cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
298
Views
4
Helpful
3
Replies

ISE - count authenticated and not authenticated endpoints

babalao
Spotlight
Spotlight

Hello,

to correct license our ISE we need to know how many devices are authenticated and not authenticated. The idea is to know how many endpoint we have in order to license ISE.

For authenticated endpoint I think is easy with the amount of Essential licenses consumed.

But for unauthenticated/failed devices (which is a very big number now), how can I have this current number? For instance to know in the last 15 days ISE saw 500 endpoint failing auth ... so I would know I need this 500 plus licenses.

Thank You.

Regards.

2 Accepted Solutions

Accepted Solutions

Arne Bier
VIP
VIP

ISE will only consume a license if the endpoint was successfully Authorized. How you authorize an endpoint, determines whether or not you need the basic license (Base/Essentials) or if using profiling, then you need Plus/Advantage. But rejecting an endpoint does not consume licenses, and the NAD will not create a session for failed endpoints, hence, no RADIUS Accounting will be sent to ISE>

View solution in original post

Arne Bier
VIP
VIP

There are RADIUS Operations Reports - Endpoints And Users and then trawl the Top N reports.

On newer ISE versions (3.2+) you can also try the System360 Log Analytics - if you can create queries clever enough to filter out the issue.

View solution in original post

3 Replies 3

Arne Bier
VIP
VIP

ISE will only consume a license if the endpoint was successfully Authorized. How you authorize an endpoint, determines whether or not you need the basic license (Base/Essentials) or if using profiling, then you need Plus/Advantage. But rejecting an endpoint does not consume licenses, and the NAD will not create a session for failed endpoints, hence, no RADIUS Accounting will be sent to ISE>

babalao
Spotlight
Spotlight

Hello,

but I see a lot of failed authentications on the live logs (the red smbol). For example if a MAC endpoint device is not added to a endpoint group it will match the default rule in the MAB policy set which action is access-reject. And I see this log on ISE.

I was wondering if there is a way to see de amount of this "failing" devices..

Thank you! 

Arne Bier
VIP
VIP

There are RADIUS Operations Reports - Endpoints And Users and then trawl the Top N reports.

On newer ISE versions (3.2+) you can also try the System360 Log Analytics - if you can create queries clever enough to filter out the issue.