Reset Search
 

 

Article

Is MAC based policy rule supported on X440G2

« Go Back

Information

 
TitleIs MAC based policy rule supported on X440G2
Question
  • Is the MAC based policy rule supported on X440G2?
Environment
 
  • Summit X440G2
  • EXOS 21.x or above
Answer
  • MAC based policy rules are not supported on X440G2 switches and it is by design in EXOS.
* X440G2-12p-10G4.23 # configure policy rule 1 macsource 00-00-01-02-00-00 mask 32 drop
ERROR: Set failed!
  • Please note, With policy feature, we will install two kind of rules:
1) Policy Rule -  it's just like a ACL rule defining what you can access in the network.
2) Admin Rule - It is like the rule installed after the client is authenticated in the network
  •  Policy feature rules are installed in two stages of Access-list slice usage.
For example:

* X440G2-12p-10G4.4 # show access-list usage acl-slice port 1
Ports 1-16
Stage: INGRESS
Reserved slices:
Type            Used    Available
Policy P/D         0            2
Policy CoS         1            1

Slices:          Used: 5  Available: 3
Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  4) Rules:   Used:      0  Available:    256 Policy CoS reserved
Virtual Slice  * (physical slice  5) Rules:   Used:      0  Available:    256 Policy P/D reserved
Virtual Slice  * (physical slice  6) Rules:   Used:      0  Available:    256 Policy P/D reserved
Virtual Slice  6 (physical slice  7) Rules:   Used:     10  Available:    246 system
Virtual Slice  7 (physical slice  3) Rules:   Used:      1  Available:    255 Policy CoS reserved
Stage: EGRESS
Slices:          Used: 0  Available: 4
.......................................
Stage: LOOKUP
Reserved slices:
Type            Used    Available
Policy Profile     1            3

Slices:          Used: 4  Available: 0
Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    128 Policy Profile reserved
Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    128 Policy Profile reserved
Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    128 Policy Profile reserved
Virtual Slice  3 (physical slice  0) Rules:   Used:      9  Available:    119 Policy Profile reserved
Stage: EXTERNAL
Virtual Slice :  (*) Physical slice not allocated to any virtual slice.
  • When you install policy rule, rules will be installed in ingress stage.
  • when you install admin-profile, rules will be installed in Lookup stage.
Additional notes
  • Please note, Mac-based admin rules are supported on X440G2 switches
  • X440G2-12p-10G4.1 # configure policy rule admin-profile macsource 00:00:00:00:01:02 mask 48 admin-pid 1 port-string 5
    * X440G2-12p-10G4.2 # show config "policy"
    #
    # Module policy configuration.
    #
    enable policy
    configure policy profile 1 name "Secure" cos-status "enable" cos 5
    configure policy rule admin-profile macsource 00-00-00-00-01-02 mask 48 port-string 5 admin-pid 1

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255