Quick Reference

CLI Commands

Service Status

# SSH to ISE
ssh admin@ise-01.inside.domusdigitalis.dev

# Check all services
ise-01/admin# show application status ise

# Check specific service
ise-01/admin# show application status ise | include Running

# Restart application
ise-01/admin# application stop ise
ise-01/admin# application start ise

System Information

# Version
ise-01/admin# show version

# Patches
ise-01/admin# show application status ise | include PATCH

# Disk usage
ise-01/admin# show disk all

# Memory
ise-01/admin# show memory

Certificate Management

# List certificates
ise-01/admin# show crypto certificates

# Show certificate details
ise-01/admin# show crypto certificates name <cert-name>

netapi Commands

Session Management

# List active sessions
netapi ise mnt sessions

# Get session by MAC
netapi ise mnt session --mac AA:BB:CC:DD:EE:FF

# Disconnect session
netapi ise mnt disconnect --mac AA:BB:CC:DD:EE:FF

DataConnect Queries

# Recent authentications
netapi ise dc query "SELECT USERNAME, POLICY_SET_NAME, PASSED
  FROM RADIUS_AUTHENTICATIONS
  WHERE TIMESTAMP_TIMEZONE > SYSDATE - 1
  ORDER BY TIMESTAMP_TIMEZONE DESC
  FETCH FIRST 20 ROWS ONLY"

# Failed authentications
netapi ise dc query "SELECT USERNAME, FAILURE_REASON, NAS_IP_ADDRESS
  FROM RADIUS_AUTHENTICATIONS
  WHERE PASSED = 0
  AND TIMESTAMP_TIMEZONE > SYSDATE - 1"

# EAP-TLS authentications
netapi ise dc query "SELECT USERNAME, CALLING_STATION_ID, FRAMED_IP_ADDRESS
  FROM RADIUS_AUTHENTICATIONS
  WHERE AUTHENTICATION_PROTOCOL = 'EAP-TLS'
  AND TIMESTAMP_TIMEZONE > SYSDATE - 1"

ERS API

# List endpoints
netapi ise ers endpoints

# Get endpoint by MAC
netapi ise ers endpoint --mac AA:BB:CC:DD:EE:FF

# List network devices
netapi ise ers network-devices

Web UI Paths

Path Description

Path	Description
`/admin`	Main admin portal
`/admin/API`	API documentation
`/admin/LiveLogs`	Real-time authentication logs
`/admin/reports`	Reporting and analytics

/admin

Main admin portal

/admin/API

API documentation

/admin/LiveLogs

Real-time authentication logs

/admin/reports

Reporting and analytics

Common URLs

URL Purpose

URL	Purpose
`ise-01.inside.domusdigitalis.dev/admin`	Admin portal
`ise-01.inside.domusdigitalis.dev:9060/ers/config`	ERS API
`ise-01.inside.domusdigitalis.dev:2484`	DataConnect (Oracle)

ise-01.inside.domusdigitalis.dev/admin

Admin portal

ise-01.inside.domusdigitalis.dev:9060/ers/config

ERS API

ise-01.inside.domusdigitalis.dev:2484

DataConnect (Oracle)

gopass Credentials

# ISE admin
gopass show -c v2/DOMUS/servers/ise-01/admin

# DataConnect
gopass show v2/DOMUS/servers/ise-01/dataconnect

# ERS API
gopass show v2/DOMUS/servers/ise-01/ers

Backup Commands

# Create backup to NAS
netapi ise backup --repo nas-01 --name "pre-upgrade" --wait

# List backups
netapi ise backup --list

# Restore backup
netapi ise restore --repo nas-01 --name "pre-upgrade"

Troubleshooting

Authentication Failures

# Check live logs
# Web UI: Operations > RADIUS > Live Logs

# DataConnect query for failures
netapi ise dc query "SELECT USERNAME, FAILURE_REASON, NAS_IP_ADDRESS, CALLING_STATION_ID
  FROM RADIUS_AUTHENTICATIONS
  WHERE PASSED = 0
  AND TIMESTAMP_TIMEZONE > SYSDATE - INTERVAL '1' HOUR"

Certificate Issues

# Verify CA chain on client
openssl verify -CAfile /etc/ssl/certs/DOMUS-CA-CHAIN.pem /etc/ssl/certs/client-eaptls.pem

# Check ISE trusted certs via API
netapi ise api-call openapi GET '/api/v1/certs/trusted-certificate?size=100' | \
  jq -r '.response[].friendlyName'

See ISE Certificate Troubleshooting (infra-ops) for detailed procedures.