Cisco ISE scripts

Cisco ISE is one of my favorite products. Although I cannot call myself an expert on it, I have worked on numerous designs where network security and segmentation are based on ISE with excellent results.

More than a few times I have needed to document the inventory of nodes in a cluster, and the certificates in use at the various nodes.

For these purposes I wrote a couple of Python scripts that I share in this post.

ISE API

The Cisco ISE APIs require access via an authenticated and authorized account, the procedure to assign users to the correct group is described HERE.

The API documentation is HERE

Script setup

Before running the scripts, export your ISE IP and credentials:

1export ise_ip=127.0.0.1
2export ise_username=myUsername
3export ise_password=myPassword

And install httpx:

1pip install httpx

Get all cluster nodes

For the first script I use the Node API to collect information about all the nodes in the cluster.

It prints the list of nodes in the cluster including name, fqdn, roles and IP address.

1python3 getisenodes.py

Get all cluster certificates

The second script runs trough all the nodes in the cluster and uses the certificate API to collect information about the certificate of each one.

The output format is

1hostname!friendlyName!issuedTo!issuedBy!validFrom!expirationDate!usedBy!serialNumber

Command to run the script:

1python3 getallisecerts.py

Wrap-up

Automating tasks through the use of scripts has been a passion of mine for as long as I can remember.

Since I began experimenting with Python in 2012, I have had the opportunity to apply what I have learned in my work.

Writing code for me is an occasional activity, which stops me at the Expert Beginner stage, but nevertheless I see it as a creative activity that impacts the quality of my work in a positive way, so I think it is a good way to invest my time.

I hope that sharing my experiences can be a source of inspiration for those who have not yet embarked on this path.

Code is available in my Github account. The best way to contact me is via X.

Enjoy!