Basic pxGrid Session Notification Example¶
This sample registers and outputs messages received for Cisco Identity Services
Engine (ISE) session notifications via DXL and Cisco pxGrid.
Prerequisites¶
The samples configuration step has been completed (see Samples Configuration).
The DXL fabric to which the client will connect has been bridged to Cisco pxGrid.
The Python client has been authorized to receive
DXL Cisco pxGrid Notifications(see Authorize Client to Use Cisco pxGrid via DXL).Session Notificationsfrom pxGrid have been enabled (see Enable Cisco pxGrid Notifications for DXL).
Running¶
To run this sample execute the
sample/basic/basic_identity_session_notification_example.py script as
follows:
python sample/basic/basic_identity_session_notification_example.py
After the example starts up, the initial output should appear similar to the following:
Waiting for session events...
To generate a session notification, create a session for an endpoint on the Cisco Identity Services Engine (ISE) server. If you do not have access to an IEEE 802.1x environment, you can use the Cisco RADIUS Simulator (see the pxGrid ISE testing guide for more details).
For example, you could run the following RADIUS simulator commands in a separate terminal command window to startup a new session for a simulated endpoint:
java -cp RadiusSimulator.jar -DUSERNAME=iseuser -DPASSWORD=isepass -DFRAMED_IP_ADDRESS=192.168.1.1 -DFRAMED_IP_MASK=255.255.255.0 -DCALLING_STATION_ID=00:11:22:33:44:55 -DAUDIT_SESSION_ID=1234 RadiusAuthentication 192.168.1.2 java -cp RadiusSimulator.jar -DUSERNAME=iseuser -DPASSWORD=isepass -DFRAMED_IP_ADDRESS=192.168.1.1 -DFRAMED_IP_MASK=255.255.255.0 -DCALLING_STATION_ID=00:11:22:33:44:55 -DAUDIT_SESSION_ID=1234 RadiusAccountingStart 192.168.1.2
These commands would establish a session for the endpoint 192.168.1.1 on
the ISE server 192.168.1.2.
A message similar to the following should appear in the output of the notification example after the session has been started:
{ "IdentitySourceFirstPort": "0", "IdentitySourcePortEnd": "0", "IdentitySourcePortStart": "0", "MDMEndpoint": {}, "RADIUSAttrs": [ { "attrName": "Acct-Session-Id", "attrValue": "123" } ], "assessedPostureEvent": [ {} ], "attribute": [ { "name": "Authorization_Profiles", "type": "string", "value": "1234" } ], "endpointCheckResult": "none", "endpointProfile": "Microsoft-Device", "gid": "24703", "interface": { "deviceAttachPt": { "deviceMgmtIntfID": { "ipAddress": "192.168.1.1" } }, "ipIntfID": [ { "ipAddress": "192.168.1.1" } ], "macAddress": [ "00:11:22:33:44:55" ] }, "lastUpdateTime": "2017-09-21T22:43:38.006Z", "providers": [ "None" ], "state": "Started", "user": { "name": "root" } }
You could run the following RADIUS simulator command in a separate terminal command window to disconnect the simulated endpoint's session:
java -cp RadiusSimulator.jar -DUSERNAME=iseuser -DPASSWORD=isepass -DFRAMED_IP_ADDRESS=192.168.1.1 -DFRAMED_IP_MASK=255.255.255.0 -DCALLING_STATION_ID=00:11:22:33:44:55 -DAUDIT_SESSION_ID=1234 RadiusAccountingStop 192.168.1.2
A message similar to the following should appear in the output of the notification example after the session has been disconnected:
{ "IdentitySourceFirstPort": "0", "IdentitySourcePortEnd": "0", "IdentitySourcePortStart": "0", "MDMEndpoint": {}, "RADIUSAttrs": [ { "attrName": "Acct-Session-Id", "attrValue": "123" } ], "assessedPostureEvent": [ {} ], "attribute": [ { "name": "Authorization_Profiles", "type": "string", "value": "1234" } ], "endpointCheckResult": "none", "endpointProfile": "Microsoft-Device", "gid": "24703", "interface": { "deviceAttachPt": { "deviceMgmtIntfID": { "ipAddress": "192.168.1.1" } }, "ipIntfID": [ { "ipAddress": "192.168.1.1" } ], "macAddress": [ "00:11:22:33:44:55" ] }, "lastUpdateTime": "2017-09-21T22:43:44.833Z", "providers": [ "None" ], "state": "Disconnected", "user": { "name": "root" } }
Details¶
The majority of the sample code is shown below:
# Create the client with DxlClient(config) as dxl_client: # Connect to the fabric dxl_client.connect() logger.info("Connected to DXL fabric.") # Create client wrapper client = CiscoPxGridClient(dxl_client) class MyIdentitySessionCallback(IdentitySessionCallback): def on_session(self, session_dict): print("on_session\n" + MessageUtils.dict_to_json(session_dict, pretty_print=True)) # Attach callback for session events client.identity.add_session_callback(MyIdentitySessionCallback()) # Wait forever print("Waiting for session events...") while True: time.sleep(60)
Once a connection is established to the DXL fabric, a
dxlciscopxgridclient.client.CiscoPxGridClient instance is created which
will be used to communicate with Cisco pxGrid.
Next, the
dxlciscopxgridclient.client.IdentityClientCategory.add_session_callback()
method is invoked to register a callback for session event notifications.
When a session event occurs, the on_session method in the
MyIdentitySessionCallback class is invoked. The session_dict parameter
passed into the callback, a dictionary (dict) which contains the content of
the event notification, is displayed.