Service Template

Service templates are dynamic policy containers that define a collection of network access control attributes including VLAN assignments, access control lists, QoS policies, security group tags, and redirection policies that can be dynamically applied to authenticated users or devices based on their identity and authorization profile. They enable centralized definition of user experience policies that are automatically activated during authentication events, providing consistent network access controls including bandwidth management, network segmentation, web redirection, and security enforcement. Service templates are essential components of Identity Services Engine (ISE) integration and network access control deployments, enabling role-based network access with automated policy enforcement and streamlined user onboarding processes.

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
service_templates	List	`[service_templates]`	No

service_templates (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory
name	String		Yes
access_groups	List	String	No
inactivity_timer	Integer	min: `1`, max: `65535`	No
inactivity_timer_probe	Boolean	`true`, `false`	No
vlan	Integer	min: `1`, max: `4094`	No
voice_vlan	Boolean	`true`, `false`	No
linksec_policy	Choice	`must-not-secure`, `must-secure`, `should-secure`	No
sgt	Integer	min: `2`, max: `65519`	No
absolute_timer	Integer	min: `1`, max: `1073741823`	No
description	String		No
interface_templates	List	String	No
tunnel_capwap_name	String		No
vnid	String		No
redirect_append_client_mac	String		No
redirect_append_switch_mac	String		No
redirect_url	String		No
redirect_url_match_acl	String		No
redirect_url_match_action	Choice	`one-time-redirect`, `redirect-on-no-match`	No
dns_acl_preauth	String		No
service_policy_qos_input	String		No
service_policy_qos_output	String		No
tags	List	String	No
mdns_service_policy	String		No

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        service_templates:
          - name: EMPLOYEE-TEMPLATE
            description: Template for employee access
            vlan: 100
            voice_vlan: true
            inactivity_timer: 1800
            inactivity_timer_probe: true
            access_groups:
              - EMPLOYEE-ACL
            sgt: 10
            absolute_timer: 28800
            interface_templates:
              - EMPLOYEE-INTERFACE-TEMPLATE
            service_policy_qos_input: EMPLOYEE-QOS-IN
            service_policy_qos_output: EMPLOYEE-QOS-OUT
            tags:
              - EMPLOYEE
              - INTERNAL
          - name: GUEST-TEMPLATE
            description: Template for guest access with web redirect
            vlan: 200
            inactivity_timer: 3600
            access_groups:
              - GUEST-ACL
            sgt: 20
            redirect_url: https://portal.company.com/guest
            redirect_url_match_acl: WEB-REDIRECT-ACL
            redirect_url_match_action: one-time-redirect
            dns_acl_preauth: DNS-GUEST-ACL
            tags:
              - GUEST
              - RESTRICTED
          - name: IOT-TEMPLATE
            description: Template for IoT devices
            vlan: 300
            linksec_policy: should-secure
            sgt: 30
            vnid: "300"
            mdns_service_policy: IOT-MDNS-POLICY