Define filter rules from the Filter Rule Definition Dialog. This dialog displays when you click Add or Edit from the Rules tab or from the Custom AP Rules tab.
Field/Button | Description |
---|---|
Classification | Select Layers 2-4 to display configuration options for the data link, routing, and
transport layers. Select Layer 7 to configure options related to the application layer. For more information, see Layer 7 configuration. |
Direction | |
In Filter | In the drop-down menu, select which IPv4 addresses in the IP
header to match for traffic flowing from the station to the network. Options
include:
|
Out Filter | In the drop-down menu, select which IPv4 addresses in the IP
header to match for traffic flowing from the network to the station. Options
include:
The role for outbound traffic rules may be impacted by the selection (mode) for Egree Filtering. For more information, see Configuring Egress Filtering Mode. |
Classification - Layer 2, 3, 4 | |
Ethertype | Select a matching Ethertype filter for the selected policy
rule. Note: You cannot configure Captive Portal Redirection using IPv6
classifiers. While you can http to IPv6 websites, you cannot apply Captive Portal
redirection to http [s] over IPv6 .
|
Mac Address | Select Any MAC or User Defined and provide the Mac Address. |
Priority | Select a Priority from the drop-down list. |
IP/subnet | Select one of the following:
Note:
|
Port | From the Port drop-down list, select one of the following: User Defined, then type the port number. Use this option to explicitly specify the port number. A specific port type. The appropriate port number or numbers are added to the Port text field. |
Protocol | In the Protocol drop-down list, click the applicable protocol. The default is N/A. |
ToS/DSCP | Select the ToS/DSCP value to match, if any, to define the Layer 3, 4 ToS/DSCP bits. Enter a hexadecimal value in the 0x (DSCP:) field. |
Select | Click the Select button to open the ToS/DSCP Configuration dialog. For more information, see Priority and ToS/DSCP Marking. |
Mask | This is a mask for the ToS/DSCP field match. The mask allows the match to be based on specific bits in the ToS/DSCP match value. Enter a hexadecimal value. |
Application | |
Application | Select from one of the following pre-defined IDs to support
L5+ filtering:
|
Action | |
Access Control | Select from one of the following:
Note: Access control option “Contain to VLAN” and "Redirect" are
not supported for L7 rules.
|
Class of Service | Select an existing class of service from the drop-down
list. For information about how to configure a Class of Service, go to Configuring Roles. |
Traffic Mirror | When enabled, this option sends a copy of the
network packets to a mirroring L2 port for analysis, in an effort to monitor network
traffic. The Purview Engine analyses the traffic. The assigned port can only be used for
traffic analysis.You can
enable traffic mirroring from the WLAN Service, from the Role, or from the Filter Rule.
Setting traffic mirroring at the Filter Rule takes precedence over settings for the Role and
WLAN Service. The order of precedence for the traffic mirror setting is: Filter Rule, Role,
WLAN Service. To set the L2 port, go to . Valid values for Filter Rule and Role are:
|
OK | Click to add the rule to the filter group. The information is displayed in the role rule table. |
Cancel | Click Cancel to discard your changes. |