Portal/REST API for adding network devices in ISE

manoj.k@pwc.com · ‎03-05-2018

We are deploying ISE for Device Administration(TACACS+) for various network devices like routers, firewalls, switches etc. Now we need a portal (something like using REST API) to add these network devices where device owners can add their devices instead of login to ISE and adding those. We know that ACS support this kind of functionality but we are unable to find similar details for Cisco ISE.

Is it even possible to have a portal like this in ISE? If yes, can you please provide the details/documentation which can help us in achieving the same.

Thanks in advance!!

marce1000 · ‎03-05-2018

- Isn't that 'doubling the problem' ; I mean I think it's possible in ISE to define restricted operator roles so that users can add and delete devices too.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

manoj.k@pwc.com · ‎03-05-2018

manoj.k@pwc.com · ‎03-05-2018

I agree to your point... But the client is asking for that. And they are using a similar functionality with ACS and they really want to continue with that.

Below is the situation which the client needs to avoid:

Lets say that we use the the existing functionality of ISE to add/delete/modify devices. But then the client only wants them to add devices, not to remove devices. In the past, some incidents have happened where devices were deleted accidentally and the client doesn't want such incident to happen again. So they are looking for a portal where they have access just to add devices, not to remove.

For removing of devices, they want separate decommissioning process.

I guess this is not possible with the ISE admin roles as far as I checked in ISE.