Security Group Subscribe

Verification

This test verifies the ability of the third party system to subscribe to the SecurityGroup topic via pxGrid.

Definition

The securitygroup_subscribe script exposes the Security Group Tags (SGT) configured in ISE through the TrustsecMetaDataCapability topic. Security Group Change Notifications will appear in the script session notifications when a security group is added, updated, or deleted.

Example

The securitygroup_subscribe script subscribes to changes in the ISE TrustSec Policies. In this example, a .cvs file containing security group tag information for jsmith is generated and created. This information will be populated with the Security Tag name, Value, and Description. This file will be uploaded to ISE. Once this file is uploaded, a SecurityGroupChange notification session notification appears in the running securitygroup_subscribe script on the Linux host. This occurs when the pxGrid client subscribes to the TrustsecMetaDataCapability.

  1. Run the securitygroup_subscribe script

./securitygroup_subscribe.sh -a 10.0.0.37 -u mac -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123

Results: Refer to the right hand panel.

Run securitygroup_subscribe script

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=10.0.0.37

username=mac

group=Session

description=null

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

12:12:22.902 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected
  1. Select Administration > pxGrid Services

Select Administration > pxGrid Services

  1. Select Work Centers > TrustSec > Components > Security Group List to add MAC_Group

Add MAC_Group

The security group change notification is reflected in the right hand panel.

./securitygroup_subscribe.sh -a 10.0.0.37 -u mac -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123

Security group change notification

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=10.0.0.37

username=mac

group=Session

description=null

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

12:12:22.902 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected

12:12:24.320 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected

Press <enter> to disconnect...SecurityGroupChangeNotification (changetype=MODIFY) SecurityGroup : id=af3c6ac0-315d-11e5-9b58-000c29878d1f, name=MAC_Group, desc=, tag=16