Reorder the rules that form the traffic filtering and marking policy of a distributed port or uplink port to change the sequence of actions for analyzing traffic for security and QoS.

About this task

The vSphere distributed switch applies network traffic rules in a strict order. If a packet already satisfies a rule, the packet might not be passed to the next rule in the policy.


Enable the port-level override option for this policy. See Edit Advanced Distributed Port Group Settings with the vSphere Web Client.


  1. Navigate to a distributed port or an uplink port.
    • To navigate to the distributed ports of the switch, click Manage > Ports.

    • To navigate to the uplink ports of an uplink port group, click Related Objects > Uplink Port Groups, double-click an uplink port group from the list, and select Ports on the Manage tab.

  2. Select a port from the list.
  3. Click Edit distributed port settings.
  4. Select Traffic filtering and marking.
  5. If traffic filtering and marking is not enabled at the port level, click Override, and from the Status drop-down menu, select Enabled.
  6. Select a rule and use the arrow buttons to change its priority.
  7. Click OK to apply the changes.