cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3056
Views
0
Helpful
5
Replies
Highlighted
Beginner

ISE device administrator license consumption

How is device administrator license consumed ?

Let's say I want to administer 200 device using TACACS , how many license will I need ?

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Re: ISE device administrator license consumption

From the license ordering guide:

 

For Cisco ISE 2.3 and earlier versions, only one Device Administration license is required per deployment, regardless of the number of device administration nodes in the deployment. Starting from Cisco ISE 2.4, the number of Device Administration licenses must be equal to the number of device administration nodes in a deployment.

 

If you are currently using a Device Administration license and plan to upgrade to Release 2.4, TACACS+ features will be supported for 50 Device Administration nodes in Release 2.4.

 

Regards,

-Tim

View solution in original post

Highlighted
Cisco Employee

Re: ISE device administrator license consumption

Device admin is licensed per PSN, if you are pointing your network devices at 2 IPs that are running device admin then you will need to license each PSN.

The info is in the ordering guide
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

View solution in original post

5 REPLIES 5
Highlighted
Cisco Employee

Re: ISE device administrator license consumption

From the license ordering guide:

 

For Cisco ISE 2.3 and earlier versions, only one Device Administration license is required per deployment, regardless of the number of device administration nodes in the deployment. Starting from Cisco ISE 2.4, the number of Device Administration licenses must be equal to the number of device administration nodes in a deployment.

 

If you are currently using a Device Administration license and plan to upgrade to Release 2.4, TACACS+ features will be supported for 50 Device Administration nodes in Release 2.4.

 

Regards,

-Tim

View solution in original post

Highlighted
Beginner

Re: ISE device administrator license consumption

Hi Timothy,

 

Thank you for reply.

 

We are having two nodes.  First Node : PAN (Pri) , Mnt (bac) , Second Node : PAN( bac) & MnT(Pri).

We have 100 device administration licenses. So as per your update we'll be able to administer 100 devices.

Is there any way I can check consumed licenses ?

Highlighted
Rising star

Re: ISE device administrator license consumption

Hi,

 

Assuming you're running ISE 2.4 and above, 100 DA licenses is overkill. It's one DA license per policy node, and the most you can have in a deployment is 50 policy nodes.

 

Each DA license can be associated with a single policy node and authenticate + authorize via TACACS+ as much as the sizing guidelines permits. 

 

Maybe you're confusing DA licenses with Base/Plus/Apex licenses?

 

Keep in mind that DA and the others are separate licenses. Also keep in mind that each TACACS+ session doesn't take up a Base license, as opposed to RADIUS authentication/802.1x which does.

 

As per your usage question, just check out the Licensing option under Administration menu.

Highlighted
Beginner

Re: ISE device administrator license consumption

Hi,

 

My query is against Cisco ISE device admin node license.

We have procured the 2 VM license for two nodes, along with Base, Apex, Plus and TACACS license.

 

But I am bit confusing about TACACS device admin license

 

Below is the TACACS license details from Cisco.

Product Name           : L-ISE-TACACS-ND=

Product Description   : Cisco ISE Device Admin Node

LicenseProduct Qty    : 1

 

Please let me know. if these license quantity can help us to add 50 devices for TACACS device administration or how many devices we can add with ISE for TACACS device administration..?

 

We have 50+ network device to Integrate with ISE

ISE running version: 2.4

Implementation type: New with 2.4

 

Thanks in Advance.!

 

Highlighted
Cisco Employee

Re: ISE device administrator license consumption

Device admin is licensed per PSN, if you are pointing your network devices at 2 IPs that are running device admin then you will need to license each PSN.

The info is in the ordering guide
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

View solution in original post