Solved: Re: API for Enabling Device Administration on ISE - PSN

lanagna · ‎12-07-2023

Hi Team,
I'm posting in this forum, since I see the relevant discussion is running. Need support on finding the API[ansible]

a. Trying to find the API for enabling PSN work centers -> Overview -> Deployment -> Device Administration Deployment

=> Activate ISE Nodes for Device Administration
None
All Policy Service Nodes ------ > Finding API to enable the same via ansible
Specific Nodes

b. Similarly, trying to find API to enable Administration - >Network devices - > Network Device - Default Device

=> Default Network Device Status
Disable to Enable ---- > Need API for the same to use in Ansible.

This is to set password under TACACS

TACACS Authentication Settings
Enable TACACS
Shared Secret ____________

Charlie Moreton · ‎12-12-2023

You have posted these questions so many times in many different threads. I know that most have been answered, but cannot keep track with so many posts about them.

There is no such thing as a PSN Work Center, there are no APIs for the functions you'd like

View solution in original post

Charlie Moreton · ‎12-07-2023

Which version (and Patch number) of ISE are you using? Out APIs are documented at https://cs.co/ise-api and the Ansible modules are at https://docs.ansible.com/ansible/latest/collections/cisco/ise/index.html#plugins-in-cisco-ise.

If adding multiple nodes at once, you can use the loop function in Ansible

    - name: Register the SPAN and PSNs to the deployment |  ~8m
      cisco.ise.personas_register_node:
        primary_ip: "10.1.100.40"
        primary_username: "{{ ise_username }}"
        primary_password: "{{ ise_init_password }}"
        fqdn: "{{ item.fqdn }}"
        username: "{{ ise_username }}"
        password: "{{ ise_init_password }}"
        roles: "{{ item.roles }}"
        services: "{{ item.services }}"
      loop:
        - fqdn: "vmware-sadmin.securitydemo.net"
          roles: 
            - SecondaryAdmin
            - PrimaryMonitoring
          services: []
        - fqdn: "azure-psn.securitydemo.net"
          roles: []
          services:
            - Session
            - Profiler
        - fqdn: "oci-psn.securitydemo.net"
          roles: []
          services:
            - Session
            - Profiler
            - pxGrid
        - fqdn: "aws-psn.securitydemo.net"
          roles: []
          services:
            - Session
            - Profiler
            - DeviceAdmin
        - fqdn: "azure-psn2.securitydemo.net"
          roles: []
          services: 
            - Session
            - Profiler
        - fqdn: "oci-psn2.securitydemo.net"
          roles: []
          services:
            - Session
            - Profiler
            - pxGrid
        - fqdn: "aws-psn2.securitydemo.net"
          roles: []
          services:
            - Session
            - Profiler
            - DeviceAdmin

lanagna · ‎12-07-2023

Thanks for sharing the links, I m triaging now but hope this above API will help me to make the changes under the path.

a. Trying to find the API for enabling PSN work centers -> Overview -> Deployment -> Device Administration Deployment

=> Activate ISE Nodes for Device Administration
None -----> Default
All Policy Service Nodes ------ > And I need to change it to this option[As attached]
Specific Nodes

And btw, setting password too. Enabling "Networking device status" & setting password for TACACS alone..

lanagna · ‎12-07-2023

Server Version: 3.3.0.430

Cisco ISE - ADE-OS Version: 3.3.0.181

lanagna · ‎12-12-2023

@Charlie Moreton Can you please address back on my query. Thanks in Advance!!

Charlie Moreton · ‎12-12-2023

You have posted these questions so many times in many different threads. I know that most have been answered, but cannot keep track with so many posts about them.

There is no such thing as a PSN Work Center, there are no APIs for the functions you'd like

lanagna · ‎12-13-2023

ok. Thanks for the input.