The Policy Rules tab displays the authentication policy rules for a user role. If you do not define policy rules for a role, then the role's default action is applied to all traffic subject to the role.
Field/Button | Description |
---|---|
Inherit policy rules from currently applied role | Select if you do not want to apply new filter settings. If you do not apply new filter settings, the wireless client uses filter settings from a previously applied role. If rules were never defined, then the system enforces the rules from the Global Default Policy. If you choose to apply new filter settings by not selecting this option, the new filter settings will overwrite any pre-existing filter settings. |
“Allow” action in policy rules contains to the VLAN assigned by the role | Note: This option only appears on roles that have been upgraded
to 8.31 or later from a previous release and on new roles that have custom AP
filtering enabled.
The flag is provided for backward compatibility. The
administrator can achieve the same effect by modifying each rule with an "Allow"
action to "Contain to VLAN" where the containment VLAN is the one referenced by the
role's default access control action.When enabled, the "Allow" action forwards the packet on the VLAN of the assigned topology of the containing policy. If the policy does not have a default topology, a series of decision rules are applied to decide which topology the packet was forwarded on. When disabled, the "Allow" action in policy rules is interpreted as "contain to PVID". |
AP Filtering | Select to apply the configured rules to the AP. |
Custom AP Rules | Select to create a new filter definition to apply to the AP. |
Rules/Custom AP rules Tab | |
Action | Identifies the access control. |
Name | Displays the IP address and port to which this policy rule applies. |
Protocol | Displays the applicable protocol. |
QoS | Indicates if the rule has QoS enabled. Policy-enabled QoS is a network service that provides the ability to prioritize different types of traffic and to manage bandwidth over a network. |
In | Identifies the rule that applies to traffic from the wireless
device that is trying to get on the network. You can change this setting using the
drop-down menu. Options include:
|
Out | Identifies which IPv4 address field is matched by the rule when
applied in the outbound direction (toward the wireless device.) You can change this
setting using the drop-down menu. Options include:
The role for outbound traffic may be impacted by the selection (mode) for Egress Filtering. For more information, see Configuring Egress Filtering Mode. |
Add | Click to add a new rule. The Filter Rule Definition dialog displays. See Understanding the Filter Rule Definition Dialog. |
Edit | Click to edit the selected definition. See Understanding the Filter Rule Definition Dialog. |
Delete | Click to delete the rule. |
Up, Down, Top, Bottom | Select a rule and click to either move the rule up or down in the list, or move the rule to the top of the list. The policy rules are executed in the order in which you define them. |
Save | Click to save the configuration. |