25-3
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 25 Configuring Template ACLs
Configuration Tasks for Template ACLs
Configuration Tasks for Template ACLs
If ACLs are configured using RADIUS Attribute 242, Template ACLs are enabled by default.
Configuration tasks for Template ACLs include the following:
•
Configuring the Maximum Size of Template ACLs (Optional)
•
Configuring ACLs Using RADIUS Attribute 242
Configuring the Maximum Size of Template ACLs (Optional)
By default, Template ACL status is limited to ACLs with 100 or fewer rules. You can set this number
lower.
To configure the maximum number of rules in Template ACLs, enter the following command in global
configuration mode:
Router(config)#
access-list template
number
The range for
number
is from 1 to 100.
Example 25-1
shows the configuration of Template ACL processing for individual user ACLs with 50 or
fewer rules.
Example 25-1 Configuring a Template ACL
Router(config)# access-list template 50
Router(config)#
Configuring ACLs Using RADIUS Attribute 242
Template ACL processing occurs only for ACLs that are configured using RADIUS Attribute 242.
Attribute 242 has the following format for an IP data filter:
Ascend-Data-Filter = “ip <dir> <action> [dstip <dest_ipaddr\subnet_mask>] [srcp
<src_ipaddr\subnet_mask>] [<proto> [dstport <cmp> <value>] [srcport <cmp> <value>]
[<est>]]”
Table 25-1
describes the elements in an Attribute 242 entry for an IP data filter.
Table 25-1
IP Data Filter Syntax Elements
Element
Description
ip
Specifies an IP filter.
<dir>
Specifies the filter direction. Possible values are
in
(filtering
packets coming into the router) or
out
(filtering packets going out
of the router).
action
Specifies the action the router should take with a packet that
matches the filter. Possible values are
forward
or
drop
.