Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


How does ISE count concurrent users ?


trying to make sense of ISE concurrent users licensing, does it count a user only when it's connected ?

If I have 500 users Active Directory (using groups in policy) or 500 users in local database, are there differences in count ?



Tarik Admani

Ise uses radius accounting. When a client disconnects it decrement the current count

Sent from Cisco Technical Support Android App

Ok , but in my case I need to use a NAD without accountig support. What does it happens ?

Tarik Admani

Then this doesn't fall under the list of supported NAD, which I am sure you are aware of. Only way to make this work is to live with the alarm notifications and the license enforcement alarms till you can get the NAD upgraded. The HLD should have identifies this as being an issue.

Sent from Cisco Technical Support Android App

Yes ok but I was thinking to replace a ACS in a dialup scenarios ( not CoA or CWA)

What is HLD ?

Sent from Cisco Technical Support iPad App


It does not depend on the whether the users belong to Active directory  or local depends on the number of users authenticated &  connected to the network through ISE.The count decrements as the user  gets disconnected. As per your other query HLD is High Level Design  which is submitted and reviewed by the Cisco team before your purchase  an ISE appliance or an SKU.

Venkatesh Attuluri
Cisco Employee

The count value is the number of endpoints across  the entire deployment that are concurrently connected to the network and  accessing the service.

Concurrent endpoints  represent the total number of supported users and devices. An endpoint  can be any combination of users, personal computers, laptops, IP phones,  smart phones, gaming consoles, printers, fax machines, or other types  of network devices.



Active Directory and local DB users are not counted separately. The  count is on the basis of number of user and non-user endpoints  connected. They can be Printers, IP Phones, labtops, iphones and android  phones etc.

A High Level Design (HLD) is a document which is required to be  submitted by ATP and non-ATP partners of ISE at the time or before they  place an order for ISE products except lab and wireless only orders. HLD  should be written by an ISE Trained Engineer.

Reason behind getting a HLD submitted by the partners is to make sure  the ISE is deployed properly as it is supposed to be. There is a SAC BU  approved template of HLD which needs to be filled and sent to, where a dedicated team review that particular HLD  and approves if they find all the information correct in the document.

Best Regards.



For more information on the HLD you please go threough the link below:-

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube