Controlling the PDP cache
You can control the PDP cache in different ways that include explicitly clear, specify the TTL for the PDP, with the XML manager, and with a URL refresh policy.
- Explicitly clear the cache
- Use the clear pdp cache command to clear the cache.
- Specify the TTL for the PDP
- During PDP configuration, specify a cache lifetime.
- Use the XML manager
- When AAA authorization uses PDP, users can access the XML manager for the AAA policy with the clear xsl cache command. This command also clears the compiled XACML policies for AAA policies that the XML manager supports.
- Use a URL refresh policy
- Use a URL Refresh Policy, whose conditions match the internal URL
xacmlpolicy:///pdpName
, for periodic cache refreshes.- When the TTL for the PDP is 0 (cache never expires), the URL Refresh Policy controls cache refresh.
- When the URL Refresh Policy is
no-cache
, XACML policies are never cached, regardless of any assigned TTL value. - When the URL Refresh Policy is
protocol-specified
, the TTL setting for the PDP governs cache refresh unless its value is 0. - When the URL Refresh Policy is
default
with a refresh interval, the TTL for the PDP is ignored and the URL Refresh Policy refresh interval controls cache refresh. - When the URL Refresh Policy is
no-flush
with a refresh interval, the greater of the URL Refresh Policy refresh interval or the TTL for the PDP controls cache refresh.