Cisco Identity Services Engine API Reference Guide, Release 2.x

Session Counter API Calls
Simple Session List API Calls
- Active Sessions List
- Authenticated Sessions List
Detailed Session Attribute API Calls
Stale Sessions
- Removing Stale Sessions

Session Management Query APIs

This chapter describes the session management API calls that provide the means for retrieving important session-related information from within the Cisco Monitoring ISE node in your Cisco ISE deployment.

Session Counter API Calls

The following session counter API calls let you quickly gather a current count of session-related information on a target Cisco Monitoring ISE node in your Cisco ISE deployment:

Active sessions (ActiveCount)—An active session is one that is authenticated onto the network.
Postured sessions (PostureCount)—Postured state is asserted when posture is concluded (Compliant/Noncompliant). Posture is optional, for example, IP-phone/printer would not go to Postured state. Postured state is a short lived interim state, since after Postured, it moves to Started state when accounting start is set.
Profiled sessions (ProfilerCount)

These various states are meant to troubleshoot if an endpoint gets stuck in any of the phases.

Active Sessions Counter

You can use the ActiveCount API call to retrieve a count of all currently active sessions.

Note You must add the HTTP authorization header with the authorization credentials to view the number of active sessions.

ActiveCount API Output Schema

This sample schema file is the output of the ActiveCount API call for retrieving a count of the active sessions on the target Monitoring persona of an ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionCount" type="activeCount"/>

<xs:complexType name="activeCount">

<xs:sequence>

<xs:element name="count" type="xs:int"/>

</xs:sequence>

</xs:complexType>

</xs:schema>

Invoking the ActiveCount API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter.

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the ActiveCount API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/<specific-api-call>):

https://acme123/admin/API/mnt/Session/ActiveCount

Note You must carefully enter each API call in the URL Address field of a target node because these calls are case-sensitive. The use of “mnt” in the API call convention represents the target Cisco Monitoring ISE node.

Step 5 Press Enter to issue the API call.

Related Topics

Verifying a Monitoring Node

Sample Data Returned from the ActiveCount API Call

The following example illustrates the data returned (number of active sessions) when you invoke an ActiveCount API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

</sessionCount>

Posture Sessions Counter

You can use the PostureCount API call to retrieve a current count of all currently active Posture sessions.

PostureCount API Output Schema

This sample schema file is the output of the PostureCount API call for retrieving a count of the current active Posture sessions on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionCount" type="postureCount"/>

<xs:complexType name="postureCount">

<xs:sequence>

<xs:element name="count" type="xs:int"/>

</xs:sequence>

</xs:complexType>

</xs:schema>

Invoking the PostureCount API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter.

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the PostureCount API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

https://acme123/admin/API/mnt/Session/PostureCount

Step 5 Press Enter to issue the API call.

Related Topics

Verifying a Monitoring Node

Sample Data Returned from the PostureCount API Call

The following example illustrates the data returned (number of current active Posture sessions) when you invoke a PostureCount API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

</sessionCount>

Profiler Sessions Counter

You can use the ProfilerCount API call to retrieve a count of all currently active Profiler sessions.

ProfilerCount API Output Schema

This sample schema file is the output of the ProfilerCount API call for retrieving a count of the current active Profiler sessions on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionCount" type="profilerCount"/>

<xs:complexType name="profilerCount">

<xs:sequence>

<xs:element name="count" type="xs:int"/>

</xs:sequence>

</xs:complexType>

</xs:schema>

Invoking the ProfilerCount API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter.

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the ProfilerCount API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

https://acme123/admin/API/mnt/Session/ProfilerCount

Step 5 Press Enter to issue the API call.

Related Topics

Verifying a Monitoring Node

Sample Data Returned from the ProfilerCount API Call

The following example illustrates the data returned (number of active Profiler sessions) when you invoke a ProfilerCount API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

</sessionCount>

Simple Session List API Calls

The following simple session list API calls let you quickly gather session-related information such as the MAC address, the network access device (NAD) IP address, user name, and session ID associated with a current active session on a target Cisco Monitoring ISE node in your Cisco ISE deployment:

Active sessions list (ActiveList)
Authenticated sessions list (AuthList)

Active Sessions List

You can use the ActiveList API call to list all currently active sessions.

