Deployment Nodes

Synopsis

netapi ise get-nodes [OPTIONS]

Description

List all ISE deployment nodes with multiple reporting modes for different use cases:

  • Basic - Quick node list

  • Detailed - Node topology and roles

  • Refresh - Full lifecycle planning report

  • Certs - Certificate expiry monitoring

  • Health - Quick health status check

  • Capacity - License and capacity planning

Options

Option Description

--detailed, -d

Node topology (hostname, IP, roles, services, status)

--refresh, -r

Full refresh planning (version, patches, certs, license, backup)

--certs, -c

Certificate expiry report with warnings

--health, -H

Quick health check (nodes, sessions, backup, alerts)

--capacity, -C

Capacity planning (sessions, license tiers, endpoints)

Usage

# Basic list (name and ID)
netapi ise get-nodes

# Detailed topology
netapi ise get-nodes --detailed

# Full refresh planning report
netapi ise get-nodes --refresh

# Certificate expiry check
netapi ise get-nodes --certs

# Quick health status
netapi ise get-nodes --health

# Capacity/license planning
netapi ise get-nodes --capacity

Sample Output

Basic output:

                    ISE Nodes
┏━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Name   ┃ ID                                   ┃
┡━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ ise-02 │ dc28a000-a19e-11f0-ba56-52540076f83b │
└────────┴──────────────────────────────────────┘

Detailed output (--detailed):

                        ISE Deployment Nodes (Detailed)
┏━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┓
┃ Hostname ┃ IP Address ┃ Roles      ┃ Services                    ┃ Status    ┃
┡━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━┩
│ ise-02   │ 10.50.1.21 │ Standalone │ Profiler, Session,          │ Connected │
│          │            │            │ DeviceAdmin, TC-NAC, pxGrid │           │
└──────────┴────────────┴────────────┴─────────────────────────────┴───────────┘

Refresh planning output (--refresh):

ISE Refresh Planning Report

Version Information
  Product:  Cisco ISE
  Version:  3.2.0.542

Installed Patches
  ✓ Patch 9  Sun Jan 11 13:37:38 2026

Deployment Nodes
Hostname   IP           FQDN                    Roles           Status
ise-02     10.50.1.21   ise-02.corp.local       Standalone      Connected

Certificates (ise-02)
  Default self-signed server certificate: Thu Jan 13 17:49:21 PST 2028
  ISE-ADMIN-EAP: Thu Jan 13 10:56:54 PST 2028
  LetsEncrypt-Portal: Mon Apr 13 20:26:19 PDT 2026

Active Sessions
  Count: 6

License Tiers
  ESSENTIAL: EVALUATION (5 endpoints)
  ADVANTAGE: EVALUATION (1 endpoints)
  PREMIER: EVALUATION (0 endpoints)

Last Backup
  Status: COMPLETED
  Type:   CONFIGURATION_DB
  Repo:   synology-nfs
  Date:   Sun Jan 11 13:45:49 PST 2026

Certificate expiry output (--certs):

ISE Certificate Expiry Report

ise-02
  ✓ 731d Default self-signed server certificate
      Expires: Thu Jan 13 17:49:21 PST 2028
  ⚠ 80d LetsEncrypt-Portal
      Expires: Mon Apr 13 20:26:19 PDT 2026
  ✓ 1826d ISE Messaging Service
      Expires: Sat Jan 11 14:46:00 PST 2031

⚠ = Warning (<90d)  ✗ = Critical (<30d or expired)

Health check output (--health):

ISE Health Check

Node Status
  ✓ ise-02 (Standalone)

Active Sessions
  6 active sessions

Last Backup
  ✓ COMPLETED - Sun Jan 11 13:45:49 PST 2026

All systems healthy

Capacity planning output (--capacity):

ISE Capacity Planning Report

Active Sessions
  Current: 6

License Consumption
Tier       Status   Compliance  Endpoints  Days OOC
ESSENTIAL  ENABLED  EVALUATION  5          -
ADVANTAGE  ENABLED  EVALUATION  1          -
PREMIER    ENABLED  EVALUATION  0          -

Deployment Scale
  Total nodes: 1
  PSN nodes:   0

Use for capacity and license planning

Node Roles

Role Description

PrimaryAdmin

Primary Administration Node (PAN)

SecondaryAdmin

Secondary Administration Node

PolicyService

Policy Service Node (PSN) - handles RADIUS

PrimaryMnt

Primary Monitoring Node (MnT)

SecondaryMnt

Secondary Monitoring Node

pxGrid

pxGrid Controller

Standalone

All roles on single node

Use Cases

Daily Health Check

#!/bin/bash
# Quick morning health check
netapi ise get-nodes --health

Certificate Monitoring (Cron Job)

#!/bin/bash
# Run weekly to catch expiring certs
netapi ise get-nodes --certs 2>&1 | grep -E "⚠|✗" && \
  echo "ALERT: Certificates need attention!"

Capacity Review (Monthly)

#!/bin/bash
# Monthly capacity planning review
netapi ise get-nodes --capacity > ise-capacity-$(date +%Y%m).txt

Full Refresh Assessment (Quarterly)

#!/bin/bash
# Quarterly refresh planning assessment
DATE=$(date +%Y%m%d)
{
  echo "ISE Refresh Assessment - $DATE"
  echo "================================"
  echo ""
  netapi ise get-nodes --refresh
} > ise-refresh-assessment-${DATE}.txt

Pre-Upgrade Checklist

#!/bin/bash
echo "=== ISE Pre-Upgrade Checklist ==="

# 1. Check current state
netapi ise get-nodes --refresh

# 2. Verify backup
netapi ise get-nodes --health | grep -A2 "Last Backup"

# 3. Check active sessions (impact)
netapi ise mnt count

API Reference

ISE APIs queried by each mode:

Endpoint Data Used By

/admin/API/mnt/Version

ISE version

--refresh

/admin/API/mnt/Session/ActiveCount

Active sessions

--refresh, --health, --capacity

/api/v1/patch

Installed patches

--refresh

/api/v1/deployment/node

Node topology

All modes

/api/v1/certs/system-certificate/{node}

Certificate expiry

--refresh, --certs

/api/v1/license/system/tier-state

License tiers

--refresh, --capacity

/api/v1/backup-restore/config/last-backup-status

Backup status

--refresh, --health

Related Commands