Solved: Hello Venkatesh,

samer.hasan · ‎08-13-2013

Hello,

I am going to Order (SNS-3415-K9) ISE product to deploy at my company, my concern is the size of license I shall order, and how to know the correct number

I have workstations (PC’s), laptops, Printers, IP-CAM’s, and WLC with 50 AP.

How I can determine the number of license I should get in order to have the benefits from Cisco ISE.

Best reagrds,

Samer Hasan

aqjaved · ‎08-13-2013

Question:

I am going to Order (SNS-3415-K9) ISE product to deploy at my company, my concern is the size of license I shall order, and how to know the correct number. I have workstations (PC’s), laptops, Printers, IP-CAM’s, and WLC with 50 AP. How I can determine the number of license I should get in order to have the benefits from Cisco ISE.

Cisco Identity Services Engine (ISE) Ordering Steps

Here’s guide which can help in finding solution of your problem

1. Estimate the number of concurrent endpoints in the network.

2. Estimate the number of appliances (physical or virtual) needed to support the number of concurrent endpoints

in the network.

3. Select the appropriate type of appliance suitable for your deployment. (Reference the appliance selection.)

4. Select the appropriate type of license suitable for your deployment. (Reference the license selection.)

5. Select the appropriate level of services available from Cisco Advanced Services or a Certified Partner for design,

Deployment and sustaining services of the ISE deployment.

Step 1: Estimate the Number of Concurrent Endpoints in the Network

Estimating the total number of concurrent endpoints is dependent on a number of variables. An approach to consider would be to take into account:

• Number of employees in the organization

• Average number of devices per employee (desktop, laptop, smartphone, desk IP phone, etc.)

• Number of switch ports currently in the organization

• Number of access points deployed in the organization

• Average number of devices per access point

• Dynamic IP address range being used

• Average number of guests expected to join the network

• Inventory of non-user devices such as IP cameras, printers, IP-enabled projectors, etc.

A combination of factors that includes but is not limited to the above factors could be used to determine the total number of concurrent endpoints in the network.

Step 2: Cisco ISE Appliances and Servers* Options

Cisco Identity Services Engine Appliances
Option 1: Cisco Identity Services Engine Appliances and Servers*	Product Number	Endpoints Supported
Cisco Secure Network Server 3415*	SNS-3415-K9	5,000
Cisco Secure Network Server 3495*	SNS-3495-K9	20,000

Step 3: Cisco Secure Network Server Support SKUs*

Product Number	SMARTnet Part Number	Description
SNS-3415-K9*	CON-SNT-SNS-3415	Cisco SMARTnet support for SNS-3415-K9 - 8x5 Next Business Day

Step 4: Select the Type of License

Step 5: Cisco ISE License Options

License Type	Features Supported	Deployment Type Supported	License Prerequisite	License Term(s)
Base License	AAA Guest Provisioning Link Encryption Policies	Wired Wireless VPN	-	Perpetual
Advanced License	Device Onboarding/Provisioning Device Profiling and Feed Service* Host Posture Security Group Access Integrated Vendor MDM Support*	Wired Wireless VPN	Base License	3- and 5-Year Terms
Wireless License	Device Onboarding/Provisioning AAA Guest Provisioning Link Encryption Policies Device Profiling and Feed Service* Host Posture Security Group Access Integrated Vendor MDM Support*	Wireless	-	3- and 5-Year Terms

Step 6. Cisco ISE Functionality-Based License Options

License Tiers (T)	Number of Endpoints Supported	Base License	Advanced 3-Year License	Advanced 5-Year License	Wireless 3-Year License	Wireless 5-Year License	Wireless Upgrade 3-Year License	Wireless Upgrade 5-Year License
100	100 Endpoints	L-ISE-BSE-100=	L-ISE-ADV3Y-100=	L-ISE-ADV5Y-100=	L-ISE-AD3Y-W-100=	L-ISE-AD5Y-W-100=	L-ISE-W-3UPG-100=	L-ISE-W-UPG-100=
250	250 Endpoints	L-ISE-BSE-250-	L-ISE-ADV3Y-250=	L-ISE-ADV5Y-250=	L-ISE-AD3Y-W-250=	L-ISE-AD5Y-W-250=	L-ISE-W-3UPG-250=	L-ISE-W-UPG-250=
500	500 Endpoints	L-ISE-BSE-500=	L-ISE-ADV3Y-500=	L-ISE-ADV5Y-500=	L-ISE-AD3Y-W-500=	L-ISE-AD5Y-W-500=	L-ISE-W-3UPG-500=	L-ISE-W-UPG-500=
1000	1000 Endpoints	L-ISE-BSE-1K=	L-ISE-ADV3Y-1K=	L-ISE-ADV5Y-1K=	L-ISE-AD3Y-W-1K=	L-ISE-AD5Y-W-1K=	L-ISE-W-3UPG-1K=	L-ISE-W-UPG-1K=
1500	1500 Endpoints	L-ISE-BSE-1500=	L-ISE-ADV3Y-1500=	L-ISE-ADV5Y-1500=	L-ISE-AD3Y-W-1500=	L-ISE-AD5Y-W-1500=	L-ISE-W-3UPG-1500=	L-ISE-W-UPG-1500=
2500	2500 Endpoints	L-ISE-BSE-2500=	L-ISE-ADV3Y-2500=	L-ISE-ADV5Y-2500=	L-ISE-AD3Y-W-2500=	L-ISE-AD5Y-W-2500=	L-ISE-W-3UPG-2500=	L-ISE-W-UPG-2500=
3500	3500 Endpoints	L-ISE-BSE-3500=	L-ISE-ADV3Y-3500=	L-ISE-ADV5Y-3500=	L-ISE-AD3Y-W-3500=	L-ISE-AD5Y-W-3500=	L-ISE-W-3UPG-3500=	L-ISE-W-UPG-3500=
5000	5000 Endpoints	L-ISE-BSE-5K=	L-ISE-ADV3Y-5K=	L-ISE-ADV5Y-5K=	L-ISE-AD3Y-W-5K=	L-ISE-AD5Y-W-5K=	L-ISE-W-3UPG-5K=	L-ISE-W-UPG-5K=
10,000	10K Endpoints	L-ISE-BSE-10K=	L-ISE-ADV3Y-10K=	L-ISE-ADV5Y-10K=	L-ISE-AD3Y-W-10K=	L-ISE-AD5Y-W-10K=	L-ISE-W-3UPG-10K=	L-ISE-W-UPG-10K=
25,000	25K Endpoints	L-ISE-BSE-25K=	L-ISE-ADV3Y-25K=	L-ISE-ADV5Y-25K=	L-ISE-AD3Y-W-25K=	L-ISE-AD5Y-W-25K=	L-ISE-W-3UPG-25K=	L-ISE-W-UPG-25K=
50,000	50K Endpoints	L-ISE-BSE-50K=	L-ISE-ADV3Y-50K=	L-ISE-ADV5Y-50K=	L-ISE-AD3Y-W-50K=	L-ISE-AD5Y-W-50K=	L-ISE-W-3UPG-50K=	L-ISE-W-UPG-50K=
100,000	100K Endpoints	L-ISE-BSE-100K=	L-ISE-ADV3Y-100K=	L-ISE-ADV5Y-100K=	L-ISE-AD3Y-W-100K=	L-ISE-AD5Y-W-100K=	L-ISE-W-3UPG-100K=	L-ISE-W-UPG-100K=

View solution in original post

aqjaved · ‎08-13-2013

Question:

I am going to Order (SNS-3415-K9) ISE product to deploy at my company, my concern is the size of license I shall order, and how to know the correct number. I have workstations (PC’s), laptops, Printers, IP-CAM’s, and WLC with 50 AP. How I can determine the number of license I should get in order to have the benefits from Cisco ISE.

Cisco Identity Services Engine (ISE) Ordering Steps

Here’s guide which can help in finding solution of your problem

1. Estimate the number of concurrent endpoints in the network.

2. Estimate the number of appliances (physical or virtual) needed to support the number of concurrent endpoints

in the network.

3. Select the appropriate type of appliance suitable for your deployment. (Reference the appliance selection.)

4. Select the appropriate type of license suitable for your deployment. (Reference the license selection.)

5. Select the appropriate level of services available from Cisco Advanced Services or a Certified Partner for design,

Deployment and sustaining services of the ISE deployment.

Step 1: Estimate the Number of Concurrent Endpoints in the Network

Estimating the total number of concurrent endpoints is dependent on a number of variables. An approach to consider would be to take into account:

• Number of employees in the organization

• Average number of devices per employee (desktop, laptop, smartphone, desk IP phone, etc.)

• Number of switch ports currently in the organization

• Number of access points deployed in the organization

• Average number of devices per access point

• Dynamic IP address range being used

• Average number of guests expected to join the network

• Inventory of non-user devices such as IP cameras, printers, IP-enabled projectors, etc.

A combination of factors that includes but is not limited to the above factors could be used to determine the total number of concurrent endpoints in the network.

Step 2: Cisco ISE Appliances and Servers* Options

Cisco Identity Services Engine Appliances
Option 1: Cisco Identity Services Engine Appliances and Servers*	Product Number	Endpoints Supported
Cisco Secure Network Server 3415*	SNS-3415-K9	5,000
Cisco Secure Network Server 3495*	SNS-3495-K9	20,000

Step 3: Cisco Secure Network Server Support SKUs*

Product Number	SMARTnet Part Number	Description
SNS-3415-K9*	CON-SNT-SNS-3415	Cisco SMARTnet support for SNS-3415-K9 - 8x5 Next Business Day

Step 4: Select the Type of License

Step 5: Cisco ISE License Options

License Type	Features Supported	Deployment Type Supported	License Prerequisite	License Term(s)
Base License	AAA Guest Provisioning Link Encryption Policies	Wired Wireless VPN	-	Perpetual
Advanced License	Device Onboarding/Provisioning Device Profiling and Feed Service* Host Posture Security Group Access Integrated Vendor MDM Support*	Wired Wireless VPN	Base License	3- and 5-Year Terms
Wireless License	Device Onboarding/Provisioning AAA Guest Provisioning Link Encryption Policies Device Profiling and Feed Service* Host Posture Security Group Access Integrated Vendor MDM Support*	Wireless	-	3- and 5-Year Terms

Step 6. Cisco ISE Functionality-Based License Options

License Tiers (T)	Number of Endpoints Supported	Base License	Advanced 3-Year License	Advanced 5-Year License	Wireless 3-Year License	Wireless 5-Year License	Wireless Upgrade 3-Year License	Wireless Upgrade 5-Year License
100	100 Endpoints	L-ISE-BSE-100=	L-ISE-ADV3Y-100=	L-ISE-ADV5Y-100=	L-ISE-AD3Y-W-100=	L-ISE-AD5Y-W-100=	L-ISE-W-3UPG-100=	L-ISE-W-UPG-100=
250	250 Endpoints	L-ISE-BSE-250-	L-ISE-ADV3Y-250=	L-ISE-ADV5Y-250=	L-ISE-AD3Y-W-250=	L-ISE-AD5Y-W-250=	L-ISE-W-3UPG-250=	L-ISE-W-UPG-250=
500	500 Endpoints	L-ISE-BSE-500=	L-ISE-ADV3Y-500=	L-ISE-ADV5Y-500=	L-ISE-AD3Y-W-500=	L-ISE-AD5Y-W-500=	L-ISE-W-3UPG-500=	L-ISE-W-UPG-500=
1000	1000 Endpoints	L-ISE-BSE-1K=	L-ISE-ADV3Y-1K=	L-ISE-ADV5Y-1K=	L-ISE-AD3Y-W-1K=	L-ISE-AD5Y-W-1K=	L-ISE-W-3UPG-1K=	L-ISE-W-UPG-1K=
1500	1500 Endpoints	L-ISE-BSE-1500=	L-ISE-ADV3Y-1500=	L-ISE-ADV5Y-1500=	L-ISE-AD3Y-W-1500=	L-ISE-AD5Y-W-1500=	L-ISE-W-3UPG-1500=	L-ISE-W-UPG-1500=
2500	2500 Endpoints	L-ISE-BSE-2500=	L-ISE-ADV3Y-2500=	L-ISE-ADV5Y-2500=	L-ISE-AD3Y-W-2500=	L-ISE-AD5Y-W-2500=	L-ISE-W-3UPG-2500=	L-ISE-W-UPG-2500=
3500	3500 Endpoints	L-ISE-BSE-3500=	L-ISE-ADV3Y-3500=	L-ISE-ADV5Y-3500=	L-ISE-AD3Y-W-3500=	L-ISE-AD5Y-W-3500=	L-ISE-W-3UPG-3500=	L-ISE-W-UPG-3500=
5000	5000 Endpoints	L-ISE-BSE-5K=	L-ISE-ADV3Y-5K=	L-ISE-ADV5Y-5K=	L-ISE-AD3Y-W-5K=	L-ISE-AD5Y-W-5K=	L-ISE-W-3UPG-5K=	L-ISE-W-UPG-5K=
10,000	10K Endpoints	L-ISE-BSE-10K=	L-ISE-ADV3Y-10K=	L-ISE-ADV5Y-10K=	L-ISE-AD3Y-W-10K=	L-ISE-AD5Y-W-10K=	L-ISE-W-3UPG-10K=	L-ISE-W-UPG-10K=
25,000	25K Endpoints	L-ISE-BSE-25K=	L-ISE-ADV3Y-25K=	L-ISE-ADV5Y-25K=	L-ISE-AD3Y-W-25K=	L-ISE-AD5Y-W-25K=	L-ISE-W-3UPG-25K=	L-ISE-W-UPG-25K=
50,000	50K Endpoints	L-ISE-BSE-50K=	L-ISE-ADV3Y-50K=	L-ISE-ADV5Y-50K=	L-ISE-AD3Y-W-50K=	L-ISE-AD5Y-W-50K=	L-ISE-W-3UPG-50K=	L-ISE-W-UPG-50K=
100,000	100K Endpoints	L-ISE-BSE-100K=	L-ISE-ADV3Y-100K=	L-ISE-ADV5Y-100K=	L-ISE-AD3Y-W-100K=	L-ISE-AD5Y-W-100K=	L-ISE-W-3UPG-100K=	L-ISE-W-UPG-100K=

Ravi Singh · ‎08-18-2013

Good post

Igor Manassypov · ‎10-25-2013

What is the difference between 'Wireless License' and 'Wireless Upgrade License' for a term?

Thanks,

-igor

Igor Manassypov · ‎10-25-2013

To answer my own question"

Wireless Upgrade Licenses are designed to support users that currently subscribe to a Wireless License model and decide to offer Cisco ISE support for non-wireless endpoints in the network as well. Rather than uninstall licenses and revert to a Base and Advanced License scheme, you can upgrade to a Wireless Upgrade License, which provides the full range of Cisco ISE functions and policy management capabilities for all wireless and non-wireless client-access methods, including wired and VPN Concentrator access.

You can only install a Wireless Upgrade License option on top of an existing Wireless License with the same allowable endpoint count. You cannot install a Wireless Upgrade on top of a Base plus Advanced License package.

bcoverstone · ‎11-11-2017

This is one of the first Google links when searching ISE licensing. All the part numbers above were End-Of-Life'd years ago.

It's a full time job to keep up with Cisco's comings and goings. Probably 50% of the Cisco products I learn about greet me with an EOL. At least ISE hasn't been EOL'd yet, just the licensing. Here are the replacement part numbers:

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/eos-eol-notice-c51-730646.pdf

Anas Naqvi · ‎09-05-2013

Hi,

Cisco partners can additionally purchase the ISE Design Guidance service package to help them validate their designs. You can refer to the following link for more information:

http://www.cisco.com/web/about/doing_business/legal/service_descriptions/docs/CPS_ISE_Planning_and_Design_Guidance_Service.pdf

muhammk2 · ‎09-06-2013

Hello,

It depends upon the total number of user and non-user endpoints in your network. Also you need to identify the number of concurrent user and non-user endpoints as the licenses should be atleast equal to the concurrent ones.

muthumohan · ‎03-25-2014

Hi,

Just a question on ISE license consumption.

If a user logs in and gets authenticated via ISE on a device that is already authenticated (device authentication), does it consume 2 licenses, one for the device and one for the user?

This is nowhere clearly told in any cisco documentation.

Can anybody help me clarify this?

Thank you,

Mohan

Venkatesh Attuluri · ‎03-27-2014

Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.

HyeonCheol Cho · ‎07-17-2016

Hello Venkatesh,

How would licenses be counted if radius accounting is disabled?

Muhammad Anser Khan · ‎08-02-2016

Hi,

Can I upgrade expired wireless license running on Cisco ISE 1.2 version to newly ordered license i.e. Mobility upgrade or Do I need to first migrate wireless license to mobility license then go for mobility upgrade?

Actually existing wireless license is expired so I think I need to retrieve the old license through Cisco licensing team by providing Server UID.

Please suggest the right procedure & sequence.

Regards,

Anser

omidkatouzian · ‎09-27-2016

according to Cisco documents :

The endpoint consumes the Base license before it consumes a Plus and Apex license.
The endpoint consumes the Plus license before it consumes an Apex license.
One Plus license is consumed per endpoint for any assortment of the license's features. Likewise, one Apex license is consumed per endpoint for any assortment of its features.

Understand ISE Licensing