Allowed Protocols
Location in GUI: Work Centers » Device Administration » Policy Elements » Results » Allowed Protocols
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_protocols | List | [allowed_protocols] | No |
allowed_protocols (ise.device_administration.policy_elements)
Section titled “allowed_protocols (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_ ]+$ | Yes | |
| description | String | No | ||
| allow_pap_ascii | Boolean | true, false | No | true |
| allow_chap | Boolean | true, false | No | false |
| allow_ms_chap_v1 | Boolean | true, false | No | false |
Examples
Section titled “Examples”Example-1: Enabling PAP/ASCII for Device Administration
This example demonstrates how to define an Allowed Protocols profile within Cisco ISE’s device administration settings, specifying which authentication methods (PAP/ASCII, CHAP, MS-CHAPv1) are permitted for network devices access. In this case, only PAP/ASCII is enabled, while CHAP and MS-CHAPv1 are disabled, providing clear and structured way to control and document protocol usage for device authentication policies.
ise: device_administration: policy_elements: allowed_protocols: - name: Global Protocols description: Allowed protocols allow_pap_ascii: true allow_chap: false allow_ms_chap_v1: falseExample-2: Enabling CHAP for Device Administration
As in the previous example, this example demonstrates how to define an Allowed Protocols profile within Cisco ISE’s device administration settings. As you can see, this example uses a different name and description, and it enables a more secure protocol for device administration.
ise: device_administration: policy_elements: allowed_protocols: - name: Device Admin Protocols description: Allowing CHAP Protocol for Device Administration allow_pap_ascii: false allow_chap: true allow_ms_chap_v1: falseExample-3: Adding multiple profiles for device administration
This example demonstrates how you can configure multiple Allowed Protocols profiles for device administration.
ise: device_administration: policy_elements: allowed_protocols: - name: Device Profile 1 description: Allowing PAP/ASCII Protocol allow_pap_ascii: true allow_chap: false allow_ms_chap_v1: false - name: Device Profile 2 description: Allowing CHAP Protocol allow_pap_ascii: false allow_chap: true allow_ms_chap_v1: falseLocation in GUI: Work Centers » Device Administration » Policy Elements » Results » Allowed Protocols
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_protocols | List | [allowed_protocols] | No |
allowed_protocols (ise.device_administration.policy_elements)
Section titled “allowed_protocols (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_ ]+$ | Yes | |
| description | String | No | ||
| allow_pap_ascii | Boolean | true, false | No | true |
| allow_chap | Boolean | true, false | No | false |
| allow_ms_chap_v1 | Boolean | true, false | No | false |
Examples
Section titled “Examples”ise: device_administration: policy_elements: allowed_protocols: - name: Global Protocols description: Allowed protocols allow_pap_ascii: true allow_chap: false allow_ms_chap_v1: falseLocation in GUI: Work Centers » Device Administration » Policy Elements » Results » Allowed Protocols
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_protocols | List | [allowed_protocols] | No |
allowed_protocols (ise.device_administration.policy_elements)
Section titled “allowed_protocols (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_ ]+$ | Yes | |
| description | String | No | ||
| allow_pap_ascii | Boolean | true, false | No | true |
| allow_chap | Boolean | true, false | No | false |
| allow_ms_chap_v1 | Boolean | true, false | No | false |
Examples
Section titled “Examples”ise: device_administration: policy_elements: allowed_protocols: - name: Global Protocols description: Allowed protocols allow_pap_ascii: true allow_chap: false allow_ms_chap_v1: falseLocation in GUI: Work Centers » Device Administration » Policy Elements » Results » Allowed Protocols
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_protocols | List | [allowed_protocols] | No |
allowed_protocols (ise.device_administration.policy_elements)
Section titled “allowed_protocols (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_ ]+$ | Yes | |
| description | String | No | ||
| allow_pap_ascii | Boolean | true, false | No | true |
| allow_chap | Boolean | true, false | No | false |
| allow_ms_chap_v1 | Boolean | true, false | No | false |
Examples
Section titled “Examples”ise: device_administration: policy_elements: allowed_protocols: - name: Global Protocols description: Allowed protocols allow_pap_ascii: true allow_chap: false allow_ms_chap_v1: false