Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
1
Replies

ISE 2.2 pxGrid licensing for identity to FMC

Go to solution
gbekmezi-DD
Level 5
Level 5

‎08-02-2017 04:30 PM

Table 8 of the ordering guide dated August 2017 includes the following:

The two rows above are a little confusing.  The context sharing row implies Plus license is required for third party sharing.  Is FMC considered third party?  PassiveID implies authentication information coming from other servers.  Does that mean we can't share identity information for radius authenticated users via pxGrid without Plus licenses?

Thanks!

George

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kegagnon
Cisco Employee
Cisco Employee

‎08-03-2017 06:50 AM

Hi George,

Passive ID refers to a work center and is defined pretty well in the Administrator Guide located here: Cisco Identity Services Engine Administrator Guide, Release 2.2 - Manage Users and External Identity Sources [Cisco Ide… In summary, Passive ID is ISE looking to other sources of identity to see if they have authenticated the endpoint. ISE does not actively participate in the authentication itself when Passive identity is used. Active authentication examples include RADIUS and MAB.

I went looking through the Ordering Guide for the words third party and only found one reference. That was for MDM. Passive ID refers to Cisco and non-Cisco subscribers. FMC would be a Cisco subscriber.

Active authentication such as RADIUS would not fall under Passive ID and would therefore fall under the more general Context sharing category. Context sharing requires a Plus license for every endpoint you want to share information about via pxGrid.

I hope this clears things up.

Best Regards, Kevin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
kegagnon
Cisco Employee
Cisco Employee

‎08-03-2017 06:50 AM

Hi George,

Passive ID refers to a work center and is defined pretty well in the Administrator Guide located here: Cisco Identity Services Engine Administrator Guide, Release 2.2 - Manage Users and External Identity Sources [Cisco Ide… In summary, Passive ID is ISE looking to other sources of identity to see if they have authenticated the endpoint. ISE does not actively participate in the authentication itself when Passive identity is used. Active authentication examples include RADIUS and MAB.

I went looking through the Ordering Guide for the words third party and only found one reference. That was for MDM. Passive ID refers to Cisco and non-Cisco subscribers. FMC would be a Cisco subscriber.

Active authentication such as RADIUS would not fall under Passive ID and would therefore fall under the more general Context sharing category. Context sharing requires a Plus license for every endpoint you want to share information about via pxGrid.

I hope this clears things up.

Best Regards, Kevin

0 Helpful
Customers Also Viewed These Support Documents