Query Authenticated Sessions by IP Address

The pxGrid client obtains the session information from the queried ip addresss. To view the available seession attributes, please visit: Session Directory Topic

Code Step-Through

The public class SessionQueryByIP calls ths private static void query class. This method calls SampleConfigObject and ip address of the endpoint we will query on. The Sample config object contains the pxGrid connection parameters such as the ISE pxGrid name hostname, identity filename keystore (.jks) filename and the truststore keystore (.jks)filename and we receive the new pxGrid control object. The pxGrid control configuration contains the pxGrid client account, service lookup, and access secret obtained from the ISE pxGrid node

Under //pxGrid ServiceLookup for session service, a service lookup is performed for the ISE node publishing the com.cisco.ise.session service. If there were more the (1) ISE node in the pxGrid, randomization would be performed to find the availble node. This of this is as load balancing to evenly distribute the load.

Under //User first service, we get WebSockets URL from "restBaseUrl" + "/getSessionByIpAddress"

Under //pxGrid AccessSecret for the node, we obtain the secret from the ISE pxGrid node and we apply the post data string to the IP address

SampleHelper.postObjectAndPrint obtains the ISE pxGrid node, access secret, WebSocket URL, and trust information from the Client Manager.

Main parses the SampleObject Parameters

Under //Account Activate we obtain the pxGridcontrol and wait 60 seconds for the pxGrid client account to be activated, the pxGrid controller version is received, we query the session for the ip address from query (config, ip)

JAVA Sample Code

package com.cisco.pxgrid.samples.ise;

import java.io.IOException;

import org.apache.commons.cli.ParseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.cisco.pxgrid.samples.ise.model.AccountState;
import com.cisco.pxgrid.samples.ise.model.Service;

/**
 * Demonstrates how to query session by IP from ISE Session Directory service
 */
public class SessionQueryByIP {
    private static Logger logger = LoggerFactory.getLogger(SessionQueryByIP.class);

    private static void query(SampleConfiguration config, String ip) throws IOException {
        PxgridControl pxgrid = new PxgridControl(config);
        
        // pxGrid ServiceLookup for session service
        Service[] services = pxgrid.serviceLookup("com.cisco.ise.session");
        if (services == null || services.length == 0) {
            System.out.println("Service unavailabe");
            return;
        }
        
        // Use first service
        Service service = services[0];
        String url = service.getProperties().get("restBaseUrl") + "/getSessionByIpAddress";
        logger.info("url={}", url);
        
        // pxGrid AccessSecret for the node
        String secret = pxgrid.getAccessSecret(service.getNodeName());
        
        String postData = "{\"ipAddress\":\"" + ip + "\"}";
        SampleHelper.postStringAndPrint(url, config.getNodeName(), secret, config.getSSLContext().getSocketFactory(), postData);
    }

    public static void main(String [] args) throws Exception {
        // Parse arguments
        SampleConfiguration config = new SampleConfiguration();
        try {
            config.parse(args);
        } catch (ParseException e) {
            config.printHelp("SessionQueryByIP");
            System.exit(1);
        }

        // AccountActivate
        PxgridControl pxgrid = new PxgridControl(config);
        while (pxgrid.accountActivate() != AccountState.ENABLED)
            Thread.sleep(60000);
        logger.info("pxGrid controller version={}", pxgrid.getControllerVersion());

        while (true) {
            String ip = SampleHelper.prompt("IP address (or <enter> to disconnect): ");
            if (ip == null)	break;
            query(config, ip);
        }
    }
}

Output

------ config ------
  hostname = ise24fc3.lab10.com
  hostname = 192.168.1.251
  nodename = mac07
  password = (not specified)
  description = (not specified)
  keystorefilename = /Applications/master_rest_samples/sw1.jks
  keystorepassword = Cisco123
  truststorefilename = /Applications/master_rest_samples/sw1root.jks
  truststorepassword = Cisco123
--------------------
18:33:41.259 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate request={}
18:33:44.936 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate response={"accountState":"ENABLED","version":"2.0.0.13"}
18:33:44.936 [main] INFO com.cisco.pxgrid.samples.ise.SessionQueryByIP - pxGrid controller version=2.0.0.13
IP address (or <enter> to disconnect): 
192.168.1.19
18:33:59.203 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup request={"name":"com.cisco.ise.session"}
18:33:59.241 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup response={"services":[{"name":"com.cisco.ise.session","nodeName":"ise-mnt-ise24fc3","properties":{"sessionTopic":"/topic/com.cisco.ise.session","groupTopic":"/topic/com.cisco.ise.session.group","wsPubsubService":"com.cisco.ise.pubsub","restBaseURL":"https://ise24fc3.lab10.com:8910/pxgrid/mnt/sd","restBaseUrl":"https://ise24fc3.lab10.com:8910/pxgrid/mnt/sd"}}]}
18:33:59.241 [main] INFO com.cisco.pxgrid.samples.ise.SessionQueryByIP - url=https://ise24fc3.lab10.com:8910/pxgrid/mnt/sd/getSessionByIpAddress
18:33:59.255 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret request={"peerNodeName":"ise-mnt-ise24fc3"}
18:33:59.449 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret response={"secret":"M9SEmg0iIhmCijzo"}
18:33:59.449 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - postData={"ipAddress":"192.168.1.19"}
18:33:59.934 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - Response status=200
Content: {"timestamp":"2018-08-26T15:55:25.22Z","state":"STARTED","userName":"pxgrid7","callingStationId":"00:0E:C6:8F:B4:9B","calledStationId":"50:3D:E5:C4:05:8A","auditSessionId":"0A000001000000630030871A","ipAddresses":["192.168.1.19"],"macAddress":"00:0E:C6:8F:B4:9B","nasIpAddress":"192.168.1.3","nasPortId":"GigabitEthernet1/0/10","nasPortType":"Ethernet","endpointProfile":"Unknown","endpointOperatingSystem":"Windows 10 Pro","adNormalizedUser":"pxgrid7","adUserDomainName":"lab10.com","adUserNetBiosName":"LAB10","adUserResolvedIdentities":"pxgrid7@lab10.com","adUserResolvedDns":"CN=pxgrid7,CN=Users,DC=lab10,DC=com","providers":["None"],"endpointCheckResult":"none","identitySourcePortStart":0,"identitySourcePortEnd":0,"identitySourcePortFirst":0,"isMachineAuthentication":"false","serviceType":"Framed","networkDeviceProfileName":"Cisco","radiusFlowType":"Wired802_1x","ssid":"50-3D-E5-C4-05-