2021-05-21 11:02 PM
本ドキュメントでは、ISE ERS(External RESTful Services)の一部実行サンプルとトラブルシューティングに有用なDebugログの確認方法をご紹介します。
なお、確認の際にはISE 2.7 Patch3にて実施しているため、バージョン差異によるログ等の出力内容が異なる点はあらかじめご了承ください。
ERSのトラブルシューティングについてはdebug log: ise-psc.logを確認することがまず調査の第一歩となります。
debugログの確認方法については以下の記事を参考にしてください。
また、再現性がある問題の場合は以下の記事を参考にtailオプションをご利用いただくと調査が加速する可能性があります。
さらに、Debugログのログレベルを変更する際には以下の記事を参考にしていただき、Component: ersのログレベルをDEBUGに変更してから再現検証をしてください。
以下、参考までにVisual Studio Codeなどで開ける.restファイルの内容をサンプルとして本記事の最後に記載しますが、それを実行した際のRequest/Response(正常終了)と、ise-psc.log(LogLevel: INFO)を以下にご紹介します。
GET https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpoint
Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}}
Content-Type: application/json
Accept: application/json
HTTP/1.1 200
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-XSS-Protection: 1; mode=block
Date: Fri, 30 Apr 2021 01:15:37 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server:
{
"SearchResult": {
"total": 4,
"resources": [
{
"id": "34349de0-a847-11eb-bd1d-16488ad2a6de",
"name": "00:01:02:03:04:06",
"link": {
"rel": "self",
"href": "https://{{ISE-PAN-IP}}:9060/ers/config/endpoint/34349de0-a847-11eb-bd1d-16488ad2a6de",
"type": "application/json"
}
},
<snip>
{
"id": "9a82e9e0-a846-11eb-bd1d-16488ad2a6de",
"name": "12:34:56:78:90:A1",
"link": {
"rel": "self",
"href": "https://{{ISE-PAN-IP}}:9060/ers/config/endpoint/9a82e9e0-a846-11eb-bd1d-16488ad2a6de",
"type": "application/json"
}
}
]
}
}
2021-04-30 10:17:40,404 INFO [ers-http-pool20][] cpm.ers.app.impl.ERSConfigurationListener -::::- Registering ERS Configuration Listener
2021-04-30 10:17:40,458 INFO [ers-http-pool20][] cisco.cpm.ers.fw.CRUDService -::::- The GET ALL resources request for resource type 'endpoint' Completed Successfully
GET https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpointgroup
Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}}
Content-Type: application/json
Accept: application/json
HTTP/1.1 200
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: APPSESSIONID=98995B51AD7D4BAA7F78229F78B629C1; Path=/ers; Secure; HttpOnly
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-XSS-Protection: 1; mode=block
Date: Fri, 30 Apr 2021 01:26:30 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server:
{
"SearchResult": {
"total": 20,
"resources": [
{
"id": "38a73670-8c00-11e6-996c-525400b48521",
"name": "DeviceVendorA",
"description": "Identity Group for Profile: DeviceVendorA",
"link": {
"rel": "self",
"href": "https://{{ISE-PAN-IP}}:9060/ers/config/endpointgroup/38a73670-8c00-11e6-996c-525400b48521",
"type": "application/json"
}
},
<snip>
{
"id": "0a758ad0-a844-11eb-bd1d-16488ad2a6de",
"name": "LAB",
"description": "",
"link": {
"rel": "self",
"href": "https://{{ISE-PAN-IP}}:9060/ers/config/endpointgroup/0a758ad0-a844-11eb-bd1d-16488ad2a6de",
"type": "application/json"
}
}
]
}
}
2021-04-30 10:27:11,068 INFO [ers-http-pool20][] cisco.cpm.nsf.impl.UserIdentityManagement -::::- In internal authentication method to check whether the policies are matched to the logged in user groups time taken is 1
2021-04-30 10:27:11,072 INFO [ers-http-pool20][] cisco.cpm.nsf.impl.UserIdentityManagement -::::- Scheduling UserIdentityManagement.AsyncUpdater
2021-04-30 10:27:11,075 INFO [ers-http-pool20][] cpm.ers.app.impl.ERSConfigurationListener -::::- Registering ERS Configuration Listener
2021-04-30 10:27:11,087 INFO [ers-http-pool20][] api.services.server.role.RoleImpl -::::- Fetched List of Roles Information for entityFQN: NAC Group:NAC
2021-04-30 10:27:11,267 INFO [ers-http-pool20][] api.services.server.role.RoleImpl -::::- Fetched List of Roles Information for entityFQN: NAC Group:NAC
POST https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpoint
Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}}
Content-Type: application/json
Accept: application/json
{
"ERSEndPoint": {
"name": {{mac_addr}},
"description": "Added by ERS",
"mac": {{mac_addr}},
"staticProfileAssignment": false,
"groupId": {{grp_id}},
"staticGroupAssignment": true
}
}
HTTP/1.1 201
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-XSS-Protection: 1; mode=block
Location: https://{{ISE-PAN-IP}}:9060/ers/config/endpoint/bdf609d0-a953-11eb-bd1d-16488ad2a6de
Date: Fri, 30 Apr 2021 01:31:10 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 0
Connection: close
Server:
2021-04-30 10:31:09,877 INFO [ers-http-pool20][] cpm.ers.app.impl.ERSConfigurationListener -::::- Registering ERS Configuration Listener
2021-04-30 10:31:09,979 INFO [ers-http-pool20][] com.cisco.epm.jms.AQMessgeHandler -::::- Publishing message for event [TxnCommit / commit] and message class[class com.cisco.epm.pap.api.transaction.Transaction]
2021-04-30 10:31:10,037 INFO [ers-http-pool20][] cisco.cpm.ers.fw.CRUDService -::::- The POST resource request for resource type 'endpoint' Completed Successfully
@ISE-PAN-IP = x.x.x.x @ISE-ADMIN-NAME = xxxxx @ISE-ADMIN-PW = xxxxx @ISE-ERS-PORT = 9060 ############################### # @name List EPs GET https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpoint Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}} Content-Type: application/json Accept: application/json ############################### # @name GET EP GET https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpoint/name/12:34:56:78:90:A1 Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}} Content-Type: application/json Accept: application/json ############################### # @name List EP Groupss GET https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpointgroup Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}} Content-Type: application/json Accept: application/json ############################### # @name create EP @mac_addr = "00:01:02:03:04:10" @grp_id = "18c1d210-a844-11eb-bd1d-16488ad2a6de" ############################### POST https://{{ISE-PAN-IP}}:{{ISE-ERS-PORT}}/ers/config/endpoint Authorization: Basic {{ISE-ADMIN-NAME}} {{ISE-ADMIN-PW}} Content-Type: application/json Accept: application/json { "ERSEndPoint": { "name": {{mac_addr}}, "description": "Added by ERS", "mac": {{mac_addr}}, "staticProfileAssignment": false, "groupId": {{grp_id}}, "staticGroupAssignment": true } }
検索バーにキーワード、フレーズ、または質問を入力し、お探しのものを見つけましょう
シスコ コミュニティをいち早く使いこなしていただけるよう役立つリンクをまとめました。みなさんのジャーニーがより良いものとなるようお手伝いします
下記より関連するコンテンツにアクセスできます