08-12-2014 04:16 AM - edited 03-10-2019 09:56 PM
Hi Guys,
I'm currently worknig on an ISE design for a network where they have IP Phones for each end user device:
Switch <--> IP Phone <--> End User Device.
My concern is the licensing part; i'm not really interested in authenticating or profiling IP Phone nodes. rather i need only to provide full ISE services for End user devices behind IP Phones (Authenitcation,Authorizatino,Posturing....etc.). so i need to order a base and an advanced license that cover ONLY the number of end user devices without accounting for IP Phone units.
Considering the above requirements ; what is the best deployment scenario to consider when configuring the switch interface that connect to each IP Phone with Single host port authentication (cdp bypass). would the ip phone consume from license count.
What if we considered doing MAB for IP Phone nides and Dot1x for End users and considering MDA ? would it consume 2 units from total license number of nodes in this case ?
What is the best practice for deploying and licensing ISE if i Cisco or a Third Party IP Telephony solution and i don't want to autheticate/authorize/profile ip phones ?
Thanks,
Muayad Jallad,
08-12-2014 05:55 PM
The identifying device profiles doesn't consume any license however, if you are applying diff. authorization rules based on diff. devices types, an advance license would be consumed.
08-13-2014 09:43 PM
If you are using Cisco IP phones you can get away with single-host mode on the port which in effect ignores the phone. If the phone is a third party device you will most likely need to use multi-domain authentication and actually use ISE to allow the phone on the network.
In summary - CIsco phone means potentially no license, if Avaya or other third party you will need to auth and use a license
09-19-2014 08:43 AM
if the device profiled condition is used in authorization policy then only advanced license consumed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide