Security Group Subscribe

Verification

This test verifies the ability of the third party system to subscribe to the SecurityGroup topic via pxGrid.

Definition

The security group subscribe script exposes the Security Group Tags (SGT) configured in ISE through the TrustsecMetaDataCapability topic. Security Group Change Notifications will appear in the script session notifications when a security group is added, updated, or deleted.

Example

The securitygroup subscribe script subscribes to changes in the ISE TrustSec Policies. For this example, add a Security Group Tag in ISE. Since the pxGrid client has subscribed to the TrutSecMetadataCapability Topic, a notification will be received.

  1. Run the security_subscribe script.

Run the security_subscribe script

./securitygroup_subscribe.sh -a 192.168.1.23 -u SIM01 -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123

Results 

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=192.168.1.23

username=SIM01

group=Session

description=null

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

13:07:12.322 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected

13:07:13.613 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected

Press <enter> to disconnect.
  1. Select Administration>pxGrid Services

sim01 is registered to the TrustsecMetadata capability.

Select Administration>pxGrid Services

  1. Select Work Centers>TrustSec>Components>Security Groups>New Security Group>SMC01

Select Administration>pxGrid Service

  1. The security group tag notification displays.

Security group tag notification displays 

./securitygroup_subscribe.sh -a 192.168.1.23 -u SIM01 -k alpha.jks -p cisco123

Results 

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=192.168.1.23

username=SIM01

group=Session

description=null

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

13:07:12.322 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected

13:07:13.613 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected

Press <enter> to disconnect...SecurityGroupChangeNotification (changetype=ADD) SecurityGroup : id=994e2140-3941-11e5-ac86-000c297fb12a, name=SIM01, desc=, tag=19