Controlling the PDP cache

You can control the PDP cache in different ways that include explicitly clear, specify the TTL for the PDP, with the XML manager, and with a URL refresh policy.

Explicitly clear the cache
Use the clear pdp cache command to clear the cache.
Specify the TTL for the PDP
During PDP configuration, specify a cache lifetime.
Use the XML manager
When AAA authorization uses PDP, users can access the XML manager for the AAA policy with the clear xsl cache command. This command also clears the compiled XACML policies for AAA policies that the XML manager supports.
Use a URL refresh policy
Use a URL Refresh Policy, whose conditions match the internal URL xacmlpolicy:///pdpName, for periodic cache refreshes.
  • When the TTL for the PDP is 0 (cache never expires), the URL Refresh Policy controls cache refresh.
  • When the URL Refresh Policy is no-cache, XACML policies are never cached, regardless of any assigned TTL value.
  • When the URL Refresh Policy is protocol-specified, the TTL setting for the PDP governs cache refresh unless its value is 0.
  • When the URL Refresh Policy is default with a refresh interval, the TTL for the PDP is ignored and the URL Refresh Policy refresh interval controls cache refresh.
  • When the URL Refresh Policy is no-flush with a refresh interval, the greater of the URL Refresh Policy refresh interval or the TTL for the PDP controls cache refresh.