-
Notifications
You must be signed in to change notification settings - Fork 21
ANC configuration
This is Adaptive Network Control configuration service
| Name | Description | Example |
|---|---|---|
| restBaseUrl | https://ise-host1:8910/pxgrid/ise/config/anc | |
| wsPubsubService | com.cisco.ise.pubsub | |
| policyTopic | /topic/com.cisco.ise.config.anc.policy | |
| endpointTopic | /topic/com.cisco.ise.config.anc.endpoint | |
| statusTopic | /topic/com.cisco.ise.config.anc.status |
These are the set of APIs to manipulate ANC policies, which can be then applied to endpoints.
This is used to get policies.
An empty json structure must be sent as the request.
If no policy is found, policies will have an empty array.
{
}
{
"policies": [
array of policy object
]
}
If policy does not exist, HTTP status "204 No content" will be returned with empty body
{
"name": string (required)
}
{
policy object
}
This is no response body for this query. If policy is created, HTTP status "200" will be returned. If name is already used in an existing policy, HTTP status "409 Conflict" will be returned.
{
policy object
}
(empty)
This is no response body for this query. If policy is updated, HTTP status "200" will be returned. If policy does not exist, HTTP status "204 No content" will be returned.
{
policy object
}
(empty)
This is no response body for this query. If policy is deleted, HTTP status "200" will be returned. If policy does not exist, HTTP status "204 No content" will be returned.
{
"name": string (required)
}
(empty)
The Endpoint REST APIs provides the ability to assign policies to endpoints. The terms "apply/clear" are used. They do more than just "create/delete". They look up endpoints and trigger Radius Disconnect if active. Since Radius Disconnect involves remote calls and retries, the activity may take a while. Thus, "apply/clear" endpoint calls are asynchronous. When triggered, they return a status object with operation ID and status. One can either subscribe to statusTopic for updates of operation status. Or periodically query the operation with getOperationStatus.
Operation will always finish and set status to success or failure. If it takes too long, it will timeout and set status to failure. getOperationStatus can query operations for up to an hour. Older operation status are purged from the system.
This is used to get endpoints with policies applied
An empty json structure must be sent as the request.
If no endpoint policy is found, endpointPolicies will have an empty array.
{
}
{
"endpoints": [
array of endpoint object
]
}
If endpoint does not exist, HTTP status "204 No content" will be returned.
{
"policyName": string (required)
}
{
endpoint object
}
{
"policyName": string (required),
"ipAddress": string (required)
}
{
status object
}
{
"policyName": string (required),
"macAddress": string (required)
}
{
status object
}
{
"policyName": string (required),
"ipAddress": string (required)
}
{
status object
}
{
"policyName": string (required),
"macAddress": string (required)
}
{
status object
}
If operation does not exist, HTTP status "204 No content" will be returned.
{
"operationId": string (required)
}
{
status object
}
{
policy object
}
{
endpoint object
}
{
status object
}
"operation" type one of the following strings:
- CREATE
- UPDATE
- DELETE
| Name | Type | Description |
|---|---|---|
| name | string | |
| actions | array of action type |
| Name | Type | Description |
|---|---|---|
| policyName | string | |
| macAddress | string |
"action" type can be on of the following strings:
- QUARANTINE
- SHUT_DOWN
- PORT_BOUNCE
| Name | Type | Description |
|---|---|---|
| operationId | string | |
| status | string | RUNNING, SUCCESS or FAILURE |
| failureReason | string | The reason if it fails |