webapp-ise-switch-sessions
WebApp to gather Access Sessions info and Set Endpoint Group in ISE
This Flask Web Application allows to do the following:
- gather information about access-session on the switch.
- login to the switch
- collect all mac addresses from access-sessions
- check access-session for each mac address
- if there is FAIL in the dACL - collect info about this session:
- interface
- mac_address
- ip_address
- user_name
- method (mab|dot1x)
- vendor (for mab)
- Put endpoint into the specific Endpoint Group in ISE
Table of Contents
About The Project
This project continues my previous script to collect access-session from switch with ISE in monitor mode:
I decided to create a simple Web Application which allows gathering access-session information from the switch and to put into the specific Endpoint Group in ISE using Cisco ISE API.
Built With
- Python3
- Flask
- Cisco ISE
- Cisco IOS Switch
Getting Started
Clone the repository
git clone https://github.com/dagolovach/webapp-ise-switch-sessions.git
Create a virtual enviroment
% python3 -m venv venv
% . venv/bin/activateInstall modules from requirements.txt
% pip install -r requirements.txt
Run the flask application
- Windows CMD:
% set FLASK_APP=application.py
% flask run- Unix Bash (Linux, Mac, etc.):
% export FLASK_APP=application.py % % flask run * Serving Flask app "application.py" * Environment: production WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Debug mode: off * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Change local.py file with switch and ISE API credentials:
switch_credentials = {
'username': 'admin',
'password': 'admin',
'secret': 'admin'
}
ise_credentials = {
'username': 'admin',
'password': 'admin',
'base_url': 'https://10.10.10.10:9060/ers/config/'
}Usage
- collect sessions information from the switch
- enter switch IP address
- collect access-session information and show it in the table/json file
- provide option to update group in the ISE for this MAC address
- work with just some MAC address
- enter MAC address
- update the group in ISE for provided MAC address
Adding MAC address into ISE Group:
Breakdown
Contact
- Created by Dmitry Golovach
- Web: https://dagolovachgolovach.com
- Twitter: @dagolovach
- LinkedIn: @dmitrygolovach
- feel free to contact me!
View code on GitHub
Owner
Contributors
Github contributorCategories
Products
Identity Services Engine (ISE)Programming Languages
HTMLPythonLicense
MIT License
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View CommunityDisclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.