Enabling ISE 3.0 ERS APIs

I want to walkthrough enabling the External RESTful Services (ERS) APIs in Cisco ISE 3.0 so that we can consume ISE APIs in later posts to do a variety of things to include endpoint creation/manipulation, network device creation, and many more tasks. Once we enable and configure ISE we will briefly go over the ISE Software Development Kit (SDK).

A few important things to note:

  • ISE ERS APIs use HTTPS protocol on port 9060

  • These APIs allow CRUD operations

  • ERS is based on the HTTP protocol and REST methodology

Note: See more about CRUD/REST/HTTP verbs here: CURL, REST, & CRUD Tidbit

Ok, we have a fresh ISE 3.0 install in vmware. Once installed, ensure the app server is running so that we can access the web admin UI portal. If it is not, you can manually check status/start the app server from cli. If the app server is 'initializing' you can actually browse to the admin UI and it displays a nice message stating so (nice new feature with ISE 3.0).

Helpful CLI Commands to ensure app server is running:

#show application status ise
#application start/stop ise
#application status ise

Ok so let's begin. After login this is what the main default page looks like. In order to get to System settings so we can enable the ERS APIs click the top left 3bar drop down:

Now go to Administration->System->Settings:

Now click on ERS settings in the left pane:

We will proceed with Enabling the ERS setting for the Admin node & enabled CSRF Check. You will get the following popup:

Ok so now that our ERS APIs are enabled we need to create an ERS admin. Note that there are different roles: Quick overview:

  • ERS Admin: This user can create, read, update, and delete External RESTful Services API requests. They have full access to all External RESTful Services APIs (GET, POST, DELETE, PUT).

  • ERS Operator: This user has read-only access (GET requests only).

To create the ERS Admin user go to: Adminstration->System->Admin Access->Administrators->Admin Users: Then click +Add:

For our setup we will be creating a new user and assigning it to ERS Admin group so that we have full access to ERS APIs:

Once we have enabled the RESTful services, and created our ERS admin user we are now ready to begin consuming APIs.

Lastly, to view the ERS SDK you can access it via: https://<ISE-ADMIN-NODE>:9060/ers/sdk. Only users with the role ERS Admin can access the External RESTful Services SDK.

The SDK consists of the following components:

  • Quick reference API documentation.

  • A complete list of all available API operations.

  • Schema files available for download.

  • Sample application in Java available for download.

  • Use cases in cURL script format.

  • Use cases in Python script format.

  • Instructions on using Chrome Postman.

Good luck & see you in later posts, Cheers!


Recent Posts

See All

In this tidbit I want to cover some high level notes on general trustsec items as well as some good-to-knows. A brief overview of what trustsec is: TrustSec provides scalable access controls by uniqu

"The What?" - In this blog I want to cover a project with Ansible that I created to automate parts of a workflow relating to an SDA edge node (EN) deployment. Now to breakdown the workflow I will be