Solved: Re: Device Administration Using RADIUS

hradhanp · ‎08-14-2018

Hi Team,

One of my customer has WLC and AP which doesn't support TACACS so they want to to the device administration using RADIUS. We have completed the POC for the customer but need to understand the License consumption. Do we need to include device admin license along with the 100 base license or only base license is enough.

Regards,

Hiten R

RichardAtkin · ‎08-14-2018

If you're only using RADIUS for device admin instead of TACACS+, then BASE is fine.

View solution in original post

RichardAtkin · ‎08-14-2018

If you're only using RADIUS for device admin instead of TACACS+, then BASE is fine.

hradhanp · ‎08-14-2018

How about the license consumption ? Is it based on device or based on session ?

Arne Bier · ‎08-14-2018

Every successful Radius Authentication&Authorization for an Endpoint will consume 1 base license. If the same Endpoint has 1000 repeat authentications then it's still only 1 base license consumed. The NAS should ideally send Radius Accounting to ISE, because ISE uses that to track the session for that endpoint - and when WLC sends accounting Stop for that endpoint, then ISE should free up the license for that endpoint.

If you don't send Radius accounting then ISE has some internal logic when it decides to free up the license. I forget what the time interval is - it's like 1 hour or something. it's very crude.