Policy API

Overview

The Policy API manages network access policies: policy sets, authentication rules, authorization rules, and conditions.

Base URL

/api/v1/policy/network-access

Categories

policy-set, authentication, authorization, condition

Methods

GET, POST, PUT, DELETE

Policy Hierarchy

Policy Set
├── Authentication Rules (ordered)
│   └── Conditions
└── Authorization Rules (ordered)
    └── Conditions
        └── Authorization Profile (from ERS)

Subpages

Policy Sets - Top-level policy containers
Authentication Rules - EAP method selection
Authorization Rules - Profile assignment
Conditions - Match criteria

Quick Examples

List Policy Sets

dsource d000 dev/network
curl -sk -u "${ISE_API_USER}:${ISE_API_PASS}" \
  "https://${ISE_PAN_IP}/api/v1/policy/network-access/policy-set" \
  -H "Accept: application/json" | jq '.response[] | {name, id, state}'

Get Policy Set Details

POLICY_ID="abc123-def456"
curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/policy/network-access/policy-set/${POLICY_ID}" \
  -H "Accept: application/json"

List Auth Rules in Policy Set

curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/policy/network-access/policy-set/${POLICY_ID}/authentication" \
  -H "Accept: application/json" | jq '.response[] | {name, rank}'

List Authz Rules in Policy Set

curl -sk -u "${ISE_AUTH}" \
  "https://${ISE_PAN_IP}/api/v1/policy/network-access/policy-set/${POLICY_ID}/authorization" \
  -H "Accept: application/json" | jq '.response[] | {name, rank, profile}'

See Also