Sessions API

Overview

Query active RADIUS sessions, get session details, and monitor authentication state.

Base URL

/admin/API/mnt/Session

Methods

GET

Format

XML

Setup

# Load credentials from dsec
dsource d000 dev/network

# MnT API configuration (FQDN preferred, IP fallback)
ISE_MNT="${ISE_MNT_FQDN:-${ISE_PAN_FQDN:-$ISE_PAN_IP}}"

# Compose auth string for curl (not a dsec variable)
ISE_AUTH="${ISE_API_USER}:${ISE_API_PASS}"

BASE_URL="https://${ISE_MNT}/admin/API/mnt"

Session Count

curl
# Get active session count (curl)
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Session/ActiveCount" \
  -H "Accept: application/xml"
netapi
# Get active session count (netapi)
netapi ise mnt count

List Active Sessions

curl
# Get active sessions list (curl - XML response)
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Session/ActiveList" \
  -H "Accept: application/xml"
netapi
# Get active sessions (netapi - table format)
netapi ise mnt sessions

Get Session by MAC

curl
# Get session by MAC address (curl)
MAC="C8:5B:76:C6:59:62"
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Session/MACAddress/${MAC}" \
  -H "Accept: application/xml"
netapi
# Get session by MAC (netapi)
netapi ise mnt session "C8:5B:76:C6:59:62"

Get Session by IP

curl
# Get session by IP address (curl)
IP="10.50.10.100"
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Session/EndPointIPAddress/${IP}" \
  -H "Accept: application/xml"

Get Sessions by Username

curl
# Get sessions by username (curl)
USERNAME="jsmith"
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Session/UserName/${USERNAME}" \
  -H "Accept: application/xml"

Get Sessions by NAS

# Get all sessions from specific NAS (switch/WLC)
NAS_IP="10.50.1.10"
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Session/ActiveList" \
  -H "Accept: application/xml" | \
  grep -A20 "<nas_ip_address>${NAS_IP}</nas_ip_address>"

Auth Status

curl
# Get authentication status for MAC (curl)
MAC="C8:5B:76:C6:59:62"
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/AuthStatus/MACAddress/${MAC}" \
  -H "Accept: application/xml"
netapi
# Get authentication status (netapi)
netapi ise mnt auth-status "C8:5B:76:C6:59:62"

Failure Reasons

curl
# Get failure reasons (curl)
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/FailureReasons" \
  -H "Accept: application/xml"
netapi
# Get failure reasons (netapi)
netapi ise mnt failure-reasons

Session Fields

Key fields in session response:

Field Description

calling_station_id

Endpoint MAC address

user_name

Authenticated identity

nas_ip_address

Network device IP

nas_port_id

Switch port or AP

framed_ip_address

Assigned endpoint IP

security_group

TrustSec SGT (if assigned)

audit_session_id

Unique session identifier

acct_session_id

RADIUS accounting session ID

auth_method

EAP-TLS, PEAP, MAB, etc.

policy_set_name

Matched policy set

authorization_profile

Applied authz profile

API Version

curl
# Get MnT API version (curl)
curl -sk -u "${ISE_AUTH}" \
  "${BASE_URL}/Version" \
  -H "Accept: application/xml"
netapi
# Get MnT API version (netapi)
netapi ise mnt version

Troubleshooting

No Sessions Returned

  • Verify MnT node is correct (ISE_MNT_IP)

  • Check endpoint is actually connected

  • Session may have aged out

Slow Response

  • Large deployments: use filters

  • Consider DataConnect for historical queries

See Also