cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2444
Views
10
Helpful
5
Replies
Cisco Employee

PXGrid licensing ?

HI all,

Use case :

ISE and Firepower integration with PXGrid for users validated on an ISE portal and identity information shared to Firepower to make different rules for internet access.

Total users : 10000

Concurrent users: 3000

What terms apply for number of PLUS licenses :

Is 100 plus licenses enough -  YES/NO ?

Number of Concurrent users connected – YES/NO ?

Total number of users in identity store using the ISE portal – YES/NO ?

Best regards

Tue

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: PXGrid licensing ?

Licenses are tied to features, not specifically to pxGrid itself.   A typical pxGrid use case is the sharing of context (session, endpoints, TrustSec elements, profiles, etc) outbound to other Cisco or 3rd-party vendor solutions.  This requires a 1:1 license for active sessions, or 3,000 Base and 3,000 Plus in your example.

Starting in ISE 2.2, in order to deliver parity with ISE-PIC for sharing Passive Identity (User-IP mapping) and Group information with Cisco consumers (external applications that receive ISE context via pxGrid), all that is needed is ISE Base (any license count).  To share other pxGrid topics, non-passive session data, or to share context with non-Cisco consumers, a Plus license is required using the 1:1 ratio explained above.

Hope that clarifies the licensing requirements for these specific use cases.

/Craig

View solution in original post

5 REPLIES 5
Advocate

Re: PXGrid licensing ?

Licenses are tied to features, not specifically to pxGrid itself.   A typical pxGrid use case is the sharing of context (session, endpoints, TrustSec elements, profiles, etc) outbound to other Cisco or 3rd-party vendor solutions.  This requires a 1:1 license for active sessions, or 3,000 Base and 3,000 Plus in your example.

Starting in ISE 2.2, in order to deliver parity with ISE-PIC for sharing Passive Identity (User-IP mapping) and Group information with Cisco consumers (external applications that receive ISE context via pxGrid), all that is needed is ISE Base (any license count).  To share other pxGrid topics, non-passive session data, or to share context with non-Cisco consumers, a Plus license is required using the 1:1 ratio explained above.

Hope that clarifies the licensing requirements for these specific use cases.

/Craig

View solution in original post

Beginner

Re: PXGrid licensing ?

Hi,

What happens if the base licenses is more than plus licenses? I am trying to achieve passive authentication for FMC integration. WIll the solution still work with ratio of 2:1? Thank you in advanced.

Contributor

Re: PXGrid licensing ?

Passive authentication contextual information shared to FMC via PXGrid doesn't require plus licenses as of ISE 2.3 (or was it 2.2).

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

Beginner

Re: PXGrid licensing ?

Thanks George for your prompt response. I shall advice my customer to upgrade to ISE 2.3 to eliminate such concern.

Highlighted
Enthusiast

Re: PXGrid licensing ?

Hello,

 

I am currently proposing a campus ISE system for a 35,000 user campus with 4 x 3595 comprising 2 x PSN; 1 x MnT & 1 Admin. For PxGrid what are the persona requirements, do I just add an 5th node ?

 

Then for licencing I have 50K Base and 10K Plus for profiling non-supplicant devices. The customer requires user based URL filtering (control over who is allowed to access what). Is linking FMC URL filtering to ISE via PxGrid the answer? If so do I need to add 1:1 Plus licences for max concurrent URL usage?

Everyone's tags (4)