Cisco Identity Services Engine API v1

ISE 3.1 and above (API v1)

Using API calls for Session Management

This chapter describes the session management API calls that provide the means for retrieving important session-related information from within the Cisco Monitoring ISE node in your Cisco ISE deployment.

Session Counter API Calls

The following session counter API calls let you quickly gather a current count of session-related information on a target Cisco Monitoring ISE node in your Cisco ISE deployment:

Active sessions (ActiveCount): An active session is one that is authenticated onto the network.
Postured sessions (PostureCount): Postured state is asserted when posture is concluded (Compliant/Noncompliant). Posture is optional, for example, IP-phone/printer would not go to Postured state. Postured state is a short lived interim state, since after Postured, it moves to Started state when accounting start is set.
Profiled sessions (ProfilerCount): These various states are meant to troubleshoot if an endpoint gets stuck in any of the phases.

Active Sessions Counter

You can use the ActiveCount API call to retrieve a count of all currently active sessions.

Note: You must add the HTTP authorization header with the authorization credentials to view the number of active sessions.

ActiveCount API Output Schema

This sample schema file is the output of the ActiveCount API call for retrieving a count of the active sessions on the target Monitoring persona of an ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionCount" type="activeCount"/>

<xs:complexType name="activeCount">

<xs:sequence>

<xs:element name="count" type="xs:int"/>

</xs:sequence>

</xs:complexType>

</xs:schema>

Invoking the ActiveCount API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/ ).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter .

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the ActiveCount API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/<specific-api-call>):

https://acme123/admin/API/mnt/Session/ActiveCount

Note: You must carefully enter each API call in the URL Address field of a target node because these calls are case-sensitive. The use of “mnt” in the API call convention represents the target Cisco Monitoring ISE node.

Step 5 Press Enter to issue the API call.

Sample Data Returned from the ActiveCount API Call

The following example illustrates the data returned (number of active sessions) when you invoke an ActiveCount API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

</sessionCount>

Posture Sessions Counter

You can use the PostureCount API call to retrieve a current count of all currently active Posture sessions.

PostureCount API Output Schema

This sample schema file is the output of the PostureCount API call for retrieving a count of the current active Posture sessions on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionCount" type="postureCount"/>

<xs:complexType name="postureCount">

<xs:sequence>

<xs:element name="count" type="xs:int"/>

</xs:sequence>

</xs:complexType>

</xs:schema>

Invoking the PostureCount API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/ ).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter .

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the PostureCount API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

https://acme123/admin/API/mnt/Session/PostureCount

Step 5 Press Enter to issue the API call.

Sample Data Returned from the PostureCount API Call

The following example illustrates the data returned (number of current active Posture sessions) when you invoke a PostureCount API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

</sessionCount>

Profiler Sessions Counter

You can use the ProfilerCount API call to retrieve a count of all currently active Profiler sessions.

ProfilerCount API Output Schema

This sample schema file is the output of the ProfilerCount API call for retrieving a count of the current active Profiler sessions on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionCount" type="profilerCount"/>

<xs:complexType name="profilerCount">

<xs:sequence>

<xs:element name="count" type="xs:int"/>

</xs:sequence>

</xs:complexType>

</xs:schema>

Invoking the ProfilerCount API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/ ).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter .

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the ProfilerCount API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

https://acme123/admin/API/mnt/Session/ProfilerCount

Step 5 Press Enter to issue the API call.

Sample Data Returned from the API Call

The following example illustrates the data returned (number of active Profiler sessions) when you invoke a ProfilerCount API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

</sessionCount>

Simple Session List API Calls

The following simple session list API calls let you quickly gather session-related information such as the MAC address, the network access device (NAD) IP address, user name, and session ID associated with a current active session on a target Cisco Monitoring ISE node in your Cisco ISE deployment:

Active sessions list (ActiveSessionsList)
Authenticated sessions list (AuthSessionsList)

Active Sessions List

You can use the ActiveSessionsList API call to list all currently active sessions.

Note: The maximum number of active authenticated endpoint sessions that can be displayed is limited to 100,000.

ActiveSessionsList API Output Schema

This sample schema file is the output of the ActiveSessionsList API call for retrieving a list of the current active sessions (and session-related information) on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="activeSessionList" type="simpleActiveSessionList"/>

<xs:complexType name="simpleActiveSessionList">

<xs:sequence>

<xs:element name="activeSession" type="simpleActiveSession" minOccurs="0" maxOccurs="unbounded"/>

</xs:sequence>

<xs:attribute name="noOfActiveSession" type="xs:int" use="required"/>

</xs:complexType>

<xs:complexType name="simpleActiveSession">

<xs:sequence>

<xs:element name="user_name" type="xs:string" minOccurs="0"/>

<xs:element name="calling_station_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="acct_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="audit_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="server" type="xs:string" minOccurs="0"/>

</xs:sequence>

</xs:complexType>

<xs:element name="nas_ipv6_address" type="xs:string"/>

<xs:complexType name="framed_ipv6_address_list">

<xs:sequence minOccurs="0" maxOccurs="8"><xs:element name="ipv6_address" type="xs:string" />

</xs:sequence>

</xs:complexType>

<xs:element name="framed_ipv6_address" type="framed_ipv6_address_list" minOccurs="1" maxOccurs="1"/>

</xs:schema>

Invoking the ActiveSessionsList API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/ ).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter .

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the ActiveSessionsList API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

https://acme123/admin/API/mnt/Session/ActiveSessionsList

Note: You must carefully enter each API call in the URL Address field of a target node, because these calls are case-sensitive. The use of “mnt” in the API call convention represents a Cisco Monitoring ISE node.

Step 5 Press Enter to issue the API call.

Sample Data Returned from the ActiveSessionsList API Call

The following example illustrates the session-related data returned from the list of active sessions when you invoke an ActiveSessionsList API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<calling_station_id>00:0C:29:FA:EF:0A</calling_station_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<calling_station_id>70:5A:B6:68:F7:CC</calling_station_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>tom_wolfe</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<acct_session_id>00000032</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>graham_hancock</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<acct_session_id>0000002C</acct_session_id>

<audit_session_id>0ACB6BA10000002A165FD0C8</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>ipepvpnuser</user_name>

<calling_station_id>172.23.130.89</calling_station_id>

<nas_ip_address>10.203.107.45</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>A2000070</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Authenticated Sessions List

You can use the AuthSessionsList API call to retrieve the list of active sessions that are authenticated or get the list of active sessions with accounting updates in the given time frame (between the chosen start time and end time).

Note: The maximum number of active authenticated endpoint sessions that can be displayed is limited to 100,000.

AuthSessionsList API Output Schema

This sample schema file is the output of the AuthSessionsList API call for retrieving a list of all currently active authenticated sessions within a specified period of time (or for no specified time using the “null/null” parameter) on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="activeSessionList" type="simpleActiveSessionList"/>

<xs:complexType name="simpleActiveSessionList">

<xs:sequence>

<xs:element name="activeSession" type="simpleActiveSession" minOccurs="0" maxOccurs="unbounded"/>

</xs:sequence>

<xs:attribute name="noOfActiveSession" type="xs:int" use="required"/>

</xs:complexType>

<xs:complexType name="simpleActiveSession">

<xs:sequence>

<xs:element name="user_name" type="xs:string" minOccurs="0"/>

<xs:element name="calling_station_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="acct_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="audit_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="server" type="xs:string" minOccurs="0"/>

</xs:sequence>

</xs:complexType>

<xs:element name="nas_ipv6_address" type="xs:string"/>

<xs:complexType name="framed_ipv6_address_list">

<xs:sequence minOccurs="0" maxOccurs="8"><xs:element name="ipv6_address" type="xs:string" />

</xs:sequence>

</xs:complexType>

<xs:element name="framed_ipv6_address" type="framed_ipv6_address_list" minOccurs="1" maxOccurs="1"/>

</xs:schema>

Invoking the AuthSessionsList API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/ ).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter .

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the AuthSessionsList API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

Note: The first of the following two examples uses a defined starttime and null parameter, which displays a list of the currently active sessions that were authenticated after the specified start time. The second example uses the null/null parameter that displays a list of all currently active authenticated sessions. See Sample Data Returned from the AuthSessionsList API Call with the null/null Option, which displays samples of the four parameter setting types for this API call.

https://acme123/admin/API/mnt/Session/AuthSessionsList/2010-12-14 15:33:15/null

https://acme123/admin/API/mnt/Session/AuthSessionsList/null/null

Step 5 Press Enter to issue the API call.

Sample Data Returned from the AuthSessionsList API Call with the null/null Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthSessionsList API call using the null/null option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<audit_session_id>0acb6b0c000000174D07F487</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>tom_wolfe</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>graham_hancock</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Sample Data Returned from the API Call with the endtime/null Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthSessionsList API call using the endtime/null option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<audit_session_id>0acb6b0c0000001F4D08085A</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>hunter_thompson</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>bob_ludlum</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Sample Data Returned from the AuthSessionsList API Call with the null/starttime Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthSessionsList API call using the null/starttime option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<audit_session_id>0acb6b0c0000001F4D08085A</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>bob_ludlum</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>tom_wolfe</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Sample Data Returned from the AuthSessionsList API Call with the starttime/endtime Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthSessionsList API call using the starttime/endtime option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<audit_session_id>0acb6b0c0000001F4D08085A</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>graham_hancock</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>hunter_thompson</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Detailed Session Attribute API Calls

The following detailed session attribute API calls let you quickly search the latest session for key information, such as the following:

User name session search (UserName)
NAS IP address session search (IPAddress associated with a target Monitoring ISE node)
Endpoint IP address session search (EndPointIPAddress)
Audit session ID search (Audit Session ID)
MAC Address Session Search

MAC address session search

You can use the MACAddress API call to retrieve a specified MAC address from a current, active session. This API call lists a variety of session-related information drawn from node database tables.

MACAddress API Output Schema

This sample schema file is the output of the MACAddress API call for retrieving a specified MAC address from the current active sessions:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionParameters" type="restsdStatus"/>

<xs:complexType name="restsdStatus">

<xs:sequence>

<xs:element name="passed" type="xs:anyType" minOccurs="0"/>

<xs:element name="failed" type="xs:anyType" minOccurs="0"/>

<xs:element name="user_name" type="xs:string" minOccurs="0"/>

<xs:element name="nas_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="failure_reason" type="xs:string" minOccurs="0"/>

<xs:element name="calling_station_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_port" type="xs:string" minOccurs="0"/>

<xs:element name="identity_group" type="xs:string" minOccurs="0"/>

<xs:element name="network_device_name" type="xs:string" minOccurs="0"/>

<xs:element name="acs_server" type="xs:string" minOccurs="0"/>

<xs:element name="authen_protocol" type="xs:string" minOccurs="0"/>

<xs:element name="framed_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="network_device_groups" type="xs:string" minOccurs="0"/>

<xs:element name="access_service" type="xs:string" minOccurs="0"/>

<xs:element name="auth_acs_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="authentication_method" type="xs:string" minOccurs="0"/>

<xs:element name="execution_steps" type="xs:string" minOccurs="0"/>

<xs:element name="radius_response" type="xs:string" minOccurs="0"/>

<xs:element name="audit_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_identifier" type="xs:string" minOccurs="0"/>

<xs:element name="nas_port_id" type="xs:string" minOccurs="0"/>

<xs:element name="nac_policy_compliance" type="xs:string" minOccurs="0"/>

<xs:element name="auth_id" type="xs:long" minOccurs="0"/>

<xs:element name="auth_acsview_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="message_code" type="xs:string" minOccurs="0"/>

<xs:element name="acs_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="service_selection_policy" type="xs:string" minOccurs="0"/>

<xs:element name="authorization_policy" type="xs:string" minOccurs="0"/>

<xs:element name="identity_store" type="xs:string" minOccurs="0"/>

<xs:element name="response" type="xs:string" minOccurs="0"/>

<xs:element name="service_type" type="xs:string" minOccurs="0"/>

<xs:element name="cts_security_group" type="xs:string" minOccurs="0"/>

<xs:element name="use_case" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_av_pair" type="xs:string" minOccurs="0"/>

<xs:element name="ad_domain" type="xs:string" minOccurs="0"/>

<xs:element name="acs_username" type="xs:string" minOccurs="0"/>

<xs:element name="radius_username" type="xs:string" minOccurs="0"/>

<xs:element name="nac_role" type="xs:string" minOccurs="0"/>

<xs:element name="nac_username" type="xs:string" minOccurs="0"/>

<xs:element name="nac_posture_token" type="xs:string" minOccurs="0"/>

<xs:element name="nac_radius_is_user_auth" type="xs:string" minOccurs="0"/>

<xs:element name="selected_posture_server" type="xs:string" minOccurs="0"/>

<xs:element name="selected_identity_store" type="xs:string" minOccurs="0"/>

<xs:element name="authentication_identity_store" type="xs:string" minOccurs="0"/>

<xs:element name="azn_exp_pol_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="ext_pol_server_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="grp_mapping_pol_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="identity_policy_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="nas_port_type" type="xs:string" minOccurs="0"/>

<xs:element name="query_identity_stores" type="xs:string" minOccurs="0"/>

<xs:element name="selected_azn_profiles" type="xs:string" minOccurs="0"/>

<xs:element name="sel_exp_azn_profiles" type="xs:string" minOccurs="0"/>

<xs:element name="selected_query_identity_stores" type="xs:string" minOccurs="0"/>

<xs:element name="eap_tunnel" type="xs:string" minOccurs="0"/>

<xs:element name="tunnel_details" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_h323_attributes" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_ssg_attributes" type="xs:string" minOccurs="0"/>

<xs:element name="other_attributes" type="xs:string" minOccurs="0"/>

<xs:element name="response_time" type="xs:long" minOccurs="0"/>

<xs:element name="nad_failure" type="xs:anyType" minOccurs="0"/>

<xs:element name="destination_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="acct_id" type="xs:long" minOccurs="0"/>

<xs:element name="acct_acs_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="acct_acsview_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="acct_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="acct_status_type" type="xs:string" minOccurs="0"/>

<xs:element name="acct_session_time" type="xs:long" minOccurs="0"/>

<xs:element name="acct_input_octets" type="xs:string" minOccurs="0"/>

<xs:element name="acct_output_octets" type="xs:string" minOccurs="0"/>

<xs:element name="acct_input_packets" type="xs:long" minOccurs="0"/>

<xs:element name="acct_output_packets" type="xs:long" minOccurs="0"/>

<xs:element name="acct_class" type="xs:string" minOccurs="0"/>

<xs:element name="acct_terminate_cause" type="xs:string" minOccurs="0"/>

<xs:element name="acct_multi_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="acct_authentic" type="xs:string" minOccurs="0"/>

<xs:element name="termination_action" type="xs:string" minOccurs="0"/>

<xs:element name="session_timeout" type="xs:string" minOccurs="0"/>

<xs:element name="idle_timeout" type="xs:string" minOccurs="0"/>

<xs:element name="acct_interim_interval" type="xs:string" minOccurs="0"/>

<xs:element name="acct_delay_time" type="xs:string" minOccurs="0"/>

<xs:element name="event_timestamp" type="xs:string" minOccurs="0"/>

<xs:element name="acct_tunnel_connection" type="xs:string" minOccurs="0"/>

<xs:element name="acct_tunnel_packet_lost" type="xs:string" minOccurs="0"/>

<xs:element name="security_group" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_h323_setup_time" type="xs:dateTime" minOccurs="0"/>

<xs:element name="cisco_h323_connect_time" type="xs:dateTime" minOccurs="0"/>

<xs:element name="cisco_h323_disconnect_time" type="xs:dateTime" minOccurs="0"/>

<xs:element name="framed_protocol" type="xs:string" minOccurs="0"/>

<xs:element name="started" type="xs:anyType" minOccurs="0"/>

<xs:element name="stopped" type="xs:anyType" minOccurs="0"/>

<xs:element name="ckpt_id" type="xs:long" minOccurs="0"/>

<xs:element name="type" type="xs:long" minOccurs="0"/>

<xs:element name="nad_acsview_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="vlan" type="xs:string" minOccurs="0"/>

<xs:element name="dacl" type="xs:string" minOccurs="0"/>

<xs:element name="authentication_type" type="xs:string" minOccurs="0"/>

<xs:element name="interface_name" type="xs:string" minOccurs="0"/>

<xs:element name="reason" type="xs:string" minOccurs="0"/>

<xs:element name="endpoint_policy" type="xs:string" minOccurs="0"/>

</xs:sequence>

</xs:complexType>

<xs:element name="nas_ipv6_address" type="xs:string"/>

<xs:complexType name="framed_ipv6_address_list">

<xs:sequence minOccurs="0" maxOccurs="8"><xs:element name="ipv6_address" type="xs:string" />

</xs:sequence>

</xs:complexType>

<xs:element name="framed_ipv6_address" type="framed_ipv6_address_list" minOccurs="1" maxOccurs="1"/>

</xs:schema>

Invoking the MACAddress API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/ ).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter .

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the MACAddress API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/<specific-api-call>/<macaddress>):

https://acme123/admin/API/mnt/Session/MACAddress/0A:0B:0C:0D:0E:0F

Note: Make sure that you specify the MAC address using the XX:XX:XX:XX:XX:XX format. The MAC address input is case sensitive. Only uppercase characters are accepted for the MAC address input.

Step 5 Press Enter to issue the API call.

Sample Data Returned from the MACAddress API Call

The following example illustrates the session-related data returned from the list of active sessions when you invoke an MACAddress API call:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<failed xsi:type="xs:boolean">false</failed>

<user_name>hunter_thompson</user_name>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_port>50115</nas_port>

<identity_group>Profiled</identity_group>

<network_device_name>Core-Switch</network_device_name>

<acs_server>HAREESH-R6-1-PDP2</acs_server>

<authen_protocol>Lookup</authen_protocol>

<network_device_groups>

Device Type#All Device Types,Location#All Locations

</network_device_groups>

<access_service>RADIUS</access_service>

<auth_acs_timestamp>2010-12-15T02:11:12.359Z</auth_acs_timestamp>

<authentication_method>mab</authentication_method>

<execution_steps>

11001,11017,11027,15008,15048,15004,15041,15004,15013,24209,24211,22037,15036,15048,15048,15004,15016,11022,11002

</execution_steps>

<audit_session_id>0ACB6BA1000000351BBFBF8B</audit_session_id>

<nas_port_id>GigabitEthernet1/0/15</nas_port_id>

<nac_policy_compliance>Pending</nac_policy_compliance>

<auth_id>1291240762077361</auth_id>

<auth_acsview_timestamp>2010-12-15T02:11:12.360Z</auth_acsview_timestamp>

<message_code>5200</message_code>

<acs_session_id>HAREESH-R6-1-PDP2/81148292/681</acs_session_id>

<service_selection_policy>MAB</service_selection_policy>

<identity_store>Internal Hosts</identity_store>

{UserName=00-14-BF-5A-0C-03; User-Name=00-14-BF-5A-0C-03; State=ReauthSession:0ACB6BA1000000351BBFBF8B; Class=CACS:0ACB6BA1000000351BBFBF8B:HAREESH-R6-1-PDP2/81148292/681; Termination-Action=RADIUS-Request; cisco-av-pair=url-redirect-acl=ACL-WEBAUTH-REDIRECT; cisco-av-pair=url-redirect=https://HAREESH-R6-1-PDP2.cisco.com:8443/guestportal/gateway?sessionId=0ACB6BA1000000351BBFBF8B&action=cwa; cisco-av-pair=ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-ACL-DENY-4ced8390; }

</response>

<service_type>Call Check</service_type>

<use_case>Host Lookup</use_case>

<cisco_av_pair>audit-session-id=0ACB6BA1000000351BBFBF8B</cisco_av_pair>

<acs_username>00:14:BF:5A:0C:03</acs_username>

<radius_username>00:14:BF:5A:0C:03</radius_username>

<selected_identity_store>Internal Hosts</selected_identity_store>

<authentication_identity_store>Internal Hosts</authentication_identity_store>

<identity_policy_matched_rule>Default</identity_policy_matched_rule>

<nas_port_type>Ethernet</nas_port_type>

<selected_azn_profiles>CWA</selected_azn_profiles>

<other_attributes>

ConfigVersionId=44,DestinationIPAddress=10.203.107.162,DestinationPort=1812,Protocol=Radius,Framed-MTU=1500,EAP-Key-Name=,CPMSessionID=0ACB6BA1000000351BBFBF8B,CPMSessionID=0ACB6BA1000000351BBFBF8B,EndPointMACAddress=00-14-BF-5A-0C-03,HostIdentityGroup=Endpoint Identity Groups:Profiled,Device Type=Device Type#All Device Types,Location=Location#All Locations,Model Name=Unknown,Software Version=Unknown,Device IP Address=10.203.107.161,Called-Station-ID=04:FE:7F:7F:C0:8F

</other_attributes>

<response_time>77</response_time>

<acct_id>1291240762077386</acct_id>

<acct_acs_timestamp>2010-12-15T02:12:30.779Z</acct_acs_timestamp>

<acct_acsview_timestamp>2010-12-15T02:12:30.780Z</acct_acsview_timestamp>

<acct_session_id>00000038</acct_session_id>

<acct_status_type>Interim-Update</acct_status_type>

<acct_session_time>78</acct_session_time>

<acct_input_octets>13742</acct_input_octets>

<acct_output_octets>6277</acct_output_octets>

<acct_input_packets>108</acct_input_packets>

<acct_output_packets>66</acct_output_packets>

<acct_class>

CACS:0ACB6BA1000000351BBFBF8B:HAREESH-R6-1-PDP2/81148292/681

</acct_class>

<acct_delay_time>0</acct_delay_time>

<started xsi:type="xs:boolean">false</started>

<stopped xsi:type="xs:boolean">false</stopped>

</sessionParameters>

User Name Session Search

You can use the UserName API call to retrieve a specified user name from a current, active session. This API will list a variety of session-related information drawn from node database tables.

Usernames must conform to the same Cisco ISE password policy used for network usernames. The only invalid character for the Monitoring REST APIs is the backslash (\) character.
Cisco ISE Monitoring REST API doesn't work when username contains a domain. The workaround is to change the API method from GET to POST. For example:
curl -X POST -k \ -H 'Accept: application/xml' \ -H 'Content-Type: application/xml' \ -i 'https://ise31.securitydemo.net/admin/API/mnt/Session/UserName' \ --data 'employee1@demo.local'

UserName API Output Schema

This sample schema file is the output of the UserName API call for retrieving a specified user name from the current active sessions: