Solved: Re: IP-SGT mapping fails with ERS API call

dipeshcl · ‎07-14-2017

All,

I am trying to create an IP-SGT map with ERS API (/ers/config/sgmapping/)but getting an internal server error from ISE.

I suspect there is something wrong with json payload I am sending.

Can someone point out what might be the error?

Thanks

-- D

import http.client

import base64

import ssl

import sys

# Host and authentication credentials

host = sys.argv[1] # "1.2.3.4"

user = sys.argv[2] # "ersadmin"

password = sys.argv[3] # "Ise1234"

# URL Encoding for ISE

conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2))

creds = str.encode(':'.join((user, password)))

encodedAuth = bytes.decode(base64.b64encode(creds))

# HTTP header

headers = {

'accept': "application/json",

'content-type': "application/json",

'authorization': " ".join(("Basic",encodedAuth)),

'cache-control': "no-cache",

}

# JSON Payload for Creating IP-SGT Mapping

req_body_json = """ {

"SGMapping" : {

"sgt" : "20",

"deployType" : "ALL",

"hostIp" : "5.2.3.4/32",

"hostName" : "5.2.3.4/32"

}

}"""

conn.request("POST", "/ers/config/sgmapping/", headers=headers, body=req_body_json)

================ Code output =====================

ise-test-host:~$ python3 set_ipsgtmaps.py X.X.X.X ersadmin Cisco1234

Status: 404

Header:

Set-Cookie: JSESSIONIDSSO=F91633989B22E39B0DE187A5B8A9E7AC; Path=/; Secure; HttpOnly

Set-Cookie: APPSESSIONID=DADCD81A341C7FC3B5885115C2DC6646; Path=/ers; Secure; HttpOnly

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Internal Server Error: Unexpected Exeption:: 500

Content-Length: 0

Date: Fri, 14 Jul 2017 18:20:46 GMT

Server:

Body:

paul · ‎07-14-2017

Use Postman to validate all your ERS commands.

You need to first find the valid SGT tag ID. "20" is not right. Let's say I want to add an IP to the Employee SGT. I first need to find the ID for the Employee SGT:

https://10.89.80.34:9060/ers/config/sgt?filter=name.EQ.Employees

I get back this:

{

"SearchResult": {

"total": 1,

"resources": [

{

"id": "93ad6890-8c01-11e6-996c-525400b48521",

"name": "Employees",

"description": "Employee Security Group",

"link": {

"rel": "self",

"href": "https://10.89.80.34:9060/ers/config/sgt/93ad6890-8c01-11e6-996c-525400b48521",

"type": "application/xml"

}

]

}

Now I know that my ID for Employees is "93ad6890-8c01-11e6-996c-525400b48521".

Now I can craft my JSON to add a new mapping:

{

"SGMapping": {

"name": "1.1.1.1/32",

"sgt": "93ad6890-8c01-11e6-996c-525400b48521",

"deployType": "ALL",

"hostIp": "1.1.1.1/32"

}

I POST that JSON to:

https://10.89.80.34:9060/ers/config/sgmapping

I get my 201 HTTP code back to tell me it was created and life is good.

If you are updating a mapping you are going to have to first find the mapping ID then do a PUT command to update it. This is typically ERS stuff. POST to create and PUT to update.

View solution in original post

paul · ‎07-14-2017