11-16-2020 04:08 AM - edited 07-05-2021 12:47 PM
Hi, we are trying to figure out why we have so many end points as it is causing license issues and with covid there aren't nearly as many people in the office as usual so seems odd. Many thanks.
Is this figure cumulative - i.e. if an endpoint connects and disconnects 5 times in a week, will there be 5 entries in the 'Total endpoints' list?
Is it the accounting 'request' "STOP" that ends the current session and will this connection be counted in the end points list as "Inactive" or will it be removed from the list entirely? (We suspect some accounting from end network devices may not be working properly).
Any general info on how the 'Total endpoint' figure is made up would be great, thanks
Solved! Go to Solution.
11-16-2020 11:15 PM
The number is cumulative, but only for unique mac addresses seen hitting ISE. The same laptop connecting 5 times a day with the same wireless adapter for a week, is still a single endpoint in the total endpoints. It's also the same for active endpoints, the key attribute ISE leverages to track total/active endpoints is the mac address. For this reason, it's possible for a single endpoint to have more than one endpoint record, ex. Authenticating the wired and wireless nic of the same laptop if the machine is connected to both.
Total endpoints don't use licenses, you could have 500,000 "total endpoints", but only 1000 peak "active endpoints", then you should use around a thousand base licenses, plus any additional plus/apex feature licenses you might have required.
Accounting stop messages will "release" licenses by ending the active sessions. If no accounting stop is received for an endpoint that has disconnected from the network then that active session will take five days to time out / be removed.
11-16-2020 11:15 PM
The number is cumulative, but only for unique mac addresses seen hitting ISE. The same laptop connecting 5 times a day with the same wireless adapter for a week, is still a single endpoint in the total endpoints. It's also the same for active endpoints, the key attribute ISE leverages to track total/active endpoints is the mac address. For this reason, it's possible for a single endpoint to have more than one endpoint record, ex. Authenticating the wired and wireless nic of the same laptop if the machine is connected to both.
Total endpoints don't use licenses, you could have 500,000 "total endpoints", but only 1000 peak "active endpoints", then you should use around a thousand base licenses, plus any additional plus/apex feature licenses you might have required.
Accounting stop messages will "release" licenses by ending the active sessions. If no accounting stop is received for an endpoint that has disconnected from the network then that active session will take five days to time out / be removed.
11-17-2020 12:43 AM - edited 11-17-2020 12:50 AM
Many thanks for your thorough reply. I am a newbie so your info is greatly appreciated. We are on the base license and ran a purge of 'endpoints after 5 days' last night and we still have over 9222 total endpoints as of writing this post which is very odd because we have so few people in the office now due to covid (and we only use ISE for wireless connections). The active end points are around 850.
The thing is, as you mentioned total end points don't use licenses, our licenses look like below right now showing 8074 licenses consumed (although total end points show 9222 and active endpoints 850) so any idea why this is using the total endpoints figure? We use ISE 2.4 at the moment. Many thanks.
*EDIT: just read the "How licenses are consumed" below and it does say only Active sessions consume a license. So I really don't understand the license figures below!
11-19-2020 07:13 AM
Hi, can anyone explain my above question? I guess the answer is around the question, does the "Total Endpoints" figure consist of the 'Active Endpoints' (850) PLUS additional active endpoints not included in the "Active Endpoints" figure?
I know that sounds like an odd question but I can't think of any other way of explaining it! Many thanks
11-17-2020 12:04 AM
May be MAC randomization at client side to blame?
11-17-2020 12:29 AM
Hi, thanks - we had considered that but to be honest not exactly sure how we test that theory?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide