06-01-2017 02:03 AM
HI all,
Use case :
ISE and Firepower integration with PXGrid for users validated on an ISE portal and identity information shared to Firepower to make different rules for internet access.
Total users : 10000
Concurrent users: 3000
What terms apply for number of PLUS licenses :
Is 100 plus licenses enough - YES/NO ?
Number of Concurrent users connected – YES/NO ?
Total number of users in identity store using the ISE portal – YES/NO ?
Best regards
Tue
Solved! Go to Solution.
06-01-2017 08:36 AM
Licenses are tied to features, not specifically to pxGrid itself. A typical pxGrid use case is the sharing of context (session, endpoints, TrustSec elements, profiles, etc) outbound to other Cisco or 3rd-party vendor solutions. This requires a 1:1 license for active sessions, or 3,000 Base and 3,000 Plus in your example.
Starting in ISE 2.2, in order to deliver parity with ISE-PIC for sharing Passive Identity (User-IP mapping) and Group information with Cisco consumers (external applications that receive ISE context via pxGrid), all that is needed is ISE Base (any license count). To share other pxGrid topics, non-passive session data, or to share context with non-Cisco consumers, a Plus license is required using the 1:1 ratio explained above.
Hope that clarifies the licensing requirements for these specific use cases.
/Craig
06-01-2017 08:36 AM
Licenses are tied to features, not specifically to pxGrid itself. A typical pxGrid use case is the sharing of context (session, endpoints, TrustSec elements, profiles, etc) outbound to other Cisco or 3rd-party vendor solutions. This requires a 1:1 license for active sessions, or 3,000 Base and 3,000 Plus in your example.
Starting in ISE 2.2, in order to deliver parity with ISE-PIC for sharing Passive Identity (User-IP mapping) and Group information with Cisco consumers (external applications that receive ISE context via pxGrid), all that is needed is ISE Base (any license count). To share other pxGrid topics, non-passive session data, or to share context with non-Cisco consumers, a Plus license is required using the 1:1 ratio explained above.
Hope that clarifies the licensing requirements for these specific use cases.
/Craig
08-14-2017 09:53 PM
Hi,
What happens if the base licenses is more than plus licenses? I am trying to achieve passive authentication for FMC integration. WIll the solution still work with ratio of 2:1? Thank you in advanced.
08-14-2017 10:19 PM
Passive authentication contextual information shared to FMC via PXGrid doesn't require plus licenses as of ISE 2.3 (or was it 2.2).
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
08-14-2017 10:22 PM
Thanks George for your prompt response. I shall advice my customer to upgrade to ISE 2.3 to eliminate such concern.
08-23-2018 03:20 AM - edited 08-23-2018 04:10 AM
Hello,
I am currently proposing a campus ISE system for a 35,000 user campus with 4 x 3595 comprising 2 x PSN; 1 x MnT & 1 Admin. For PxGrid what are the persona requirements, do I just add an 5th node ?
Then for licencing I have 50K Base and 10K Plus for profiling non-supplicant devices. The customer requires user based URL filtering (control over who is allowed to access what). Is linking FMC URL filtering to ISE via PxGrid the answer? If so do I need to add 1:1 Plus licences for max concurrent URL usage?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide