cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2086
Views
24
Helpful
10
Replies

Question about Cisco ISE

linchuanyang
Level 1
Level 1

Good morning. We want to separate the access privilege of staff and students by using the same SSID. Currently, we are using free radius linked with the Active Directory. If we want to purchase Cisco ISE, could you please tell us what kind of license shall we buy (Base, advanced 5-year, or wireless 5-year)?  We have more than 50,000 staff and students, and the maximum simultaneous user is around 9,000 now. We noticed that the wireless license is quite expensive and has to be renewed every 5 years (For 10,000 licenses, it costs almost $200,000)! In our short term plan, we do not need BYOD, is the base license enough for our situation?If it's possible, could you please briefly introduce how does ISE work for our requirement?

Thank you, and have a nice day.

Yours,

Linchuan Yang

Concordia University

10 Replies 10

David Santos
Level 1
Level 1

Hello Linchuan,

Wireless

Capabilities: Basic network access, guest access, profiler, posture, and SGA

Network deployment support: Wireless

License prerequisite: None

Term license: 3- and 5-year terms

Licenses are available for 100, 250, 500, 1000, 1500, 2500, 3500, 5000, 10,000, 25,000, 50,000, and 100,000 endpoints

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_c67-658591.html

PS: If i were you the BYOD thing should be a thing to consider in a near future

Thank you, David

Have a nice day.

If you can distinguish your users based on the Authentication, then the Base-license will be fine for you. You should plan with at least four ISE-nodes. There is a 10.000 user Base-license available which should fit your needs if if have abaout 9000 simultaneous users.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Dear Karsten

Thank you for your reply. You mentioned that we should plan with at least four ISE-nodes, do you mean we have to buy 4 ISE servers (either physical server or virtual appliance)? If yes, shall we buy 10,000 liceses for each server, or they can share with the 10,000 licenses?

Thank you.

Yours,

Linchuan

The appliances (physical or virtual) have do be licensed individually, but the endpoint-licenses only have to be bought once per deployment. You find more on licensing in the ISE ordering-guide:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/guide_c07-656177.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

muhammk2
Level 1
Level 1

Hello,

There are Base and Advanced licenses for ISE. Base license is used  for authentication and authorization and advance licenses are used for  posturing and profiling. If you do not want to do posturing and  profiling then you can go for base licenses only.

If you buy 4 boxes they will share licenses for 10,000 endpoints. It  will be Base license for 10,000 users along with advance license for  10,000 users.

Saurav Lodh
Level 7
Level 7

You can achieve it with base license, also you said BYOD is not needed.

Ravi Singh
Level 7
Level 7

Base license of 10,000 endpoints will work for you but I would recommend you to purchase advance license as well because in near future you will require BYOD stuff in your network as it is the increasing demand of current scenario.

You have to purchase licenses for the total amount of endpoints i. e. MAC addresses accessing the ISE, not for simultaneous user number. 10000 may not be sufficient.

Abhishek Abhishek
Cisco Employee
Cisco Employee

Base license will work in your scenario. please make a note that base license only supports

  • •1.       AAA

  • •2.       Guest Provisioning

  • •3.       Link Encryption Policies

For features like-

  • •1.       Device Onboarding/Provisioning

  • •2.       Device Profiling and Feed Service*

  • •3.       Host Posture

  • •4.       Security Group Access

  • •5.       Integrated Vendor MDM Support*

You need to purchase advance license. Please do not forget to mark as answered if your query is resolved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: