Matching Criteria for Network Rules

A policy rule consists of:

• Match criteria
• An optional access control action (allow, deny)
• An optional Class of Service assignment

Network policy rules can match on:

• Source MAC address
• Destination MAC address
• IPv4 Source IP address
• IPv4 Destination IP address
• Source Layer 4 port
• Destination Layer 4 port
• IPv4 Source socket (IP address + port)
• IPv4 Destination socket (IP address + port)
• IP type
• ICMP packet type and code
• ToS/DSCP marking
• 802.1p priority
• Ethertype
• Fully Qualified Domain Names (FQDNs) and FQDN suffixes

Policy rule access control actions can be:

• Allow - Forwards matching frames on the WLAN Service's default VLAN.
• Deny - Drops matching frames.
• Contain to VLAN - Forwards matching frames on the indicated VLAN.
• None - Specifies that the rule does not have an access control action. The matching engines essentially ignore a rule with an access control action of None.