Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
156
Views
4
Helpful
3
Replies

ISE - count authenticated and not authenticated endpoints

Go to solution
babalao
Spotlight
Spotlight

‎08-27-2024 10:54 AM

Hello,

to correct license our ISE we need to know how many devices are authenticated and not authenticated. The idea is to know how many endpoint we have in order to license ISE.

For authenticated endpoint I think is easy with the amount of Essential licenses consumed.

But for unauthenticated/failed devices (which is a very big number now), how can I have this current number? For instance to know in the last 15 days ISE saw 500 endpoint failing auth ... so I would know I need this 500 plus licenses.

Thank You.

Regards.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎08-27-2024 02:46 PM

ISE will only consume a license if the endpoint was successfully Authorized. How you authorize an endpoint, determines whether or not you need the basic license (Base/Essentials) or if using profiling, then you need Plus/Advantage. But rejecting an endpoint does not consume licenses, and the NAD will not create a session for failed endpoints, hence, no RADIUS Accounting will be sent to ISE>

View solution in original post

Go to solution
Arne Bier
VIP
VIP

‎08-27-2024 05:08 PM

There are RADIUS Operations Reports - Endpoints And Users and then trawl the Top N reports.

On newer ISE versions (3.2+) you can also try the System360 Log Analytics - if you can create queries clever enough to filter out the issue.

View solution in original post

3 Replies 3

Go to solution
Arne Bier
VIP
VIP

‎08-27-2024 02:46 PM

ISE will only consume a license if the endpoint was successfully Authorized. How you authorize an endpoint, determines whether or not you need the basic license (Base/Essentials) or if using profiling, then you need Plus/Advantage. But rejecting an endpoint does not consume licenses, and the NAD will not create a session for failed endpoints, hence, no RADIUS Accounting will be sent to ISE>

Go to solution
babalao
Spotlight
Spotlight

‎08-27-2024 03:18 PM

Hello,

but I see a lot of failed authentications on the live logs (the red smbol). For example if a MAC endpoint device is not added to a endpoint group it will match the default rule in the MAB policy set which action is access-reject. And I see this log on ISE.

I was wondering if there is a way to see de amount of this "failing" devices..

Thank you! 

0 Helpful

Go to solution
Arne Bier
VIP
VIP

‎08-27-2024 05:08 PM

There are RADIUS Operations Reports - Endpoints And Users and then trawl the Top N reports.

On newer ISE versions (3.2+) you can also try the System360 Log Analytics - if you can create queries clever enough to filter out the issue.

Customers Also Viewed These Support Documents