cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
357
Views
5
Helpful
5
Replies
Mottok
Beginner

Total endpoints figure in ISE?

Hi, we are trying to figure out why we have so many end points as it is causing license issues and with covid there aren't nearly as many people in the office as usual so seems odd. Many thanks.

 

Is this figure cumulative - i.e. if an endpoint connects and disconnects 5 times in a week, will there be 5 entries in the 'Total endpoints' list? 

 

Is it the accounting 'request' "STOP" that ends the current session and will this connection be counted in the end points list as "Inactive" or will it be removed from the list entirely? (We suspect some accounting from end network devices may not be working properly).

 

Any general info on how the 'Total endpoint' figure is made up would be great, thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Damien Miller
VIP Advisor

The number is cumulative, but only for unique mac addresses seen hitting ISE. The same laptop connecting 5 times a day with the same wireless adapter for a week, is still a single endpoint in the total endpoints. It's also the same for active endpoints, the key attribute ISE leverages to track total/active endpoints is the mac address. For this reason, it's possible for a single endpoint to have more than one endpoint record, ex. Authenticating the wired and wireless nic of the same laptop if the machine is connected to both. 

Total endpoints don't use licenses, you could have 500,000 "total endpoints", but only 1000 peak "active endpoints", then you should use around a thousand base licenses, plus any additional plus/apex feature licenses you might have required. 

 

Accounting stop messages will "release" licenses by ending the active sessions. If no accounting stop is received for an endpoint that has disconnected from the network then that active session will take five days to time out / be removed. 

View solution in original post

5 REPLIES 5
Damien Miller
VIP Advisor

The number is cumulative, but only for unique mac addresses seen hitting ISE. The same laptop connecting 5 times a day with the same wireless adapter for a week, is still a single endpoint in the total endpoints. It's also the same for active endpoints, the key attribute ISE leverages to track total/active endpoints is the mac address. For this reason, it's possible for a single endpoint to have more than one endpoint record, ex. Authenticating the wired and wireless nic of the same laptop if the machine is connected to both. 

Total endpoints don't use licenses, you could have 500,000 "total endpoints", but only 1000 peak "active endpoints", then you should use around a thousand base licenses, plus any additional plus/apex feature licenses you might have required. 

 

Accounting stop messages will "release" licenses by ending the active sessions. If no accounting stop is received for an endpoint that has disconnected from the network then that active session will take five days to time out / be removed. 

View solution in original post

Many thanks for your thorough reply. I am a newbie so your info is greatly appreciated. We are on the base license and ran a purge of 'endpoints after 5 days' last night and we still have over 9222 total endpoints as of writing this post which is very odd because we have so few people in the office now due to covid (and we only use ISE for wireless connections). The active end points are around 850.

 

ISE_License2.JPG

 

The thing is, as you mentioned total end points don't use licenses, our licenses look like below right now showing 8074 licenses consumed (although total end points show 9222 and active endpoints 850) so any idea why this is using the total endpoints figure? We use ISE 2.4 at the moment. Many thanks.

 

*EDIT: just read the "How licenses are consumed" below and it does say only Active sessions consume a license. So I really don't understand the license figures below!

ISE_License.JPG

Hi, can anyone explain my above question? I guess the answer is around the question, does the "Total Endpoints" figure consist of  the 'Active Endpoints' (850) PLUS additional active endpoints not included in the "Active Endpoints" figure?

 

I know that sounds like an odd question but I can't think of any other way of explaining it! Many thanks

Arshadsaf
Beginner

May be MAC randomization at client side to blame? 

Hi, thanks - we had considered that but to be honest not exactly sure how we test that theory?

Content for Community-Ad

This widget could not be displayed.