Session Directory

Overview

Session Directory provides real-time session lifecycle events: creation, updates, and deletion.

Service

com.cisco.ise.session

Topics

/topic/com.cisco.ise.session

Events

sessionCreated, sessionUpdated, sessionDeleted

Setup

# Load credentials
dsource d000 dev/network

# pxGrid configuration (requires certificates)
ISE_PXGRID_HOST="${ISE_PAN_IP}"
ISE_PXGRID_PORT="8910"

# Certificate paths (must be pre-configured)
PXGRID_CERT="${HOME}/.certs/pxgrid-client.pem"
PXGRID_KEY="${HOME}/.certs/pxgrid-client.key"
PXGRID_CA="${HOME}/.certs/ise-trust-chain.pem"
# Test pxGrid connection
netapi ise pxgrid test

Subscribe to Sessions (WebSocket)

# Subscribe to session topic (WebSocket)
# This is typically done programmatically, not via curl
# netapi handles WebSocket subscriptions internally

# Subscribe to session changes
netapi ise pxgrid subscribe --topic "session" --callback ./handle-session.sh

Query Active Sessions

curl
# Get all active sessions via pxGrid
# First, get the session service details
SERVICE=$(curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  "https://${ISE_PXGRID_HOST}:${ISE_PXGRID_PORT}/pxgrid/control/ServiceLookup" \
  -H "Content-Type: application/json" \
  -d '{"name": "com.cisco.ise.session"}')

# Extract node and secret
NODE_NAME=$(echo "$SERVICE" | jq -r '.services[0].nodeName')
REST_URL=$(echo "$SERVICE" | jq -r '.services[0].properties.restBaseUrl')

# Get access secret
SECRET=$(curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  "https://${ISE_PXGRID_HOST}:${ISE_PXGRID_PORT}/pxgrid/control/AccessSecret" \
  -H "Content-Type: application/json" \
  -d "{\"peerNodeName\": \"${NODE_NAME}\"}" | jq -r '.secret')

# Get sessions
curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  -u "${NODE_NAME}:${SECRET}" \
  "${REST_URL}/getSessions" \
  -H "Content-Type: application/json" \
  -d '{}'
netapi
# Get active sessions via pxGrid (netapi handles auth)
netapi ise pxgrid sessions

Query by MAC

curl
# Get session by MAC address
MAC="C8:5B:76:C6:59:62"

# (Assuming service lookup already done)
curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  -u "${NODE_NAME}:${SECRET}" \
  "${REST_URL}/getSessionByMacAddress" \
  -H "Content-Type: application/json" \
  -d "{\"macAddress\": \"${MAC}\"}"
netapi
# Get session by MAC (netapi)
netapi ise pxgrid session "C8:5B:76:C6:59:62"

Session Event Format

Session Created

{
  "type": "MESSAGE",
  "sequenceNumber": 1,
  "topic": "/topic/com.cisco.ise.session",
  "message": {
    "sessions": [{
      "state": "AUTHENTICATED",
      "callingStationId": "C8:5B:76:C6:59:62",
      "userName": "host/workstation.example.com",
      "ipAddresses": ["10.50.10.100"],
      "nasIpAddress": "10.50.1.10",
      "nasPortId": "GigabitEthernet1/0/5",
      "adUserResolvedIdentities": "DOMAIN\\user",
      "ctsSecurityGroup": "Linux_Workstations",
      "authorizationPolicyMatchedRule": "EAP-TLS Full Access",
      "selectedAuthorizationProfiles": ["Linux-EAP-TLS-Access"],
      "timestamp": "2026-02-24T10:30:00.000Z"
    }]
  }
}

Session Deleted

{
  "type": "MESSAGE",
  "topic": "/topic/com.cisco.ise.session",
  "message": {
    "sessions": [{
      "state": "TERMINATED",
      "callingStationId": "C8:5B:76:C6:59:62",
      "terminationReason": "User-Request",
      "timestamp": "2026-02-24T11:45:00.000Z"
    }]
  }
}

Session Fields

Field Description

state

AUTHENTICATED, STARTED, DISCONNECTED, TERMINATED

callingStationId

Endpoint MAC address

userName

Authenticated identity

ipAddresses

Array of assigned IPs

nasIpAddress

Network device IP

nasPortId

Switch port or AP

ctsSecurityGroup

Assigned TrustSec SGT

selectedAuthorizationProfiles

Applied authz profile(s)

authorizationPolicyMatchedRule

Matched authz rule name

timestamp

Event timestamp (ISO 8601)

ANC Policy Operations

curl
# Apply ANC policy via pxGrid
# Lookup ANC service
SERVICE=$(curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  "https://${ISE_PXGRID_HOST}:${ISE_PXGRID_PORT}/pxgrid/control/ServiceLookup" \
  -H "Content-Type: application/json" \
  -d '{"name": "com.cisco.ise.config.anc"}')

NODE_NAME=$(echo "$SERVICE" | jq -r '.services[0].nodeName')
REST_URL=$(echo "$SERVICE" | jq -r '.services[0].properties.restBaseUrl')

SECRET=$(curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  "https://${ISE_PXGRID_HOST}:${ISE_PXGRID_PORT}/pxgrid/control/AccessSecret" \
  -H "Content-Type: application/json" \
  -d "{\"peerNodeName\": \"${NODE_NAME}\"}" | jq -r '.secret')

# Apply policy
MAC="C8:5B:76:C6:59:62"
curl -sk --cert "${PXGRID_CERT}" --key "${PXGRID_KEY}" --cacert "${PXGRID_CA}" \
  -u "${NODE_NAME}:${SECRET}" \
  "${REST_URL}/applyEndpointByMacAddress" \
  -H "Content-Type: application/json" \
  -d "{\"macAddress\": \"${MAC}\", \"policyName\": \"Quarantine\"}"
netapi
# Apply ANC policy (netapi)
netapi ise pxgrid anc apply --mac "C8:5B:76:C6:59:62" --policy "Quarantine"

# Clear ANC policy
netapi ise pxgrid anc clear --mac "C8:5B:76:C6:59:62"

See Also