cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1629
Views
0
Helpful
3
Replies

ISE ERS API calls to get all the network devices with Group

alawang
Cisco Employee
Cisco Employee

My customer is in the process to migrate form ACS to ISE 2.3. They are running ISE 2.3. They are having issues to get all the network devices with grouplist. They can only get one page a time, and just ID and Name using Python script.  One page a time is not an acceptable behavior since this is a fully automated environment.

What needed is twofold:

  1. Get all the network devices
  2. Also the NetworkDeviceGroupList.

I opened an SR for this.  The SR number is 683345244. Immediate assistance is needed.  The evaluation process is halted for two weeks already.  ISE will be defenestration if we cannot prove that they can migrate from ACS to ISE.

Regards,

Alan

Additional info:

the customer is having issues to pull all the network device using python. He modified the sample code. But he can only get one page a time. Could not get all the network device in one shot.

Also he can only pull ID and NAME:

  "id" : "c355d610-a2f1-11e7-87e8-000c29b3af9f",

  "name" : "101coll-uab001-nm-01.net.gs.com",

Not all the GROUPs the device in.

Goldman is automatically manage the network devices. It is very important for us to know what is in the ISE DB to make a decision whether a device need to be removed, added or modified.

Below is the sample code from Cisco. He made some modifications to pull the devices instead of users.  Need your help to enhance the code to get all the devices, and also pull down: device type, location, maker, and also special (groups):

#!/usr/bin/env python

###########################################################################

#                                                                         #

# This script demonstrates how to use the ISE ERS internal users          #

# API  by executing a Python script.                                      #

#                                                                         #

# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION!                #

# The script allows connections to SSL sites without trusting             #

# the server certificates.                                                #

# For production, it is required to add certificate check.                #

#                                                                         #

# Usage: get-all-internal-users.py <ISE host> <ERS user> <ERS password>   #

###########################################################################

import http.client

import base64

import ssl

import sys

import json

# host and authentication credentials

host = sys.argv[1] # "10.20.30.40"

user = sys.argv[2] # "ersad"

password = sys.argv[3] # "Password1"

#conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

conn = http.client.HTTPSConnection("{}:9060".format(host))

creds = str.encode(':'.join((user, password)))

encodedAuth = bytes.decode(base64.b64encode(creds))

headers = {

    'accept': "application/json",

    'authorization': " ".join(("Basic",encodedAuth)),

    'cache-control': "no-cache",

    }

conn.request("GET", "/ers/config/networkdevice", headers=headers)

res = conn.getresponse()

data = res.read()

print("Status: {}".format(res.status))

print("Header:\n{}".format(res.headers))

print("Body:\n{}".format(data.decode("utf-8")))

1 Accepted Solution

Accepted Solutions

Responded to query offline.

In short, the API for network devices allows query for all NADs but the details request must be run for each element by ID and it will include the NDG details such as Device Type, Location, Vendor, etc.  Support to fetch NAD details in bulk is not yet supported and would require enhancement.

For support on leveraging the APIs in scripts, the online SDK offers examples, but custom scripting support typically requires Cisco Advanced Services or Partner Services.

Craig

View solution in original post

3 Replies 3

Jason Kunst
Cisco Employee
Cisco Employee

This community is not used for escalating issues. That would be done through the TAC

If there is a long term request on getting the API enhanced then you will need to reach out to the ISE product marketing team

Have you tried the ACS to ISE migration tool to move the devices?

https://communities.cisco.com/docs/DOC-63880

Jason Kunst
Cisco Employee
Cisco Employee

please keep in mind this is a public forum, please remove any customer information from the post

Responded to query offline.

In short, the API for network devices allows query for all NADs but the details request must be run for each element by ID and it will include the NDG details such as Device Type, Location, Vendor, etc.  Support to fetch NAD details in bulk is not yet supported and would require enhancement.

For support on leveraging the APIs in scripts, the online SDK offers examples, but custom scripting support typically requires Cisco Advanced Services or Partner Services.

Craig