cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
191
Views
0
Helpful
2
Replies

ISE Endpoint Entries

Darren Thompson
Level 1
Level 1

I am working on renewing my ISE licenses.  I was tasked to see how many devices we are authenticating to determine the tier we need to purchase.  Looking through the endpoint dashboard I have a high count of devices. There are a lot of entries that are from 3 years ago for devices we have since decommissioned for end of life.  Is it best practice to remove these entries since the devices are no longer on the network?  And if I delete one that is on the network by mistake, will it repopulate once it attempts to authenticate back on the network?

2 Replies 2

nict
Level 1
Level 1

Hi Darren,

Depending on how large your network is, it could be a huge task to delete devices that are no longer on your network. I would suggest you could look into the Purge rules, to set something up that purges devices that haven't been seen on the network for x days.

If you delete a device by mistake, it would have to reauthenticate. You just have to keep in mind, that if that device was in a certain group, you might need to set that group manually again, if it is not provided by profiling, a guest portal etc.

Not all the MAC addresses collected by ISE count for licensing. The licenses would be counted based on how many active sessions will be authenticated simultaneously, you can see those sessions count in the live sessions dashboard, or, you can do a rough estimate of how many endpoints are connected to the network adding some extra room of growth to the calculation.

On top of that you would need to consider if you will be using any feature on ISE that would require higher licenses than Essentials. For instance, if you want to use profiling you would need the Advantage licenses, and if you want to use posture assessment you would need the Premier licenses.

Cisco ISE Licensing Guide - Cisco