Creating Policy Lists - OmniSwitch os6900 Network Configuration Manual

Creating Policies
Logging Rules
Logging a rule is useful for determining the source of firewall attacks. To specify that the switch must log
information about flows that match the specified policy rule, use the policy rule command with the log
option. For example:
-> policy rule rule5 log
To stop the switch from logging information about flows that match a particular rule, use no with the log
keyword. For example:
-> policy rule rule5 no log
When logging is active for a policy rule, a logging interval is applied to specify how often to look for
flows that match the policy rule. By default, the interval time is set to 30 seconds. To change the log inter-
val time, use the optional interval keyword with the log option. For example:
-> policy rule rule5 log interval 1500
Note that setting the log interval time to 0 specifies to log as often as possible.
Deleting Rules
To remove a policy rule, use the no form of the command.
-> no policy rule rule1
The rule is deleted after the next qos apply.

Creating Policy Lists

A QoS policy list provides a method for grouping multiple policy rules together and applying the group of
rules to specific types of traffic.The type of traffic to which a policy list is applied is determined by the
type of list that is configured. There are two types of policy lists:
•
Default—This list is always available on every switch and is not configurable. By default, a policy rule
is associated with this list when the rule is created. All default list rules are applied to ingress traffic.
•
Universal Network Profile (UNP)—This type of configurable policy list is associated with a Univer-
sal Network Profile (UNP). The rules in this list are applied to ingress traffic that is classified by the
UNP. See Chapter 27, "Configuring Universal Network
To create a UNP policy list, use the
rules command to specify the names of one or more existing QoS policy rules to add to the list. For exam-
ple, the following commands create two policy rules and associates these rules with the unp1_rules list:
-> policy condition c1 802.1p 5
-> policy action a1 disposition drop
-> policy rule r1 condition c1 action a1 no default-list
-> policy condition c2 source ip 10.5.5.0
-> policy action a2 disposition accept
-> policy rule r2 condition c2 action a2 no default-list
-> policy list unp1_rules type unp enable
-> policy list unp1_rules rules r1 r2
-> qos apply
Note that the no default-list option was used to create the rules. Using this option is recommended when
creating a policy list for a UNP. See
page 25-50
Profiles,"for more information.
policy list command to specify a list name and then use the
"Guidelines for Configuring Policy Lists" on page
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring QoS
policy list
25-51.
June 2013