Configuring L3, L4 Rules

Configure policy rules that are associated with a role from the Role Configuration page. To configure an OSI Layer 3 and 4 rule, which filters on IP Address and Port number:

  1. Select the L3, L4 drop-down and select New or select the rule to edit and existing rule.
  2. Configure the following parameters:
    Name
    Name the rule.
    Action
    Determines access control action for the rule. Valid values are:
    • None - No role defined
    • Allow - Packets contained to role's default action's VLAN/topology
    • Deny - Any packet not matching a rule in the policy is dropped.
    • Containment VLAN - A topology to use when a network is created using a role that does not specify a topology. (Not applicable for L7 Application Rules.)
    COS
    Determines the importance of a frame while it is forwarded through the network relative to other packets. The CoS defines actions to be taken when rate limits are exceeded.
    Protocol
    The user defined protocol or protocol type associated with the defined rule. Traffic from this protocol is subject to the defined rule. Valid values are:
    • User Defined, then specify a protocol that is not already in the list. Use this option to explicitly specify a protocol that is not listed.
    • A specific protocol from the list.
    IP Subnet
    Specify the IP address or subnet address associated with the defined rule. Traffic from this address will be subject to the defined rule. Valid values are:
    • User Defined. Specify the destination IP address and mask. Use this option to explicitly define the IP/subnet aspect of the rule.
    • Any IP - Maps the rule to the associated Topology IP address.
    • Select a specific subnet value - Select to map the rule to the associated topology segment definition (IP address/mask).
    • FQDN - Allows for filtering on fully qualified domain names.
    • Other subnet options include:
      • Sepectralink Mcst
      • Vocera Mcst
      • mDNS/Bonjour
    Port
    The port or port type associated with the defined rule. Traffic from this port is subject to the defined rule. Valid values are:
    • User Defined, then type the port number. Use this option to explicitly specify the port number.
    • A specific port type. The appropriate port number or numbers are added to the Port text field.
  3. Select Save.
    All rule types are applied to the policy in top to bottom order. The policy is installed on the enforced APs.
9038114-00 Rev. AB