Authorization Exception Rule
Location in GUI:
Work Centers » Network Access » Policy Sets » XXX » Authorization Policy - Local Exceptions
Diagram
Classes
policy_sets (ise.network_access)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| authorization_exception_rules | List | [authorization_exception_rules] | No |
authorization_exception_rules (ise.network_access.policy_sets)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\. ]+$ | Yes | |
| state | Choice | enabled, disabled | No | enabled |
| condition | Class | [condition] | No | |
| profiles | List | String | No | |
| security_group | String | No |
condition (ise.network_access.policy_sets.authorization_exception_rules)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.network_access.policy_sets.authorization_exception_rules.condition)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.network_access.policy_sets.authorization_exception_rules.condition.children)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| name | String | No |
Examples
ise:
network_access:
policy_sets:
- name: Global Policy
authorization_exception_rules:
- name: AUTHZ_DOT1x_wired
default: false
state: enabled
condition:
type: ConditionAttributes
is_negate: false
dictionary_name: IdentityGroup
attribute_name: Name
operator: equals
attribute_value: Endpoint Identity Groups:group_1
profiles:
- PERMIT_vlan1