NetBox plugin for Cisco ISE integration - endpoint tracking, NAD management, and session visibility

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sieteunoseis from gravatar.com sieteunoseis

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: sieteunoseis
  • Tags netbox , cisco , ise , identity-services-engine , radius , tacacs , nac , endpoint , plugin
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

NetBox Cisco ISE Plugin

NetBox Cisco ISE Plugin

A NetBox plugin that integrates Cisco Identity Services Engine (ISE) with NetBox, displaying endpoint details, network device (NAD) information, and active session data.

NetBox Version Python Version License CI PyPI

Features

Endpoint Integration

  • Endpoint Details Tab: Adds a "Cisco ISE" tab to Device detail pages for endpoints
  • MAC Address Lookup: Automatic lookup using device interface MAC addresses
  • Endpoint Profile: Shows profiled device type and identity group
  • Session Status: Displays active/inactive connection status

Network Access Device (NAD) Integration

  • NAD Details Tab: Shows ISE registration status for network devices
  • Authentication Settings: Displays RADIUS, TACACS+, and SNMP configuration
  • TrustSec Status: Shows device TrustSec enrollment
  • Device Groups: Lists assigned network device groups

Active Session Data

  • Real-time Session: Shows active 802.1X/MAB session details
  • Connection Info: NAS IP, port ID, VLAN assignment
  • Authorization: Selected authorization profile and SGT
  • Posture Status: Endpoint compliance posture state

General Features

  • Configurable Device Mappings: Control which devices show the tab and lookup method
  • API Caching: Reduces load on ISE with configurable cache timeout
  • Settings Page: View configuration and test ISE connection

Requirements

  • NetBox 4.0 or higher
  • Cisco ISE 2.x or higher with ERS API enabled
  • Python 3.10+

Installation

From PyPI (recommended)

pip install netbox-cisco-ise

From Source

git clone https://github.com/sieteunoseis/netbox-cisco-ise.git
cd netbox-cisco-ise
pip install -e .

Docker Installation

Add to your NetBox Docker requirements file:

# requirements-extra.txt
netbox-cisco-ise

Or for development:

# In docker-compose.override.yml, mount the plugin:
volumes:
  - /path/to/netbox-cisco-ise:/opt/netbox/netbox/netbox_cisco_ise

Configuration

Add the plugin to your NetBox configuration:

# configuration.py

PLUGINS = [
    'netbox_cisco_ise',
]

PLUGINS_CONFIG = {
    'netbox_cisco_ise': {
        # Required: ISE URL (ERS API)
        'ise_url': 'https://ise.example.com',

        # Required: ERS Admin credentials
        'ise_username': 'ersadmin',
        'ise_password': 'your-password',

        # Optional settings
        'timeout': 30,           # API timeout in seconds (default: 30)
        'cache_timeout': 60,     # Cache duration in seconds (default: 60)
        'verify_ssl': False,     # Verify SSL certificates (default: False)

        # Device mappings (REQUIRED) - Controls which devices show the Cisco ISE tab
        # Each mapping specifies:
        #   - manufacturer: Regex pattern to match device manufacturer (slug or name)
        #   - device_type: Optional regex pattern to match device type (slug or model)
        #   - lookup: How to find the device in ISE:
        #       "nad" - Network Access Device lookup by IP/hostname (for switches, routers, WLCs)
        #       "endpoint" - Endpoint lookup by MAC address (for wireless clients, badges)
        'device_mappings': [
            # All Cisco devices - lookup as NADs
            {'manufacturer': 'cisco', 'lookup': 'nad'},

            # Vocera badges - lookup by MAC address as endpoints
            {'manufacturer': 'vocera', 'lookup': 'endpoint'},

            # Example: Specific device type only
            # {'manufacturer': 'aruba', 'device_type': 'badge', 'lookup': 'endpoint'},
        ],
    }
}

ISE ERS API Setup

  1. Enable ERS API in ISE: Administration > System > Settings > ERS Settings
  2. Create an ERS Admin user or use existing admin credentials
  3. Ensure the user has "ERS Admin" or "ERS Operator" privileges

Required ISE Permissions

Permission Used For
ERS Read Endpoint and NAD queries
Monitoring API Active session lookups

Usage

Once installed and configured:

  1. Navigate to any Device in NetBox that matches your device_mappings
  2. Click the Cisco ISE tab
  3. View real-time endpoint or NAD details from ISE

Lookup Methods

Lookup Data Source Used For
nad IP address or hostname Switches, routers, WLCs, APs
endpoint Interface MAC address Wireless clients, badges, phones

What's Displayed

For Endpoints (lookup: endpoint)

Field Description
MAC Address Endpoint MAC from ISE
Profile Profiled endpoint type
Identity Group Assigned identity group
Session Status Connected/Disconnected
NAS IP Authenticator IP address
Port Switch port or AP name
VLAN Assigned VLAN
Authorization Applied authorization profile

For NADs (lookup: nad)

Field Description
Name Device name in ISE
IP Addresses Registered management IPs
Profile NAD profile name
Device Groups Location, type, IPSEC groups
RADIUS Shared secret configured
TACACS+ TACACS+ settings
TrustSec SGT enrollment status

Troubleshooting

Endpoint not found

  • Verify the device has an interface with a MAC address
  • Check that the MAC format matches ISE (XX:XX:XX:XX:XX:XX)
  • Confirm the endpoint exists in ISE endpoint database

NAD not found

  • Verify the device has a primary IP or hostname in NetBox
  • Check that the device is registered as a NAD in ISE
  • Try both IP and hostname lookups

Connection errors

  • Verify ise_url is accessible from NetBox
  • Confirm ERS API is enabled on ISE
  • For self-signed certificates, set verify_ssl: False

Authentication errors

  • Verify the ERS Admin credentials
  • Check user has ERS Admin or ERS Operator role

Development

Setup

git clone https://github.com/sieteunoseis/netbox-cisco-ise.git
cd netbox-cisco-ise
pip install -e ".[dev]"

Code Style

black netbox_cisco_ise/
isort netbox_cisco_ise/
flake8 netbox_cisco_ise/

API Reference

This plugin uses two ISE APIs:

  • ERS API (/ers/config/*): Configuration data - endpoints, NADs, profiles
  • Monitoring API (/admin/API/mnt/*): Real-time session data

Changelog

See CHANGELOG.md for release history.

License

Apache License 2.0 - See LICENSE for details.

Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request

Support

If you find this plugin helpful, consider supporting development:

Buy Me A Coffee

Related Projects

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sieteunoseis from gravatar.com sieteunoseis

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: sieteunoseis
  • Tags netbox , cisco , ise , identity-services-engine , radius , tacacs , nac , endpoint , plugin
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.1.11

0.1.10

0.1.9

0.1.8

0.1.7

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netbox_cisco_ise-0.1.11.tar.gz (27.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netbox_cisco_ise-0.1.11-py3-none-any.whl (33.7 kB view details)

Uploaded Python 3

File details

Details for the file netbox_cisco_ise-0.1.11.tar.gz.

File metadata

  • Download URL: netbox_cisco_ise-0.1.11.tar.gz
  • Upload date:
  • Size: 27.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for netbox_cisco_ise-0.1.11.tar.gz
Algorithm Hash digest
SHA256 556b1806a972c8a37e6c6bf20ab79efa8bbc21b4f2a58baaee06ad0d7c11540c
MD5 ca02e3ffa5f522877f0a9a41b3908126
BLAKE2b-256 7760ccd5c3d30f977f3d6338c3208fe9964ed72eee47d8ef87164cbd4fe38db6

See more details on using hashes here.

Provenance

The following attestation bundles were made for netbox_cisco_ise-0.1.11.tar.gz:

Publisher: release.yml on sieteunoseis/netbox-cisco-ise

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file netbox_cisco_ise-0.1.11-py3-none-any.whl.

File metadata

File hashes

Hashes for netbox_cisco_ise-0.1.11-py3-none-any.whl
Algorithm Hash digest
SHA256 072765b73054a5eeb8f8a2366c194f0899597445f60dd5006babb27972bb6905
MD5 8c98eb0e39d9182ae36d9abb0eb06d01
BLAKE2b-256 83ad553f3c300736ae3b0f754a1b2c75ff4e0ad917e1d6c6f0c1ae94f986b6d1

See more details on using hashes here.

Provenance

The following attestation bundles were made for netbox_cisco_ise-0.1.11-py3-none-any.whl:

Publisher: release.yml on sieteunoseis/netbox-cisco-ise

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page