Matching Policy Rules Criteria
The following criteria apply
when trying to match rules. Many of these criteria accept a range of addresses or codes
not just a single address or code.
A policy rule consists of:
- Match criteria
- An optional access control action (allow, deny)
- An optional
class of service assignment
Policy rules can match on:
- Source MAC address
- Destination MAC address
- IPv4 or IPv6 Source IP address
- IPv4 or IPv6 Destination IP address
- Source layer 4 port
- Destination
layer 4 port
- IPv4 or IPv6 Source socket (IP address + port)
- IPv4 or IPv6 Destination socket (IP address + port)
- IP type
- ICMP (Internet Control Message Protocol) packet type and code
- ToS/DSCP marking
- 802.1p priority
- Ethertype
Policy rule access control actions can be:
- Allow — Forward
matching frames on the WLAN Service's default topology.
- Deny — Drop
matching frames.
- Contain to VLAN
— Forward matching frames on the indicated VLAN.
- None — The rule
does not have an access control action. The matching engines ignore a rule with an
access control action of 'None'.
- HTTP Redirect — Redirect traffic to default URL 'Own
WLAN' or to a URL that is defined on the Redirection URL screen.
For more information, see Managing Redirection URLs. You can also specify a Redirection URL when you configure
an External Captive Portal. For more information, see Configuring Firewall Friendly External Captive Portal.