Skip to content

Service Template

Service templates are dynamic policy containers that define a collection of network access control attributes including VLAN assignments, access control lists, QoS policies, security group tags, and redirection policies that can be dynamically applied to authenticated users or devices based on their identity and authorization profile. They enable centralized definition of user experience policies that are automatically activated during authentication events, providing consistent network access controls including bandwidth management, network segmentation, web redirection, and security enforcement. Service templates are essential components of Identity Services Engine (ISE) integration and network access control deployments, enabling role-based network access with automated policy enforcement and streamlined user onboarding processes.

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
service_templatesList[service_templates]No

service_templates (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
nameStringYes
access_groupsListStringNo
inactivity_timerIntegermin: 1, max: 65535No
inactivity_timer_probeBooleantrue, falseNo
vlanIntegermin: 1, max: 4094No
voice_vlanBooleantrue, falseNo
linksec_policyChoicemust-not-secure, must-secure, should-secureNo
sgtIntegermin: 2, max: 65519No
absolute_timerIntegermin: 1, max: 1073741823No
descriptionStringNo
interface_templatesListStringNo
tunnel_capwap_nameStringNo
vnidStringNo
redirect_append_client_macStringNo
redirect_append_switch_macStringNo
redirect_urlStringNo
redirect_url_match_aclStringNo
redirect_url_match_actionChoiceone-time-redirect, redirect-on-no-matchNo
dns_acl_preauthStringNo
service_policy_qos_inputStringNo
service_policy_qos_outputStringNo
tagsListStringNo
mdns_service_policyStringNo

Examples

iosxe:
devices:
- name: Device1
configuration:
service_templates:
- name: EMPLOYEE-TEMPLATE
description: Template for employee access
vlan: 100
voice_vlan: true
inactivity_timer: 1800
inactivity_timer_probe: true
access_groups:
- EMPLOYEE-ACL
sgt: 10
absolute_timer: 28800
interface_templates:
- EMPLOYEE-INTERFACE-TEMPLATE
service_policy_qos_input: EMPLOYEE-QOS-IN
service_policy_qos_output: EMPLOYEE-QOS-OUT
tags:
- EMPLOYEE
- INTERNAL
- name: GUEST-TEMPLATE
description: Template for guest access with web redirect
vlan: 200
inactivity_timer: 3600
access_groups:
- GUEST-ACL
sgt: 20
redirect_url: https://portal.company.com/guest
redirect_url_match_acl: WEB-REDIRECT-ACL
redirect_url_match_action: one-time-redirect
dns_acl_preauth: DNS-GUEST-ACL
tags:
- GUEST
- RESTRICTED
- name: IOT-TEMPLATE
description: Template for IoT devices
vlan: 300
linksec_policy: should-secure
sgt: 30
vnid: "300"
mdns_service_policy: IOT-MDNS-POLICY