05-25-2022 11:52 PM
We have smart licensed our cisco ise box. (ISE-2.4 release SNS3595 Medium 1200 GBHD 64 GB Ram 16 processor)
But it is showing out of compliance for VM large and Release Entitlement for VM Medium and VM small.
Please help me understanding this. Is anything we need to check from our end.
Solved! Go to Solution.
05-27-2022 11:30 AM
Hi @sujanyakj ,
beyond what @ahollifield said ...
1. the VM Small, Medium and Large reaches EOL on Sep/21 and was replaced by the VM Common License !!!
2. If you’re using the Old VM License (i.e., R-ISE-5VM-K9=), you should migrate the Old VM License to the legacy VM Medium License ("R-ISE-VMM-K9=") and then migrate the legacy VM Medium License to the VM Common License !!!
3. Customers who are on ISE 2.X and ISE 3.0 can continue to use the legacy VM Licenses until the EOL Date of the Licenses. They also can migrate the legacy VM Licenses to the VM Common License and stay on ISE 2.X or ISE 3.0 !!!
VM Category:
. Small
Minimum 32GB RAM and 16 CPU cores for SNS-3615 equivalent
. Medium
Minimum 64GB RAM and 16 CPU cores for SNS-3595 equivalent.
Minimum 96GB RAM and 24 CPU cores for SNS-3655 equivalent.
. Large
Minimum 256GB RAM and 24 CPU cores for SNS-3695 equivalent.
Note: you can double check you HW Profile at:
ise/admin# show tech-support
...
*****************************************
Displaying ISE Profile ...
*****************************************
Profile : sns3595
OR
At Operations > Reports > Reports > Diagnostics > ISE Counters, check for ISE Profile (for ex.: SNS_3655).
Hope this helps !!!
05-26-2022 01:35 AM
- Might be applicable : https://community.cisco.com/t5/network-access-control/ise-license-out-of-compliance/td-p/3719520 and or consider p5 for 2.4 if not yet done.
M.
05-26-2022 01:31 PM
05-26-2022 01:34 PM
Is the only node in your deployment a 3595?
05-26-2022 07:33 PM
Yes, there are two 3595 boxes in distributed deployemnt mode.
05-26-2022 08:03 PM
So there are zero VMs in this environment? You say two 3595 but you also say distributed deployment (which typically means PAN, MnT, and PSN on separate nodes)? So what are the other nodes? How many total ISE nodes are there?
If you do indeed only have two 3595 appliances, this is not expected behavior. I would install the latest patch for ISE 2.4 and then contact TAC.
05-26-2022 08:46 PM
Hi @sujanyakj ,
Released Entitlement means "that you are not using" VM Medium and/or VM Small.
Out of Compliance for VM Large means that you need to add a VM Large license for each Node that you have
For ex.:
Hope this helps !!!
05-26-2022 10:06 PM
Hi Marcelo,
Yes this ia helpful. Actually we have procured medium license but while licensing the box via registration token it is automatically taking large license which is not procured inatead of VM Medium.
Is there any settings which i have to do from my end to make the ISE to take medium license.
05-27-2022 04:01 AM
So you do have VMs in your environment then yes? If yes, then you have provisioned your VMs with too much CPU/Memory and they are matching the large license and not medium. Have a look here: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_01.html
Your VMs must have the medium size to use the medium license. Secondly, Cisco now has moved to a VMC (VM Common license) that is a single license SKU for any size VM. You will need to upgrade ISE though to make use of that
05-27-2022 06:18 AM
We have used the below ova for ise deployment in linux kvm,
Ise-2.4.0.357-6.5ova-sns3595-medium-1200gbhd-64gbram-16cpu.ova
Ise resourcing detail is ,
16 cpu, 64 gb ram, 1200 gb hard disk
05-27-2022 11:30 AM
Hi @sujanyakj ,
beyond what @ahollifield said ...
1. the VM Small, Medium and Large reaches EOL on Sep/21 and was replaced by the VM Common License !!!
2. If you’re using the Old VM License (i.e., R-ISE-5VM-K9=), you should migrate the Old VM License to the legacy VM Medium License ("R-ISE-VMM-K9=") and then migrate the legacy VM Medium License to the VM Common License !!!
3. Customers who are on ISE 2.X and ISE 3.0 can continue to use the legacy VM Licenses until the EOL Date of the Licenses. They also can migrate the legacy VM Licenses to the VM Common License and stay on ISE 2.X or ISE 3.0 !!!
VM Category:
. Small
Minimum 32GB RAM and 16 CPU cores for SNS-3615 equivalent
. Medium
Minimum 64GB RAM and 16 CPU cores for SNS-3595 equivalent.
Minimum 96GB RAM and 24 CPU cores for SNS-3655 equivalent.
. Large
Minimum 256GB RAM and 24 CPU cores for SNS-3695 equivalent.
Note: you can double check you HW Profile at:
ise/admin# show tech-support
...
*****************************************
Displaying ISE Profile ...
*****************************************
Profile : sns3595
OR
At Operations > Reports > Reports > Diagnostics > ISE Counters, check for ISE Profile (for ex.: SNS_3655).
Hope this helps !!!
05-30-2022 07:04 AM
Hi @Marcelo Morais@ahollifield ,
Thanks for the response. It is very helpful and informative.
I will work on making the license VM common license.
As of now,I checked the ISE profile on the above mentioned path it is SNS3595. CPU is 16 and 64 gb hard disk(which is specification for medium VM)
But still when i am trying to smart license the VM appliance, its registering as VM large instead of VM medium.
05-30-2022 11:41 AM
Please call TAC to see what the problem might be with the Licensing thinking you have a Large VM.
05-30-2022 11:44 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide