Manual Chapter :
About Dynamic ACLs
Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0
About Dynamic ACLs
A
dynamic ACL
is an ACL whose ACL entries are defined during access policy
execution time, and the entries are stored and enforced for that particular Access session.
The source of ACL entries is a session variable having content that can be sourced from
external sources such as ActiveDirectory, LDAP, RADIUS, or internal sources such as iRules,
data groups, or any combination of the above.Access Policy Manager supports dynamic ACLs in F5 ACL
format, and in a subset of the Cisco ACL format.
A dynamic ACL action includes these configuration elements and
options:
- Source
- Specifies a type of session variable (CustomorCiscoAV-PairVSA) and the source session variable from which the dynamic ACL is derived. ForCustomdynamic ACL entries, this is any session variable that is populated with an F5 format ACL. ForCiscoAV-PairVSAdynamic ACL entries, this is predefined assession.radius.last.attr.vendor-specific.1.9.1.
- ACL
- Specifies the dynamic ACL container configured on the BIG-IP system. Dynamic ACL objects are empty container ACLs that you define on the system.
- Format
- Specifies the format (F5 or Cisco) used to define the ACL.
To succeed, a dynamic ACL action must follow actions
that populate the session variables with ACLs.
