cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
325
Views
5
Helpful
4
Replies

ISE 2.7 Pxgrid License

BBNG
Beginner
Beginner

Hello,

I'm finding pxgrid license information very confusing.

On the ordering guide, table 2 says pxgrid does not consume a license but on the license guide it states the following:

"pxGrid is used to share context collected by ISE with other products. A Plus license is required to enable pxGrid functionality. There is no session count decrement when context for session is shared. However, to use pxGrid, the number of Plus sessions licensed must be equal to the number of Base sessions licensed. For more information, see Cisco ISE Licenses and Services section in Cisco Identity Services Engine Ordering Guide."

In my deployment i see zero PLUS licenses being consumed despite using pxgrid for context sharing with third-party solutions.

Now I'm due to renew my Plus licenses, can I assume I could renew only the bare minimum for Pxgrid to be active or it should be the same number I currently have for BASE?

1 Accepted Solution

Accepted Solutions

That is correct.  If your Plus licenses expires all of the features requiring plus will continue to work, however you will lose access to portions of the GUI to make configuration changes.

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#511CiscoISELicenseEntitlement

Also FYI, that all versions of ISE 2.X (that use Base, Plus, and Apex) have EOL notices announced.  The Plus license is also EoS so you will need to purchase Advantage and then have TAC convert that back to Plus.

View solution in original post

4 Replies 4

ahollifield
Rising star
Rising star

Enforcement != Compliance.  pxGrid context sharing requires a Plus/Advantage license per endpoint shared through pxGrid to remain in compliance.  Is ISE not performing active authentication in your deployment?  See here: https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#214Contextexchangelicensingrequirements

 

Note:      Each active endpoint’s context shared with an external system will consume an Advantage license. Each active endpoint session information shared with an external system will need a 1:1 Advantage license. For example, when a Windows laptop authenticates via 802.1X, one Essentials license is consumed. If this endpoint’s context is shared with Cisco Stealthwatch or NGFW, one additional Advantage license will be consumed.

BBNG
Beginner
Beginner

Hello,

Still not clear because I have more base licenses than plus licenses and no warnings of out of compliance so this tells me that I can have the bare minimum of plus just to keep pxgrid working.

Is there any document that describes what happens when you do no renew a plus license? for exemple, I believe my pxgrid use will be out of compliance for 45 days and then the setting will still be there but as read only and I cannot do anything new.

Would that be correct?

That is correct.  If your Plus licenses expires all of the features requiring plus will continue to work, however you will lose access to portions of the GUI to make configuration changes.

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#511CiscoISELicenseEntitlement

Also FYI, that all versions of ISE 2.X (that use Base, Plus, and Apex) have EOL notices announced.  The Plus license is also EoS so you will need to purchase Advantage and then have TAC convert that back to Plus.

BBNG
Beginner
Beginner

Thanks for the reply @ahollifield, I'm aware of the EOL for 2.X and I'm already considering moving to 3.X

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers