We are using ISE 1.2 for authentication on wireless and have noticed that base licenses are being consumed and show as an active endpoint for devices that attempt to connect to the SSID. Is a license consumed for any type of radius authentication request, even if it is a failed request? Does this mean that repeated requests to connect to the wireless network assocaited with ISE will use an active license?
There are currently no active enpoints at the moment yet I see 31 active base licenses used.
Thanks. So if there are sessions listed under the show live sessions screen(that are not really active), would these be endpoints where a radius accounting stop has not yet been received? Will these eventually purge out of the system after 5 days? If I exceed the license count before these have purged out will service to other endpoints be affected? I am just trying to get clarification. Thanks for your help.
•A Base or Advanced license is consumed based on the feature that is utilized.
•An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.
•Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.
Once you reach the license count/limit, you will start getting an alarm messages. license traps and alarms are just informational and not enforced. While the alarm is generated when the soft limit of endpoints is crossed and there is not functional impact on the users. To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. However there are plans to implement a hard limit on this soon.
Thanks for the info. I hope when they decide to implement a hard limit that they have a better way of counting an active session. It seems to me that you could have multiple attempts to connect to a wireless SSID and even though they are failed requests, ISE counts that as a license and could potentially create a denial of service situation if the license limit was exceeded.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...