Allowed Protocols
Location in GUI:
Work Centers » Network Access » Policy Elements » Results » Allowed Protocols
Diagram
Classes
policy_elements (ise.network_access)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_protocols | List | [allowed_protocols] | No |
allowed_protocols (ise.network_access.policy_elements)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_ ]+$ | Yes | |
| description | String | No | ||
| process_host_lookup | Boolean | true, false | No | true |
| allow_pap_ascii | Boolean | true, false | No | true |
| allow_chap | Boolean | true, false | No | false |
| allow_ms_chap_v1 | Boolean | true, false | No | false |
| allow_ms_chap_v2 | Boolean | true, false | No | false |
| allow_eap_md5 | Boolean | true, false | No | true |
| allow_leap | Boolean | true, false | No | false |
| allow_eap_tls | Boolean | true, false | No | true |
| allow_eap_ttls | Boolean | true, false | No | true |
| allow_eap_fast | Boolean | true, false | No | true |
| allow_peap | Boolean | true, false | No | true |
| allow_teap | Boolean | true, false | No | true |
| allow_preferred_eap_protocol | Boolean | true, false | No | false |
| preferred_eap_protocol | Choice | EAP_FAST, PEAP, LEAP, EAP_MD5, EAP_TLS, EAP_TTLS, TEAP | No | |
| eap_tls_l_bit | Boolean | true, false | No | false |
| allow_weak_ciphers_for_eap | Boolean | true, false | No | false |
| require_message_auth | Boolean | true, false | No | false |
| five_g | Boolean | true, false | No | false |
| teap | Class | [teap] | No | |
| eap_ttls | Class | [eap_ttls] | No | |
| eap_tls | Class | [eap_tls] | No | |
| eap_fast | Class | [eap_fast] | No | |
| peap | Class | [peap] | No |
teap (ise.network_access.policy_elements.allowed_protocols)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 3 |
| eap_tls | Boolean | true, false | No | true |
| eap_tls_auth_of_expired_certs | Boolean | true, false | No | false |
| accept_client_cert_during_tunnel_est | Boolean | true, false | No | true |
| enable_eap_chaining | Boolean | true, false | No | false |
| allow_downgrade_msk | Boolean | true, false | No | true |
| request_basic_pwd_auth | Boolean | true, false | No | false |
eap_ttls (ise.network_access.policy_elements.allowed_protocols)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| pap_ascii | Boolean | true, false | No | true |
| chap | Boolean | true, false | No | true |
| ms_chap_v1 | Boolean | true, false | No | true |
| ms_chap_v2 | Boolean | true, false | No | true |
| eap_md5 | Boolean | true, false | No | true |
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
eap_tls (ise.network_access.policy_elements.allowed_protocols)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| auth_of_expired_certs | Boolean | true, false | No | false |
| enable_stateless_session_resume | Boolean | true, false | No | false |
| session_ticket_ttl | Integer | min: 1 | No | |
| session_ticket_ttl_unit | Choice | SECONDSMINUTES, HOURS, DAYS, WEEKS | No | |
| session_ticket_percentage | Integer | min: 1, max: 100 | No |
eap_fast (ise.network_access.policy_elements.allowed_protocols)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_gtc | Boolean | true, false | No | true |
| eap_gtc_pwd_change | Boolean | true, false | No | true |
| eap_gtc_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_tls | Boolean | true, false | No | true |
| eap_tls_auth_of_expired_certs | Boolean | true, false | No | false |
| use_pacs | Boolean | true, false | No | true |
| use_pacs_tunnel_pac_ttl | Integer | min: 1, max: 10000 | No | 90 |
| use_pacs_tunnel_pac_ttl_units | Choice | SECONDSMINUTES, HOURS, DAYS, WEEKS | No | DAYS |
| use_pacs_use_proactive_pac_update_precentage | Integer | min: 1, max: 100 | No | 10 |
| use_pacs_allow_anonym_provisioning | Boolean | true, false | No | false |
| use_pacs_allow_authen_provisioning | Boolean | true, false | No | false |
| use_pacs_accept_client_cert | Boolean | true, false | No | false |
| use_pacs_server_returns | Boolean | true, false | No | false |
| use_pacs_allow_machine_authentication | Boolean | true, false | No | false |
| use_pacs_machine_pac_ttl | Integer | min: 1, max: 10000 | No | 1 |
| use_pacs_machine_pac_ttl_units | Choice | SECONDSMINUTES, HOURS, DAYS, WEEKS | No | WEEKS |
| use_pacs_stateless_session_resume | Boolean | true, false | No | false |
| enable_eap_chaining | Boolean | true, false | No | false |
peap (ise.network_access.policy_elements.allowed_protocols)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_gtc | Boolean | true, false | No | false |
| eap_gtc_pwd_change | Boolean | true, false | No | false |
| eap_gtc_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_tls | Boolean | true, false | No | true |
| eap_tls_auth_of_expired_certs | Boolean | true, false | No | false |
| require_cryptobinding | Boolean | true, false | No | false |
| peap_v0 | Boolean | true, false | No | false |
Examples
ise:
network_access:
policy_elements:
allowed_protocols:
- name: Global Protocols
description: Allowed protocols
eap_tls:
auth_of_expired_certs: false
enable_stateless_session_resume: true
session_ticket_ttl: 5
session_ticket_ttl_unit: DAYS
session_ticket_percentage: 5
eap_fast:
eap_ms_chap_v2: true
eap_ms_chap_v2_pwd_change: true
eap_ms_chap_v2_pwd_change_retries: 3
eap_gtc: true
eap_gtc_pwd_change: true
eap_gtc_pwd_change_retries: 3
eap_tls: true
eap_tls_auth_of_expired_certs: false
use_pacs: true
use_pacs_tunnel_pac_ttl: 90
use_pacs_tunnel_pac_ttl_units: DAYS
use_pacs_use_proactive_pac_update_precentage: 90
use_pacs_allow_anonym_provisioning: true
use_pacs_allow_authen_provisioning: true
use_pacs_accept_client_cert: true
use_pacs_server_returns: true
use_pacs_allow_machine_authentication: true
use_pacs_machine_pac_ttl: 1
use_pacs_machine_pac_ttl_units: WEEKS
use_pacs_stateless_session_resume: false
enable_eap_chaining: false
eap_ttls:
pap_ascii: true
chap: true
ms_chap_v1: true
ms_chap_v2: true
eap_md5: true
eap_ms_chap_v2: true
eap_ms_chap_v2_pwd_change: true
eap_ms_chap_v2_pwd_change_retries: 1
teap:
eap_ms_chap_v2: true
eap_ms_chap_v2_pwd_change: true
eap_ms_chap_v2_pwd_change_retries: 3
eap_tls: true
eap_tls_auth_of_expired_certs: false
accept_client_cert_during_tunnel_est: true
enable_eap_chaining: false
allow_downgrade_msk: true
request_basic_pwd_auth: false
process_host_lookup: true
allow_pap_ascii: true
allow_chap: false
allow_ms_chap_v1: false
allow_ms_chap_v2: false
allow_eap_md5: true
allow_leap: false
allow_eap_tls: true
allow_eap_ttls: true
allow_eap_fast: true
allow_peap: false
allow_teap: true
allow_preferred_eap_protocol: true
preferred_eap_protocol: EAP_FAST
eap_tls_l_bit: false
allow_weak_ciphers_for_eap: false
require_message_auth: false
five_g: false