application-policy

Global Configuration Commands

Creates an application policy and enters its configuration mode. Application policies allow you to define rules that dictate how each traffic type is managed on your network. An application policy contains application (Layer 7) rules.

An application rule leverages the AP's deep packet inspection (DPI) engine to detect the underlying application to which a frame or flow belongs. The rule then applies access control and quality of service actions to all the traffic associated with the application, not just traffic destined for specific IP addresses or ports. The control actions regulate both access control and traffic engineering (rate limit, marking, and prioritization) for applications and groups.

Once created and configured, apply the application policy at the following levels within the network to enforce application assurance:
  • RADIUS change of authorization (CoA) usage – In the device/profile configuration mode, use the application-policy → radius → <APPLICATION-POLICY-NAME> command to apply the policy to every user successfully authenticated by the RADIUS server.
  • User role – In the role-policy-user-role configuration mode, use the use → application-policy <APPLICATION-POLICY-NAME> command to apply the policy to all users assigned to the role.
  • WLAN – In the WLAN configuration mode, use the use → application-policy <APPLICATION-POLICY-NAME> command to apply the policy to all users accessing the WLAN.
  • Bridge VLAN – In the bridge VLAN configuration mode, use the use → application-policy <APPLICATION-POLICY-NAME> command to apply the policy for the traffic corresponding to the bridged VLAN.
Note

Note

The AP3xx, AP4xx, and AP5xx model access points implement application visibility and control through the purview-application-policy.

Supported in the following platforms:

Syntax

application-policy <APPLICATION-POLICY-NAME>

Parameters

application-policy <APPLICATION-POLICY-NAME>
application-policy <APPLICATION-POLICY-NAME> Specify the application policy name. If an application policy with the specified name does not exist, it is created. The name should not exceed 32 characters in length.

Examples

nx9500-6C8809(config)#application-policy TestAppliPolicy
nx9500-6C8809(config-app-policy-TestAppliPolicy)#?
Application Policy Mode commands:
  allow             Allow packets
  deny              Deny packets
  description       Application policy description
  enforcement-time  Configure policy enforcement based on time
  logging           Application recognition logging
  mark              Mark packets
  no                Negate a command or set its defaults
  rate-limit        Rate-limit packets

  clrscr            Clears the display screen
  commit            Commit all changes made in this session
  do                Run commands from Exec mode
  end               End current mode and change to EXEC mode
  exit              End current mode and down to previous mode
  help              Description of the interactive help system
  revert            Revert changes
  service           Service Commands
  show              Show running system information
  write             Write running configuration to memory or terminal

nx9500-6C8809(config-app-policy-TestAppliPolicy)#

Related Commands

no (global-config-mode) Removes an existing application policy
application Creates an application definition and enters its configuration mode. Use this command to create customized application detection signatures.
application-group Creates an application group and enters its configuration mode.