MAC Class configuration commands

MAC classes creation syntax

Syntax

[no]class ipv4|ipv6|mac|zoneCLASS_NAME

This command is used for creating a new MAC class with a given name. The name will be used when configuring the policy to associate a class with a given action. Upon configuring a class the user will be placed into the class context to configure the rules.

ipv4

Create a traffic class for IPv4 packets.

ipv6

Create a traffic class for IPv6 packets.

mac

Create a traffic class for MAC packets.

zone

Enter the zone name.

CLASS_NAME

Enter an ASCII string.

Create a new MAC class

(config)# class mac “mac-class-1”
(config-class)#

[NOTE: ]

NOTE: The command class ipv4 NAME is the IPv4 equivalent command.


MAC class resequence

Syntax

class resequence ipv4|ipv6|mac start_increment

Resequencing a class renumbers the class from a specified starting point. This renumbering allows for additional space to be placed between the class entries while maintaining the proper order of the entries.

ipv4

Classify traffic based on IPv4 information.

ipv6

Classify traffic based on IPv6 information.

mac

Classify traffic based on Ethernet header information.

<1-2147483647>

The starting sequence number.

<1-2147483646>

The increment for each entry.

Resequence a class starting at sequence 10 and incrementing by 5

 (config)# class resequence mac 10 5

MAC configuring class entries

Syntax

[no]SEQ_NUM match|ignore any|host SRC-MAC|SRC-MAC SRC-MAC-MASK any|host SRC-MAC|SRC-MAC SRC-MAC-MASK any|ETHERTYPE cos COS vlan vlan_id

A class is composed of entries that describe the traffic that is to be matched and ignored. Later when the class is added to a policy an action can be applied to the matched traffic. Traffic that is ignored will exclude the traffic from the rest of the policy and take no action. A class can be composed of many entries and these entries are processed in sequence number order.

Behavior

match

Create a rule to match specified packets.

ignore

Create a rule to ignore specified packets.

SOURCE MAC

any

Match packets with any source MAC address.

host

Match a specified source MAC address.

SRC-MAC

Match a specified source MAC address Range.

SRC-MAC-MASK

The source MAC address mask.

DESTINATION MAC

any

Match packets with any source MAC address.

host

Match a specified source MAC address.

SRC-MAC

Match a specified source MAC address Range.

SRC-MAC-MASK

The source MAC address mask.

ETHERTYPE

600-FFFF

Match a specific EtherType.

any

Match any EtherType.

aarp

AppleTalk Address Resolution Protocol.

appletalk

AppleTalk/EtherTalk.

arp

Address Resolution Protocol.

fcoe

Fibre Channel over Ethernet.

fcoe-init

Fibre Channel over Ethernet Initialization.

lldp

Link Layer Discovery Protocol.

ip

Internet Protocol Version 4.

ipv6

Internet Protocol Version 6.

ipx-arpa

IPX Advanced Research Projects Agency.

ipx-non-arpa

IPX non-ARPA

is-is

Intermediate System to Intermediate System

mpls-unicast

MPLS Unicast

mpls-multicast

MPLS Multicast

q-in-q

IEEE 802.1ad encapsulation

rbridge

RBridge Channel Protocol

trill

IETF TRILL protocol

wake-on-lan

Wake on LAN

OPTIONS

cos

Match packets with a specified 802.1Q Priority Code Point value.

vlan

Match packets for a configured VLAN.

0-7

Match packets with a specified 802.1Q Priority Code Point value.

vlan

Match packets for a configured VLAN.

VLAN-ID

Enter VLAN identifier or name.

Configuring a basic rule to match ARP traffic

(config)# class mac “mac-class-1”
(config-class)# match any any arp

Configuring a basic rule to match range of source MAC addresses

(config)# class mac “mac-class-2”
(config-class)# match AABB.CCDD.0000 0000.0000.FFFF any any

Configuring a basic rule to match a specific destination MAC addresses

(config)# class mac “mac-class-2”
(config-class)# match any host AABB.CCDD.EEFF any

Creating policy

A policy is used to associate a class with an action. The policy is not active until it is applied to an interface. Also a policy that contains no entries will have no effect on the traffic. The available actions of a policy will differ depending on the type of policy that is configured. Mac classes are only valid with QoS and Mirror policies. After creating a policy the user is placed in that policies context in order to add, remove or modify entries in the policy. A policy can contain many entries that provide same or different actions for a class.

Syntax

[no]policy qos|pbr|mirror|zone POLICY-NAME

mirror

Create or modify a policy that has mirror actions.

pbr

Create or modify a policy that has PBR actions.

qos

Create or modify a policy that has QOS actions.

POLICY-NAME

Enter an ASCII string.

Create a new qos policy

(config)# policy qos “qos-policy-1”
(policy-qos)#

Create a new mirror policy

(config)# policy mirror “mirror-policy-1”
(policy-mirror)#

Mirror policy context

Syntax

[no] SEQ_NUM class ipv4|ipv6|mac CLASS_NAME action mirror SESSION mirror SESSION

The mirror policy context is used to associate classes with a mirror actions. After creating a policy the user is placed in the mirror policy context. Traffic that matches the rules inside the class will be mirrored using the associated mirror instance. Traffic that matches an ignore rule will not be mirrored. Traffic that does not match any entries will have the default-mac-class action applied. MAC classes cannot be configured in the same policy with IPv4 and IPv6 classes. The default-class is to be used with policies that contain IPv4 and IPv6 classes whereas the default-mac-class is to be used with MAC classes.

class_name

Enter an ASCII string

<1-4>

Specify a mirror session as the action.

Create a new mirror policy that uses a MAC class

(config)# class mac mac-class-1

(config-class)# match any any arp

(config)# policy mirror “mirror-policy-1”

(policy-mirror)# class mac mac-class-1 action mirror 1

[NOTE: ]

NOTE: The mirror action can be matched multiple times for the number of mirror sessions available. If there are a max of 4 mirror sessions available it’s possible to have 4 mirror actions associated with a single class.


Syntax

[no]default-mac-class action mirror SESSION

The default-mac-class is used to apply an action to the packets that are neither matched nor ignored by any class associated with the mirror policy. The default MAC class is used in a policy that contains only MAC classes.

Create a Mirror policy with a default MAC class

(config)# policy mirror “mirror-policy-1”
(policy-mirror)# default-mac-class action mirror 1

[NOTE: ]

NOTE: The default-mac-class is to only be used in a policy that contains MAC classes.


Adding a remark to the policy

Syntax

[no] SEQ_NUM remark REMARK_STR

REMARK_STR

Add a comment to the policy.

The remark command allows for a comment to be inserted into the policy at the specified sequence number. If no sequence number is given it will be added to the end of the list. Remarks consume the sequence number that they are given and will remain in order if the policy is resequenced.

Add a remark to a mirror policy

(config)# policy mirror “mirror-policy-1”
(policy-mirror)# 5 remark “This rule was added to fix problems related to ticket 234223”

QoS policy context

Syntax

[no] SEQ_NUM class ipv4|ipv6|mac CLASS_NAME action dscp|ip_precedence| priority |rate_limit

The QoS policy context is used to associate classes with policy actions. One is placed in this context after creating a QoS policy. Traffic that matches the rules in the class will have the specified QoS action applied. Traffic that matches an ignore statement in the class will not have an action applied. Traffic that does not match any entries will have the default-mac-class action applied. MAC classes cannot be configured in the same policy with IPv4 and IPv6 classes. The default-class is to be used with policies that contain IPv4 and IPv6 classes whereas the default-mac-class is to be used with MAC classes.

dscp

Specify an IP DSCP.

ip-precedence

Specify the IP precedence.

priority

Specify the priority.

rate-limit

Configure rate limiting for all traffic.

DSCP OPTIONS

<0-63>
af11 Match DSCP AF11 (001010)
af12 Match DSCP AF12 (001100)
af13 Match DSCP AF13 (001110)
af21 Match DSCP AF21 (010010)
af22 Match DSCP AF22 (010100)
af23 Match DSCP AF23 (010110)
af31 Match DSCP AF31 (011010)
af32 Match DSCP AF32 (011100)
af33 Match DSCP AF33 (011110)
af41 Match DSCP AF41 (100010)
af42 Match DSCP AF42 (100100)
af43 Match DSCP AF43 (100110)
cs1 Match DSCP CS1 (001000)
cs2 Match DSCP CS2 (010000)
cs3 Match DSCP CS3 (011000)
cs4 Match DSCP CS4 (100000)
cs5 Match DSCP CS4 (101000)
cs6 Match DSCP CS6 (110000)
cs7 Match DSCP CS7 (111000)
default Match DSCP default (000000)
ef Match DSCP EF (101110)

IP-PRECEDENCE OPTIONS

<0-7>
routine
priority
immediate
flash
flash-override
critical
internet
network

PRIORITY Options

<0-7> Enter an integer number.

RATE-LIMIT Options

kbps Specify the rate limit in kilobits per second.

Create a QoS policy that rate remarks a packet

(config)# policy qos “qos-policy-1”
(policy-qos)# class mac mac-class-1 action dscp ef

Create a QoS policy that rate limits traffic

(config)# policy qos “qos-policy-1”
(policy-qos)# class mac mac-class-1 action rate-limit kbps 1000

[NOTE: ]

NOTE: The dscp and ip-precedence actions set the same set of bits in the IP header.


Default MAC Class

Syntax

[no] default-mac-class action mirror SESSION

The default-mac-class is used to apply an action to the packets that are neither matched nor ignored by any class associated with the mirror policy. The default MAC class is used in a policy that contains only MAC classes.

Create a QoS policy with a default MAC class

(config)# policy qos “qos-policy-1”
(policy-qos)# default-mac-class action dscp af11

[NOTE: ]

NOTE: The default-mac-class is to only be used in a policy that contains MAC classes.


Inserting a remark into a policy

Syntax

[no] SEQ_NUM remark REMARK_STR

REMARK_STR

Add a comment to the policy.

The remark command allows for a comment to be inserted into the policy at the specified sequence number. If no sequence number is given it will be added to the end of the list. Remarks consume the sequence number that they are given and will remain in order if the policy is resequenced.

Add a remark to a mirror policy

(config)# policy qos “qos-policy-1”
(policy-qos)# 100 remark “Add user specific rules above this point”

[NOTE: ]

NOTE: A policy does not perform any action until it is applied to an interface. A policy that contains MAC classes can be applied to a port, trunk, or VLAN. The interface and direction of the application determine where in the flow of traffic through the switch that the traffic will be compared with the policies entries.


Applying the Service-policy

Syntax

[no] service-policy POLICY_NAME in

A policy does not perform any action until it is applied to an interface. A policy that contains MAC classes can be applied to a port, trunk, or VLAN. The interface and direction of the application determine where in the flow of traffic through the switch that the traffic will be compared with the policies entries.

in

Apply policy on inbound packets.

policy-name

Enter an ASCII string.

Apply a QoS policy to the inbound direction of a port

(config)# interface a1
(eth-A1)# service-policy qos-policy-1 in

Apply a QoS policy to the inbound direction of a VLAN

(config)# vlan 10
(vlan-10)# service-policy qos-policy-2 in

Apply a QoS policy to the inbound direction of a trunk

(config)# interface trk1
(eth-trk1)# service-policy qos-policy-3 in

Creating class assigning to mirror policy and applying to a port

(config)# class mac mac-class-1
(config-class)# match any any any
(config)# policy mirror “mirror-policy-1”
(policy-mirror)# class mac mac-class-1 action mirror 1
(config)# interface a1
(eth-a1)# service-policy mirror-policy-1 in

Show MAC class by name

Syntax

show class mac class_name

Used to display information about a specific class.

ASCII-STR

Enter an ASCII string.

Show class mac

(config)$ show class mac macClass Statements for class mac "macClass"
class mac "macClass" 10 match 1111.2222.3333 ffff.ffff.0000 4444.5555.6666 ffff.ffff.0000 aarp
exit

Show class ports

Syntax

show class ports port_list

Used to display the classes that are applied on the specified port.

[ethernet] PORT-LIST

Enter a port number, a list of ports or 'all' for all ports

Show class ports

(config)$ show class ports A1
Classes for port A1
 Name   : test
 Type   : MAC

show class vlan

Syntax

show class vlan vlan-id

Used to display the classes that are applied on the specified VLAN.

vlan-id

Enter a VLAN identifier or a VLAN name.

Show class vlan

(config)$ show class vlan 2
Classes for vlan 2
 Name   : test
 Type   : MAC

Show policy by name

Syntax

show policy policy-name

Used to show a specific policy.

POLICY-NAME

Enter an ASCII string.

Show policy by name

(config)$ show policy qos-policy-1
Statements for policy "qos-policy-1"
policy qos "qos-policy-1"
10 class mac "macClass" action ip-precedence 3 action priority 0
exit

Show policy ports

Syntax

show policy ports port-list

Used to show the applied policies on a specified port.

[ethernet] PORT-LIST

Enter a port number, a list of ports or 'all' for all ports.

Show policy ports

(config)$ show policy ports A1
Policies for port A1
Name   : macClass
Type   : QOS

show policy vlan

Syntax

show policy vlan vlan-id

Used to show policies that are applied on a specified VLAN.

all

Show Policies applied to all VLANs.

VLAN-ID

Show Policies applied to the specified VLAN.

Create a new mirror policy

show policy vlan 2
Policies for VLAN 2 
Name    : macClass
Type      : QOS

show statistics policy port

Syntax

show statistics policy POLICY-NAME-STR port PORT-NUM

Used to display hit count statistics for a given policy on a port.

PORT-NUM

Enter a port name.

POLICY-NAME-STR

The policy to show statistics for.

Show statistics for policy by port

(config)$ show statistics policy temp port a1
HitCounts for Policy qos-policy-1 since the last 2277 seconds
Total
10 class mac "macClass" action ip-precedence 3 action priority 0
( 69171 ) 10 match 1111.2222.3333 ffff.ffff.0000 4444.5555.6666 ffff.ffff.0000
aarp

Show statistics policy VLAN

Syntax

show statistics policy POLICY-NAME vlan VLAN-ID

Used to display hit counts for a specified policy on a VLAN.

VLAN-ID

The VLAN ID or VLAN name.

POLICY-NAME

The policy to show statistics for.

show statistics policy

(config)$ show statistics policy temp vlan 1
HitCounts for Policy temp occurring in the last 851 seconds
Total
10 class mac "macClass" action ip-precedence 3 action priority 0
( 0 ) 10 match 1111.2222.3333 ffff.ffff.0000 4444.5555.6666 ffff.ffff.0000
aarp

Clear statistics

Syntax

clear statistics policy|aclv6|aclv4|mac

Used to clear hit counts.

policy

QoS/Mirror/PBR policy.

aclv6

IPv6 ACL.

aclv4

IPv4 ACL.

mac

MAC ACL.

Clear statistics for a policy on a port

(config)# clear statistics policy policy-name port a1

Clear statistics for a policy on a vlan

(config)# clear statistics policy policy-name vlan 1