Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 861

CHAPTER 30
Policy User Interface Reference
•Authentication,page815
•AuthorizationPolicySettings,page818
•EndpointProfilingPoliciesSettings,page819
•Dictionaries,page823
•Conditions,page825
•Results,page836
Authentication
Thissectiondescribestheauthenticationpolicypage,whichallowsyoutoconfiguresimpleandrule-based
authenticationpolicies.
Simple Authentication Policy Configuration Settings
Thefollowingtabledescribesthefieldsinthesimpleauthenticationpolicypage,whichallowsyoutoconfigure...

Page 862

Usage GuidelinesFields
Defineafurthercourseofactionforauthenticationfailure,usernotfound,or
processfailureevents.Youcanchooseoneofthefollowingoptions:
•Reject—Arejectresponseissent.
•Drop—Noresponseissent.
•Continue—CiscoISEproceedswiththeauthorizationpolicy.
Options
Related Topics
SimpleAuthenticationPolicies,onpage412
SimpleAuthenticationPolicyFlow,onpage413
GuidelinesforConfiguringSimpleAuthenticationPolicies,onpage414
ConfigureaSimpleAuthenticationPolicy,onpage427
Rule-Based Authentication Policy...

Page 863

Usage GuidelinesFields
Clicktheplus[+]signtoexpandtheConditionsanchoredoverlay,andclickthe
minus[-]sign,orclickoutsidetheanchoredoverlaytocloseit:
•SelectExistingConditionfromLibraryorCreateNewCondition
(AdvancedOption)
•SelectExistingConditionfromLibrary—Youcandefineanexpression
byselectingCiscopredefinedconditionsfromthepolicyelementslibrary.
•CreateNewCondition(AdvancedOption)—Youcandefineanexpression
byselectingattributesfromvarioussystemoruser-defineddictionaries.
Conditions
Youcandothefollowing:...

Page 864

Usage GuidelinesFields
Youcandothefollowing:
1Youcanaddad-hocattribute/valuepairstoyourexpression,andthenusean
ANDorORoperatortoaddmultipleconditions.
2ClicktheActionicontodothefollowinginthesubsequentsteps:
•AddAttribute/Value—Youcanaddad-hocattribute/valuepairs
•AddConditionfromLibrary—YoucanaddCiscopredefinedconditions
•Duplicate—Createacopyoftheselectedcondition
•AddConditiontoLibrary—Youcansavead-hocattribute/valuepairs
thatyoucreatetothepolicyelementslibrary...

Page 865

Table 107: Authorization Policy Settings
Usage GuidelinesFields
Chooseoneofthefollowingtoenforcethepolicies:
•Enabled—Thispolicyconditionisactive.
•Disabled—Thispolicyconditionisinactiveandwillnotbeevaluated.
•MonitorOnly—Thispolicyconditionwillbeevaluated,buttheresultwill
notbeenforced.Youcanviewtheresultsofthispolicyconditioninthe
LiveLogauthenticationpage.Inthis,seethedetailedreportwhichwill
havethemonitoredstepandattribute.Forexample,youmaywanttoadd...

Page 866

Usage GuidelinesFields
Bydefault,thePolicyEnabledcheckboxischeckedtoassociateamatching
profilingpolicywhenyouprofileanendpoint.
Whenunchecked,theendpointprofilingpolicyisexcludedwhenyouprofilean
endpoint.
PolicyEnabled
Entertheminimumvaluethatyouwanttoassociatewiththeprofilingpolicy.
Thedefaultvalueis10.
MinimumCertainty
Factor
Chooseanexceptionaction,whichyouwanttoassociatewiththeconditions
whendefiningaruleintheprofilingpolicy.
ThedefaultisNONE.Theexceptionactionsaredefinedinthefollowinglocation:...

Page 867

Usage GuidelinesFields
Checkthischeckboxtoassignendpointstothematchingparentendpointidentity
groupusinghierarchicalconstructionofprofilingpoliciesandidentitygroups.
Thisoptionallowsyoutomakeuseoftheendpointprofilingpolicieshierarchy
toassignendpointstooneofthematchingparentendpointidentitygroups,as
wellastotheassociatedendpointidentitygroupstotheparentidentitygroup.
Forexample,endpointsthatmatchanexistingprofilearegroupedunderthe
appropriateparentendpointidentitygroup.Here,endpointsthatmatchthe...

Page 868

Usage GuidelinesFields
Clicktheplus[+]signtoexpandtheConditionsanchoredoverlay,andclickthe
minus[-]sign,orclickoutsidetheanchoredoverlaytocloseit.
ClickSelectExistingConditionfromLibraryorCreateNewCondition
(AdvancedOption).
SelectExistingConditionfromLibrary---Youcandefineanexpressionby
selectingCiscopredefinedconditionsfromthepolicyelementslibrary.
CreateNewCondition(AdvancedOption)---Youcandefineanexpressionby
selectingattributesfromvarioussystemoruser-defineddictionaries....

Page 869

Usage GuidelinesFields
Youcandothefollowing:
•Youcanaddad-hocattribute/valuepairstoyourexpression,andthenuse
anANDorORoperatortoaddmultipleconditions.
•ClicktheActionicontodothefollowinginthesubsequentsteps:
◦AddAttribute/Value—Youcanaddad-hocattribute/valuepairs
◦AddConditionfromLibrary—YoucanaddCiscopredefined
conditions
◦Duplicate—Createacopyoftheselectedcondition
◦AddConditiontoLibrary—Youcansavead-hocattribute/valuepairs
thatyoucreatetothepolicyelementslibrary...

Page 870

Usage GuidelinesFields
Chooseoneofthefollowingdatatypesforthevendorspecificattribute:
•STRING
•OCTET_STRING
•UNIT32
•UNIT64
•IPV4
DataType
CheckthischeckboxtoenablethecomparisonofRADIUSattributeasMAC
address.Bydefault,fortheRADIUSattributecalling-station-idthisoptionis
markedasenabledandyoucannotdisableit.Forotherdictionaryattributes(of
stringtypes)withintheRADIUSvendordictionary,youcanenableordisable
thisoption.
Onceyouenablethisoption,whilesettingtheauthenticationandauthorization...

Start reading Cisco Ise 13 User Guide

Related Manuals for Cisco Ise 13 User Guide

Cisco Unity Connection 9x User Guide
124 pages | Cisco Interface
Cisco Unity Connection 8 Voicemail User Guide
124 pages | Cisco Interface
Cisco Mse 8 User Guide
8 pages | Cisco Interface
Cisco Ise 14 User Guide
232 pages | Cisco Interface

All Cisco manuals