How Cisco ISE 1.2 Base licenses are consumed and tracks concurrent endpoint connected to network
I am interested to know how the cisco ISE 1.2 base licences are consumed. As the cisco ise 1.2 user guide "The Base License is consumed whenever an authentication notification is received by Cisco ISE."
Based on the above statement i have following queries :-
Radius being the UDP based request, its only during the time endpoint is authenticated and authorized the base license is consumed and then its is released. Then how does cisco ISE tracks the concurrent endpoints connected to the network.
•A Base or Advanced license is consumed based on the feature that is utilized.
•An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.
•Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.
Note Sessions without RADIUS activity are automatically purged from Active Session list every 5 days or if the endpoint is deleted from the system.
To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. Cisco ISE instead relies on RADIUS accounting functions to track concurrent endpoints on the network and generate alarms when endpoint counts exceed the licensed amounts:
Based on this assessment, you can purchase an ISE with 100 endpoint license and use the ISE to support 2000 endpoints without any issues because the license is not strictly enforce. Yes, it will generate alarms but it still works
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :