Thanks.  So if there are sessions listed under the show live sessions screen(that are not really active), would these be endpoints where a radius accounting stop has not yet been received?  Will these eventually purge out of the system after 5 days?  If I exceed the license count before these have purged out will service to other endpoints be affected?  I am  just trying to get clarification.  Thanks for your help.

The Cisco ISE license is counted as follows:

•A Base or Advanced license is consumed based on the feature that is utilized.

•An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.

•Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.

Once you reach the license count/limit, you will start getting an alarm messages. license traps and alarms are just informational and not enforced. While the alarm is generated when the soft limit of endpoints is crossed and there is not functional impact on the users. To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. However there are plans to implement a hard limit on this soon.

Regards,

Jatin Katyal

*Do rate helpful posts*

Thanks for the info.  I hope when they decide to implement a hard limit that they have a better way of counting an active session.  It seems to me that you could have multiple attempts to connect to a wireless SSID and even though they are failed requests, ISE counts that as a license and could potentially create a denial of service situation if the license limit was exceeded.