Testing Scripts Using RADIUS Simulator

Multigroupclient

Verification

This test verifies that the 3rd party system can register, for example authenticate and be authorized, on the pxGrid to multiple client groups such as Session and ANC.

Definition

pxGrid client registration connects and registers the 3rd party application, security devices, or, in this case, the Linux host to the pxGrid controller to an authorized Session or ANC group. Additional groups, such as Admin and Basic are available. However, Admin groups are reserved for ISE and Basic groups, which require pxGrid administration approval, will not be used in any of the registration pxGrid examples.

All registered pxGrid clients can be viewed in the ISE pxGrid services view under Administration.

pxGrid clients can be publishers or subscribers of information as will be illustrated with Dynamic Topics. ISE will not be able to consume information; sharing of context will occur between registered clients. Once the pxGrid client has successfully registered to the authorized group, the client can then obtain the relevant session information or queries as determined by the pxGrid sample scripts.

Note: The pxGrid client will subscribe to the SessionDirectory, EndpointProtectionService, and TrustSecMedata capabilities in these examples.

Example

In this example, the Linux host is registered as a pxGrid client to the session group to the pxGrid controller. The Linux host, SIM0, is the username of the pxGrid client. We will also view the registered pxGrid client in ISE.

1. Run the multigroupclient script

Run the multigroupclient script

./multigroupclient.sh -a 192.168.1.23 -u SIM01 -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123

Results

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=192.168.1.23

username=SIM01

group=Session,ANC,

description=null

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

10:33:58.911 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected

10:34:03.470 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected

Create ANC Policy: ANC1438526035992 Result - com.cisco.pxgrid.model.anc.ANCResult@612fc6eb[

ancStatus=SUCCESS

ancFailure=<null>

failureDescription=<null>

ancEndpoints=<null>

ancpolicies=<null>

]

Session 1.1.1.2 not found

Connection closed

10:34:04.385 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Stopped

multigroupclient Usage

./multigroupclient.sh [options]

If not specified, it defaults to use clientSample1.jks and rootSample.jks.
Specifying values here can override the defaults.

A custom config file can fill or override parameters using -c <config_filename>

Config files are being sourced. Use the following variables:

• PXGRID_HOSTNAMES
• PXGRID_USERNAME
• PXGRID_GROUP
• PXGRID_DESCRIPTION
• PXGRID_KEYSTORE_FILENAME
• PXGRID_KEYSTORE_PASSWORD
• PXGRID_TRUSTSTORE_FILENAME
• PXGRID_TRUSTSTORE_PASSWORD

Results

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=10.0.0.37

username=mac

group=Session,ANC,Session

description=pxGrid

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

09:35:31.772 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected

09:35:35.769 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected

Create ANC Policy: ANC1437658531354 Result - com.cisco.pxgrid.model.anc.ANCResult@612fc6eb[

ancStatus=SUCCESS

ancFailure=<null>

failureDescription=<null>

ancEndpoints=<null>

ancpolicies=<null>

]

Session 1.1.1.2 not found

Connection closed

2. Select Administration>pxGrid Services

• Registers pxGrid client sim01 to Session client group.
• By default ANC is added, which is required for pxGrid Adaptive Network Control (ANC) mitigation actions.