cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9911
Views
5
Helpful
5
Replies

ISE device administrator license consumption

umeshunited
Level 1
Level 1

How is device administrator license consumed ?

Let's say I want to administer 200 device using TACACS , how many license will I need ?

2 Accepted Solutions

Accepted Solutions

Timothy Abbott
Cisco Employee
Cisco Employee

From the license ordering guide:

 

For Cisco ISE 2.3 and earlier versions, only one Device Administration license is required per deployment, regardless of the number of device administration nodes in the deployment. Starting from Cisco ISE 2.4, the number of Device Administration licenses must be equal to the number of device administration nodes in a deployment.

 

If you are currently using a Device Administration license and plan to upgrade to Release 2.4, TACACS+ features will be supported for 50 Device Administration nodes in Release 2.4.

 

Regards,

-Tim

View solution in original post

Device admin is licensed per PSN, if you are pointing your network devices at 2 IPs that are running device admin then you will need to license each PSN.

The info is in the ordering guide
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

View solution in original post

5 Replies 5

Timothy Abbott
Cisco Employee
Cisco Employee

From the license ordering guide:

 

For Cisco ISE 2.3 and earlier versions, only one Device Administration license is required per deployment, regardless of the number of device administration nodes in the deployment. Starting from Cisco ISE 2.4, the number of Device Administration licenses must be equal to the number of device administration nodes in a deployment.

 

If you are currently using a Device Administration license and plan to upgrade to Release 2.4, TACACS+ features will be supported for 50 Device Administration nodes in Release 2.4.

 

Regards,

-Tim

Hi Timothy,

 

Thank you for reply.

 

We are having two nodes.  First Node : PAN (Pri) , Mnt (bac) , Second Node : PAN( bac) & MnT(Pri).

We have 100 device administration licenses. So as per your update we'll be able to administer 100 devices.

Is there any way I can check consumed licenses ?

Hi,

 

Assuming you're running ISE 2.4 and above, 100 DA licenses is overkill. It's one DA license per policy node, and the most you can have in a deployment is 50 policy nodes.

 

Each DA license can be associated with a single policy node and authenticate + authorize via TACACS+ as much as the sizing guidelines permits. 

 

Maybe you're confusing DA licenses with Base/Plus/Apex licenses?

 

Keep in mind that DA and the others are separate licenses. Also keep in mind that each TACACS+ session doesn't take up a Base license, as opposed to RADIUS authentication/802.1x which does.

 

As per your usage question, just check out the Licensing option under Administration menu.

Hi,

 

My query is against Cisco ISE device admin node license.

We have procured the 2 VM license for two nodes, along with Base, Apex, Plus and TACACS license.

 

But I am bit confusing about TACACS device admin license

 

Below is the TACACS license details from Cisco.

Product Name           : L-ISE-TACACS-ND=

Product Description   : Cisco ISE Device Admin Node

LicenseProduct Qty    : 1

 

Please let me know. if these license quantity can help us to add 50 devices for TACACS device administration or how many devices we can add with ISE for TACACS device administration..?

 

We have 50+ network device to Integrate with ISE

ISE running version: 2.4

Implementation type: New with 2.4

 

Thanks in Advance.!

 

Device admin is licensed per PSN, if you are pointing your network devices at 2 IPs that are running device admin then you will need to license each PSN.

The info is in the ordering guide
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: