08-18-2019 11:11 PM - edited 08-19-2019 03:10 AM
Hello
I am proposing to upgrade a customer's SNS-3595 from ISE 2.2 to ISE 2.4 via the rebuild process ;-) These nodes have some corruption in them and I would feel more comfortable with a complete rebuild. I don't have the luxury to reconfigure from scratch, therefore I will restore config onto the new ISE 2.4 PAN.
I remember an older discussion (I cannot find it) where we debated mounting the .iso media over the network vs via a locally attached USB. I am proposing the USB route because my experience tells me it's WAY WAY faster. Like 8 hours for a network based rebuild, vs 1 hour for USB attached. I have not done this in a while - my number might be off ... if any has done this recently please remind me.
Question 1: Can I re-use the same Base license only the newly installed ISE 2.4 appliance? I don’t deal much with appliances but I suspect the config restore might be able to restore the licenses into a physical appliance??? If not:
If the above is not possible, is the Plan B to re-home the license?
Question 2: How long can I run on 100 endpoint eval in a production network without causing a denial of service? I thought it was around 30 days of license violation that would cause a lockdown to the ISE Licensing Screen?
I am buying myself some time to get the licenses re-homed/sorted but I don't want ISE to degrade the service because customer will be well over the 100 endpoint SUSTAINED usage.
thanks in advance
08-20-2019 07:44 PM
On Q1, CFG restores do not provide valid licenses. So, please re-host the licenses at Cisco Licensing portal.
On Q2, see section 5.1.1 in http://cs.co/ise-licensing. See also How to Get ISE Evaluation Software & Licenses
08-20-2019 08:11 PM
Hello @hslai
thanks for the links - I am struggling with the wording in bold (from the August 2019 Licensing document) :
"Compliance enforcement: The impact described below is experienced after a deployment is out of compliance for 45 out of 60 consecutive days."
I understand it to mean that the compliance is counted over a period of 60 days. Within those 60 days I am allowed 45 days of "non-compliance" before I am jailed into the ISE Licensing Portal Page?
I am unlikely to run into this, but it may take some time to sort out licenses if the customer is busy doing other things.
08-21-2019 01:57 PM
You are correct regarding how the current enforcement works. Today ISE generates alarms if any licenses expiring in > 90 days. With that and the grace period, I hope the customers have enough to renew. Under some exceptional circumstances, the customers may escalate it through their Cisco account teams.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: