04-23-2019 02:33 PM - edited 04-24-2019 07:40 AM
I've started experimenting with the ERS API to automate some of our ISE deployment tasks.
We create several SGACLs, one per port (i.e. RDP_TCP_3389) and use those in the Trustsec matrix to allow specific ports between security groups (ie clients to web server etc).
I can create / POST new SGACLs to our ISE but they do not show up when I do a GET to show them all, there seems to be a limit on the number of SGACLs it will display? The do show up on ISE itself, however, and they are based on working SGACLs with different names and port numbers so it's not invalid or anything. This also happens when I create a new one via ISE and try to pull it via a GET.
I've tried editing the name of one that does appear in the list (for example adding _TEST to the end of the SGACL name) and it shows up with the edit when I do a GET right after.
It seems like there's a limit to how many it will show or it stops pulling them after the permit_all, because if I add a SGACL like HTTPS_443 via POST it shows up in a GET, but if I add one like RDP_TCP_3389 it does not show up.
Anyone else experience this? Any ideas?
We are on 2.4 Patch 5
Solved! Go to Solution.
04-24-2019 12:01 AM - edited 04-24-2019 12:01 AM
In Get-All request, you won't get all the ACL in a single page, You have to navigate it to next page to see remaining ACLs.
Please try this URL https://<ISE-Admin-IP>:9060/ers/config/sgacl?page=2
-Aravind
04-24-2019 12:01 AM - edited 04-24-2019 12:01 AM
In Get-All request, you won't get all the ACL in a single page, You have to navigate it to next page to see remaining ACLs.
Please try this URL https://<ISE-Admin-IP>:9060/ers/config/sgacl?page=2
-Aravind
04-24-2019 07:45 AM
Thank you
That's interesting, I suspected something like this at first due to the "nextPage" key at the end but I couldn't figure out how to get to it - is that documented anywhere in the SDK page?
I would prefer being able to get them all in one request, though
04-24-2019 01:49 PM
default is 20 per page, you can set it to a max of 100 with the size=100 parameter in the url, there is no way to get all in one request if you are above 100.
05-06-2019 08:42 AM
Got it, thank you - is that documented anywhere? I thought I read the whole API guide hosted on the device but I may have missed that.
Also, are you able to set the ID of the SGACL? I'm unable to, thought it works with network devices. Not sure if that's intended
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide