
Feedback
Search
Index
Contents
What's New?
Home
PolicyCenter Home
Overviews
Recommendations
Tasks
	Setup
	Classification
	Traffic Tree Mgmt.
	Monitoring
	Partitions
	Policies
		Suggested Policies
		Rate
		Priority
		Never-Admit
		Ignore
		Discard
		Modify
		Delete
		Admission Control
		UDP Latency Control
		Rate Scaling
		Web Redirection
		Diffserv
		VLAN
		MPLS
		Failover Mode
		Enable Shaping
	Graphs & Reports
	Measurement
	Event Notification
	Response Time
	Xpress
	Administration
	Customer Portal
	Adaptive Response
	Direct Standby
	Watch Mode
	Auto-deployment
	PolicyCenter Units
	PolicyCenter Config.
	PolicyCenter Admin.
Reference
Product Information
Documents

Set a Never-Admit Policy

A never-admit policy tells PacketWise to enforce admission control at the beginning of each flow. While this policy type is named "never-admit," which implies that the connection is refused, there is an option — in the case of web traffic classes only — to redirect the user to another web page.

For TCP web traffic classes, use a never-admit policy to notify users that a website is unavailable or to redirect these users to a secondary site. For TCP non-web classes, use a never-admit policy to simply refuse a connection. For UDP traffic, use a discard policy instead.

Note: When shaping is turned off, a class with a never-admit policy will display a rate of zero in the Monitor Traffic window. Packets are passed through the unit, but the rate values make it appear that the traffic is not passing through the unit.

Note: To perform this task from PolicyCenter, you must first select a configuration from the Editing Configuration drop-down list at the top of the page.

To apply a never-admit policy to a traffic class:

1. Click the manage tab.

2. In the left window pane, select the class to which you want to apply a never-admit policy.

3. Click policy and select add. The New Policy window appears.

4. Click Never-Admit in the New Policy window. show screen

5. For web traffic, select one of the options below:

web-refuse to refuse the connection
-or-
web-redirect to redirect the user to another web page

6. If you selected web-redirect, specify the URL in the Redirect-URL text box. Specify the full URL — for example, http://www.mycompany.com/main.htm.

If you omit the "http:" tag, the string will be appended to the end of the previously requested page, which is usually not the behavior you want.

7. Click add policy.

Note: In order for policies to take effect, traffic shaping must be enabled. See Enable/Disable Traffic Shaping.

Special-Case Never-Admit Considerations

A web never-admit policy can be applied to the response side of a flow. All other never-admit policies must be applied to classes on the requesting flow. Since admission control takes effect at the beginning of the connection, PacketWise must react to the requesting flow.
A never-admit policy cannot be applied to a non-IP protocol — for example, AppleTalk. For these traffic types, use a discard policy.
The procedure documented here applies to the case where the class being redirected is defined by a single web server. To redirect based on client IP address, not server IP, you'll need to create two classes: one that redirects the hosts (an HTTP class based on a host list of client IP addresses, with a never-admit policy that redirects to a website) and the other class to classify traffic to the redirected website (HTTP class with IP address of the web server). The second class should be made an exception class. For details, see the TIL article on this subect.