Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1379
Views
1
Helpful
6
Replies

ISE Licensing Consumption in Cluster

Go to solution
csco10675262
Level 1
Level 1

‎12-15-2023 05:44 PM

Hi,

I am new to ISE 3.x licensing and like to enquire if there is a 2 node ise setup in cluster HA, I like to ask what would the license be seen if 50 essential is added to primary node and 50 essential is added to secondary node. During normal time, would ISE allow 100 concurrent devices or it is limited to 50 since primary node only have 50 essential license?

I am aware on how ise behave when the primary node becomes offline however not too sure during normal time, would the license on secondary node be counted to the total pool or it is based on primary node license only?

 

Any suggestion is appreciated

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ammahend
VIP Alumni
VIP Alumni
In response to csco10675262

‎12-17-2023 07:50 AM - edited ‎12-17-2023 07:54 AM

The way I understood is ISE see the license count on Primary only, So if you have 50 licenses on primary and 50 licenses on secondary, ISE see 50 licenses when both systems are running and if primary fails and secondary is promoted to primary ISE still sees 50 licenses but from secondary (now promoted to primary). But that does not mean you must  purchase 50+50 licenses if you want to support 50 sessions, once primary fails you get 30 days grace period to rejoin primary before you go out of compliance, if you can not do that then you can release the licenses reserved on original primary and reserve the required licenses on the newly promoted primary.

-hope this helps-

View solution in original post

0 Helpful
6 Replies 6

Go to solution
ammahend
VIP Alumni
VIP Alumni

‎12-15-2023 07:29 PM

license are added to a pool in smart licensing portal and consumes on per sesson basis, irrespective of node, so if both primary and secondary have 50 concurrent sessions each then 100 licenses are consumed from pool

-hope this helps-
0 Helpful

Go to solution
csco10675262
Level 1
Level 1

‎12-15-2023 07:50 PM

Hi,

Thank you for the reply. Does it still apply even for air-gapped deployment of ISE?

0 Helpful

Go to solution
ammahend
VIP Alumni
VIP Alumni
In response to csco10675262

‎12-16-2023 01:32 AM

No, it works differently,  it required an on-prem smart software manager (ssm) server and specific license reservation,  read here for details, table 2 has examples

https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_licensing.html#concept_lnz_tmr_h4b

-hope this helps-
0 Helpful

Go to solution
csco10675262
Level 1
Level 1

‎12-17-2023 04:45 AM

Hi,

Appreciate for the update. I have read the document yourself had provided however what i dont understand, during normal time when both the primary and secondary ise nodes are running, would ISE sees the license as 50 or 100? Specific license reservation would be applied on primary and secondary ise nodes with each having 50 essential license which i am not too sure if ISE would see 50 or 100 license when both the nodes are running without internet access and SSM?

Anyway i do know for ISE would require twice the license count for seamless  failover and without any restriction due to admin read only. It is just for my information on the above scenario if ISE sees 50 or 100 license when both nodes are running without internet and SSM available.

0 Helpful

Go to solution
ammahend
VIP Alumni
VIP Alumni
In response to csco10675262

‎12-17-2023 07:50 AM - edited ‎12-17-2023 07:54 AM

The way I understood is ISE see the license count on Primary only, So if you have 50 licenses on primary and 50 licenses on secondary, ISE see 50 licenses when both systems are running and if primary fails and secondary is promoted to primary ISE still sees 50 licenses but from secondary (now promoted to primary). But that does not mean you must  purchase 50+50 licenses if you want to support 50 sessions, once primary fails you get 30 days grace period to rejoin primary before you go out of compliance, if you can not do that then you can release the licenses reserved on original primary and reserve the required licenses on the newly promoted primary.

-hope this helps-
0 Helpful

Go to solution
csco10675262
Level 1
Level 1

‎12-17-2023 05:31 PM

Much appreciated on the update. The reason i mention purchase of 50+50 license is exactly like what yourself had mentioned, after 30 days, can always rehost and when the primary node is available again to perform another rehost. As the client environment has operations policies, the purchase of the 50 + 50 license would make more sense to them.

Once again, Thank you for the update

Top