Cisco ISE scripts
Cisco ISE is one of my favorite products. Although I cannot call myself an expert on it, I have worked on numerous designs where network security and segmentation are based on ISE with excellent results.
More than a few times I have needed to document the inventory of nodes in a cluster, and the certificates in use at the various nodes.
For these purposes I wrote a couple of Python scripts that I share in this post.
ISE API
The Cisco ISE APIs require access via an authenticated and authorized account, the procedure to assign users to the correct group is described HERE .
The API documentation is HERE
Script setup
Before running the scripts, export your ISE IP and credentials:
export ise_ip=127.0.0.1
export ise_username=myUsername
export ise_password=myPassword
And install httpx :
pip install httpx
Get all cluster nodes
For the first script I use the Node API to collect information about all the nodes in the cluster.
It prints the list of nodes in the cluster including name, fqdn, roles and IP address.
python3 getisenodes.py
Get all cluster certificates
The second script runs trough all the nodes in the cluster and uses the certificate API to collect information about the certificate of each one.
The output format is
hostname!friendlyName!issuedTo!issuedBy!validFrom!expirationDate!usedBy!serialNumber
Command to run the script:
python3 getallisecerts.py
Wrap-up
Automating tasks through the use of scripts has been a passion of mine for as long as I can remember.
Since I began experimenting with Python in 2012 , I have had the opportunity to apply what I have learned in my work.
Writing code for me is an occasional activity, which stops me at the Expert Beginner stage, but nevertheless I see it as a creative activity that impacts the quality of my work in a positive way, so I think it is a good way to invest my time.
I hope that sharing my experiences can be a source of inspiration for those who have not yet embarked on this path.
Code is available in my Github account . The best way to contact me is via X .
Enjoy!
Links
Feedback
I’m always looking to improve and would love your feedback. If you spot any errors, have suggestions, or just want to share your thoughts, reach out to me directly on X.
Your input helps me make this blog better for everyone!
Support Ifconfig.it
If you enjoy the technical content I share and find it valuable, consider supporting the blog.