Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3778
Views
15
Helpful
5
Replies

Cisco ISE Device Admin Licensing

Go to solution
Maurice Ball
Level 3
Level 3

‎05-24-2020 12:15 PM

Do I need a Cisco ISE device admin license for every PSN I enable the service on?

 For example: If I enabled the device admin service on 5 of my policy nodes. Does this mean I would need 5 device admin licenses installed on the primary admin node?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎05-24-2020 12:44 PM - edited ‎05-24-2020 12:46 PM

Yes, as of ISE v2.4+ you need one L-ISE-TACACS-ND= license per PSN you enable the device admin role on. So enabling device admin on five PSNs would require ordering 5x L-ISE-TACACS-ND=. You then have the option of either putting them in to a smart account ISE can be pointed at, or fulfilling them as a traditional license file and installing it on the admin node.

View solution in original post

Go to solution
Maurice Ball
Level 3
Level 3
In response to Damien Miller

‎05-24-2020 12:51 PM

Ok, great. I just wanted to make sure I understood it correctly. Thanks so much for the clarification.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎05-24-2020 12:44 PM - edited ‎05-24-2020 12:46 PM

Yes, as of ISE v2.4+ you need one L-ISE-TACACS-ND= license per PSN you enable the device admin role on. So enabling device admin on five PSNs would require ordering 5x L-ISE-TACACS-ND=. You then have the option of either putting them in to a smart account ISE can be pointed at, or fulfilling them as a traditional license file and installing it on the admin node.

Go to solution
Maurice Ball
Level 3
Level 3
In response to Damien Miller

‎05-24-2020 12:51 PM

Ok, great. I just wanted to make sure I understood it correctly. Thanks so much for the clarification.

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎05-25-2020 12:56 AM

Hi,

Your device admin license are counted by the number of devices not by the
number of PSN nodes. You PSN nodes consume VM license only. But feature
license can be shared between them.


**** please remember to rate useful posts
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Mohammed al Baqari

‎05-25-2020 01:05 AM

Not with ISE.

That was the case with ACS, 500 vs large deployments. ISE 2.4+ licenses both virtual ISE nodes, and tacacs/device admin nodes by the number deployed. 

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Damien Miller

‎05-25-2020 02:36 AM

Thanks for correcting me Damien.
0 Helpful
Customers Also Viewed These Support Documents