policy

Syntax

policy <POLICY-NAME>    

    [<SEQUENCE-NUMBER>]
      class {ip|ipv6|mac} <CLASS-NAME>
          action {<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}
          [{<REMARK-ACTIONS> | <POLICE-ACTIONS> | <OTHER-ACTIONS>}]
    
    [<SEQUENCE-NUMBER>]
    comment ...

no policy <POLICY-NAME>

Description

Creates, modifies, or deletes a classifier policy. A policy contains one or more policy entries ordered and prioritized by sequence numbers. Each entry has an IPv4/IPv6/MAC class and one or more policy actions associated with it. An applied policy processes a packet sequentially against policy entries in the list until the last entry in the list has been evaluated or the packet matches an entry. If a match occurs the related entry, actions are taken.

The no form of this command is used to delete a policy or an individual policy entry.

Command context

config

The policy command takes you into the config-policy context where you enter the policy entries.

Parameters

<POLICY-NAME>

Specifies the name of the policy.

<SEQUENCE-NUMBER>

Specifies a sequence number for the policy entry. Optional. Range: 1 to 4294967295.

comment

Stores the remaining entered text as a policy entry comment.

class {ip|ipv6|mac} <CLASS-NAME>

Specifies a type of class, ip for IPv4, ipv6 for IPv6 and mac for a MAC policy. And specifies a class name.

<REMARK-ACTIONS>

Remark actions can be any of the following options: {pbr <ACTION-LIST> | pcp <PRIORITY> | ip-precedence <IP-PRECEDENCE-VALUE> | dscp <DSCP-VALUE> | local-priority <LOCAL-PRIORITY-VALUE>} where:

pbr <ACTION-LIST>

Specifies the PBR action list to be used.

pcp <PCP-VALUE>

Specifies Priority Code Point (PCP) value. Range: 0 to 7.

ip-precedence <IP-PRECEDENCE-VALUE>

Specifies the numeric IP precedence value. Range: 0 to 7.

dscp <DSCP-VALUE>

Specifies a Differentiated Services Code Point (DSCP) value. Enter either a numeric value (0 to 63) or a keyword as follows:

  • AF11 - DSCP 10 (Assured Forwarding Class 1, low drop probability)

  • AF12 - DSCP 12 (Assured Forwarding Class 1, medium drop probability)

  • AF13 - DSCP 14 (Assured Forwarding Class 1, high drop probability)

  • AF21 - DSCP 18 (Assured Forwarding Class 2, low drop probability)

  • AF22 - DSCP 20 (Assured Forwarding Class 2, medium drop probability)

  • AF23 - DSCP 22 (Assured Forwarding Class 2, high drop probability)

  • AF31 - DSCP 26 (Assured Forwarding Class 3, low drop probability)

  • AF32 - DSCP 28 (Assured Forwarding Class 3, medium drop probability)

  • AF33 - DSCP 30 (Assured Forwarding Class 3, high drop probability)

  • AF41 - DSCP 34 (Assured Forwarding Class 4, low drop probability)

  • AF42 - DSCP 36 (Assured Forwarding Class 4, medium drop probability)

  • AF43 - DSCP 38 (Assured Forwarding Class 4, high drop probability)

  • CS0 - DSCP 0 (Class Selector 0: Default)

  • CS1 - DSCP 8 (Class Selector 1: Scavenger)

  • CS2 - DSCP 16 (Class Selector 2: OAM)

  • CS3 - DSCP 24 (Class Selector 3: Signaling)

  • CS4 - DSCP 32 (Class Selector 4: Real time)

  • CS5 - DSCP 40 (Class Selector 5: Broadcast video)

  • CS6 - DSCP 48 (Class Selector 6: Network control)

  • CS7 - DSCP 56 (Class Selector 7)

  • EF - DSCP 46 (Expedited Forwarding)

local-priority <LOCAL-PRIORITY-VALUE>

Specifies a local priority value. Range: 0 to 7.

<POLICE-ACTIONS>

Police actions can be the following {cir <RATE-BPS> cbs <BYTES> exceed} where:

cir <RATE-BPS>

Specifies a Committed Information Rate value in Kilobits per second. Range: 1 to 4294967295.

cbs <BYTES>

Specifies a Committed Burst Size value in bytes. Range: 1 to 4294967295.

exceed

Specifies action to take on packets that exceed the rate limit.

<OTHER-ACTIONS>

Other actions can be the following:

drop

Specifies drop traffic.

Authority

Administrators or local user group members with execution rights for this command.

Restrictions

MAC classes are not applicable to policies containing PBR actions. Applying such policies to an interface are blocked.

Usage

  • For Policy Based Routing, the policy action keyword is pbr which itself takes the name of a PBR action list as a parameter.

  • A policy entry that contains a PBR action can contain other action types as well.

  • An applied policy processes a packet sequentially against policy entries in the list until the last policy entry in the list has been evaluated or the packet matches an entry.

  • Entering an existing <POLICY-NAME> value will cause the existing policy to be modified, with any new <SEQUENCE-NUMBER> value creating an additional policy entry, and any existing <SEQUENCE-NUMBER> value replacing the existing policy entry with the same sequence number.

  • If no sequence number is specified, a new policy entry is appended to the end of the entry list with a sequence number equal to the highest policy entry currently in the list plus 10.

Examples

Create a policy with two PBR actions: 

switch(config)# policy pbr_policy
switch (config-policy)# 10 class ip v4_class action pbr action_list1
switch (config-policy)# 20 class ipv6 v6_class action pbr action_list2
switch (config-policy)# exit