cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

276
Views
0
Helpful
6
Replies
Highlighted
Beginner

New ISE- device administration license Need it or not.

Dear All,

 

We want to buy new cisco ISE. We are planning to make it work as stand-alone, and we will enable Policy Service Node (PSN) feature on it.

Do we need to purchase device administration license? Putting on mind that we will just use it as Radius server so all TACACS+ features will not be used.


Thanks in advance.

 

6 REPLIES 6
Highlighted
VIP Expert

Not sure what License you purchased - did you purchased a base License?

 

ISE Base Licenses

This license is only valid for releases prior to ISE 3.0. Features included were: Authentication, Authorization, Accounting, Guest, PassiveID, and Security Group Tags. The Cisco ISE Base license offered a similar feature set to what is in Essentials today.

 

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#5CiscoISEorderingSKUsandentitlementinformation



BB


*** Rate All Helpful Responses ***

Highlighted

Hi @Nemat Osama 

 please take a look at the following link: ISE Ordering Guide., search for 1.9.3 How do I license Device Administration.

"... Device Administration licenses are consumed per PSN. You must have Device Administration license for each of the PSN that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy Base License ..."

 

 The Current Licensing Model:

Licensing.png

 

Note: remember that there is a new licensing model  (ISE 3.0)

 

Hope this helps !!!

Highlighted

Dear Marcelo,

Thanks for replying, we don't want to enable TACACS+ service we will just use Radius, so our question do we need it license Device Administration.

 

Kind Regards

Highlighted

No, you don't need to license Device Administration if you use RADIUS only.

Highlighted

Make sure your License model understand correctly - i have shared the information above with ISE 3.0

 

if this lower version please follow : (Device Administration Licenses - look at the model you deploying, cluster or standalone) ?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_man_license.html

 



BB


*** Rate All Helpful Responses ***

Highlighted
VIP Engager

You only need Device Admin licenses when you want to use Tacacs+, in that case you must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on. 

So as @martin.fischer stated, to simply answer the question, no you don't need the Device Administration license in your use caseHTH!

Content for Community-Ad