Authorization Exception Rule
Location in GUI: Work Centers » Network Access » Policy Sets » XXX » Authorization Policy - Local Exceptions
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_sets (ise.network_access)
Section titled “policy_sets (ise.network_access)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| authorization_exception_rules | List | [authorization_exception_rules] | No |
authorization_exception_rules (ise.network_access.policy_sets)
Section titled “authorization_exception_rules (ise.network_access.policy_sets)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\. ]+$ | Yes | |
| state | Choice | enabled, disabled | No | enabled |
| condition | Class | [condition] | No | |
| profiles | List | String | No | |
| security_group | String | No |
condition (ise.network_access.policy_sets.authorization_exception_rules)
Section titled “condition (ise.network_access.policy_sets.authorization_exception_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.network_access.policy_sets.authorization_exception_rules.condition)
Section titled “children (ise.network_access.policy_sets.authorization_exception_rules.condition)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.network_access.policy_sets.authorization_exception_rules.condition.children)
Section titled “children (ise.network_access.policy_sets.authorization_exception_rules.condition.children)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| name | String | No |
Examples
Section titled “Examples”ise: network_access: policy_sets: - name: Global Policy authorization_exception_rules: - name: AUTHZ_DOT1x_wired state: enabled condition: type: ConditionAttributes is_negate: false dictionary_name: IdentityGroup attribute_name: Name operator: equals attribute_value: Endpoint Identity Groups:group_1 profiles: - PERMIT_vlan1