cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2200
Views
1
Helpful
4
Replies

ISE licensing requirements for device admin (TACACS)

Dear


We want to install a ISE appliance or appliances to replace our tacacs+ appliances.

You need a Administration license for the complete cluster and a base license of minimum 100 devices.

In our tacacs+ there is now a default device rule, does this count also for the base license or how is this counted?

Do you need to import each NAD ?

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Please take a look at this

http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

You need 100 base licenses for ISE UI to be activated and need a device admin license as you stated.

There is no consumption for TACACS, you enable the license and that’s it! Please check page 8 of the guide that discusses it as well.

Each NAD should be imported, you can use CSV, or manually one by one. if you are migration from ACS you can use the migration tool.

https://communities.cisco.com/docs/DOC-63880

View solution in original post

4 Replies 4

Jason Kunst
Cisco Employee
Cisco Employee

Please take a look at this

http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

You need 100 base licenses for ISE UI to be activated and need a device admin license as you stated.

There is no consumption for TACACS, you enable the license and that’s it! Please check page 8 of the guide that discusses it as well.

Each NAD should be imported, you can use CSV, or manually one by one. if you are migration from ACS you can use the migration tool.

https://communities.cisco.com/docs/DOC-63880

Thanks for the info Jason Kunst

We have also now running a deployment running with a base license & large deployment license on the current ACS cluster(s). Can we transfer these base & large deployment licenses towards a new ISE cluster?

Currently we have a "default network device setup" in our ACS that we do not to import each NAD into the ACS/TACACS+

Is this still possible in ISE?

Dear Jason and others,

My customer is migrating from ACS to ISE and they now have 1319 AAA clients on ACS and they have 528 defined users (some are duplicated as they use for VPN and for network devices).

If they migrate to ISE, should they have 100 or 1319 base license + 1 device admin license?

Thanks, Tommy

Did you see this answer? https://communities.cisco.com/message/264624

You buy as many VMs as nodes you would like (probably 2), 100 base licenses and a device administration license.

George

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: