03-11-2017 10:40 PM - edited 03-11-2019 12:32 AM
Dears in support
I have plan to deploy cisco ISE, I am a little confused about licensing. I have plan to manage almost 500 end host. which license should I select? for deployment we prefer to use appliance. what is requirement of it? only purchasing SNS 3515 plus affiliated license. or anything else.
Regards
Solved! Go to Solution.
03-12-2017 09:40 PM
If you are only doing device administration you technically do not consume any Base licenses. However you need to purchase the minimum quantity (100) for your appliance as it's required by Cisco. You then add the Device Admin license. That entitles you to manage any number of devices no matter how many admins, concurrent or not.
Reference:
http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf
03-12-2017 07:13 AM
The appliance itself does not require any license. However the support contract you buy for it will give you entitlement to request TAC support and downlaod software updates for your deployment.
Your ISE deployment has several licensing options:
1. You start with perpetual Base licenses (required - one license per concurrent active endpoint).
2. You then optionally add Plus (adds Device Registration and Profiling among other things) as Apex (adds Posture and MDM integration) term licenses. The available terms are 1, 3 and 5 years.
3. You also have the option of adding a Device Admin perpetual license to allow ISE to act as a TACACS+ server to provide AAA services administering your network devices.
Note if you are doing Posture Assessment you are also required to have AnyConnect Apex licenses for the endpoints.
03-12-2017 09:20 PM
Dear Marvin
Many thanks for your comments, we are 5 admin person responsible for managing max 500 router, switch and firewall which all of them are in production environment (online). our main object is only deployment of AAA in ISE. the point which I got from your comment is first purchasing Device Admin perpetual license to allow ISE to act as a TACACS+ server to provide AAA services to our network. am I right? second I am a little confused about Licenses are counted against concurrent active sessions or are counted against concurrent active devices. we (5 admin) may have max 10 active concurrent session. do we need to purchase 500 base license for covering our 500 concurrent active devices or only need 10 base license for covering our max 10 active concurrent session?
waiting for your valuable comments.
Regards
03-12-2017 09:40 PM
If you are only doing device administration you technically do not consume any Base licenses. However you need to purchase the minimum quantity (100) for your appliance as it's required by Cisco. You then add the Device Admin license. That entitles you to manage any number of devices no matter how many admins, concurrent or not.
Reference:
http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf
03-14-2017 12:06 AM
Dear Marvin
Many thanks for your informative reply, as I mentioned now we are accessing almost 500 devices using their local database through SSH and authentication is IP based using ACL. there is no authorization and accounting procedure. we want to deploy AAA through ISE with SNS appliance special because we need to change the password in short period of time(sensitive and time consuming process). could you please help us about hardware and software requirement for deployment?
your always assistant is highly appreciated.
Regards
03-14-2017 02:02 AM
Dear Marvin
The points which I got from you comments are for deployment of AAA using ISE with cisco appliance we need first:- cisco SNS 3515 appliance Second:- cisco ISE base license for 100 endpoint third:- device admin license.
Waiting for your comments.
03-14-2017 06:10 AM
Yes, that's correct.
The appliance should also be purchased with a support contract (Smartnet). You have chosen the hardware appliance - one can also do the same thing with a VM of equivalent CPU, memory and disk.
I would also recommend to you the resources listed at the following page:
https://communities.cisco.com/docs/DOC-64012#jive_content_id_Device_Administration_TACACS
There are many useful links and guides listed there that will help you get started.
03-14-2017 09:34 PM
Dear Marvin
Many thanks for sharing your valuable information.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide