Configure policy rules that are associated with a role from the Role
                    Configuration page. To configure an OSI Layer 3 and 4 rule, which
                filters on IP Address and Port number:
        
        - 
                Select the L3, L4 drop-down and
                    select New
                    or select the rule to edit and existing rule.
            
- 
                Configure the following
                    parameters:
                
                    
                        
                            - Name
- Name the rule.
- Action
- Determines access control action for the
                rule. Valid values are:
                - None - No role defined
- Allow - Packets contained to role's default action's
                    VLAN/topology
- Deny - Any packet not matching a rule in the policy is
                    dropped.
- Containment VLAN - A topology to
                    use when a network is created using a role that does not specify a topology. (Not applicable for L7
                        Application Rules.)
 
- COS
- Determines the importance of a frame while it is forwarded
        through the network relative to other packets. The CoS defines actions to be taken when rate
        limits are exceeded.
- Protocol
- The user defined protocol or protocol type associated
        with the defined rule. Traffic from this protocol is subject to the defined rule. Valid
        values are: 
        - User Defined, then specify a protocol that is not already in the
          list. Use this option to explicitly specify a protocol that is not listed. 
- A specific protocol from the list. 
 
- IP Subnet
- Specify the IP address or subnet address associated with
        the defined rule. Traffic from this address will be subject to the defined rule. Valid
        values are:
        - User Defined. Specify the destination IP address and mask. Use this option to explicitly
          define the IP/subnet aspect of the rule.
- Any IP - Maps the rule to the associated Topology IP address.
- Select a specific subnet value - Select to map the rule to the
          associated topology segment definition (IP address/mask).
- FQDN
            - Allows for filtering on fully qualified domain names.
- Other subnet options include:
            - Sepectralink Mcst
- Vocera Mcst
- mDNS/Bonjour
 
 
- Port
- The port or port type associated
        with the defined rule. Traffic from this port is subject to the defined rule. Valid values
        are: 
        - User Defined, then type the port number.
          Use this option to explicitly specify the port number. 
- A specific port type. The appropriate port number or numbers are added to
            the Port text field.
        
 
 
 
- 
                Select
                        Save.
                All rule types are
                    applied to the policy in top to bottom order. The policy is installed on the
                    enforced APs.