Allowed Protocols
Location in GUI: Work Centers » Network Access » Policy Elements » Results » Allowed Protocols
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_elements (ise.network_access)
Section titled “policy_elements (ise.network_access)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_protocols | List | [allowed_protocols] | No |
allowed_protocols (ise.network_access.policy_elements)
Section titled “allowed_protocols (ise.network_access.policy_elements)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_ ]+$ | Yes | |
| description | String | No | ||
| process_host_lookup | Boolean | true, false | No | true |
| allow_pap_ascii | Boolean | true, false | No | true |
| allow_chap | Boolean | true, false | No | false |
| allow_ms_chap_v1 | Boolean | true, false | No | false |
| allow_ms_chap_v2 | Boolean | true, false | No | false |
| allow_eap_md5 | Boolean | true, false | No | true |
| allow_leap | Boolean | true, false | No | false |
| allow_eap_tls | Boolean | true, false | No | true |
| allow_eap_ttls | Boolean | true, false | No | true |
| allow_eap_fast | Boolean | true, false | No | true |
| allow_peap | Boolean | true, false | No | true |
| allow_teap | Boolean | true, false | No | true |
| allow_preferred_eap_protocol | Boolean | true, false | No | false |
| preferred_eap_protocol | Choice | EAP_FAST, PEAP, LEAP, EAP_MD5, EAP_TLS, EAP_TTLS, TEAP | No | |
| eap_tls_l_bit | Boolean | true, false | No | false |
| allow_weak_ciphers_for_eap | Boolean | true, false | No | false |
| require_message_auth | Boolean | true, false | No | false |
| five_g | Boolean | true, false | No | false |
| teap | Class | [teap] | No | |
| eap_ttls | Class | [eap_ttls] | No | |
| eap_tls | Class | [eap_tls] | No | |
| eap_fast | Class | [eap_fast] | No | |
| peap | Class | [peap] | No |
teap (ise.network_access.policy_elements.allowed_protocols)
Section titled “teap (ise.network_access.policy_elements.allowed_protocols)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 3 |
| eap_tls | Boolean | true, false | No | true |
| eap_tls_auth_of_expired_certs | Boolean | true, false | No | false |
| accept_client_cert_during_tunnel_est | Boolean | true, false | No | true |
| enable_eap_chaining | Boolean | true, false | No | false |
| allow_downgrade_msk | Boolean | true, false | No | true |
| request_basic_pwd_auth | Boolean | true, false | No | false |
eap_ttls (ise.network_access.policy_elements.allowed_protocols)
Section titled “eap_ttls (ise.network_access.policy_elements.allowed_protocols)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| pap_ascii | Boolean | true, false | No | true |
| chap | Boolean | true, false | No | true |
| ms_chap_v1 | Boolean | true, false | No | true |
| ms_chap_v2 | Boolean | true, false | No | true |
| eap_md5 | Boolean | true, false | No | true |
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
eap_tls (ise.network_access.policy_elements.allowed_protocols)
Section titled “eap_tls (ise.network_access.policy_elements.allowed_protocols)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| auth_of_expired_certs | Boolean | true, false | No | false |
| enable_stateless_session_resume | Boolean | true, false | No | false |
| session_ticket_ttl | Integer | min: 1 | No | |
| session_ticket_ttl_unit | Choice | SECONDSMINUTES, HOURS, DAYS, WEEKS | No | |
| session_ticket_percentage | Integer | min: 1, max: 100 | No |
eap_fast (ise.network_access.policy_elements.allowed_protocols)
Section titled “eap_fast (ise.network_access.policy_elements.allowed_protocols)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_gtc | Boolean | true, false | No | true |
| eap_gtc_pwd_change | Boolean | true, false | No | true |
