Another quick way you could accomplish your goal is by utilizing certain ISE APIs. If you browse to https://<isepanip>:9060/ers/sdk# you can find some valuable information there. Not sure if you are familiar with python, but here is something I have used to update hostname, location, and device type. Some values must be passed. I strongly recommend testing in a test environment. Cut out some part of the code, but prompts user for IP address of NAD, finds the NAD id in ISE database, and then prompts for name, type and location, and updates accordingly.
def ise_nad_update(IP_ADDR):
while True:
NAD_NAME = raw_input("Enter the Edge node site ID: ").upper()
if len(NAD_NAME) <= 5 and NAD_NAME.startswith('S0'):
break
else:
print "**************************************************************************"
print "Error! Must be less than 5 characters & in SDA Site Identifier format"
print "**************************************************************************"
continue
while True:
loc = ["123", "3205", "6012"]
LOC = raw_input("Enter the building location: ")
if len(LOC) <= 4 and LOC in loc:
break
else:
print "Please enter a Campus location(123, 3205, 6012)"
continue
while True:
own = ["mike", "joe", "susan"]
OWNER = raw_input("Enter NAD owner: ").upper()
if len(OWNER) <= 6 and OWNER in own:
break
else:
print "Please enter proper owner of asset("Bldg1","Bldg2","Bldg3")"
continue
#Insert check for location and building types
print "Grabbing NAD ID from ISE database"
for i in tqdm(range(2)):
sleep(5)
print "*****************"
API_DEVICE = "https://<ise>:9060/ers/config/networkdevice?filter=ipaddress.EQ." + IP_ADDR
API_ERS_USER = "<user>","<pass>"
HEADERS = {
'Accept': "application/json",
'Content-Type': "application/json",
}
r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)
temp = r.text
nad_id = json.loads(temp)
for nad in nad_id['SearchResult']['resources']:
temp2 = nad['id']
print "ISE NAD ID:" + temp2
print "Getting ready to update the NAD in ISE"
print "**********************"
print "ISE Request", r.reason
print "**********************"
API_DATA = {
"NetworkDevice": {
"id": temp2,
"name": "<name>" + NAD_NAME,
"profileName": "Cisco",
"coaPort": "1700",
"authenticationSettings" : {
},
"snmpsettings" : {
"pollingInterval" : 3600,
"linkTrapQuery" : "false",
"macTrapQuery" : "false",
},
"trustsecsettings" : {
"deviceAuthenticationSettings" : {
},
"sgaNotificationAndUpdates" : {
"downlaodEnvironmentDataEveryXSeconds" : 86400,
"downlaodPeerAuthorizationPolicyEveryXSeconds" : 86400,
"reAuthenticationEveryXSeconds" : 86400,
"downloadSGACLListsEveryXSeconds" : 86400,
"otherSGADevicesToTrustThisDevice" : "true",
"sendConfigurationToDevice" : "true",
"sendConfigurationToDeviceUsing" : "ENABLE_USING_COA",
"coaSourceHost" : "<ise>"
},
"deviceConfigurationDeployment" : {
"includeWhenDeployingSGTUpdates" : "true",
}
},
"NetworkDeviceIPList": [
{
"ipaddress": IP_ADDR,
"mask": 32,
}
],
"NetworkDeviceGroupList": [
"Location#All Locations#" + LOC,
"Device Type#All Device Types#SDA#" + OWNER,
"IPSEC#Is IPSEC Device#No",
]
}
}
API_DEVICE = "https://<ise>:9060/ers/config/networkdevice/" + temp2
API_ERS_USER = "<user>","<pass>"
r = requests.put(url=API_DEVICE, auth=API_ERS_USER, json=API_DATA, verify=True)
print r.text
print "***************"
print "ISE Request", r.reason
print "***************"
sys.exit()
Also, take a peek here:
https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623HTH!