Authorization Policy
Configuration Defaults
|
Default Compound Conditions
for Authorization Policies
|
Policy > Policy Elements
> Conditions > Authorization
|
These are preinstalled
configuration defaults for conditions, rules, and profiles to be used in
authorization policies.
|
You can use the related
attributes for creating authorization policies:
|
Wired MAB Compound Condition
|
Policy > Policy Elements
> Conditions > Authorization > Compound Conditions
|
This compound condition
checks for the following attributes and values:
|
This compound condition is
used in the Wired MAB authorization policy.
Any request that matches the
criteria specified in this policy would be evaluated based on the Wired MAB
authorization policy.
|
Wireless 802.1X Compound
Condition
|
Policy > Policy Elements
> Conditions > Authorization > Compound Conditions
|
This compound condition
checks for the following attributes and values:
|
This compound condition is
used in the Wireless 802.1X authorization policy.
Any request that matches the
criteria specified in this policy would be evaluated based on the Wireless
802.1X authorization policy.
|
Authorization Profile
Configuration Defaults
|
Blacklist_Access
|
Policy > Policy Elements
> Results > Authorization Profiles > Blacklist_Access
|
This authorization profile
rejects access to devices that are blacklisted. All blacklisted devices are
redirected to the following URL:
https://ip:port/blacklistportal/gateway?portal=PortalID
|
This default authorization
profile is applied for all endpoints that are declared as “lost” in the My
Devices Portal.
|
Cisco_IP_Phones
|
Policy > Policy Elements
> Results > Authorization Profiles > Cisco_IP_Phones
|
This authorization profiles
uses a configuration default profile with the following values:
This profile will evaluate
requests that match the criteria specified in this profile.
|
This default authorization
profile uses the DACL and vendor-specific attribute (VSA) to authorize all
“voice” traffic (PERMIT_ALL_TRAFFIC).
|
Authorization Policy
Configuration Defaults
|
Wired 802.1X Compound
Condition
|
Policy > Policy Elements
> Conditions > Authorization > Compound Conditions
|
This compound condition
checks for the following attributes and values:
|
This compound condition is
used in the Wired 802.1X authorization policy.
Any request that matches the
criteria specified in this policy would be evaluated based on the Wired 802.1X
authorization policy.
|
Catalyst Switch Local Web
Authentication Compound Condition
|
Policy > Policy Elements
> Conditions > Authorization > Compound Conditions
|
This compound condition
checks for the following attributes and values:
|
To use this compound
condition, you must create an authorization policy that would check for this
condition.
|
Wireless Lan Controller (WLC)
Local Web Authentication Compound Condition
|
Policy > Policy Elements
> Conditions > Authorization > Compound Conditions
|
This compound condition
checks for the following attributes and values:
|
To use this compound
condition, you must create an authorization policy that would check for this
condition.
|
Black List Default
Authorization Rule
|
Policy > Authorization
Policy
|
This authorization policy
uses a configuration default rule with the following values:
-
Rule Name: Black List Default
-
Endpoint Identity Group:
Blacklist
-
Conditions: Any
-
Permissions/Authorization
Profile: Blacklist_Access
|
This default rule is designed
to appropriately provision “lost” user devices until they are either removed
from the system or “reinstated.”
|
Profiled Cisco IP Phones
Authorization Rule
|
Policy > Authorization
Policy
|
This authorization policy
uses a configuration default rule with the following values:
-
Rule Name: Profiled Cisco
IP Phones
-
Endpoint Identity Group:
Cisco-IP-Phones
-
Conditions: Any
-
Permissions/Authorization
Profile: Cisco_IP_Phones
|
This default rule uses
Cisco IP Phones as its default endpoint identity group and the values listed in
this table.
|
Authorization Rule
Configuration Defaults
|
Default Authorization Rule
|
Policy > Authorization
Policy
|
This authorization policy
uses a configuration default rule with the following values:
|
This default rule uses
“any” as its default endpoint identity group and the values listed in this
table.
|