ISE MnT API
Monitoring and Troubleshooting API. Query active sessions and issue Change of Authorization (CoA) requests.
Overview
Base URL |
|
Auth |
Basic Auth |
Format |
XML (default) or JSON |
Target |
MnT node (not PAN) |
Key Endpoints
| Path | Purpose |
|---|---|
|
All active sessions |
|
Session by MAC |
|
Sessions by username |
|
Re-authenticate endpoint |
|
Disconnect endpoint |
Examples
Active Sessions
# netapi
netapi ise mnt sessions
# curl (returns XML by default)
curl -ks -u "$ISE_USER:$ISE_PASS" \
"https://$ISE_HOST/admin/API/mnt/Session/ActiveList"
# curl with JSON
curl -ks -u "$ISE_USER:$ISE_PASS" \
-H "Accept: application/json" \
"https://$ISE_HOST/admin/API/mnt/Session/ActiveList" | jqSession by MAC
# netapi
netapi ise mnt sessions --mac 14:F6:D8:7B:31:80
# curl
curl -ks -u "$ISE_USER:$ISE_PASS" \
-H "Accept: application/json" \
"https://$ISE_HOST/admin/API/mnt/Session/MACAddress/14:F6:D8:7B:31:80" | jqCoA Reauth
# netapi
netapi ise mnt coa 14:F6:D8:7B:31:80
# curl - requires PSN hostname, MAC, and reauth type
# Type: 0 = REAUTH_TYPE_DEFAULT, 1 = REAUTH_TYPE_LAST, 2 = REAUTH_TYPE_RERUN
curl -ks -u "$ISE_USER:$ISE_PASS" \
-X PUT \
"https://$ISE_HOST/admin/API/mnt/CoA/Reauth/ise-01.inside.domusdigitalis.dev/14:F6:D8:7B:31:80/2"CoA Disconnect
# Port bounce type: 0 = default, 1 = port_bounce, 2 = port_shutdown
curl -ks -u "$ISE_USER:$ISE_PASS" \
-X PUT \
"https://$ISE_HOST/admin/API/mnt/CoA/Disconnect/ise-01.inside.domusdigitalis.dev/14:F6:D8:7B:31:80/1"netapi Commands
# Active sessions
netapi ise mnt sessions
# Filter by MAC
netapi ise mnt sessions --mac 14:F6:D8:7B:31:80
# CoA
netapi ise coa reauth --mac 14:F6:D8:7B:31:80
netapi ise coa disconnect --mac 14:F6:D8:7B:31:80Environment Setup
dsource d000 dev/network
export ISE_HOST="ise-01.inside.domusdigitalis.dev"
export ISE_MNT_HOST="ise-01.inside.domusdigitalis.dev" # Same in single-node deploymentLearnings
|
MnT Gotchas
|