03-30-2022 12:12 AM
Dear Community Support.
1. I have a need for only a Wired NAC, no wireless or Mobile Device Management. I am trying to understand /clarify what licenses I need to procure.
2. I will be deploying two PAN Nodes in a central Data Centre - Primary and Secondary in a Failover configuration.
3. There will be 32 distributed PSN Nodes at various remote locations. At each remote location with PSN, there will be around 250 endpoint devices - Workstation/IP Phones. Each of the remote PSN site will be connected to a separate Identity source - Active Directory Domain Controller.
4. The PSN does not have a failover at the remote sites but x2 PSN is to be deployed at the Data Centre alongside the PAN to support the failover of any of the remote 32 PSN's. There are no endpoint devices in the central DC.
5. All of the Nodes - PAN, PSN, MnT, pxGrid will be deployed in a VM. There will also a pxGrid in the Data Centre to support integration with a SIEM solution as well as the Monitoring and Troubleshooting Nodes (MnT) in the Data Centre.
Summary of ISE Nodes IN HA Configuration (All to be deployed in a Virtual Machine).
A. PAN Nodes - Primary/Secondary in high-availability configuration = x2
B. PSN Nodes (in Remote Sites) = x32 + (in central Data Centre) = x2 = 34
C. pxGrid = x2
D. Monitoring (MnT) - Primary/Secondary = x2
E. Each PSN is will have = 250 endpoints.
I have established that I need at least the following:-
Cisco Identity Service Engine (250 x32) = 8750 Endpoint Base (Perpetual) License
Cisco Identity Service Engine (250 x32) = 8750 Endpoint Plus Subscription License 3-Years
I am not certain about what remains in terms of VM licensing.
I creating a Bill-of-Material, what are my product licensing requirement for Cisco ISE please?
Thank you.
Solved! Go to Solution.
04-01-2022 10:03 AM - edited 04-01-2022 10:03 AM
You are no longer able to order Cisco ISE Base/Plus/Apex licenses, these went end of sale. They were replaced with Essentials/Advantage/Premier licensing tiers and they work in similar ways. Because you built yours out with plus, I will use the appropriate Advantage licenses that replaced them.
I count 40 ISE VM's, and 8750 endpoints based upon your description. Your BOM would be similar to this.
Line Number | Item Name | Description | Quantity |
1.0 | ISE-SEC-SUB | Cisco Identity Service Engine Subscription | 1 |
1.1 | ISE-A-LIC | Cisco Identity Service Engine Advantage Subscription | 8750 |
1.2 | SVS-ISE-SUP-B | Basic Support for Identity Service Engine Subscription | 1 |
2.0 | R-ISE-VMC-K9= | Cisco ISE Virtual Machine Common PID | 40 |
2.0.1 | CON-ECMUS-RISE9KVM | SOLN SUPP SWSS Cisco ISE Virtual Machine Common PID | 40 |
If you want to run TACACS for device admin logins, then you can add L-ISE-TACACS-ND= for each PSN you will enabled the TACACS features on. So if you use 4 VM's to run TACACS authentications through, then you need 4x L-ISE-TACACS-ND=.
03-30-2022 04:43 AM
check this :
04-01-2022 07:26 AM
Hello Balaji Bandi,
Many thanks for providing a guidance to my enquiry.
I am unable to access the site using my Cisco ID.
I was presented with the error message below.
I don’t understand the issue. Are you able to look into this for me please.
Thank you,
Best regards,
Dami
04-01-2022 10:03 AM - edited 04-01-2022 10:03 AM
You are no longer able to order Cisco ISE Base/Plus/Apex licenses, these went end of sale. They were replaced with Essentials/Advantage/Premier licensing tiers and they work in similar ways. Because you built yours out with plus, I will use the appropriate Advantage licenses that replaced them.
I count 40 ISE VM's, and 8750 endpoints based upon your description. Your BOM would be similar to this.
Line Number | Item Name | Description | Quantity |
1.0 | ISE-SEC-SUB | Cisco Identity Service Engine Subscription | 1 |
1.1 | ISE-A-LIC | Cisco Identity Service Engine Advantage Subscription | 8750 |
1.2 | SVS-ISE-SUP-B | Basic Support for Identity Service Engine Subscription | 1 |
2.0 | R-ISE-VMC-K9= | Cisco ISE Virtual Machine Common PID | 40 |
2.0.1 | CON-ECMUS-RISE9KVM | SOLN SUPP SWSS Cisco ISE Virtual Machine Common PID | 40 |
If you want to run TACACS for device admin logins, then you can add L-ISE-TACACS-ND= for each PSN you will enabled the TACACS features on. So if you use 4 VM's to run TACACS authentications through, then you need 4x L-ISE-TACACS-ND=.
06-01-2022 05:31 AM
Hello Team,
I am doing a cost analysis to support a business case/ project proposal
How do I get a quote/prices for these line items in the below table please.
I need to provide consideration for x1 year and x3 year subscription license.
Line Number | Item Name | Description | Quantity |
1.0 | ISE-SEC-SUB | Cisco Identity Service Engine Subscription | 1 |
1.1 | ISE-A-LIC | Cisco Identity Service Engine Advantage Subscription | 8750 |
1.2 | SVS-ISE-SUP-B | Basic Support for Identity Service Engine Subscription | 1 |
2.0 | R-ISE-VMC-K9= | Cisco ISE Virtual Machine Common PID | 40 |
2.0.1 | CON-ECMUS-RISE9KVM | SOLN SUPP SWSS Cisco ISE Virtual Machine Common PID | 40 |
Thank you.
Best regards
Dami
02-09-2024 05:37 AM
How many ISE VM license require for HA and Fail Over to handle for all service. To be resolve with compliance issue as well.
I met with Cisco Tac, he registered with 2vm license on Primary for Node and he mentioned me, require for one license to handle for Service. Is it require 2 VM license or 3VM license.
02-09-2024 06:09 AM
Each ISE VM node requires a VM license.
02-09-2024 09:09 AM
Hello Aref,
but cisco tac says 2 vm license require for PAN and one vm licese require for SAN, Why need 3 vm licesesm
02-09-2024 09:32 AM
If you have 2 VM then you need 2 License here.
02-09-2024 11:07 AM
"Cisco ISE VM License SKU (R-ISE-VMC-K9=): Purchase a license for each virtual machine or cloud-deployed ISE node in your deployment."
02-26-2024 06:39 AM - edited 02-27-2024 04:56 PM
sorry for make your complex, may be smart license and SLR license are different when we implement for ISE. Currently, I'm using with SLR, 3 licenses are require for HA 2 nodes. 2 for PAN and 1 for SAN, for Enterprise Licenses are recommended with 80/20 ratio.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide