Basic Apply ANC Endpoint Policy by IP Address Example¶
This sample applies a Cisco Adaptive Network Control (ANC) policy to an endpoint via DXL and Cisco pxGrid. The sample identifies the endpoint by its IP address.
Prerequisites¶
The samples configuration step has been completed (see Samples Configuration).
The DXL fabric to which the client will connect has been bridged to Cisco pxGrid.
The Python client has been authorized to perform
DXL Cisco pxGrid Queries(see Authorize Client to Use Cisco pxGrid via DXL).A session has been established with the Cisco Identity Services Engine (ISE) server for an endpoint. The endpoint's IP address will be used when running this example. For an example on creating a simulated session for testing, see the Cisco RADIUS Simulator command examples in Basic pxGrid Session Notification Example.
An ANC policy named
quarantine_policyhas been configured. The policy could be created by logging into the ISE web interface and performing the following steps:- Navigate to Operations → Adaptive Network Control → Policy List.
- On the List screen, click on the Add button.
- On the List → New screen, enter
quarantine_policyin the name field, selectQUARANTINEin the Action field, and press the Submit button.
Configuration¶
Update the following line in the sample:
HOST_IP = "<SPECIFY_IP_ADDRESS>"
To specify the IP address of an endpoint for which to apply the
quarantine_policy. For example:
HOST_IP = "192.168.1.1"
Running¶
To run this sample execute the
sample/basic/basic_anc_apply_endpoint_policy_by_ip_example.py script as
follows:
python sample/basic/basic_anc_apply_endpoint_policy_by_ip_example.py
If the policy can be applied successfully, the output should appear similar to the following:
{ "ancStatus": "success" }
The received results are displayed.
If the quarantine_policy has already been associated with the endpoint
before the example is run, an Exception should be raised and output similar
to the following should appear:
Error: mac address is already associated with this policy error associated with ip 192.168.1.1 (0)
If the quarantine_policy has not been defined before the example is run, an
Exception should be raised and output similar to the following should
appear:
Error: Policy is not configured error associated with ip 192.168.1.1 (0)
If no session has been established for an endpoint which corresponds to the IP
address, an Exception should be raised and output similar to the following
should appear:
Error: Session lookup failure error associated with ip 192.168.1.1 (0)
Details¶
The majority of the sample code is shown below:
# IP address of the endpoint for which to apply the policy HOST_IP = "<SPECIFY_IP_ADDRESS>" # Create the client with DxlClient(config) as dxl_client: # Connect to the fabric dxl_client.connect() logger.info("Connected to DXL fabric.") # Create client wrapper client = CiscoPxGridClient(dxl_client) try: # Invoke 'apply endpoint policy by IP' method on service resp_dict = client.anc.apply_endpoint_policy_by_ip(HOST_IP, "quarantine_policy") # Print out the response (convert dictionary to JSON for pretty # printing) print("Response:\n{0}".format( MessageUtils.dict_to_json(resp_dict, pretty_print=True))) except Exception as ex: # An exception should be raised if the 'quarantine_policy' has already # been applied to the endpoint, the 'quarantine_policy' has not been # created, or if no session has been established for the endpoint. print(str(ex))
Once a connection is established to the DXL fabric, a
dxlciscopxgridclient.client.CiscoPxGridClient instance is created which
will be used to communicate with Cisco pxGrid.
Next, the dxlciscopxgridclient.client.AncClientCategory.apply_endpoint_policy_by_ip()
method is invoked with the IP address of the endpoint for which to apply the
quarantine_policy.
The final step is to display the contents of the returned dictionary (dict)
which contains the results of the attempt to apply the quarantine_policy
to the endpoint.