Cisco pxGrid Cloud Solution Guide

PDF

Activate Cisco pxGrid Cloud service in Cisco ISE

Updated: February 20, 2026

Want to summarize with AI?

Log in

Overview

Learn how to activate Cisco pxGrid Cloud service in Cisco ISE.

Before you begin

  • Install and activate the Advantage license tier in your Cisco ISE deployment.

  • The pxGrid Cloud agent creates an outbound HTTPS connection to Cisco pxGrid Cloud. Therefore, you must configure Cisco ISE proxy settings if the customer network uses a proxy to reach the internet. To configure proxy settings in Cisco ISE, go to Administration > System > Settings > Proxy.

  • The Cisco ISE Trusted Certificates Store must include the root CA certificate required to validate the server certificate presented by Cisco pxGrid Cloud. Ensure that the Trust for Authentication of Cisco Services option is enabled for this root CA certificate. To enable Trust for Authentication of Cisco Services, go to Administration > System > Certificates.

  • Port 443 must be open for outbound connection from Cisco ISE to Cisco pxGrid Cloud portal. If firewall or proxy settings are configured, these URLs must not be blocked:

  • Cisco ISE and Cisco pxGrid Cloud integration requires outbound HTTP access to Online Certificate Status Protocol (OCSP) responder URLs for real-time certificate validation. These URLs may change dynamically as root and intermediate certificates are updated.

    If you encounter OCSP validation issues, you can identify the required OCSP responder URLs in the hermes.log file on the active Cisco pxGrid Cloud node. You must allow outbound HTTP access to all identified OCSP responder URLs to ensure successful certificate validation and uninterrupted Cisco pxGrid Cloud integration.

Procedure

1.

In the Cisco ISE GUI, navigate to Administration > System > Deployment.

2.

Select the node on which you want to enable the Cisco pxGrid Cloud service.
3.

In the General Settings tab, enable the pxGrid service.
4.

Check the Enable pxGrid Cloud check box.

  • The Cisco pxGrid Cloud service can be enabled on two nodes to enable high availability.

  • You can enable the pxGrid Cloud option only when the pxGrid service is enabled on that node.

Cisco pxGrid Cloud service is enabled.

Create an account in Cisco Catalyst Cloud Portal

Procedure

1.

Go to https://dna.cisco.com.

If you already have a Cisco account, skip to Step 4.

2.

If you do not have a Cisco account, click Create a New Account. You don't need additional licenses or privileges to open a Cisco Catalyst Cloud Portal account.
3.

Enter the required details in the Create Account window and click Register.

A verification email is sent to the email address entered in the Create Account window. Check your verification email to complete the sign-in process.
4.

Log in to the Cisco Catalyst Cloud Portal with your Cisco account.
5.

Enter a name for your account and click Continue.
6.

Verify your account profile details and click Create Account.

The Cisco Catalyst Cloud Portal home page is displayed and you have successfully created a Cisco Catalyst Cloud Portal account.
Note

If you have multiple Cisco Catalyst Cloud Portal accounts, a pop-up window listing all your associated accounts is displayed. Choose an account and click Continue to launch the home page.

Subscribe to an offer in Cisco Catalyst Cloud Portal

Procedure

1.

In the Cisco Catalyst Cloud Portal home page, click Subscribe to Offer.

2.

In the Set Up Your Subscription slide-in pane, from the Offer drop-down list, choose pxGrid Cloud.
3.

From the Region drop-down list, choose the region of your choice. Cisco pxGrid Cloud is supported in the U.S., Europe, Asia Pacific, and Japan.
4.

Check the General Terms check box and click Subscribe Offer.

The offers that you are subscribed to are displayed in the Cisco Catalyst Cloud Portal home page.

If you want to delete an offer, select the offer and click Delete.

  • Deleting a subscription removes access for all accounts associated with that offer. As a result, logged-in users cannot register devices or perform any actions related to the offer.

  • Deleting a subscription affects the products registered in that region.

Register Cisco ISE

Before you begin

You must subscribe to an offer before registering Cisco ISE.

Procedure

1.

Go to https://dna.cisco.com/.
2.

In the Cisco Catalyst Cloud Portal home page, click Register Cisco ISE.
3.

In the Register Cisco ISE slide-in pane, enter the Cisco ISE server name and description.

A one-time password (OTP) is generated. This OTP is valid for 30 minutes. Refer to Cisco pxGrid Cloud and Cisco ISE integration for more information.

Enter the OTP in the Setup Connection page in Cisco ISE (under Administration > pxGrid Services > Client Management > pxGrid Cloud Connection).

The pxGrid Cloud service must be enabled on one or two pxGrid nodes in the Cisco ISE deployment. Refer to Activate Cisco pxGrid Cloud service in Cisco ISE for information on how to enable the pxGrid Cloud service.

After successful registration, you will see the status of the Cisco ISE instance displayed as Registered in the On-Prem Connections page.