just trying to find some clarification on ISE end points for licensing. Im looking at moving AAA authentication for switches onto ISE. The end point licensing at the moment is primarily for mac based devices on Wireless. Will adding switches onto ISE eat into these liscense?I know on ACS5.1 had a license for Configured IP Addresses in Network Devices
The Base License is consumed whenever an authentication notification is received by Cisco ISE. A single Advanced License is consumed when any one or more of the following services or conditions are applied to the endpoint session:
In Cisco ISE, licensing enables you to provide coverage for increasing numbers of endpoints and offer more complex policy services depending on the capabilities of the license or licenses that you choose to apply.
Cisco ISE licenses are available in Base and Advanced packages. Each package includes a number of SKUs that is equal to the number of licenses included in the package. To use Cisco ISE, you must have a valid base and advanced license package.
The base package includes all of the base services required to enable 802.1X, Guest, and Monitoring and Troubleshooting. The advanced package includes Posture, Profiler, and Security Group Access services.
Cisco ISE is bundled with a licensing mechanism that has the following important features:
• Built-in License—Cisco ISE comes with a built-in evaluation license, which is valid for 90 days. The evaluation license includes both base and advanced packages and limits the number of endpoints to 100 for both the base and advanced packages. Therefore, it is not required to install a regular license immediately upon installation.
• Central Management—Licenses are centrally managed by the ISE administration node. In a distributed deployment, where two ISE nodes assume the Administration persona (primary and secondary), upon successful installation of the license file, the licensing information from the primary Administration node is propagated to the secondary Administration node. So there is no need to install the same license on each Administration node within the deployment.
• Concurrent Endpoint Count—The Cisco ISE license includes a count value for base and advanced packages, which restricts the number of endpoints that use those services. The count value is the number of endpoints across the entire deployment that are concurrently connected to the network and accessing the service.
Please check the below links which can give your better understanding:
I think you got now that every request authentication packet hitting the ISE will use the Base License and as you say that you are usnig the authentication for the switches also, So Please make sure that you purchase your license after keeping in mind the total concurrent users(user+non user)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...