Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1015
Views
0
Helpful
4
Replies

How Cisco ISE 1.2 Base licenses are consumed and tracks concurrent endpoint connected to network

kmittal
Cisco Employee
Cisco Employee

‎01-09-2014 05:54 PM - edited ‎03-10-2019 09:15 PM

Hello

I am interested to know how the cisco ISE 1.2 base licences are consumed. As the cisco ise 1.2 user guide "The Base License is consumed whenever an authentication notification is received by Cisco ISE."

Based on the above statement i have following queries :-

Radius being the UDP based request, its only during the time endpoint is authenticated and authorized the base license is consumed and then its is released. Then how does cisco ISE tracks the concurrent endpoints connected to the network.

Thanks

Kumar

Labels:
0 Helpful
4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

‎01-11-2014 04:18 AM

All licensing in ISE is tracked by every radius authentication request.

Proper accouting of all licenses consumed relies on radius accounting for a proper count of all current radius connections.


Sent from Cisco Technical Support Android App

0 Helpful

kmittal
Cisco Employee
Cisco Employee
In response to Tarik Admani

‎01-12-2014 03:23 PM

thanks for the reply Tarik.

As I understand, you mean that a base license is consumed by every radius authentication request and then the license is free to be utilised again

Also would this means if Radius accounting is turned off, then concurrent sessions will not be tracked.

Thanks

Kumar

0 Helpful

cciesec2011
Level 3
Level 3
In response to kmittal

‎01-12-2014 06:27 PM

I am going to tell you a little secret about Cisco license count.  According to Cisco documentation:  http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_license.html#wp1074423, it states:

License Count

The Cisco ISE license is counted as follows:

A Base or Advanced license is consumed based on the feature that is utilized.

An  endpoint with multiple network connections can consume more than one  license per MAC address. For example, a laptop connected to wired and  also to wireless at the same time. Licenses for VPN connections are  based on the IP address.

Licenses  are counted against concurrent, active sessions.  An active session is  one for which a RADIUS Accounting Start is received but RADIUS  Accounting Stop has not yet been received.

Note Sessions  without RADIUS activity are automatically purged from Active Session  list every 5 days or if the endpoint is deleted from the system.

To  avoid service disruption, Cisco ISE continues to provide services to  endpoints that exceed license entitlement. Cisco ISE instead relies on  RADIUS accounting functions to track concurrent endpoints on the network  and generate alarms when endpoint counts exceed the licensed amounts:

80% Info

90% Warning

100% Critical

Based on this assessment, you can purchase an ISE with 100 endpoint license and use the ISE to support 2000 endpoints without any issues because the license is not strictly enforce.  Yes, it will generate alarms but it still works

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to kmittal

‎01-12-2014 09:52 PM

Kumar,

The radius accounting allows ISE track the proper count of endpoints. If you do not enable radius accounting, you will see a growing number of endpoints which can lead to unecessary alarms.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents