purview-application-policy

Global Configuration Commands

Creates a Purview application policy and enters its configuration mode. Application policies allow you to define rules that dictate how each traffic type is managed on your network. An application policy contains application (Layer 7) rules.

An application rule leverages the AP's deep packet inspection (DPI) engine to detect the underlying application to which a frame or flow belongs. The rule then applies access control and quality of service actions to all the traffic associated with the application, not just traffic destined for specific IP addresses or ports. The control actions regulate both access control and traffic engineering (rate limit, marking, and prioritization) for applications and groups.

Once created and configured, apply the application policy at the following levels to enforce application assurance:
  • RADIUS change of authorization (CoA) – In the device/profile configuration mode, use the application-policy → radius → <PURVIEW-APP-POLICY-NAME> command to apply the policy to every user successfully authenticated by the RADIUS server. See purview-application-policy in the profile/device context.
  • User role – In the role-policy-user-role configuration mode, use the use → application-policy <PURVIEW-APP-POLICY-NAME> command to apply the policy to all users assigned to the role. See use in the user-role policy context.
  • WLAN – In the WLAN configuration mode, use the use → application-policy <PURVIEW-APP-POLICY-NAME> command to apply the policy to all users accessing the WLAN. See use (wlan-config-mode)
  • Bridge VLAN – In the bridge VLAN configuration mode, use the use → application-policy <PURVIEW-APP-POLICY-NAME> command to apply the policy for the traffic corresponding to the bridged VLAN. See use in the bridge VLAN context.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
Note

Note

Purview DPI engine is not supported on the WiNG 7.1.2 enabled NX5500, NX7500, NX9500, NX9600 and VX9000 platforms. This support will be introduced in future releases.
Note

Note

Purview DPI engine is not supported on the WiNG 5.9.X devices. This supported will be introduced in future releases. For information on creating WiNG 5.9.X application policy, see application-policy.

Syntax

purview-application-policy <PURVIEW-APP-POLICY-NAME>

Parameters

purview-application-policy <PURVIEW-APP-POLICY-NAME>
purview-application-policy <PURVIEW-APP-POLICY-NAME> Specify the Purview application policy name. If an application policy with the specified name does not exist, it is created. The name should not exceed 32 characters in length.

Examples

nx9500-6C8809(config)#purview-application-policy PurAppPolicy
nx9500-6C8809(config-purview-app-policy-PurAppPolicy)#?
Purview Application Policy Mode commands:
  allow             Allow packets
  deny              Deny packets
  description       Purview application policy description
  enforcement-time  Configure policy enforcement based on time
  logging           Application recognition logging
  mark              Mark packets
  no                Negate a command or set its defaults
  rate-limit        Rate-limit packets

  clrscr            Clears the display screen
  commit            Commit all changes made in this session
  do                Run commands from Exec mode
  end               End current mode and change to EXEC mode
  exit              End current mode and down to previous mode
  help              Description of the interactive help system
  revert            Revert changes
  service           Service Commands
  show              Show running system information
  write             Write running configuration to memory or terminal

nx9500-6C8809(config-purview-app-policy-PurAppPolicy)#

Related Commands

no (global-config-mode) Removes an existing Purview application policy
application Creates an application definition and enters its configuration mode. Use this command to create customized application detection signatures.
purview-application-group Creates a Purview Application Group and enters its configuration mode.
nsight-policy (global-config-mode) Creates an NSight policy and enters its configuration mode.