Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2520
Views
30
Helpful
8
Replies

Cisco ISE 2.4 EndPoint API Creation

Go to solution
BrandonSharp37516
Level 1
Level 1

‎03-18-2021 01:37 PM - edited ‎03-18-2021 02:36 PM

Hi Everyone,

 

I'm trying to get some clarification on the ISE REST API. Right now, if I import an endpoint from CSV, then use the API to GET the endpoint I see the following.

 

 

{
    "ERSEndPoint": {
        "id": "someID",
        "name": "11:11:11:11:11:11",
        "mac": "11:11:11:11:11:11",
        "profileId": "2222222-d10b-11e9-8b5f-2222222",
        "staticProfileAssignment": true,
        "groupId": "1111111-c830-11e9-8b5f-1111111",
        "staticGroupAssignment": true,
        "portalUser": "",
        "identityStore": "",
        "identityStoreId": "",
        "link": {
            "rel": "self",
            "href": "https://mysever:9060/ers/config/endpoint/name/11:11:11:11:11:11",
            "type": "application/json"
        }
    }
}

This is fine, now I want to use the API to insert the same device. So I copy this to a text file, delete the endpoint in ISE and run a POST with this payload.

 

 

 

{
    "ERSEndPoint" : {
        "mac" : "11:11:11:11:11:11",
        "groupId" : "11111111-c830-11e9-8b5f-11111111",
        "staticGroupAssignment" : true,
        "staticProfileAssignment" : true,
        "profileId": "2222222-d10b-11e9-8b5f-22222222"
    }
}

This returns 201, but when I go to the GUI to inspect, it's missing it's EndPoint Policy and it's EndPoint Profile. My question is, is this normal? What fields am I missing?

 

EDIT: For clarification this is the csv format I'm using to upload.

 

MACAddress	        EndPointPolicy	        IdentityGroup
11:11:11:11:11:11	EIG-MyComp-Printer	EIG-MyComp-Printer

 

1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to BrandonSharp37516

‎03-18-2021 07:01 PM

Sorry Brandon, I was misunderstanding what you were trying to do. I tested the same in ISE 3.0 p2 and it worked fine via JSON. I suspect you're running into a bug in 2.4.

If you're not at the latest patch (patch 13), you might be hitting this bug - CSCvr68432 

If you're already using patch 13, you might need to open a TAC case to investigate further.

View solution in original post

8 Replies 8

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎03-18-2021 03:17 PM

There are values like 'name' and 'id' that are required attributes. See the REST API SDK for a table listing required/optional attributes and other examples.

You might also have a look at ISE ERS API Examples

0 Helpful

Go to solution
BrandonSharp37516
Level 1
Level 1
In response to Greg Gibbs

‎03-18-2021 04:36 PM

Hi Greg,

 

Thanks for responding. I have viewed the link and the ERS SDK. The problem I am having is around creating the endpoint with API vs CSV. The two images I attached should make it clearer. I upload a file with 3 fields, and I use the rest API with the same fields and get different results.

 

REST EXAMPLE

Screen Shot 2021-03-18 at 7.23.19 PM.png

CSV EXAMPLE

Screen Shot 2021-03-18 at 7.28.43 PM.png

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to BrandonSharp37516

‎03-18-2021 05:17 PM

So, if I understand correctly, you're trying to use the same CSV file for both file import as well as the REST API. Unless I'm mistaken, that is not possible as those methods use different attributes for the Profiler policy.

The file import template uses "EndpointPolicy" whereas the ERS API uses "staticProfileAssignment" and the relevant "profileID" associated with that Policy.

Go to solution
BrandonSharp37516
Level 1
Level 1
In response to Greg Gibbs

‎03-18-2021 05:25 PM

I think we're on the same page, I want to replicate what users were doing with the CSV, with a REST API. I am trying to find API endpoint/parameters to replicate the "Import File" dropdown under Context Visibility => Endpoints => Import from file. Is that something that is going to be supported? It seems like a valid use case. Is there no programmatic way to associate an endpoint that was create via REST with a EndPointPolicy?

 

Thanks a ton for your help,

Brandon

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to BrandonSharp37516

‎03-18-2021 06:16 PM

This is not so much of a product issue, but more of a coding one. You can certainly create single or bulk endpoints via API and map them to a specific Profiling policy using JSON/XML.

If you want to use a CSV file for your source info, you would likely need to look at coding that via Python. This discussion seems pertinent to what you are looking to do:

https://community.cisco.com/t5/network-access-control/ise-ers-api-import-endpoints-from-xml-or-csv-file/td-p/3833703

 

0 Helpful

Go to solution
BrandonSharp37516
Level 1
Level 1
In response to Greg Gibbs

‎03-18-2021 06:28 PM

Hi Greg, 

 

I am not looking to use the CSV, but replace it. You mention map them to a specific profiling policy with JSON.... where do you see this? I show above that I am assigning a profileID in my POST, however it's not showing up.  

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to BrandonSharp37516

‎03-18-2021 07:01 PM

Sorry Brandon, I was misunderstanding what you were trying to do. I tested the same in ISE 3.0 p2 and it worked fine via JSON. I suspect you're running into a bug in 2.4.

If you're not at the latest patch (patch 13), you might be hitting this bug - CSCvr68432 

If you're already using patch 13, you might need to open a TAC case to investigate further.

Go to solution
BrandonSharp37516
Level 1
Level 1
In response to Greg Gibbs

‎03-18-2021 07:08 PM

Thanks Greg, I will work with my team to start the patching process. 

 

Best,

Brandon

Customers Also Viewed These Support Documents