ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3112
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cisco ISE License Consumption

Hi All,

I'm currently running ISE 2.4 and I have a question regarding base license consumption.

 

From my understanding, the licenses are consumed and released based on Radius Accounting Start/Stop messages, however, this doesn't reflect in my deployment.

 

The ISE summary screen is currently showing 124 active endpoints which is correct from the number of connected devices. This number increments/decrements correctly based on active sessions so Radius accounting appears to be working correctly. However under licensing, I'm seeing 2020 base licenses consumed. Should this not reflect the number of active sessions? As I missing something here or am I not understanding the process correctly?

 

Thanks

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Cisco ISE License Consumption

My experience with 2.4 has had the opposite results. Double the active sessions count and half the expect licenses usage. Certainly a nice position to be in if it remained "broken", not having to buy all those licenses. Licensing usage is tied to live sessions, If you run the live sessions report what does it spit out? Do only only expect 124 endpoints to be online or is 2,000 more appropriate?

There is an outstanding bug affecting 2.4, to be fixed in an upcoming patch. Not many details on it but it could be related.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50257

Opening a TAC case would be a suggested step if you haven't already.

View solution in original post

3 REPLIES 3
Highlighted
VIP Advisor

Re: Cisco ISE License Consumption

My experience with 2.4 has had the opposite results. Double the active sessions count and half the expect licenses usage. Certainly a nice position to be in if it remained "broken", not having to buy all those licenses. Licensing usage is tied to live sessions, If you run the live sessions report what does it spit out? Do only only expect 124 endpoints to be online or is 2,000 more appropriate?

There is an outstanding bug affecting 2.4, to be fixed in an upcoming patch. Not many details on it but it could be related.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50257

Opening a TAC case would be a suggested step if you haven't already.

View solution in original post

Highlighted
Beginner

Re: Cisco ISE License Consumption

Hi Damien,

 

Thanks for the response.

 

Live sessions is now reporting 125 endpoints. ISE is providing dot1x/mab authentication for a couple of Meraki wireless networks so its very easy to cross reference the number of active sessions reported in ISE and the number of active wireless clients reported on the Meraki Dashboard. There is a small difference between numbers (10-20) which I believe are stale sessions but I dont expect 2000 endpoints to be on the network today. I will see the active client count rise tomorrow when users are back in the office.

 

Licensing is currently showing 2058 base licenses consumed.

 

See attached screenshots

 

I have not opened a TAC case yet as I want to check if was missing something fundamental before doing so

 

thanks

Highlighted
Beginner

Re: Cisco ISE License Consumption

Hi,

 

I have doubts about active endpoints, active sessions and base license consumption

On a 2.4 patch 9 deployment  I used to see that at license count sampling time  license count was about 10-15% lower than active endpoint counts.

We are not using profiler service but I saw that a number of active endpoints where there because of default device sensors configuration, that is there were endpoints (typically router or switches interfaces o real endpoint with no supplicant) that did not undergo authentication but for which ISE got accounting packets from switches. The number of such endpoints was roughly equal to the difference between  licence count and active endpoints.

After installing patch 11 that difference disappeared. Is Cisco asking money for endpoints that do no perform dot1x or mab authentication?

 

Another doubt: while querying  management API for active sessions at license sampling time count I got a value equal to license count from primary MNT but a considerably lower value from secondary MNT (about 12000 vs 11000 active sessions).

Is this normal?

 

Regards

MM