Solved: Re: ISE ERS API: Network Device PUT / Update Operation

Johannes Luther · ‎12-20-2019

Hi board,

I'm using ISE 2.4 Patch 9 and I want to change attributes (e.g. description) on an existing network device.

So, first of all I find out the ID for the network device I want to change. Here are the device details for the existing device:

$ curl -H "Accept:application/json" -H "Content-Type:application/json" -u ers-query -p -k https://10.20.131.1:9060/ers/config/networkdevice/8ecaa490-2312-11ea-807e-0050568b5bee
Enter host password for user 'ers-query':
{
  "NetworkDevice" : {
    "id" : "8ecaa490-2312-11ea-807e-0050568b5bee",
    "name" : "Bla123",
    "description" : "",
[...]

So if I want to update the description, I'll use the following PUT body

{
  "NetworkDevice": {
     "description": "newDescription"
  }
}

CURL request

$ curl -X PUT -H "Accept:application/json" -H "Content-Type:application/json" -d '{"NetworkDevice": {"description": "newDescription"}}' -u ers-query -p -k https://10.20.131.1:9060/ers/config/networkdevice/8ecaa490-2312-11ea-807e-0050568b5bee
Enter host password for user 'ers-query':
{
  "ERSResponse" : {
    "operation" : "PUT-update-networkdevice",
    "messages" : [ {
      "title" : "Validation Error - Illeagal values: [The valid name can contain alphanumeric, hyphen(-), period(.) and underscore(_)]",
      "type" : "ERROR",
      "code" : "Application resource validation exception"
    } ],
    "link" : {
      "rel" : "related",
      "href" : "https://10.20.131.1:9060/ers/config/networkdevice/8ecaa490-2312-11ea-807e-0050568b5bee",
      "type" : "application/xml"
    }
  }

The same happens if I try this with Postman... Any idea what I'm doing wrong here?

Mike.Cifelli · ‎12-23-2019

Pull up your ERS SDK and go to API documentation. Under network device it will show you what fields are required to perform proper update via put as well as xml & json examples.

View solution in original post

Johannes Luther · ‎01-07-2020

@Mike.Cifelli wrote:
Pull up your ERS SDK and go to API documentation. Under network device it will show you what fields are required to perform proper update via put as well as xml & json examples.

Hi Mike,

of course I did that. The ERS documentation isn't very helpful in this regard.

By fiddling around, I found the solution (which is not documented of course)

tl;tr summary:

The Network Device Update (PUT) request must contain:

The name attribute - regardless whether the name is subject to change or not
The NetworkDeviceIPList attribute with the child elements ipaddress and mask

Note: I tested it for JSON data only

So for example, if the description of a network device should be changed, the following PUT body data would work:

{
  "NetworkDevice" : {
  "name" : "currentName"
  "description" : "new description",
  "NetworkDeviceIPList" : [ {
    "ipaddress" : "192.0.2.1",
    "mask" : 32
    } ]
  }
}

I found no indication in the ERS SDK documentation about this behavior. By the way: In the meantime I updated to ISE 2.4 patch 11 and the behavior is still the same.

So I guess it's another TAC case here :(

View solution in original post

Mike.Cifelli · ‎12-20-2019

Maybe try something along these lines in a py script:
API_DEVICE = "https://10.20.131.1:9060/ers/config/networkdevice/8ecaa490-2312-11ea-807e-0050568b5bee"
API_ERS_USER = "<user>","<pass>"
API_DATA = ({
"ERSEndPoint" : {
"description" : <DESC>,
}
})
r = requests.put(url=API_DEVICE, auth=API_ERS_USER, verify=True, json=API_DATA)

Johannes Luther · ‎12-20-2019

@Mike.Cifelli wrote:
API_DATA = ({
"ERSEndPoint" : {
"description" : <DESC>,
}
})
r = requests.put(url=API_DEVICE, auth=API_ERS_USER, verify=True, json=API_DATA)

Hi Mike,

thanks for your reply. However, you're using "ERSEndpoint" as top level key element. According to the documentation. the top level element for network devices should be "NetworkDevice" (as shown in the GET request)

Mike.Cifelli · ‎12-20-2019

Apologies. Snippet was from endpoint script I have. Update accordingly. I will try to test this in my lab.

Mike.Cifelli · ‎12-23-2019

Pull up your ERS SDK and go to API documentation. Under network device it will show you what fields are required to perform proper update via put as well as xml & json examples.

Johannes Luther · ‎01-07-2020

@Mike.Cifelli wrote:
Pull up your ERS SDK and go to API documentation. Under network device it will show you what fields are required to perform proper update via put as well as xml & json examples.

Hi Mike,

of course I did that. The ERS documentation isn't very helpful in this regard.

By fiddling around, I found the solution (which is not documented of course)

tl;tr summary:

The Network Device Update (PUT) request must contain:

The name attribute - regardless whether the name is subject to change or not
The NetworkDeviceIPList attribute with the child elements ipaddress and mask

Note: I tested it for JSON data only

So for example, if the description of a network device should be changed, the following PUT body data would work:

{
  "NetworkDevice" : {
  "name" : "currentName"
  "description" : "new description",
  "NetworkDeviceIPList" : [ {
    "ipaddress" : "192.0.2.1",
    "mask" : 32
    } ]
  }
}

I found no indication in the ERS SDK documentation about this behavior. By the way: In the meantime I updated to ISE 2.4 patch 11 and the behavior is still the same.

So I guess it's another TAC case here :(

ViktorMendes69101 · ‎04-08-2020

Just hit the same problem, you've saved the day for me Johannes :)

a.mitsova · ‎09-30-2022

Hi Johannes!

Unfortunately, this does not work for me .. and whatever I try, it always fails with:

< HTTP/1.1 405 Method Not Allowed
HTTP/1.1 405 Method Not Allowed
< Transfer-Encoding: chunked
Transfer-Encoding: chunked

Below is my request. I am simply trying to change the device name .. without any success. ISE version is quite old, but all other requests (GET, POST, DELETE) works perfectly fine . I will be really thankful if someone can give a tip.

curl \
-vvv \
--noproxy "*" \
--include \
--insecure \
--user ers-usr2:Password1234 \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Basic ZXJzLXVzcjI6UGFzc3dvcmQxMjM0' \
--request put https://x.x.x.x:9060/ers/config/networkdevice/5678 \
--data '
{
  "NetworkDevice" : {
    "id" : "5678",
    "name" : "NEW_NAME",
    "authenticationSettings" : {
      "networkProtocol" : "RADIUS",
      "radiusSharedSecret" : "******",
      "enableKeyWrap" : false,
      "keyInputFormat" : "ASCII"
    },
    "tacacsSettings" : {
      "sharedSecret" : "******",
      "connectModeOptions" : "OFF",
      "previousSharedSecret" : "test123",
      "previousSharedSecretExpiry" : 0
    },
    "profileName" : "Cisco",
    "coaPort" : 1700,
    "link" : {
      "rel" : "self",
      "href" : "https://x.x.x.x:9060/ers/config/networkdevice/5678",
      "type" : "application/xml"
    },
    "NetworkDeviceIPList" : [ {
      "ipaddress" : "192.168.4.5",
      "mask" : 32
    } ],
    "NetworkDeviceGroupList" : [ "Device Type#All Device Types#IPC#ROUTER#PE", "IPSEC#Is IPSEC Device#No", "Location#All Locations" ]
  }
}'