Solved: If Ise smart portal disconnected, what is the impact

devdevtechi · ‎09-27-2023

Hi all,

I want to understand if cisco ise smart license portal communication disconnected from the nose due to internet connectivity, how many day it will allow the connection to authentication and posture? Any impact will be there for users immediately if the smart portal disconnected from ISE node?

thomas · ‎09-29-2023

If you "lose connectivity" to the Cisco Smart Software Manager (SSM), you are effectively considered an Air-Gapped network deployment. The number of hours or days is not specified although ISE checks in several times per day with SSM if you are not using SSM On-Prem.

From https://cs.co/ise-licensing > 5.2. Cisco ISE Smart Licensing in an air-gapped network with SSM on-premises servers

Cisco ISE Release 2.6 and later supports the use of SSM on-premises servers for Smart Licensing.

Cisco ISE Smart Licensing requires Cisco ISE to be connected to the SSM. If your network is air-gapped, Cisco ISE is unable to report license usage to SSM. This lack of reporting results in a loss of administrative access to Cisco ISE and restrictions in Cisco ISE features.

To avoid licensing issues in air-gapped networks and enable full Cisco ISE functionality, configure SSM On-Prem. This server takes over the role of Cisco SSM in your air-gapped network, releasing license entitlements as needed, and tracking usage metrics. The SSM on-premises server also sends notifications, alarms, and warning messages that are related to licensing consumption and validity.

View solution in original post

DanielP211 · ‎09-27-2023

Hello,

The clients won't get disconected. You will only get the trial period activated and a notification, I belive you can still use ISE normaly for 90 days without internet connectivity.

BR

****Kindly rate all useful posts*****

devdevtechi · ‎09-28-2023

Hi BR,

Thanks for you reply.

Is there any limitation like only 100 endpoint only can able to authentic during such situation? Or evaluation license will be activated for the license count which was entitled in Smart licensing portal when ISE node was in sync with the smart portal before disconnection?

DanielP211 · ‎09-28-2023

No all the devices will work as before the disconection.

BR

****Kindly rate all useful posts*****

thomas · ‎09-28-2023

See https://cs.co/ise-licensing for all Licensing questions.

devdevtechi · ‎09-28-2023

Hi Thomas,

Thanks for your response

I couldn't see the answer for my question in the provided licensing link.

thomas · ‎09-29-2023

If you "lose connectivity" to the Cisco Smart Software Manager (SSM), you are effectively considered an Air-Gapped network deployment. The number of hours or days is not specified although ISE checks in several times per day with SSM if you are not using SSM On-Prem.

From https://cs.co/ise-licensing > 5.2. Cisco ISE Smart Licensing in an air-gapped network with SSM on-premises servers

Cisco ISE Release 2.6 and later supports the use of SSM on-premises servers for Smart Licensing.

Cisco ISE Smart Licensing requires Cisco ISE to be connected to the SSM. If your network is air-gapped, Cisco ISE is unable to report license usage to SSM. This lack of reporting results in a loss of administrative access to Cisco ISE and restrictions in Cisco ISE features.

To avoid licensing issues in air-gapped networks and enable full Cisco ISE functionality, configure SSM On-Prem. This server takes over the role of Cisco SSM in your air-gapped network, releasing license entitlements as needed, and tracking usage metrics. The SSM on-premises server also sends notifications, alarms, and warning messages that are related to licensing consumption and validity.