Skip to content

Authentication Rule

Location in GUI: Work Centers » Device Administration » Device Admin Policy Sets » XXX » Authentication Policy

Diagram
NameTypeConstraintMandatoryDefault Value
authentication_rulesList[authentication_rules]No

authentication_rules (ise.device_administration.policy_sets)

Section titled “authentication_rules (ise.device_administration.policy_sets)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[\w\d_\-\.]+$Yes
stateChoiceenabled, disabled, monitorNoenabled
conditionClass[condition]No
identity_source_nameStringNo
if_auth_failChoiceREJECT, CONTINUE, DROPNoREJECT
if_user_not_foundChoiceREJECT, CONTINUE, DROPNoREJECT
if_process_failChoiceREJECT, CONTINUE, DROPNoDROP

condition (ise.device_administration.policy_sets.authentication_rules)

Section titled “condition (ise.device_administration.policy_sets.authentication_rules)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNofalse
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.device_administration.policy_sets.authentication_rules.condition)

Section titled “children (ise.device_administration.policy_sets.authentication_rules.condition)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.device_administration.policy_sets.authentication_rules.condition.children)

Section titled “children (ise.device_administration.policy_sets.authentication_rules.condition.children)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributesYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo

ise:
device_administration:
policy_sets:
- name: Global Policy
authentication_rules:
- name: User1
default: false
state: enabled
condition:
type: ConditionAttributes
is_negate: false
dictionary_name: TACACS
attribute_name: User
operator: equals
attribute_value: User1
identity_source_name: Internal Users
if_auth_fail: REJECT
if_user_not_found: CONTINUE
if_process_fail: DROP