cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

403
Views
5
Helpful
4
Replies
moffman77
Beginner

ISE 2.4 ERS API - Can't seem to GET list of all Trustsec SGACLs?

I've started experimenting with the ERS API to automate some of our ISE deployment tasks.

We create several SGACLs, one per port (i.e. RDP_TCP_3389) and use those in the Trustsec matrix to allow specific ports between security groups (ie clients to web server etc).

I can create / POST new SGACLs to our ISE but they do not show up when I do a GET to show them all, there seems to be a limit on the number of SGACLs it will display? The do show up on ISE itself, however, and they are based on working SGACLs with different names and port numbers so it's not invalid or anything. This also happens when I create a new one via ISE and try to pull it via a GET.

I've tried editing the name of one that does appear in the list (for example adding _TEST to the end of the SGACL name) and it shows up with the edit when I do a GET right after.

It seems like there's a limit to how many it will show or it stops pulling them after the permit_all, because if I add a SGACL like HTTPS_443 via POST it shows up in a GET, but if I add one like RDP_TCP_3389 it does not show up.

Anyone else experience this? Any ideas?

We are on 2.4 Patch 5

1 ACCEPTED SOLUTION

Accepted Solutions
Aravind Ravichandran
Participant

In Get-All request, you won't get all the ACL in a single page, You have to navigate it to next page to see remaining ACLs.

Please try this URL https://<ISE-Admin-IP>:9060/ers/config/sgacl?page=2

 

-Aravind

-Aravind

View solution in original post

4 REPLIES 4
Aravind Ravichandran
Participant

In Get-All request, you won't get all the ACL in a single page, You have to navigate it to next page to see remaining ACLs.

Please try this URL https://<ISE-Admin-IP>:9060/ers/config/sgacl?page=2

 

-Aravind

-Aravind

View solution in original post

Thank you

That's interesting, I suspected something like this at first due to the "nextPage" key at the end but I couldn't figure out how to get to it - is that documented anywhere in the SDK page?

I would prefer being able to get them all in one request, though

default is 20 per page, you can set it to a max of 100 with the size=100 parameter in the url, there is no way to get all in one request if you are above 100.

Got it, thank you - is that documented anywhere? I thought I read the whole API guide hosted on the device but I may have missed that.

Also, are you able to set the ID of the SGACL? I'm unable to, thought it works with network devices. Not sure if that's intended

Content for Community-Ad