Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2208
Views
10
Helpful
4
Replies

ordering and designing for TACACS+

Go to solution
passakorn.m
Level 1
Level 1

‎12-16-2020 02:47 AM

am i correct? for ordering the TACACS+ component for HA and VMware deployment

 

1. 2 units of R-ISE-VMS-K9. Cisco ISE Virtual Machine Small

2. 2 units of L-ISE-TACACS-ND Cisco ISE Device Admin Node License

 

i have 500 network devices. So how many Device Admin Node License do i need ?

and do i still need to order 100 ISE BASE License ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎12-16-2020 04:04 PM

2 units of R-ISE-VMS-K9. Cisco ISE Virtual Machine Small

2 units of L-ISE-TACACS-ND Cisco ISE Device Admin Node License

You are correct.

From http://cs.co/ise-licensing:

1.9.3 How do I license Device Administration

      License that enables Device Administration: Device Admin License

      License consumption: Device Administration licenses are consumed per policy service node. You must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy base license.

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-16-2020 03:25 AM

here is the License information :

 

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html#5CiscoISEorderingSKUsandentitlementinformation

 

If your device are 500 and not going to more in the future, but i suggest to look 500-999 License

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎12-16-2020 04:56 AM - edited ‎12-16-2020 05:00 AM

Hi @passakorn.m 

If you have 2 ISE PSN, then you will need 2 x Device Administration licenses

 

Reference:-

"License consumption: Device Administration licenses are consumed per policy service node. You must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy base license."

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html

 

HTH

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎12-16-2020 04:04 PM

2 units of R-ISE-VMS-K9. Cisco ISE Virtual Machine Small

2 units of L-ISE-TACACS-ND Cisco ISE Device Admin Node License

You are correct.

From http://cs.co/ise-licensing:

1.9.3 How do I license Device Administration

      License that enables Device Administration: Device Admin License

      License consumption: Device Administration licenses are consumed per policy service node. You must have Device Administration license for each of the policy service nodes that you enable TACACS+ service on. Device Administration using TACACS+ does not consume endpoints, and there is no limit on network devices for Device Administration. The user does not require a legacy base license.

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎12-16-2020 07:20 PM

To answer your question about the 100 Base licenses, it depends on what version of ISE you are deploying.

With ISE 2.7 and earlier, Base licenses are required with the Device Admin licenses as stated in the Admin Guide:

"A Base or Mobility license is required to install the Device Administration license."

The smallest bundle of Base licenses you can purchase is 100, so that will be plenty for Device Admin functions.

With ISE 3.0, the new 'nested doll' licensing model does not require Essentials licenses to enable the Device Admin feature, so you only need Device Admin licenses.

 

Customers Also Viewed These Support Documents