05-24-2020 12:15 PM
Do I need a Cisco ISE device admin license for every PSN I enable the service on?
For example: If I enabled the device admin service on 5 of my policy nodes. Does this mean I would need 5 device admin licenses installed on the primary admin node?
Solved! Go to Solution.
05-24-2020 12:44 PM - edited 05-24-2020 12:46 PM
Yes, as of ISE v2.4+ you need one L-ISE-TACACS-ND= license per PSN you enable the device admin role on. So enabling device admin on five PSNs would require ordering 5x L-ISE-TACACS-ND=. You then have the option of either putting them in to a smart account ISE can be pointed at, or fulfilling them as a traditional license file and installing it on the admin node.
05-24-2020 12:51 PM
Ok, great. I just wanted to make sure I understood it correctly. Thanks so much for the clarification.
05-24-2020 12:44 PM - edited 05-24-2020 12:46 PM
Yes, as of ISE v2.4+ you need one L-ISE-TACACS-ND= license per PSN you enable the device admin role on. So enabling device admin on five PSNs would require ordering 5x L-ISE-TACACS-ND=. You then have the option of either putting them in to a smart account ISE can be pointed at, or fulfilling them as a traditional license file and installing it on the admin node.
05-24-2020 12:51 PM
Ok, great. I just wanted to make sure I understood it correctly. Thanks so much for the clarification.
05-25-2020 12:56 AM
05-25-2020 01:05 AM
Not with ISE.
That was the case with ACS, 500 vs large deployments. ISE 2.4+ licenses both virtual ISE nodes, and tacacs/device admin nodes by the number deployed.
05-25-2020 02:36 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide