https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398324#M567151 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1192302">@Richie20</a>&nbsp;wrote:<BR /> <P>can not ping ISE as well .</P> <HR /></BLOCKQUOTE> <P>This is clearly a networking (Layer 3) issue and not HTTP/S,&nbsp;ERS, or Python.</P> <P>Please resolve your network issue.</P> <P>&nbsp;</P> <BLOCKQUOTE><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1192302">@Richie20</a>&nbsp;wrote:<BR />Can I use this guest user creation format</BLOCKQUOTE> <P>Yes. Please see <A href="https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623" target="_self"><STRONG>ISE ERS API Examples</STRONG></A> and <STRONG><A href="https://community.cisco.com/docs/DOC-71891" target="_self">Guest &amp; Sponsor API</A></STRONG> for the <FONT face="courier new,courier">guestuser</FONT> resource. I specifically talk about <FONT face="courier new,courier">guestuser</FONT> in our <A href="https://www.youtube.com/watch?v=DNYaFl-8zWk" target="_self"><STRONG>ISE REST API Webinar</STRONG></A> :</P> <P><A href="https://www.youtube.com/watch?v=DNYaFl-8zWk&amp;t=1254s" target="_blank">20:54</A> How to Enable ISE ERS (Extensible RESTful Services)<BR /><A href="https://www.youtube.com/watch?v=DNYaFl-8zWk&amp;t=1286s" target="_blank">21:26</A> Admin Groups for REST Role-based Access Control (RBAC)<BR /><A href="https://www.youtube.com/watch?v=DNYaFl-8zWk&amp;t=1335s" target="_blank">22:15</A> <CODE>guestuser</CODE> must be managed by a sponsor</P> Wed, 05 May 2021 16:53:14 GMT thomas 2021-05-05T16:53:14Z https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398111#M567138 <P>Hi Everyone&nbsp;</P><P>I got this error&nbsp; while run this program&nbsp;</P><P>Traceback (most recent call last):<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connection.py", line 158, in _new_conn<BR />conn = connection.create_connection(<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\connection.py", line 80, in create_connection<BR />raise err<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\connection.py", line 70, in create_connection<BR />sock.connect(sa)<BR />TimeoutError: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond</P><P>During handling of the above exception, another exception occurred:</P><P>Traceback (most recent call last):<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 597, in urlopen<BR />httplib_response = self._make_request(conn, method, url,<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 343, in _make_request<BR />self._validate_conn(conn)<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 839, in _validate_conn<BR />conn.connect()<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connection.py", line 301, in connect<BR />conn = self._new_conn()<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connection.py", line 167, in _new_conn<BR />raise NewConnectionError(<BR />urllib3.exceptions.NewConnectionError: &lt;urllib3.connection.VerifiedHTTPSConnection object at 0x0000025AB6837FD0&gt;: Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond</P><P>During handling of the above exception, another exception occurred:</P><P>Traceback (most recent call last):<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\adapters.py", line 439, in send<BR />resp = conn.urlopen(<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 637, in urlopen<BR />retries = retries.increment(method, url, error=e, _pool=self,<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\retry.py", line 399, in increment<BR />raise MaxRetryError(_pool, url, error or ResponseError(cause))<BR />urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.1.13', port=9060): Max retries exceeded with url: /ers/config/identitygroup?filter=name.EQ.Employee (Caused by NewConnectionError('&lt;urllib3.connection.VerifiedHTTPSConnection object at 0x0000025AB6837FD0&gt;: Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))</P><P>During handling of the above exception, another exception occurred:</P><P>Traceback (most recent call last):<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\Scripts\path\to\ise\testing - Copy.py", line 14, in &lt;module&gt;<BR />ise.get_identity_group(group='Employee')['response']<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\Scripts\path\to\ise\ise.py", line 1085, in get_identity_group<BR />resp = self.ise.get(<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\sessions.py", line 555, in get<BR />return self.request('GET', url, **kwargs)<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\sessions.py", line 542, in request<BR />resp = self.send(prep, **send_kwargs)<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\sessions.py", line 655, in send<BR />r = adapter.send(request, **kwargs)<BR />File "C:\Users\ghibuser\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\adapters.py", line 516, in send<BR />raise ConnectionError(e, request=request)<BR />requests.exceptions.ConnectionError: HTTPSConnectionPool(host='192.168.1.13', port=9060): Max retries exceeded with url: /ers/config/identitygroup?filter=name.EQ.Employee (Caused by NewConnectionError('&lt;urllib3.connection.VerifiedHTTPSConnection object at 0x0000025AB6837FD0&gt;: Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))</P><P>&nbsp;</P><P>this is the code&nbsp;</P><P># This file will be fixed with pytest or unittest.<BR /># But untill then this will work as a crude non-automagic testbed. // Falk</P><P>import sys<BR />import urllib3<BR />urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)<BR />sys.path.append('/path/to/ise/')</P><P>from ise import ERS<BR />from pprint import pprint<BR />from config import uri, endpoint, endpoint_group, user, identity_group, device, device_group, trustsec # noqa E402</P><P>ise = ERS(ise_node=['192.168.1.13'], ers_user=['ers-admin'], ers_pass=['oFlPRrne4'], verify=False,<BR />disable_warnings=True, timeout=15, use_csrf=uri['use_csrf'])</P><P><BR />def test_groups():<BR />groups = ise.get_endpoint_groups()['response']<BR />pprint(groups)</P><P>group = ise.get_endpoint_group('Juniper-Device')['response']<BR />pprint(group)</P><P><BR />def add_endpoint(endpoint):<BR />test = ise.add_endpoint(endpoint['name'], endpoint['mac'], endpoint['group-id']) # noqa: E501<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_endpoint » OK')</P><P><BR />def get_endpoints():<BR />test = ise.get_endpoints(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoints » OK')</P><P><BR />def get_endpoint(endpoint):<BR />test = ise.get_endpoint(endpoint['mac'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoint » OK')</P><P><BR />def delete_endpoint(endpoint):<BR />test = ise.delete_endpoint(endpoint['mac'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_endpoint » OK')</P><P><BR />def get_endpoint_groups(size):<BR />test = ise.get_endpoint_groups(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoint_groups » OK')</P><P><BR />def get_endpoint_group(endpoint_group):<BR />test = ise.get_endpoint_group(endpoint_group['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoint_group » OK')</P><P><BR />def get_identity_groups():<BR />test = ise.get_identity_groups(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_identity_groups » OK')</P><P><BR />def get_identity_group(identity_group):<BR />test = ise.get_identity_group(identity_group['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_identity_group » OK')</P><P>identity_group_id = test['response']['id']</P><P>return identity_group_id</P><P><BR />def add_user(user, identity_group_id):<BR />user = ise.add_user(<BR />user_id=user['user_id'],<BR />password=user['password'],<BR />user_group_oid=identity_group["respone"]["id"],<BR />enable=user['enable'],<BR />first_name=user['first_name'],<BR />last_name=user['last_name']<BR />)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_user » OK')</P><P><BR />def get_users():<BR />test = ise.get_users(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_users » OK')</P><P><BR />def get_user(user):<BR />test = ise.get_user(user['user_id'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_user » OK')</P><P><BR />def delete_user(user):<BR />test = ise.delete_user(user['user_id'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_user » OK')</P><P><BR />def get_device_groups():<BR />test = ise.get_device_groups(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_device_groups » OK')<BR />device_group = test['response'][0][1]</P><P>return device_group</P><P><BR />def get_device_group(device_group):<BR />test = ise.get_device_group(device_group['oid'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_device_group » OK')</P><P><BR />def add_device(device):<BR />test = ise.add_device(<BR />name=device['name'],<BR />ip_address=device['ip_address'],<BR />radius_key=device['radius_key'],<BR />snmp_ro=device['snmp_ro'],<BR />dev_group=device['dev_group'],<BR />dev_location=device['dev_location'],<BR />dev_type=device['dev_type'],<BR />description=device['description'],<BR />snmp_v=device['snmp_v'],<BR />dev_profile=device['dev_profile']<BR />)</P><P>if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_device » OK')</P><P><BR />def get_devices():<BR />test_get = ise.get_devices(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_devices » OK')</P><P><BR />def get_device(device):<BR />test = ise.get_device(device['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_device » OK')</P><P><BR />def delete_device(device):<BR />test = ise.delete_device(device['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_device » OK')</P><P><BR />def get_sgts():<BR />test_get = ise.get_sgts(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_sgts » OK')</P><P><BR />def get_sgt(name):<BR />test = ise.get_sgt(name)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_sgt » OK')</P><P><BR />def add_sgt(trustsec):<BR />test = ise.add_sgt(name="Python_Unit_Test", description="Unit Tests", value=trustsec["test_sgt_value"],<BR />return_object=True)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_sgt » OK')<BR />return test['response']['id']</P><P><BR />def update_sgt(id, trustsec):<BR />test = ise.update_sgt(id, name="Test_Unit_Python", description="Python Unit Tests",<BR />value=trustsec["test_sgt_value"])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('update_sgt » OK')</P><P><BR />def delete_sgt(id):<BR />test = ise.delete_sgt(id)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_sgt » OK')</P><P><BR />def get_sgacls():<BR />test_get = ise.get_sgacls(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_sgacls » OK')</P><P><BR />def get_sgacl(name):<BR />test = ise.get_sgacl(name)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_sgacl » OK')</P><P><BR />def add_sgacl(trustsec):<BR />test = ise.add_sgacl(name="Python_Unit_Test", description="Unit Tests", ip_version="IPV4",<BR />acl_content=["permit ip"], return_object=True)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_sgacl » OK')<BR />return test['response']['id']</P><P><BR />def update_sgacl(id, trustsec):<BR />test = ise.update_sgacl(id, name="Test_Unit_Python", description="Python Unit Tests", ip_version="IPV4",<BR />acl_content=["permit ip"])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('update_sgacl » OK')</P><P><BR />def delete_sgacl(id):<BR />test = ise.delete_sgacl(id)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_sgacl » OK')</P><P><BR />def get_emcs():<BR />test_get = ise.get_egressmatrixcells(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_egressmatrixcells » OK')</P><P><BR />def get_emc(name):<BR />test = ise.get_egressmatrixcell(name)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_egressmatrixcell » OK')</P><P><BR />def add_emc(trustsec):<BR />test = ise.add_egressmatrixcell(trustsec["emc_source_sgt"], trustsec["emc_dest_sgt"], "PERMIT_IP",<BR />return_object=True)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_egressmatrixcell » OK')<BR />return test['response']['id']</P><P><BR />def update_emc(id, trustsec):<BR />test = ise.update_egressmatrixcell(id, trustsec["emc_source_sgt"], trustsec["emc_dest_sgt"], "NONE",<BR />description="Python Unit Tests",<BR />acls=[trustsec["test_assign_acl"]])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('update_egressmatrixcell » OK')</P><P><BR />def delete_emc(id):<BR />test = ise.delete_egressmatrixcell(id)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_egressmatrixcell » OK')</P><P><BR />if __name__ == "__main__":</P><P># Endpoint tests<BR />add_endpoint(endpoint)<BR />get_endpoints()<BR />get_endpoint(endpoint)<BR />delete_endpoint(endpoint)</P><P># EndpointGroup tests<BR />get_endpoint_groups(21)<BR />get_endpoint_group(endpoint_group)</P><P># User tests<BR />get_identity_groups()<BR />identity_group_id = ise.get_identity_group(group=identityGroups)<BR />add_user(user, identity_group_id)<BR />get_users()<BR />get_user(user)<BR />delete_user(user)</P><P># Device tests<BR />get_device_groups()<BR />get_device_group(device_group)<BR />add_device(device)<BR />get_devices()<BR />get_device(device)<BR />delete_device(device)<BR /># get_object() # TODO</P><P># TrustSec SGT tests<BR />get_sgts()<BR />get_sgt("Unknown")<BR />sgtid = add_sgt(trustsec)<BR />update_sgt(sgtid, trustsec)<BR />delete_sgt(sgtid)</P><P># TrustSec SGACL tests<BR />get_sgacls()<BR />get_sgacl("Permit IP")<BR />sgaclid = add_sgacl(trustsec)<BR />update_sgacl(sgaclid, trustsec)<BR />delete_sgacl(sgaclid)</P><P># TrustSec Egress Matrix Cell (Policy) tests<BR />get_emcs()<BR />get_emc("Default egress rule")<BR />emcid = add_emc(trustsec)<BR />update_emc(emcid, trustsec)<BR />delete_emc(emcid)</P><P># This file will be fixed with pytest or unittest.<BR /># But untill then this will work as a crude non-automagic testbed. // Falk</P><P>import sys<BR />import urllib3<BR />urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)<BR />sys.path.append('/path/to/ise/')</P><P>from ise import ERS<BR />from pprint import pprint<BR />from config import uri, endpoint, endpoint_group, user, identity_group, device, device_group, trustsec # noqa E402</P><P>ise = ERS(ise_node=['192.168.1.13'], ers_user=['ers-admin'], ers_pass=['oFlPRrne4'], verify=False,<BR />disable_warnings=True, timeout=15, use_csrf=uri['use_csrf'])</P><P><BR />def test_groups():<BR />groups = ise.get_endpoint_groups()['response']<BR />pprint(groups)</P><P>group = ise.get_endpoint_group('Juniper-Device')['response']<BR />pprint(group)</P><P><BR />def add_endpoint(endpoint):<BR />test = ise.add_endpoint(endpoint['name'], endpoint['mac'], endpoint['group-id']) # noqa: E501<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_endpoint » OK')</P><P><BR />def get_endpoints():<BR />test = ise.get_endpoints(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoints » OK')</P><P><BR />def get_endpoint(endpoint):<BR />test = ise.get_endpoint(endpoint['mac'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoint » OK')</P><P><BR />def delete_endpoint(endpoint):<BR />test = ise.delete_endpoint(endpoint['mac'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_endpoint » OK')</P><P><BR />def get_endpoint_groups(size):<BR />test = ise.get_endpoint_groups(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoint_groups » OK')</P><P><BR />def get_endpoint_group(endpoint_group):<BR />test = ise.get_endpoint_group(endpoint_group['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_endpoint_group » OK')</P><P><BR />def get_identity_groups():<BR />test = ise.get_identity_groups(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_identity_groups » OK')</P><P><BR />def get_identity_group(identity_group):<BR />test = ise.get_identity_group(identity_group['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_identity_group » OK')</P><P>identity_group_id = test['response']['id']</P><P>return identity_group_id</P><P><BR />def add_user(user, identity_group_id):<BR />user = ise.add_user(<BR />user_id=user['user_id'],<BR />password=user['password'],<BR />user_group_oid=identity_group["respone"]["id"],<BR />enable=user['enable'],<BR />first_name=user['first_name'],<BR />last_name=user['last_name']<BR />)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_user » OK')</P><P><BR />def get_users():<BR />test = ise.get_users(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_users » OK')</P><P><BR />def get_user(user):<BR />test = ise.get_user(user['user_id'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_user » OK')</P><P><BR />def delete_user(user):<BR />test = ise.delete_user(user['user_id'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_user » OK')</P><P><BR />def get_device_groups():<BR />test = ise.get_device_groups(size=100, page=1)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_device_groups » OK')<BR />device_group = test['response'][0][1]</P><P>return device_group</P><P><BR />def get_device_group(device_group):<BR />test = ise.get_device_group(device_group['oid'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_device_group » OK')</P><P><BR />def add_device(device):<BR />test = ise.add_device(<BR />name=device['name'],<BR />ip_address=device['ip_address'],<BR />radius_key=device['radius_key'],<BR />snmp_ro=device['snmp_ro'],<BR />dev_group=device['dev_group'],<BR />dev_location=device['dev_location'],<BR />dev_type=device['dev_type'],<BR />description=device['description'],<BR />snmp_v=device['snmp_v'],<BR />dev_profile=device['dev_profile']<BR />)</P><P>if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_device » OK')</P><P><BR />def get_devices():<BR />test_get = ise.get_devices(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_devices » OK')</P><P><BR />def get_device(device):<BR />test = ise.get_device(device['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_device » OK')</P><P><BR />def delete_device(device):<BR />test = ise.delete_device(device['name'])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_device » OK')</P><P><BR />def get_sgts():<BR />test_get = ise.get_sgts(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_sgts » OK')</P><P><BR />def get_sgt(name):<BR />test = ise.get_sgt(name)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_sgt » OK')</P><P><BR />def add_sgt(trustsec):<BR />test = ise.add_sgt(name="Python_Unit_Test", description="Unit Tests", value=trustsec["test_sgt_value"],<BR />return_object=True)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_sgt » OK')<BR />return test['response']['id']</P><P><BR />def update_sgt(id, trustsec):<BR />test = ise.update_sgt(id, name="Test_Unit_Python", description="Python Unit Tests",<BR />value=trustsec["test_sgt_value"])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('update_sgt » OK')</P><P><BR />def delete_sgt(id):<BR />test = ise.delete_sgt(id)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_sgt » OK')</P><P><BR />def get_sgacls():<BR />test_get = ise.get_sgacls(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_sgacls » OK')</P><P><BR />def get_sgacl(name):<BR />test = ise.get_sgacl(name)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_sgacl » OK')</P><P><BR />def add_sgacl(trustsec):<BR />test = ise.add_sgacl(name="Python_Unit_Test", description="Unit Tests", ip_version="IPV4",<BR />acl_content=["permit ip"], return_object=True)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_sgacl » OK')<BR />return test['response']['id']</P><P><BR />def update_sgacl(id, trustsec):<BR />test = ise.update_sgacl(id, name="Test_Unit_Python", description="Python Unit Tests", ip_version="IPV4",<BR />acl_content=["permit ip"])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('update_sgacl » OK')</P><P><BR />def delete_sgacl(id):<BR />test = ise.delete_sgacl(id)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_sgacl » OK')</P><P><BR />def get_emcs():<BR />test_get = ise.get_egressmatrixcells(size=100, page=1)<BR />if test_get['error']:<BR />print(test_get['response'])<BR />else:<BR />print('get_egressmatrixcells » OK')</P><P><BR />def get_emc(name):<BR />test = ise.get_egressmatrixcell(name)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('get_egressmatrixcell » OK')</P><P><BR />def add_emc(trustsec):<BR />test = ise.add_egressmatrixcell(trustsec["emc_source_sgt"], trustsec["emc_dest_sgt"], "PERMIT_IP",<BR />return_object=True)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('add_egressmatrixcell » OK')<BR />return test['response']['id']</P><P><BR />def update_emc(id, trustsec):<BR />test = ise.update_egressmatrixcell(id, trustsec["emc_source_sgt"], trustsec["emc_dest_sgt"], "NONE",<BR />description="Python Unit Tests",<BR />acls=[trustsec["test_assign_acl"]])<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('update_egressmatrixcell » OK')</P><P><BR />def delete_emc(id):<BR />test = ise.delete_egressmatrixcell(id)<BR />if test['error']:<BR />print(test['response'])<BR />else:<BR />print('delete_egressmatrixcell » OK')</P><P><BR />if __name__ == "__main__":</P><P># Endpoint tests<BR />add_endpoint(endpoint)<BR />get_endpoints()<BR />get_endpoint(endpoint)<BR />delete_endpoint(endpoint)</P><P># EndpointGroup tests<BR />get_endpoint_groups(21)<BR />get_endpoint_group(endpoint_group)</P><P># User tests<BR />get_identity_groups()<BR />identity_group_id = ise.get_identity_group(group=identityGroups)<BR />add_user(user, identity_group_id)<BR />get_users()<BR />get_user(user)<BR />delete_user(user)</P><P># Device tests<BR />get_device_groups()<BR />get_device_group(device_group)<BR />add_device(device)<BR />get_devices()<BR />get_device(device)<BR />delete_device(device)<BR /># get_object() # TODO</P><P># TrustSec SGT tests<BR />get_sgts()<BR />get_sgt("Unknown")<BR />sgtid = add_sgt(trustsec)<BR />update_sgt(sgtid, trustsec)<BR />delete_sgt(sgtid)</P><P># TrustSec SGACL tests<BR />get_sgacls()<BR />get_sgacl("Permit IP")<BR />sgaclid = add_sgacl(trustsec)<BR />update_sgacl(sgaclid, trustsec)<BR />delete_sgacl(sgaclid)</P><P># TrustSec Egress Matrix Cell (Policy) tests<BR />get_emcs()<BR />get_emc("Default egress rule")<BR />emcid = add_emc(trustsec)<BR />update_emc(emcid, trustsec)<BR />delete_emc(emcid)</P><P>&nbsp;</P><P>Any suggestions are welcomed</P><P>&nbsp;</P> Wed, 05 May 2021 12:17:33 GMT https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398111#M567138 Richie20 2021-05-05T12:17:33Z https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398185#M567145 <P>There's a lot going on here.</P> <P>1) you pasted the script twice</P> <P>2) it's not properly formatted Python for quick copy and paste to try it</P> <P>3) you're using custom include paths (<FONT face="courier new,courier">sys.path.append('/path/to/ise/')</FONT>) so cannot replicate your environment</P> <P>4) Has a version of this code ever run before? If so, what changed? Go back to that, see what changed and narrow down to that. </P> <P>5) dumping 373 lines of unformatted code is not necessary when the problem is clearly a Timeout <BR /><FONT face="courier new,courier"><STRONG>TimeoutError</STRONG>: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond</FONT></P> <P>6) What have you done to troubleshoot your Timeout issue? can you ping ISE? does a more basic python script talk to ISE and only this one fails?</P> <P>7) You dumped 2 versions of this script - one with the CSRF option and one without. Which is it? Have you used CSRF before? Did it work? have you enabled it in ISE? or was it in a script you copied from somewhere?</P> <P>&nbsp;</P> Wed, 05 May 2021 13:57:38 GMT https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398185#M567145 thomas 2021-05-05T13:57:38Z https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398195#M567146 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/26555">@thomas</a>&nbsp;</P><P>I tried to work with this python&nbsp; program for ISE&nbsp;<A href="https://pypi.org/project/ISE/" target="_blank">https://pypi.org/project/ISE/</A>&nbsp;as i found . my ERS is enabled on ISE&nbsp; and&nbsp; can not ping ISE as well .</P><P>&nbsp;</P><P>Can I use this&nbsp; &nbsp;guest user&nbsp; creation format&nbsp;<A href="https://developer.cisco.com/docs/identity-services-engine/3.0/#!create-guest-user" target="_blank">https://developer.cisco.com/docs/identity-services-engine/3.0/#!create-guest-user</A>&nbsp;for creating internal user on ISE as well&nbsp;&nbsp;<A href="https://developer.cisco.com/docs/identity-services-engine/3.0/#!internal-user/create" target="_blank">https://developer.cisco.com/docs/identity-services-engine/3.0/#!internal-user/create</A>&nbsp;.</P> Wed, 05 May 2021 14:12:33 GMT https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398195#M567146 Richie20 2021-05-05T14:12:33Z https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398324#M567151 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1192302">@Richie20</a>&nbsp;wrote:<BR /> <P>can not ping ISE as well .</P> <HR /></BLOCKQUOTE> <P>This is clearly a networking (Layer 3) issue and not HTTP/S,&nbsp;ERS, or Python.</P> <P>Please resolve your network issue.</P> <P>&nbsp;</P> <BLOCKQUOTE><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1192302">@Richie20</a>&nbsp;wrote:<BR />Can I use this guest user creation format</BLOCKQUOTE> <P>Yes. Please see <A href="https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623" target="_self"><STRONG>ISE ERS API Examples</STRONG></A> and <STRONG><A href="https://community.cisco.com/docs/DOC-71891" target="_self">Guest &amp; Sponsor API</A></STRONG> for the <FONT face="courier new,courier">guestuser</FONT> resource. I specifically talk about <FONT face="courier new,courier">guestuser</FONT> in our <A href="https://www.youtube.com/watch?v=DNYaFl-8zWk" target="_self"><STRONG>ISE REST API Webinar</STRONG></A> :</P> <P><A href="https://www.youtube.com/watch?v=DNYaFl-8zWk&amp;t=1254s" target="_blank">20:54</A> How to Enable ISE ERS (Extensible RESTful Services)<BR /><A href="https://www.youtube.com/watch?v=DNYaFl-8zWk&amp;t=1286s" target="_blank">21:26</A> Admin Groups for REST Role-based Access Control (RBAC)<BR /><A href="https://www.youtube.com/watch?v=DNYaFl-8zWk&amp;t=1335s" target="_blank">22:15</A> <CODE>guestuser</CODE> must be managed by a sponsor</P> Wed, 05 May 2021 16:53:14 GMT https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398324#M567151 thomas 2021-05-05T16:53:14Z https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398341#M567153 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/26555">@thomas</a>&nbsp; i was trying to create Internal users . I want to know if this script is right or have to change it&nbsp;</P><P>#!/usr/bin/env python<BR />import requests<BR />import json<BR />import argparse<BR />import ssl<BR />import urllib3</P><P>urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)</P><P>&nbsp;</P><P>url = "<A href="https://192.168.10.18/ers/config/internaluser" target="_blank">https://192.168.10.18/ers/config/internaluser</A>"</P><P>#Input Parameter<BR />parser = argparse.ArgumentParser()<BR />subparser = parser.add_subparsers(dest='command')<BR />login = subparser.add_parser('login')<BR />register = subparser.add_parser('register')<BR />login.add_argument('--name', type=str, required=True)<BR />login.add_argument('--password', type=str, required=True)<BR />register.add_argument('--firstname', type=str, required=True)<BR />register.add_argument('--lastname', type=str, required=True)<BR />register.add_argument('--username', type=str, required=True)<BR />register.add_argument('--email', type=str, required=True)<BR />register.add_argument('--password', type=str, required=True)<BR />register.add_argument('--identityGroups', type=str, required=True)<BR />register.add_argument('--expiryeDate', type=str, required=True)<BR />register.add_argument('--enablePasword', type=str, required=True)</P><P>&nbsp;</P><P>args = parser.parse_args()<BR />if args.command == 'login':<BR />print('Logging in with username:', args.username,<BR />'and password:', args.password)<BR />elif args.command == 'register':<BR />print('Creating username', args.username,<BR />'for new member', args.firstname, args.lastname,<BR />'with email:', args.email,<BR />'with identityGroups:', args.identityGroups,<BR />'with expiryDate:', args.identityGroups,<BR />'and enablePassowrd:', args.enablePassword,<BR /><BR /><BR /><BR />req_body_json = """ {{</P><P>"InternalUser" : {</P><P>"id" : "{}",</P><P>"name" : "{}",</P><P>"description" : "{}",</P><P>"enabled" : true,</P><P>"email" : "{}",</P><P>"password" : "{}",</P><P>"firstName" : "{}",</P><P>"lastName" : "{}",</P><P>"changePassword" : true,</P><P>"identityGroups" : "{}",</P><P>"expiryDateEnabled" : false,</P><P>"expiryDate" : "{}",</P><P>"enablePassword" : "{}",</P><P>"customAttributes" : {</P><P>"key1" : "value1",</P><P>"key2" : "value3"</P><P>},</P><P>"passwordIDStore" : "Internal Users"</P><P>}</P><P>}<BR />}}<BR />""".format(name,description,firstname,lastname,identityGroups,expirydate,enablePassword)<BR /><BR />headers = {<BR />'Content-Type': 'application/json',<BR />'Accept': 'application/json',<BR />'Authorization': 'Basic cmFjb2xhdHNlOm9GbFBScm5lNDU='<BR />}</P><P>conn.request("POST", "/ers/config/guestuser/", headers=headers, body=req_body_json)</P><P><BR />res = conn.getresponse()<BR />data = res.read()</P><P>print("req_body_json")</P> Wed, 05 May 2021 17:23:55 GMT https://community.cisco.com/t5/network-access-control/python-with-ise/m-p/4398341#M567153 Richie20 2021-05-05T17:23:55Z