Cisco Identity Services Engine (ISE) is a network administration product that enables you to create and enforce security and access policies for endpoint devices connected to your company's routers and switches. The goal is to simplify identity management across devices and applications.
The Cisco ISE solution includes node deployment with the following ISE variants:
In very simple terms the Cisco ISE licensing model is described below but all the information from Cisco can be found here in the licensing section of the admin manual.
The Cisco ISE licensing model allows the user to purchase licenses based on enterprise needs and requirements. There are two ways to use the license. Traditional or Smart.
- Traditional lic ensing involves the user importing a license into the device
- Smart licensing is where you manage a Cisco account that contains all the information about the license you purchased for deployment.
Licenses are counted as simultaneous active sessions. An active session is one for which a RADIUS count start has been received, but a RADIUS count stop has not yet been received.
| Lifetime | indefinitely |
| Number of sessions | unlimited |
| ISE Admin guide | Download |
Cisco Identity Services Engine (ISE) is a server-based product. Using ISE, you can have a Cisco ISE appliance or virtual machine that enables you to create and enforce access policies for end devices connected to the corporate network. In short, ISE is a network administration product that helps network administrators create and enforce security and access policies for end devices that are connected to a switch or router on the corporate network.
As a network administrator, this question comes up when you see the ISE product suite. In very layman's terms, you can control who can access your network and when they do what they can access or what types of access rights are configured for them. Cisco ISE can authenticate wired, wireless, and VPN users. In terms of scalability, it can scale to millions of endpoints. Based on multiple factors, including certificate validity, MAC address, or device profiling, a network administrator can quickly identify a machine and determine which VLAN it is placed in. Any machine that fails the authentication check will be placed on the guest VLAN or simply denied access to the network.
