Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Understand ISE Licensing

Hello,

I am going to Order (SNS-3415-K9) ISE product to deploy at my company, my concern is the size of license I shall order, and how to know the correct number

I have workstations (PC’s), laptops, Printers, IP-CAM’s, and WLC with 50 AP.

How I can determine the number of license I should get in order to have the benefits from Cisco ISE.

Best reagrds,

Samer Hasan

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Understand ISE Licensing

Question:

I am going to Order (SNS-3415-K9) ISE product to deploy at my company, my concern is the size of license I shall order, and how to know the correct number. I have workstations (PC’s), laptops, Printers, IP-CAM’s, and WLC with 50 AP. How I can determine the number of license I should get in order to have the benefits from Cisco ISE.

Cisco Identity Services Engine (ISE) Ordering Steps

Here’s guide which can help in finding solution of your problem

1. Estimate the number of concurrent endpoints in the network.

2. Estimate the number of appliances (physical or virtual) needed to support the number of concurrent endpoints

     in the network.

3. Select the appropriate type of appliance suitable for your deployment. (Reference the appliance selection.)

4. Select the appropriate type of license suitable for your deployment. (Reference the license selection.)

5. Select the appropriate level of services available from Cisco Advanced Services or a Certified Partner for design,

    Deployment and sustaining services of the ISE deployment.

Step 1: Estimate the Number of Concurrent Endpoints in the Network

Estimating the total number of concurrent endpoints is dependent on a number of variables. An approach to consider would be to take into account:

• Number of employees in the organization

• Average number of devices per employee (desktop, laptop, smartphone, desk IP phone, etc.)

• Number of switch ports currently in the organization

• Number of access points deployed in the organization

• Average number of devices per access point

• Dynamic IP address range being used

• Average number of guests expected to join the network

• Inventory of non-user devices such as IP cameras, printers, IP-enabled projectors, etc.

A combination of factors that includes but is not limited to the above factors could be used to determine the total number of concurrent endpoints in the network.

Step 2: Cisco ISE Appliances and Servers* Options

Cisco   Identity Services Engine Appliances

Option 1: Cisco Identity Services   Engine Appliances and Servers*

Product Number

Endpoints Supported

Cisco Secure Network Server 3415*

SNS-3415-K9

5,000

Cisco Secure Network Server 3495*

SNS-3495-K9

20,000

Step 3: Cisco Secure Network Server Support SKUs*

Product   Number

SMARTnet Part Number

Description

SNS-3415-K9*

CON-SNT-SNS-3415

Cisco SMARTnet support for   SNS-3415-K9 - 8x5 Next Business Day

Step 4: Select the Type of License

Step 5: Cisco ISE License Options

License   Type

Features Supported

Deployment Type Supported

License Prerequisite

License Term(s)

Base License

AAA

Guest Provisioning

Link Encryption Policies

Wired

Wireless

VPN

-

Perpetual

Advanced License

Device Onboarding/Provisioning

Device Profiling and Feed Service*

Host Posture

Security Group Access

Integrated Vendor MDM Support*

Wired

Wireless

VPN

Base License

3- and 5-Year Terms

Wireless License

Device Onboarding/Provisioning

AAA

Guest Provisioning

Link Encryption Policies

Device Profiling and Feed Service*

Host Posture

Security Group Access

Integrated Vendor MDM Support*

Wireless

-

3- and 5-Year Terms

Step 6. Cisco ISE Functionality-Based License Options

License   Tiers (T)

Number of Endpoints Supported

Base License

Advanced 3-Year License

Advanced 5-Year License

Wireless 3-Year License

Wireless 5-Year License

Wireless Upgrade 3-Year License

Wireless Upgrade 5-Year License

100

100 Endpoints

L-ISE-BSE-100=

L-ISE-ADV3Y-100=

L-ISE-ADV5Y-100=

L-ISE-AD3Y-W-100=

L-ISE-AD5Y-W-100=

L-ISE-W-3UPG-100=

L-ISE-W-UPG-100=

250

250 Endpoints

L-ISE-BSE-250-

L-ISE-ADV3Y-250=

L-ISE-ADV5Y-250=

L-ISE-AD3Y-W-250=

L-ISE-AD5Y-W-250=

L-ISE-W-3UPG-250=

L-ISE-W-UPG-250=

500

500 Endpoints

L-ISE-BSE-500=

L-ISE-ADV3Y-500=

L-ISE-ADV5Y-500=

L-ISE-AD3Y-W-500=

L-ISE-AD5Y-W-500=

L-ISE-W-3UPG-500=

L-ISE-W-UPG-500=

1000

1000 Endpoints

L-ISE-BSE-1K=

L-ISE-ADV3Y-1K=

L-ISE-ADV5Y-1K=

L-ISE-AD3Y-W-1K=

L-ISE-AD5Y-W-1K=

L-ISE-W-3UPG-1K=

L-ISE-W-UPG-1K=

1500

1500 Endpoints

L-ISE-BSE-1500=

L-ISE-ADV3Y-1500=

L-ISE-ADV5Y-1500=

L-ISE-AD3Y-W-1500=

L-ISE-AD5Y-W-1500=

L-ISE-W-3UPG-1500=

L-ISE-W-UPG-1500=

2500

2500 Endpoints

L-ISE-BSE-2500=

L-ISE-ADV3Y-2500=

L-ISE-ADV5Y-2500=

L-ISE-AD3Y-W-2500=

L-ISE-AD5Y-W-2500=

L-ISE-W-3UPG-2500=

L-ISE-W-UPG-2500=

3500

3500 Endpoints

L-ISE-BSE-3500=

L-ISE-ADV3Y-3500=

L-ISE-ADV5Y-3500=

L-ISE-AD3Y-W-3500=

L-ISE-AD5Y-W-3500=

L-ISE-W-3UPG-3500=

L-ISE-W-UPG-3500=

5000

5000 Endpoints

L-ISE-BSE-5K=

L-ISE-ADV3Y-5K=

L-ISE-ADV5Y-5K=

L-ISE-AD3Y-W-5K=

L-ISE-AD5Y-W-5K=

L-ISE-W-3UPG-5K=

L-ISE-W-UPG-5K=

10,000

10K Endpoints

L-ISE-BSE-10K=

L-ISE-ADV3Y-10K=

L-ISE-ADV5Y-10K=

L-ISE-AD3Y-W-10K=

L-ISE-AD5Y-W-10K=

L-ISE-W-3UPG-10K=

L-ISE-W-UPG-10K=

25,000

25K Endpoints

L-ISE-BSE-25K=

L-ISE-ADV3Y-25K=

L-ISE-ADV5Y-25K=

L-ISE-AD3Y-W-25K=

L-ISE-AD5Y-W-25K=

L-ISE-W-3UPG-25K=

L-ISE-W-UPG-25K=

50,000

50K Endpoints

L-ISE-BSE-50K=

L-ISE-ADV3Y-50K=

L-ISE-ADV5Y-50K=

L-ISE-AD3Y-W-50K=

L-ISE-AD5Y-W-50K=

L-ISE-W-3UPG-50K=

L-ISE-W-UPG-50K=

100,000

100K Endpoints

L-ISE-BSE-100K=

L-ISE-ADV3Y-100K=

L-ISE-ADV5Y-100K=

L-ISE-AD3Y-W-100K=

L-ISE-AD5Y-W-100K=

L-ISE-W-3UPG-100K=

L-ISE-W-UPG-100K=

12 REPLIES
Bronze

Understand ISE Licensing

Question:

I am going to Order (SNS-3415-K9) ISE product to deploy at my company, my concern is the size of license I shall order, and how to know the correct number. I have workstations (PC’s), laptops, Printers, IP-CAM’s, and WLC with 50 AP. How I can determine the number of license I should get in order to have the benefits from Cisco ISE.

Cisco Identity Services Engine (ISE) Ordering Steps

Here’s guide which can help in finding solution of your problem

1. Estimate the number of concurrent endpoints in the network.

2. Estimate the number of appliances (physical or virtual) needed to support the number of concurrent endpoints

     in the network.

3. Select the appropriate type of appliance suitable for your deployment. (Reference the appliance selection.)

4. Select the appropriate type of license suitable for your deployment. (Reference the license selection.)

5. Select the appropriate level of services available from Cisco Advanced Services or a Certified Partner for design,

    Deployment and sustaining services of the ISE deployment.

Step 1: Estimate the Number of Concurrent Endpoints in the Network

Estimating the total number of concurrent endpoints is dependent on a number of variables. An approach to consider would be to take into account:

• Number of employees in the organization

• Average number of devices per employee (desktop, laptop, smartphone, desk IP phone, etc.)

• Number of switch ports currently in the organization

• Number of access points deployed in the organization

• Average number of devices per access point

• Dynamic IP address range being used

• Average number of guests expected to join the network

• Inventory of non-user devices such as IP cameras, printers, IP-enabled projectors, etc.

A combination of factors that includes but is not limited to the above factors could be used to determine the total number of concurrent endpoints in the network.

Step 2: Cisco ISE Appliances and Servers* Options

Cisco   Identity Services Engine Appliances

Option 1: Cisco Identity Services   Engine Appliances and Servers*

Product Number

Endpoints Supported

Cisco Secure Network Server 3415*

SNS-3415-K9

5,000

Cisco Secure Network Server 3495*

SNS-3495-K9

20,000

Step 3: Cisco Secure Network Server Support SKUs*

Product   Number

SMARTnet Part Number

Description

SNS-3415-K9*

CON-SNT-SNS-3415

Cisco SMARTnet support for   SNS-3415-K9 - 8x5 Next Business Day

Step 4: Select the Type of License

Step 5: Cisco ISE License Options

License   Type

Features Supported

Deployment Type Supported

License Prerequisite

License Term(s)

Base License

AAA

Guest Provisioning

Link Encryption Policies

Wired

Wireless

VPN

-

Perpetual

Advanced License

Device Onboarding/Provisioning

Device Profiling and Feed Service*

Host Posture

Security Group Access

Integrated Vendor MDM Support*

Wired

Wireless

VPN

Base License

3- and 5-Year Terms

Wireless License

Device Onboarding/Provisioning

AAA

Guest Provisioning

Link Encryption Policies

Device Profiling and Feed Service*

Host Posture

Security Group Access

Integrated Vendor MDM Support*

Wireless

-

3- and 5-Year Terms

Step 6. Cisco ISE Functionality-Based License Options

License   Tiers (T)

Number of Endpoints Supported

Base License

Advanced 3-Year License

Advanced 5-Year License

Wireless 3-Year License

Wireless 5-Year License

Wireless Upgrade 3-Year License

Wireless Upgrade 5-Year License

100

100 Endpoints

L-ISE-BSE-100=

L-ISE-ADV3Y-100=

L-ISE-ADV5Y-100=

L-ISE-AD3Y-W-100=

L-ISE-AD5Y-W-100=

L-ISE-W-3UPG-100=

L-ISE-W-UPG-100=

250

250 Endpoints

L-ISE-BSE-250-

L-ISE-ADV3Y-250=

L-ISE-ADV5Y-250=

L-ISE-AD3Y-W-250=

L-ISE-AD5Y-W-250=

L-ISE-W-3UPG-250=

L-ISE-W-UPG-250=

500

500 Endpoints

L-ISE-BSE-500=

L-ISE-ADV3Y-500=

L-ISE-ADV5Y-500=

L-ISE-AD3Y-W-500=

L-ISE-AD5Y-W-500=

L-ISE-W-3UPG-500=

L-ISE-W-UPG-500=

1000

1000 Endpoints

L-ISE-BSE-1K=

L-ISE-ADV3Y-1K=

L-ISE-ADV5Y-1K=

L-ISE-AD3Y-W-1K=

L-ISE-AD5Y-W-1K=

L-ISE-W-3UPG-1K=

L-ISE-W-UPG-1K=

1500

1500 Endpoints

L-ISE-BSE-1500=

L-ISE-ADV3Y-1500=

L-ISE-ADV5Y-1500=

L-ISE-AD3Y-W-1500=

L-ISE-AD5Y-W-1500=

L-ISE-W-3UPG-1500=

L-ISE-W-UPG-1500=

2500

2500 Endpoints

L-ISE-BSE-2500=

L-ISE-ADV3Y-2500=

L-ISE-ADV5Y-2500=

L-ISE-AD3Y-W-2500=

L-ISE-AD5Y-W-2500=

L-ISE-W-3UPG-2500=

L-ISE-W-UPG-2500=

3500

3500 Endpoints

L-ISE-BSE-3500=

L-ISE-ADV3Y-3500=

L-ISE-ADV5Y-3500=

L-ISE-AD3Y-W-3500=

L-ISE-AD5Y-W-3500=

L-ISE-W-3UPG-3500=

L-ISE-W-UPG-3500=

5000

5000 Endpoints

L-ISE-BSE-5K=

L-ISE-ADV3Y-5K=

L-ISE-ADV5Y-5K=

L-ISE-AD3Y-W-5K=

L-ISE-AD5Y-W-5K=

L-ISE-W-3UPG-5K=

L-ISE-W-UPG-5K=

10,000

10K Endpoints

L-ISE-BSE-10K=

L-ISE-ADV3Y-10K=

L-ISE-ADV5Y-10K=

L-ISE-AD3Y-W-10K=

L-ISE-AD5Y-W-10K=

L-ISE-W-3UPG-10K=

L-ISE-W-UPG-10K=

25,000

25K Endpoints

L-ISE-BSE-25K=

L-ISE-ADV3Y-25K=

L-ISE-ADV5Y-25K=

L-ISE-AD3Y-W-25K=

L-ISE-AD5Y-W-25K=

L-ISE-W-3UPG-25K=

L-ISE-W-UPG-25K=

50,000

50K Endpoints

L-ISE-BSE-50K=

L-ISE-ADV3Y-50K=

L-ISE-ADV5Y-50K=

L-ISE-AD3Y-W-50K=

L-ISE-AD5Y-W-50K=

L-ISE-W-3UPG-50K=

L-ISE-W-UPG-50K=

100,000

100K Endpoints

L-ISE-BSE-100K=

L-ISE-ADV3Y-100K=

L-ISE-ADV5Y-100K=

L-ISE-AD3Y-W-100K=

L-ISE-AD5Y-W-100K=

L-ISE-W-3UPG-100K=

L-ISE-W-UPG-100K=

Cisco Employee

Understand ISE Licensing

Good post

Cisco Employee

Understand ISE Licensing

What is the difference between 'Wireless License' and 'Wireless Upgrade License' for a term?

Thanks,

-igor

Cisco Employee

Understand ISE Licensing

To answer my own question"

Wireless Upgrade Licenses are designed to support users that currently subscribe to a Wireless License model and decide to offer Cisco ISE support for non-wireless endpoints in the network as well. Rather than uninstall licenses and revert to a Base and Advanced License scheme, you can upgrade to a Wireless Upgrade License, which provides the full range of Cisco ISE functions and policy management capabilities for all wireless and non-wireless client-access methods, including wired and VPN Concentrator access.

You can only install a Wireless Upgrade License option on top of an existing Wireless License with the same allowable endpoint count. You cannot install a Wireless Upgrade on top of a Base plus Advanced License package.

New Member

Re: Understand ISE Licensing

This is one of the first Google links when searching ISE licensing.  All the part numbers above were End-Of-Life'd years ago.

 

It's a full time job to keep up with Cisco's comings and goings.  Probably 50% of the Cisco products I learn about greet me with an EOL.  At least ISE hasn't been EOL'd yet, just the licensing.  Here are the replacement part numbers:

 

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/eos-eol-notice-c51-730646.pdf

 

New Member

Understand ISE Licensing

Hi,

Cisco partners can additionally purchase the ISE Design Guidance service package to help them validate their designs. You can refer to the following link for more information:


http://www.cisco.com/web/about/doing_business/legal/service_descriptions/docs/CPS_ISE_Planning_and_Design_Guidance_Service.pdf

New Member

Understand ISE Licensing

Hello,

It  depends upon the total number of user and non-user endpoints in your  network. Also you need to identify the number of concurrent user and  non-user endpoints as the licenses should be atleast equal to the  concurrent ones.

New Member

Hi, Just a question on ISE

Hi,

 

Just a question on ISE license consumption.

If a user logs in and gets authenticated via ISE on a device that is already authenticated (device authentication), does it consume 2 licenses, one for the device and one for the user?

This is nowhere clearly told in any cisco documentation.

Can anybody help me clarify this?

 

Thank you,

Mohan

 

Cisco Employee

Licenses are counted against

Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.

New Member

Hello Venkatesh,

Hello Venkatesh,

How would licenses be counted if radius accounting is disabled?

Hi,

Hi,

Can I upgrade expired wireless license running on Cisco ISE 1.2 version to newly ordered license i.e. Mobility upgrade or Do I need to first migrate wireless license to mobility license then go for mobility upgrade? 

Actually existing wireless license is expired so I think I need to retrieve the old license through Cisco licensing team by providing Server UID.

Please suggest the right procedure & sequence. 

Regards,

Anser

New Member

according to Cisco documents

according to Cisco documents :

  • The endpoint consumes the Base license before it consumes a Plus and Apex license.

  • The endpoint consumes the Plus license before it consumes an Apex license.
  • One Plus license is consumed per endpoint for any assortment of the license's features. Likewise, one Apex license is consumed per endpoint for any assortment of its features.

28023
Views
16
Helpful
12
Replies
CreatePlease login to create content