Extensible Messaging and Presence Protocol is an open standard protocol for instant messaging. Arista switches can use this protocol as a way to configure multiple switches with the same configuration at the same time. Arista switches can even be grouped, so all spine switches, or all leaf switches, or switches in a certain location, etc. […]
Arista XMPP Configuration Read More »
Zero Touch Provisioning is a way for Arista switches to get a configuration file via DHCP options and configure itself with no interaction from an admin. All there is to do is connect up the switch and IP/config will be applied to the switch.ZTP will only run when there is no startup-config file, so first
Arista Zero Touch Provisioning (ZTP) Read More »
As ISE is using an API, Python can be used to interact with the API. This allows the use of programmatic logic to create, read, update or delete ISE elements. Basic GET I have created a simple GET that will just print the dACLs that ISE has. This is exactly the same API request and
ISE Lab: API 5 – Using Python Read More »
This post will find the details of an endpoint off the MAC address, and then see all the endpoints in a certain group.The API doesn’t seem to be able to search for an endpoint by IP address, as can be done in the GUI. Maybe it can, but with another API. The device that will
ISE Lab: API 4 – Search for Endpoint Read More »
This will be creating and deleting a dACL. Again, details can be found in the built-in ISE documentation. The Postman headers are the same as in the previous GET. Create The only changes here are; POST method and to add the dACL that will be sent with a name and description.A 201 response code will
ISE Lab: API 3 – Create & Delete dACLs Read More »
Now that the API has been configured, it can be tested. In this post, I will show a few base GET requests that can be made to ISE in Postman.There is a lot of documentation built into ISE to view which gives examples on the types of calls and examples of calls and returned output.https://172.17.5.101:9060/ers/sdk#_
ISE Lab: API 2 – First API GET Requests with Postman Read More »
ISE does not have the REST API enabled by default. It must be enabled in the ISE admin tab. When saved, there is information at the top showing the URL to an SDK info page that goes through the setup procedure.The most basic setup is only a single step to create an ERS admin. It
ISE Lab: API 1 – Setup Read More »
This is the completed Security Audit playbook.The playbook goes through a basic approved configuration for the devices. If there is anything missing, it is added. If there is anything that should not be there such as; an extra ACL line, or an extra NTP server or the enable secret being different this is fixed. The
Ansible Project: Network Security Audit 5 – Complete Security Audit Playbook Read More »
This is a test to get different commands added to different devices.There are multiple methods to achieve this.1. Use host_vars and set each var in the file. The task will pull the variables for the hosts. All need to be the same name2. Set individual plays for set commands. This does make the playbook longer.
Ansible Project: Network Security Audit 4 – Individual Device Commands Read More »
As I have been going through my list of configuration items for the security audit, I have only used Ansible to send commands. I haven’t used the ios_config module for any of its other abilities like interface configuration, gathering facts or ACL configuration.This post will cover 2/3 of those. Gathering facts, specifically ACL facts and
Ansible Project: Network Security Audit 3 – ios_acl Module Read More »