ISE Lab: API 5 – Using Python

Automation, Cisco Networking, Lab, Python /

As ISE is using an API, Python can be used to interact with the API. This allows the use of programmatic logic to create, read, update or delete ISE elements.

Basic GET

I have created a simple GET that will just print the dACLs that ISE has. This is exactly the same API request and response as made in Postman in a previous post. The only difference is that Python is being used to send the request.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
 
import requests
import json
 
 
username = "ersadmin"
password = "Stefan2020"
 
my_headers = {'Content-Type':'application/json', 'Accept':'application/json'}
response = requests.get('https://172.17.5.101:9060/ers/config/downloadableacl', headers=my_headers, auth=(username, password), verify=False)
print(f"\n\nResponse Code: {response.status_code}\n")
 
pretty_json = json.loads(response.text)
print (json.dumps(pretty_json, indent=2))
 
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
C:\Users\admin\Documents\python\ise\venv\lib\site-packages\urllib3\connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host '172.17.5.101'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
 
 
Response Code: 200
 
{
  "SearchResult": {
    "total": 8,
    "resources": [
      {
        "id": "9825aa40-8c01-11e6-996c-525400b48521",
        "name": "DENY_ALL_IPV4_TRAFFIC",
        "description": "Deny all ipv4 traffic",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/9825aa40-8c01-11e6-996c-525400b48521",
          "type": "application/json"
        }
      },
      {
        "id": "30c241d0-067c-11ea-ace5-42a6b55c5ca6",
        "name": "DENY_ALL_IPV6_TRAFFIC",
        "description": "Deny all ipv6 traffic",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/30c241d0-067c-11ea-ace5-42a6b55c5ca6",
          "type": "application/json"
        }
      },
      {
        "id": "982498d0-8c01-11e6-996c-525400b48521",
        "name": "PERMIT_ALL_IPV4_TRAFFIC",
        "description": "Allow all ipv4 Traffic",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/982498d0-8c01-11e6-996c-525400b48521",
          "type": "application/json"
        }
      },
      {
        "id": "30c0e240-067c-11ea-ace5-42a6b55c5ca6",
        "name": "PERMIT_ALL_IPV6_TRAFFIC",
        "description": "Allow all ipv6 Traffic",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/30c0e240-067c-11ea-ace5-42a6b55c5ca6",
          "type": "application/json"
        }
      },
      {
        "id": "4f0befd0-7571-11ed-9611-eee1102280a3",
        "name": "VPN_ADMIN_UNKNOWN",
        "description": "",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/4f0befd0-7571-11ed-9611-eee1102280a3",
          "type": "application/json"
        }
      },
      {
        "id": "68205db0-725d-11ed-9611-eee1102280a3",
        "name": "WIRED_COMPUTER",
        "description": "",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/68205db0-725d-11ed-9611-eee1102280a3",
          "type": "application/json"
        }
      },
      {
        "id": "827e1760-725d-11ed-9611-eee1102280a3",
        "name": "WIRED_EMPLOYEE_COMPLIANT",
        "description": "",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/827e1760-725d-11ed-9611-eee1102280a3",
          "type": "application/json"
        }
      },
      {
        "id": "cefc1f70-76f8-11ed-9611-eee1102280a3",
        "name": "WIRED_NON-COMPLIANT",
        "description": "Guests or failed empoyees ACL to intenet, DNS/DHCP and ISE posutre",
        "link": {
          "rel": "self",
          "href": "https://172.17.5.101:9060/ers/config/downloadableacl/cefc1f70-76f8-11ed-9611-eee1102280a3",
          "type": "application/json"
        }
      }
    ]
  }
}
 

Create dACL

Again, this is moving what was already performed in Postman, to Python.
The response for this request is a 201 code only. If the dACL already exists, then a 500 response code is returned.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
import requests
import json
 
 
username = "ersadmin"
password = "Stefan2020"
 
body = {
  "DownloadableAcl": {
    "name": "POSTMAN_TEST",
    "description": "POSTMAN_TEST",
    "dacl": "permit udp any any eq 53\n\npermit tcp any host 172.17.5.101 eq 8443\npermit tcp any host 172.17.5.101 eq 8905\npermit udp any host 172.17.5.101 eq 8905\ndeny ip any 172.17.0.0 0.0.255.255\npermit ip any any",
    "daclType": "IPV4"
  }
}
my_headers = {'Content-Type':'application/json', 'Accept':'application/json'}
response = requests.post('https://172.17.5.101:9060/ers/config/downloadableacl', headers=my_headers, auth=(username, password), verify=False, json=body)
print(f"\n\nResponse Code: {response.status_code}\n")
 
0
1
2
3
4
5
6
 
C:\Users\admin\Documents\python\ise\venv\lib\site-packages\urllib3\connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host '172.17.5.101'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
 
 
Response Code: 201
 

Leave a Comment

Your email address will not be published. Required fields are marked *