Cisco Identity Services Engine (ISE) is a network administration product that enables you to create and enforce security and access policies for endpoint devices connected to your company's routers and switches. The goal is to simplify identity management across devices and applications.
The Cisco ISE solution includes node deployment with the following ISE variants:
In very simple terms, the Cisco ISE lic ensing model is described below, but all of the Cisco information can be found here in the licensing section of the administrator's manual.
The Cisco ISE licensing model allows the user to purchase licenses based on the needs and requirements of the enterprise. There are two ways to use the licenses. Traditional or Smart.
- Traditional lic ensing involves the user importing a license into the device
- Smart lic ensing is where the user manages a Cisco account that contains all the license information purchased for deployment.
Licenses are counted as concurrent active sessions. An active session is one for which a RADIUS count start has been received, but a RADIUS count stop has not yet been received.
|Number of sessions||100-249|
|ISE Admin guide||Download|
Cisco Identity Services Engine (ISE) is a server-based product. Using ISE, you can have a Cisco ISE appliance or virtual machine that enables you to create and enforce access policies for end devices connected to the corporate network. In short, ISE is a network administration product that helps network administrators create and enforce security and access policies for end devices that are connected to a switch or router on the corporate network.
As a network administrator, this question comes up when you see the ISE product suite. In very layman's terms, you can control who can access your network and when they do what they can access or what types of access rights are configured for them. Cisco ISE can authenticate wired, wireless, and VPN users. In terms of scalability, it can scale to millions of endpoints. Based on multiple factors, including certificate validity, MAC address, or device profiling, a network administrator can quickly identify a machine and determine which VLAN it is placed in. Any machine that fails the authentication check will be placed on the guest VLAN or simply denied access to the network.