Cisco ISE: Update HotSpot access-code Daily

Several times, I run into the question if there is an option to “automatically” change the guest HotSpot access code at a given interval (lets say daily) and I came up with the following solution: ISE API + Python + Task Scheduler

Steps:

  1. Enable API on ISE
  2. Create Python Script
  3. Configure Task Scheduler

Enable the ERS APIs

The ERS APIs are disabled by default.

  • Login to your ISE PAN
  • Navigate to Administration > System > Settings and select ERS Settings from the left panel.
  • Enable the ERS APIs by selecting Enable ERS for Read/Write
  • Select Save to save your changes.

more info and examples here

Access code Generator

Let’s say for access code we need a random string which contains both letters and digits – Python:

import random
import string

def randomStringDigits(stringLength=6):
    """Generate a random string of letters and digits """
    lettersAndDigits = string.ascii_letters + string.digits
    return ''.join(random.choice(lettersAndDigits) for i in range(stringLength))

ISE API

Once new access code is generated, it needs to be pushed (PUT) using API to the ISE portal by portal id and name:

url = 'https://<ISE_PAN_IP>:9060/ers/config/hotspotportal/HOTSPOT-PORTAL-ID'
data = { 'HotspotPortal':
             { 'id': 'HOTSPOT-PORTAL-ID',
               'name': 'HOTSPOT-PORTAL-NAME',
               'settings':
                   { "aupSettings":
                       { "includeAup": 'true',
                         "requireAccessCode": 'true',
                         "accessCode": access_code,
                         "requireScrolling": 'false'
                       }}}}

Email new Access code

It’s good to have a new access code in your email. Here is Python: Simple Email Gmail configuration.

The entire script:

import requests
import json
import random
import string
from requests.auth import HTTPBasicAuth
import smtplib

def send_email(access_code):
    fromaddr = "YOUR_EMAIL@GMAIL.COM"
    toaddr = "YOUR_EMAIL@GMAIL.COM"

    server = smtplib.SMTP('smtp.gmail.com', 587)
    server.ehlo()
    server.starttls()
    server.ehlo()
    server.login(fromaddr, "YOUR_GMAIL_APP_PASSWORD")
    SUBJECT = "New Guest Password"
    TEXT = "New Guest Password: " + str(access_code)
    message = 'Subject: {}\n\n{}'.format(SUBJECT, TEXT)
    server.sendmail(fromaddr, toaddr, message)
    server.quit()

def randomStringDigits(stringLength=6):
    """Generate a random string of letters and digits """
    lettersAndDigits = string.ascii_letters + string.digits
    return ''.join(random.choice(lettersAndDigits) for i in range(stringLength))

url = 'https://<ISE_PAN_IP>:9060/ers/config/hotspotportal/HOTSPOT-PORTAL-ID'

access_code = randomStringDigits(6)

data = { 'HotspotPortal':
            { 'id': 'HOTSPOT-PORTAL-ID',
              'name': 'HOTSPOT-PORTAL-NAME',
              'settings':
                  { "aupSettings":
                      { "includeAup": 'true',
                        "requireAccessCode": 'true',
                        "accessCode": access_code,
                        "requireScrolling": 'false'
                      }
                  }
              }
}

headers = {"Content-Type": "application/json"}

response = requests.put(url, data=json.dumps(data), headers=headers, verify=False, auth=HTTPBasicAuth('ISE_USERNAME', 'ISE_PASSWORD'))

send_email(access_code)

Scheduler

Now we need to run this script on schedule. I tested it with the Task Scheduler: Run the .py file with the Task Scheduler.

Open Task Scheduler and create a new Task.
In the General tab, put the name of your new task, select the option Run whether user is logged on or not, check the option Run with highest privileges and make sure to setup the appropriate version of OS:

In the Actions tab, click on the New button and type in the following:

  • Program/Scripts – Python.exe path: C:\Users\user\python.exe
  • Add arguments (optional) – the name of your python script: ise-change-access-code.py
  • Start in (optional) – the path of the file but without the name of the python script: C:\Users\user\PycharmProjects\other

Click on the Triggers tab and select how often you want to execute this task.

More options are here.

Share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *