Integrating LiveAction NX with Cisco ISE via pxGrid
By James Gilarte, Cisco SE. As the evolution of the network continues to evolve to a more software driven architecture it’s important to understand who is on the network, what type of applications are running over the network as well as how is the network operating overall. LiveAction’s LiveNX collects and analyses real-‐time data directly from any network device (routers, switches, firewalls etc.) providing insights to plan, diagnose and optimize the environment to deliver application assurances. Integrating LiveNX with Cisco’s Identity Services Engine via pxGrid allows LiveNX the ability to gain the insights into user application performance on the network. Giving them deep visibility and control of application path optimization and assurance. This blog post will highlight the steps on how to get the two platforms integrated using pxGrid. Step 1. Installing the pxGrid SDK Step 2. Using Sample Certificates from SDK for pxGrid Step 3. Allow password-‐based account creation Step 4. Account creation. Step 5. Integration between LiveNX and ISE Below is an example of the topology used.
Step 1: Installing the pxGrid SDK • Download the Cisco pxGrid SDK from developer.cisco.com (link here) and untar the file
Cisco ISEIP: 10.10.10.100
Live NXIP: 10.10.10.111 PxGrid
• The ../samples/cert folder will contain the sample certificates for running the pxGrid scripts.
• The ../samples/bin folder will contain the sample pxGrid “Java” scripts. • To run these scripts, the Oracle Java Development Kit is required (download if required).
Step 2: Using Sample Certificates from SDK for pxGrid testing • Navigate to the certs folder in the pxGrid SDK file that was just downloaded.
• Log into ISE and upload the rootSample.cert to the ISE pxGrid Node. This serves as the
trusted certificate. Navigate to Administration>System>Certificate Management>Trusted Certificates>Import
• Upload the rootSample.cert file. Give the certificate a friendly name. In this instance we will use “PxGrid – Live Action”. Also ensure that “Trusted for authentication within ISE” is enabled.
• Upload the iseSample.crt file into the ISE system certificate store
• Import the iseSample.crt file along with iseSample1.key. This serves as the pxGrid client
identity certificate. In this example the password will be “cisco123”. Make sure that the certificate is enabled for usage for pxGrid.
Step 3: Allow password-‐based account creation
• In order to create users using pxGrid we must enable the “Allow password based account creation” under pxGrid services
Step 4: Account creation • On your local terminal create an account.
o Go to the pxgrid sdk and navigate to the /samples/bin folder
• Set JAVA_HOME by executing “export JAVA_HOME=/usr/bin”
• Execute the follow command in order to create an account
“./samples/bin/create_account.sh -‐a 10.10.10.100 (ISE SERVER IP) -‐u liveaction (newuser) -‐t /samples/cert/rootSample.jks -‐q cisco123”
• response of above script is as below -‐-‐-‐-‐-‐-‐-‐ properties -‐-‐-‐-‐-‐-‐-‐
version=2.0.0.14 hostnames=10.10.10.100 username=liveaction password= group=Session description=null keystoreFilename=/Applications/iseself/pxGrid-‐sdk-‐1.0.3.37/samples/certs/clientsample1.jks keystorePassword=cisco123
truststoreFilename=maccertroot.jks truststorePassword=cisco123 -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ HTTP status=OK
password: O3yt1cKDE89OBIT1
• Please note down the password mentioned at the end of the response and on the basis of above response. You will use those credentials to integrate LiveNX and ISE
In our example we will use the username/password combination below
User: liveaction
Password: O3yt1cKDE89OBIT1
• Subscribe the session to begin the integration by entering the following command on the terminal “./samples/bin/session_subscribe.sh -‐a 10.10.10.100 -‐u liveaction -‐t /samples/cert/rootSample.jks -‐q cisco123”
• Go back into the ISE portal and navigate to the pxGrid Services. You will see the pxGrid client name we just created. Select client and hit approve.
Step 5. Integration between LiveNX and ISE
• Log into the LiveNX web client and navigate to Integrations.
• Select Cisco ISE and enter the hostname of the ISE server with the pxGrid client credentials we created in step 4. In this example our ISE server is 10.10.10.100 with the username/password of: User: liveaction Password: O3yt1cKDE89OBIT1
• Hit Save. You will see that the integration was successful when the status reads “Connected” as shown below
• Navigate to “Network Users” where you will see the user information being pulled from ISE for their respective flows.
Top Related