Initial I was looking to use VMPS (dynamic VLAN assignment to ports based on MAC).But after some reading I understand 802.1X with Radius is a better solution, and finally I came to ISE. My question: Is the BASE license for ISE sufficient to use the dynamic VLAN assignment (I.e. After authentication and authorization, a port will be set to a VLAN) or do I need to install the ADVANCED license ?
Long : Base license for the number of simultaneous device needing to authenticate with ISE, will enable support for 802.1x and mac authentication (mab) for wired/wireless with Cisco switches and controllers, and also has the Guest Portal services. However 802.1x is as you might have found, somewhat more complex to setup, than basic mac authentication, so just be careful and plan you roll-out carefully.
BTW, it looks like you are from The Netherlands like me. Only Cisco certified ISE ATP partners are entitled to sell the base and adavanced license. If your current partner is not a Cisco ISE ATP partner, we from AXIANS are and are willing to help you.
The Base License is consumed whenever an authentication notification is received by Cisco ISE. A single Advanced License is consumed when any one or more of the following services or conditions are applied to the endpoint session:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...