 
					
				
		
12-20-2018 02:57 PM
Table 18 of the ISE Licensing Guide suggests that we can still purchase 1 Legacy Device Admin license. I understand that if I applied the legacy license to a 2.2 deployment, upgraded to 2.4, then it would migrate to 50 node licenses.
However, if I purchase 1 legacy license, and apply it to a net-new ISE 2.4 deployment, what occurs? Would it error out and apply nothing? Would 50 node licenses appear?
The reason for the question is I am trying to deploy ISE 2.4 in a new environment and they need 2 node licenses, and I would prefer to not install 2.2, apply the license, and then immediately upgrade to 2.4...
Solved! Go to Solution.
 
					
				
		
12-20-2018 03:38 PM
You can still purchase the old Device Admin SKU (goes end of sale Feb 2019) and apply it to a fresh ISE 2.4 install (and it's valid for 50 PSN's). The new SKU costs roughly double as much and only supports 1 PSN. Get it while you can!!!
 
					
				
		
12-20-2018 03:38 PM
You can still purchase the old Device Admin SKU (goes end of sale Feb 2019) and apply it to a fresh ISE 2.4 install (and it's valid for 50 PSN's). The new SKU costs roughly double as much and only supports 1 PSN. Get it while you can!!!
 
					
				
		
12-20-2018 04:26 PM
I really want to believe this, but then why would the per-node SKU even be an option? It's more than 2x the price and 1/50 the value...
This answer suggests that the new SKU would never be sold under any circumstance until the old SKU is retired.
12-20-2018 05:41 PM - edited 12-20-2018 05:43 PM
Hi @jorreyno
This is such a common question. I replied to a similar thread the other day - have a look here.
The answer lies with the ISE Product Management. My theory is that when TACACS was introduced as a feature in ISE 2.0, they needed to make ISE look appealing enough to sway customers from their beloved ACS. And ACS needed to be end of life'd. So the BU made the TACACS pricing attractive.
Now reality has set in :-( - your assumption about the availability of the new SKU is wrong - you CAN purchase it. Cisco doesn't make up SKU's that are not available for sale. The question is whether or not you WANT to buy it now. My guess is NO!
It's a lot of money to pay for TACACS feature - I agree.
The alternative is to use Radius instead. Let's face it - not everyone needs per command authorization. If all you need is to grant a user lvl15 or lvl1 etc - then Radius does the job too.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide