Manual Chapter : About Dynamic ACLs
Applies To:Show Versions
- 15.0.1, 15.0.0
About Dynamic ACLs
dynamic ACLis an ACL whose ACL entries are defined during access policy execution time, and the entries are stored and enforced for that particular Access session. The source of ACL entries is a session variable having content that can be sourced from external sources such as ActiveDirectory, LDAP, RADIUS, or internal sources such as iRules, data groups, or any combination of the above.
Access Policy Manager supports dynamic ACLs in F5 ACL format, and in a subset of the Cisco ACL format.
A dynamic ACL action includes these configuration elements and options:
- Specifies a type of session variable (CustomorCiscoAV-PairVSA) and the source session variable from which the dynamic ACL is derived. ForCustomdynamic ACL entries, this is any session variable that is populated with an F5 format ACL. ForCiscoAV-PairVSAdynamic ACL entries, this is predefined assession.radius.last.attr.vendor-specific.1.9.1.
- Specifies the dynamic ACL container configured on the BIG-IP system. Dynamic ACL objects are empty container ACLs that you define on the system.
- Specifies the format (F5 or Cisco) used to define the ACL.
To succeed, a dynamic ACL action must follow actions that populate the session variables with ACLs.