Analyze RADIUS reports for a concise list of wired endpoints hitting specified catch-all policies.
For ISE 3.x versions, use the ISE3 branch!
·
Report Bug
·
Request Feature
Table of Contents
Helps you move toward full wired enforcement by identifying endpoints that are hitting a catch-all permit policy. This phase may be referred to as Low Impact, and helps administrators pushing 802.1x out to their switch ports avoid accidently denying access to an endpoint that has no relevant authorization policy yet. Often, this is a MAB authorization policy at the bottom of your policy list that will simply permit access to all endpoints.
This script ingests a .csv RADIUS Authentications report from Cisco ISE. It deduplicates and weeds out endpoints that are no longer hitting Low Impact catch-all policies. You are left with a csv file listing only the hosts that are hitting the low impact policy. This makes it easy to get a count of endpoints you need to address before you disable your catch-all policy, moving into your final enforcement plan.
Dependencies:
- pandas => 1.3.4
- Clone the repo
git clone https://github.com/gobblegoob/lowimpactplus.git
- Install the requirements
pip install -r requirements.txtIn brief:
- Modify the script variables to match your targeted policies.
- Edit the src_report variable to match the RADIUS report csv file you wish to analyze
- Add arguments to set input file
- Add gui to select input file
- Utilize OpenPyxl to change output to formatted xml spreadsheet for cleaner deliverable
See the open issues for a full list of proposed features (and known issues).
Distributed under the MIT License. See LICENSE.txt for more information.
Project Link: https://github.com/gobblegoob/lowimpactplus