cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

864
Views
6
Helpful
5
Replies
dipeshcl
Cisco Employee

ERS API to GET/POST Blacklist devices in ISE 2.2?

Hello,

Is there an ERS API to GET/POST Blacklist devices in ISE 2.2?

If so could you please provide the path for this API?

Thanks,

Dipesh

1 ACCEPTED SOLUTION

Accepted Solutions
dazza_johnson
Contributor

Sure - see below on ISE v2.2

Find the endpoint ID for the Blacklist endpoint group:

root@kali:~# curl -k https://ers-admin:password@10.5.123.69:9060/ers/config/endpointgroup?filter=name.EQ.Blacklist -H Accept:application/json

{

  "SearchResult" : {

    "total" : 1,

    "resources" : [ {

      "id" : "aa000c30-8bff-11e6-996c-525400b48521",

      "name" : "Blacklist",

      "description" : "Blacklist Identity Group",

      "link" : {

        "rel" : "self",

        "href" : "https://10.5.123.69:9060/ers/config/endpointgroup/aa000c30-8bff-11e6-996c-525400b48521",

        "type" : "application/xml"

      }

    } ]

  }

}

Then show all the endpoints within that endpoint group ID:

root@kali:~# curl -k https://ers-admin:password@10.5.123.69:9060/ers/config/endpoin?filter=groupId.EQ.aa000c30-8bff-11e6-996c-525400b48521 -H Accept:application/json

{

  "SearchResult" : {

    "total" : 2,

    "resources" : [ {

      "id" : "f4bc60b0-257f-11e7-bbb1-0050568f4d09",

      "name" : "01:23:01:23:01:22",

      "description" : "MAC#2",

      "link" : {

        "rel" : "self",

        "href" : "https://10.5.123.69:9060/ers/config/endpoint/f4bc60b0-257f-11e7-bbb1-0050568f4d09",

        "type" : "application/xml"

      }

    }, {

      "id" : "eb85ac90-257f-11e7-bbb1-0050568f4d09",

      "name" : "01:23:01:23:01:23",

      "description" : "MAC#1",

      "link" : {

        "rel" : "self",

        "href" : "https://10.5.123.69:9060/ers/config/endpoint/eb85ac90-257f-11e7-bbb1-0050568f4d09",

        "type" : "application/xml"

      }

    } ]

  }

}

root@kali:~#

Hope that helps to get you started :-)

View solution in original post

5 REPLIES 5
dazza_johnson
Contributor

Sure - see below on ISE v2.2

Find the endpoint ID for the Blacklist endpoint group:

root@kali:~# curl -k https://ers-admin:password@10.5.123.69:9060/ers/config/endpointgroup?filter=name.EQ.Blacklist -H Accept:application/json

{

  "SearchResult" : {

    "total" : 1,

    "resources" : [ {

      "id" : "aa000c30-8bff-11e6-996c-525400b48521",

      "name" : "Blacklist",

      "description" : "Blacklist Identity Group",

      "link" : {

        "rel" : "self",

        "href" : "https://10.5.123.69:9060/ers/config/endpointgroup/aa000c30-8bff-11e6-996c-525400b48521",

        "type" : "application/xml"

      }

    } ]

  }

}

Then show all the endpoints within that endpoint group ID:

root@kali:~# curl -k https://ers-admin:password@10.5.123.69:9060/ers/config/endpoin?filter=groupId.EQ.aa000c30-8bff-11e6-996c-525400b48521 -H Accept:application/json

{

  "SearchResult" : {

    "total" : 2,

    "resources" : [ {

      "id" : "f4bc60b0-257f-11e7-bbb1-0050568f4d09",

      "name" : "01:23:01:23:01:22",

      "description" : "MAC#2",

      "link" : {

        "rel" : "self",

        "href" : "https://10.5.123.69:9060/ers/config/endpoint/f4bc60b0-257f-11e7-bbb1-0050568f4d09",

        "type" : "application/xml"

      }

    }, {

      "id" : "eb85ac90-257f-11e7-bbb1-0050568f4d09",

      "name" : "01:23:01:23:01:23",

      "description" : "MAC#1",

      "link" : {

        "rel" : "self",

        "href" : "https://10.5.123.69:9060/ers/config/endpoint/eb85ac90-257f-11e7-bbb1-0050568f4d09",

        "type" : "application/xml"

      }

    } ]

  }

}

root@kali:~#

Hope that helps to get you started :-)

Greatly appreciate your quick and detailed response. It worked.

Would you be able to share the corresponding POST/PUT call that would update this blacklist?

Thanks,

Dipesh

OK looked up SDK docs and found out it is the same URL to POST this list.

Nice work!

Great work Darren. Could you also share how to add a device to blacklist using restful API. The above examples are for getting the blacklisted device. I would like to post/put a device to a blacklist.

~Thanks

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube