
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 07:34 AM
Hi Guys,
Currently using R-ISE-VM-K9 SKU as VM. Endpoint base license is 250.
Now we are planning to add 1500 more endpoints for 802.1x authentication
Will the current ISE VM support this scaling or should I buy a higher ISE VM.
Solved! Go to Solution.
- Labels:
-
AAA
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 11:53 PM
Also note, you do not have to buy all new licences, if you already own 500 licenses, and you need 1500 to cover your active endpoint count, you can order an additional 1000 and they can be added to a smart account or installed directly on ISE. You will also want to ensure you look at your plus licenses if you are leveraging profiling or pxgrid context sharing. The vendor you purchase licenses from should also be able to help identify if you need plus/apex licenses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 07:47 AM
HTH!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 10:20 PM
Hi,
Does that mean a new ISE VM license should be purchased?
If we are using "R-ISE-VM-K9" currently with 300 endpoints and now scaling to 1500 endpoins. Should the ISE VM spec increase?
Are there any datasheets available stating ISE VM vs Endpoint connection capability.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 10:32 PM
The smallest ISE VM/appliance template is capable of supporting 5,000 active endpoint sessions. You shouldn't have to change your ISE nodes unless you are looking at upgrading from older ISE versions to new and you're model is no longer supported.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--632457705
As Mike pointed out, you need to ensure you have enough endpoint licenses to cover the number of active endpoints you have authenticating. This ISE licensing guide includes examples of how licenses are used.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf
You can check your current endpoint license usage at https://<ise ip>//admin/#administration/administration_system/administration_system_licensing. Here you can see your current ISE Base and Plus license entitlement, and determine if you have enough licenses to cover the new endpoints you will be adding.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 10:54 PM
Thank you Damien and Mike,
Our active endpoint sessions (802.1x authentications from desktop, laptop) would be around 1500 only.
Yes, I would purchase new base license for 1500 endpoints.
I undesrand, "R-ISE-VM-K9" VM can support upto 5000 endpoints and requires additional base license only.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2020 11:53 PM
Also note, you do not have to buy all new licences, if you already own 500 licenses, and you need 1500 to cover your active endpoint count, you can order an additional 1000 and they can be added to a smart account or installed directly on ISE. You will also want to ensure you look at your plus licenses if you are leveraging profiling or pxgrid context sharing. The vendor you purchase licenses from should also be able to help identify if you need plus/apex licenses.
