Hi @Holger1
The ISE Secured Wired Access Prescriptive Guide is the closest thing you'll get to a holistic document for this kind of deployment. But it does contain some out of date commands. If you happen to be using IOS-XE 16.9 or later you might find that some commands are no longer accepted. The document is very good but you cannot copy and paste everything expecting it to work.
I would also recommend reading up on the C3PL "language" because the Policy Map logic is the most complex of this. It's not well documented and various people have chipped in to make sense of this (e.g. Catherine McNamara's excellent blog article, and Aaron Woland's Cisco ISE and BYOD 2nd edition book).
If you're a programmer then you might find the C3PL methodology disturbing to your brain (at least that's how I feel). It's an ambitious attempt by Cisco to take an event driven paradigm and try to shoe-horn it into an IOS-like syntax. The result? A construct that looks like MQC QoS and usually just ends up being copied and pasted blindly because it's an utter mess to read and follow (just like MQC QoS). It's not very humanly readable. My advice is to test this in the lab and then file away your "golden config" for your next project and just re-use intelligently. If this stuff ever appeared in an exam I think it would melt my brain.
Of course when things don't work out we turn to debugging. The 802.1X debugging in IOS-XE is also completely different to the classic IOS. There is a Linux daemon that takes care of session management and you end up debugs via a whole new set of commands to instruct the daemon to dump to a text file. And then trawl the text file for the output. No more "term mon" style output.
