cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community will be experiencing a downtime on 17/Dec/18 02:20 AM GMT-0600 / 17-Dec 12 AM PST for 15 mins. Sorry for the inconvenience.

ISE 2.4 Licensing - Quick Access

4178
Views
32
Helpful
20
Comments

I've had a lot of people ask for this, so I'll post it here.

Base

L-ISE-BSE-PLIC=**

Plus

L-ISE-PLS-LIC=**

Apex

L-ISE-APX-LIC=**

Device Admin

L-ISE-TACACS-ND=**

VM Licenses*
  • AAA
  • RADIUS/802.1x
  • Cisco TrustSec
  • Multiple APIs (ERS)
  • Guest Services
  • Device Profiling and Feed Service
  • BYOD with certificate authority
  • Cisco pxGrid identity and context sharing
  • Adaptive Network Control (ANC)
  • MSE Integration
  • Endpoint Posture compliance and remediation
  • MDM/EMM Integration
  • Threat Centric NAC (TC-NAC)

+AnyConnect Apex License

  • ISE Posture Module
  • TACACS+
  • Available in ISE 2.x
  • Prior to 2.4, a single license is needed for the entire deployment
  • Starting in 2.4, a separate license is required for every Device Admin Node*
  • Starting in 2.4, VMs will no longer be right-to-use
  • Key-based license dependent upon Virtual Resources asigned to the virtual appliance
  • Small, Medium, and Large VM sizes, each with a different SKU
  • Small: R-ISE-VMS-K9=
  • Medium: R-ISE-VMM-K9=
  • Large: R-ISE-VML-K9=
Perpetual (Permanent) LicenseSubscription (1, 3, or 5 years)Subscription (1, 3, or 5 years)

Perpetual (Permanent) License

NOT Based upon Network Device count

Perpetual (Permanent) License

* = New License in 2.4

** = New SKU in 2.4

Comments
Contributor
Hi @jmarquez01 , DA licenses are strictly for T+. RADIUS device administration sessions take up a Base license. I should point out that T+ device administration sessions don't take up a Base license. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_0110.pdf "TACACS+ sessions do not consume a base license, but RADIUS sessions consume a base license"
Beginner

ok

Beginner
Hi Nadav, thank you, now is clear for me.

 Hi Jason,

 

We have lot of deployments where ISE works Primary Admin and Secondary Admin HA way in ISE 2.1 version.

It' has enabled TACACS+ as well.

 

1)So what will happen if we upgrade this HA cluster to 2.4.

 

2) if the we promote secondary ISE to primary node, will tacacs function not work in the new primary node?

 

Regards

Hasitha

 

regards

Hasitha

Hall of Fame Master

@hasitha siriwardhana If you upgrade your pre-2.4 deployment which had the old style Device Administration license, it will remain in effect.

 

In other words, you will be licensed and able to run the Device Admin role on any or all nodes in your ISE deployment without having to purchase any additional licenses.

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers