Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
5
Helpful
2
Replies

ISE Monitoring APIs

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-10-2019 11:24 AM

Seeking a few pointers on leveraging ISE monitoring APIs to quarantine/unquarantine hosts from a session management perspective. My ideal solution would be writing a python script that prompts the end user (Sys Admin/IA) for what they want to do (reauth/shut port). Then prompts for client mac OR IP. From here I would call separate functions based on the decision made & pass the input. Once the CoA is issued I would like to have some sort of confirmation that it was successful via another session update or potentially a sequence of pings. The only manual intervention would be having the end user move the comp object in AD into a separate security group so upon re-authz the host would move to the quarantine state (separate VN/sgt), and then of course the actual information provided for the script. The idea would solve an issue that requires several manual steps from an IA perspective.

 

FYI Currently running an ISE cluster on 2.4p9. I am going through documentation and realize both CoA can be accomplished via Session Disconnect Calls or Session Reauth calls. However, I do not see starting points for utilizing curl with json for those two types of calls. Any additional documentation I may have missed, or suggestions are appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to hslai

‎12-12-2019 05:34 AM

That clears some things up. I was able to get things rolling a little differently than explained yesterday, and I am currently working on a script. I will share in due time. Thanks for the response.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-11-2019 09:56 PM

The ISE monitoring APIs are giving outputs in XML only, if that is what you are asking here. No JSON support planned or scheduled.

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to hslai

‎12-12-2019 05:34 AM

That clears some things up. I was able to get things rolling a little differently than explained yesterday, and I am currently working on a script. I will share in due time. Thanks for the response.
0 Helpful
Customers Also Viewed These Support Documents