policy

Syntax

policy <POLICY-NAME>    

    [<SEQUENCE-NUMBER>]
      class {ip|ipv6|mac} <CLASS-NAME>
          action {<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}
          [{<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}]
    
    [<SEQUENCE-NUMBER>]
    comment ...

no policy <POLICY-NAME>

Description

Creates, modifies, or deletes a classifier policy. A policy contains one or more policy entries ordered and prioritized by sequence numbers. Each entry has an IPv4/IPv6/MAC class and one or more policy actions associated with it. An applied policy processes a packet sequentially against policy entries in the list until the last entry in the list has been evaluated or the packet matches an entry. If a match occurs the related entry, actions are taken.

The no form of this command is used to delete a policy or an individual policy entry.

Command context

config

The policy command takes you into the config-policy context where you enter the policy entries.

Parameters

<POLICY-NAME>

Specifies the name of the policy.

<SEQUENCE-NUMBER>

Specifies a sequence number for the policy entry. Optional. Range: 1 to 4294967295.

comment

Stores the remaining entered text as a policy entry comment.

class {ip|ipv6|mac} <CLASS-NAME>

Specifies a type of class, ip for IPv4, ipv6 for IPv6 and mac for a MAC policy. And specifies a class name.

<REMARK-ACTIONS>

Remark actions can be any of the following options: {pbr <ACTION-LIST> | pcp <PRIORITY> | ip-precedence <IP-PRECEDENCE-VALUE> | dscp <DSCP-VALUE> | local-priority <LOCAL-PRIORITY-VALUE>} where:

pbr <ACTION-LIST>

Specifies the PBR action list to be used.

pcp <PCP-VALUE>

Specifies Priority Code Point (PCP) value. Range: 0 to 7.

ip-precedence <IP-PRECEDENCE-VALUE>

Specifies the numeric IP precedence value. Range: 0 to 7.

dscp <DSCP-VALUE>

Specifies a Differentiated Services Code Point (DSCP) value. Enter either a numeric value (0 to 63) or a keyword as follows:

  • AF11 - DSCP 10 (Assured Forwarding Class 1, low drop probability)

  • AF12 - DSCP 12 (Assured Forwarding Class 1, medium drop probability)

  • AF13 - DSCP 14 (Assured Forwarding Class 1, high drop probability)

  • AF21 - DSCP 18 (Assured Forwarding Class 2, low drop probability)

  • AF22 - DSCP 20 (Assured Forwarding Class 2, medium drop probability)

  • AF23 - DSCP 22 (Assured Forwarding Class 2, high drop probability)

  • AF31 - DSCP 26 (Assured Forwarding Class 3, low drop probability)

  • AF32 - DSCP 28 (Assured Forwarding Class 3, medium drop probability)

  • AF33 - DSCP 30 (Assured Forwarding Class 3, high drop probability)

  • AF41 - DSCP 34 (Assured Forwarding Class 4, low drop probability)

  • AF42 - DSCP 36 (Assured Forwarding Class 4, medium drop probability)

  • AF43 - DSCP 38 (Assured Forwarding Class 4, high drop probability)

  • CS0 - DSCP 0 (Class Selector 0: Default)

  • CS1 - DSCP 8 (Class Selector 1: Scavenger)

  • CS2 - DSCP 16 (Class Selector 2: OAM)

  • CS3 - DSCP 24 (Class Selector 3: Signaling)

  • CS4 - DSCP 32 (Class Selector 4: Real time)

  • CS5 - DSCP 40 (Class Selector 5: Broadcast video)

  • CS6 - DSCP 48 (Class Selector 6: Network control)

  • CS7 - DSCP 56 (Class Selector 7)

  • EF - DSCP 46 (Expedited Forwarding)

local-priority <LOCAL-PRIORITY-VALUE>

Specifies a local priority value. Range: 0 to 7.

<POLICE-ACTIONS>

Police actions can be the following {cir <RATE-BPS> cbs <BYTES> exceed} where:

cir <RATE-BPS>

Specifies a Committed Information Rate value in Kilobits per second. Range: 1 to 4294967295.

cbs <BYTES>

Specifies a Committed Burst Size value in bytes. Range: 1 to 4294967295.

exceed

Specifies action to take on packets that exceed the rate limit.

<OTHER-ACTIONS>

Other actions can be the following:

drop

Specifies drop traffic.

Authority

Administrators

Restrictions

MAC classes are not applicable to policies containing PBR actions. Applying such policies to an interface are blocked.

Usage

  • For Policy Based Routing, the policy action keyword is pbr which itself takes the name of a PBR action list as a parameter.
  • A policy entry that contains a PBR action can contain other action types as well.

  • An applied policy processes a packet sequentially against policy entries in the list until the last policy entry in the list has been evaluated or the packet matches an entry.

  • Entering an existing <POLICY-NAME> value will cause the existing policy to be modified, with any new <SEQUENCE-NUMBER> value creating an additional policy entry, and any existing <SEQUENCE-NUMBER> value replacing the existing policy entry with the same sequence number.

  • If no sequence number is specified, a new policy entry is appended to the end of the entry list with a sequence number equal to the highest policy entry currently in the list plus 10.

  • On an 8400 switch, IP remarking (ip-precedence, dscp) will only be performed if the packet is routed.

Examples

Create a policy with two PBR actions:

switch(config)# policy pbr_policy
switch (config-policy)# 10 class ip v4_class action pbr action_list1
switch (config-policy)# 20 class ipv6 v6_class action pbr action_list2
switch (config-policy)# exit