cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12761
Views
20
Helpful
16
Replies

ISE New Licensing

omadrile
Cisco Employee
Cisco Employee

Hi team,

Regarding the changes to the new licensing I'd like to get the following questions clarified:

- In the ISE 2.4 release notes, it's mentioned that "If you are currently using a Device Administration license and plan to upgrade to Release 2.4, TACACS+ features will be supported for 50 Device Administration nodes in Release 2.4" reference: Release Notes for Cisco Identity Services Engine, Release 2.4 - Cisco If a customer installs L-ISE-TACACS= after upgrading to ISE 2.4, will TACACS+ features be supported for 50 Device Administration nodes anyway?

- Similar situation to above but regarding Base licenses. If a customer installs permanent/legacy Base licenses after upgrading to ISE 2.4, will the system auto-convert them to subscription based anyway?

- When the system auto-converts permanent/legacy Base licenses to subscription at upgrade (I'm assuming upgrade to 2.4 following slides shared during the latest Security VT), will the new licenses be converted to 1Y, 3Y or 5Y subscription?

- Is the SKU L-ISE-BSE-PLIC used to quote existing permanent/legacy Base licenses using the new Band system instead of the Block sytem, or the SKU L-ISE-BSE-PLIC will be used to quote subscription Base licenses as well? If that's the case, when can we expect that the subscription options pricing (1Y, 3Y, 5Y) will be added in CCW?

Thanks,

Oriol

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

The Cisco ISE ordering guide is recently updated and says in Page 17,

Q. We purchased Device Admin previously. Do I need to buy more licenses if I upgrade to 2.4?
A. If you purchased Device Admin as a deployment-wide license, you can continue to utilize all nodes in the

deployment for TACACS+ transactions even after upgrade to 2.4. This means the license entitles your deployment to the maximum number of nodes supported by ISE for the deployment.


You should be able to find the answer to the other question by reviewing the recording for Product Update - NVE - ISE & SDA - Video at Virtual Team (VT) Programs > H2 FY18 > Day 1.

If you still have questions, best to direct them to our product management team.

View solution in original post

16 Replies 16

Jason Kunst
Cisco Employee
Cisco Employee

You asked this in our partner community please don’t double post

I deleted the question in the partner community and posted it here instead because I'm not sure how much of these details can be shared with partners for now. Are you able to help?

Thanks,

Oriol

You did it the opposite. The partner community is meant for selling questions

Community posted it is for public consumption

Sent from my iPhone

I can repost it in the partner community if that's the best approach, but I'd really appreciate if someone can help me with the questions above, thanks!

There is no licensing change in regards to base licensing in 2.4.  That got pulled during the beta after push back from the community.  Not sure when it will be added back in.

hslai
Cisco Employee
Cisco Employee

The Cisco ISE ordering guide is recently updated and says in Page 17,

Q. We purchased Device Admin previously. Do I need to buy more licenses if I upgrade to 2.4?
A. If you purchased Device Admin as a deployment-wide license, you can continue to utilize all nodes in the

deployment for TACACS+ transactions even after upgrade to 2.4. This means the license entitles your deployment to the maximum number of nodes supported by ISE for the deployment.


You should be able to find the answer to the other question by reviewing the recording for Product Update - NVE - ISE & SDA - Video at Virtual Team (VT) Programs > H2 FY18 > Day 1.

If you still have questions, best to direct them to our product management team.

The new licensing structure is suicide for Cisco, I've just priced up my proposed ISE build on both the legacy and the new licensing structure - cost goes from $141k to $249k - for the same thing! Just insane. Customer has immediately thrown it out and wants another product which I'll just refer to as "CP" for now. Such a shame, I love ISE the product.

 

 

Alexandra
Level 1
Level 1

Hi Oriol

 

 

Did you get an answer to your first question? What happens when you add legacy licenses to a 2.4 ISE deployment? There is a crazy price change in the old vs. new. 

 

Alex :) 

Hi Alex,

 

I hope all is good :) L-ISE-TACACS= can be used with ISE 2.4, however the suggestion for green deployments is to quote L-ISE-TACACS-ND= since it will be mandatory for post ISE 2.4 release and the price of L-ISE-TACACS= has been increased 15%. In ISE 2.4, one single L-ISE-TACACS-ND= license will expand to support for up to 50 PSN nodes.

 

I hope this helps!

According to everything we have been told and also what it says in the Licensing guide that was updated in July 2018, the L-ISE-TACACS-ND= is only good for one node. You need a license for each node. 

 

5.1 Cisco ISE Device Administration license A Cisco ISE Device Administration license is an optional add-on license that allows ISE to support Device Administration (TACACS+) for managing administrative access to network devices. Please note that at least 100 ISE Base session licenses are needed in the deployment prior to adding an ISE Device Administration license. One ISE Device Administration license is required per Policy Service Node that operates on Device Administration transactions.

 

https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

Sorry for the typo, I meant "In ISE 2.4, one single L-ISE-TACACS= license will expand..."

Hi Oriol

 

 

Is this only vaild until the "old" licenses cease to exist come January? Because there is a HUGE price difference in offering the customer a TACACS-ND and the TACACS license?

 

As I see it, there is no incitement for purchasing the new -ND license. 

 

Hope everything is well with you too. 

 

Alex 

Agreed, there is little desire to buy the ND license when the old license is cheaper and covers ALL nodes. I asked Cisco if I could use the old TACACS license and was told "we prefer you to use the new" license. Well, of course Cisco would prefer that as they make more money - my question was "could" I still use the old licensing on a new deployment. Gotta love Ci$co.....

 

In the end my sales guy struck a deal with the Cisco AM I believe......  

Hi Alex,

 

The old TACACS+ license L-ISE-TACACS= won't be able to be used in post ISE 2.4 versions. Regarding the price, it's a Business Unit decision but the rationale behind as far as I know is to make the new ISE TACACS+ license L-ISE-TACACS-ND= pricing aligned to other similar offers in the market.

 

Best Regards,

Oriol