Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Exceeding ISE license counts - performance consequences?

Hello,

I have a customer that is running a 2-node ISE deployment and is licensed for 250 Base and 250 Adv. users.

We have moved the wired users over in one of their offices into Monitor Mode only, and the Base/Adv. Active license counts have exceeded both these values.

Long-term, what is the operational impact?

I understand from Chapter 7 of the ISE User Guide that "To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. Cisco ISE instead relies on RADIUS accounting functions to track concurrent endpoints on the network and generate alarms when endpoint counts exceed the licensed amounts"

My question is, that aside from a scenario where TAC is engaged and they see the license count exceeded, what is the operational and functional impact of exceeding the license count.  I know that ISE continues to process autthentications, because the 251st client is not refused access.

I've read the Order Guide and the User Guide and the Hardware Guide, and no actual impact is mentioned.

thanks in advance,

Andrew

Everyone's tags (1)
2 REPLIES

Re: Exceeding ISE license counts - performance consequences?

I had a similar question. I asked how does ISE calculate users. In the wlc I would see 10k radius clients but ISE would show half that number. This is what I was told:

Unfortunately there is no documentation on it. The active endpoints are calculated from the active sessions seen on the primary monitoring node session database, meaning active client sessions seen by PSNs and reported to the primary monitoring node. As to the rules that qualify an endpoint as active, there isn?t really even any internal documentation on that. The effective behavior seen indicates that this is calculated by endpoints who authenticate and continue to re-authenticate/periodically trigger accounting updates from NADs. Hopefully this helps!

Tac case # 627456397

Sent from Cisco Technical Support iPad App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Exceeding ISE license counts - performance consequences?

Hi George,

Thanks for the quick reply.

That was more or less what I was expecting.  Our Cisco Channel SE had no answer either.  Sounds like it's just some half-baked honour system.  At the price of those Advanced License subscriptions, you'd think they'd actually enforce it.  At this moment there are 321 active endpoints on this customer's network, ISE is chiming about the license count being exceeded, but is still processing new AAA requests.  I did read that the RADIUS accounting table flushes inactive endpoints older than 5 days.

Again, thanks for the reply, if I get any sort of definitive answer, I'll share it here.

Andrew

1529
Views
0
Helpful
2
Replies
CreatePlease to create content