Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1337
Views
0
Helpful
1
Replies

ISE Licensing - 2.6

Go to solution
hamed1900
Level 1
Level 1

‎01-08-2020 03:48 PM

After 2.4, We need Device Admin for each PSN, which does TACACS and authentication, however, in the based license, AAA is included.

 

Just wondering what would be difference then?

 

Thanks,

 

Hamed

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎01-08-2020 04:06 PM

Base licenses are consumed for endpoints using RADIUS for network connectivity or for network devices using RADIUS for device administration (if they do not support TACACS+).

The Device Admin license specifically enables support for TACACS+

 

From the ISE Ordering Guide:

"License Consumption: Device Administration licenses are consumed per policy service node. Each policy service node that is setup to support Device Administration must have a Device Administration license.
Device Administration using TACACS+ does not consume endpoint sessions but an ISE installation must have a minimum of 100 Base licenses. There is no limit on network devices for Device Administration."

 

Cheers,

Greg

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎01-08-2020 04:06 PM

Base licenses are consumed for endpoints using RADIUS for network connectivity or for network devices using RADIUS for device administration (if they do not support TACACS+).

The Device Admin license specifically enables support for TACACS+

 

From the ISE Ordering Guide:

"License Consumption: Device Administration licenses are consumed per policy service node. Each policy service node that is setup to support Device Administration must have a Device Administration license.
Device Administration using TACACS+ does not consume endpoint sessions but an ISE installation must have a minimum of 100 Base licenses. There is no limit on network devices for Device Administration."

 

Cheers,

Greg

0 Helpful
Customers Also Viewed These Support Documents