Skip to content

Authorization Exception Rule

Location in GUI: Work Centers » Network Access » Policy Sets » XXX » Authorization Policy - Local Exceptions

Diagram
NameTypeConstraintMandatoryDefault Value
authorization_exception_rulesList[authorization_exception_rules]No

authorization_exception_rules (ise.network_access.policy_sets)

Section titled “authorization_exception_rules (ise.network_access.policy_sets)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[\w\d_\-\. ]+$Yes
stateChoiceenabled, disabledNoenabled
conditionClass[condition]No
profilesListStringNo
security_groupStringNo

condition (ise.network_access.policy_sets.authorization_exception_rules)

Section titled “condition (ise.network_access.policy_sets.authorization_exception_rules)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNofalse
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.network_access.policy_sets.authorization_exception_rules.condition)

Section titled “children (ise.network_access.policy_sets.authorization_exception_rules.condition)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.network_access.policy_sets.authorization_exception_rules.condition.children)

Section titled “children (ise.network_access.policy_sets.authorization_exception_rules.condition.children)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributesYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo

ise:
network_access:
policy_sets:
- name: Global Policy
authorization_exception_rules:
- name: AUTHZ_DOT1x_wired
state: enabled
condition:
type: ConditionAttributes
is_negate: false
dictionary_name: IdentityGroup
attribute_name: Name
operator: equals
attribute_value: Endpoint Identity Groups:group_1
profiles:
- PERMIT_vlan1