Solved: Change NAD hostname with csv import on ISE 2.4

DAVID · ‎03-16-2020

Is it possible to use the import feature to upload a CSV file to change the hostname of a NAD in ISE 2.4. Whenever I choose to overwrite existing data, ISE tells the that the IP address overlaps.

Mike.Cifelli · ‎03-17-2020

Another quick way you could accomplish your goal is by utilizing certain ISE APIs. If you browse to https://<isepanip>:9060/ers/sdk# you can find some valuable information there. Not sure if you are familiar with python, but here is something I have used to update hostname, location, and device type. Some values must be passed. I strongly recommend testing in a test environment. Cut out some part of the code, but prompts user for IP address of NAD, finds the NAD id in ISE database, and then prompts for name, type and location, and updates accordingly.
def ise_nad_update(IP_ADDR):

while True:
NAD_NAME = raw_input("Enter the Edge node site ID: ").upper()
if len(NAD_NAME) <= 5 and NAD_NAME.startswith('S0'):
break
else:
print "**************************************************************************"
print "Error! Must be less than 5 characters & in SDA Site Identifier format"
print "**************************************************************************"
continue
while True:
loc = ["123", "3205", "6012"]
LOC = raw_input("Enter the building location: ")
if len(LOC) <= 4 and LOC in loc:
break
else:
print "Please enter a Campus location(123, 3205, 6012)"
continue
while True:
own = ["mike", "joe", "susan"]
OWNER = raw_input("Enter NAD owner: ").upper()
if len(OWNER) <= 6 and OWNER in own:
break
else:
print "Please enter proper owner of asset("Bldg1","Bldg2","Bldg3")"
continue
#Insert check for location and building types
print "Grabbing NAD ID from ISE database"
for i in tqdm(range(2)):
sleep(5)
print "*****************"
API_DEVICE = "https://<ise>:9060/ers/config/networkdevice?filter=ipaddress.EQ." + IP_ADDR
API_ERS_USER = "<user>","<pass>"
HEADERS = {
'Accept': "application/json",
'Content-Type': "application/json",
}
r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)
temp = r.text
nad_id = json.loads(temp)
for nad in nad_id['SearchResult']['resources']:
temp2 = nad['id']
print "ISE NAD ID:" + temp2
print "Getting ready to update the NAD in ISE"

print "**********************"
print "ISE Request", r.reason
print "**********************"
API_DATA = {
"NetworkDevice": {
"id": temp2,
"name": "<name>" + NAD_NAME,
"profileName": "Cisco",
"coaPort": "1700",

"authenticationSettings" : {
},
"snmpsettings" : {
"pollingInterval" : 3600,
"linkTrapQuery" : "false",
"macTrapQuery" : "false",
},
"trustsecsettings" : {
"deviceAuthenticationSettings" : {
},
"sgaNotificationAndUpdates" : {
"downlaodEnvironmentDataEveryXSeconds" : 86400,
"downlaodPeerAuthorizationPolicyEveryXSeconds" : 86400,
"reAuthenticationEveryXSeconds" : 86400,
"downloadSGACLListsEveryXSeconds" : 86400,
"otherSGADevicesToTrustThisDevice" : "true",
"sendConfigurationToDevice" : "true",
"sendConfigurationToDeviceUsing" : "ENABLE_USING_COA",
"coaSourceHost" : "<ise>"
},
"deviceConfigurationDeployment" : {
"includeWhenDeployingSGTUpdates" : "true",
}
},
"NetworkDeviceIPList": [
{
"ipaddress": IP_ADDR,
"mask": 32,
}
],
"NetworkDeviceGroupList": [
"Location#All Locations#" + LOC,
"Device Type#All Device Types#SDA#" + OWNER,
"IPSEC#Is IPSEC Device#No",
]
}
}

API_DEVICE = "https://<ise>:9060/ers/config/networkdevice/" + temp2
API_ERS_USER = "<user>","<pass>"
r = requests.put(url=API_DEVICE, auth=API_ERS_USER, json=API_DATA, verify=True)
print r.text
print "***************"
print "ISE Request", r.reason
print "***************"
sys.exit()

Also, take a peek here: https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623
HTH!

View solution in original post

Greg Gibbs · ‎03-16-2020

Hi David,

The IP address would be a key value in the Network Devices database, so ISE would require that value to be unique. As such, I suspect there is no way to change the hostname using a CSV import since the IP address already exists.

You would likely have to delete the Network Devices first, then re-import them as new Network Devices with the updated hostname.

Some of the other non-unique values like Device Type, Location, etc. can definitely be updated using the CSV import.

Cheers,

Greg

Mike.Cifelli · ‎03-17-2020

Another quick way you could accomplish your goal is by utilizing certain ISE APIs. If you browse to https://<isepanip>:9060/ers/sdk# you can find some valuable information there. Not sure if you are familiar with python, but here is something I have used to update hostname, location, and device type. Some values must be passed. I strongly recommend testing in a test environment. Cut out some part of the code, but prompts user for IP address of NAD, finds the NAD id in ISE database, and then prompts for name, type and location, and updates accordingly.
def ise_nad_update(IP_ADDR):

while True:
NAD_NAME = raw_input("Enter the Edge node site ID: ").upper()
if len(NAD_NAME) <= 5 and NAD_NAME.startswith('S0'):
break
else:
print "**************************************************************************"
print "Error! Must be less than 5 characters & in SDA Site Identifier format"
print "**************************************************************************"
continue
while True:
loc = ["123", "3205", "6012"]
LOC = raw_input("Enter the building location: ")
if len(LOC) <= 4 and LOC in loc:
break
else:
print "Please enter a Campus location(123, 3205, 6012)"
continue
while True:
own = ["mike", "joe", "susan"]
OWNER = raw_input("Enter NAD owner: ").upper()
if len(OWNER) <= 6 and OWNER in own:
break
else:
print "Please enter proper owner of asset("Bldg1","Bldg2","Bldg3")"
continue
#Insert check for location and building types
print "Grabbing NAD ID from ISE database"
for i in tqdm(range(2)):
sleep(5)
print "*****************"
API_DEVICE = "https://<ise>:9060/ers/config/networkdevice?filter=ipaddress.EQ." + IP_ADDR
API_ERS_USER = "<user>","<pass>"
HEADERS = {
'Accept': "application/json",
'Content-Type': "application/json",
}
r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)
temp = r.text
nad_id = json.loads(temp)
for nad in nad_id['SearchResult']['resources']:
temp2 = nad['id']
print "ISE NAD ID:" + temp2
print "Getting ready to update the NAD in ISE"

print "**********************"
print "ISE Request", r.reason
print "**********************"
API_DATA = {
"NetworkDevice": {
"id": temp2,
"name": "<name>" + NAD_NAME,
"profileName": "Cisco",
"coaPort": "1700",

"authenticationSettings" : {
},
"snmpsettings" : {
"pollingInterval" : 3600,
"linkTrapQuery" : "false",
"macTrapQuery" : "false",
},
"trustsecsettings" : {
"deviceAuthenticationSettings" : {
},
"sgaNotificationAndUpdates" : {
"downlaodEnvironmentDataEveryXSeconds" : 86400,
"downlaodPeerAuthorizationPolicyEveryXSeconds" : 86400,
"reAuthenticationEveryXSeconds" : 86400,
"downloadSGACLListsEveryXSeconds" : 86400,
"otherSGADevicesToTrustThisDevice" : "true",
"sendConfigurationToDevice" : "true",
"sendConfigurationToDeviceUsing" : "ENABLE_USING_COA",
"coaSourceHost" : "<ise>"
},
"deviceConfigurationDeployment" : {
"includeWhenDeployingSGTUpdates" : "true",
}
},
"NetworkDeviceIPList": [
{
"ipaddress": IP_ADDR,
"mask": 32,
}
],
"NetworkDeviceGroupList": [
"Location#All Locations#" + LOC,
"Device Type#All Device Types#SDA#" + OWNER,
"IPSEC#Is IPSEC Device#No",
]
}
}

API_DEVICE = "https://<ise>:9060/ers/config/networkdevice/" + temp2
API_ERS_USER = "<user>","<pass>"
r = requests.put(url=API_DEVICE, auth=API_ERS_USER, json=API_DATA, verify=True)
print r.text
print "***************"
print "ISE Request", r.reason
print "***************"
sys.exit()

Also, take a peek here: https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623
HTH!

DAVID · ‎03-17-2020

Spoiler

This is perfect!!! Thanks

thomas · ‎03-17-2020

Thank you for posting your script, @Mike.Cifelli !

To preserve your indents and increase readability, use the Insert Code option

or select the Preformatted text option :