Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1629
Views
0
Helpful
3
Replies

ISE ERS API calls to get all the network devices with Group

Go to solution
alawang
Cisco Employee
Cisco Employee

‎11-06-2017 08:12 AM

My customer is in the process to migrate form ACS to ISE 2.3. They are running ISE 2.3. They are having issues to get all the network devices with grouplist. They can only get one page a time, and just ID and Name using Python script.  One page a time is not an acceptable behavior since this is a fully automated environment.

What needed is twofold:

  1. Get all the network devices
  2. Also the NetworkDeviceGroupList.

I opened an SR for this.  The SR number is 683345244. Immediate assistance is needed.  The evaluation process is halted for two weeks already.  ISE will be defenestration if we cannot prove that they can migrate from ACS to ISE.

Regards,

Alan

Additional info:

the customer is having issues to pull all the network device using python. He modified the sample code. But he can only get one page a time. Could not get all the network device in one shot.

Also he can only pull ID and NAME:

  "id" : "c355d610-a2f1-11e7-87e8-000c29b3af9f",

  "name" : "101coll-uab001-nm-01.net.gs.com",

Not all the GROUPs the device in.

Goldman is automatically manage the network devices. It is very important for us to know what is in the ISE DB to make a decision whether a device need to be removed, added or modified.

Below is the sample code from Cisco. He made some modifications to pull the devices instead of users.  Need your help to enhance the code to get all the devices, and also pull down: device type, location, maker, and also special (groups):

#!/usr/bin/env python

###########################################################################

#                                                                         #

# This script demonstrates how to use the ISE ERS internal users          #

# API  by executing a Python script.                                      #

#                                                                         #

# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION!                #

# The script allows connections to SSL sites without trusting             #

# the server certificates.                                                #

# For production, it is required to add certificate check.                #

#                                                                         #

# Usage: get-all-internal-users.py <ISE host> <ERS user> <ERS password>   #

###########################################################################

import http.client

import base64

import ssl

import sys

import json

# host and authentication credentials

host = sys.argv[1] # "10.20.30.40"

user = sys.argv[2] # "ersad"

password = sys.argv[3] # "Password1"

#conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

conn = http.client.HTTPSConnection("{}:9060".format(host))

creds = str.encode(':'.join((user, password)))

encodedAuth = bytes.decode(base64.b64encode(creds))

headers = {

    'accept': "application/json",

    'authorization': " ".join(("Basic",encodedAuth)),

    'cache-control': "no-cache",

    }

conn.request("GET", "/ers/config/networkdevice", headers=headers)

res = conn.getresponse()

data = res.read()

print("Status: {}".format(res.status))

print("Header:\n{}".format(res.headers))

print("Body:\n{}".format(data.decode("utf-8")))

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to Jason Kunst

‎11-06-2017 11:05 PM

Responded to query offline.

In short, the API for network devices allows query for all NADs but the details request must be run for each element by ID and it will include the NDG details such as Device Type, Location, Vendor, etc.  Support to fetch NAD details in bulk is not yet supported and would require enhancement.

For support on leveraging the APIs in scripts, the online SDK offers examples, but custom scripting support typically requires Cisco Advanced Services or Partner Services.

Craig

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-06-2017 08:34 AM

This community is not used for escalating issues. That would be done through the TAC

If there is a long term request on getting the API enhanced then you will need to reach out to the ISE product marketing team

Have you tried the ACS to ISE migration tool to move the devices?

https://communities.cisco.com/docs/DOC-63880

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-06-2017 08:36 AM

please keep in mind this is a public forum, please remove any customer information from the post

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Jason Kunst

‎11-06-2017 11:05 PM

Responded to query offline.

In short, the API for network devices allows query for all NADs but the details request must be run for each element by ID and it will include the NDG details such as Device Type, Location, Vendor, etc.  Support to fetch NAD details in bulk is not yet supported and would require enhancement.

For support on leveraging the APIs in scripts, the online SDK offers examples, but custom scripting support typically requires Cisco Advanced Services or Partner Services.

Craig

0 Helpful
Customers Also Viewed These Support Documents