Filter
Top Products
Troubleshooting QoS Troubleshooting QoS
page 10-6 OmniSwitch Troubleshooting Guide September 2005
Validation
In order to validate the policy which are not applied yet (pending policies) or you may want to see how
theoretical traffic would be classified by policies that are already applied on the switch, the show policy
classify CLI command can be used.
-> show policy classified L3 applied
The switch will display information about the potential L3 traffic and attempt to match it to a policy
(applied policies only).
-> show policy classified L3
The same as above but this time attempt to match to applied and pending policies.
Note. The following test might result in an invalid combination of condition/action parameters.
Example 1
This policy denies access to subnet 192.168.20.0 from any source.
-> policy condition BLOCK_20 destination ip 192.168.20.0 mask 255.255.255.0
-> policy action BLOCK_20 disposition deny
-> policy rule BLOCK_20 condition BLOCK_20 action BLOCK_20
A theoretical traffic going to 192.168.20.4 can be tested against that policy as following:
-> show policy classify L3 destination ip 192.168.20.4
Packet headers:
L2:
*Port : 0/0 (any) -> 0/0 (any)
*MAC : 000000:000000 -> 000000:000000
*VLAN : 0 -> 0
*802.1p : 0
L3/L4:
*IP : 0.0.0.0 -> 192.168.20.4
*TOS/DSCP: 0/0
Using pending l3 policies
Classify L3:
*Matches rule 'BLOCK_20': action BLOCK_20 (deny)
In this example, the display indicates that the switch found a rule, BLOCK_20, to classify destination traf-
fic with the specified Layer 3 information.
Example 2
This policy allows TFTP traffic (IP protocol = 17 =UDP; UDP port =69 = TFTP) from subnet
192.168.10.0 to the outside.
-> policy condition oktftp destination ip port 69 ip protocol 17 source ip
192.168.10.0 mask 255.255.255.0
-> policy action oktftp disposition accept
-> policy rule oktftp condition oktftp action oktftp