Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
3
Replies

Upgrading / Rebuilding an SNS-3595 and licensing

Arne Bier
VIP
VIP

‎08-18-2019 11:11 PM - edited ‎08-19-2019 03:10 AM

Hello

 

I am proposing to upgrade a customer's SNS-3595 from ISE 2.2 to ISE 2.4 via the rebuild process ;-)  These nodes have some corruption in them and I would feel more comfortable with a complete rebuild.  I don't have the luxury to reconfigure from scratch, therefore I will restore config onto the new ISE 2.4 PAN.  

 

I remember an older discussion (I cannot find it) where we debated mounting the .iso media over the network vs via a locally attached USB. I am proposing the USB route because my experience tells me it's WAY WAY faster.  Like 8 hours for a network based rebuild, vs 1 hour for USB attached.  I have not done this in a while - my number might be off ... if any has done this recently please remind me. 

 

Question 1:  Can I re-use the same Base license only the newly installed ISE 2.4 appliance? I don’t deal much with appliances but I suspect the config restore might be able to restore the licenses into a physical appliance??? If not:

  • Can I download the text file from the ISE 2.2 system and re-use it later in the ISE 2.4 server?
  • Or ... would the original .lic file be available via the customer's CCO profile?  

If the above is not possible, is the Plan B to re-home the license?  

 

Question 2: How long can I run on 100 endpoint eval in a production network without causing a denial of service?  I thought it was around 30 days of license violation that would cause a lockdown to the ISE Licensing Screen? 

I am buying myself some time to get the licenses re-homed/sorted but I don't want ISE to degrade the service because customer will be well over the 100 endpoint SUSTAINED usage.

 

thanks in advance

0 Helpful
3 Replies 3

hslai
Cisco Employee
Cisco Employee

‎08-20-2019 07:44 PM

On Q1, CFG restores do not provide valid licenses. So, please re-host the licenses at Cisco Licensing portal.

On Q2, see section 5.1.1 in http://cs.co/ise-licensing. See also How to Get ISE Evaluation Software & Licenses

 

0 Helpful

Arne Bier
VIP
VIP
In response to hslai

‎08-20-2019 08:11 PM

Hello @hslai 

 

thanks for the links - I am struggling with the wording in bold (from the August 2019 Licensing document) :

 

"Compliance enforcement: The impact described below is experienced after a deployment is out of compliance for 45 out of 60 consecutive days." 

 

I understand it to mean that the compliance is counted over a period of 60 days. Within those 60 days I am allowed 45 days of "non-compliance" before I am jailed into the ISE Licensing Portal Page?

 

I am unlikely to run into this, but it may take some time to sort out licenses if the customer is busy doing other things.

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to Arne Bier

‎08-21-2019 01:57 PM

You are correct regarding how the current enforcement works. Today ISE generates alarms if any licenses expiring in > 90 days. With that and the grace period, I hope the customers have enough to renew. Under some exceptional circumstances, the customers may escalate it through their Cisco account teams.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents