ISE API Roadmap

Overview

This document tracks ISE API coverage in netapi, including implemented features and planned additions based on patterns extracted from 01_APIS.

Current Implementation Status

ERS API

Feature Status CLI Command

Feature	Status	CLI Command
Endpoints (list, get)	✓ Done	`netapi ise get-endpoints`, `get-endpoint`
Endpoint Groups	✓ Done	`netapi ise get-endpoint-groups`
Network Devices (NADs)	✓ Done	`netapi ise get-nads`, `get-nad`
Security Group Tags (SGTs)	✓ Done	`netapi ise get-sgts`, `get-sgt`
Authorization Profiles	✓ Done	`netapi ise get-authz-profiles`, `get-authz-profile`, `update-authz-profile`
Downloadable ACLs (DACLs)	✓ Done	`netapi ise get-dacls`
Deployment Nodes	✓ Done	`netapi ise get-nodes`

Endpoints (list, get)

✓ Done

netapi ise get-endpoints, get-endpoint

Endpoint Groups

✓ Done

netapi ise get-endpoint-groups

Network Devices (NADs)

✓ Done

netapi ise get-nads, get-nad

Security Group Tags (SGTs)

✓ Done

netapi ise get-sgts, get-sgt

Authorization Profiles

✓ Done

netapi ise get-authz-profiles, get-authz-profile, update-authz-profile

Downloadable ACLs (DACLs)

✓ Done

netapi ise get-dacls

Deployment Nodes

✓ Done

netapi ise get-nodes

MnT API

Feature Status CLI Command

Feature	Status	CLI Command
Active Sessions	✓ Done	`netapi ise mnt sessions`
Session Lookup (MAC, IP, User)	✓ Done	`netapi ise mnt session`, `session-ip`, `session-user`
Session Count	✓ Done	`netapi ise mnt count`
Authentication Logs	✓ Done	`netapi ise mnt auth-logs`
Auth Status by MAC	✓ Done	`netapi ise mnt auth-status`
Failed Authentications	✓ Done	`netapi ise mnt failed`
Failure Reasons	✓ Done	`netapi ise mnt failure-reasons`
Change of Authorization (CoA)	✓ Done	`netapi ise mnt coa`
Version Info	✓ Done	`netapi ise mnt version`

Active Sessions

✓ Done

netapi ise mnt sessions

Session Lookup (MAC, IP, User)

✓ Done

netapi ise mnt session, session-ip, session-user

Session Count

✓ Done

netapi ise mnt count

Authentication Logs

✓ Done

netapi ise mnt auth-logs

Auth Status by MAC

✓ Done

netapi ise mnt auth-status

Failed Authentications

✓ Done

netapi ise mnt failed

Failure Reasons

✓ Done

netapi ise mnt failure-reasons

Change of Authorization (CoA)

✓ Done

netapi ise mnt coa

Version Info

✓ Done

netapi ise mnt version

DataConnect API

Feature Status CLI Command

Feature	Status	CLI Command
Connection Test	✓ Done	`netapi ise dc test`
Auth Statistics	✓ Done	`netapi ise dc stats`
Endpoints	✓ Done	`netapi ise dc endpoints`, `endpoint`
Failed Authentications	✓ Done	`netapi ise dc failed`
Profiler Analytics	✓ Done	`netapi ise dc profiler`
Device Types	✓ Done	`netapi ise dc device-types`
Raw SQL Query	✓ Done	`netapi ise dc query`

Connection Test

✓ Done

netapi ise dc test

Auth Statistics

✓ Done

netapi ise dc stats

Endpoints

✓ Done

netapi ise dc endpoints, endpoint

Failed Authentications

✓ Done

netapi ise dc failed

Profiler Analytics

✓ Done

netapi ise dc profiler

Device Types

✓ Done

netapi ise dc device-types

Raw SQL Query

✓ Done

netapi ise dc query

Planned Additions

ERS API - Guest Services

Feature Status Source Reference

Feature	Status	Source Reference
Guest Users	Planned	`01_APIS/nac/cisco/ise/ers-api/guest-services/`
Guest Types	Planned	`guest-type.http`
Sponsor Groups	Planned	`sponsor-group.http`
Guest Locations	Planned	`guest-location.http`
Guest SSID	Planned	`guest-ssid.http`
Guest SMTP Notifications	Planned	`guest-smtp-notification.http`

Guest Users

Planned

01_APIS/nac/cisco/ise/ers-api/guest-services/

Guest Types

Planned

guest-type.http

Sponsor Groups

Planned

sponsor-group.http

Guest Locations

Planned

guest-location.http

Guest SSID

Planned

guest-ssid.http

Guest SMTP Notifications

Planned

guest-smtp-notification.http

ERS API - TACACS

Feature Status Source Reference

Feature	Status	Source Reference
TACACS Command Sets	Planned	`01_APIS/nac/cisco/ise/ers-api/tacacs/`
TACACS Profiles	Planned	`tacacs-profile.http`
TACACS External Servers	Planned	`tacacs-external-servers.http`
TACACS Server Sequences	Planned	`tacacs-server-sequence.http`

TACACS Command Sets

Planned

01_APIS/nac/cisco/ise/ers-api/tacacs/

TACACS Profiles

Planned

tacacs-profile.http

TACACS External Servers

Planned

tacacs-external-servers.http

TACACS Server Sequences

Planned

tacacs-server-sequence.http

ERS API - TrustSec

Feature Status Source Reference

Feature	Status	Source Reference
Egress Matrix Cell	Planned	`01_APIS/nac/cisco/ise/ers-api/trustsec/`
IP-SGT Mapping	Planned	`ip-sgt-mapping.http`
SGACLs	Planned	`sgacl.http`
TrustSec SXP	Planned	`trustsec-sxp.http`

Egress Matrix Cell

Planned

01_APIS/nac/cisco/ise/ers-api/trustsec/

IP-SGT Mapping

Planned

ip-sgt-mapping.http

SGACLs

Planned

sgacl.http

TrustSec SXP

Planned

trustsec-sxp.http

ERS API - Portals

Feature Status Source Reference

Feature	Status	Source Reference
BYOD Portal	Planned	`01_APIS/nac/cisco/ise/ers-api/portals/`
Hotspot Portal	Planned	`hotspot-portal.http`
Sponsor Portal	Planned	`sponsor-portal.http`
Sponsored Guest Portal	Planned	`sponsored-guest-portal.http`

BYOD Portal

Planned

01_APIS/nac/cisco/ise/ers-api/portals/

Hotspot Portal

Planned

hotspot-portal.http

Sponsor Portal

Planned

sponsor-portal.http

ERS API - ANC (Adaptive Network Control)

Feature Status Source Reference

Feature	Status	Source Reference
ANC Policies	Planned	`01_APIS/nac/cisco/ise/ers-api/policy/`
ANC Endpoint Assignment	Planned	`ise-anc-policy.http`

ANC Policies

Planned

01_APIS/nac/cisco/ise/ers-api/policy/

ANC Endpoint Assignment

Planned

ise-anc-policy.http

OpenAPI - Policy Sets

Feature Status CLI Command

Feature	Status	CLI Command
Policy Sets (list, get)	✓ Done	`netapi ise get-policy-sets`, `get-policy-set`
Authentication Policies	Planned	-
Authorization Policies	Planned	-

Policy Sets (list, get)

✓ Done

netapi ise get-policy-sets, get-policy-set

Authentication Policies

Planned

Authorization Policies

Planned

pxGrid API

Feature Status Source Reference

Feature	Status	Source Reference
pxGrid Control	Planned	`01_APIS/nac/cisco/ise/pxgrid/system/`
Session Directory	Planned	`ise-pxgrid-sessions-002.http`
ANC via pxGrid	Planned	`ise-pxgrid-anc-003.http`
TrustSec via pxGrid	Planned	`ise-pxgrid-trustsec-004.http`
SXP via pxGrid	Planned	`ise-pxgrid-sxp-005.http`
RADIUS Failures via pxGrid	Planned	`ise-pxgrid-radius-006.http`
MDM via pxGrid	Planned	`ise-pxgrid-mdm-007.http`
Profiler via pxGrid	Planned	`ise-pxgrid-profiler-008.http`
Endpoint via pxGrid	Planned	`ise-pxgrid-endpoint-010.http`

pxGrid Control

Planned

01_APIS/nac/cisco/ise/pxgrid/system/

Session Directory

Planned

ise-pxgrid-sessions-002.http

ANC via pxGrid

Planned

ise-pxgrid-anc-003.http

TrustSec via pxGrid

Planned

ise-pxgrid-trustsec-004.http

SXP via pxGrid

Planned

ise-pxgrid-sxp-005.http

RADIUS Failures via pxGrid

Planned

ise-pxgrid-radius-006.http

MDM via pxGrid

Planned

ise-pxgrid-mdm-007.http

Profiler via pxGrid

Planned

ise-pxgrid-profiler-008.http

Endpoint via pxGrid

Planned

ise-pxgrid-endpoint-010.http

Priority Order

Based on operational needs:

ANC (Adaptive Network Control) - Required for netapi run emergency-block full implementation
TrustSec/SXP - Required for microsegmentation automation
Guest Services - Required for guest management automation
Policy Sets (OpenAPI) - Required for policy-as-code
pxGrid - Required for real-time event streaming
TACACS - Required for device administration automation
Portals - Lower priority, manual configuration acceptable

Contributing

When implementing new ISE API features:

Reference the corresponding .http file in 01_APIS/nac/cisco/ise/
Add vendor client method in netapi/vendors/cisco/ise/
Add CLI command in netapi/cli/ise.py
Update this roadmap document
Add tests