Security

I'm sharing this script with the permission of my employer under the GLWTPL:  https://github.com/me-shaon/GLWTPL/blob/master/LICENSE

The problem that this script addresses is when you have a bunch of devices showing up on campus, and you need to get them into ClearPass with specific attributes. It accepts 2 parameters, the first being a path to a CSV, and the second being the value of the attribute that you want to add. 

For the CSV, the first column needs to contain the MAC address, and the second column, if present, will be added as the description field.

In this script, we add the attribute "Device Type" which in our environment is used to dynamically assign VLANs.  You can easily change the attribute name by modifying line #38 EndpointTags.set("tagName", "Device Type").  Just set "Device Type" to be the name of the attribute you want.

The script will create the XML output file in whatever your current working directory is.  It just takes the name of the input file and appends -CPImport.xml.

It may be that this is not the best method to solve this problem, but it's what we've been using, and I'm posting here in the hopes that it may help someone.  Be aware that there is no error checking.

Our first use case for this was to convert static host lists to endpoints, hence the name SHLConv.py.  It could be useful for those situations where you've got 100 printers/APs/whatevers showing up to campus, you have the MAC addresses ahead of time, and they all need to have a specific attribute.

Hope this is useful.  Feedback (preferably constructive) is welcome.

#  This script accepts a list of MAC addresses
#  and generates a file for import into ClearPass as Endpoints.
#  Import files need to be CSVs.  If a second column is detected,
#  The script will use its contents as the endpoint description.
#  It accepts 2 parameters - the name of the source CSV, and the
#  device type to be assigned to the endpoint

import csv
import xml.etree.ElementTree as ET
import sys

if len(sys.argv) != 3:
    print("Usage:  SHLConv.py <Path to CSV> <DeviceType>")
    exit()

infile=str(sys.argv[1])
devtype=str(sys.argv[2])


#  Initialize XML

root = ET.Element("TipsContents", xmlns = "http://www.avendasys.com/tipsapiDefs/1.0")
TipsHeader = ET.SubElement(root, "TipsHeader")
Endpoints = ET.SubElement(root, "Endpoints")

#EndpointTags = ET.SubElement(Endpoint, "EndpointTags")
#  Read our source file into a variable named 'f', in read only mode.
with open(infile) as f:
    hostreader = csv.reader(f)
    for row in hostreader:
        #  Grab mac out of the row and put it into a variable
        mac = row[0]
        # Stuff it into XML for CPPM
        Endpoint = ET.SubElement(Endpoints, "Endpoint")
        Endpoint.set ("macAddress", mac)
        Endpoint.set ("status", "Known")
        EndpointTags = ET.SubElement(Endpoint, "EndpointTags")
        EndpointTags.set("tagName", "Device Type")
        EndpointTags.set("tagValue", devtype)
        #  Check to see if we have a second column for description
        if len(row) == 2:
            description = row[1]
            Endpoint.set("description", description)
#  Write out results for ClearPass
tree = ET.ElementTree(root)
tree.write(infile + "-CPImport.xml")

Just curious, why are you using the legacy API instead of the REST API? Also, Device Registration should be used instead of SHLs or direct endpoint manipulation.

Huh.  Looks like it would have been easier to search harder and use this method:

https://community.arubanetworks.com/t5/Security/Import-Devices-to-Clearpass-Guest-Device-Repository/td-p/273423

Oh well, live and learn.

Since importing is still a thing in 6.9, and I had to do a custom mac import, I based my script on this version here. Our special adaptions are likely useless for everybody else, but what I learned is that  stripping macs while importing can be very important.
This version should do the same as the original:

#  This script accepts a list of MAC addresses
#  and generates a file for import into ClearPass as Endpoints.
#  Import files need to be CSVs.  If a second column is detected,
#  The script will use its contents as the endpoint description.
#  It accepts 2 parameters - the name of the source CSV, and the
#  device type to be assigned to the endpoint

import csv
import xml.etree.ElementTree as ET
import sys

if len(sys.argv) != 3:
    print("Usage:  SHLConv.py <Path to CSV> <DeviceType>")
    exit()

infile=str(sys.argv[1])
devtype=str(sys.argv[2])

#  Edit here if you want to use a custom var name
varname="Device Type"


#  Initialize XML

root = ET.Element("TipsContents", xmlns = "http://www.avendasys.com/tipsapiDefs/1.0")
TipsHeader = ET.SubElement(root, "TipsHeader")
Endpoints = ET.SubElement(root, "Endpoints")

#EndpointTags = ET.SubElement(Endpoint, "EndpointTags")
#  Read our source file into a variable named 'f', in read only mode.
with open(infile) as f:
    hostreader = csv.reader(f)
    for row in hostreader:
        #  Grab mac out of the row and put it into a variable
        mac = row[0]
        # Stuff it into XML for CPPM
        Endpoint = ET.SubElement(Endpoints, "Endpoint")
        Endpoint.set ("macAddress", mac.strip())
        Endpoint.set ("status", "Known")
        EndpointTags = ET.SubElement(Endpoint, "EndpointTags")
        EndpointTags.set("tagName", varname)
        EndpointTags.set("tagValue", devtype)
        #  Check to see if we have a second column for description
        if len(row) == 2:
            description = row[1]
            Endpoint.set("description", description.strip())
#  Write out results for ClearPass
tree = ET.ElementTree(root)
tree.write(infile + "-CPImport.xml")

You can also use PowerShell and PowerArubaCP