Service templates are dynamic policy containers that define a collection of network access control attributes including VLAN assignments, access control lists, QoS policies, security group tags, and redirection policies that can be dynamically applied to authenticated users or devices based on their identity and authorization profile. They enable centralized definition of user experience policies that are automatically activated during authentication events, providing consistent network access controls including bandwidth management, network segmentation, web redirection, and security enforcement. Service templates are essential components of Identity Services Engine (ISE) integration and network access control deployments, enabling role-based network access with automated policy enforcement and streamlined user onboarding processes.
Diagram
Classes
configuration (iosxe.devices)
Name
Type
Constraint
Mandatory
Default Value
service_templates
List
[service_templates]
No
service_templates (iosxe.devices.configuration)
Name
Type
Constraint
Mandatory
Default Value
name
String
Yes
access_groups
List
String
No
inactivity_timer
Integer
min: 1, max: 65535
No
inactivity_timer_probe
Boolean
true, false
No
vlan
Integer
min: 1, max: 4094
No
voice_vlan
Boolean
true, false
No
linksec_policy
Choice
must-not-secure, must-secure, should-secure
No
sgt
Integer
min: 2, max: 65519
No
absolute_timer
Integer
min: 1, max: 1073741823
No
description
String
No
interface_templates
List
String
No
tunnel_capwap_name
String
No
vnid
String
No
redirect_append_client_mac
String
No
redirect_append_switch_mac
String
No
redirect_url
String
No
redirect_url_match_acl
String
No
redirect_url_match_action
Choice
one-time-redirect, redirect-on-no-match
No
dns_acl_preauth
String
No
service_policy_qos_input
String
No
service_policy_qos_output
String
No
tags
List
String
No
mdns_service_policy
String
No
Examples
iosxe:
devices:
- name: Device1
configuration:
service_templates:
- name: EMPLOYEE-TEMPLATE
description: Template for employee access
vlan: 100
voice_vlan: true
inactivity_timer: 1800
inactivity_timer_probe: true
access_groups:
- EMPLOYEE-ACL
sgt: 10
absolute_timer: 28800
interface_templates:
- EMPLOYEE-INTERFACE-TEMPLATE
service_policy_qos_input: EMPLOYEE-QOS-IN
service_policy_qos_output: EMPLOYEE-QOS-OUT
tags:
- EMPLOYEE
- INTERNAL
- name: GUEST-TEMPLATE
description: Template for guest access with web redirect