Condition
Location in GUI:
Work Centers » Device Administration » Policy Elements » Conditions » Library Conditions
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| conditions | List | [conditions] | No |
conditions (ise.device_administration.policy_elements)
Section titled “conditions (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | No | |
| type | Choice | LibraryConditionAttributes, LibraryConditionAndBlock, LibraryConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| description | String | No | ||
| children | List | [children] | No |
children (ise.device_administration.policy_elements.conditions)
Section titled “children (ise.device_administration.policy_elements.conditions)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | No | |
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| description | String | No | ||
| children | List | [children] | No |
Examples
Section titled “Examples”Example-1 Defining a Policy Element Condition
This example illustrates how to define a policy element condition within device administration by specifying a condition that checks if a user attribute matches a specific value. The condition named “CertificateNotExpired” uses the “LibraryConditionAttributes” type to evaluate whether the “User” attribute in the “TACACS” dictionary equals “User1.”
ise: device_administration: policy_elements: conditions: - name: CertificateNotExpired type: LibraryConditionAttributes is_negate: false dictionary_name: TACACS attribute_name: User operator: equals attribute_value: User1Example-2 Defining Multiple Policy Element Condition
This example defines two separate policy elements named “PolicyUser1” and “PolicyUser2,”. Both conditions check the TACACS dictionary for the “User” attribute, verifying equality to “User1” and “User2,” respectively. This setup allows distinct policy elements to be applied based on the specific user identity, enabling user-specific access control within device administration.
ise: device_administration: policy_elements: conditions: - name: PolicyUser1 type: LibraryConditionAttributes is_negate: false dictionary_name: TACACS attribute_name: User operator: equals attribute_value: User1 - name: PolicyUser2 type: LibraryConditionAttributes is_negate: false dictionary_name: TACACS attribute_name: User operator: equals attribute_value: User2Example-3 Router Compliance Policy Element with AND Condition Block
This example defines a policy element named “RouterCompliance” that uses a LibraryConditionAndBlock type to combine multiple conditions with an AND logic. It includes two conditions: one verifying that the device’s software version equals “12.17.4” and another ensuring the device location matches “All Locations.” This structure enforces that both conditions must be true for the policy element to apply, enabling precise compliance checks for routers based on software version and location.
ise: device_administration: policy_elements: conditions: - name: RouterCompliance type: LibraryConditionAndBlock is_negate: false children: - name: RouterSofrwareVersion type: ConditionAttributes is_negate: false dictionary_name: DEVICE attribute_name: Software Version operator: equals attribute_value: 12.17.4 - name: DeviceLocation type: ConditionAttributes is_negate: false dictionary_name: DEVICE attribute_name: Location operator: equals attribute_value: All LocationsLocation in GUI:
Work Centers » Device Administration » Policy Elements » Conditions » Library Conditions
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| conditions | List | [conditions] | No |
conditions (ise.device_administration.policy_elements)
Section titled “conditions (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | No | |
| type | Choice | LibraryConditionAttributes, LibraryConditionAndBlock, LibraryConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| description | String | No | ||
| children | List | [children] | No |
children (ise.device_administration.policy_elements.conditions)
Section titled “children (ise.device_administration.policy_elements.conditions)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | No | |
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| description | String | No | ||
| children | List | [children] | No |
Examples
Section titled “Examples”ise: device_administration: policy_elements: conditions: - name: CertificateNotExpired type: LibraryConditionAttributes is_negate: false dictionary_name: TACACS attribute_name: User operator: equals attribute_value: User1Location in GUI:
Work Centers » Device Administration » Policy Elements » Conditions » Library Conditions
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.device_administration)
Section titled “policy_elements (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| conditions | List | [conditions] | No |
conditions (ise.device_administration.policy_elements)
Section titled “conditions (ise.device_administration.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | No | |
| type | Choice | LibraryConditionAttributes, LibraryConditionAndBlock, LibraryConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| description | String | No | ||
| children | List | [children] | No |
children (ise.device_administration.policy_elements.conditions)
Section titled “children (ise.device_administration.policy_elements.conditions)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | No | |
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| description | String | No | ||
| children | List | [children] | No |
Examples
Section titled “Examples”ise: device_administration: policy_elements: conditions: - name: CertificateNotExpired type: LibraryConditionAttributes is_negate: false dictionary_name: TACACS attribute_name: User operator: equals attribute_value: User1