An assistant extension for Cisco ISE to streamline common operational tasks.
This extension aims to improve on some of the slow operational tasks that commonly need to be performed in Cisco Identity Services Engine (ISE) deployment. The primary features include: moving endpoints to new identity groups, issuing changes of authorization (CoA) requests for active endpoints, and viewing session information in a local tab. These features are completed using the ISE REST ERS API and the Monitoring API. Commonly, when managing a Cisco ISE deployment, I found myself staring at lines of events in the RADIUS Live Logs. I'd see an endpoint authentication come along that simply needed to be added to a particular endpoint identity group in order to successfully authenticate. Unfortunately, actually doing that simple task was quite burdensome in the ISE web interface. You would need to copy the MAC address, go to the Endpoint database (or Context Visibility), filter by the MAC address, open the endpoint, click edit, check "Static Group Assignment" and select the group you wanted to put it in. Generally speaking, this took a couple of minutes per endpoint. You could get faster by keeping a couple tabs open, and getting a good rhythm, but it just isn't efficient. For the love of god, I just wanted to be able to right click on a MAC address and say "add to identity group XYZ"! Well, this extension does just that. You highlight a MAC address, right click to present a list of Endpoint Identity Groups, and select the one you want. It fires off some API calls and it's done! You get a nice little notification stating as much after it's done! You can even highlight any number of addresses at once and it will handle them in bulk using the same number of clicks! Any selected text that is highlighted that is not a MAC address (in any of the common formats) will be ignored. The ability to perform change of authorization (CoA) requests is now supported (as of v0.5.0). You can perform CoA with session rerun, port bounce, and port shutdown. You can do this for single or bulk MAC addresses. You can now view session information for active endpoints (as of v0.8). Please enjoy and let me know if this extension is a huge help for you or your team, or if I can add anything to it to help you out!
- (2019-08-03) Matias Ortiz: This tool is useful, thanks!!
- (2019-05-30) Billy Carter: I like this tool. I am able to quickly Whitelist MAC addresses.