Feature history for template acls – Cisco 10000 User Manual
Page 486
22-2
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 22 Configuring Template ACLs
Feature History for Template ACLs
permit ip host 42.55.15.4 host 192.168.2.1
permit tcp 11.22.11.0 0.0.0.255 host 192.177.2.1
With the Template ACL feature enabled, these two ACLs can be recognized as similar, and a new
Template ACL is created as follows:
ip access-list extended 4_Temp_<random-number>
permit igmp any host <PeerIP>
permit icmp host <PeerIP> any
deny ip host 44.33.66.36 host <PeerIP>
deny tcp host <PeerIP> 44.33.66.36
permit udp any host <PeerIP>
permit udp host <PeerIP> any
permit udp any host 192.168.2.1
permit udp any host 192.170.2.1
permit icmp host 42.55.15.4 host 192.168.2.1
permit udp 11.22.11.0 0.0.0.255 host 192.177.2.1
permit tcp any host 192.170.2.1
permit ip host 42.55.15.4 host 192.168.2.1
permit tcp 11.22.11.0 0.0.0.255 host 192.177.2.1
In this example, therefore, an IP address would be associated as follows:
•
Virtual-Access1.1#1 1.1.1.1
•
Virtual-Access1.1#2 13.1.1.2
The PXF engine knows which user a packet is coming from or going to, so it can get the user IP for
comparison from the IP address table.
Template ACLs are activated only for per-user ACLs configured through RADIUS Attribute 242. Any
other ACL type is not subject to Template ACL processing. The Template ACL feature is enabled by
default, and all Attribute 242 ACLs are considered for template status.
Using the access-list template number command, you can limit Template ACL status to only ACLs with
number or fewer rules. The default setting is 100 rules; this value is larger than most Attribute 242 ACLs.
The Template ACLs feature is described in the following topics:
•
Feature History for Template ACLs, page 22-2
•
Configuration Tasks for Template ACLs, page 22-3
•
Monitoring and Maintaining the Template ACL Configuration, page 22-5
•
Configuration Examples for Template ACLs, page 22-5
Feature History for Template ACLs
Cisco IOS Release
Description
Required PRE
12.2(28)SB
This feature was introduced on the Cisco 10000 series
router.
PRE2
12.2(31)SB2
Supported was added for the PRE3.
PRE3