| eap_gtc_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_tls | Boolean | true, false | No | true |
| eap_tls_auth_of_expired_certs | Boolean | true, false | No | false |
| use_pacs | Boolean | true, false | No | true |
| use_pacs_tunnel_pac_ttl | Integer | min: 1, max: 10000 | No | 90 |
| use_pacs_tunnel_pac_ttl_units | Choice | SECONDSMINUTES, HOURS, DAYS, WEEKS | No | DAYS |
| use_pacs_use_proactive_pac_update_precentage | Integer | min: 1, max: 100 | No | 10 |
| use_pacs_allow_anonym_provisioning | Boolean | true, false | No | false |
| use_pacs_allow_authen_provisioning | Boolean | true, false | No | false |
| use_pacs_accept_client_cert | Boolean | true, false | No | false |
| use_pacs_server_returns | Boolean | true, false | No | false |
| use_pacs_allow_machine_authentication | Boolean | true, false | No | false |
| use_pacs_machine_pac_ttl | Integer | min: 1, max: 10000 | No | 1 |
| use_pacs_machine_pac_ttl_units | Choice | SECONDSMINUTES, HOURS, DAYS, WEEKS | No | WEEKS |
| use_pacs_stateless_session_resume | Boolean | true, false | No | false |
| enable_eap_chaining | Boolean | true, false | No | false |
peap (ise.network_access.policy_elements.allowed_protocols)
Section titled “peap (ise.network_access.policy_elements.allowed_protocols)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| eap_ms_chap_v2 | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change | Boolean | true, false | No | true |
| eap_ms_chap_v2_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_gtc | Boolean | true, false | No | false |
| eap_gtc_pwd_change | Boolean | true, false | No | false |
| eap_gtc_pwd_change_retries | Integer | min: 0, max: 3 | No | 1 |
| eap_tls | Boolean | true, false | No | true |
| eap_tls_auth_of_expired_certs | Boolean | true, false | No | false |
| require_cryptobinding | Boolean | true, false | No | false |
| peap_v0 | Boolean | true, false | No | false |
Examples
Section titled “Examples”ise: network_access: policy_elements: allowed_protocols: - name: Global Protocols description: Allowed protocols eap_tls: auth_of_expired_certs: false enable_stateless_session_resume: true session_ticket_ttl: 5 session_ticket_ttl_unit: DAYS session_ticket_percentage: 5 eap_fast: eap_ms_chap_v2: true eap_ms_chap_v2_pwd_change: true eap_ms_chap_v2_pwd_change_retries: 3 eap_gtc: true eap_gtc_pwd_change: true eap_gtc_pwd_change_retries: 3 eap_tls: true eap_tls_auth_of_expired_certs: false use_pacs: true use_pacs_tunnel_pac_ttl: 90 use_pacs_tunnel_pac_ttl_units: DAYS use_pacs_use_proactive_pac_update_precentage: 90 use_pacs_allow_anonym_provisioning: true use_pacs_allow_authen_provisioning: true use_pacs_accept_client_cert: true use_pacs_server_returns: true use_pacs_allow_machine_authentication: true use_pacs_machine_pac_ttl: 1 use_pacs_machine_pac_ttl_units: WEEKS use_pacs_stateless_session_resume: false enable_eap_chaining: false eap_ttls: pap_ascii: true chap: true ms_chap_v1: true ms_chap_v2: true eap_md5: true eap_ms_chap_v2: true eap_ms_chap_v2_pwd_change: true eap_ms_chap_v2_pwd_change_retries: 1 teap: eap_ms_chap_v2: true eap_ms_chap_v2_pwd_change: true eap_ms_chap_v2_pwd_change_retries: 3 eap_tls: true eap_tls_auth_of_expired_certs: false accept_client_cert_during_tunnel_est: true enable_eap_chaining: false allow_downgrade_msk: true request_basic_pwd_auth: false process_host_lookup: true allow_pap_ascii: true allow_chap: false allow_ms_chap_v1: false allow_ms_chap_v2: false allow_eap_md5: true allow_leap: false allow_eap_tls: true allow_eap_ttls: true allow_eap_fast: true allow_peap: false allow_teap: true allow_preferred_eap_protocol: true preferred_eap_protocol: EAP_FAST eap_tls_l_bit: false allow_weak_ciphers_for_eap: false require_message_auth: false five_g: false