Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3886
Views
10
Helpful
7
Replies

Clarify ISE 3.0 license quantities needed

Go to solution
Madura Malwatte
Level 4
Level 4

‎03-17-2021 07:31 AM

Need help with ISE 3.0 licensing quantities. I have 1000 workstations that need posture assessment (premier license) and 1000 MAB endpoints that will require profiling using authorization using logical profiles (advantage license), total is 2000 endpoints for wired network access.

So does that mean when ordering I need 1000 premier licenses (which would cover both the workstations needing posture assessment, the MAB endpoints needing profiling and 1000 endpoints for wired access) and 1000 essentials licenses to cover the remaining wired access needed?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP
In response to Madura Malwatte

‎03-17-2021 05:34 PM

Hi @Madura Malwatte ,

 we agree that: 

1,000x Premier Licenses - for the Workstations because of the Posture Visibility and Enforcement

 but IMO:

1,000x Advantage Licenses - because of the Basic Asset Visibility and Enforcement (Profiling).

Please take a look at:

license.png

 

Note: before the New Model ... "Plus License is consumed when an Endpoint with an Active Session uses Profiling Classification in an Authorization Policy."

 

Hope this helps !!!

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marcelo Morais
VIP
VIP

‎03-17-2021 08:04 AM

Hi @Madura Malwatte 

 please take a look at: ISE Ordering Guide, search for Table 1. Cisco ISE Features and Licenses Mapping.

If my understanding of your deployment is correct, you have 3,000 Endpoints ... then:

Essentials Licenses - for Basic RADIUS authentication, authorization, and accounting, including 802.1x, MAB and Easy Connect, and Web authentication (1,000 in your case)

Advantage Licenses - for Basic Asset Visibility and Enforcement (Profiling) (1,000 in your case)

Premier Licenses - for the Workstations Posture Visibility and Enforcement (1,000 in your case)

 

Hope this helps !!!

 

0 Helpful

Go to solution
Madura Malwatte
Level 4
Level 4
In response to Marcelo Morais

‎03-17-2021 03:12 PM

Hi, This is not my understanding. I have reviewed the ISE ordering guide, and the new licensing method is - "This new model is referred to as a nested-doll model, which means that the higher tier license already includes all lower-tier features."

 

As I mentioned I have 2000 total endpoints.

- 1000 endpoints are workstations that need basic radius + posture

- another 1000 endpoints are peripherals that need basic radius + profiling

 

Using the nested-doll method, 1 premier license also includes 1 advantage + 1 essentials.

So 1000 premier licenses will cover 1000 workstations for posture and 1000 essentials for radius, which leaves 1000 advantage feature available to be used by 1000 peripherals. These peripherals also need basic radius hence an extra 1000 essentials would need to be purchased. 

Final licensing qty: 1000 premier + 1000 essentials

Is this correct?

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to Madura Malwatte

‎03-17-2021 05:34 PM

Hi @Madura Malwatte ,

 we agree that: 

1,000x Premier Licenses - for the Workstations because of the Posture Visibility and Enforcement

 but IMO:

1,000x Advantage Licenses - because of the Basic Asset Visibility and Enforcement (Profiling).

Please take a look at:

license.png

 

Note: before the New Model ... "Plus License is consumed when an Endpoint with an Active Session uses Profiling Classification in an Authorization Policy."

 

Hope this helps !!!

0 Helpful

Go to solution
Madura Malwatte
Level 4
Level 4
In response to Marcelo Morais

‎03-17-2021 07:46 PM

Yeah that was the old model. The new model is different.

Check here - https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/migration-guide-c07-744240.html

 

Screen Shot 2021-03-18 at 1.43.42 pm.jpg

 

Can someone confirm I have it correct:

So 1000 premier licenses will cover 1000 workstations for posture and 1000 essentials for radius, which leaves 1000 advantage feature available to be used by 1000 peripherals. These peripherals also need basic radius hence an extra 1000 essentials would need to be purchased. 

Final licensing qty: 1000 premier + 1000 essentials

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Madura Malwatte

‎03-19-2021 02:30 PM

If the 1000 peripherals needing profiling visibility, then they require Advantage but not Essentials.

Go to solution
Madura Malwatte
Level 4
Level 4
In response to hslai

‎03-21-2021 04:37 PM

Hi @hslai yes 1000 peripherals needing profiling visibility does require advantage, but wouldn't the 1000 premier licenses ordered for workstation posture cover the 1000 peripherals for visibility - since workstations will only use the premier feature (posture) and means advantage feature (profiling visibility) will still be unused?

 

Based on the image below from the license migration guide. It shows 400 advantage licenses, instead if 700. So I am assuming it takes in account the 300 premier licenses which also cover the advantage features?

Screen Shot 2021-03-18 at 1.43.42 pm.jpg

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Madura Malwatte

‎03-21-2021 08:11 PM

Nope. It's working the way  Marcelo Morais described. Each endpoint session will consume a license, either Essential, Advantage, or Premier, depending on the features used. Two endpoint sessions are NOT sharing one Premier license by splitting the features.

Please note the ISE license consumptions are based on active sessions. That is, any endpoint without an active session is not counted.

Customers Also Viewed These Support Documents