Configuration tasks for template acls, Configuring acls using radius attribute 242 – Cisco 10000 User Manual
Page 487
22-3
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 22 Configuring Template ACLs
Configuration Tasks for Template ACLs
Configuration Tasks for Template ACLs
If ACLs are configured using RADIUS Attribute 242, Template ACLs are enabled by default.
Configuration tasks for Template ACLs include the following:
•
Configuring the Maximum Size of Template ACLs (Optional)
•
Configuring ACLs Using RADIUS Attribute 242
Configuring the Maximum Size of Template ACLs (Optional)
By default, Template ACL status is limited to ACLs with 100 or fewer rules. You can set this number
lower.
To configure the maximum number of rules in Template ACLs, enter the following command in global
configuration mode:
Router(config)# access-list template number
The range for number is from 1 to 100.
shows the configuration of Template ACL processing for individual user ACLs with 50 or
fewer rules.
Example 22-1 Configuring a Template ACL
Router(config)# access-list template 50
Router(config)#
Configuring ACLs Using RADIUS Attribute 242
Template ACL processing occurs only for ACLs that are configured using RADIUS Attribute 242.
Attribute 242 has the following format for an IP data filter:
Ascend-Data-Filter = “ip <dir> <action> [dstip <dest_ipaddr\subnet_mask>] [srcp
<src_ipaddr\subnet_mask>] [<proto> [dstport <cmp> <value>] [srcport <cmp> <value>]
[<est>]]”
describes the elements in an Attribute 242 entry for an IP data filter.
Table 22-1
IP Data Filter Syntax Elements
Element
Description
ip
Specifies an IP filter.
<dir>
Specifies the filter direction. Possible values are in (filtering
packets coming into the router) or out (filtering packets going out
of the router).
action
Specifies the action the router should take with a packet that
matches the filter. Possible values are forward or drop.