Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1591
Views
0
Helpful
6
Replies

New ISE- device administration license Need it or not.

Nemat Osama
Level 1
Level 1

‎02-16-2021 05:15 AM

Dear All,

 

We want to buy new cisco ISE. We are planning to make it work as stand-alone, and we will enable Policy Service Node (PSN) feature on it.

Do we need to purchase device administration license? Putting on mind that we will just use it as Radius server so all TACACS+ features will not be used.


Thanks in advance.

 

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2021 05:59 AM

Not sure what License you purchased - did you purchased a base License?

 

ISE Base Licenses

This license is only valid for releases prior to ISE 3.0. Features included were: Authentication, Authorization, Accounting, Guest, PassiveID, and Security Group Tags. The Cisco ISE Base license offered a similar feature set to what is in Essentials today.

 

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#5CiscoISEorderingSKUsandentitlementinformation

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marcelo Morais
VIP
VIP

‎02-16-2021 10:48 AM

Hi @Nemat Osama 

 please take a look at the following link: ISE Ordering Guide., search for 1.9.3 How do I license Device Administration.

"... Device Administration licenses are consumed per PSN. You must have Device Administration license for each of the PSN that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy Base License ..."

 

 The Current Licensing Model:

Licensing.png

 

Note: remember that there is a new licensing model  (ISE 3.0)

 

Hope this helps !!!

0 Helpful

Nemat Osama
Level 1
Level 1
In response to Marcelo Morais

‎02-16-2021 11:54 PM

Dear Marcelo,

Thanks for replying, we don't want to enable TACACS+ service we will just use Radius, so our question do we need it license Device Administration.

 

Kind Regards

0 Helpful

martin.fischer
Level 1
Level 1
In response to Nemat Osama

‎02-17-2021 01:04 AM

No, you don't need to license Device Administration if you use RADIUS only.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Nemat Osama

‎02-17-2021 01:29 AM

Make sure your License model understand correctly - i have shared the information above with ISE 3.0

 

if this lower version please follow : (Device Administration Licenses - look at the model you deploying, cluster or standalone) ?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_man_license.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-17-2021 05:44 AM

You only need Device Admin licenses when you want to use Tacacs+, in that case you must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on. 

So as @martin.fischer stated, to simply answer the question, no you don't need the Device Administration license in your use caseHTH!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents