apply policy(Contexts: config-if, config-vlan)

Syntax

Context: config-if:

apply policy <POLICY-NAME> {in|out}

no apply policy <POLICY-NAME> {in|out}

Context: config-vlan:

apply policy <POLICY-NAME> {in|out}

no apply policy <POLICY-NAME> {in|out}

Description

Applies a policy to the current interface or VLAN context.

Only one direction of a policy can be applied to an interface or VLAN at a time, thus using the apply command on an interface or VLAN with an already-applied policy of the same direction will replace the currently applied policy.

NOTE:

The VLAN context supports the in and out directions.

The no form of this command removes a policy from the interface or VLAN specified by the current context.

Command context

config-if

config-vlan

Parameters

<POLICY-NAME>

Specifies the policy to apply.

in

Selects the inbound (ingress) traffic direction.

out

Selects the outbound (egress) traffic direction.

Authority

Administrators or local user group members with execution rights for this command.

Usage (applies to config-vlan context)

  • Only one policy may be applied to a VLAN at a time. Therefore, using the apply policy command on a VLAN with an already-applied policy of the same type, will replace the applied policy.

  • If during switch reboot, a policy fails to be applied to a VLAN, all the ports will be shut down. The switch must be restarted to recover from the failure. Modifying the VLAN or policy configuration will not cause the ports to be restarted.

Examples

Applying a policy to an interface (ingress):

switch(config)# interface 1/1/1
switch(config-if)# apply policy MY_POLICY in

Applying a policy to an interface (egress):

switch(config)# interface 1/1/2
switch(config-if)# apply policy MY_POLICY2 out

Applying a policy to an interface range (egress):

switch(config)# interface 1/1/2-1/1/5
switch(config-if-<1/1/2-1/1/5>)# apply policy MY_POLICY3 out

Removing a policy from an interface range (egress)

switch(config)# 1/1/2-1/1/5
switch(config-if)# no apply policy MY_POLICY3 out

Applying a policy to a VLAN (ingress):

switch(config)# vlan 10
switch(config-vlan-10)# apply policy MY_POLICY in

Applying a policy to multiple VLANs (egress):

switch(config)# vlan 20,30
switch(config-vlan-<20,30>)# apply policy MY_POLICY2 out

Removing a policy from a VLAN (ingress):

switch(config)# vlan 10
switch(config-vlan-10)# no apply policy MY_POLICY in