cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1441
Views
1
Helpful
4
Replies
Highlighted

ISE licensing requirements for device admin (TACACS)

Dear


We want to install a ISE appliance or appliances to replace our tacacs+ appliances.

You need a Administration license for the complete cluster and a base license of minimum 100 devices.

In our tacacs+ there is now a default device rule, does this count also for the base license or how is this counted?

Do you need to import each NAD ?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Please take a look at this

http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

You need 100 base licenses for ISE UI to be activated and need a device admin license as you stated.

There is no consumption for TACACS, you enable the license and that’s it! Please check page 8 of the guide that discusses it as well.

Each NAD should be imported, you can use CSV, or manually one by one. if you are migration from ACS you can use the migration tool.

https://communities.cisco.com/docs/DOC-63880

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Please take a look at this

http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

You need 100 base licenses for ISE UI to be activated and need a device admin license as you stated.

There is no consumption for TACACS, you enable the license and that’s it! Please check page 8 of the guide that discusses it as well.

Each NAD should be imported, you can use CSV, or manually one by one. if you are migration from ACS you can use the migration tool.

https://communities.cisco.com/docs/DOC-63880

View solution in original post

Highlighted

Thanks for the info Jason Kunst

We have also now running a deployment running with a base license & large deployment license on the current ACS cluster(s). Can we transfer these base & large deployment licenses towards a new ISE cluster?

Currently we have a "default network device setup" in our ACS that we do not to import each NAD into the ACS/TACACS+

Is this still possible in ISE?

Highlighted

Dear Jason and others,

My customer is migrating from ACS to ISE and they now have 1319 AAA clients on ACS and they have 528 defined users (some are duplicated as they use for VPN and for network devices).

If they migrate to ISE, should they have 100 or 1319 base license + 1 device admin license?

Thanks, Tommy

Highlighted

Did you see this answer? https://communities.cisco.com/message/264624

You buy as many VMs as nodes you would like (probably 2), 100 base licenses and a device administration license.

George

Content for Community-Ad