Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1720
Views
6
Helpful
8
Replies

License usage

bikespace
Level 1
Level 1

‎08-13-2013 03:01 AM - edited ‎03-10-2019 08:45 PM

Hi Folks,

Well I thought I was pretty happy with licensing, and what I understood was:

1. Licensing is based on number of concurrently active users.

2. An advanced license is used if an endpoint is allocated an authentication profile based on a rule which uses profiling information/posturing.

This shows my currentl licensing page:

ise license usage.jpg

and here's a summary from the front page:

ise summary.jpg

Don't these two already contradict each other?

I've no idea where 28 advanced licenses have been used. No posturing in place, fairly simple setup, dot1x certs and MAB. Any tips for troubleshooting license usage?

Ver 1.1.4 Patch 3

1 person had this problem
Labels:
0 Helpful
8 Replies 8

Tarik Admani
VIP Alumni
VIP Alumni

‎08-13-2013 07:07 AM

You are correct. Are you using any advanced guest features like device provisioning? If not, you need to run this through tac.


Sent from Cisco Technical Support Android App

0 Helpful

bikespace
Level 1
Level 1
In response to Tarik Admani

‎08-13-2013 03:20 PM

No device provisioning. I do have profiling enabled, but I'm thinking that if I'm not using attributes gained from profiling for any authorization rules, then it shouldn't be using advanced licenses. The fact that I only have 7 profiled end points showing on the home page sort of makes me feel more comfortable that I haven't got that wrong.

0 Helpful

Ravi Singh
Level 7
Level 7
In response to bikespace

‎08-13-2013 07:16 PM

I would suggest you to open a case with TAC team. TAC will help you out in this scenario.

0 Helpful

blenka
Level 3
Level 3

‎08-14-2013 05:10 PM

Table 4 Cisco ISE License Types and Supported Services (for ISE licensing information)

http://www.cisco.com/en/US/docs/security/ise/1.0.4/release_notes/ise104_rn.html#wp62171

The configuration guide that will help you to configure & monitor the staus of endpoint.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

bikespace
Level 1
Level 1
In response to blenka

‎08-14-2013 06:05 PM

Hi Basant, I might have missed your point. Were you outlining anything in particular? Or just handing me the manual? :-)

Florian Brenner
Level 1
Level 1
In response to bikespace

‎11-17-2013 08:00 AM

bikespace, did you ever get a solution for this issue?

I'm having the same problem in my current ISE implementation.

0 Helpful

Naresh Ginjupalli
Cisco Employee
Cisco Employee

‎11-19-2013 10:12 AM

bikespace,

In ISE 1.1.x, Advanced license is the count of postured, BYOD, or profiled endpoints
that are active in session directory.

You can make use of this API reference guide to check the Active session count.

http://www.cisco.com/en/US/docs/security/ise/1.1/api_ref_guide/ise_api_ref_ch2.html#wp1068744

The API to check for Active Session count is as follows : 

https://MNTise-node-name/ise/mnt/Session/ActiveList

Looks like issue with Dashboard query . Dashboard might be taking the count of stale Endpoint sessions as well.
0 Helpful

bikespace
Level 1
Level 1

‎11-28-2013 09:34 AM

Reply from TAC was that there were internal discussions regarding whether the method in which the licensing was calculated is to be changed, or Cisco's wording in the documentation is to be changed.
I hear that it's the former but no news regarding when yet.
Confirmed that it doesn't perform as per the documentation.
End points which were manually added by MAC were subsequently being marked as profiled and using an advanced license, despite the rules which they are using not using any of the profiled information.
Cosmetic but sends annoying alarms constantly. Doesn't look too good.

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents