Configuring L7 Application Rules

Create application rules when you need application-level (Layer 7) enforcement, for example, to limit or block access to non-business related traffic.

You can create a new application rule anywhere in the list of policy rules and create any number of application rules in one role.

To configure application rules:

  1. Go to Policy > Roles > Add.
  2. For application policy rules, select the L7 Application Rules drop-down.
  3. Select in that row.
    The Rules dialog displays.
    From User
    A packet header includes both a destination IPv4 address and a source IPv4 address. Determine how to filter traffic that flows from the station to the network by defining the destination or the source address as the filter. Options include: Destination (dest), Source (src), and None.
    To User
    A packet header includes both a destination IPv4 address and a source IPv4 address. Determine how to filter traffic that flows from the network to the station by defining the destination or the source address as the filter. Options include: Destination (dest), Source (src), and None.
    Search
    Type the application to search for. The Group and Application Name fields are automatically populated when you select an application from the Search field.
    Group
    Internet applications are organized in groups based on the type or purpose of the application. After you select an Application Group, the Application Name drop-down is populated with application names that are part of the specified group.
    Application Name
    Names of applications that are a member of the specified group.
    Access Control
    Determines access control action for the rule. Valid values are:
    • None - No role defined
    • Allow - Packets contained to role's default action's VLAN/topology
    • Deny - Any packet not matching a rule in the policy is dropped.
    • Containment VLAN - A topology to use when a network is created using a role that does not specify a topology. (Not applicable for L7 Application Rules.)
    Class of Service
    Determines the importance of a frame while it is forwarded through the network relative to other packets. The CoS defines actions to be taken when rate limits are exceeded.

    Click the plus sign to configure CoS. For more information, see .Configuring CoS

  4. Select Close > Save.
    All rule types are applied to the policy in top-to-bottom order. The policy is installed on the enforced APs.
9038918-00 Rev. AA