Note The maximum number of active authenticated endpoint sessions that can be displayed is limited to 100,000.

ActiveList API Output Schema

This sample schema file is the output of the ActiveList API call for retrieving a list of the current active sessions (and session-related information) on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="activeSessionList" type="simpleActiveSessionList"/>

<xs:complexType name="simpleActiveSessionList">

<xs:sequence>

<xs:element name="activeSession" type="simpleActiveSession" minOccurs="0" maxOccurs="unbounded"/>

</xs:sequence>

<xs:attribute name="noOfActiveSession" type="xs:int" use="required"/>

</xs:complexType>

<xs:complexType name="simpleActiveSession">

<xs:sequence>

<xs:element name="user_name" type="xs:string" minOccurs="0"/>

<xs:element name="calling_station_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="acct_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="audit_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="server" type="xs:string" minOccurs="0"/>

</xs:sequence>

</xs:complexType>

<xs:element name="nas_ipv6_address" type="xs:string"/>

<xs:complexType name="framed_ipv6_address_list">

<xs:sequence minOccurs="0" maxOccurs="8"><xs:element name="ipv6_address" type="xs:string" />

</xs:sequence>

</xs:complexType>

<xs:element name="framed_ipv6_address" type="framed_ipv6_address_list" minOccurs="1" maxOccurs="1"/>

</xs:schema>

Invoking the ActiveList API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter.

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the ActiveList API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

https://acme123/admin/API/mnt/Session/ActiveList

Note You must carefully enter each API call in the URL Address field of a target node, because these calls are case-sensitive. The use of “mnt” in the API call convention represents a Cisco Monitoring ISE node.

Step 5 Press Enter to issue the API call.

Related Topics

Verifying a Monitoring Node

Sample Data Returned from the ActiveList API Call

The following example illustrates the session-related data returned from the list of active sessions when you invoke an ActiveList API call on a target Cisco Monitoring ISE node:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<calling_station_id>00:0C:29:FA:EF:0A</calling_station_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<calling_station_id>70:5A:B6:68:F7:CC</calling_station_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>tom_wolfe</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<acct_session_id>00000032</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>graham_hancock</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<acct_session_id>0000002C</acct_session_id>

<audit_session_id>0ACB6BA10000002A165FD0C8</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>ipepvpnuser</user_name>

<calling_station_id>172.23.130.89</calling_station_id>

<nas_ip_address>10.203.107.45</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>A2000070</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Authenticated Sessions List

You can use the AuthList API call to retrieve a list of all currently active authenticated sessions.

Note The maximum number of active authenticated endpoint sessions that can be displayed is limited to 100,000.

AuthList API Output Schema

This sample schema file is the output of the AuthList API call for retrieving a list of all currently active authenticated sessions within a specified period of time (or for no specified time using the “null/null” parameter) on the target Cisco Monitoring ISE node:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="activeSessionList" type="simpleActiveSessionList"/>

<xs:complexType name="simpleActiveSessionList">

<xs:sequence>

<xs:element name="activeSession" type="simpleActiveSession" minOccurs="0" maxOccurs="unbounded"/>

</xs:sequence>

<xs:attribute name="noOfActiveSession" type="xs:int" use="required"/>

</xs:complexType>

<xs:complexType name="simpleActiveSession">

<xs:sequence>

<xs:element name="user_name" type="xs:string" minOccurs="0"/>

<xs:element name="calling_station_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="acct_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="audit_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="server" type="xs:string" minOccurs="0"/>

</xs:sequence>

</xs:complexType>

<xs:element name="nas_ipv6_address" type="xs:string"/>

<xs:complexType name="framed_ipv6_address_list">

<xs:sequence minOccurs="0" maxOccurs="8"><xs:element name="ipv6_address" type="xs:string" />

</xs:sequence>

</xs:complexType>

<xs:element name="framed_ipv6_address" type="framed_ipv6_address_list" minOccurs="1" maxOccurs="1"/>

</xs:schema>

Invoking the AuthList API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter.

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the AuthList API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/Session/<specific-api-call>):

Note The first of the following two examples uses a defined starttime and null parameter, which displays a list of the currently active sessions that were authenticated after the specified start time. The second example uses the null/null parameter that displays a list of all currently active authenticated sessions. See Sample Data Returned from the AuthList API Call with the null/null Option, which displays samples of the four parameter setting types for this API call.

https://acme123/admin/API/mnt/Session/AuthList/2010-12-14 15:33:15/null

https://acme123/admin/API/mnt/Session/AuthList/null/null

Step 5 Press Enter to issue the API call.

Related Topics

Verifying a Monitoring Node

Sample Data Returned from the AuthList API Call with the null/null Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthList API call using the null/null option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<audit_session_id>0acb6b0c000000174D07F487</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>tom_wolfe</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>graham_hancock</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Sample Data Returned from the AuthList API Call with the endtime/null Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthList API call using the endtime/null option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<audit_session_id>0acb6b0c0000001F4D08085A</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>hunter_thompson</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>bob_ludlum</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Sample Data Returned from the AuthList API Call with the null/starttime Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthList API call using the null/starttime option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<nas_ipv6_address>2001:cdba::3257:9652</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3257:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3257:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:9652</ipv6_address>

</framed_ipv6_address>

<audit_session_id>0acb6b0c0000001F4D08085A</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>bob_ludlum</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>tom_wolfe</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Sample Data Returned from the AuthList API Call with the statttime/endtime Option

The following example illustrate the list of currently active authenticated sessions that is returned when you invoke an AuthList API call using the starttime/endtime option:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<user_name>ipepwlcuser</user_name>

<calling_station_id>00:26:82:7B:D2:51</calling_station_id>

<nas_ip_address>10.203.107.10</nas_ip_address>

<audit_session_id>0acb6b0c0000001F4D08085A</audit_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>graham_hancock</user_name>

<calling_station_id>00:50:56:8E:28:BD</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<acct_session_id>00000035</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

<user_name>hunter_thompson</user_name>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_ip_address>10.203.107.161</nas_ip_address>

<acct_session_id>00000033</acct_session_id>

<server>HAREESH-R6-1-PDP2</server>

</activeSession>

</activeSessionList>

Detailed Session Attribute API Calls

The following detailed session attribute API calls let you quickly search the latest session for key information, such as the following:

MAC address session search (MACAddress)
User name session search (UserName)
NAS IP address session search (IPAddress associated with a target Monitoring ISE node)
Endpoint IP address session search (EndPointIPAddress)
Audit session ID search (Audit Session ID)

MAC Address Session Search

You can use the MACAddress API call to retrieve a specified MAC address from a current, active session. This API call lists a variety of session-related information drawn from node database tables.

MACAddress API Output Schema

This sample schema file is the output of the MACAddress API call for retrieving a specified MAC address from the current active sessions:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="sessionParameters" type="restsdStatus"/>

<xs:complexType name="restsdStatus">

<xs:sequence>

<xs:element name="passed" type="xs:anyType" minOccurs="0"/>

<xs:element name="failed" type="xs:anyType" minOccurs="0"/>

<xs:element name="user_name" type="xs:string" minOccurs="0"/>

<xs:element name="nas_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="failure_reason" type="xs:string" minOccurs="0"/>

<xs:element name="calling_station_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_port" type="xs:string" minOccurs="0"/>

<xs:element name="identity_group" type="xs:string" minOccurs="0"/>

<xs:element name="network_device_name" type="xs:string" minOccurs="0"/>

<xs:element name="acs_server" type="xs:string" minOccurs="0"/>

<xs:element name="authen_protocol" type="xs:string" minOccurs="0"/>

<xs:element name="framed_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="network_device_groups" type="xs:string" minOccurs="0"/>

<xs:element name="access_service" type="xs:string" minOccurs="0"/>

<xs:element name="auth_acs_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="authentication_method" type="xs:string" minOccurs="0"/>

<xs:element name="execution_steps" type="xs:string" minOccurs="0"/>

<xs:element name="radius_response" type="xs:string" minOccurs="0"/>

<xs:element name="audit_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="nas_identifier" type="xs:string" minOccurs="0"/>

<xs:element name="nas_port_id" type="xs:string" minOccurs="0"/>

<xs:element name="nac_policy_compliance" type="xs:string" minOccurs="0"/>

<xs:element name="auth_id" type="xs:long" minOccurs="0"/>

<xs:element name="auth_acsview_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="message_code" type="xs:string" minOccurs="0"/>

<xs:element name="acs_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="service_selection_policy" type="xs:string" minOccurs="0"/>

<xs:element name="authorization_policy" type="xs:string" minOccurs="0"/>

<xs:element name="identity_store" type="xs:string" minOccurs="0"/>

<xs:element name="response" type="xs:string" minOccurs="0"/>

<xs:element name="service_type" type="xs:string" minOccurs="0"/>

<xs:element name="cts_security_group" type="xs:string" minOccurs="0"/>

<xs:element name="use_case" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_av_pair" type="xs:string" minOccurs="0"/>

<xs:element name="ad_domain" type="xs:string" minOccurs="0"/>

<xs:element name="acs_username" type="xs:string" minOccurs="0"/>

<xs:element name="radius_username" type="xs:string" minOccurs="0"/>

<xs:element name="nac_role" type="xs:string" minOccurs="0"/>

<xs:element name="nac_username" type="xs:string" minOccurs="0"/>

<xs:element name="nac_posture_token" type="xs:string" minOccurs="0"/>

<xs:element name="nac_radius_is_user_auth" type="xs:string" minOccurs="0"/>

<xs:element name="selected_posture_server" type="xs:string" minOccurs="0"/>

<xs:element name="selected_identity_store" type="xs:string" minOccurs="0"/>

<xs:element name="authentication_identity_store" type="xs:string" minOccurs="0"/>

<xs:element name="azn_exp_pol_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="ext_pol_server_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="grp_mapping_pol_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="identity_policy_matched_rule" type="xs:string" minOccurs="0"/>

<xs:element name="nas_port_type" type="xs:string" minOccurs="0"/>

<xs:element name="query_identity_stores" type="xs:string" minOccurs="0"/>

<xs:element name="selected_azn_profiles" type="xs:string" minOccurs="0"/>

<xs:element name="sel_exp_azn_profiles" type="xs:string" minOccurs="0"/>

<xs:element name="selected_query_identity_stores" type="xs:string" minOccurs="0"/>

<xs:element name="eap_tunnel" type="xs:string" minOccurs="0"/>

<xs:element name="tunnel_details" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_h323_attributes" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_ssg_attributes" type="xs:string" minOccurs="0"/>

<xs:element name="other_attributes" type="xs:string" minOccurs="0"/>

<xs:element name="response_time" type="xs:long" minOccurs="0"/>

<xs:element name="nad_failure" type="xs:anyType" minOccurs="0"/>

<xs:element name="destination_ip_address" type="xs:string" minOccurs="0"/>

<xs:element name="acct_id" type="xs:long" minOccurs="0"/>

<xs:element name="acct_acs_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="acct_acsview_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="acct_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="acct_status_type" type="xs:string" minOccurs="0"/>

<xs:element name="acct_session_time" type="xs:long" minOccurs="0"/>

<xs:element name="acct_input_octets" type="xs:string" minOccurs="0"/>

<xs:element name="acct_output_octets" type="xs:string" minOccurs="0"/>

<xs:element name="acct_input_packets" type="xs:long" minOccurs="0"/>

<xs:element name="acct_output_packets" type="xs:long" minOccurs="0"/>

<xs:element name="acct_class" type="xs:string" minOccurs="0"/>

<xs:element name="acct_terminate_cause" type="xs:string" minOccurs="0"/>

<xs:element name="acct_multi_session_id" type="xs:string" minOccurs="0"/>

<xs:element name="acct_authentic" type="xs:string" minOccurs="0"/>

<xs:element name="termination_action" type="xs:string" minOccurs="0"/>

<xs:element name="session_timeout" type="xs:string" minOccurs="0"/>

<xs:element name="idle_timeout" type="xs:string" minOccurs="0"/>

<xs:element name="acct_interim_interval" type="xs:string" minOccurs="0"/>

<xs:element name="acct_delay_time" type="xs:string" minOccurs="0"/>

<xs:element name="event_timestamp" type="xs:string" minOccurs="0"/>

<xs:element name="acct_tunnel_connection" type="xs:string" minOccurs="0"/>

<xs:element name="acct_tunnel_packet_lost" type="xs:string" minOccurs="0"/>

<xs:element name="security_group" type="xs:string" minOccurs="0"/>

<xs:element name="cisco_h323_setup_time" type="xs:dateTime" minOccurs="0"/>

<xs:element name="cisco_h323_connect_time" type="xs:dateTime" minOccurs="0"/>

<xs:element name="cisco_h323_disconnect_time" type="xs:dateTime" minOccurs="0"/>

<xs:element name="framed_protocol" type="xs:string" minOccurs="0"/>

<xs:element name="started" type="xs:anyType" minOccurs="0"/>

<xs:element name="stopped" type="xs:anyType" minOccurs="0"/>

<xs:element name="ckpt_id" type="xs:long" minOccurs="0"/>

<xs:element name="type" type="xs:long" minOccurs="0"/>

<xs:element name="nad_acsview_timestamp" type="xs:dateTime" minOccurs="0"/>

<xs:element name="vlan" type="xs:string" minOccurs="0"/>

<xs:element name="dacl" type="xs:string" minOccurs="0"/>

<xs:element name="authentication_type" type="xs:string" minOccurs="0"/>

<xs:element name="interface_name" type="xs:string" minOccurs="0"/>

<xs:element name="reason" type="xs:string" minOccurs="0"/>

<xs:element name="endpoint_policy" type="xs:string" minOccurs="0"/>

</xs:sequence>

</xs:complexType>

<xs:element name="nas_ipv6_address" type="xs:string"/>

<xs:complexType name="framed_ipv6_address_list">

<xs:sequence minOccurs="0" maxOccurs="8"><xs:element name="ipv6_address" type="xs:string" />

</xs:sequence>

</xs:complexType>

<xs:element name="framed_ipv6_address" type="framed_ipv6_address_list" minOccurs="1" maxOccurs="1"/>

</xs:schema>

Invoking the MACAddress API Call

Step 1 Enter the Cisco ISE URL in the address bar of your browser (for example, https://<ise hostname or ip address>/admin/).

Step 2 Enter the username and case-sensitive password, that was specified and configured during the initial Cisco ISE setup.

Step 3 Click Login or press Enter.

For example, when you initially log into a Cisco Monitoring ISE node with the hostname of acme123, this would display the following URL Address field for this node:

https://acme123/admin/LoginAction.do#pageId=com_cisco_xmp_web_page_tmpdash

Step 4 Enter the MACAddress API call in the URL Address field of the target node by replacing the “/admin/” component with the API call component (/admin/API/mnt/<specific-api-call>/<macaddress>):

https://acme123/admin/API/mnt/Session/MACAddress/0A:0B:0C:0D:0E:0F

Note Make sure that you specify the MAC address using the XX:XX:XX:XX:XX:XX format. The MAC address input is case sensitive. Only uppercase characters are accepted for the MAC address input.

Step 5 Press Enter to issue the API call.

Related Topics

Verifying a Monitoring Node

Sample Data Returned from the MACAddress API Call

The following example illustrates the session-related data returned from the list of active sessions when you invoke an MACAddress API call:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<failed xsi:type="xs:boolean">false</failed>

<user_name>hunter_thompson</user_name>

<nas_ip_address>10.203.107.161</nas_ip_address>

<nas_ipv6_address>2001:cdba::357:965</nas_ipv6_address>

<framed_ipv6_address>

<ipv6_address>200:cdba:0000:0000:0000:0000:3157:9652</ipv6_address>

<ipv6_address> 2001:cdba:0:0:0:0:3247:9651</ipv6_address>

<ipv6_address>2001:cdba::3257:962</ipv6_address>

</framed_ipv6_address>

<calling_station_id>00:14:BF:5A:0C:03</calling_station_id>

<nas_port>50115</nas_port>

<identity_group>Profiled</identity_group>

<network_device_name>Core-Switch</network_device_name>

<acs_server>HAREESH-R6-1-PDP2</acs_server>

<authen_protocol>Lookup</authen_protocol>

<network_device_groups>

Device Type#All Device Types,Location#All Locations

</network_device_groups>

<access_service>RADIUS</access_service>

<auth_acs_timestamp>2010-12-15T02:11:12.359Z</auth_acs_timestamp>

<authentication_method>mab</authentication_method>

<execution_steps>

11001,11017,11027,15008,15048,15004,15041,15004,15013,24209,24211,22037,15036,15048,15048,15004,15016,11022,11002

</execution_steps>

<audit_session_id>0ACB6BA1000000351BBFBF8B</audit_session_id>

<nas_port_id>GigabitEthernet1/0/15</nas_port_id>

<nac_policy_compliance>Pending</nac_policy_compliance>

<auth_id>1291240762077361</auth_id>

<auth_acsview_timestamp>2010-12-15T02:11:12.360Z</auth_acsview_timestamp>

<message_code>5200</message_code>

<acs_session_id>HAREESH-R6-1-PDP2/81148292/681</acs_session_id>

<service_selection_policy>MAB</service_selection_policy>

<identity_store>Internal Hosts</identity_store>

{UserName=00-14-BF-5A-0C-03; User-Name=00-14-BF-5A-0C-03; State=ReauthSession:0ACB6BA1000000351BBFBF8B; Class=CACS:0ACB6BA1000000351BBFBF8B:HAREESH-R6-1-PDP2/81148292/681; Termination-Action=RADIUS-Request; cisco-av-pair=url-redirect-acl=ACL-WEBAUTH-REDIRECT; cisco-av-pair=url-redirect=https://HAREESH-R6-1-PDP2.cisco.com:8443/guestportal/gateway?sessionId=0ACB6BA1000000351BBFBF8B&action=cwa; cisco-av-pair=ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-ACL-DENY-4ced8390; }

</response>

<service_type>Call Check</service_type>

<use_case>Host Lookup</use_case>

<cisco_av_pair>audit-session-id=0ACB6BA1000000351BBFBF8B</cisco_av_pair>

<acs_username>00:14:BF:5A:0C:03</acs_username>

<radius_username>00:14:BF:5A:0C:03</radius_username>

<selected_identity_store>Internal Hosts</selected_identity_store>

<authentication_identity_store>Internal Hosts</authentication_identity_store>

<identity_policy_matched_rule>Default</identity_policy_matched_rule>

<nas_port_type>Ethernet</nas_port_type>

<selected_azn_profiles>CWA</selected_azn_profiles>

<other_attributes>

ConfigVersionId=44,DestinationIPAddress=10.203.107.162,DestinationPort=1812,Protocol=Radius,Framed-MTU=1500,EAP-Key-Name=,CPMSessionID=0ACB6BA1000000351BBFBF8B,CPMSessionID=0ACB6BA1000000351BBFBF8B,EndPointMACAddress=00-14-BF-5A-0C-03,HostIdentityGroup=Endpoint Identity Groups:Profiled,Device Type=Device Type#All Device Types,Location=Location#All Locations,Model Name=Unknown,Software Version=Unknown,Device IP Address=10.203.107.161,Called-Station-ID=04:FE:7F:7F:C0:8F

</other_attributes>

<response_time>77</response_time>

<acct_id>1291240762077386</acct_id>

<acct_acs_timestamp>2010-12-15T02:12:30.779Z</acct_acs_timestamp>

<acct_acsview_timestamp>2010-12-15T02:12:30.780Z</acct_acsview_timestamp>

<acct_session_id>00000038</acct_session_id>

<acct_status_type>Interim-Update</acct_status_type>

<acct_session_time>78</acct_session_time>

<acct_input_octets>13742</acct_input_octets>

<acct_output_octets>6277</acct_output_octets>

<acct_input_packets>108</acct_input_packets>

<acct_output_packets>66</acct_output_packets>

<acct_class>

CACS:0ACB6BA1000000351BBFBF8B:HAREESH-R6-1-PDP2/81148292/681

</acct_class>

<acct_delay_time>0</acct_delay_time>

<started xsi:type="xs:boolean">false</started>

<stopped xsi:type="xs:boolean">false</stopped>

</sessionParameters>

User Name Session Search

You can use the UserName API call to retrieve a specified user name from a current, active session. This API will list a variety of session-related information drawn from node database tables.

UserName API Output Schema

This sample schema file is the output of the UserName API call for retrieving a specified user name from the current active sessions: