cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

109
Views
0
Helpful
4
Replies
Cisco Employee

Device administration deployment - License for devices using Radius protocol

Hi,

Will device administration license per PSN take care devices with Radius protocol or separate base license will require for Radius?

 

Customer has devices with TACACS+ and Radius protocol. Want to confirm license required for device administration deployment.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Device administration deployment - License for devices using Radius protocol

Device administration license is required for TACACS authentications only. You will have to have base license at the very least to serve RADIUS authentications. In short, your client needs both those licenses. Base/Plus/Apex/Mobility licenses are endpoint based. i.e., based on the number of end clients (PCs/Mobiles etc) that would be authenticating against ISE. Device Administration licenses is based on the number of ISE nodes which would serve TACACS authentications (rather, on how many nodes you would enable device administration persona) at any given point of time.
4 REPLIES 4
Cisco Employee

Re: Device administration deployment - License for devices using Radius protocol

Device administration license is required for TACACS authentications only. You will have to have base license at the very least to serve RADIUS authentications. In short, your client needs both those licenses. Base/Plus/Apex/Mobility licenses are endpoint based. i.e., based on the number of end clients (PCs/Mobiles etc) that would be authenticating against ISE. Device Administration licenses is based on the number of ISE nodes which would serve TACACS authentications (rather, on how many nodes you would enable device administration persona) at any given point of time.
Cisco Employee

Re: Device administration deployment - License for devices using Radius protocol

Thx for quick reply.

 

So in summary, if customer has 10,000 devices having combination like 8000 with TACACS+ and 2000 with Radius for device administration solution then we will require 2000 ISE base license.

Cisco Employee

Re: Device administration deployment - License for devices using Radius protocol

Yes, 2000 base licenses for basic RADIUS functionality and ‘X’ number of device administration licenses where ‘X’ is the number of ISE nodes on which the Device Administration Persona is enabled at a given point of time.
Highlighted
Beginner

Re: Device administration deployment - License for devices using Radius protocol

I have an additional question regarding the base licenses for RADIUS .

BASE Licenses are usually assigned to active sessions for RADIUS auth. At least for network authn.

Is the base license for RADIUS (device admin) sticked to number of NADs or number of active sessions?

 

Thanks in advance.