Introducing Catalyst Center APIs
Begin exploring how Catalyst Center (formerly DNA Center) automates the large campus.
Understand What Catalyst Center Does
Catalyst Center is one of the more complicated SDN solutions to ever hit the market. Before we talk about automating it, let's understand what problem it solves first.
Knowledge Check
What is the primary purpose of the Cisco Catalyst Center?
- ATo allow users to maintain their connectivity and policies as they move throughout a campus or globally.
- BTo manage and configure only the Catalyst 9000 series devices.
- CTo replace all existing network infrastructure with new hardware.
- DTo provide a centralized database for storing user credentials.
- ETo serve as a firewall for enterprise networks.
Verify your team's readiness — Request a Demo to verify practice assessments, completion reporting, and CSV / SCORM exports on the Team plan.
The 5 Applications of Catalyst Center
Catalyst Center's workflow is really broken down into 5 steps that they call "Applications" or "Apps." In this video, we'll break down what each of the 5 apps are.
Knowledge Check
What is the primary function of the 'Design' application in Cisco DNA Center?
- ATo identify and map out the global layout of the network, including building names and addresses.
- BTo configure network policies and access controls.
- CTo automate the discovery and onboarding of network devices.
- DTo monitor the health and performance of the network environment.
Verify your team's readiness — Request a Demo to verify practice assessments, completion reporting, and CSV / SCORM exports on the Team plan.
Understand the Platform Application
For the DevNet Associate exam, the bulk of your work is going to spent on the Platform app, which is where all of the APIs are exposed. In this video, we'll learn how Platform orchestrates activity across various platforms.
Knowledge Check
What is the primary function of the eastbound API in the Catalyst Center platform?
- ATo inform external applications about events occurring in the Catalyst Center.
- BTo manage authentication and authorization processes.
- CTo handle DHCP and DNS services internally.
- DTo communicate directly with network devices like switches and routers.
Verify your team's readiness — Request a Demo to verify practice assessments, completion reporting, and CSV / SCORM exports on the Team plan.
Exploring with Postman, Python (and Cursor)
Now we'll start to explore how we can build a request using Postman and Python. In this particular video, I decided to show what my research process would be like in this modern era of LLMs baked into code editors. Ultimately, my final goal is to have Cursor scaffold a script using sample payloads for each request. So I begin by using the Platform documentation with Postman to explore the API, and then using Cursor to drive it home.
Code:
#!/usr/bin/env python3
"""
Cisco Catalyst Center API Client
This script provides functions to authenticate and interact with Cisco Catalyst Center APIs
without using the SDK.
"""
import requests
import json
import base64
import time
from requests.auth import HTTPBasicAuth
from urllib3.exceptions import InsecureRequestWarning
# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
class CatalystCenterAPI:
"""A class for interacting with Cisco Catalyst Center APIs"""
def __init__(self, base_url, username, password, verify=False):
"""
Initialize the Catalyst Center API client
Args:
base_url (str): The base URL of the Catalyst Center instance
username (str): Username for authentication
password (str): Password for authentication
verify (bool): Whether to verify SSL certificates
"""
self.base_url = base_url.rstrip('/')
self.username = username
self.password = password
self.verify = verify
self.token = None
self.token_expiry = 0
def authenticate(self):
"""
Authenticate with Catalyst Center and get a token
Returns:
bool: True if authentication was successful, False otherwise
"""
auth_url = f"{self.base_url}/dna/system/api/v1/auth/token"
try:
response = requests.post(
auth_url,
auth=HTTPBasicAuth(self.username, self.password),
verify=self.verify
)
response.raise_for_status()
# Extract token from response
token_data = response.json()
self.token = token_data.get('Token')
# Set token expiry (tokens typically last for 1 hour)
self.token_expiry = time.time() + 3600
return True
except requests.exceptions.RequestException as e:
print(f"Authentication failed: {e}")
if hasattr(e, 'response') and e.response is not None:
print(f"Response: {e.response.text}")
return False
def get_headers(self):
"""
Get headers with authentication token
Returns:
dict: Headers including the authentication token
"""
# Check if token is expired or not set
if self.token is None or time.time() > self.token_expiry:
self.authenticate()
return {
'Content-Type': 'application/json',
'Accept': 'application/json',
'X-Auth-Token': self.token
}
def get(self, endpoint, params=None):
"""
Make a GET request to Catalyst Center
Args:
endpoint (str): API endpoint to call
params (dict): Query parameters
Returns:
dict: Response data
"""
url = f"{self.base_url}{endpoint}"
try:
response = requests.get(
url,
headers=self.get_headers(),
params=params,
verify=self.verify
)
response.raise_for_status()
return response.json()
except requests.exceptions.RequestException as e:
print(f"GET request failed: {e}")
if hasattr(e, 'response') and e.response is not None:
print(f"Response: {e.response.text}")
return None
def post(self, endpoint, data=None, json_data=None):
"""
Make a POST request to Catalyst Center
Args:
endpoint (str): API endpoint to call
data (dict): Form data
json_data (dict): JSON data
Returns:
dict: Response data
"""
url = f"{self.base_url}{endpoint}"
try:
response = requests.post(
url,
headers=self.get_headers(),
data=data,
json=json_data,
verify=self.verify
)
response.raise_for_status()
return response.json()
except requests.exceptions.RequestException as e:
print(f"POST request failed: {e}")
if hasattr(e, 'response') and e.response is not None:
print(f"Response: {e.response.text}")
return None
def put(self, endpoint, data=None, json_data=None):
"""
Make a PUT request to Catalyst Center
Args:
endpoint (str): API endpoint to call
data (dict): Form data
json_data (dict): JSON data
Returns:
dict: Response data
"""
url = f"{self.base_url}{endpoint}"
try:
response = requests.put(
url,
headers=self.get_headers(),
data=data,
json=json_data,
verify=self.verify
)
response.raise_for_status()
return response.json()
except requests.exceptions.RequestException as e:
print(f"PUT request failed: {e}")
if hasattr(e, 'response') and e.response is not None:
print(f"Response: {e.response.text}")
return None
def delete(self, endpoint, params=None):
"""
Make a DELETE request to Catalyst Center
Args:
endpoint (str): API endpoint to call
params (dict): Query parameters
Returns:
dict: Response data
"""
url = f"{self.base_url}{endpoint}"
try:
response = requests.delete(
url,
headers=self.get_headers(),
params=params,
verify=self.verify
)
response.raise_for_status()
return response.json()
except requests.exceptions.RequestException as e:
print(f"DELETE request failed: {e}")
if hasattr(e, 'response') and e.response is not None:
print(f"Response: {e.response.text}")
return None
# Example usage
if __name__ == "__main__":
# Sandbox credentials
BASE_URL = "https://sandboxdnac.cisco.com"
USERNAME = "devnetuser"
PASSWORD = "Cisco123!"
# Initialize the API client
dnac = CatalystCenterAPI(BASE_URL, USERNAME, PASSWORD)
# Authenticate and get token
if dnac.authenticate():
print(f"Authentication successful!")
print(f"Token: {dnac.token}")
# Example API call - Get network devices
devices = dnac.get("/dna/intent/api/v1/network-device")
if devices:
print(f"\nFound {len(devices.get('response', []))} network devices:")
for device in devices.get('response', []):
print(f"- {device.get('hostname')} ({device.get('managementIpAddress')})")
else:
print("Authentication failed.")
Video:
Knowledge Check
What is the primary purpose of using Postman in the context of the video?
- ATo explore the API and perform authentication requests.
- BTo generate code using AI tools.
- CTo replace the need for writing scripts manually.
- DTo manage network devices directly.
Verify your team's readiness — Request a Demo to verify practice assessments, completion reporting, and CSV / SCORM exports on the Team plan.
Leverage the SDK
If your goal is to write code and an SDK is offered, use the SDK. We explored how powerful SDKs are in the previous skill on ACI; now we will drill that concept home with the DNA Center SDK (cleverly called "dnacentersdk").
Code:
#!/usr/bin/env python3
"""
Script to authenticate with Cisco DNA Center (Catalyst Center) devnet sandbox
and retrieve a list of devices.
"""
from dnacentersdk import DNACenterAPI
import json
from pprint import pprint
# Cisco DevNet Sandbox credentials
# Always-On Catalyst Center (DNA Center) Sandbox
DNAC_URL = "https://sandboxdnac.cisco.com"
DNAC_USERNAME = "devnetuser"
DNAC_PASSWORD = "Cisco123!"
def main():
"""
Main function to authenticate and get devices from DNA Center
"""
print("Connecting to Cisco DNA Center...")
# Create a DNACenterAPI connection object
# Using verify=False to bypass SSL certificate verification
api = DNACenterAPI(username=DNAC_USERNAME,
password=DNAC_PASSWORD,
base_url=DNAC_URL,
verify=False)
print("Successfully authenticated with DNA Center")
# Get the list of devices
print("\nRetrieving list of devices...")
devices = api.devices.get_device_list()
api.clients.get
# Print the devices
print(f"\nFound {len(devices.response)} devices:")
print("-" * 80)
for device in devices.response:
print(f"Device Name: {device.hostname}")
print(f"Device Type: {device.type}")
print(f"Management IP: {device.managementIpAddress}")
print(f"Platform ID: {device.platformId}")
print(f"Serial Number: {device.serialNumber}")
print(f"Software Version: {device.softwareVersion}")
print(f"Up Time: {device.upTime}")
print(f"Status: {device.reachabilityStatus}")
print("-" * 80)
# Optionally, you can also print the raw JSON response
# print("\nRaw JSON response:")
# print(json.dumps(devices, indent=2))
if __name__ == "__main__":
main() Video:
Knowledge Check
What is the primary purpose of using the DNA Center SDK in automation with Catalyst Center?
- ATo quickly establish a connection and perform operations like getting lists of devices and applications.
- BTo manually configure network devices without automation.
- CTo replace the need for any documentation or reference materials.
- DTo exclusively manage security settings on network devices.
- ETo develop custom hardware for network infrastructure.
Verify your team's readiness — Request a Demo to verify practice assessments, completion reporting, and CSV / SCORM exports on the Team plan.
CHALLENGE
Obtain a list of clients or devices connected to the Cisco DevNet Sandbox Catalyst Center.
Note: This is very, very tricky and challenging to do. Do not get frustrated if you do not succeed.
Hint 1: Explore this buried, hidden script.
Hint 2: Look up what "epoch time aka Unix time" is, but know that you don't actually need to use it.
Knowledge Check
Were you able to get a list of clients from that trick challenge?
This interactive assessment is available in the full learning experience.
Verify your team's readiness — Request a Demo to verify practice assessments, completion reporting, and CSV / SCORM exports on the Team plan.
View Transcript
Introducing Catalyst Center APIs
0:00Welcome to the content on working with Cisco Catalyst Center APIs.
0:05This is really something that used to be called Cisco DNA Center.
0:09They've just rebranded it and re-marketed it as Cisco Catalyst Center.
0:12Now, this is all about how we manage a large campus or a large enterprise.
0:20I really like to think of this as a university campus where it's large
0:24geographically.
0:25It's got lots of buildings.
0:26It could be two or three or four miles wide and 10 miles long covered with
0:32buildings and
0:33people and there's people roaming and moving all over the place.
0:38This is a big task for a network engineer.
0:42How do we actually manage this enterprise environment?
0:44Well, that's what Cisco Catalyst Center does.
0:47It actually brings a very unique technology stack to the table.
0:51We are going to spend some time just understanding Cisco Catalyst Center.
0:55Again, because this is a Cisco DevNet associate level exam,
0:59there's a very good chance that most of you have never talked with or
1:03interacted with a Cisco Catalyst Center appliance.
1:06Now, this is an incredibly advanced topic.
1:09This is a huge tool to undertake.
1:12What we're really focused in on is what the exam wants us to focus in on.
1:17Just understanding what the capabilities of this API are.
1:21Now, very importantly, Cisco Catalyst Center brings to the table a wonderful
1:28SDK.
1:28So what we're going to focus in on ultimately is how we can leverage the SDK
1:33to work with Catalyst Center.
1:35We're also going to be using the Cisco DevNet sandbox to interact with
1:40the Catalyst Center box and have an API that we can actually interact with.
1:44So without further ado, let's spend some time understanding what it is that
1:48Catalyst Center really does and where does the API fit in?
1:53Then that will highlight how we can actually work with that API and
1:57understanding what those capabilities are.
Understand What Catalyst Center Does
0:00So what I want you to do is I want you to see a Cisco Catalyst Center, formerly
0:05known as Cisco DNA Center before
0:07we jump into this. My first really big experience working with DNA Center came
0:13when I was studying for my CCIE exam.
0:16And that is actually on the CCIE exam is how to actually build a campus, design
0:22,
0:22implement, provision, a campus with policies on the exam. That's part of the
0:28lab exam.
0:29So you have to know how to do it. But they don't make you, Cisco doesn't make
0:33you know how to do it
0:35until you get to the CCIE. So the concepts of working with Catalyst Center are
0:41very abstract.
0:42So I want you to see it. I think that's where I feel very strong about seeing
0:47it.
0:48Now why the rebrand from Cisco DNA Center to Cisco Catalyst Center?
0:52Look, I wasn't in the room when they chose to do that.
0:55But my hunch is, is that it wasn't very clear the name DNA Center wasn't very
1:00clear when that it was for enterprises.
1:04Cisco DNA Center, aka now Catalyst Center, relies heavily on the Catalyst 9000
1:11series of devices.
1:12Similar to how ACI relies on the Nexus 9000 series and it's a controller that
1:18controls your fleet of infrastructure in a data center.
1:21We're now talking about the Catalyst series and on the enterprise side of
1:26things.
1:27So very similar, but how the enterprise is actually used, what actually goes on
1:33, the types of traffic in an enterprise,
1:36there's no comparison to a data center at this point.
1:39So what a campus needs is very different from say what a data center needs and
1:45the Catalyst 9000 series solves that problem.
1:48So right here, I've got the always on Catalyst Center box up. You see, here's
1:53the go to link.
1:54It is a web based GUI, just like most software defined networking controllers
1:59are now.
2:00And here's the credentials. So when I log into this, we're going to accept the
2:05self signed certificate.
2:06And then we're going to get prompted with the DNA Center credentials here.
2:12I'm going to come back here. I'm going to grab the username is DevNet user and
2:15the password is Cisco 123 X.
2:18So what I'm going to do here is I'm going to type DevNet user paste in the
2:24password and hit log in.
2:26And from here, I'll be able to better explain what the DNA center, AKA Catalyst
2:33Center is really all about.
2:35So we're logged into Cisco DNA Center. And what I want to do is I want to talk
2:40about what this thing actually is supposed to do and what it brings to the
2:44table that's so incredible and unique.
2:46With a large global enterprise or even a large campus, let's say this is your
2:52geographic area that your campus exists in.
2:56This could be a college campus. And you've got a building here. Maybe you've
3:01got a building here, a building here, a building here.
3:06Maybe you've got a restaurant right here, you know, and maybe a little amphithe
3:11ater right here.
3:12You've got something over here. I don't know. And let's say you, you work on
3:17this campus, you work right here.
3:19So your desk is here, you sit down, you've got a laptop and you sit there.
3:24And let's say you are in the accounting department.
3:28And this is really great because as an accounting professional, you know, there
3:33's going to be some applications that you log into.
3:35There's probably going to be a file share that you need access to.
3:39There's basically just all of the things that you would use to collaborate with
3:43for your department and your cost center, your silo.
3:46All of these things are going to be specific to you in your box. You're going
3:50to have policies.
3:51Maybe those are, you know, group policies from Windows Active Directory.
3:56And maybe, you know, you plug in and you're going to be attached to a certain V
4:01LAN, like VLAN 23 to make up something.
4:05Now, here's the kicker. What happens when you need to go visit someone in this
4:10building and work on something and show them something that you have access to
4:15in the accounting?
4:17And then later, you've got to go over here. And then you've got to go over here
4:22. And then you've got to come back here.
4:25Do you see where the problem lies in? The way the current infrastructure works,
4:30the way current, you know, environments work,
4:34is you're usually siloed to your physical location.
4:39Your physical location determines what VLAN you can attach to.
4:43And therefore, what policies or accesses you can get.
4:47And when you move away from that physical location to somewhere else, you lose
4:53that.
4:53This is the problem that DNA center, aka catalyst center, solves.
4:59What they've created is now for groups of employees or people or guests,
5:07basically any users on your campus,
5:09we can attach policies to their computer, to their MAC address.
5:16And as they roam throughout the campus, that MAC address obviously goes with
5:25them.
5:25And so do things like their VLAN configurations. And therefore, all of the
5:30connectivity that they have.
5:32So if I had a file share, let's say this is my data center right here.
5:39And out here is how we get, you know, to the internet, that's where our WAN
5:43connectivity is.
5:44Let's say this machine, me right here, I'm the machine or my laptop is the
5:49machine,
5:50needs access to a file share that's in the data center. If I go down here to
5:55visit my friend and
5:56need to show them that file, my connectivity can still reach that data center.
6:03Because it's not about my physical location anymore.
6:06It's about my identity and the policies that grant me access wherever I go.
6:19Now still, how does this seem possible? Because how would a VLAN possibly
6:24follow me wherever I go?
6:25Well, it uses a fabric, much like how Nexus and ACI use the fabric.
6:32We are, again, typically having ISIS as our underlay. And we've got VXLAN as
6:41our overlay.
6:42But the difference is in the data center, we discovered where applications were
6:47using BGP.
6:49Using BGP. We're not using BGP, which is really EVPN,
6:54like we were in the data center in DNA center. Instead, we use something called
7:01LISP, location,
7:03identity separation protocol. So the idea is your identity and your location
7:10can be separated.
7:13And wherever you go, your identities and your current location can be updated.
7:18And therefore, we can say, okay, when you want to tunnel layer two packets to
7:24this device,
7:25this is their new location. So make sure you give them their connectivity and
7:30it follows
7:31their identity. This is wildly complex. And I don't fully think that, you know,
7:40as you're going through your beginners, DevNet Associate Journey, I don't think
7:43you need to
7:44memorize this. Okay. I'm just giving you context as to what DNA center can do
7:51or what catalyst
7:51center can do and what its purpose is. Its purpose is to allow people to freely
7:58move throughout a
7:59campus and still maintain their same connectivity that they have at their desk.
8:05Now take it a step
8:06further. Your campus can be global. Let's say this was all happening in San
8:14Francisco.
8:15What happens when I fly to London and work on our campus in London? Well, if
8:23that London site
8:24is, you know, basically adopted to our catalyst center controller, then the
8:31policies go with me.
8:34And I still maintain the same connectivity. That's a really powerful thing to
8:40understand.
8:40So in the next video, we're going to break down very basically what the
8:46components of catalyst
8:47center are that we can, that way we can understand how this campus and this
8:53connectivity and all
8:55All this stuff comes to be.
8:57[ Silence ]
The 5 Applications of Catalyst Center
0:00So the idea of implementing such a complex fabric across a very large ecosystem
0:07, a very large enterprise, a very large, potentially global campus sounds
0:12daunting.
0:14And I'm not going to lie to you. It's not simple.
0:17But Cisco DNA Center, aka catalyst center, I'm never going to get that right is
0:22definitely one of the ways that makes it a lot easier.
0:26And they break it down into really four stages that they call applications.
0:32Each one is considered a separate application.
0:35But in my opinion, they're just stages or guidelines or a workflow.
0:39If I hit the hamburger menu in the top right, this is actually the four
0:43applications. We have design, which is where we identify.
0:48Hang on, let me change my color. So this one's going to be a little bit easier
0:50to see.
0:51I'll do something kind of in the middle.
0:53Yeah, there we go.
0:55This is where we design our global layout.
1:00And I mean quite literally we put in a building name and address.
1:11And it generates a actual map using, I think, Bing Maps or Google Maps. I can't
1:15remember which one it is.
1:17But it shows you basically what your global layout is going to be. You can go
1:21ahead, click on this. You're not going to hurt anything.
1:23If you do something like network hierarchy, you might be able to see kind of,
1:29well, you just got the global site right here.
1:31They haven't actually added any subsights to it, if you will.
1:35But this is where you would see, obviously, a global map right here.
1:39And if we had sites or subsights here in this, you know, public DNA center box,
1:45you would see them right here.
1:47So the design is really just talking about what sites we have and maybe
1:53identifying, you know, hey, this is how they're going to talk together.
1:57This is step number one is just understanding what your buildings are and where
2:03they go.
2:04Step number two is when we start to map out policies.
2:08Now, policies are kind of interesting, especially right here, where we see
2:13group-based access controls versus IP and URLs-based access controls.
2:20This is identity, quite literally setting up usernames and passwords, as well
2:30as groups that those users belong to.
2:35Then you identify the applications that they're allowed to reach, all in these
2:42policy sections.
2:45If that doesn't work for you, if that doesn't work by identifying usernames or
2:48passwords, maybe because you have an application that is really more like a
2:53service application, definitely something like an AI agent,
2:59then you would just identify what it is based on its IP address. It'll have a
3:03static IP address. It'll always be there to serve, you know, whatever it is
3:08that it's supposed to serve.
3:10So we've got our places, we've got our people and our applications identified.
3:18What comes next are the network devices that stitch it all together.
3:22The network devices will quite literally be given all of the fabric as well as
3:27configured with the policies, like understanding what MAC address is allowed to
3:32talk to water, whatever.
3:34All of that happens in provisioning.
3:37So when I go to provision, we really begin with inventory discovery, that's
3:46supposed to be a C discovery, automating the discovery of these devices and
3:53onboarding these devices, as well as understanding the software to find access
4:00layer.
4:01That's what are the devices that belong to this fabric, and how are they
4:06allowed to transit from one campus to the next.
4:10That happens in the provisioning stage. So, if you're thinking about it, think
4:16about it as step one is geography.
4:19Where is my campus? Two.
4:22Who is allowed to access it? Three.
4:26The devices and network infrastructure.
4:32Very important to understand wireless.
4:36Definitely the biggest part of a college campus absolutely comes under this
4:40territory.
4:42The provisioning of wireless infrastructure.
4:45I mean, that's really the whole point of the roaming, isn't it?
4:48You know, all of our devices these days are mobile phones, tablets, laptops.
4:53I mean, desktop machines are becoming increasingly uncommon.
4:57Something like 75% of all network traffic in the world happens over wireless.
5:03So, all of this is not just catalyst 9000 switches making it happen. You got to
5:08plug into an access port.
5:09No, like, this is where wireless comes into play.
5:13And the mobility comes into play.
5:16And this is when it comes to life.
5:18Now, once it's brought to life, the fourth application, DNA center assurance,
5:24this is where the network team actually monitors the going on in the
5:29environment.
5:30So, if you want, go ahead and click on assurance and go to something like
5:34health.
5:35And you can see things like, here's my access layer where I've got four healthy
5:39access switches.
5:41The distribution layer, the core layer, the routers themselves, which would
5:45probably sit on the edge.
5:47We've also got our wireless controller, our access points.
5:51We would identify AAA and authentication servers, DNS servers, and DHCP servers
5:57.
5:58Now, how all of these things work together, we're going to talk about that in
6:02the next video.
6:03Because that sets up a very big new concept about APIs that we haven't talked
6:08about yet.
6:10Okay, we're going to talk about how all of these pieces come together and
6:14communicate to each other.
6:16But for right now, just understand that.
6:18We can identify issues that could be going on with our DNA center.
6:22We see what device this is happening on, where it's happening, how many times
6:26it's happened.
6:27And that's pretty interesting stuff.
6:29We can take a look at the network tab and see the network devices.
6:32You can take a look at the client tab.
6:34This would be understanding the people who are connecting in the network
6:38services, which would be AAA DHCP and DNS.
6:41And the applications that they would have access to, all happens on the
6:46assurance dashboards.
6:49So it's a big thing to have people, places, network devices, applications,
6:57wireless.
6:58All of these pieces are coming together in the Cisco DNA center, aka catalyst
7:02center, which I'm never going to get right.
7:04But there it is.
7:05It'll always be DNA center to me.
7:07Okay.
7:08Now, I did say there was a fifth tool, and this is the one that for the DevNet
7:11associate exam, you want to focus in on the most.
7:14And that is the platform.
7:16The platform is the API brains of the system.
7:22And the cool thing about the platform is it's not just, you know, you writing a
7:26script to ping the API and getting a result back.
7:30Note the API or platform goes in four different directions.
7:36And in the next video, we're going to talk about what it means for an API to
7:41have directionality.
7:44Thank you.
Understand the Platform Application
0:00So let's now take a brief moment to understand how the APIs work and how Cisco
0:05catalyst center
0:07Gets its communication straight because there's a lot of pieces that actually
0:12make catalyst center work
0:14What I'm gonna do is I'm gonna click on the hamburger menu
0:17And I'm gonna click on platform and here you've got all sorts of things you got
0:21overview
0:22Manage developer toolkit, which is where you want to live and then the runtime
0:27dashboard look
0:28I'm gonna go to overview and there's really not much here
0:31It kind of just gives you a link to the other four pieces really
0:35But I want you to use this white space or at least I'm gonna use this white
0:39space to understand this diagram that I drew last time
0:41at the center of it all is
0:44the catalyst
0:47center
0:48platform
0:50That is the application that we're working with and this is specifically APIs
0:55So if I draw a circle around it, you can almost think about this like a compass
1:00to the north is
1:03Us
1:06Smile here's our laptop
1:08Any client machine that's going to interact with client or catalyst center
1:15Basically from the front end or via an API. This is known as the northbound API
1:24And down to the south you have the infrastructure. So these are switches
1:29these are
1:31routers
1:32These are wireless APs and more
1:36So you can kind of see how it can go from north
1:40to south
1:42Almost every API that we've interacted with so far is a north south
1:49API when we were interacting with ACI which ultimately interacts with Nexus
1:53switches. That was a north south API
1:56Responses coming back to us are northbound
1:59Requests or responses going towards the network devices are southbound
2:05So we break these this flow of communication apart. We break the APIs apart
2:11You have a northbound API and you have a southbound API
2:15now we also have an east west API and
2:19There are a lot of opinions about what the directionality of these arrows looks
2:24like
2:25to the east you can kind of think about this as
2:29outgoing
2:32information
2:34Whenever something happens in catalyst center and it needs to tell external
2:39applications
2:41About what just happened that's known as the eastbound API
2:47So what you often have here is something called
2:50web hooks
2:52Now, what is a web hook?
2:54basically any event
2:57That happens in catalyst center or something like that. Let's say an issue
3:02Happens a network device goes down an issue gets created in the catalyst center
3:08platform
3:09What we want to do is we want that event the creation of an issue or a ticket
3:15in catalyst center
3:16We want that event to be pushed out to some other application
3:22Maybe this is a very commonly known one like pager duty
3:27The network just went down wake up the engineers because it's 130 a.m
3:32This is known as a web hook whenever an event triggers
3:39an API call to another application. That's a web hook
3:44This event uses this API payload and pings that application. That's a web hook
3:51so eastbound
3:54Application or eastbound API's are usually web hooks
3:59But it's really informing any external application or integrating any external
4:05application
4:06to stuff that's going on in catalyst center
4:09the westbound API are
4:12Applications that catalyst center relies on
4:18this would be
4:21AAA
4:22like
4:24Cisco
4:25ice
4:27this would be
4:29DHCP an
4:32IPAM server this would be DNS servers
4:36The catalyst center
4:39While it can do a lot of the work for us
4:42When we're setting up network devices when we're telling it okay, this person
4:47belongs in VLAN 10
4:49Where does the DHCP lease come from when that person roams from one spot to the
4:53next?
4:53Catalyst Center isn't really built to handle running DHCP services
4:59Nor is it really built to handle the AAA and the authentication and
5:02authorization?
5:04It relies on external applications to make that part work
5:09So what I would actually do this is my argument
5:13Let me actually clear the screen like this what I would actually do is I would
5:17draw the arrow like this
5:19Even though there is two-way communication in all of these directions
5:24I would say the eastbound application feeds data into catalyst center that it
5:30needs
5:30Though or did I say east? I meant the west the west
5:35bound API actually feeds data into catalyst center that it actually needs
5:41the eastbound API feeds data out of catalyst center to our other applications
5:49The northbound API talks to us and the southbound API talks to the network
5:55devices
5:56So it's really important to understand the catalyst center is a full spectrum
6:03API
6:05It's a little bit different from our other device resources that we've worked
6:09with in the past that we're basically just north south
6:11now we have to have east west as well and
6:16This is a really important factor for you to understand especially for your
6:20exam environment
6:21Now beyond that the platform gives us the ability to explore the API
6:26So from here go into platform and then go to developer toolkit and you get this
6:32really really cool
6:33browser experience for understanding what all the rest API requests are and
6:40What that workflow is you can even test the requests right here on the left
6:45hand side?
6:45You have the categories of the things that you want to work with
6:49Know your network is probably going to be the big one especially for your exam
6:53environment
6:54You may be asked to what is a script that gets a list of devices look like or
6:59gets a list of clients look like or gets a list of
7:02applications look like
7:04This is the area that you really want to focus in on
7:08For your exam environment know your network, but none of that works without
7:12authentication right here at the top
7:15So right here you can see you will send a post request to
7:20this endpoint auth.token and it even tells you this token remains valid for one
7:27hour
7:27The token obtained using this API is required to be set as the value x auth
7:33token
7:33Well, I'll be that's really familiar, isn't it?
7:37Yeah, exactly. It's the exact same workflow as in X API rest
7:42It's the exact same workflow as the ACI
7:46API that we worked with when we were interacting with the APIC machines now you
7:51can click on the try button right here and
7:53It will bring up this kind of interesting pattern for you to test it out
7:58The authorization isn't super clear because we are using basic authentication
8:03with a username and password
8:05So this authorization is really saying if you're gonna post it into us
8:09You need a base was a base 64 encoded we can hover over this and see
8:14The little eye right there. Maybe it's not gonna let me over there
8:17Well, I had it for one second if I just leave them out alone there it is it is
8:21looking for
8:22Okay, I can't move my mouse. This is really killing me right here base 64
8:26encoded strings like right in the middle of that text
8:29Don't worry about the base 64 encoded string. Okay, we're gonna show you way
8:34easier ways
8:35to authenticate and handle this starting with Python with Postman
8:39But of course the big thing to know is DNA Center comes with an
8:44SDK so if you're gonna write Python code to interact with this
8:49That's definitely gonna be the way to do it
8:52Just use their SDK to log in manage the session and then perform subsequent
8:57requests
8:58Now in the next video
8:59We will fire up Postman and take a look at what is it like to actually explore
9:04this API?
9:04Bye.
9:05[ Pause ]
Exploring with Postman, Python (and Cursor)
0:00So I've got an idea.
0:01In my head, I'm thinking it would be really cool
0:04to actually demonstrate how I would go about learning
0:08an API for the first time.
0:11Ultimately, what I'm thinking I would like to do
0:13is something along the lines of using cursor
0:17to write a script for me that can authenticate
0:21to the Catalyst Center platform
0:24and then get a list of devices.
0:27Just do something as simple as that.
0:30So if I'm doing this from scratch,
0:31I know the first thing I need to do is authenticate.
0:34So what I'm gonna do is I'm gonna explore this API
0:38with Postman first.
0:40So what I think I should do is I should look at this right here
0:43and attempt to perform this authentication process.
0:47So I'll bring up Postman, I've got a collection right here.
0:49I'm gonna add a request and I'm gonna make this a Post request
0:53because it tells me right there
0:55that that is a Post request.
0:57So I've got my request, it's a Post request.
1:00I'm gonna rename this to be login or something like this.
1:03And what I have to do now is build the URL.
1:06So this is what the URL is gonna look like.
1:08We're gonna grab this URL, sandboxdnac.cisco.com
1:13and put it right here like this.
1:17Then we're gonna do this, we're gonna do forward slash.
1:19And then what we're gonna do is we're gonna put DNA system,
1:24API V1.
1:27Now, how did I know this was gonna be that?
1:30Well, I just kind of did
1:32because I remember studying the heck out of this thing.
1:35So the DNA API endpoints,
1:37you've got your fully qualified domain name,
1:40then you're gonna have DNA something API V1.
1:45In the login case, we're logging into the system.
1:51But usually when we interact with the platform,
1:54the holder there is actually intent.
1:59When we think about this, we're saying,
2:00"Hey, we want these policies to work together
2:04with these network devices
2:05because it is our intention that groups,
2:09that the people in this group
2:11should have these levels of access."
2:13So they call it the intent based API.
2:16And that's what we're looking at here.
2:18So we're logging into the system,
2:21but when we actually interact with platform,
2:23we're working with the intent based API.
2:26So that's gonna scaffold that part of my URL.
2:30But now what I have to do is I have to come back
2:33to Cisco DNA Center and look at the final endpoint,
2:36auth/token.
2:38So jumping back to Postman,
2:40I'll put auth/token and I'll save my URL here.
2:45Authorization, we can use basic authentication right here.
2:49And I'm gonna go ahead and put the username, DevNetUser,
2:53and the password, which was Cisco 123 exclamation mark.
2:58Now at this point, I could post this in
3:02and just see if it works,
3:03that would be a great way to explore.
3:05And boom, it does.
3:06Look, immediately I see that all this really contains
3:11is token and then the actual token itself.
3:13Just like we did with ACI, isn't it?
3:17So I can build a script right here.
3:19I can say something like var, JSON data, equals,
3:24and then we gotta get the response
3:26and parse out that token item.
3:28So here we'll say JSON.parse
3:32and grab that response body right there.
3:34Now it is telling me it's deprecated,
3:36but you know what, this works.
3:37I'm gonna say postman.setenvironment variable,
3:43we wanna set an environment variable called token,
3:46equal to JSON data dot token, just like that.
3:51Wait, hold up that token with a capital T,
3:55make sure you get that part right.
3:57So we've got, we're gonna set an environment variable
4:00called token equal to the JSON data dot token response.
4:05So what I do need to make sure is that I actually
4:07have an environment for this to go in.
4:09So I'll create a new environment,
4:11I'll call this DNA 2025.
4:14And I can do things like set a variable called token
4:18equal to blah, and that'll just be its current value,
4:21but we're gonna override it.
4:22So let's do this.
4:24Let's send our post requests in.
4:26We see we got the response back.
4:28If I now look in the environment variable,
4:30we're currently holding that token.
4:32Awesome.
4:33So immediately I understand the authentication workflow,
4:36and I have a workflow that I can work with.
4:39What I'm gonna do to help cursor learn this
4:42is I'm gonna copy this response body
4:45into a new cursor project.
4:48So let me launch into the correct cursor environment,
4:53closing that remote connection.
4:55And we'll go to my network automation section,
4:59I'll create a new folder called DNA,
5:01even though I know it's catalyst center.
5:03I'll create a new file,
5:05and we'll call this token response.json,
5:10and I'm gonna paste in the token payload like this.
5:13That way I can tell cursor,
5:17hey, we're gonna log in using these credentials
5:20to this endpoint, and the payload
5:22is going to look something like the response in this file.
5:25So that's what you can begin scaffolding.
5:28I'll do a new file here and say DNAHTTP.py.
5:34And I can add both of these to the token response right here.
5:39I want to build a script that logs in
5:45to Cisco Catalyst Center
5:50and holds the token response for subsequent requests.
5:55I do not want to use the SDK.
6:03The sample authentication response is provided.
6:08The auth credentials are like so.
6:15So what I'm gonna do now is I'm gonna grab this URL.
6:19You can watch me,
6:20this is the first time I'm doing this in cursor.
6:22So this is all kind of new to me.
6:24You're watching me do what I would do live
6:27if I were being tasked with building this on my own.
6:32So it looks like this URL,
6:33it just wants to use it kind of embedded.
6:35It's not gonna let me unlink that right there.
6:37There we go, great, unlink.
6:39And then username, devnet, user, password,
6:44is Cisco 123 exclamation park.
6:48But that is a lowercase I, make sure we get that right.
6:52So at this point, it should, in the DNAHTTP file,
6:57perform this work.
6:59Let's make sure we explicitly say that.
7:01I want to build a script in DNAHTTP.py
7:06that logs in to Cisco Cattle Center.
7:09It looks good.
7:10Let's send it and see what it comes back with.
7:12So it's gonna scaffold my credentials and log in
7:17and parse the token response format,
7:20which you can see it just read that file right there
7:22to do that, which is pretty cool.
7:23So now it's generating the code in DNAHTTP.py
7:28should only take a second or two.
7:31Okay, I was wondering what was taking it so long
7:34to actually generate this code for me.
7:35And this is absolutely hilarious to me
7:39of how, if I wasn't sure the machines are listening to me,
7:42now I am.
7:43Look, you can see right here,
7:44I haven't typed anything into the composer
7:47aside from our initial message right here,
7:50where I ended with username and password.
7:52All I asked it to do, I said I don't want to use an SDK
7:56and all I wanted it to do was hold my auth credentials.
7:59My intention was to come back and ask it,
8:02okay, now I want to get network devices
8:04so I could explore the network device API in Postman
8:07and see what it does.
8:08But it actually took it a step further for me
8:12and just did it.
8:14And that's what I'm looking at right here,
8:17right there on that line.
8:18So what I'm gonna do is I'm gonna accept this
8:20to get rid of the syntax highlighting
8:22and we're gonna look at what cursor actually did,
8:25which I think is actually really fascinating.
8:28So when I scroll up, it's not using any SDKs,
8:33it's using the request library.
8:36For some reason it imported JSON and base64
8:38but never actually used them.
8:40It imported time, that way we could actually keep track
8:44of the token expiration.
8:46It wanted to suppress the self-signed certificate warning.
8:51So we've got these items right here,
8:53auth being brought in to use basic authentication
8:56and the insecure request warning
8:58that we can disable that warning specified right there.
9:01These are all things that we've seen and done
9:04up now until this point.
9:05Now what's interesting to me is it actually built a class
9:09for handling authentication and then subsequent methods
9:13like getting the list of APIs.
9:15So if we look at the authenticate method
9:19as part of that class, it establishes a base URL,
9:22which we already know DNA system API V1 auth token.
9:27It creates the post request with the basic authentication class,
9:32specifying the username and the password
9:35and self-signed certificate verification,
9:38which in this case, verify is well set to verify.
9:41So that's just what it is.
9:43So we're actually not gonna worry
9:45about the self-signed certificate verification
9:48that's coming up here.
9:49I have a feeling this might actually blow up.
9:51I have a feeling that we actually don't want
9:54to verify the self-signed certificate
9:55and we'll have to come back and fix that.
9:57We've got the token data that comes back from the response.
10:01We then parse that token out right there
10:04and set it as a token on the class object.
10:09So right now the token is none,
10:13but after this line runs right here,
10:16it will set that token equal to be the token object
10:19coming back from that class.
10:21It then starts keeping track of the token expiration time.
10:26That way, ultimately, if we try and do something
10:29and the token is expired,
10:31it will prompt to get a re-expiration.
10:35So look at this class right here,
10:36like, or this method like get headers.
10:39Immediately, it looks at if the token expiration time
10:42is coming, it needs to go and re-authenticate.
10:46This will handle re-authentication workflows for us.
10:49This is actually pretty advanced.
10:51This is something that you would see
10:53on the Dev Core exam,
10:55not necessarily on the DevNet Associate exam,
10:58but it's good that you're seeing it right now
11:01of what a expiring token and re-authentication workflow
11:05looks like.
11:06So if self.token is none,
11:09or the time remaining is still approaching
11:14the token expiration, re-authenticate.
11:17Then it sets up the headers right here,
11:21where we're setting the token header in ex-off token.
11:25So we've got get headers, which can return the headers,
11:28that includes the most up-to-date token.
11:31So when we scroll down here,
11:33we look at how to build a get request.
11:35This is a generic get request against this endpoint.
11:39In particular, the big thing it does
11:42is it uses the get headers method to set the headers.
11:46That's the real big thing that it does here,
11:48and then returns the JSON response.
11:51Same thing with a post request,
11:53if you wanna make changes.
11:54Again, we pass in data right here to this post request,
11:59which then makes its way into the request post request.
12:03It sets the headers, sets the data,
12:06it even sets JSON data,
12:08if we need to convert it to JSON.
12:10So you can pass in data like this as a dictionary
12:14or JSON data as JSON string.
12:17And it can handle either one of these,
12:19which is pretty cool.
12:21Scrolling down some more, same thing with a put request,
12:24a delete request,
12:26we're not really looking at anything here.
12:28What they've made essentially is we have the ability
12:31to pass in a get request, a post request,
12:35a put request, or a delete request
12:39to a given URL, to a given endpoint.
12:43So it's got the base URL set,
12:46we pass in the endpoint that we want it to do,
12:49it gets the headers,
12:50and then executes the request that we want.
12:52So if you look at it,
12:54it does the authentication, prints the token out,
12:58then immediately it can run a DNAC,
13:00that's our class, get request to this endpoint
13:05that you pass in.
13:07So if I'm looking at sending in DNA intent,
13:09API V1 network device to the get method,
13:13if I scroll up to get, it takes that endpoint,
13:17passes it right here to the URL,
13:20which then gets sent to the get request,
13:22which then returns the JSON response.
13:26So scrolling back to the bottom,
13:28it'll be able to hold that response in the devices variable.
13:34If there are devices,
13:36print out how many devices you found.
13:39Then for each device in the list of devices,
13:44print out that device's host name and management IP address.
13:48Pretty cool.
13:49So if I actually run the script, let's see what it does.
13:53Again, I think it's gonna blow up
13:55because of the self-signed certificate, but let's see.
13:57Oh, no, it actually worked, it worked great.
14:00Okay, authentication was successful.
14:02It printed out the full token.
14:04Here are the four network devices that it found,
14:07switch one through switch four, illustrated right there.
14:12Wow, this AI stuff is pretty incredible if you ask me,
14:17the ability to just infer what it was that I was trying to do
14:21or give me a sample.
14:23All I really had to do was get it started
14:26by telling it how to authenticate.
14:28Again, this is the type of thing.
14:30You just saw me do this basically live.
14:33This is the type of thing that would have taken me,
14:36ah, you know, this is a relatively basic request.
14:39It would have taken me 20 minutes, 30 minutes,
14:43maybe an hour longer than this thing just did right here,
14:46but that's time back in my pocket
14:49and time is money at the end of the day.
14:51And that's gonna be time back in your pocket,
14:53time back in your employer's pocket,
14:55and more value that you bring to the table
14:57when you use these kinds of tools.
15:00So interestingly, this has been how we could leverage
15:03something like cursor and quad
15:05to scaffold an authenticated request
15:07and follow it up with a Git request
15:10to get a list of client devices.
15:12So now what we're gonna do is look at how using an SDK
15:15could of course make this easier.
Leverage the SDK
0:00Now comes the really fun part where we are going to leverage the DNA center SDK
0:05.
0:05And that is quite literally what it's called.
0:08To install it, you fire up your terminal and you give it a PIP 3 install.
0:12See, look right here.
0:13DNA center SDK.
0:16Take a look at that.
0:17DNA center SDK.
0:19All one word.
0:20I press enter here and it installs the DNA center SDK.
0:23That is it when it comes to installing the DNA center SDK.
0:28Now it's going to tell you a lot of these things are required or it's going to
0:32fail,
0:32but it actually does successfully install the DNA center SDK and some of the
0:37tooling
0:38that is required in order to use it.
0:40Don't freak out if you see a lot of red text on here.
0:44There's a good chance it's still going to work.
0:47So what I'm now going to do is I'm going to fire up cursor.
0:50And again, you can just let cursor build these things for you.
0:54You really should.
0:56That's what you would do in the real world.
0:58So I'm going to, first of all, clear out all of the work that I've done and
1:03open up a new
1:04composer chat right here.
1:06And I'm going to create a new file and we'll call this DNA SDK dot py.
1:13And I'll say from DNA C SDK.
1:17Hmm.
1:18Wait a minute.
1:20That doesn't seem right.
1:27In fact, my environment sees DNA center SDK.
1:32So how do I know which one's right?
1:34Is my environment right suggesting DNA center SDK or is cursor right suggesting
1:39DNA C underscore
1:41SDK.
1:42It's only one way to find out.
1:44And that's in the documentation itself.
1:46Let's fire up the documentation.
1:47I've gone to DNA center SDK dot read the docs.io.
1:53And from here, I've jumped on a quick start and get your DNA center access
1:58token.
1:59What I'm really looking to do is scroll down here and look at my first lines
2:04from DNA center
2:06SDK, import DNA center API.
2:10So that's what I'm going to do.
2:11I'm going to copy this documentation right here and paste it in.
2:16This is using a DNA center class object, very similar to the one that cursor
2:23cleverly built
2:25for me in the previous skill where we've got we declared our own class called
2:30catalyst
2:31center API and it built its own methods.
2:35The fact of the matter is the SDK already did that for us.
2:38All right, they've already specified all of these things.
2:42So if I really want to, I can tell cursor here specifically use the DNA center
2:49SDK with
2:50the DNA center API class to build out our request.
2:56Use the DNA center SDK library to import DNA center API class object.
3:09Get authenticated to the catalyst center devnet sandbox and get a list of
3:19devices, then print
3:22them to the terminal press center.
3:26So when it comes up, it's going to list all of these things out.
3:29It actually does browse through our directory to find the credentials we used
3:34in our last
3:35skill.
3:36It does things like that to learn about what's going on in our environment like
3:41reading
3:42DNA HTTP dot py.
3:45And then, oh, well, look, it's creating its own file right now.
3:48Get devices dot py.
3:50Interesting.
3:51Okay.
3:52Well, you do you then, I guess I wanted you to use this file.
3:55But if it wants to use its own file, that's fine.
3:59And we'll take a look at what it comes up with.
4:02They want me to run this command right here, but I'd rather look at the code
4:06and see what
4:07it's doing first.
4:08So I'll accept this file to look at what it's doing.
4:10Yes, it is using DNA center SDK and the DNA center API.
4:16It declared variables for the base URL, the username and the password.
4:22When I scroll down here, look at what it does.
4:24It instantiates the class by giving it the username password base URL and
4:31setting self
4:32signed certificate verification of false.
4:35Now this doesn't log you in.
4:36Does it?
4:37Well, hold up.
4:38Actually, it does.
4:40That's one of the more interesting things about the DNA center SDK is that when
4:45you instantiate
4:46this class object, you are logged in.
4:49This stands in direct contrast to ACI, doesn't it?
4:53When I look at ACI, just flipping back to the ACI script for a second, we
4:57instantiated the
4:58session object, but it didn't do anything until we explicitly told it to log in
5:04.
5:05Then from there, we could use our session object to do things.
5:09We would say something like tenant pushed to APIC using this session.
5:14DNA center SDK kind of goes in the opposite direction.
5:19We establish a, this one right here.
5:22We establish a connection to DNA center.
5:26Then we use that object to make changes or query any of the things that are
5:32going on.
5:33So it's interesting if I'm looking at the script that we just made and I'm
5:38looking at
5:38authentication right here from 38 down to really the get header section all the
5:45way down
5:45to 86.
5:46That's what?
5:4850.
5:4948 lines of code right there.
5:54If my math is right, 48 lines of code, just got really summed up into basically
5:59one line.
6:00They just put this on multiple lines because it's pretty, cursor did, but this
6:03could all
6:04go on one line to establish a connection to DNA center.
6:09Then when I want to get a list of devices, that's just one line two.
6:13We can take our established connection held in this API variable, go into the
6:18devices
6:19class and then run the get device list method.
6:23If you want to explore the other things you can do, do API dot and then just
6:28beginning
6:28going down.
6:30Things like clients are here.
6:32We've got devices that are here.
6:35Scroll up a little bit.
6:36Applications are here.
6:38So if I wanted to look at clients, I could do dot, then just type get.
6:43We can do get client details, get enrichment details, overall client health is
6:50a method
6:50that you could run.
6:52Probably a good idea to run that.
6:54And that's the types of things that you can do with an SDK.
6:58And again, the documentation here, that's really going to be your friend.
7:02You can look at the quick start of what types of things that you can do, but
7:06there's a lot
7:07of stuff that you could dig into when it comes to actually using this SDK.
7:12The documentation definitely going to be your friend.
7:16So when I want to look at this, it gets the list of devices.
7:20It prints how many devices that it found.
7:23And then it prints things like device name type, management IP, platform,
7:27serial number,
7:28software version, uptime status.
7:30And then of course, just some closing lines to make it look pretty.
7:33So if I want to run this, let's go ahead and just do start debugging.
7:37Python, look at the code down here, connecting successfully connected.
7:41Look at those devices right there.
7:44Just as simple as that.
7:47This is understanding the DNA center, aka catalyst center platforms and
7:53capabilities,
7:54the things that it really can do and bring to the table.
7:58And now it exposes a northbound API to us where we can actually use an SDK to
8:06very quickly
8:07establish a connection and then perform all sorts of important operations,
8:13getting lists
8:13of devices, getting lists of applications, getting lists of clients.
8:17Those are definitely the things that you will want to know about going into the
8:22DevNet
8:22associate exam.
8:23I hope this has been informative for you and I'd like to thank you for viewing.
CHALLENGE
0:00So I'm gonna be honest with you this one is a border line unfair one
0:05But it's not a question that I came up with it's actually from the exam
0:10blueprint
0:10It's I'm laughing because you'll see why if you haven't already seen why in
0:143.9.c the challenges obtain a list of clients
0:21Seen on a network
0:23Using Cisco DNA center that that you are here and that's what you're supposed
0:28to do
0:28So you're like great. There's a few different ways that I could know how to do
0:32that
0:32The first thing I'm gonna do this is where my head goes is I'm gonna explore
0:36The actual API
0:39Documentation on the platform and I know right here under know your network.
0:44There is a client section
0:45So I go to the client section and I only see
0:49Four methods here that I could actually call to get this and none of them are
0:55get a list of clients
0:56There's get a list of client health and that would tell me like how all of my
1:01wireless clients are doing and then how all of my
1:04Wired clients are doing there's client
1:06Proximity which is really only for wireless users. It's not the full list
1:11There's enrichment details, which is if I know someone's user ID or MAC address
1:17I could get more details about them and their policies or if I just know their
1:21MAC address
1:22I could do get client detail but nowhere in this API doesn't say anything about
1:28getting the list of clients
1:30So immediately my head goes to okay. I wonder if it's buried in the SDK
1:35somewhere
1:36so I jumped back to my SDK and
1:39If I'm looking here, I can just go tab over API
1:43Dot clients dot and then I'm gonna do get
1:47No, it's the exact same API endpoints that it said before overall client health
1:53Client details and client enrichment details, but none of these are actually
1:58get a list of clients
2:00So where does one go to get a list of clients?
2:04Well the unfair part about this is there is an API endpoint that can actually
2:09give you the list of clients
2:11It is just not documented or published
2:15anywhere from a Cisco official documentation
2:18You would have to Google this and go down rabbit holes like I did to find how
2:24to actually do this and where you'll actually end up is
2:27on github.com
2:30slash Cisco devnet
2:32slash dna c
2:35hyphen assurance and in there there is a script called all clients dot py and
2:42From there you can actually see the function that they define called git hosts
2:47Where you can say raw wired or wireless or basically all of them if you want
2:53raw?
2:53And you can see the URL that it targets ah
2:56This isn't an intent-based configuration at all. This comes from the assurance
3:02platform
3:02So if we wanted to get the list of clients
3:06We would have to go to assurance to get it and hilariously. That's not
3:10documented anywhere beyond that notice that it requires a payload
3:14And that payload requires a start time and an end time
3:18So this way we're saying give me a list of clients that existed on a network
3:24Between this time, but even more you can see even trickier than that
3:28This happens using
3:31epoch
3:33Time what is epoch time?
3:35Sometimes also known as Unix time
3:38This is basically
3:40counting the number of seconds or milliseconds
3:44Starting from I for honestly I forget the exact date
3:48I want to say it's like something like either 1980 or
3:511900 or something like that. There's a specific date and time that it begins
3:55counting from and it counts one second all the way to the present
4:00So if you counted one second starting at this date from 40 or 50 or 100 years
4:05ago
4:06What to the exact moment that we're in right now just looks like a gigantic
4:11number and that's how we denote
4:14What the start time and the end time is for this now the interesting thing
4:20about this is you don't actually have to give it
4:22Specific times you just have to provide a payload with it
4:27So ultimately if I want to test this if I want to explore this
4:31I'm going to start with postman and if I jump over to postman. I'm going to log
4:35in
4:35Now I've got a token set in my environment, right?
4:39And then I can build my request to get this information now notice the next
4:44thing
4:44Right here on this line. This is a post request to this URL
4:50with this data payload
4:53So if I'm building my request, I'm building a post request
4:57To the URL that's API assurance v1 host
5:02I'm specifying my exoth token header and
5:06My body
5:09includes this start time and in time, but I'm leaving it blank
5:13So it just returns to me whatever data it finds when I send this in
5:18Boom, let me go full screen here if I can go full screen if it'll let me go
5:22full screen
5:22Look at let me drag this up
5:24You can see now
5:27the responses for all of our health objects we see
5:31Mac addresses
5:34IPV6 addresses
5:36Connected devices what devices are connected in it? What's their ID?
5:40What's the name of this device that switch for and so on so you can see there's
5:45a device connected to switch for right now
5:48So ultimately if you needed to get a list of devices
5:52From Cisco DNA Center. There is not a clean and easy way to do it
5:57It's not baked into the platform API or the intent API at all
6:02It's not documented at all, but it does exist
6:05It just comes from the assurance API and with a lot of Googling and digging you
6:11too can find these answers out there
6:13If you didn't don't worry don't feel frustrated
6:16Don't feel defeated. This is definitely
6:19This is definitely a tricky one. All right. This is definitely a doozy. So that
6:24's the end of our challenge today
Team training path
Turn this skill into assignable team training
This free skill is a preview of the courses your team can assign, track, and report on with CBT Nuggets.
$749
seat / year