cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
795
Views
0
Helpful
4
Replies

ISE Endpoint clarification

Si
Level 1
Level 1

Morning,

just trying to find some clarification on ISE end points for licensing. Im looking at moving AAA authentication for switches onto ISE. The end point licensing at the moment is primarily for mac based devices on Wireless. Will adding switches onto ISE eat into these liscense?I know on ACS5.1 had a license for Configured IP Addresses in Network Devices

Thanks

S

4 Replies 4

Venkatesh Attuluri
Cisco Employee
Cisco Employee

The Base License is consumed whenever an authentication notification  is  received by Cisco ISE. A single Advanced License is consumed when  any  one or more of the following services or conditions are applied to  the  endpoint session:

•Posture

•Security Group Tag assignment

•Authorization using profile information

•Endpoint is registered in the MyDevices Portal

Thanks for that. I guess we'll need more licences

Si

aqjaved
Level 3
Level 3

In Cisco ISE, licensing enables you to provide coverage for increasing numbers of endpoints and offer more complex policy services depending on the capabilities of the license or licenses that you choose to apply.

Cisco ISE licenses are available in Base and Advanced packages. Each package includes a number of SKUs that is equal to the number of licenses included in the package. To use Cisco ISE, you must have a valid base and advanced license package.

The base package includes all of the base services required to enable 802.1X, Guest, and Monitoring and Troubleshooting. The advanced package includes Posture, Profiler, and Security Group Access services.

Cisco ISE is bundled with a licensing mechanism that has the following important features:

•  Built-in License—Cisco ISE comes with a built-in evaluation license, which is valid for 90 days. The evaluation license includes both base and advanced packages and limits the number of endpoints to 100 for both the base and advanced packages. Therefore, it is not required to install a regular license immediately upon installation.

•  Central Management—Licenses are centrally managed by the ISE administration node. In a distributed deployment, where two ISE nodes assume the Administration persona (primary and secondary), upon successful installation of the license file, the licensing information from the primary Administration node is propagated to the secondary Administration node. So there is no need to install the same license on each Administration node within the deployment.

•  Concurrent Endpoint Count—The Cisco ISE license includes a count value for base and advanced packages, which restricts the number of endpoints that use those services. The count value is the number of endpoints across the entire deployment that are concurrently connected to the network and accessing the service.

Please check the below links which can give your better understanding:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_license.html

harvisin
Level 3
Level 3

Hello Si P,

I think you got now that every request authentication packet hitting the ISE will use the Base License and as you say that you are usnig the authentication for the switches also, So Please make sure that you purchase your license after keeping in mind the total concurrent users(user+non user)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: