Feature history for template acls – Cisco 10000 User Manual

Page 486

22-2

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 22 Configuring Template ACLs

Feature History for Template ACLs

permit ip host 42.55.15.4 host 192.168.2.1

permit tcp 11.22.11.0 0.0.0.255 host 192.177.2.1

With the Template ACL feature enabled, these two ACLs can be recognized as similar, and a new
Template ACL is created as follows:

ip access-list extended 4_Temp_

permit igmp any host

permit icmp host any

deny ip host 44.33.66.36 host

deny tcp host 44.33.66.36

permit udp any host

permit udp host any

permit udp any host 192.168.2.1

permit udp any host 192.170.2.1

permit icmp host 42.55.15.4 host 192.168.2.1

permit udp 11.22.11.0 0.0.0.255 host 192.177.2.1

permit tcp any host 192.170.2.1

permit ip host 42.55.15.4 host 192.168.2.1

permit tcp 11.22.11.0 0.0.0.255 host 192.177.2.1

In this example, therefore, an IP address would be associated as follows:

•

Virtual-Access1.1#1 1.1.1.1

•

Virtual-Access1.1#2 13.1.1.2

The PXF engine knows which user a packet is coming from or going to, so it can get the user IP for
comparison from the IP address table.

Template ACLs are activated only for per-user ACLs configured through RADIUS Attribute 242. Any
other ACL type is not subject to Template ACL processing. The Template ACL feature is enabled by
default, and all Attribute 242 ACLs are considered for template status.

Using the access-list template number command, you can limit Template ACL status to only ACLs with
number or fewer rules. The default setting is 100 rules; this value is larger than most Attribute 242 ACLs.

The Template ACLs feature is described in the following topics:

•

Feature History for Template ACLs, page 22-2

•

Configuration Tasks for Template ACLs, page 22-3

•

Monitoring and Maintaining the Template ACL Configuration, page 22-5

•

Configuration Examples for Template ACLs, page 22-5

Feature History for Template ACLs

Cisco IOS Release

Description