cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

245
Views
5
Helpful
4
Replies
Highlighted
Beginner

ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

I've started experimenting with the ERS API to automate some of our ISE deployment tasks.

We create several SGACLs, one per port (i.e. RDP_TCP_3389) and use those in the Trustsec matrix to allow specific ports between security groups (ie clients to web server etc).

I can create / POST new SGACLs to our ISE but they do not show up when I do a GET to show them all, there seems to be a limit on the number of SGACLs it will display? The do show up on ISE itself, however, and they are based on working SGACLs with different names and port numbers so it's not invalid or anything. This also happens when I create a new one via ISE and try to pull it via a GET.

I've tried editing the name of one that does appear in the list (for example adding _TEST to the end of the SGACL name) and it shows up with the edit when I do a GET right after.

It seems like there's a limit to how many it will show or it stops pulling them after the permit_all, because if I add a SGACL like HTTPS_443 via POST it shows up in a GET, but if I add one like RDP_TCP_3389 it does not show up.

Anyone else experience this? Any ideas?

We are on 2.4 Patch 5

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

In Get-All request, you won't get all the ACL in a single page, You have to navigate it to next page to see remaining ACLs.

Please try this URL https://<ISE-Admin-IP>:9060/ers/config/sgacl?page=2

 

-Aravind

-Aravind

View solution in original post

4 REPLIES 4
Highlighted

Re: ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

In Get-All request, you won't get all the ACL in a single page, You have to navigate it to next page to see remaining ACLs.

Please try this URL https://<ISE-Admin-IP>:9060/ers/config/sgacl?page=2

 

-Aravind

-Aravind

View solution in original post

Highlighted
Beginner

Re: ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

Thank you

That's interesting, I suspected something like this at first due to the "nextPage" key at the end but I couldn't figure out how to get to it - is that documented anywhere in the SDK page?

I would prefer being able to get them all in one request, though

Highlighted
Rising star

Re: ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

default is 20 per page, you can set it to a max of 100 with the size=100 parameter in the url, there is no way to get all in one request if you are above 100.

Highlighted
Beginner

Re: ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

Got it, thank you - is that documented anywhere? I thought I read the whole API guide hosted on the device but I may have missed that.

Also, are you able to set the ID of the SGACL? I'm unable to, thought it works with network devices. Not sure if that's intended