cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
4
Replies

Device administration deployment - License for devices using Radius protocol

dngore
Cisco Employee
Cisco Employee

Hi,

Will device administration license per PSN take care devices with Radius protocol or separate base license will require for Radius?

 

Customer has devices with TACACS+ and Radius protocol. Want to confirm license required for device administration deployment.

 

 

1 Accepted Solution

Accepted Solutions

Surendra
Cisco Employee
Cisco Employee
Device administration license is required for TACACS authentications only. You will have to have base license at the very least to serve RADIUS authentications. In short, your client needs both those licenses. Base/Plus/Apex/Mobility licenses are endpoint based. i.e., based on the number of end clients (PCs/Mobiles etc) that would be authenticating against ISE. Device Administration licenses is based on the number of ISE nodes which would serve TACACS authentications (rather, on how many nodes you would enable device administration persona) at any given point of time.

View solution in original post

4 Replies 4

Surendra
Cisco Employee
Cisco Employee
Device administration license is required for TACACS authentications only. You will have to have base license at the very least to serve RADIUS authentications. In short, your client needs both those licenses. Base/Plus/Apex/Mobility licenses are endpoint based. i.e., based on the number of end clients (PCs/Mobiles etc) that would be authenticating against ISE. Device Administration licenses is based on the number of ISE nodes which would serve TACACS authentications (rather, on how many nodes you would enable device administration persona) at any given point of time.

Thx for quick reply.

 

So in summary, if customer has 10,000 devices having combination like 8000 with TACACS+ and 2000 with Radius for device administration solution then we will require 2000 ISE base license.

Yes, 2000 base licenses for basic RADIUS functionality and ‘X’ number of device administration licenses where ‘X’ is the number of ISE nodes on which the Device Administration Persona is enabled at a given point of time.

I have an additional question regarding the base licenses for RADIUS .

BASE Licenses are usually assigned to active sessions for RADIUS auth. At least for network authn.

Is the base license for RADIUS (device admin) sticked to number of NADs or number of active sessions?

 

Thanks in advance.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: