https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3185943#M555585 <P>When exactly does a Plus License get used?</P><P>&nbsp;</P><P>&nbsp;</P><P>I have profiled Cisco Phones that Authenticate via MAB and then pass the following authorisation policy -</P><P><EM>"If Device is in Endpoint&nbsp;Identity Group / Profiled / Cisco IP Phones then allow access to voice domain"</EM></P><P>&nbsp;</P><P>The phone authorises&nbsp;fine but I do not see a Plus license being used.</P><P>&nbsp;</P><P>I would have thought because the auth policy is checking a group which contains profiled devices a plus license would be used upon access to the network.</P><P>&nbsp;</P> Fri, 21 Feb 2020 18:34:23 GMT GRANT3779 2020-02-21T18:34:23Z https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3185943#M555585 <P>When exactly does a Plus License get used?</P><P>&nbsp;</P><P>&nbsp;</P><P>I have profiled Cisco Phones that Authenticate via MAB and then pass the following authorisation policy -</P><P><EM>"If Device is in Endpoint&nbsp;Identity Group / Profiled / Cisco IP Phones then allow access to voice domain"</EM></P><P>&nbsp;</P><P>The phone authorises&nbsp;fine but I do not see a Plus license being used.</P><P>&nbsp;</P><P>I would have thought because the auth policy is checking a group which contains profiled devices a plus license would be used upon access to the network.</P><P>&nbsp;</P> Fri, 21 Feb 2020 18:34:23 GMT https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3185943#M555585 GRANT3779 2020-02-21T18:34:23Z https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3187010#M555586 <P>Good question - the exact mechanics of how licenses are consumed is not well explained by Cisco.&nbsp; The closest answer I have read is exacly what you mentioned.&nbsp; However - your AuthZ policy is not referring to a profiling attribute.&nbsp; You are simply checking whether a device is in an Endpoint Group.&nbsp; That comes for "free" with the base license, because Endpoint Identity Groups are used for multiple purposes.</P><P>I don't have a concrete example, because I don't have PLUS (or EVAL) licenses, but if you were to start doing fancy AuthZ policies that involve conditions about the stuff you found as a result of profiling, then I would assume you'd consume a PLUS license.&nbsp;</P> Thu, 21 Sep 2017 00:21:25 GMT https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3187010#M555586 Arne Bier 2017-09-21T00:21:25Z https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3189820#M555587 <P>Hi Arne,</P><P>&nbsp;</P><P>Yes I guess that makes sense. I may test a few different auth profiles to see if I can find some consistency as to when a plus license is used.</P><P>Thanks</P> Tue, 26 Sep 2017 19:39:45 GMT https://community.cisco.com/t5/network-access-control/ise-plus-license-usage/m-p/3189820#M555587 GRANT3779 2017-09-26T19:39:45Z