Skip to content

ANC configuration

Jump to bottom
Alan Lei edited this page Sep 7, 2017 · 21 revisions

Service: com.cisco.ise.config.anc

This is Adaptive Network Control configuration service. This is available in ISE 2.4

Service properties

Name Description Example
restBaseUrl https://ise-host1:8910/pxgrid/ise/config/anc
wsPubsubService com.cisco.ise.pubsub
statusTopic /topic/com.cisco.ise.config.anc.status

Policy REST APIs

These are the set of APIs to manipulate ANC policies, which can be then applied to endpoints.

POST [restBaseUrl]/getPolicies

This is used to get policies.

An empty json structure must be sent as the request. If no policy is found, policies will have an empty array.

Request
{
}
Reponse
{
  "policies": [
    array of policy object      
  ]
}

POST [restBaseUrl]/getPolicyByName

If policy does not exist, HTTP status "204 No content" will be returned with empty body

Request
{
  "name": string (required)
}
Reponse
{
  policy object
}

POST [restBaseUrl]/createPolicy

There is no need to set the "id" field for the request policy object. After successful creation, the "id" field will be populated in the returned policy object

If the policy name is already used in an existing policy, HTTP status "409 Conflict" will be returned.

Request
{
  policy object
}
Reponse
{
  policy object
}

POST [restBaseUrl]/updatePolicy

Request
{
  policy object
}
Reponse
{
  policy object
}

POST [restBaseUrl]/deletePolicyById

This is no response body for this query. If policy is deleted, HTTP status "200" will be returned. If policy does not exist, HTTP status "204 No content" will be returned.

Request
{
  "id": string (required)
}
Reponse
(empty)

Endpoint REST APIs

The Endpoint REST APIs provides the ability to assign policies to endpoints. The terms "apply/clear" are used. They do more than just "create/delete". They look up endpoints and trigger Radius Disconnect if active. Since Radius Disconnect involves remote calls and retries, the activity may take a while. Thus, "apply/clear" endpoint calls are asynchronous. When triggered, they return a status object with operation ID and status. One can either subscribe to statusTopic for updates of operation status. Or periodically query the operation with getOperationStatus.

Operation will always finish and set status to success or failure. If it takes too long, it will timeout and set status to failure. getOperationStatus can query operations for up to an hour. Older operation status are purged from the system.

POST [restBaseUrl]/getEndpoints

This is used to get endpoints with policies applied

An empty json structure must be sent as the request. If no endpoint policy is found, endpointPolicies will have an empty array.

Request
{
}
Reponse
{
  "endpoints": [
    array of endpoint object      
  ]
}

POST [restBaseUrl]/getEndpointByMacAddress

If endpoint does not exist, HTTP status "204 No content" will be returned.

Request
{
  "macAddress": string (required)
}
Reponse
{
  endpoint object
}

POST [restBaseUrl]/applyEndpointByIpAddress

Apply a policy to the endpoint using IP Address

Request
{
  "policyName": string (required),
  "ipAddress": string (required)
}
Reponse
{
  status object
}

POST [restBaseUrl]/applyEndpointByMacAddress

Apply a policy to the endpoint using MAC Address

Request
{
  "policyName": string (required),
  "macAddress": string (required)
}
Reponse
{
  status object
}

POST [restBaseUrl]/clearEndpointByIpAddress

Request
{
  "policyName": string (required),
  "ipAddress": string (required)
}
Reponse
{
  status object
}

POST [restBaseUrl]/clearEndpointByMacAddress

Request
{
  "policyName": string (required),
  "macAddress": string (required)
}
Reponse
{
  status object
}

POST [restBaseUrl]/getOperationStatus

If operation does not exist, HTTP status "204 No content" will be returned.

Request
{
  "operationId": string (required)
}
Reponse
{
  status object
}

WS STOMP messaging

policyTopic

{
  policy object
}

endpointTopic

{
  endpoint object
}

statusTopic

{
  status object
}

Objects

"operation" type

"operation" type one of the following strings:

  • CREATE
  • UPDATE
  • DELETE

"policy" object

Name Type Description ISE version
id string 2.4
name string 2.4
actions array of action type 2.4

"endpoint" object

Name Type Description ISE version
id string 2.4
policyName string 2.4
macAddress string 2.4

"action" type

"action" type can be on of the following strings:

  • QUARANTINE
  • SHUT_DOWN
  • PORT_BOUNCE

"status" object

Name Type Description ISE version
operationId string 2.4
status string RUNNING, SUCCESS or FAILURE 2.4
failureReason string The reason if it fails 2.4
Samples
"policy" object
{
  "id":"5caf94c4-1bf9-493c-8505-89cd0e36fbda",
  "name":"p2",
  "actions":["QUARANTINE"]
}

"status" object
{
  "operationId":"pxgrid-001.cisco.com:2",
  "status":"SUCCESS"
}

endpoints array
{
	"endpoints": [{
		"id": "0d1f7169-108a-44da-b407-5db1da722f6a",
		"policyName": "p2",
		"macAddress": "33:33:33:33:33:33"
	}, {
		"id": "2c46003d-a22f-4fee-8975-d93945a6552a",
		"policyName": "p1",
		"macAddress": "00:11:22:33:44:55"
	}]
}
Clone this wiki locally