Dictionaries and Dictionary Attributes
Dictionaries are domain-specific catalogs of attributes and allowed values that can be used to define access policies for a domain. An individual dictionary is a homogeneous collection of attribute type. Attributes that are defined in a dictionary have the same attribute type and the type indicates the source or context of a given attribute.
Attribute types can be one of the following:
-
MSG_ATTR
-
ENTITY_ATTR
-
PIP_ATTR
In addition to attributes and allowed values, a dictionary contains information about the attributes such as the name and description, data type, and the default values. An attribute can have one of the following data types: BOOLEAN, FLOAT, INTEGER, IPv4, IPv6, OCTET_STRING, STRING, UNIT32, and UNIT64.
Cisco ISE creates system dictionaries during installation and allows you to create user dictionaries.
System Defined Dictionaries and Dictionary Attributes
Cisco ISE creates system dictionaries during installation that you can find in the System Dictionaries page. System-defined dictionary attributes are read-only attributes. Because of their nature, you can only view existing system-defined dictionaries. You cannot create, edit, or delete system-defined values or any attributes in a system dictionary.
A system-defined dictionary attribute is displayed with the descriptive name of the attribute, an internal name as understood by the domain, and allowed values.
Cisco ISE also creates dictionary defaults for the IETF RADIUS set of attributes that are also a part of the system-defined dictionaries, which are defined by the Internet Engineering Task Force (IETF). You can edit all free IETF RADIUS attribute fields except the ID.
Display System Dictionaries and Dictionary Attributes
You cannot create, edit, or delete any system-defined attribute in a system dictionary. You can only view system-defined attributes. You can perform a quick search that is based on a dictionary name and description or an advanced search that is based on a search rule that you define.
Procedure
Step 1 |
Choose . |
Step 2 |
Choose a system dictionary in the System Dictionaries page, and click View. |
Step 3 |
Click Dictionary Attributes. |
Step 4 |
Choose a system dictionary attribute from the list, and click View. |
Step 5 |
Click the Dictionaries link to return to the System Dictionaries page. |
User-Defined Dictionaries and Dictionary Attributes
Cisco ISE displays the user-defined dictionaries that you create in the User Dictionaries page. You cannot modify the values for Dictionary Name or Dictionary Type for an existing user dictionary once created and saved in the system.
You can do the following in the User Dictionaries page:
-
Edit and delete user dictionaries.
-
Search user dictionaries based on name and description.
-
Add, edit, and delete user-defined dictionary attributes in the user dictionaries.
-
Delete attributes of the NMAP extension dictionary, using the NMAP scan action. When custom ports are added or deleted in the NMAP Scan Actions page, the corresponding custom ports attributes are added, deleted, or updated in the dictionary.
-
Add or remove allowed values for dictionary attributes.
Create User-Defined Dictionaries
You can create, edit, or delete user-defined dictionaries.
Procedure
Step 1 |
Choose . |
Step 2 |
Click Add. |
Step 3 |
Enter the name for the user dictionary, an optional description, and a version for the user dictionary. |
Step 4 |
Choose the attribute type from the Dictionary Attribute Type drop-down list. |
Step 5 |
Click Submit. |
Create User-Defined Dictionary Attributes
You can add, edit, and delete user-defined dictionary attributes in user dictionaries as well as add or remove allowed values for the dictionary attributes.
Procedure
Step 1 |
Choose . |
Step 2 |
Choose a user dictionary from the User Dictionaries page, and click Edit. |
Step 3 |
Click Dictionary Attributes. |
Step 4 |
Click Add. |
Step 5 |
Enter the name for an attribute name, an optional description, and an internal name for the dictionary attribute. |
Step 6 |
Choose a data type from the Data Type drop-down list. |
Step 7 |
Click Add to configure the name, allowed value, and set the default status in the Allowed Values table. |
Step 8 |
Click Submit. |