ISE CLI Commands

Overview

The netapi ise command group provides comprehensive access to Cisco Identity Services Engine (ISE) through multiple API interfaces.

API	Description	Port
MnT API	Monitoring & Troubleshooting - Sessions, auth status, failure reasons	443 (Admin)
ERS API	External RESTful Services - CRUD for endpoints, groups, profiles	9060
DataConnect	ODBC/SQL access to ISE database - Advanced queries	2484

API

Description

Port

MnT API

Monitoring & Troubleshooting - Sessions, auth status, failure reasons

443 (Admin)

ERS API

External RESTful Services - CRUD for endpoints, groups, profiles

9060

DataConnect

ODBC/SQL access to ISE database - Advanced queries

2484

Quick Reference

# MnT - Session monitoring
netapi ise mnt sessions
netapi ise mnt session 00:11:22:33:44:55
netapi ise mnt auth-status 00:11:22:33:44:55

# ERS - Configuration management
netapi ise get-endpoints
netapi ise get-authz-profiles
netapi ise get-dacls

# DataConnect - Database queries
netapi ise dc test
netapi ise dc profiler --hours 24
netapi ise dc recent --hours 1

Environment Setup

# Load ISE credentials via dsource
eval "$(dsource d000 dev/network)"

# Or export manually
export ISE_PAN_IP=10.50.1.10
export ISE_API_USER=admin
export ISE_API_PASS='SecurePass!'

API Architecture

@startuml
!theme cyborg
skinparam backgroundColor #1e1e2e

package "netapi CLI" as cli #4a9eff {
  [ise mnt ...] as mnt_cmd #89b4fa
  [ise get-...] as ers_cmd #94e2d5
  [ise dc ...] as dc_cmd #f9e2af
}

package "ISE API Interfaces" as apis #181825 {
  package "MnT API\n:443 (Admin)" as mnt_api #1a3a5c {
    note "XML Response\nBasic Auth" as mnt_note
  }
  package "ERS API\n:9060" as ers_api #1a3a3a {
    note "JSON/XML\nBasic Auth" as ers_note
  }
  package "DataConnect\n:2484 (ODBC)" as dc_api #3a3a1a {
    note "SQL Queries\nDB Credentials" as dc_note
  }
}

package "Data Access" as data #11111b {
  package "Operational" as mnt_data #1e1e2e {
    [Sessions]
    [Auth History]
    [Failure Reasons]
  }
  package "Configuration" as ers_data #1e1e2e {
    [Endpoints]
    [Authz Profiles]
    [dACLs]
  }
  package "Analytics" as dc_data #1e1e2e {
    [RADIUS Logs]
    [Profiler Data]
    [Accounting]
  }
}

mnt_cmd --> mnt_api
ers_cmd --> ers_api
dc_cmd --> dc_api

mnt_api --> mnt_data
ers_api --> ers_data
dc_api --> dc_data
@enduml