Increment Cisco ISE Base Licence

Similar Messages

• Cisco ISE Base Licence: L-ISE-BSE-100=

  Hi, my customer operates himself a VM for Cisco ISE, so he needs no smartnet service thats ok. Now he needs L-ISE-BSE-100= (Base Licence) 100 teers. Question: Can he gets during 5 year maintenance time updates and tecnical support for free??

  Hi ,
   License for your Part No is perpetual , for Maintenance & technical support there is separate package , kindly take support from cisco presale team .  
  License Type
  Features Supported
  Deployment Type Supported
  License Prerequisite
  License Term(s)
  Base license
  AAA
  Guest provisioning
  Link encryption policies
  Wired
  Wireless
  VPN
  Perpetua
  Cisco Advanced Services Fixed - Price Part Number
  Product Description
  ASF-CORE-ISE-DSGN
  Cisco ISE Design Service Package
  ASF-CORE-ISE-POC
  Cisco ISE Design and Proof-of-Concept Service Package
  For Presales Assistance
  For Cisco presales support, please consult the help desk. The help desk is open 24 hours Monday through Friday, in all countries.
  ● Phone: 408 902-4872
  ● Email: [email protected]
  ● Live chat: http://tinyurl.com/sacise
  For More Information

• How Cisco ISE 1.2 Base licenses are consumed and tracks concurrent endpoint connected to network

  Hello
  I am interested to know how the cisco ISE 1.2 base licences are consumed. As the cisco ise 1.2 user guide "The Base License is consumed whenever an authentication notification is received by Cisco ISE."
  Based on the above statement i have following queries :-
  Radius being the UDP based request, its only during the time endpoint is authenticated and authorized the base license is consumed and then its is released. Then how does cisco ISE tracks the concurrent endpoints connected to the network.
  Thanks
  Kumar

  thanks for the reply Tarik.
  As I understand, you mean that a base license is consumed by every radius authentication request and then the license is free to be utilised again
  Also would this means if Radius accounting is turned off, then concurrent sessions will not be tracked.
  Thanks
  Kumar

• Do I need Cisco ISE VM Part # L-ISE-VM-K9= for ESXi installation

  Hi there,
  Do I need the L-ISE-VM-K9 license to install Cisco ISE on an ESXi ?
  Actually, Cisco ISE can be downloaded with an Eval License for 90 days.
  I know, ISE license (e.g. Base License) is needed.
  Thanks a lot.
  Greetings,
  Norbert

  Just in case you you would like to see the specification of each licence.
  License Type
  Features Supported
  Deployment Type Supported
  License Prerequisite
  License Term(s)
  Base License
  AAA
  Guest Provisioning
  Link Encryption Policies
  Wired
  Wireless
  VPN
  Perpetual
  Advanced License
  Device Onboarding/Provisioning
  Device Profiling and Feed Service*
  Host Posture
  Security Group Access
  Integrated Vendor MDM Support*
  Wired
  Wireless
  VPN
  Base License
  3- and 5-Year Terms
  Wireless License
  Device Onboarding/Provisioning
  AAA
  Guest Provisioning
  Link Encryption Policies
  Device Profiling and Feed Service*
  Host Posture
  Security Group Access
  Integrated Vendor MDM Support*
  Wireless
  3- and 5-Year Terms
  Wireless Upgrade License
  Device Onboarding/Provisioning
  Authentication/Authorization
  Guest Provisioning
  Link Encryption Policies
  Device Profiling
  Host Posture
  Security Group Access
  Wired
  Wireless
  VPN
  Wireless License
  3- and 5-Year Terms
  Cisco ISE Functionality-Based License Options
  License Tiers (T)
  Number of Endpoints Supported
  Base License
  Advanced 3-Year License
  Advanced 5-Year License
  Wireless 3-Year License
  Wireless 5-Year License
  Wireless Upgrade 3-Year License
  Wireless Upgrade 5-Year License
  100
  100 Endpoints
  L-ISE-BSE-100=
  L-ISE-ADV3Y-100=
  L-ISE-ADV5Y-100=
  L-ISE-AD3Y-W-100=
  L-ISE-AD5Y-W-100=
  L-ISE-W-3UPG-100=
  L-ISE-W-UPG-100=
  250
  250 Endpoints
  L-ISE-BSE-250-
  L-ISE-ADV3Y-250=
  L-ISE-ADV5Y-250=
  L-ISE-AD3Y-W-250=
  L-ISE-AD5Y-W-250=
  L-ISE-W-3UPG-250=
  L-ISE-W-UPG-250=
  500
  500 Endpoints
  L-ISE-BSE-500=
  L-ISE-ADV3Y-500=
  L-ISE-ADV5Y-500=
  L-ISE-AD3Y-W-500=
  L-ISE-AD5Y-W-500=
  L-ISE-W-3UPG-500=
  L-ISE-W-UPG-500=
  1000
  1000 Endpoints
  L-ISE-BSE-1K=
  L-ISE-ADV3Y-1K=
  L-ISE-ADV5Y-1K=
  L-ISE-AD3Y-W-1K=
  L-ISE-AD5Y-W-1K=
  L-ISE-W-3UPG-1K=
  L-ISE-W-UPG-1K=
  1500
  1500 Endpoints
  L-ISE-BSE-1500=
  L-ISE-ADV3Y-1500=
  L-ISE-ADV5Y-1500=
  L-ISE-AD3Y-W-1500=
  L-ISE-AD5Y-W-1500=
  L-ISE-W-3UPG-1500=
  L-ISE-W-UPG-1500=
  2500
  2500 Endpoints
  L-ISE-BSE-2500=
  L-ISE-ADV3Y-2500=
  L-ISE-ADV5Y-2500=
  L-ISE-AD3Y-W-2500=
  L-ISE-AD5Y-W-2500=
  L-ISE-W-3UPG-2500=
  L-ISE-W-UPG-2500=
  3500
  3500 Endpoints
  L-ISE-BSE-3500=
  L-ISE-ADV3Y-3500=
  L-ISE-ADV5Y-3500=
  L-ISE-AD3Y-W-3500=
  L-ISE-AD5Y-W-3500=
  L-ISE-W-3UPG-3500=
  L-ISE-W-UPG-3500=
  5000
  5000 Endpoints
  L-ISE-BSE-5K=
  L-ISE-ADV3Y-5K=
  L-ISE-ADV5Y-5K=
  L-ISE-AD3Y-W-5K=
  L-ISE-AD5Y-W-5K=
  L-ISE-W-3UPG-5K=
  L-ISE-W-UPG-5K=
  10,000
  10K Endpoints
  L-ISE-BSE-10K=
  L-ISE-ADV3Y-10K=
  L-ISE-ADV5Y-10K=
  L-ISE-AD3Y-W-10K=
  L-ISE-AD5Y-W-10K=
  L-ISE-W-3UPG-10K=
  L-ISE-W-UPG-10K=
  25,000
  25K Endpoints
  L-ISE-BSE-25K=
  L-ISE-ADV3Y-25K=
  L-ISE-ADV5Y-25K=
  L-ISE-AD3Y-W-25K=
  L-ISE-AD5Y-W-25K=
  L-ISE-W-3UPG-25K=
  L-ISE-W-UPG-25K=
  50,000
  50K Endpoints
  L-ISE-BSE-50K=
  L-ISE-ADV3Y-50K=
  L-ISE-ADV5Y-50K=
  L-ISE-AD3Y-W-50K=
  L-ISE-AD5Y-W-50K=
  L-ISE-W-3UPG-50K=
  L-ISE-W-UPG-50K=
  100,000
  100K Endpoints
  L-ISE-BSE-100K=
  L-ISE-ADV3Y-100K=
  L-ISE-ADV5Y-100K=
  L-ISE-AD3Y-W-100K=
  L-ISE-AD5Y-W-100K=
  L-ISE-W-3UPG-100K=
  L-ISE-W-UPG-100K=
  Cisco ISE Functionality-Based License Options
  License Type
  License SKU
  Base License
  L-ISE-BSE-[T]=
  Advanced 3-Year License
  L-ISE-ADV3Y-[T]=
  Advanced 5-Year License
  L-ISE-ADV5Y-[T]=
  3-Year Wireless License
  L-ISE-AD3Y-W-[T]=
  5-Year Wireless License
  L-ISE-AD5Y-W-[T]=
  3-Year Wireless Upgrade License
  L-ISE-W-3UPG-[T]=
  5-Year Wireless Upgrade License
  L-ISE-W-UPG-[T]=
  Replace [T] with the appropriate license tier from Table 5 and 6.
  Jatin Katyal
  - Do rate helpful posts -

• Cisco ISE 1.2 monitoring and Reporting

  Hi Ali
  We're trying to determine how many addtional Base licenses we have to purchase in order to be compliant in our Cisco ISE 1.2 platforms (already have 1500 CISE 1.2  Base licenses in production).
  Is there any means to monitoring (e.g SNMP polling) and get scheduled reports showing the numbers of used licenses for a period ?
  looking forward to heard you back

