As an Amazon Associate I earn from qualifying purchases from

Cisco ISE APIs and Programmability

I spent the primary few years of my networking profession avoiding scripting.  Although I had studied programming in faculty, I appreciated getting my fingers soiled with CLI and didn’t see the necessity to make life sophisticated by messing with code.  Then, after I got here again to Cisco in 2015, I used to be assigned to work on programmability and I used to be pressured to find out about APIs, Python, Ansible, and a bunch of different instruments that community engineers typically keep away from.  I found that whereas community and safety engineers don’t must be coders, a strong understanding of scripting and automation is a necessity for us nowadays.

Cisco Id Providers Engine has supported APIs because the 1.x days.  I just lately sat down with Thomas Howard, a technical advertising and marketing engineer centered on ISE, to debate the capabilities of ISE APIs, and the way he makes use of them in at the moment’s cloud-centric world.  Our dialog is part of my Espresso with TMEs YouTube collection.

Cisco engineers Jeff McLaughlin and Thomas Howard discuss Identity Services Engine (ISE) in the cloud and APIs.
Determine 1. Cisco engineers Jeff McLaughlin and Thomas Howard talk about Id Providers Engine (ISE) within the cloud and APIs.

ISE has an API set known as ERS, which stands for “Extensible RESTful Providers”.  ERS APIs help you script among the widespread capabilities of the ISE GUI;  for instance, configuring community units, customers, and machine teams.  I personally as soon as used the ERS APIs in a Python script to learn the entire configured SGTs (scalable group tags) from ISE.  ERS APIs have been with ISE for years, and are well-known and nicely documented.

Fashionable ISE deployments pose new challenges that require further automation.  For instance, ISE can presently be deployed in AWS.  With ISE 3.2 (due for launch quickly), ISE may be deployed in Azure, GCP, and Oracle clouds as nicely.  Mentioning an ISE deployment within the cloud requires provisioning the VM, doing the preliminary setup of ISE, and connecting again to the on-prem atmosphere.  In some circumstances, this would possibly require interacting with a number of platforms and API programs!  In Thomas’ instance, he wanted to provision his AWS VPC, deliver up a digital Meraki MX for VPN connectivity, provision the VPN, talk with the Meraki dashboard, and deploy his ISE occasion.

When you’re afraid of studying Python, making direct REST API calls to a number of programs, and coping with completely different API codecs, Thomas says you may loosen up.  Ansible is a good provisioning resolution that lets you outline the entire parameters for the completely different programs in an easy-to-read YAML format.  The Ansible modules will do the heavy lifting of calling the APIs appropriately.  You may nonetheless study Python if you have to enhance efficiency or parse operational information obtained from APIs, however for a lot of, a software like Ansible shall be sufficient.

If you wish to make the leap into programmability and APIs, Cisco has many instruments to supply.  For ISE, I like to recommend holding tabs on our YouTube channel, which has tons of content material on this and different ISE-related topics.  For common programmability, Cisco DevNet has sources from examples and pattern code to Studying Labs with sandboxes the place you may experiment.  As at all times, the Cisco Stay library has quite a lot of nice shows.

Glad scripting!


We will be happy to hear your thoughts

Leave a reply

Enable registration in settings - general
Compare items
  • Total (0)
Shopping cart