Configuring Cisco ISE in CLI

deepakramanath · ‎03-07-2018

I have a Cisco ISE 2.3 deployed as a standalone node for AAA. As a test only one network devide is configured with ISE to carryout the AAA processes.

I would like to know, if possible, how to configure Cisco ISE using the CLI. Is it possible to completely bypass the Admin web GUI and carryout every task via the CLI. For example, adding new network device, creating authentication and authorization policies, etc. using CLI.

Cisco ISE CLI reference guide does list some of the CLI options that ISE has, however, I could not find anything about adding network devices or policies.

hslai · ‎03-07-2018

ISE admin CLI performs mainly the management functions for the networking, and those can't be achieve by ISE admin web UI. It does not have every functions that carried by ISE admin web UI.

ISE has some ERS API for CRUD. Please enable ERS under ISE admin web > Administration > System > Settings > ERS Settings and read the on-box SDK documentation.

Jason Kunst · ‎03-07-2018

No, you might be able to do some of this via the api but likely not all of it

dmh · ‎03-08-2018

No, you cannot configure ISE functionality via the CLI. This must be done via the web UI or via the API.

The CLI basically lets you configure the system including interfaces, DNS, routing, start/stop/check the application status and view logs.

deepakramanath · ‎03-20-2018

Thank you for your responses.

I have managed to by-pass the GUI for a few things like add network device, join AD domain, etc using the ERS API. However, still seeing if TACACS+ profiles can defined using the API. I have posted a question in a separate thread about this latter thing.

hslai · ‎03-21-2018

T+ profiles are coming in ISE 2.4. Please check it out when ISE 2.4 FCS.