Re: Cisco ISE 2.4 Patch 8 - REST API CoA Reauth

Marcos Rodriguez · ‎11-21-2019

Hi guys!!

I've configured an API rest application for applying an ANC policy to an endpoint, but until I excute a CoA ReAuth this policy isn't applied... so I want to apply at the same time ANC policy and CoA from API Rest call... Can anybody help how should be configure this API call?

For example, I detect that device with mac address 11:22:33:44:55:66 has a virus so I apply an ANC policy to this mac address... and I need to apply at the same time an API call to re-authenticate the device, in order to apply de ANC policy and "block" the network access.

Many thanks!!

Regards

Marcos

Anurag Sharma · ‎11-21-2019

Hey @Marcos Rodriguez ,

Check out this guide .

How many nodes are there in your deployment and what are their personas?

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Marcos Rodriguez · ‎11-21-2019

Hi my friend anurag!!

This is my deployment:

I found the same link of guide you share me but I',m not sure about the API call that I have to configure in my Postman for test it... GET/PUT/... exact URL format...

Can you share me any example?

Many thanks!!

Anurag Sharma · ‎11-22-2019

Hi @Marcos Rodriguez ,

It is not straightforward and I have not verified this.

First, you want to find out the session owner (which PSN) of the MAC address:

(GET) https://madisepan01.DOMAIN.COM/admin/API/mnt/Session/MACAddress/00:26:82:7B:D2:51

Then, when you find the server (session owner), you can use that in the server place /Reauth/SERVER/00:XX...

(POST) https://madisepan01.DOMAIN.COM/admin/API/mnt/CoA/Reauth/madisepsn01/00:26:82:7B:D2:51/1

Try and see if it works.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Jason Kunst · ‎11-23-2019

I’d think you can make this call against the MNT and not worry which PSN is the owner