Configuring 802.1x Authentication for Windows Deployment – Part 5 – Dynamic Whitelisting using the Cisco ISE External RESTful Service-A Square Dozen | A. Gross Blog

[utterances-bot]

Configuring 802.1x Authentication for Windows Deployment – Part 5 – Dynamic Whitelisting using the Cisco ISE External RESTful Service-A Square Dozen | A. Gross Blog

A.Gross Blog | Adam Gross Enterprise Mobility MVP

https://www.asquaredozen.com/2018/09/29/configuring-802-1x-authentication-for-windows-deployment-part-5-dynamic-whitelisting-using-the-cisco-ise-external-restful-service/

[ArneSmeyers]

Hey Adam, I came across this post while researching ISE and PXEboot/SCCM integration. I've been going back and forth with my ISE admin to get this working. He came back with this article https://developer.cisco.com/docs/identity-services-engine/3.0/#!introduction-to-monitoring-rest-apis/supported-api-calls, where he pointed out the below:If you intend to use a generic programmatic interface to authenticate with the Monitoring REST API supported by Cisco ISE, you need to first create a REST-based client that bridges Cisco ISE and the specific tool you use. You then use this REST client to authenticate with the Cisco ISE Monitoring REST APIs, marshal and submit the API requests to the Monitoring nodes, and then unmarshal the API responses and pass them on to the specified tool. Did you have to create this so called bridge in your environment as well? Thanks, Arne

[jginternet]

Hi Adam, the GitHub link is no longer active. I'd really appreciate if you made the PowerShell script available again. Thanks much, joseph

[MarbleOrRye]

Hi Adam, the GitHub link is no longer active. I'd really appreciate if you made the PowerShell script available again. Thanks much, joseph

For those trying to find the PowerShell script I went directly to his GitHub and went down the repositories.

Go to the following... https://github.com/AdamGrossTX/CiscoISE/tree/main/External%20RESTful%20Service%20(ERS)%20API

[shift4ie]

Hi Adam, is there any concern that someone will PXE boot their device and extract the ERSAdmin credentials from the task sequence or powershell script?

[AdamGrossTX]

Yes. It’s fully accessible from WinPE. Using this should also include restricting PXE to specific ports in secure imaging locations. Or password protect PXE.

---

From: shift4ie @.> Sent: Monday, October 2, 2023 1:19:57 PM To: AdamGrossTX/asquaredozen @.> Cc: Subscribed @.***> Subject: Re: [AdamGrossTX/asquaredozen] Configuring 802.1x Authentication for Windows Deployment – Part 5 – Dynamic Whitelisting using the Cisco ISE External RESTful Service-A Square Dozen | A. Gross Blog (Issue #12)

Hi Adam, is there any concern that someone will PXE boot their device and extract the ERSAdmin credentials from the task sequence or powershell script?

— Reply to this email directly, view it on GitHubhttps://github.com/AdamGrossTX/asquaredozen/issues/12#issuecomment-1743517759, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AE7SYDQIZ47UJAWCPKJSN6DX5MAU3AVCNFSM5KQNK2SKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZUGM2TCNZXGU4Q. You are receiving this because you are subscribed to this thread.Message ID: @.***>