NetBox plugin for Cisco ISE integration - endpoint tracking, NAD management, and session visibility

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sieteunoseis from gravatar.com sieteunoseis

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: sieteunoseis
  • Tags netbox , cisco , ise , identity-services-engine , radius , tacacs , nac , endpoint , plugin
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

NetBox Cisco ISE Plugin

NetBox Cisco ISE Plugin

A NetBox plugin that integrates Cisco Identity Services Engine (ISE) with NetBox, displaying endpoint details, network device (NAD) information, and active session data.

NetBox Version Python Version License CI PyPI

Features

Endpoint Integration

  • Endpoint Details Tab: Adds a "Cisco ISE" tab to Device detail pages for endpoints
  • MAC Address Lookup: Automatic lookup using device interface MAC addresses
  • Endpoint Profile: Shows profiled device type and identity group
  • Session Status: Displays active/inactive connection status

Network Access Device (NAD) Integration

  • NAD Details Tab: Shows ISE registration status for network devices
  • Authentication Settings: Displays RADIUS, TACACS+, and SNMP configuration
  • TrustSec Status: Shows device TrustSec enrollment
  • Device Groups: Lists assigned network device groups

Active Session Data

  • Real-time Session: Shows active 802.1X/MAB session details
  • Connection Info: NAS IP, port ID, VLAN assignment
  • Authorization: Selected authorization profile and SGT
  • Posture Status: Endpoint compliance posture state

General Features

  • Configurable Device Mappings: Control which devices show the tab and lookup method
  • API Caching: Reduces load on ISE with configurable cache timeout
  • Settings Page: View configuration and test ISE connection

Requirements

  • NetBox 4.0 or higher
  • Cisco ISE 2.x or higher with ERS API enabled
  • Python 3.10+

Installation

From PyPI (recommended)

pip install netbox-cisco-ise

From Source

git clone https://github.com/sieteunoseis/netbox-cisco-ise.git
cd netbox-cisco-ise
pip install -e .

Docker Installation

Add to your NetBox Docker requirements file:

# requirements-extra.txt
netbox-cisco-ise

Or for development:

# In docker-compose.override.yml, mount the plugin:
volumes:
  - /path/to/netbox-cisco-ise:/opt/netbox/netbox/netbox_cisco_ise

Configuration

Add the plugin to your NetBox configuration:

# configuration.py

PLUGINS = [
    'netbox_cisco_ise',
]

PLUGINS_CONFIG = {
    'netbox_cisco_ise': {
        # Required: ISE URL (ERS API)
        'ise_url': 'https://ise.example.com',

        # Required: ERS Admin credentials
        'ise_username': 'ersadmin',
        'ise_password': 'your-password',

        # Optional settings
        'timeout': 30,           # API timeout in seconds (default: 30)
        'cache_timeout': 60,     # Cache duration in seconds (default: 60)
        'verify_ssl': False,     # Verify SSL certificates (default: False)

        # Device mappings (REQUIRED) - Controls which devices show the Cisco ISE tab
        # Each mapping specifies:
        #   - manufacturer: Regex pattern to match device manufacturer (slug or name)
        #   - device_type: Optional regex pattern to match device type (slug or model)
        #   - lookup: How to find the device in ISE:
        #       "nad" - Network Access Device lookup by IP/hostname (for switches, routers, WLCs)
        #       "endpoint" - Endpoint lookup by MAC address (for wireless clients, badges)
        'device_mappings': [
            # All Cisco devices - lookup as NADs
            {'manufacturer': 'cisco', 'lookup': 'nad'},

            # Vocera badges - lookup by MAC address as endpoints
            {'manufacturer': 'vocera', 'lookup': 'endpoint'},

            # Example: Specific device type only
            # {'manufacturer': 'aruba', 'device_type': 'badge', 'lookup': 'endpoint'},
        ],
    }
}

ISE ERS API Setup

  1. Enable ERS API in ISE: Administration > System > Settings > ERS Settings
  2. Create an ERS Admin user or use existing admin credentials
  3. Ensure the user has "ERS Admin" or "ERS Operator" privileges

Required ISE Permissions

Permission Used For
ERS Read Endpoint and NAD queries
Monitoring API Active session lookups

Usage

Once installed and configured:

  1. Navigate to any Device in NetBox that matches your device_mappings
  2. Click the Cisco ISE tab
  3. View real-time endpoint or NAD details from ISE

Lookup Methods

Lookup Data Source Used For
nad IP address or hostname Switches, routers, WLCs, APs
endpoint Interface MAC address Wireless clients, badges, phones

What's Displayed

For Endpoints (lookup: endpoint)

Field Description
MAC Address Endpoint MAC from ISE
Profile Profiled endpoint type
Identity Group Assigned identity group
Session Status Connected/Disconnected
NAS IP Authenticator IP address
Port Switch port or AP name
VLAN Assigned VLAN
Authorization Applied authorization profile

For NADs (lookup: nad)

Field Description
Name Device name in ISE
IP Addresses Registered management IPs
Profile NAD profile name
Device Groups Location, type, IPSEC groups
RADIUS Shared secret configured
TACACS+ TACACS+ settings
TrustSec SGT enrollment status

Troubleshooting

Endpoint not found

  • Verify the device has an interface with a MAC address
  • Check that the MAC format matches ISE (XX:XX:XX:XX:XX:XX)
  • Confirm the endpoint exists in ISE endpoint database

NAD not found

  • Verify the device has a primary IP or hostname in NetBox
  • Check that the device is registered as a NAD in ISE
  • Try both IP and hostname lookups

Connection errors

  • Verify ise_url is accessible from NetBox
  • Confirm ERS API is enabled on ISE
  • For self-signed certificates, set verify_ssl: False

Authentication errors

  • Verify the ERS Admin credentials
  • Check user has ERS Admin or ERS Operator role

Development

Setup

git clone https://github.com/sieteunoseis/netbox-cisco-ise.git
cd netbox-cisco-ise
pip install -e ".[dev]"

Code Style

black netbox_cisco_ise/
isort netbox_cisco_ise/
flake8 netbox_cisco_ise/

API Reference

This plugin uses two ISE APIs:

  • ERS API (/ers/config/*): Configuration data - endpoints, NADs, profiles
  • Monitoring API (/admin/API/mnt/*): Real-time session data

Changelog

See CHANGELOG.md for release history.

License

Apache License 2.0 - See LICENSE for details.

Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request

Support

If you find this plugin helpful, consider supporting development:

Buy Me A Coffee

Related Projects

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sieteunoseis from gravatar.com sieteunoseis

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: sieteunoseis
  • Tags netbox , cisco , ise , identity-services-engine , radius , tacacs , nac , endpoint , plugin
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.1.11

This version

0.1.10

0.1.9

0.1.8

0.1.7

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netbox_cisco_ise-0.1.10.tar.gz (27.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netbox_cisco_ise-0.1.10-py3-none-any.whl (32.8 kB view details)

Uploaded Python 3

File details

Details for the file netbox_cisco_ise-0.1.10.tar.gz.

File metadata

  • Download URL: netbox_cisco_ise-0.1.10.tar.gz
  • Upload date:
  • Size: 27.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for netbox_cisco_ise-0.1.10.tar.gz
Algorithm Hash digest
SHA256 1e193f17546aa73a1270473c5707f2e495f78612a0bc5ba2c27f25cace48359f
MD5 e07a5b5c53897e20806969944752dfce
BLAKE2b-256 66ee1c4d33c35f60ecd5ddf8880fcb1daf84810ca958ec3a8cf47549ce6fd5ca

See more details on using hashes here.

Provenance

The following attestation bundles were made for netbox_cisco_ise-0.1.10.tar.gz:

Publisher: release.yml on sieteunoseis/netbox-cisco-ise

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file netbox_cisco_ise-0.1.10-py3-none-any.whl.

File metadata

File hashes

Hashes for netbox_cisco_ise-0.1.10-py3-none-any.whl
Algorithm Hash digest
SHA256 035788fa6dc096591ab209e7c5f7f3cbca2b7e11cae3bf63cef91fd3087bedc8
MD5 3986d70ff8453b08487f75f3543c0022
BLAKE2b-256 3f6eebabecec5d85821415f7abef050ad17774f6c4efe9f21f47b72941073882

See more details on using hashes here.

Provenance

The following attestation bundles were made for netbox_cisco_ise-0.1.10-py3-none-any.whl:

Publisher: release.yml on sieteunoseis/netbox-cisco-ise

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page