cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2864
Views
2
Helpful
2
Replies

ISE Plus license consumption

blandrum
Cisco Employee
Cisco Employee

How are plus licenses counted inside of ISE?  In particular, how do I control what devices consume these licenses?  If I own 20,000 base licenses, but only need profiling on 10,000 endpoints in a particular section of my network (particular buildings perhaps), how do I control that?  I'm assuming a plus license is consumed for each profiled device that is currently online, but my DHCP / HTTP probes are centralized to the network infrastructure and see every device, even those that aren't being controlled by ISE.

There is no onboarding taking place, just dot1x with MSCHAPv2 across wired and wireless networks.

Thank you

1 Accepted Solution

Accepted Solutions

Timothy Abbott
Cisco Employee
Cisco Employee

Brad,

They are consumed in the same manner as a base license with a slight difference.  If you use profiling policy in authorization, then every device that matches that policy will consume a plus license.  Here's an example:  I have access points in my network that I want to authenticate with ISE and I write an authorization rule that looks like the following:

Cisco APs:  If Cisco-Access-Points AND Wired_MAB then AP_Access

Every Access point that has been profiled as a Cisco-Access-Point and matches the above rule will consume a license for the duration of the authentication session.  Hope that helps.

Regards,

-Tim

View solution in original post

2 Replies 2

Timothy Abbott
Cisco Employee
Cisco Employee

Brad,

They are consumed in the same manner as a base license with a slight difference.  If you use profiling policy in authorization, then every device that matches that policy will consume a plus license.  Here's an example:  I have access points in my network that I want to authenticate with ISE and I write an authorization rule that looks like the following:

Cisco APs:  If Cisco-Access-Points AND Wired_MAB then AP_Access

Every Access point that has been profiled as a Cisco-Access-Point and matches the above rule will consume a license for the duration of the authentication session.  Hope that helps.

Regards,

-Tim

Awesome, that’s what I was thinking but appreciate the quick response and verification.

Thank you,

Brad Landrum

Systems Engineer | Cisco Systems