restore :: Domus Digitalis

Synopsis

netapi ise restore [OPTIONS]

Description

Restore ISE configuration from a backup file stored in a configured repository.

This command replaces ALL current ISE configuration with the backup. ISE will reboot after the restore completes.

Options

Option Default Description

Option	Default	Description
`--repo`, `-r`	`nas-01`	Repository name where backup is stored
`--file`, `-f`	(required)	Backup filename to restore
`--key`, `-k`	`$ISE_BACKUP_KEY`	Encryption key used when backup was created
`--include-adeos`	false	Also restore ADE-OS configuration
`--wait`, `-w`	false	Wait for restore to complete (ISE will reboot)
`--timeout`, `-t`	3600	Wait timeout in seconds (default: 1 hour)
`--force`, `-y`	false	Skip confirmation prompt

--repo, -r

nas-01

Repository name where backup is stored

--file, -f

(required)

Backup filename to restore

--key, -k

$ISE_BACKUP_KEY

Encryption key used when backup was created

--include-adeos

false

Also restore ADE-OS configuration

--wait, -w

false

Wait for restore to complete (ISE will reboot)

--timeout, -t

3600

Wait timeout in seconds (default: 1 hour)

--force, -y

false

Skip confirmation prompt

Examples

List Available Backups

Before restoring, list available backups:

netapi ise list-backups --repo nas-01

Example output

                            Backups in nas-01
 Name                                                         Size  Date
 pre-ise34-migration-CFG10-260209-2251.tar.gpg                   -  -
 pre-upgrade-3.5-CFG10-260209-2123.tar.gpg                       -  -
 test-backup-CFG10-260208-2151.tar.gpg                           -  -

Basic Restore

# Load credentials
dsource d000 dev/network

# Restore (will prompt for confirmation)
netapi ise restore --repo nas-01 --file "pre-ise34-migration-CFG10-260209-2251.tar.gpg"

Restore Without Confirmation

Use --force to skip the confirmation prompt:

netapi ise restore --repo nas-01 --file "pre-ise34-migration-CFG10-260209-2251.tar.gpg" --force

Wait for Restore Completion

Use --wait to monitor the restore process:

netapi ise restore --repo nas-01 --file "backup.tar.gpg" --wait

ISE reboots after restore. The --wait option will detect when ISE goes offline and report that the restore is likely completing.

Restore with ADE-OS Configuration

Include the ADE-OS (underlying Linux) configuration:

netapi ise restore --repo nas-01 --file "backup.tar.gpg" --include-adeos

Post-Restore Steps

After restore completes and ISE reboots:

Wait for ISE services - Allow 10-15 minutes for all services to start
Verify AD join - Check Administration > Identity Management > External Identity Sources > Active Directory
Test authentication - Use netapi ise test-ad-user to verify AD connectivity
Check certificates - Verify certificates at Administration > System > Certificates
Verify NADs - Ensure network devices can connect

Encryption Key

The restore requires the same encryption key that was used when the backup was created.

Store the key in dsec for automatic loading:

# Store backup key
gopass insert d000/dev/storage/ISE_BACKUP_KEY

# Load before restore
dsource d000 dev/network
dsource d000 dev/storage  # if key is in separate source

Backup File Naming

ISE backup filenames follow this pattern:

<name>-CFG<version>-<YYMMDD>-<HHMM>.tar.gpg

<name> - User-provided backup name
CFG<version> - Configuration database version
<YYMMDD>-<HHMM> - Timestamp

restore

Synopsis

Description

Options

Examples

List Available Backups

Basic Restore

Restore Without Confirmation

Wait for Restore Completion

Restore with ADE-OS Configuration

Post-Restore Steps

Encryption Key

Backup File Naming

See Also