02-16-2021 05:15 AM
Dear All,
We want to buy new cisco ISE. We are planning to make it work as stand-alone, and we will enable Policy Service Node (PSN) feature on it.
Do we need to purchase device administration license? Putting on mind that we will just use it as Radius server so all TACACS+ features will not be used.
Thanks in advance.
02-16-2021 05:59 AM
Not sure what License you purchased - did you purchased a base License?
ISE Base Licenses
This license is only valid for releases prior to ISE 3.0. Features included were: Authentication, Authorization, Accounting, Guest, PassiveID, and Security Group Tags. The Cisco ISE Base license offered a similar feature set to what is in Essentials today.
02-16-2021 10:48 AM
Hi @Nemat Osama
please take a look at the following link: ISE Ordering Guide., search for 1.9.3 How do I license Device Administration.
"... Device Administration licenses are consumed per PSN. You must have Device Administration license for each of the PSN that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy Base License ..."
The Current Licensing Model:
Note: remember that there is a new licensing model (ISE 3.0)
Hope this helps !!!
02-16-2021 11:54 PM
Dear Marcelo,
Thanks for replying, we don't want to enable TACACS+ service we will just use Radius, so our question do we need it license Device Administration.
Kind Regards
02-17-2021 01:04 AM
No, you don't need to license Device Administration if you use RADIUS only.
02-17-2021 01:29 AM
Make sure your License model understand correctly - i have shared the information above with ISE 3.0
if this lower version please follow : (Device Administration Licenses - look at the model you deploying, cluster or standalone) ?
02-17-2021 05:44 AM
You only need Device Admin licenses when you want to use Tacacs+, in that case you must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on.
So as @martin.fischer stated, to simply answer the question, no you don't need the Device Administration license in your use case. HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide