Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
4
Helpful
8
Replies

ISE device admin Licnese

Go to solution
infome
Level 1
Level 1

‎03-27-2024 01:57 PM

Hello 

I want to implement ISE in a network. Right now I want device administration TACACS to use, moreover; I want perpetual licenses.

  • Do I need R-ISE-VMC-K9= License?
  • Do I need a Device administration license (L-ISE-TACACS-ND=)?
  • OR do I need both?
  • I have between 600 devices in my network do I need to buy endpoint licenses for TACACS?
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-29-2024 05:33 AM

Thew two licenses you mentioned in your original post are the only ones you need to TACACS on an ISE VM. If you want high availability then you would need two VMs and two each of those two license types.

If by "600 devices" you mean 600 switches. routers etc. using TACACS then no further license are required.

Essentials / Advantage / Premier licenses are only required when you have devices authenticating via RADIUS and you need that feature along with other optional advanced features (like profiling, BYOD registration, posture checking etc.)

Note: Some deployments without the need to authenticate end user computers (i.e,, only having only network infrastructure devices requiring authentication) end up requiring a few Essentials licenses to support any network devices that don't have TACACS support built in.

View solution in original post

8 Replies 8

Go to solution
liviu.gheorghe
Spotlight
Spotlight

‎03-27-2024 03:13 PM

Hello @infome ,

Yes, you need the R-ISE-VMC-K9= License which is the VM license for the ISE deployment in a virtualised environment

Yes, you need the ISE Device Admin license L-ISE-TACACS-ND= if you plan on using TACACS

Yes, you need both R-ISE-VMC-K9= and L-ISE-TACACS-ND=

If you have 600 endpoints you have to buy 600 ISE-A-LIC (ISE Advantage Subscription).

The R-ISE-VMC-K9= and L-ISE-TACACS-ND= are perpetual licenses and ISE-A-LIC are subscriptions.

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
infome
Level 1
Level 1

‎03-29-2024 02:39 AM

thanks @liviu.gheorghe 

if you check below and give your advise 

infome_0-1711705019782.png

 

0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to infome

‎03-29-2024 03:03 AM

Yes, that is correct - you need a TACACS license for each PSN. The same goes for TACACS not consuming Endpoint licenses and that there is no limit to how many devices you can administrate with TACACS.

Yes, Essential, Advantage and Premier are subscription licenses and license consumption is based on active endpoint sessions.

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
infome
Level 1
Level 1

‎03-29-2024 03:20 AM

Thanks

So I need to Buy (R-ISE-VMC-K9= and L-ISE-TACACS-ND=) Licenses for network device administration.

In my case I do not need to buy  ISE-A-LIC  because I do not use ISE as a AAA.

Sorry if I am not getting it right.  

0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to infome

‎03-29-2024 03:33 AM

Now I'm confused - in the original post, you said you want to use TACACS. The TACACS protocol is part of the AAA framework. Do you mean that you want to use the ISE server solely as a TACACS server? For this use case you need to buy the Essential license ISE-E-LIC. Can you clarify?

ISE Essentials:

ISE Essential is the base licensing tier that provides fundamental identity and access management features. It includes functionalities such as 802.1X-based network access, guest access management, posture assessment, and basic profiling capabilities. This tier is suitable for organizations looking for essential security features to control access to their network resources.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-29-2024 05:33 AM

Thew two licenses you mentioned in your original post are the only ones you need to TACACS on an ISE VM. If you want high availability then you would need two VMs and two each of those two license types.

If by "600 devices" you mean 600 switches. routers etc. using TACACS then no further license are required.

Essentials / Advantage / Premier licenses are only required when you have devices authenticating via RADIUS and you need that feature along with other optional advanced features (like profiling, BYOD registration, posture checking etc.)

Note: Some deployments without the need to authenticate end user computers (i.e,, only having only network infrastructure devices requiring authentication) end up requiring a few Essentials licenses to support any network devices that don't have TACACS support built in.

Go to solution
infome
Level 1
Level 1

‎03-29-2024 07:24 AM - edited ‎03-29-2024 07:26 AM

Thanks @liviu.gheorghe & @Marvin Rhoads  for explaining ISE licensing. 

I will try to buy these Licenses as you know that these licenses are expensive that is Why I want to be well prepared. before I  buy these Licnese, is there any trial License which I can install in my network.  

  • R-ISE-VMC-K9=
  • L-ISE-TACACS-ND=

 

0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to infome

‎03-29-2024 07:33 AM

Yes, any new installation has a 90 day trial period with all features activated for 100 endpoints as far as I recall.
Regards, LG
*** Please Rate All Helpful Responses ***
Customers Also Viewed These Support Documents