Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1536
Views
0
Helpful
3
Replies

Deployment Consideration for Cisco ISE

Go to solution
Jithishkkuttappan
Level 1
Level 1

‎06-12-2020 09:39 AM

Hi All,

 

Which is best deployment considered with two SNS-3615 and two SNS-3655 model and can we do a deployment with different hardware.?

Do we need Any Connect Apex license apart from  ISE Apex License for posture compliance?

What if we only have ISE Apex License ?

What is the main difference between ISE Apex License and Any connect Apex License.?

 

Please help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-12-2020 01:58 PM

The difference in appliances provides increased scale (more active endpoints per deployment).

See http://cs.co/ise-scale for details :

  • 10,000 active endpoints with a pair of 3615
  • 25,000 active endpoints with a pair of 3655

Please see the authoritative ISE Ordering/Licensing Guide for all Licensing questions. You cannot have only ISE Apex licenses - you must also have Base licenses for basic AAA (authentication & authorization & accounting).

Here is my favorite chart explaining ISE 2.x capabilities for the licenses:

image.png

You need Apex Licenses on ISE for posture policy enforcement and Apex Licenses on AnyConnect to deploy the Posture module work with ISE. Separate software, separate licenses.

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-12-2020 01:58 PM

The difference in appliances provides increased scale (more active endpoints per deployment).

See http://cs.co/ise-scale for details :

  • 10,000 active endpoints with a pair of 3615
  • 25,000 active endpoints with a pair of 3655

Please see the authoritative ISE Ordering/Licensing Guide for all Licensing questions. You cannot have only ISE Apex licenses - you must also have Base licenses for basic AAA (authentication & authorization & accounting).

Here is my favorite chart explaining ISE 2.x capabilities for the licenses:

image.png

You need Apex Licenses on ISE for posture policy enforcement and Apex Licenses on AnyConnect to deploy the Posture module work with ISE. Separate software, separate licenses.

 

0 Helpful

Go to solution
Jithishkkuttappan
Level 1
Level 1
In response to thomas

‎06-14-2020 08:49 AM

Hi Thomas,

Thanks for the response.We have a base license for the deployment.

I was trying to explain about a set up which we can achieve or not.

 

Scenario :  We have 4 SNS-3566 and 4 SNS-3615.Can you suggest which will best deployment we can do ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jithishkkuttappan

‎06-14-2020 11:08 PM

Yes you can mix SNS-3655 and SNS-3615 in a single ISE deployment.

How you do so is highly dependent on the goals you wish to achieve - raw scale (e.g. high number of active sessions), geographic distribution, high availability, dedicated node for device admin and/or pxGrid etc.

I recommend you consult Cisco Live presentation BRKSEC-3432 from Barcelona earlier this year. It has hundreds of pages of details on ISE scaling. Perhaps the most useful page for your question is the one I've shown below but, as I've mentioned earlier, there are many factors one needs to consider besides simply number of active sessions.

ISE Scaling with 36xxISE Scaling with 36xx

0 Helpful
Customers Also Viewed These Support Documents