Reorder the rules that form the traffic filtering and marking policy of a distributed port or uplink port to change the sequence of actions for analyzing traffic for security and QoS.

The vSphere distributed switch applies network traffic rules in a strict order. If a packet already satisfies a rule, the packet might not be passed to the next rule in the policy.


To override a policy on distributed port level, enable the port-level override option for this policy. See Configure Overriding Networking Policies on Port Level.


  1. Navigate to a distributed switch and then navigate to a distributed port or an uplink port.
    • To navigate to the distributed ports of the switch, click Networks > Distributed Port Groups, click a distributed port group from the list, and click the Ports tab.
    • To navigate to the uplink ports of an uplink port group, click Networks > Uplink Port Groups, click an uplink port group from the list, and click the Ports tab.
  2. Select a port from the list.
  3. Select the Traffic Filtering and Marking tab.
  4. Click the Enable and reorder button.
  5. If traffic filtering and marking is not enabled at the port level, override the default settings and click Enable all traffic rules.
    If traffic rules are enabled at group level, after you override the default settings for the port, the traffic rules are automatically enabled.
  6. Select a rule and use the Move up or Move down button to change its priority.
  7. Click OK to apply the changes.