L7 Configuration

Define Layer 7 filter rules. This dialog displays when you select L7 on the Filter Rule Definition dialog.

Use this dialog to configure filters that allow or deny specific applications or application groups from running on the network, and specify class of service and traffic mirroring.

Click to expand in new window
L7 Properties - Filter Rule Definition Dialog
Graphics/L7_FilterRuleDef.png
Click to expand in new window

Filter Rule Definition Dialog - Fields and Buttons

Field/Button Description
 
Classification

Select Layer 7 to configure options related to the application layer. For more information about layers 2-4, see Understanding the Filter Rule Definition Dialog.

Direction
In Filter Select which IPv4 addresses in the IP header to match for traffic flowing from the station to the network. Options include:
  • Destination (dest)
  • Source (src) - available in Advanced Filtering Mode only
  • None
  • Both - available in Advanced Filtering Mode only
Out Filter Select which IPv4 addresses in the IP header to match for traffic flowing from the network to the station. Options include:
  • Destination (dest)
  • Source (src) - available in Advanced Filtering Mode only
  • None
  • Both - available in Advanced Filtering Mode only

The role for outbound traffic rules may be impacted by the selection (mode) for Egree Filtering. For more information, see Configuring Egress Filtering Mode.

Application
Application Search Type the application to search for. The Group and Name fields are automatically populated when you select an application from the Search field.
Group Internet applications are organized in groups based on the type or purpose of the application. Once you select an Application Group, the Name drop-down is populated with application names that are part of the specified group. See Application Groups.
Name Names of applications that are a member of the specified group.
Custom Web Applications You can include custom applications in the Filter Rule Definition dialog. For more information. see Including Custom Apps.
Note: A role can be configured with application visibility rules and rules referencing IPv6 classifiers, but the application visibility rules are ignored for http[s] flows over IPv6. They will continue to apply to flows over IPv4.
Action
Access Control Select from one of the following:
  • None - No role defined.
  • No change - Default setting.
  • Allow - Packets contained to role's default action's VLAN/topology.
  • Deny - Any packet not matching a rule in the policy is dropped.
  • Containment VLAN - A topology to use when a VNS is created using a role that does not specify a topology.
    Note: Do not specify a VLAN with a Routed topology if the IPv6 classifier is used. IPv6 classifiers are not supported on a Routed topology.
  • HTTP Redirect - Indicates redirect action.

    Rule-based Redirection is explicit when the redirection flag is enabled and a rule is defined for redirection. The redirection destination can be defined on the role or as part of a WLAN Service configuration. If a redirection destination is not configured, the default destination is 'Own WLAN', which indicates the WLAN of the device. Redirection is allowed on any port.

    For more information about Rule-based Redirection, see Rule-Based Redirection.

Class of Service Select an existing class of service from the drop-down list.

For information about how to configure a Class of Service, go to Configuring Roles.

Traffic Mirror Select from one of the following:
  • None - No rule defined
  • Enable - Default setting
  • Prohibited - Traffic Mirroring prohibited for this Filter Rule.
OK Click to add the rule to the filter group. The information is displayed in the role rule table.
Cancel Click Cancel to discard your changes.