cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2835
Views
30
Helpful
10
Replies

ISE Licensing

atiye.bigdeli
Level 1
Level 1

Hi friends.

I want to deploy the cisco ise for 1200 client. we need posture and profiling. I think that the licenses that are required are:

R-ISE-VMM-K9=

L-ISE-BSE-P4
L-ISE-PLS-1Y-S4
L-ISE-APX-1Y-S4
L-ISE-TACACS-ND=

and for any connect

Term LicenseBanding SKU

L-AC-PLS-LIC=          L-AC-PLS-5Y-S5     
L-AC-APX-LIC= L-AC-APX-1Y-S5

I have some question:

1- I want to use HA deployment and run two cisco ISE VM. the HA need per license for each vm? or only one license is required?

2- for Tacacs license, is this license, count base or one license for each VM?

3-I want to use Any Connect for posturing, do I need plus license in addition to Appex license?

2 Accepted Solutions

Accepted Solutions

Cory Peterson
Level 5
Level 5

 

R-ISE-VMM-K9= Need one for each VM you are going to Deploy.
L-ISE-BSE-P4 Need as many as the total concurrent endpoints
L-ISE-PLS-1Y-S4

Only need the amount equal to the total amount of endpoints you plan on profiling (It only counts a license when you using profiling to make a policy decision)

L-ISE-APX-1Y-S4 Only need the amount equal to the total amount of endpoints you plan on posturing
L-ISE-TACACS-ND= Need 1 per VM that will do TACACS Authentications (Assuming you are deploying 2.4)

 

 

I would also recommend going with a longer term than 1 year, unless you have a specific reason.

 

For Anyconnect, you only need Anyconnect Plus Licensing to support ISE Posture, ISE NAM, VPN. 

With anyconnect you only need Plus or Apex, not both. Apex Covers all Plus features plus the Apex features.

View solution in original post

Licenses for 2.4 are sold in ranges, for example, you add the parent sku then select the exact quantity of P1 to p11. There are different parent and sub sku's for base, plus, and apex.

Ex. If you wanted to order 723 base licenses.
L-ISE-BSE-PLIC x 1
L-ISE-BSE-P3 - x 723

View solution in original post

10 Replies 10

Cory Peterson
Level 5
Level 5

 

R-ISE-VMM-K9= Need one for each VM you are going to Deploy.
L-ISE-BSE-P4 Need as many as the total concurrent endpoints
L-ISE-PLS-1Y-S4

Only need the amount equal to the total amount of endpoints you plan on profiling (It only counts a license when you using profiling to make a policy decision)

L-ISE-APX-1Y-S4 Only need the amount equal to the total amount of endpoints you plan on posturing
L-ISE-TACACS-ND= Need 1 per VM that will do TACACS Authentications (Assuming you are deploying 2.4)

 

 

I would also recommend going with a longer term than 1 year, unless you have a specific reason.

 

For Anyconnect, you only need Anyconnect Plus Licensing to support ISE Posture, ISE NAM, VPN. 

With anyconnect you only need Plus or Apex, not both. Apex Covers all Plus features plus the Apex features.

Hi

Thank you for your reply.

do I need one L-ISE-TACACS-ND= per VM even I do HA with these two VM?

Best Regards

L-ISE-BSE-P4 Need as many as the total concurrent endpoints
L-ISE-PLS-1Y-S4

Only need the amount equal to the total amount of endpoints you plan on profiling (It only counts a license when you using profiling to make a policy decision)

L-ISE-APX-1Y-S4 Only need the amount equal to the total amount of endpoints you plan on posturing

 

Do you mean, I shoud order 1200 L-ISE-BSE-P4 and L-ISE-PLS-1Y-S4 and L-ISE-APX-1Y-S4?

or only one?

because in cisco document said, for example per L-ISE-PLS-1Y-S4 contain 1000 to 2499 sessions.

best regards

Yes, you need one Device Admin License per Node/VM. 

 

The Licenses are sold in blocks. Work with a Cisco Partner to order the items, they can get you a quote.

Licenses for 2.4 are sold in ranges, for example, you add the parent sku then select the exact quantity of P1 to p11. There are different parent and sub sku's for base, plus, and apex.

Ex. If you wanted to order 723 base licenses.
L-ISE-BSE-PLIC x 1
L-ISE-BSE-P3 - x 723

Hello Miller,

 

Could you please address my below query, Thanks in advance.

 

We have procured ISE 3615 with 249 user session licenses, license part codes are as below:

 

L-ISE-BSE-PLIC= ISE Base Licence                                                   Qty- 1
L-ISE-BSE-P1  Cisco ISE Base License - Sessions 100 to 249          Qty-249

 

Now we want to extend ISE capacity from 249 to 2499 users session, then do we need to add  all below part codes in BoM(bill of material)?

 

L-ISE-BSE-P2 Cisco ISE Base License - Sessions 250 to 499            Qty- 499
L-ISE-BSE-P3 Cisco ISE Base License - Sessions 500 to 999            Qty- 999
L-ISE-BSE-P4 Cisco ISE Base License - Sessions 1000 to 2499        Qty- 2499

 

OR 

 

Adding only 'L-ISE-BSE-P4' Cisco ISE Base License - Sessions 1000 to 2499  Oty- 2499 is enough?

 

IF i enable 'L-ISE-BSE-P4' Cisco ISE Base License - Sessions 1000 to 2499 , what happens to my earlier 249 session licenses, will it get added?  2499 + 249 = 2748 session licenses?

 

Regards,

S

Your existing 249 base licenses will remain valid when you purchase more licensing.  ISE licenses are banded, so based on the order quantity you select a different band, and all licenses are purchased with that specific band. If you want 2499 total licenses you would only have to order 2200 more in the P4 band.  


ex.  If you order 2500 additional base licenses, you would do that via the P5 band. If you order 2200 more it will be in the P4 band. Band licensing = volume discounts.
base-lic.PNG

Thanks a lot Miller.

ISE Posture Module is only available with the AnyConnect Apex License, not Plus

Yes, that is correct. I misspoke on that point, APEX is needed for Posture.