Solved: Re: ISE ERS SGT API 403 Error

Dolevha · ‎06-02-2022

Hey,

I'm using the ERS API on my ISE 2.4.0.357. Using GET requests work properly, but every post request I've tried in the trustsec calls returns a 403 Error:
ers/config/sgt
ers/config/sgacl

ers/config/egressmatrixcell

I've tried using POST on other parts of the API and it works:
ers/config/identitygroup
ers/config/networkdevice

The user I'm using has ERS admin permissions. I think these calls used to work a few months ago when I tried them but it doesn't work anymore.

Do you know what might be the reason for it? What troubleshoot actions can I take?

Thank you in advance,
Dolev

Greg Gibbs · ‎06-02-2022

You might be hitting this bug - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu30286

If you're not running the latest patch (patch 14; likely the last patch for 2.4 due to the End of Software Maintenance lifecycle stage), try updating.

If that does not resolve the issue, you'll likely need to enable the debugs and look at the logs as per Troubleshoot and Enable Debugs on ISE.

View solution in original post

Greg Gibbs · ‎06-02-2022

You might be hitting this bug - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu30286

If you're not running the latest patch (patch 14; likely the last patch for 2.4 due to the End of Software Maintenance lifecycle stage), try updating.

If that does not resolve the issue, you'll likely need to enable the debugs and look at the logs as per Troubleshoot and Enable Debugs on ISE.

Dolevha · ‎06-06-2022

Thanks!

I changed my Trustsec configuration from multiple matrices to a single matrix and it solved the issue.