03-07-2018 07:14 PM
I have a Cisco ISE 2.3 deployed as a standalone node for AAA. As a test only one network devide is configured with ISE to carryout the AAA processes.
I would like to know, if possible, how to configure Cisco ISE using the CLI. Is it possible to completely bypass the Admin web GUI and carryout every task via the CLI. For example, adding new network device, creating authentication and authorization policies, etc. using CLI.
Cisco ISE CLI reference guide does list some of the CLI options that ISE has, however, I could not find anything about adding network devices or policies.
03-07-2018 07:38 PM
ISE admin CLI performs mainly the management functions for the networking, and those can't be achieve by ISE admin web UI. It does not have every functions that carried by ISE admin web UI.
ISE has some ERS API for CRUD. Please enable ERS under ISE admin web > Administration > System > Settings > ERS Settings and read the on-box SDK documentation.
03-07-2018 07:40 PM
No, you might be able to do some of this via the api but likely not all of it
03-08-2018 03:15 PM
No, you cannot configure ISE functionality via the CLI. This must be done via the web UI or via the API.
The CLI basically lets you configure the system including interfaces, DNS, routing, start/stop/check the application status and view logs.
03-20-2018 07:30 PM
Thank you for your responses.
I have managed to by-pass the GUI for a few things like add network device, join AD domain, etc using the ERS API. However, still seeing if TACACS+ profiles can defined using the API. I have posted a question in a separate thread about this latter thing.
03-21-2018 07:14 AM
T+ profiles are coming in ISE 2.4. Please check it out when ISE 2.4 FCS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide