Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

276
Views
0
Helpful
6
Replies
Highlighted
Nemat Osama
Beginner
Beginner
‎02-16-2021 05:15 AM
‎02-16-2021 05:15 AM

New ISE- device administration license Need it or not.

Dear All,

 

We want to buy new cisco ISE. We are planning to make it work as stand-alone, and we will enable Policy Service Node (PSN) feature on it.

Do we need to purchase device administration license? Putting on mind that we will just use it as Radius server so all TACACS+ features will not be used.


Thanks in advance.

 

0 Helpful
Reply
6 REPLIES 6
Highlighted
balaji.bandi
VIP Expert VIP Expert
VIP Expert
‎02-16-2021 05:59 AM
‎02-16-2021 05:59 AM

Not sure what License you purchased - did you purchased a base License?

 

ISE Base Licenses

This license is only valid for releases prior to ISE 3.0. Features included were: Authentication, Authorization, Accounting, Guest, PassiveID, and Security Group Tags. The Cisco ISE Base license offered a similar feature set to what is in Essentials today.

 

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#5CiscoISEorderingSKUsandentitlementinformation



BB


*** Rate All Helpful Responses ***

0 Helpful
Reply
Highlighted
Marcelo Almeida De Morais
Engager
Engager
‎02-16-2021 10:48 AM
‎02-16-2021 10:48 AM

Hi @Nemat Osama 

 please take a look at the following link: ISE Ordering Guide., search for 1.9.3 How do I license Device Administration.

"... Device Administration licenses are consumed per PSN. You must have Device Administration license for each of the PSN that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy Base License ..."

 

 The Current Licensing Model:

Licensing.png

 

Note: remember that there is a new licensing model  (ISE 3.0)

 

Hope this helps !!!

0 Helpful
Reply
Highlighted
Nemat Osama
Beginner
Beginner
In response to Marcelo Almeida De Morais
‎02-16-2021 11:54 PM
‎02-16-2021 11:54 PM

Dear Marcelo,

Thanks for replying, we don't want to enable TACACS+ service we will just use Radius, so our question do we need it license Device Administration.

 

Kind Regards

0 Helpful
Reply
Highlighted
martin.fischer
Beginner
Beginner
In response to Nemat Osama
‎02-17-2021 01:04 AM
‎02-17-2021 01:04 AM

No, you don't need to license Device Administration if you use RADIUS only.

0 Helpful
Reply
Highlighted
balaji.bandi
VIP Expert VIP Expert
VIP Expert
In response to Nemat Osama
‎02-17-2021 01:29 AM
‎02-17-2021 01:29 AM

Make sure your License model understand correctly - i have shared the information above with ISE 3.0

 

if this lower version please follow : (Device Administration Licenses - look at the model you deploying, cluster or standalone) ?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_man_license.html

 



BB


*** Rate All Helpful Responses ***

0 Helpful
Reply
Highlighted
Mike.Cifelli
VIP Engager VIP Engager
VIP Engager
‎02-17-2021 05:44 AM
‎02-17-2021 05:44 AM

You only need Device Admin licenses when you want to use Tacacs+, in that case you must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on. 

So as @martin.fischer stated, to simply answer the question, no you don't need the Device Administration license in your use caseHTH!

0 Helpful
Reply
Latest Contents
Bridge the security gap with Cisco Remote Secure Worker
Created by Kelli Glass on 02-26-2021 04:37 PM
0
0
0
0
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use. Learn about Cisco Remote Secure Worker solutions that verify workers, secu... view more
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
219
11
219
    ISE Node Terminology PAN MNT PSN PXG Policy Administration Node Monitoring & Troubleshooting Node Policy Services Node Platform Exchange Grid Node The single plane of glass for ISE administration and configuration operatio... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
  About this Document Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par... view more
Content for Community-Ad