cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

366
Views
0
Helpful
5
Replies
rshehov
Cisco Employee

ISE Licensing URGENT

Hi all,

 

I would like to double check something. I have a customer who is going ahead with 4 x SNS 3515. They want to do centralised ISE deployment with 1 Active ISE (Admin,PSN,etc nodes) and 3 Standby nodes. Is this possible ? 

 

If the above deployment is possible then I am sure that we will need to get licenses only to the active ISE appliance. 

 

Many thanks for your input in advance

 

Regards

 

Ross

1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee

I am guessing your customer actually wanting one deployment with one primary ISE node and three secondary ISE nodes and all SNS 3515. If yes, then that is a possible ISE deployment and we only need to tie the license files to the UDI of the primary ISE node and import them there. For more info, please check ISE ordering guide.

View solution in original post

5 REPLIES 5
Arne Bier
VIP Advisor

Not possible.  Each node that is running needs a license of some sort.  You apply the license to the PAN node and it then determines the behaviour of the entire deployment.  E.g. if you only install base license on the PAN node, then the menus will not show any Plus or Apex features.

What's the point of having three standby nodes?  If they are not registered to the PAN then they will not have the config from the PAN.  You effectively have four separate systems, all disjoint.

ISE nodes are designed to be registered to the PAN - the PAN pushes the config to all the other nodes.

Standalone means just that - it's standing alone - and that means it's effectively its own deployment. And hence, needs a license.  License is tied to the UDI (serial number) of the PAN nodes. 

Thomas Schmitt
Beginner

You can bind a license to primary and secondary PAN SN, it's not possible to add more nodes to a license

paul
Advocate

You can do smart licensing to help a bit, but not completely.  Each stand alone box could share the same pool of Base/Plus/Apex licenses in the smart licensing account.  You would need 4 VM licenses in the smart account though to cover each node.  If you are doing TACACS, you would need 4 Device Administration licenses.

hslai
Cisco Employee

I am guessing your customer actually wanting one deployment with one primary ISE node and three secondary ISE nodes and all SNS 3515. If yes, then that is a possible ISE deployment and we only need to tie the license files to the UDI of the primary ISE node and import them there. For more info, please check ISE ordering guide.

View solution in original post

rshehov
Cisco Employee

That is exactly the use case here. Thank you so much for confirming this. I was expecting this answer but I wanted to double check. Many thanks
Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (50%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel