cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1797
Views
0
Helpful
2
Replies

Automation with ISE ERS API

Hello everyone, 

 

I am trying to automate adding network devices to ISE using python API calls to ISE with the requests module and using JSON for the modifying of the data. 

 

Here is an example of the code:

 

#### 

import requests
import requests.auth
import getpass
import json


Username = input("Enter API Username:")

Password = getpass.getpass("Enter API Password:")

headers = {'Content-Type': 'application/json', 'Accept': 'application/json'}

ISEjson= {
"NetworkDevice" : {
"id" : "123456789",
"name" : "networkDevice1",
"description" : "example nd",
"authenticationSettings" : {
"radiusSharedSecret" : "aaa",
"enableKeyWrap" : True,
"dtlsRequired" : True,
"keyEncryptionKey" : "1234567890123456",
"messageAuthenticatorCodeKey" : "12345678901234567890",
"keyInputFormat" : "ASCII"
},
"snmpsettings" : {
"version" : "ONE",
"roCommunity" : "aaa",
"pollingInterval" : 3600,
"linkTrapQuery" : True,
"macTrapQuery" : True,
"originatingPolicyServicesNode" : "Auto"
},
"trustsecsettings" : {
"deviceAuthenticationSettings" : {
"sgaDeviceId" : "networkDevice1",
"sgaDevicePassword" : "aaa"
},
"sgaNotificationAndUpdates" : {
"downlaodEnvironmentDataEveryXSeconds" : 86400,
"downlaodPeerAuthorizationPolicyEveryXSeconds" : 86400,
"reAuthenticationEveryXSeconds" : 86400,
"downloadSGACLListsEveryXSeconds" : 86400,
"otherSGADevicesToTrustThisDevice" : False,
"sendConfigurationToDevice" : False,
"sendConfigurationToDeviceUsing" : "ENABLE_USING_COA",
"coaSourceHost" : "IseNodeName"
},
"deviceConfigurationDeployment" : {
"includeWhenDeployingSGTUpdates" : True,
"enableModePassword" : "aaa",
"execModePassword" : "aaa",
"execModeUsername" : "aaa"
}
},
"tacacsSettings" : {
"sharedSecret" : "aaa",
"connectModeOptions" : "ON_LEGACY"
},
"profileName" : "Cisco",
"coaPort" : 1700,
"dtlsDnsName" : "ISE213.il.com",
"NetworkDeviceIPList" : [ {
"ipaddress" : "1.1.1.1",
"mask" : 32
} ],
"NetworkDeviceGroupList" : [ "Location#All Locations", "Device Type#All Device Types" ]
}
}

ISE = requests.post("https://x.x.x.x:9060/ers/config/networkdevice", verify=False, auth=(Username, Password), headers=headers, json=ISEjson)

 


print(ISE.text)
print(ISE.status_code)
print(ISE.headers)

####

 

 

The issue I am running into is when I try to post the data to ISE I get the following: 

<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3></h3></body></html>
401
{'WWW-Authenticate': 'Basic realm="ERSRealm"', 'Content-Type': 'text/html;charset=utf-8', 'Content-Language': 'en', 'Content-Length': '1014', 'Date': 'Tue, 09 Jul 2019 02:02:03 GMT', 'Server': ''}

 

 

I am not sure why it is not authenticating as I can use the requests module to GET and DELETE stuff in ISE with this same account. Can anyone provide some insight? 

1 Accepted Solution

Accepted Solutions

Disregard!

 

Solution: The Python interpreter was causing issues. 

View solution in original post

2 Replies 2

Disregard!

 

Solution: The Python interpreter was causing issues. 

valartemisa
Level 1
Level 1

Armin, how did you resolve this iissue? i seem to still have the same problem by using the curl command.

 

}'
HTTP/1.1 401
WWW-Authenticate: Basic realm="ERSRealm"
Content-Length: 0
Date: Thu, 02 May 2024 20:27:00 GMT
Server: