AP Application Policy

About this task

When an application is recognized and classified by the WiNG application recognition engine, administrator defined actions can be applied to that specific application. An application policy defines the rules or actions executed on recognized HTTP (Facebook), enterprise (Webex) and peer-to-peer (gaming) applications or application-categories.

For each rule defined, a precedence is assigned to resolve conflicting rules for applications and categories. A deny rule is exclusive, as no other action can be combined with a deny. An allow rule is redundant with other actions, since the default action is allow. An allow rule is useful when wanting to deny packets for a category, but wanting to allow a few applications in the same category to proceed. In such a cases, add an allow rule for applications with a higher precedence then a deny rule for that category.

Mark actions mark packets for a recognized application and category with DSCP/8021p values used for QoS. Rate-limits create a rate-limiter applied to packets recognized for an application and category. Ingress and egress rates need to be specified for the rate-limiter, but both are not required. Mark and rate-limit are the only two actions that can be combined for an application and category. All other combinations are invalid.

Procedure

  1. Select the Statistics tab from the Web UI.
  2. Expand the System node on the top, left-hand side of the screen.
    The System node expands to display the RF Domains created within the managed network.
  3. Expand an RF Domain node, and select one of it's connected access points.
    The Access Point's statistics menu displays in the right-hand side of the screen, with the Health tab selected by default.
  4. Select Application Policy from the menu.
    The Statistics → AP → Applcation Policy screen displays.
    Click to expand in new window
    GUID-22679936-6B3F-4C46-9A81-24D139AE1129-low.png
  5. Refer to the Rules table to review the results of the application policies put in place thus far from this managing access point.
    Action Displays the action executed on the listed application.
    • Allow - Allows packets for a specific application and its defined category type (social networking etc.). This is the default setting.
    • Deny - Denies (restricts) the action applied to a specific application or a specific application category.
    • Mark - Marks recognized packets with DSCP/8021p value Rate-limit - Rate limits packets from specific application types.
    Type Displays the application policy type applied.
    Precedence Lists the priority (from 1 - 256) for the application policy rule. The lower the value, the higher the priority assigned to this rule‘s enforcement action and the category and application assigned. A precedence also helps resolve conflicting rules for applications and categories.
    Action Hit Count Displays the number of times each listed application policy action has been triggered.
  6. Select Refresh to update the statistics counters to their latest values.