Authentication Rule

Location in GUI: Work Centers » Network Access » Policy Sets » XXX » Authentication Policy

Diagram

Classes

policy_sets (ise.network_access)

Name	Type	Constraint	Mandatory	Default Value
authentication_rules	List	`[authentication_rules]`	No

authentication_rules (ise.network_access.policy_sets)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
state	Choice	`enabled`, `disabled`, `monitor`	No	`enabled`
condition	Class	`[condition]`	No
identity_source_name	String		No
if_auth_fail	Choice	`REJECT`, `CONTINUE`, `DROP`	No	`REJECT`
if_user_not_found	Choice	`REJECT`, `CONTINUE`, `DROP`	No	`REJECT`
if_process_fail	Choice	`REJECT`, `CONTINUE`, `DROP`	No	`DROP`

condition (ise.network_access.policy_sets.authentication_rules)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`ConditionReference`, `ConditionAttributes`, `ConditionAndBlock`, `ConditionOrBlock`	Yes
is_negate	Boolean	`true`, `false`	No	`false`
dictionary_name	String		No
attribute_name	String		No
operator	Choice	`contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`	No
attribute_value	String		No
name	String		No
children	List	`[children]`	No

children (ise.network_access.policy_sets.authentication_rules.condition)

Name	Type	Constraint	Mandatory
type	Choice	`ConditionReference`, `ConditionAttributes`, `ConditionAndBlock`, `ConditionOrBlock`	Yes
is_negate	Boolean	`true`, `false`	No
dictionary_name	String		No
attribute_name	String		No
operator	Choice	`contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`	No
attribute_value	String		No
name	String		No
children	List	`[children]`	No

children (ise.network_access.policy_sets.authentication_rules.condition.children)

Name	Type	Constraint	Mandatory
type	Choice	`ConditionReference`, `ConditionAttributes`	Yes
is_negate	Boolean	`true`, `false`	No
dictionary_name	String		No
attribute_name	String		No
operator	Choice	`contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`	No
attribute_value	String		No
name	String		No

Examples

ise:
  network_access:
    policy_sets:
      - name: Global Policy
        authentication_rules:
          - name: DOT1x_wired
            default: false
            state: enabled
            condition:
              type: ConditionAndBlock
              is_negate: false
              children:
                - type: ConditionAttributes
                  is_negate: false
                  dictionary_name: CERTIFICATE
                  attribute_name: Subject - Common Name
                  operator: contains
                  attribute_value: Test1
                - type: ConditionReference
                  is_negate: false
                  name: Wired_802.1X
            identity_source_name: Global_Certificate
            if_auth_fail: REJECT
            if_user_not_found: CONTINUE
            if_process_fail: DROP