Manual Chapter : About Dynamic ACLs

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

About Dynamic ACLs

A
dynamic ACL
is an ACL whose ACL entries are defined during access policy execution time, and the entries are stored and enforced for that particular Access session. The source of ACL entries is a session variable having content that can be sourced from external sources such as ActiveDirectory, LDAP, RADIUS, or internal sources such as iRules, data groups, or any combination of the above.
Access Policy Manager supports dynamic ACLs in F5 ACL format, and in a subset of the Cisco ACL format.
A dynamic ACL action includes these configuration elements and options:
Source
Specifies a type of session variable (
Custom
or
CiscoAV-PairVSA
) and the source session variable from which the dynamic ACL is derived. For
Custom
dynamic ACL entries, this is any session variable that is populated with an F5 format ACL. For
CiscoAV-PairVSA
dynamic ACL entries, this is predefined as
session.radius.last.attr.vendor-specific.1.9.1
.
ACL
Specifies the dynamic ACL container configured on the BIG-IP system. Dynamic ACL objects are empty container ACLs that you define on the system.
Format
Specifies the format (F5 or Cisco) used to define the ACL.
To succeed, a dynamic ACL action must follow actions that populate the session variables with ACLs.