Cisco ISE provides a way to create conditions that are individual, reusable policy elements that can be referred from other rule-based policies. Whenever a policy is being evaluated, the conditions that comprise it are evaluated first.
Under Policy > Policy Elements > Conditions, the initial Conditions pane displays the following policy
element condition options: Authentication, Authorization, Profiling, Posture, Guest, and Common.
Simple Condition Format
This type uses the form attribute operand value. Rule-based conditions are essentially a comparison of values (the attribute with its value), and these can be saved and reused in other rule-based policies. Simple conditions take the format of A operand B, where A can be any attribute from a Cisco ISE dictionary and B can be one of the values that attribute A can take.
Compound Condition Format
Authorization policies can contain conditional requirements that combine one or more identity groups using a compound condition that includes authorization checks that can return one or more authorization profiles. This condition type comprises one or more simple conditions that use an AND or OR relationship. These are built on top of simple conditions and can be saved and reused in other rule-based policies. Compound Conditions can take any of the following forms:
• (X operand Y) AND (A operand B) AND (X operand Z) AND ... (so on)
• (X operand Y) OR (A operand B) OR (X operand Z) OR ... (so on)
(*Where X and A are attributes from the Cisco ISE dictionary and can include username and device type.
For example, compound conditions can take the following form:
– DEVICE: Model Name Matches Catalyst6K AND Network Access: Use Case Equals Host
Creating New Authorization Policy Element Conditions
Use this procedure to create new authorization policy element conditions (simple or compound).
To create new authorization policy element conditions, complete the following steps:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :