Authentication Rule
Location in GUI: Work Centers » Network Access » Policy Sets » XXX » Authentication Policy
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_sets (ise.network_access)
Section titled “policy_sets (ise.network_access)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| authentication_rules | List | [authentication_rules] | No |
authentication_rules (ise.network_access.policy_sets)
Section titled “authentication_rules (ise.network_access.policy_sets)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
| state | Choice | enabled, disabled, monitor | No | enabled |
| condition | Class | [condition] | No | |
| identity_source_name | String | No | ||
| if_auth_fail | Choice | REJECT, CONTINUE, DROP | No | REJECT |
| if_user_not_found | Choice | REJECT, CONTINUE, DROP | No | REJECT |
| if_process_fail | Choice | REJECT, CONTINUE, DROP | No | DROP |
condition (ise.network_access.policy_sets.authentication_rules)
Section titled “condition (ise.network_access.policy_sets.authentication_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.network_access.policy_sets.authentication_rules.condition)
Section titled “children (ise.network_access.policy_sets.authentication_rules.condition)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.network_access.policy_sets.authentication_rules.condition.children)
Section titled “children (ise.network_access.policy_sets.authentication_rules.condition.children)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith | No | |
| attribute_value | String | No | ||
| name | String | No |
Examples
Section titled “Examples”ise: network_access: policy_sets: - name: Global Policy authentication_rules: - name: DOT1x_wired default: false state: enabled condition: type: ConditionAndBlock is_negate: false children: - type: ConditionAttributes is_negate: false dictionary_name: CERTIFICATE attribute_name: Subject - Common Name operator: contains attribute_value: Test1 - type: ConditionReference is_negate: false name: Wired_802.1X identity_source_name: Global_Certificate if_auth_fail: REJECT if_user_not_found: CONTINUE if_process_fail: DROP