Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

License usage

Hi Folks,

Well I thought I was pretty happy with licensing, and what I understood was:

1. Licensing is based on number of concurrently active users.

2. An advanced license is used if an endpoint is allocated an authentication profile based on a rule which uses profiling information/posturing.

This shows my currentl licensing page:

ise license usage.jpg

and here's a summary from the front page:

ise summary.jpg

Don't these two already contradict each other?

I've no idea where 28 advanced licenses have been used. No posturing in place, fairly simple setup, dot1x certs and MAB. Any tips for troubleshooting license usage?

Ver 1.1.4 Patch 3

Everyone's tags (2)
8 REPLIES

Re:License usage

You are correct. Are you using any advanced guest features like device provisioning? If not, you need to run this through tac.


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
New Member

Re:License usage

No device provisioning. I do have profiling enabled, but I'm thinking that if I'm not using attributes gained from profiling for any authorization rules, then it shouldn't be using advanced licenses. The fact that I only have 7 profiled end points showing on the home page sort of makes me feel more comfortable that I haven't got that wrong.

Cisco Employee

Re:License usage

I would suggest you to open a case with TAC team. TAC will help you out in this scenario.

New Member

Re:License usage

Table 4 Cisco ISE License Types and Supported Services (for ISE licensing information)

http://www.cisco.com/en/US/docs/security/ise/1.0.4/release_notes/ise104_rn.html#wp62171

The configuration guide that will help you to configure & monitor the staus of endpoint.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

New Member

Re:License usage

Hi Basant, I might have missed your point. Were you outlining anything in particular? Or just handing me the manual? :-)

New Member

License usage

bikespace, did you ever get a solution for this issue?

I'm having the same problem in my current ISE implementation.

Cisco Employee

License usage

bikespace,

In ISE 1.1.x, Advanced license is the count of postured, BYOD, or profiled endpoints
that are active in session directory.

You can make use of this API reference guide to check the Active session count.

http://www.cisco.com/en/US/docs/security/ise/1.1/api_ref_guide/ise_api_ref_ch2.html#wp1068744

The API to check for Active Session count is as follows :

https://MNTise-node-name/ise/mnt/Session/ActiveList

Looks like issue with Dashboard query . Dashboard might be taking the count of stale Endpoint sessions as well.
New Member

Re: License usage

Reply from TAC was that there were internal discussions regarding whether the method in which the licensing was calculated is to be changed, or Cisco's wording in the documentation is to be changed.
I hear that it's the former but no news regarding when yet.
Confirmed that it doesn't perform as per the documentation.
End points which were manually added by MAC were subsequently being marked as profiled and using an advanced license, despite the rules which they are using not using any of the profiled information.
Cosmetic but sends annoying alarms constantly. Doesn't look too good.

Sent from Cisco Technical Support iPhone App

803
Views
6
Helpful
8
Replies