cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

303
Views
0
Helpful
5
Replies
Jason Maynard
Cisco Employee

ISE - Network Admin Radius

Hi Folks, 

 

Looking for confirmation on the following 

- 1500 Network Devices that are managed by a team of 10. 

- Use Radius to authenticate the user managing the network device. No TACACS today. 

 

What is the minimum license required?

 

Also, would this change if they were also using TACACS outside of the Device Admin per node. 

 

Thanks,

Jason

 

5 REPLIES 5
pan
Cisco Employee
Cisco Employee

TACACS uses Device admin

RADIUS uses base,plus.. license.

 

Check following doc[Ordering guide]:

 

https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

So in summary:

If using Radius for management of 1500 devices one would require
- 1500 base license
- 1500 plus license

If using TACACS for management of 1500 devices one would require
- 100 base license
- Device administration license per node

If using Radius and/or TACACS for management of 1500 devices one would require
- 1500 base license
- 1500 plus license
- Device administration license per node

Hi, prior to Ise 2.4 you need 1 licence for device administration (TACACS) . For radius device administration you will need the minimum 100 base license. I don’t think there will be 1500 concurrent sessions at same time. As you told there are 10 guys only and i dont think they will use 2 or 3 sessions per user. Radius is count per session. 1 session 1 licence . After sessions end it will release the licence.

Just looking for a firm answer and it is ISE 2.4

 

So to confirm 

 

If using Radius for management of 1500 devices one would require
- 100 base license

If using TACACS and/or Radius for management of 1500 devices one would require
- 100 base license
- Device administration license per node

 

Thanks 

Jason 

Yes , i never use radius for device administration.

Thats why I suggest to use tacacs . And for Ise 2.4 it is per node.

Content for Community-Ad