pxGrid 2.0 Sample Scripts
This section outlines:
- How to undertake unit testing for use by your development organization
- The test cases that are used for verification testing of your solution with Cisco.
The pxGrid sample scripts provide a good reference of available session information and available queries through pxGrid. Developers can modify these scripts to provide or query relevant session information.
Note: There are 2 sets of test suites within this section based on:
- Using the RADIUS Simulator from the pxGrid SDK
- Using an ISE deployment with 802.1X configured
To test full ISE integration functionality, including utilizing endpoint profiling used for identifying endpoint type (for example, mobile devices, printers, and laptops) or the security posture of devices (for example, up-to-date anti-malware installed), use the 802.1X test suite outlined later in this document.
If your use cases only require simple IP-to-MAC-to-User association solely for associating users with IP addresses in your system, RADIUS Simulator testing can be used.
For testing against the 802.1X suite, a superset of tests is used compared to using the RADIUS Simulator. Therefore, it is not necessary to also complete the RADIUS Simulator based test suite.
Below is a brief description of the sample test scripts.
| Test Script | Description |
|---|---|
| Multigroup ClientNote: Replaces register.sh in pxGrid 1.3/1.4. register.sh is upward compatible with ISE 2.0. | Connects and registers a pxGrid client to the multiple Client Groups |
| Capability | Lists all the capabilities or published topics supported by the pxGrid instance to which the pxGrid client will subscribe |
| EPS_Quarantine | Executes legacy Endpoint Protection Service (EPS)/Adaptive Network Control (ISE 1.3/1.4 quarantine action on ISE for a given IP address)Note: Registered pxGrid clients will register to the EPS client group and subscribe to the Endpoint Protection Service Capability |
| EPS_Unquarantine | Executes legacy Endpoint Protection Service (EPS)/Adaptive Network Control (ISE 13/1.4 unquarantine action on ISE for a given MAC address) |
| Identity_Group_Download | Downloads user and identity groups associated with active sessions in ISE |
| Session_Download | Downloads all bulk session records or active sessions from ISE |
| Session_Query_By_IP | Retrieve all active sessions from ISE based on an IP address |
| Session_Subscribe | Subscribe to changed in the session state |
| EndpointProfile_Query | Retrieves all endpoint profiles (profiling policies) configured in ISE |
| EndpointSecurityGroup_Query | Retrieves all TrustSec Security Groups configured in ISE |
| SecurtiyGroup_Subscribe | Subscribe to changes in the TrustSec security groups configured in ISE |
| ANCaction_query | Provides customized pxGrid ANC mitigation actions: quarantine, remediation, provisioning, port shut down, port bounce |