Solved: Re: ISE Licensing for Endpoint question.

cduetsch · ‎10-31-2016

I understand from the ISE Ordering Guide how a Base license, Plus, Apex license are consumed from Table 7. I am trying to better understand the concept of an endpoint and license need to be purchased to properly support the deployment.

Given:

(1) 100 routers/switches in my environment needing Radius AAA (not TACACS+); and,

(2) 2000 BYOD devices requiring profiling.

Do I need 100 Base + 2000 Plus licenses? Or, do I need 2100 Base + 2000 Plus licenses?

I guess I am trying to understand if an Endpoint to ISE is both an infrastructure device like a switch AND a client device like an iPhone.

Thanks in advance.

Timothy Abbott · ‎10-31-2016

You would need 2000 Base to support the AAA functionality and 2000 Plus for the BYOD / Profiling functionality.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎10-31-2016

You would need 2000 Base to support the AAA functionality and 2000 Plus for the BYOD / Profiling functionality.

Regards,

-Tim

cduetsch · ‎10-31-2016

So not 2100 Base?

gbekmezi-DD · ‎10-31-2016

Also, are you going to have 2000 endpoints concurrently on the network or is that 2000 total endpoints? Keep in mind the ISE licensing model is based on active sessions. You don’t license the NAD (router/switch) unless you are doing device administration on the NAD itself. If you plan on doing SSH authentication using RADIUS to ISE for the NAD then you would need licenses for those sessions as well. Having said that, it’s unlikely you will be logging in to 100 NADs simultaneously.

George

cduetsch · ‎10-31-2016

That is interesting. Ok given the nature of active concurrent sessions versus total endpoints, do we use a formula for licensing purposes like say purchase 30% of total endpoint count for licenses?

Cheers,

Chris

Chris Duetsch

SYSTEMS ENGINEER.SALES

cduetsch@cisco.com<mailto:cduetsch@cisco.com>

Phone: +1 416 306-7192

Cisco Systems Canada Co. / Les Systemes Cisco Canada CIE

88 Queens Quay West, Suite 2900

Toronto, Ontario, M5J 0B8

Canada

Cisco.com<http://www.cisco.com/web/CA/>

Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

Cisco Systems Canada Co, 88 Queens Quay West, Suite 2900, Toronto, ON, Canada, M5J 0B8. Phone: 416-306-7000; Fax: 416-306-7099.

Preferences<http://www.cisco.com/offer/subscribe/?sid=000478326> – Unsubscribe<http://www.cisco.com/offer/unsubscribe/?sid=000478327> – Privacy<http://www.cisco.com/web/siteassets/legal/privacy.html>

Please click here<http://www.cisco.com/web/about/doing_business/legal/cri/index.html> for Company Registration Information.