10-10-2024 07:37 AM
Dear All ,
As I have been trying to get report and fetch data using GET REST call for certain number of external identity group in my existing policy sets in ISE cluster .
I have more than 50 device policy sets in the configuration and I have applied different external identify group as a authorization rule condition for those policy .
I am trying to get get data how many policy set is matching with those certain number of external identify group using REST API call .
Please can anyone share Postman script or python script as a reference to check all policy which is matching external identify groups .
It would be highly appreciated if you share your valuable inputs .
With regards
Erfan
Solved! Go to Solution.
10-17-2024 08:32 AM - edited 10-17-2024 08:33 AM
There are several parts to this:
To get a list of all Network Access Policy Sets use the ISE Policy API:
curl --insecure --location \
--header 'Accept: application/json' \
--user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
--request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set?&page=1&size=100"
Note the use of query parameters &page=1 and &size=100. The default page size is only 10 so using the default you would need to call &page=1 then &page=2... until you got all 50 (or more). Using &size=100 minimizes the number of pages to fetch - only 1 in your situation.
To get a list of all Network Access Policy Sets use the ISE Policy API's Authorization Rules and note that you must provide the policyId of the parent Policy Set from the list of Policy Set id's retrieved above. Yes, at least 50 times for all of your policy sets!
curl --include --insecure --location \
--header 'Accept: application/json' \
--user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
--request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set/{policyId}/authentication?&size=100"
Again, I always increase the &size option to the max for efficiency. You may need to do this for multiple pages if you have >100 Authorization Rules.
How you parse the resulting JSON, filter, and stitch it all back together into whatever desired form you have is up to you and your scripting skills. There are many ways to do this but this will get you the data you need to start.
To understand everything I covered here in more detail, watch some of our ISE Webinars on APIs :
2024-08-06 ▷ISE API and Automation Setup
2022-10-06 ▷ Practical ISE Automation with Ansible
2022-10-04 ▷ ISE REST APIs Introduction
2021-07-06 ▷ ISE 3.1 APIs, Ansible, and Automation
2021-04-06 ▷ ISE REST APIs
10-17-2024 08:32 AM - edited 10-17-2024 08:33 AM
There are several parts to this:
To get a list of all Network Access Policy Sets use the ISE Policy API:
curl --insecure --location \
--header 'Accept: application/json' \
--user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
--request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set?&page=1&size=100"
Note the use of query parameters &page=1 and &size=100. The default page size is only 10 so using the default you would need to call &page=1 then &page=2... until you got all 50 (or more). Using &size=100 minimizes the number of pages to fetch - only 1 in your situation.
To get a list of all Network Access Policy Sets use the ISE Policy API's Authorization Rules and note that you must provide the policyId of the parent Policy Set from the list of Policy Set id's retrieved above. Yes, at least 50 times for all of your policy sets!
curl --include --insecure --location \
--header 'Accept: application/json' \
--user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
--request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set/{policyId}/authentication?&size=100"
Again, I always increase the &size option to the max for efficiency. You may need to do this for multiple pages if you have >100 Authorization Rules.
How you parse the resulting JSON, filter, and stitch it all back together into whatever desired form you have is up to you and your scripting skills. There are many ways to do this but this will get you the data you need to start.
To understand everything I covered here in more detail, watch some of our ISE Webinars on APIs :
2024-08-06 ▷ISE API and Automation Setup
2022-10-06 ▷ Practical ISE Automation with Ansible
2022-10-04 ▷ ISE REST APIs Introduction
2021-07-06 ▷ ISE 3.1 APIs, Ansible, and Automation
2021-04-06 ▷ ISE REST APIs
10-20-2024 05:57 AM
Hi @thomas ,
Thanks for your valuable inputs .
I will try to follow your scripts which you shared and will let you know update.
On the other hand , thanks for sharing all webinar on ISE API .
with regards
Erfan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide