Support User Manuals

Cisco Systems 10000 Network Router User Manual

Open as PDF

of 624

25-2

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 25 Configuring Template ACLs

Feature History for Template ACLs

permit ip host 42.55.15.4 host 192.168.2.1

permit tcp 11.22.11.0 0.0.0.255 host 192.177.2.1

With the Template ACL feature enabled, these two ACLs can be recognized as similar, and a new

Template ACL is created as follows:

ip access-list extended 4_Temp_<random-number>

permit igmp any host <PeerIP>

permit icmp host <PeerIP> any

deny ip host 44.33.66.36 host <PeerIP>

deny tcp host <PeerIP> 44.33.66.36

permit udp any host <PeerIP>

permit udp host <PeerIP> any

permit udp any host 192.168.2.1

permit udp any host 192.170.2.1

permit icmp host 42.55.15.4 host 192.168.2.1

permit udp 11.22.11.0 0.0.0.255 host 192.177.2.1

permit tcp any host 192.170.2.1

permit ip host 42.55.15.4 host 192.168.2.1

permit tcp 11.22.11.0 0.0.0.255 host 192.177.2.1

In this example, therefore, an IP address would be associated as follows:

• Virtual-Access1.1#1 1.1.1.1

• Virtual-Access1.1#2 13.1.1.2

The PXF engine knows which user a packet is coming from or going to, so it can get the user IP for

comparison from the IP address table.

Template ACLs are activated only for per-user ACLs configured through RADIUS Attribute 242. Any

other ACL type is not subject to Template ACL processing. The Template ACL feature is enabled by

default, and all Attribute 242 ACLs are considered for template status.

Using the access-list template number command, you can limit Template ACL status to only ACLs with

number or fewer rules. The default setting is 100 rules; this value is larger than most Attribute

242 ACLs.

The Template ACLs feature is described in the following topics:

• Feature History for Template ACLs, page 25-2

• Configuration Tasks for Template ACLs, page 25-3

• Monitoring and Maintaining the Template ACL Configuration, page 25-5

• Configuration Examples for Template ACLs, page 25-5

Feature History for Template ACLs

Cisco IOS Release Description Required PRE

12.2(28)SB This feature was introduced on the Cisco 10000 series

router.

PRE2

12.2(31)SB2 Supported was added for the PRE3. PRE3

previous next