between the entered configuration and the previous successfully programmed (active) policies configuration.

global

Selects the globally applied policy.

hitcounts

Selects the policy hit counts (statistics). The switch displays the number of accepted bytes/conformed bytes (green and yellow bytes) as 0 kbps.

[vsx-peer]

Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.

Authority

Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.

Examples

Showing information for all policies: 

switch# show policy
           Name                                              
           Additional Policy Parameters                      
  Sequence Comment                                           
           Class Type
                    action
-------------------------------------------------------------------------------
           mypolicy                       
        10 
           myipv6class ipv6
                    cir kbps 15000
                    cbs 200
                    exceed drop

        20 
           myipv6class ipv6
                    dscp AF21

Showing a policy as commands: 

switch# show policy mypolicy commands
policy mypolicy
    10 class ipv6 myipv6class action cir kbps 15000 cbs 200 exceed drop 
    20 class ipv6 myipv6class action dscp AF21 
interface 1/1/1
apply policy mypolicy in

Showing the globally applied policy: 

switch# show policy global commands
policy my_policy
    10 class ip my_class1 action drop 
apply policy my_policy in

Showing policy hit counts (statistics): 

switch# show policy hitcounts policyA interface 1/1/2
Statistics for Policy policyA:
Interface 1/1/2* (in):
           Hit Count  Configuration
10 class ip test action cir kbps 1 cbs 1 exceed drop 
                   0  10 match any any any count [0 kbps conform]
                   0  20 match any any any count [0 kbps conform]
* policy statistics are shared among each context type (interface, VLAN).
  For routed ingress, they are only shared within the same VRF. 
  Use 'policy NAME copy' to create a new policy for separate statistics.

Showing policy hit counts (statistics) for the globally applied policy: 

switch# show policy hitcounts global
Statistics for Policy my_policy:
Global Policy:
           Hit Count  Configuration
10 class ip my_class1 action mirror
                  20  10 match any any any count
* policy statistics are shared among each context type (interface, VLAN).
  For routed ingress, they are only shared within the same VRF. 
  Use 'policy NAME copy' to create a new policy for separate statistics.

The switch displays the number of accepted bytes/conformed bytes (green and yellow bytes) as 0 kbps. The configuration from the example was created as follows: 

switch(config)# class ip test
switch(config-class-ip)# 10 match any any any count
switch(config-class-ip)# 20 match any any any count
switch(config-class-ip)# exit
switch(config)# policy policyA
switch(config-policy)# 10 class ip test action cir kbps 1 cbs 1 exceed drop 
switch(config)# interface 1/1/2 
switch(config-if)# no shutdown
switch(config-if)# apply policy policyA in