Reorder the rules that form the traffic filtering and marking policy of a distributed port or uplink port to change the sequence of actions for analyzing traffic for security and QoS.

The vSphere distributed switch applies network traffic rules in a strict order. If a packet already satisfies a rule, the packet might not be passed to the next rule in the policy.

Prerequisites

To override a policy on distributed port level, enable the port-level override option for this policy. See Configure Overriding Networking Policies on Port Level.

Procedure

1. Navigate to a distributed switch and then navigate to a distributed port or an uplink port.
   • To navigate to the distributed ports of the switch, click Networks > Distributed Port Groups, double-click a distributed port group from the list, and click the Ports tab.
   • To navigate to the uplink ports of an uplink port group, click Networks > Uplink Port Groups, double-click an uplink port group from the list, and click the Ports tab.
2. Select a port from the list.
3. Click Edit distributed port settings.
4. Select Traffic filtering and marking.
5. If traffic filtering and marking is not enabled at the port level, click Override, and from the Status drop-down menu, select Enabled.
6. Select a rule and use the arrow buttons to change its priority.
7. Click OK to apply the changes.