05-24-2020 12:15 PM
Do I need a Cisco ISE device admin license for every PSN I enable the service on?
For example: If I enabled the device admin service on 5 of my policy nodes. Does this mean I would need 5 device admin licenses installed on the primary admin node?
Solved! Go to Solution.
05-24-2020 12:44 PM - edited 05-24-2020 12:46 PM
Yes, as of ISE v2.4+ you need one L-ISE-TACACS-ND= license per PSN you enable the device admin role on. So enabling device admin on five PSNs would require ordering 5x L-ISE-TACACS-ND=. You then have the option of either putting them in to a smart account ISE can be pointed at, or fulfilling them as a traditional license file and installing it on the admin node.
05-24-2020 12:51 PM
Ok, great. I just wanted to make sure I understood it correctly. Thanks so much for the clarification.
05-24-2020 12:44 PM - edited 05-24-2020 12:46 PM
Yes, as of ISE v2.4+ you need one L-ISE-TACACS-ND= license per PSN you enable the device admin role on. So enabling device admin on five PSNs would require ordering 5x L-ISE-TACACS-ND=. You then have the option of either putting them in to a smart account ISE can be pointed at, or fulfilling them as a traditional license file and installing it on the admin node.
05-24-2020 12:51 PM
Ok, great. I just wanted to make sure I understood it correctly. Thanks so much for the clarification.
05-25-2020 12:56 AM
05-25-2020 01:05 AM
Not with ISE.
That was the case with ACS, 500 vs large deployments. ISE 2.4+ licenses both virtual ISE nodes, and tacacs/device admin nodes by the number deployed.
05-25-2020 02:36 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: