Do We Require ATP to Re-sell ISE Wireless?

Hi forum,
I have reviewed the Cisco ISE Software 1.1 Q&A (http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_c67-658591.html) and it seems to me that Table 5 (Differences Between Cisco Identity Services Engine Licenses) and the penultimate Ordering and Purchasing question infer that no ATP is required to re-sell ISE with Wireless license type.
Can anyone on the forums confirm that this is indeed the case?
I have put the same question to my TCAM.
Helpful posts always rated!
Kind regards, Ash.

Ashley,
Here is the Q&A that I found:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_c67-658591.html
Ordering and Purchasing
Q. How can I purchase the Cisco Identity Services Engine?
A. Cisco Identity Services Engine Advanced, Base, and Wireless Upgrade  licenses can be purchased only through Cisco Authorized Technology  Provider (ATP) partners.
Note:  Cisco Identity Services Engine platforms (both physical and virtual)  and Wireless licenses are generally available for purchase through any  Cisco authorized partner.

Similar Messages

  • ISE wireless design

    Hi all,
    Designing on an ISE wireless case, i would like seek idea about:
    1. My design goal is differentiate domain user are only capable to connect to Employee_AP; while guest connect to Guest_AP. What rule's condition should i do ?
    2. What is the best practice for BYOD's policies to permit each employee access are only able to use 2 units of personal devices. Says one notebook and one handheld device. Anyway i can enforce this rule on ISE?
    Million thanks
    Noel

    If you are already authenticating your wireless users and anchoring them to a DMZ you can do the same with wired users as long as you have a foreign controller layer 2 adjacent to the wired guests.  
    http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/99470-config-wiredguest-00.html
    You would just need to set the VLAN on the port for the guest users, or if you want you can use ISE wired AuthZ policy to place the guest users into the correct VLAN, or FlexAuth using guest VLANs.  

  • Buying a used Mac with CS6 installed. What are requirements of buyer and seller?

    I want to be sure the transfer is completely legal and that seller can't deactivate CS6 after I purchase.

    http://helpx.adobe.com/x-productkb/policy-pricing/transfer-product-license.html

  • Required ATP Table field name

    Hello Gurus,
    As per my client requirement, durig the time of internet sales, The customer (user) while ordering for a material there should be a field where in customer can view the available quantity for that particular material.
    I ve checked in MD04 and i got the structure MDEZ [field MNG04]. But i want to know whether i can fetch data from this field or is there any other table/field where i can get the GATP quantities for the particular material. Anybody please provide the exact Table and field name.......
    Thanks in advance....
    Edited by: Praveen on Jan 7, 2009 5:59 AM
    Edited by: Praveen on Jan 7, 2009 9:35 AM
    Edited by: Praveen on Jan 7, 2009 9:52 AM

    Dear Praveen
    In Table MDTB,  you can see fields like
    -  MNG01:::Recd / Req.quantity
    -  MNG02:::Scrap
    -  MNG03:::Shortage Quantity
    You can make use of these fields according to your requirement.
    thanks
    G. Lakshmipathi

  • ISE/Wireless NAC...One SSID for MAB and Dot1X?

    Hi,
    I am running ISE 1.2 and WLC 7.5.102.
    I would really like to have one SSID that can do a few different things in the following order...
    1) A device could connect, hit the MAB rule, and be granted access without any type of authentication (Other than MAB) and be placed in VLAN x.
    2) A device would be checked for the appropriate certificate. If this cert exists, the device is granted access.
    3) If a device is not allowed in MAB, it will hit the next rule, which is the dot1x rule. The user will then be authenticated against the AD server.
    4) Everything else hits default rule and is sent to web-auth portal.
    I can't really think of a way to make this work with one SSID because from what I understand, you would need dot1x disabled on the SSID in order for MAB to work.
    Any suggestions?
    Thanks.

    two ssid's. no way around it

  • ISE wireless CPP with redirect exclusions, possible?

    Hi all, a little bit of a tricky situation here. I've got a wireless network and ISE 1.1.1. The wireless is mixed 7.0 and 7.3 code.
    On an ISE wired installation it's easy to have an authorization rule that URL redirects users to the client provisioning portal *BUT* to have a redirect ACL on the switch with deny statements that excludes specific websites from the redirection. This is done so users can click on remediation links from the NAC Agent and get to websites to download anti-virus, sig updates, windows updates, etc... but all other web attempts get redirected to the CPP.
    All fine and it works perfectly on the wired network. HOWEVER, I can't seem to find a similar way to do this on the wireless network. While you can create a posture redirection policy to send them to the CPP with an ACL, that ACL seems to only permit or deny traffic per a standard ACL. Meaning a user gets on but any attempt to go anywhere in a browser redirects to the CPP. This makes it impossible to get to the remediation pages.
    Is there any way to accomplish what I'm trying to do here? It seems like it should be a basic function.

    Sorry I had some personal issues to deal with and just got a chance to follow up on this. Firs of all, good job on figuring it out and posting the findings back here! (+5) from me for that!
    To answer your questions:
    #1. You are 100% about the logic on the WLC ACLs vs Switch ACLs. On switches "deny" means "don't redirect" the traffic, thus permit it on the network. On the WLCs "deny" means "redirect" the traffic, hence don't allow it on the network. I am not sure why Cisco did this but different BUs, different teams, etc
    #2. You are also correct on this one. Your vWLC and ISE are working as expected. While switches support dACLs, WLCs only support "named ACL." As a result, when referencing ACLs on ISE for wireless, that ACL has to exist on the WLC and it MUST BE NAMED THE SAME or it won't work.
    Hope this helps. If you issues are resolved please mark the thread as "answered"
    Thank you for rating!

  • Ise wireless cwa AUP respond

    After ISE 1.2, WLC 2504, LAP 1602i, flexconnect mode, cwa, dynamic vlan, redirect url validation is successful, if it is verified by using the AUP, AUP pop, agree and then successfully passed. But without using the AUP, that choice is in the AUP not used, then the login screen has been stuck on the progress bar, but in fact has been validated, close the screen to view vlan and ip will find already successfully switched, these phenomena are phone connection, the computer normally, if adopted flexconnect mode, local mode phone is normal, do not enable AUP verified by the successful interface pops up immediately. Why flexconnect mode whether the case AUP opportunity to start a response card, set where there are problems, we ask, thank you

    http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html

  • ISE wireless web authentication for guest management not redirecting

    Hi forumers'
    I face the problem that after connecting to the wireless guest network, it won't redirect me to the ISE guest portal . This happen on my iPhone. The iPhone is running on iOS 5.0.1
    Whilst on workstation it's working well.
    attach the snapshot of what happen on the iPhone.
    Any clue to torubleshoot? Thanks
    Noel

    Hi
    I still fail whilst i testing on my iPhone.
    I'm not using ISE self-signed certificate, i create CSR and signed by root CA server. So once i try to connect it won't prompt me the "accept ceritficate"
    My WLC local auth certificate verdor certificate is signed by the same root CA server as well.
    So i test on desktop to run safari broswer, it able to redirect to ISE guest portal.
    Can please suggest more troubleshooting guide?
    Thanks
    This is how the outcome for the safari broswer
    Noel

  • ISE - Wireless Anyconnect

    Hello! we have a doutb regarding our ISE installation. We have created a new SSID with EAP Chaninng validation (user + machine validation using Anyconnect client) through ISE, and NAC posture. 
    The problem is that when a user has never logged in a PC and tries to log for the first time through this wireless, is not working. The facts are like this:
    - User introduces user/pass for the first time to computer
    - Computer needs to contact AD to download the profile
    - Computer associates with the network
    - ISE puts the user "on-hold" until it's NAC compliant
    - Computer never launches NAC process, so it's never compliant
    - ISE doesn't give access to network
    - User cannot login to computer.
    This only happens the first time a user tries to access the network because it needs to download the profile, if the user has logged in before, this is not a problem. Do you think there is any solution for this problem?

    Use EAP Chaining with EAP-FAST v2. In the auth attempt, the supplicant provides the authentication server (ISE) both the machine and user credentials for each auth attempt.  Supported by the Cisco AnyConnect 3.1 client/supplicant . In ISE to enable its support (Policy->Policy Elements->Results->Authentication->Allowed Protocols->Default Network Access <for example>->Allow EAP-FAST).

  • ISE wireless : permit only conexion on specific ESSID

    Hi
    I have ISE ver 1.1.x, cisco 2960, cisco 1800 and controller 2100
    There is active directory user (employee) and guest user
    Active directory have many user group (finance, security, human ressouce ...)
    For wireless conexion I created many ESSID in the controller for each group (finance, security, human ressouce, guest ...)
    I configured one VLAN for each correspondand ESSID
    There is not security key for wireless conexion
    Is it possible to deny conexion for one user to different ESSID and permit only connexion of each user on each correpondand ESSID ?
    Is possible to redirect user on it correpond ESSID(vlan) if he choose to connect on the wrong ESSID ?
    Thanks in advance

    •1.       I will suggest to create ACL.  Or
    •2.       To configure MAC filtering on a specific SSID: ( enter the mac only the wireless devices you wants to give access to the SSID particularly)
    • Configuration -> SSIDs -> [SSID Name]
    • Optional Settings -> MAC Address Filters -> Available MAC Filters -> New
    • In the MAC Filters>New window click on the "New" button next to the "MAC Address/OUI" list
    • Add the MAC Address\MAC Address Range
    • In the MAC Filters>New window select the newly created MAC Address\MAC Address Range and select "Permit" as the Action
    • Save the new MAC Filter
    • On the screen ensure the newly created MAC Filter is in the "Selected MAC Filters" area rather than the "Available MAC Filters" area
    • Ensure the default action (under the "Available MAC Filters" area) is "Deny"
    • Save the change to the SSID profile
    • Update the affected access points

  • ISE wireless with HP core switch

    Hi all,
    We are planning to implement ISE for Wireless users. Our core switch is HP and our WLC is 5500.
    I would like to know if we need to change our core switch so that we can use ISE or there is no need to change it.

    You'd need 2 separate SSIDs as the access method will be different for each, e.g:
    Employee - WPA2 and 802.1x
    Guest - Webauth
    You don't have to have a quarantine, we do but it's not essential.
    For your employee WLAN you could have just one VLAN or you could have multiple. We started off with just one for our employee WLAN but now we've got several on each WLC (laptops, medical devices, etc.). I would suggest starting off simple with one.
    Your employee WLAN clients won't get an address until after they authenticate so you don't need a VLAN before then.

  • ISE Wireless endpoint license?

    Hi all! Which means endpoint wireless license for Cisco ISE. Access point or client device? For example: I have 1 WLC, 35 access points and 500 clients. How many licenses I need to buy?

    ISE licensing is based on endpoints authenticating to the network. So in your case if all 500 devices will be connecting to the network at the same time then you will need to purchase 500 licenses. Keep in mind that those are concurrent, thus, when a client leaves the network a license is freed up. 
    Hope this helps!
    Thank you for rating helpful posts! 

  • Does HP Pavilion p6-2143w require an adapter to connect a wireless router

    2 days now trying to install Asus RT-N66R router to my HP Pavilion p6-2143w  , my server people said I need an adapter?
    This question was solved.
    View Solution.

    Hi,
    The specifications for the HP p6-2143 indicate that the PC is not provisioned for a wireless adapter.
    You should be able to connect an ethernet cable to the ASUS RT-N66R to setup the dual access points if you want to connect wireless.  You might need to setup both access points (2.4 ghz and 5.0 ghz) depending on your wireless connection requirements for all of your wireless devices.
    There are many wireless adapters such as PCI-E or USB.  ASUS makes some low end and high end wireless adapters to fit your performance needs verses your cost requirements.
    BTW --- I am using the ASUS RT-AC68U with both the 2.4 ghz and 5.0 ghz access points active.
    HP DV9700, t9300, Nvidia 8600, 4GB, Crucial C300 128GB SSD
    HP Photosmart Premium C309G, HP Photosmart 6520
    HP Touchpad, HP Chromebook 11
    Custom i7-4770k,Z-87, 8GB, Vertex 3 SSD, Samsung EVO SSD, Corsair HX650,GTX 760
    Custom i7-4790k,Z-97, 16GB, Vertex 3 SSD, Plextor M.2 SSD, Samsung EVO SSD, Corsair HX650, GTX 660TI
    Windows 7/8 UEFI/Legacy mode, MBR/GPT

  • ISE Wireless package Licensing

    Greetings, we have installed ISE to backend our Wireless infrastructure. We have a 1000 endpoint Wireless package, which gives us 1000 base and 1000 advanced endpoint licensing. I know the Advanced is used for profiling and posture among other features. My question around the active license count. We currently have (per NCS) 685 clients associated to our wireless infrastructure. Back on the ISE console however, we show that we are using 941/1000 active advanced endpoint assesments license count.  How is that possible?? I thought that license count was only applied to active clients, and we do not currently have anywhere close to 941 active clients on our wireless.  Should that not be 1-1 or pretty close?                

    License Count
    The Cisco ISE license is counted as follows:
    •A Base or Advanced license is consumed based on the feature that is utilized.
    •An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.
    •Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.
    Note Sessions without RADIUS activity are automatically purged from Active Session list every 5 days or if the endpoint is deleted from the system.
    To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. Cisco ISE instead relies on RADIUS accounting functions to track concurrent endpoints on the network and generate alarms when endpoint counts exceed the licensed amounts:
    •80% Info
    •90% Warning
    •100% Critical

  • HT4111 Does apple sell a wireless keyboard that would be compatible with the smart cover?

    I don't want to buy another cover just a wireless keyboard

    No.
    There are many compatible Bluetooth keyboards for iPad.   They either act as a cover, or are integrated into a cover for iPad.    Apple makes only the wireless keyboard for Mac computers, which is also IPad, iPod compatible.  The Apple keyboard is longer than the iPad, does not integrate with covers.

Maybe you are looking for

  • IPod goes straight to "Ok to disconnect"

    Soon as I plug my gen 2 iPod into my windows machine it goes straight to "Ok to disconnect". This hasn't always been the case, as it's only started doing it today. I was putting some new tracks onto it and it didn't get all the way though before it e

  • Zen Nano Plus Playb

    When I turn off my Zen Nano Plus, I want the player to resume from where I left off (usually in the middle of my audio book), but it goes back to the beginning of the file. It only started doing this recently... Is there a setting I can change so I c

  • RuntimeException in RequestMessageMapping .but works fine in message mappin

    Hi , I m doing a JMS-RFC scenario. (wiht Content Conversion) I m getting a Message mapping Runtime Exception in SXI_MONI. (Java Null Pointer Exception) But when i copy the same payload and tested in Message mapping, it works fine. When i tried  the s

  • Diasable the personalize page,prefernce,Home,Logout links in the page

    Hi all, I want to disable the global links(personalize page,preferences,Home,Logout links) in my custom page and i want add a new link/item to that global link section on the top right corner of the page, is it possible if such please explain how t d

  • Co Code not found

    Hi all, We are in ECC 6.0. We have P/Ctr field mandatory in Doc Splitting Characteristic setting. Now the setting is changed and P/Ctr field is unticked so that the same field is optional. After saving such setting sytem is throwing an error: "Co Cod