Understanding the Policy Rules Tab

The Policy Rules tab displays the authentication policy rules for a user role. If you do not define policy rules for a role, then the role's default action is applied to all traffic subject to the role.

Click to expand in new window
Policy Rules Tab
Graphics/policy_rules_dialog.png
Click to expand in new window

Policy Rules Tab - Fields and Buttons

Field/Button Description
Inherit policy rules from currently applied role Select if you do not want to apply new filter settings.

If you do not apply new filter settings, the wireless client uses filter settings from a previously applied role. If rules were never defined, then the system enforces the rules from the Global Default Policy.

If you choose to apply new filter settings by not selecting this option, the new filter settings will overwrite any pre-existing filter settings.

“Allow” action in policy rules contains to the VLAN assigned by the role
Note: This option only appears on roles that have been upgraded to 8.31 or later from a previous release and on new roles that have custom AP filtering enabled.
The flag is provided for backward compatibility. The administrator can achieve the same effect by modifying each rule with an "Allow" action to "Contain to VLAN" where the containment VLAN is the one referenced by the role's default access control action.

When enabled, the "Allow" action forwards the packet on the VLAN of the assigned topology of the containing policy. If the policy does not have a default topology, a series of decision rules are applied to decide which topology the packet was forwarded on.

When disabled, the "Allow" action in policy rules is interpreted as "contain to PVID".

AP Filtering Select to apply the configured rules to the AP.
Custom AP Rules Select to create a new filter definition to apply to the AP.
Rules/Custom AP rules Tab
Action Identifies the access control.
Name Displays the IP address and port to which this policy rule applies.
Protocol Displays the applicable protocol.
QoS Indicates if the rule has QoS enabled. Policy-enabled QoS is a network service that provides the ability to prioritize different types of traffic and to manage bandwidth over a network.
In Identifies the rule that applies to traffic from the wireless device that is trying to get on the network. You can change this setting using the drop-down menu. Options include:
  • Source (src)
  • None
  • Both - available in Advanced Filtering Mode only
Out Identifies which IPv4 address field is matched by the rule when applied in the outbound direction (toward the wireless device.) You can change this setting using the drop-down menu. Options include:
  • Destination (dest)
  • Source (src) - available in Advanced Filtering Mode only
  • None
  • Both - available in Advanced Filtering Mode only

The role for outbound traffic may be impacted by the selection (mode) for Egress Filtering. For more information, see Configuring Egress Filtering Mode.

Add Click to add a new rule. The Filter Rule Definition dialog displays. See Understanding the Filter Rule Definition Dialog.
Edit Click to edit the selected definition. See Understanding the Filter Rule Definition Dialog.
Delete Click to delete the rule.
Up, Down, Top, Bottom Select a rule and click to either move the rule up or down in the list, or move the rule to the top of the list. The policy rules are executed in the order in which you define them.
Save Click to save the configuration.