Custom AP Rules
In general, an AP that performs filtering should apply the same set of policy rules for a role as the
controller. However, this is not mandatory. An AP can enforce a different set of rules than the controller.
In general, avoid using Custom AP filters. Custom AP filters are provided primarily for backward
compatibility. For example, they are useful when using policies that have more than 32 rules.
There are restrictions on a role that uses custom AP filtering, including the following:
• Custom Rules option is not visible when L7 filter rules are present.
• The role cannot use Layer 2 filter rules.
• The role cannot use 'Contain to VLAN' actions in rules.
• The role's default action must be 'Contain to VLAN' or 'No Change'.
• The role's static untagged egress VLAN list must be empty.