11-21-2012 08:42 AM - edited 07-03-2021 11:05 PM
Good morning. We want to separate the access privilege of staff and students by using the same SSID. Currently, we are using free radius linked with the Active Directory. If we want to purchase Cisco ISE, could you please tell us what kind of license shall we buy (Base, advanced 5-year, or wireless 5-year)? We have more than 50,000 staff and students, and the maximum simultaneous user is around 9,000 now. We noticed that the wireless license is quite expensive and has to be renewed every 5 years (For 10,000 licenses, it costs almost $200,000)! In our short term plan, we do not need BYOD, is the base license enough for our situation?If it's possible, could you please briefly introduce how does ISE work for our requirement?
Thank you, and have a nice day.
Yours,
Linchuan Yang
Concordia University
11-23-2012 05:29 AM
Hello Linchuan,
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_c67-658591.html
PS: If i were you the BYOD thing should be a thing to consider in a near future
11-27-2012 01:20 PM
Thank you, David
Have a nice day.
11-23-2012 05:43 AM
If you can distinguish your users based on the Authentication, then the Base-license will be fine for you. You should plan with at least four ISE-nodes. There is a 10.000 user Base-license available which should fit your needs if if have abaout 9000 simultaneous users.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-27-2012 01:17 PM
Dear Karsten
Thank you for your reply. You mentioned that we should plan with at least four ISE-nodes, do you mean we have to buy 4 ISE servers (either physical server or virtual appliance)? If yes, shall we buy 10,000 liceses for each server, or they can share with the 10,000 licenses?
Thank you.
Yours,
Linchuan
11-27-2012 11:10 PM
The appliances (physical or virtual) have do be licensed individually, but the endpoint-licenses only have to be bought once per deployment. You find more on licensing in the ISE ordering-guide:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/guide_c07-656177.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-06-2013 08:43 PM
Hello,
There are Base and Advanced licenses for ISE. Base license is used for authentication and authorization and advance licenses are used for posturing and profiling. If you do not want to do posturing and profiling then you can go for base licenses only.
If you buy 4 boxes they will share licenses for 10,000 endpoints. It will be Base license for 10,000 users along with advance license for 10,000 users.
09-07-2013 02:02 AM
You can achieve it with base license, also you said BYOD is not needed.
09-07-2013 08:07 PM
Base license of 10,000 endpoints will work for you but I would recommend you to purchase advance license as well because in near future you will require BYOD stuff in your network as it is the increasing demand of current scenario.
09-11-2013 01:25 PM
You have to purchase licenses for the total amount of endpoints i. e. MAC addresses accessing the ISE, not for simultaneous user number. 10000 may not be sufficient.
09-11-2013 09:50 PM
Base license will work in your scenario. please make a note that base license only supports
For features like-
You need to purchase advance license. Please do not forget to mark as answered if your query is resolved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide