ISE ERS API Patterns
ISE ERS API patterns from production 802.1X deployments. Every entry has a date and context.
2026-04-02: Register Endpoint for iPSK via ERS
Problem: New machine needs MAC address registered in ISE for iPSK WiFi access before certificates are available.
Context: P16g deployment, bootstrapping network access. WiFi requires iPSK authentication — ISE policy checks the device MAC against the iPSK Manager via secure ODBC. The MAC must be registered in the DOMUS-IoT group BEFORE WiFi will work.
The Fix:
# Register endpoint MAC via netapi
netapi ise endpoint create --mac "XX:XX:XX:XX:XX:XX" --group "DOMUS-IoT"# Or via curl to ERS directly
curl -k -X POST \
-u "$ISE_API_USER:$ISE_API_PASS" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
https://ise-01.inside.domusdigitalis.dev:9060/ers/config/endpoint \
-d '{"ERSEndPoint": {"mac": "XX:XX:XX:XX:XX:XX", "groupId": "...", "staticGroupAssignment": true}}'# Verify registration via DataConnect
netapi ise dc endpoint E0:D5:5D:6C:E1:66
netapi ise dc auth-history E0:D5:5D:6C:E1:66 --hours 1Rule: iPSK registration = create endpoint with MAC + assign to identity group via ERS. Verify with netapi ise dc endpoint or DataConnect query. iPSK uses MAB — ISE matches MAC against the iPSK Manager ODBC source.
Worklog: WRKLOG-2026-04-02
2026-03-22: ERS Pagination (page + size parameters)
Problem: ERS GET requests return max 20 results by default. Missing endpoints in large deployments.
Context: ISE endpoint audit, CHLA environment with thousands of endpoints
The Fix:
# Default returns only first 20
curl -k -u "$ISE_API_USER:$ISE_API_PASS" \
-H "Accept: application/json" \
https://ise-01.inside.domusdigitalis.dev:9060/ers/config/endpoint
# Paginate with page and size
curl -k -u "$ISE_API_USER:$ISE_API_PASS" \
-H "Accept: application/json" \
"https://ise-01.inside.domusdigitalis.dev:9060/ers/config/endpoint?page=1&size=100"
# Response includes total count:
# "SearchResult": {"total": 1847, "resources": [...]}Rule: ERS defaults to 20 results per page. Always set ?size=100 (max). Use total from response to know when to stop paginating.
Worklog: WRKLOG-2026-03-22