Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE Licensing for IP Phones nodes

Hi Guys,

I'm currently worknig on an ISE design for a network where they have IP Phones for each end user device:

 

 Switch <--> IP Phone <--> End User Device.

 

My concern is the licensing part; i'm not really interested in authenticating or profiling IP Phone nodes. rather i need only to provide full ISE services for End user devices behind IP Phones (Authenitcation,Authorizatino,Posturing....etc.). so i need to order a base and an advanced license that cover ONLY the number of end user devices without accounting for IP Phone units.

Considering the above requirements ; what is the best deployment scenario to consider when configuring the switch interface that connect to each IP Phone with Single host port authentication (cdp bypass). would the ip phone consume from license count.

What if we considered doing MAB for IP Phone nides and Dot1x for End users and considering MDA ? would it consume 2 units from total license number of nodes in this case ?

What is the best practice for deploying and licensing ISE if i Cisco or a Third Party IP Telephony solution and i don't want to autheticate/authorize/profile ip phones ? 

Thanks,

Muayad Jallad,

 

 

3 REPLIES

The identifying device

The identifying device profiles doesn't consume any license however, if you are applying diff. authorization rules based on diff. devices types, an advance license would be consumed.

New Member

If you are using Cisco IP

If you are using Cisco IP phones you can get away with single-host mode on the port which in effect ignores the phone. If the phone is a third party device you will most likely need to use multi-domain authentication and actually use ISE to allow the phone on the network.

In summary - CIsco phone means potentially no license, if Avaya or other third party you will need to auth and use a license

Cisco Employee

if the device profiled

if the device profiled condition is used in authorization policy then only advanced license consumed

365
Views
0
Helpful
3
Replies