cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

198
Views
15
Helpful
4
Replies

ISE

he customer needs to authenticate and authorize guest users and employees through wireless by using ISE where:

1. Authenticate guest and the permission is accessing the internet.
2. Authenticate employees by using integration between ISE and active directory and check antivirus, OS updates and etc
3. Integration with SMS gateway.

My Q. is, which license should be installed on ISE ?

I'm waiting for your support ASAP.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Master

Posture check (your second

Posture check (your second requirement) requires the Apex license.

The other requirements can be met with Base licensing.

So you need Base licenses equal to (or greater than) the total number of anticipated active sessions. Add onto that Apex licenses equal to (or greater than) the total number of employees sessions that may be active at a given time.

If you're doing profiling, device registration for BYOD, pxGrid or Endpoint Protection Services you would also need Plus licenses. Normally Apex use cases include use of one or more Plus license features. 

Cisco Employee

To add to what Marvin said (

To add to what Marvin said (+5 from me), if you want to use the AnyConnect (4.x) Client with the build-in Posture Agent then you also have to add AnyConnect Apex licenses. If you just want to use the NAC Agent then no additional licenses are needed.

Thank you for rating helpful posts!

4 REPLIES 4
Hall of Fame Master

Posture check (your second

Posture check (your second requirement) requires the Apex license.

The other requirements can be met with Base licensing.

So you need Base licenses equal to (or greater than) the total number of anticipated active sessions. Add onto that Apex licenses equal to (or greater than) the total number of employees sessions that may be active at a given time.

If you're doing profiling, device registration for BYOD, pxGrid or Endpoint Protection Services you would also need Plus licenses. Normally Apex use cases include use of one or more Plus license features. 

Cisco Employee

To add to what Marvin said (

To add to what Marvin said (+5 from me), if you want to use the AnyConnect (4.x) Client with the build-in Posture Agent then you also have to add AnyConnect Apex licenses. If you just want to use the NAC Agent then no additional licenses are needed.

Thank you for rating helpful posts!

Hall of Fame Master

Thanks Neno!

Thanks Neno!

+5 for reminding us of the AnyConnect Apex license requirement for greatest functionality.

If we want to do machine AND user authentication (EAP chaining) we also need that supplicant.

Thanks alot Marvin and Neno .

Thanks alot Marvin and Neno .