Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
5
Helpful
1
Replies

Cisco ISE 2.4 Licensing

Go to solution
Jiri Brejcha
Cisco Employee
Cisco Employee

‎05-14-2019 06:59 AM - edited ‎05-14-2019 07:00 AM

ISE 2.4 now requires per PSN Admin licenses (L-ISE-TACACS-ND), however, you could be grandfathered a 50 node license by purchasing and applying a single L-ISE-TACACS= to a fresh 2.4 install. Is this correct?

 

MAB falls under the Base license, however, any it seems any invocation of the Profiling engine invokes the consumption of a Plus license. From what I understand the ISE equivalent of an ACS MAB entry (Internal Identity Stores > Host) is an Endpoint Identity Group entry. Once an entry has been added even authorisation using something like:

 

Radius:Calling-Station:ID Starts with 00:D6:FE

 

still consumes a Plus license according to the authentication live log detail report. Is this correct or am I missing something about MAB authorisation?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎05-14-2019 07:18 AM

2 separate questions here. If you have the older license with TACACs then you're entitled to 50 nodes, you can ask to rehost the license on a new deployment at https://community.cisco.com/t5/security-documents/how-do-i-rehost-my-existing-ise-license-s-onto-a-new-or/ta-p/3632248. If you bought the new license then licensing is per PSN.
see page 7 - https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

For MAB issue
I would recommend you're on the latest patch (8) and open a tac case if you are seeing MAB only consuming plus licenses.
For example i ran into this - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp16734
page 8 - https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

View solution in original post

1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎05-14-2019 07:18 AM

2 separate questions here. If you have the older license with TACACs then you're entitled to 50 nodes, you can ask to rehost the license on a new deployment at https://community.cisco.com/t5/security-documents/how-do-i-rehost-my-existing-ise-license-s-onto-a-new-or/ta-p/3632248. If you bought the new license then licensing is per PSN.
see page 7 - https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

For MAB issue
I would recommend you're on the latest patch (8) and open a tac case if you are seeing MAB only consuming plus licenses.
For example i ran into this - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp16734
page 8 - https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf
Customers Also Viewed These Support Documents