ERS Portal Management

Synopsis

# List all portals
netapi ise list-all-portals
netapi ise get-sponsor-portals
netapi ise get-sponsored-guest-portals

# Get portal details
netapi ise get-sponsor-portal <PORTAL_ID>
netapi ise get-ise-portal

# Update portal settings
netapi ise update-portal-port <PORTAL_ID> --port <PORT>
netapi ise set-ise-portal-cert-group --cert-group <GROUP>

Commands

list-all-portals

List all portals across all types with their HTTPS ports.

netapi ise list-all-portals

Shows portals of all types with full UUIDs:

Sponsor portals
Self-Registered (Guest) portals
Hotspot portals
BYOD portals
My Devices portals

Sample Output

┃ Name                     ┃ Type      ┃ Port ┃ Cert Group                   ┃ ID                                   ┃
├──────────────────────────┼───────────┼──────┼──────────────────────────────┼──────────────────────────────────────┤
│ Sponsor Portal (default) │ Sponsor   │ 8445 │ Default Portal Cert Group   │ ac6b8399-ef91-4ef3-97d2-46adaab82d42 │
│ Self-Reg Guest Portal    │ Self-Reg  │ 8000 │ Default Portal Cert Group   │ f09aaac2-f101-45ed-832f-fda201ab7639 │
│ Hotspot Guest Portal     │ Hotspot   │ 8445 │ Default Portal Cert Group   │ af156e64-4d2b-4026-8ab2-c8dd9b14a59b │
│ BYOD Portal (default)    │ BYOD      │ 8441 │ Default Portal Cert Group   │ ad09b1a8-3590-4759-8b49-fa02644bbbcb │
│ My Devices Portal        │ MyDevices │ 8440 │ Default Portal Cert Group   │ fc4c25ef-f1ea-4fe5-bf18-00baac6ddf61 │

get-sponsor-portals

List all sponsor portals (names and IDs only).

netapi ise get-sponsor-portals

get-sponsored-guest-portals

List sponsored guest portals, which includes the ISE SAML Portal.

netapi ise get-sponsored-guest-portals

Sample Output

┃ Name                            ┃ ID                                   ┃
├─────────────────────────────────┼──────────────────────────────────────┤
│ ISE Portal (default)            │ a486c6ef-6c77-4bc1-bf6d-4e479b3aeae8 │
│ Sponsored Guest Portal (default)│ a18f8300-ec46-4104-b28b-4d3f64a746ab │

get-sponsor-portal

Get detailed sponsor portal settings including port and certificate configuration.

netapi ise get-sponsor-portal ac6b8399-ef91-4ef3-97d2-46adaab82d42

get-ise-portal

Get the ISE Portal (SAML) configuration. This special portal is used for SAML-based admin authentication.

netapi ise get-ise-portal

Sample Output

                        ISE Portal (SAML)
 name                  ISE Portal (default)
 description           Ise Portal for saml based feature purpose
 id                    a486c6ef-6c77-4bc1-bf6d-4e479b3aeae8
 portalType            SPONSOREDGUEST
 httpsPort             8443
 allowedInterfaces     ['eth0', 'bond0']
 certificateGroupTag   Default Portal Certificate Group
 authenticationMethod  8a0c7720-f427-11f0-b76e-52c54a1d1f56

If certificateGroupTag shows NOT SET, port 8443 will not start! Use set-ise-portal-cert-group to fix this.

set-ise-portal-cert-group

Set the certificate group for the ISE Portal (SAML). Required for port 8443 to work.

netapi ise set-ise-portal-cert-group --cert-group "Default Portal Certificate Group"

This fixes the common issue where SAML authentication fails because the ISE Portal has no certificate group assigned.

Example Fix Workflow

# 1. Check current state
netapi ise get-ise-portal
# Shows: certificateGroupTag = NOT SET

# 2. Fix the certificate group
netapi ise set-ise-portal-cert-group --cert-group "Default Portal Certificate Group"

# 3. Wait 1-2 minutes for portal services to restart

# 4. Verify port is listening
nc -zv <ISE_IP> 8443

update-portal-port

Update a sponsor portal’s HTTPS port.

netapi ise update-portal-port ac6b8399-ef91-4ef3-97d2-46adaab82d42 --port 8446

Only works for standard Sponsor Portals. For the ISE SAML Portal, use set-ise-portal-cert-group.

Portal Types and API Support

Portal Type	API Support	Notes
Sponsor Portal	Full CRUD	Guest account provisioning
Sponsored Guest Portal	Full CRUD	Includes ISE SAML Portal
Self-Registered Guest	Read-only	Self-service guest registration
Hotspot Portal	Read-only	Terms-of-use only access
BYOD Portal	Read-only	Device registration
My Devices Portal	Read-only	End-user device management

Portal Type

API Support

Notes

Sponsor Portal

Full CRUD

Guest account provisioning

Troubleshooting

SAML Portal Not Working (Port 8443 Down)

Common cause: Certificate group not assigned to ISE Portal.

# Check ISE Portal configuration
netapi ise get-ise-portal

# If certificateGroupTag is "NOT SET", fix it:
netapi ise set-ise-portal-cert-group --cert-group "Default Portal Certificate Group"

# Wait 1-2 minutes, then verify
nc -zv <ISE_IP> 8443

If port still down after fix, ISE may need a service restart:

# On ISE CLI
application stop ise
application start ise

Portal Not Accessible

Check if the portal port is listening:

# From ISE CLI
show ports | grep 8443

# External test
nc -zv <ISE_IP> 8443

Port Conflicts

Use list-all-portals to identify port conflicts:

netapi ise list-all-portals | grep 8443

API Endpoint Reference

Resource Endpoint Methods

Resource	Endpoint	Methods
Sponsor Portals	`/ers/config/sponsorportal`	GET, POST, PUT, DELETE
Sponsored Guest Portals	`/ers/config/sponsoredguestportal`	GET, POST, PUT, DELETE
Self-Reg Portals	`/ers/config/selfregportal`	GET only
BYOD Portals	`/ers/config/byodportal`	GET only
Hotspot Portals	`/ers/config/hotspotportal`	GET only
My Devices Portals	`/ers/config/mydeviceportal`	GET only

Sponsor Portals

/ers/config/sponsorportal

GET, POST, PUT, DELETE