Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1276
Views
1
Helpful
1
Replies

ISE2.4 consuming plus license for no feature enabled and attributes in authz policy

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎06-04-2018 04:56 PM

Hi Team,

Customer running ISE2.4 with traditional base and plus license. Polices are configured for MAB  and dot1x. Profiling also enabled and devices are getting profiled. It's an upgrade from 2.2.

Policies have EAP-TLS, PEAP , AD groups and Endpoint identity group (Static not dynamic) related conditions.

Clients are getting profiled but there are no plus license related attributes in the authz policy.

Checked report for active sessions and found that base and plus license consumed for dot1x authenticated machines with license details "Plus license consumption because of Group type PROF ".

Need to understand if the client getting profiled and authenticated. Is it suppose to use both license or only base.

Customer claimed this to be base only if there are no attributes for plus in the policy.

Prior to upgrade there was no plus consumption.

Any assistance would be appreciated.

Regards

Gagan

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-04-2018 05:06 PM

For what it's worth, I think you're hitting this

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50218

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-04-2018 05:06 PM

For what it's worth, I think you're hitting this

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50218

0 Helpful
Customers Also Viewed These Support Documents