Hello,
for the precedence of rules, you may have a look at the following on the switch
Get the list of profile with show policy profile and get the PID [example 2]
X440G2-12p-10G4.35 # sh policy profile
|PID |Name |RS|PVID|CoS|MIR|STDOA|T U|prec |aSum |dSum |web|
[...]
|2 |Deny All |A |0 | | | | | | | | |
[...]
Then you can look at the precedence of rules for that profile [same across a switch]
X440G2-12p-10G4.34 # sh policy profile 2
Profile Index :2
[...]
Rule Precedence :1-2,10,12-18,20-22,25,31
:MACSource (1), MACDest (2), IPv6Dest (10),
:IPSource (12), IPDest (13), IPFrag (14),
:UDPSrcPort (15), UDPDestPort (16), TCPSrcPort (17),
:TCPDestPort (18), TTL (20), IPTOS (21), IPProto (22),
:Ether (25), Port (31)
then you can see the policy rule associated with that profile [2] and you can see they are ordered [following the precedence rule - indenpendently of the order you use in policy manager]
X440G2-12p-10G4.32 # sh policy rule
Admn|Rule Type |Rule Data |Msk|PortStr |RS|ST|STDO|dPID|aPID|Mir|U|
admn|MACSource |D8-84-66-79-A0-87 | 48|5 | A| V| | 4| | |?|
PID |Rule Type |Rule Data |Msk|PortStr |RS|ST|STDO|VLAN|CoS |Mir|U|
2 |IPSource |192.168.10.1 | 32|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1000 | 13|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1008 | 12|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1024 | 7|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1500 | 16|All | A|NV| |fwrd| | |?|
2 |UDPSrcPort |1536 | 8|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1792 | 9|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1920 | 10|All | A|NV| |drop| | |?|
2 |UDPSrcPort |1984 | 12|All | A|NV| |drop| | |?|
2 |UDPSrcPort |2000 | 16|All | A|NV| |drop| | |?|
2 |IPProto |1 (0x1) | 8|All | A|NV| |drop| | |?|
3 |IPProto |58 (0x3a) | 8|All | A|NV| |drop| | |?|