cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1633
Views
0
Helpful
3
Replies

Deployment Consideration for Cisco ISE

Hi All,

 

Which is best deployment considered with two SNS-3615 and two SNS-3655 model and can we do a deployment with different hardware.?

Do we need Any Connect Apex license apart from  ISE Apex License for posture compliance?

What if we only have ISE Apex License ?

What is the main difference between ISE Apex License and Any connect Apex License.?

 

Please help.

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

The difference in appliances provides increased scale (more active endpoints per deployment).

See http://cs.co/ise-scale for details :

  • 10,000 active endpoints with a pair of 3615
  • 25,000 active endpoints with a pair of 3655

Please see the authoritative ISE Ordering/Licensing Guide for all Licensing questions. You cannot have only ISE Apex licenses - you must also have Base licenses for basic AAA (authentication & authorization & accounting).

Here is my favorite chart explaining ISE 2.x capabilities for the licenses:

image.png

You need Apex Licenses on ISE for posture policy enforcement and Apex Licenses on AnyConnect to deploy the Posture module work with ISE. Separate software, separate licenses.

 

View solution in original post

3 Replies 3

thomas
Cisco Employee
Cisco Employee

The difference in appliances provides increased scale (more active endpoints per deployment).

See http://cs.co/ise-scale for details :

  • 10,000 active endpoints with a pair of 3615
  • 25,000 active endpoints with a pair of 3655

Please see the authoritative ISE Ordering/Licensing Guide for all Licensing questions. You cannot have only ISE Apex licenses - you must also have Base licenses for basic AAA (authentication & authorization & accounting).

Here is my favorite chart explaining ISE 2.x capabilities for the licenses:

image.png

You need Apex Licenses on ISE for posture policy enforcement and Apex Licenses on AnyConnect to deploy the Posture module work with ISE. Separate software, separate licenses.

 

Hi Thomas,

Thanks for the response.We have a base license for the deployment.

I was trying to explain about a set up which we can achieve or not.

 

Scenario :  We have 4 SNS-3566 and 4 SNS-3615.Can you suggest which will best deployment we can do ?

Yes you can mix SNS-3655 and SNS-3615 in a single ISE deployment.

How you do so is highly dependent on the goals you wish to achieve - raw scale (e.g. high number of active sessions), geographic distribution, high availability, dedicated node for device admin and/or pxGrid etc.

I recommend you consult Cisco Live presentation BRKSEC-3432 from Barcelona earlier this year. It has hundreds of pages of details on ISE scaling. Perhaps the most useful page for your question is the one I've shown below but, as I've mentioned earlier, there are many factors one needs to consider besides simply number of active sessions.

ISE Scaling with 36xxISE Scaling with 36xx