Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4513
Views
25
Helpful
4
Replies

ISE: how to extract MAC lists which are used for MAB

Go to solution
naoki_Japan
Spotlight
Spotlight

‎10-06-2021 10:44 PM - edited ‎10-06-2021 10:45 PM

 

I want the list of MAC addresses which  I manually registered by using csv.file and manually entering.

I mean the MAC lists I want is MAC lists used for MAB.

On the panel Context visibility > Endpoints, if I just click Export and download csv file, the content of file would include not only MAC used for MAB but also, unfortunately , MAC of users who logged in via dot1x. 

2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-07-2021 02:07 AM

Hi @naoki_Japan 

If you export all the MAC addresses, you can open the CSV file in excel (or another program) and filter on StaticAssignment column, there are two options TRUE or FALSE. If FALSE then these are your dynamically added endpoint MAC address for 802.1x users, the remaining MAC addresses would be set to TRUE and are the MAC address you statically added.

View solution in original post

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-07-2021 06:46 AM

Sharing a way to generate a csv file containing specific ISE endpoint group macs based on user input with python.  

#!/usr/bin/python
import json
import requests
import warnings
import sys
import csv

#ignore invalid cert warnings
warnings.filterwarnings("ignore")

groupID = ("")
temp1 = ("")
temp2 = ("")

USR_CHOICE = raw_input ("Do you want to see MACs in Imaging (1) or Blacklist group(2)?")
    while USR_CHOICE not in ('1','2'):
    print "************************************"
    print "Error! You must enter 1 (ADD) or 2 (REMOVE)"
    print "************************************"
    sys.exit()
if USR_CHOICE == '1':
    groupID = '<xxx:xxx>'
else:
    groupID = '<xxx.xxx>'

API_DEVICE = "https://<ise_pan>:9060/ers/config/endpoint?filter=groupId.EQ." + groupID + "&size=100"
API_ERS_USER = "<user>","<pass>"
HEADERS = {
    'Accept': "application/json",
    'Content-Type': "application/json",
}

r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)

#print r.text
data = r.text

endPoints = json.loads(data)
print "Total Number of Endpoints in Group:",endPoints['SearchResult']['total']
print "---------------------------------------"

f = open ('Grp_Macs.csv','w')
w = csv.DictWriter(f, fieldnames = ['MAC Address','Description'])
w.writeheader()
f.close()

for MAC in endPoints ["SearchResult"]["resources"]:
    temp1 = MAC['name']
    with open ('Grp_Macs.csv','a') as csvfile:
        w = csv.writer(csvfile)
        try:
            temp2 = MAC['description']
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:", temp2
        except KeyError:
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:"""
            continue
with open ('Grp_Macs.csv','a') as csvfile:
    w = csv.writer(csvfile)
    TOTAL = endPoints['SearchResult']['total']
    w.writerow(['Total Endpoints:', TOTAL])

sys.exit() 

 Use curl to get id group strings for the specific groups.  Update ers user/pass creds.  Sample output of csv is as follows:

MAC Address,Description
XX:XX:XX:XX:XX:XX,description1
XX:XX:XX:XX:XX:XX,description2
XX:XX:XX:XX:XX:XX,description3
XX:XX:XX:XX:XX:XX,description4
XX:XX:XX:XX:XX:XX,description5
XX:XX:XX:XX:XX:XX,description6
XX:XX:XX:XX:XX:XX,description7
XX:XX:XX:XX:XX:XX,description8
Total Endpoints:,8

 

Curl example to get group id string: 

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user>:<pass> --request GET https://<ise_pan>:9060/ers/config/endpointgroup?filter=name.EQ.<your_group_name>

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎10-07-2021 02:07 AM

Hi @naoki_Japan 

If you export all the MAC addresses, you can open the CSV file in excel (or another program) and filter on StaticAssignment column, there are two options TRUE or FALSE. If FALSE then these are your dynamically added endpoint MAC address for 802.1x users, the remaining MAC addresses would be set to TRUE and are the MAC address you statically added.

Go to solution
naoki_Japan
Spotlight
Spotlight
In response to Rob Ingram

‎10-07-2021 06:04 PM

Thank you.

This morning I got it by doing as you said!

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-07-2021 06:46 AM

Sharing a way to generate a csv file containing specific ISE endpoint group macs based on user input with python.  

#!/usr/bin/python
import json
import requests
import warnings
import sys
import csv

#ignore invalid cert warnings
warnings.filterwarnings("ignore")

groupID = ("")
temp1 = ("")
temp2 = ("")

USR_CHOICE = raw_input ("Do you want to see MACs in Imaging (1) or Blacklist group(2)?")
    while USR_CHOICE not in ('1','2'):
    print "************************************"
    print "Error! You must enter 1 (ADD) or 2 (REMOVE)"
    print "************************************"
    sys.exit()
if USR_CHOICE == '1':
    groupID = '<xxx:xxx>'
else:
    groupID = '<xxx.xxx>'

API_DEVICE = "https://<ise_pan>:9060/ers/config/endpoint?filter=groupId.EQ." + groupID + "&size=100"
API_ERS_USER = "<user>","<pass>"
HEADERS = {
    'Accept': "application/json",
    'Content-Type': "application/json",
}

r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)

#print r.text
data = r.text

endPoints = json.loads(data)
print "Total Number of Endpoints in Group:",endPoints['SearchResult']['total']
print "---------------------------------------"

f = open ('Grp_Macs.csv','w')
w = csv.DictWriter(f, fieldnames = ['MAC Address','Description'])
w.writeheader()
f.close()

for MAC in endPoints ["SearchResult"]["resources"]:
    temp1 = MAC['name']
    with open ('Grp_Macs.csv','a') as csvfile:
        w = csv.writer(csvfile)
        try:
            temp2 = MAC['description']
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:", temp2
        except KeyError:
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:"""
            continue
with open ('Grp_Macs.csv','a') as csvfile:
    w = csv.writer(csvfile)
    TOTAL = endPoints['SearchResult']['total']
    w.writerow(['Total Endpoints:', TOTAL])

sys.exit() 

 Use curl to get id group strings for the specific groups.  Update ers user/pass creds.  Sample output of csv is as follows:

MAC Address,Description
XX:XX:XX:XX:XX:XX,description1
XX:XX:XX:XX:XX:XX,description2
XX:XX:XX:XX:XX:XX,description3
XX:XX:XX:XX:XX:XX,description4
XX:XX:XX:XX:XX:XX,description5
XX:XX:XX:XX:XX:XX,description6
XX:XX:XX:XX:XX:XX,description7
XX:XX:XX:XX:XX:XX,description8
Total Endpoints:,8

 

Curl example to get group id string: 

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user>:<pass> --request GET https://<ise_pan>:9060/ers/config/endpointgroup?filter=name.EQ.<your_group_name>

Go to solution
naoki_Japan
Spotlight
Spotlight
In response to Mike.Cifelli

‎10-07-2021 06:06 PM

Thank you sharing the code useful !!!

I can use this code in various way by customizing the code!

Customers Also Viewed These Support Documents