• Cisco ISE Active Endpoint Usage Reset

  Hi,
  I have a Cisco ISE running version 1.1 and I was wondering if it may be possible to reset the license usage/active endpoint shown on the dashboard? This was noticed after a restore of ISE due to replacement of hardware and I noticed that the license usage count/active endpoints does not seems to go down.
  The following methods have been tried however without any success:
  1. Reboot ise server/service
  2. Disable all network devices making use of ise such that there are no clients/devices accessing it; example switch/wlc/etc...
  3. Deleted all endpoints usage in identies/identies group
  4. Disable profiling on ise
  As the ise has been installed with a base license; not too sure if it may be either a bad restore (all service/application are working though) / bad radius accounting which does not timed out on the ise / etc...
  Any help is appreciated on how to reset the active endpoint/license usage.
  Thanks.                  

  Here is a method for removing the stale records. Please give this a try:
  http://www.cisco.com/en/US/docs/security/ise/1.1/api_ref_guide/ise_api_ref_ch2.html#wp1072950
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Cisco ISE v1.1

  I'm looking for Cisco ISE v1.1 to use the following licensing feature.
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_c67-658591.htmlEndpoint is dynamically profiled by Cisco ISE and assigned  dynamically or statically to an endpoint identity group. Cisco ISE authorization  rules do not use this endpoint identity group.
  End result: As of Cisco ISE 1.0, one license from  Base package is used up and one license from Advanced package is used up. By  Cisco ISE 1.1 scenario this scenario will be fixed to use up only one license  from Base package. Because profiled identity group is not used in the  Authorization Policy, no Advanced license is consumed.
  Last time I heard, v1.1 is due in first week of December, I would like to know if that is true.
  Thanks,
  Vijay

  There is a release that may include some relevant functionality for this licensing issue
  Version on CCO is ise-appbundle-1.0.4.573.i386.tar.gz
  See http://www.cisco.com/en/US/partner/docs/security/ise/1.0.4/release_notes/ise104_rn.html#wp207280
  text from release notes reads as follows:
  The Cisco ISE, Release 1.0.4 implements a change that Cisco ISE cannot consume advanced licenses when endpoints are statically assigned to a profile. The number of endpoints that are dynamically profiled can only be compared against the limit of the advanced licenses. The endpoints that are statically assigned to a profile are now excluded from utilizing licenses included in the advanced license package, but they are still compared against the limit of base licenses. Earlier in the Cisco ISE, Release 1.0, it compares the total number of concurrent endpoints across the entire deployment against the limit of the advanced licenses.

• Cisco ISE 1.1.4 Patch 7 (Internal Endpoint Mac Addresses Getting Disppeared)

  Hi Folks,
  I am having issue that mac addresses which we are trying to add under Internal Endpoint Group for MAB getting disappear automatically after few minutes. We tried multiple mac addresses but result same. We can see the mac address which we added earlier but new mac address getting disappear. Is there any limit to add mac address under Internal Endpoint. We have following licenses.
  L-ISE-ADV-1K-M=  Cisco ISE 1000 EndPoint Advanced + Base Migration License
  Thanks

  Tabish,
  We'll update the latest patch and then look for the work around from any one of our Cisco experts

• Cisco ISE integration with AD fails

  Cisco ISE Ver: 1.1.2.145
  Windows : Win 2003 Server
  I am attempting to integrate ISE with AD, but ISE won't join AD and joining attempts fails, though I am able to add same domain as external LDAP identity store ?
  1.user used to join the domain has admin permission on AD
  2. ISE resolved the domain correctly
  3.There is a firewall inbetween ISE (192.168.100.10) & AD (172.16.100.1), but all the traffic are permited.
  4. No NATing taking place, Firewall is forwarding all trafic between ISE & AD
  Can't really understand why AD connection fails
  From ISE Interface - Detailed Test Connection
  Adinfo (CentrifyDC 4.5.0-357)
  Host Diagnostics
    Uname: Linux Iseadn 2.6.18-274.17.1.el5PAE #1 SMP Wed Jan 4 22:49:48 EST 2012 I686
    OS: Linux
    Version: 2.6.18-274.17.1.el5PAE
    Number Of CPUs: 1
  IP Diagnostics
    Local Host Name: Iseadn
    Local IP Address: 192.168.100.10
    FQDN Host Name:iseadn.gnet.cp
  Domain Diagnostics
    Domain: Gnet.cp
    Subnet Site: Default-first-site-name
      DNS Query For: _ldap._tcp.gnet.cp
      Found SRV Records:
        Gnet.cp:389
    Testing Active Directory Connectivity:
      Domain Controller: Gnet.cp
        Ldap:      389/tcp - Good
        Ldap:      389/udp - Good
        Smb:       445/tcp - Good
        Kdc:        88/tcp - Good
        Kpasswd:   464/tcp - Good
        Ntp:       123/udp - Good
    Domain Controller: Gnet.cp:389
      Domain Controller Type: Windows 2003
      Domain Name:            GNET.CP
      IsGlobalCatalogReady:   TRUE
      DomainFunctionality:           2 = (DS_BEHAVIOR_WIN2003)
      ForestFunctionality:           0 = (DS_BEHAVIOR_WIN2000)
      DomainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Forest Name: GNET.CP
      DNS Query For: _gc._tcp.GNET.CP
    Testing Active Directory Connectivity:
    Forest Name: GNET.CP
  Kerberos Error: Rc=-1765328377 SASL Bind To Ldap/[email protected] - GSSAPI Mechanism With Kerberos Error  : Server Not Found In Kerberos Database
  Computer Account Diagnostics
    Not Joined To Any Domain
  System Diagnostic
    Not Joined To Any Domain
  Centrify DirectControl Status
    Not Joined To Any Domain
  Licensed Features: Enabled
  SELinux Status:                 Disabled
  Amavis1.1.0
  Ccs1.0.0
  Clamav1.1.0
  Dcc1.1.0
  Dnsmasq1.1.1
  Evolution1.1.0
  Ipsec1.4.0
  Iscsid1.0.0
  Milter1.0.0
  Mozilla1.1.0
  Mplayer1.1.0
  Nagios1.1.0
  Oddjob1.0.1
  Pcscd1.0.0
  Postgrey1.1.0
  Prelude1.0.0
  Pyzor1.1.0
  Qemu1.1.2
  Razor1.1.0
  Ricci1.0.0
  Smartmon1.1.0
  Spamassassin1.9.0
  Virt1.0.0
  Zosremote1.0.0
  From Ad-agent log

  Hi Jallaluddin
  I work for Centrify Support and saw your posting. Here our analysis on checking the adlogs.txt.zip:
  Server not found in Kerberos database" (reference base/adbind.cpp:495 rc: -1765328377)
  That error is likely coming from the KDC - meaning there is some problem with server side SPNs
  We need the following:
  1) A network trace.
  2) adcheck output.
  3) adinfo --support output
  4) Run dcdiag or netdiag on the server side.
  Also we partner with Cisco and so would it possible to work with your partners and I am pretty sure they have seen this before with DC issues etc. Can you please work with them and see?. TIA
  Best Regards
  Raghu Srinivasan

• Cisco ISE and Switch 3560-X

  Good Morning,
  I am conducting an implementation of Cisco ISE version 1.2.1.198 with all its features on a switch 3560-X and in the ISE compatibility chart the minimum version for this switch would be the IOS v 15.0.2-SE2 (ED).
  My doubt is whether i need the feature ipbase or just the lanbase would be sufficient to meet all the features of 802.1x for the Cisco ISE.
  I appreciate the attention and Thanks,

  Please see the "Cisco Secure Access and Cisco TrustSec Release 5.0 System Bulletin".
  It notes that the 3560-X requires IP base license for all the 802.1X features.

• Cisco ISE with TACACS+ and RADIUS both?

  Hello,
  I am initiating wired authentication on an existing network using Cisco ISE. I have been studying the requirements for this. I know I have to turn on RADIUS on the Cisco switches on the network. The switches on the network are already programmed for TACACS+. Does anybody know if they can both operate on the same network at the same time?
  Bob

  Hello Robert,
  I believe NO, they both won't work together as both TACACS and Radius are different technologies.
  It's just because that TACACS encrypts the whole message and Radius just the password, so I believe it won't work.
  For your reference, I am sharing the link for the difference between TACACS and Radius.
  http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
  Moreover, Please review the information as well.
  Compare TACACS+ and RADIUS
  These sections compare several features of TACACS+ and RADIUS.
  UDP and TCP
  RADIUS uses UDP while TACACS+ uses TCP. TCP offers several advantages over UDP. TCP offers a connection-oriented transport, while UDP offers best-effort delivery. RADIUS requires additional programmable variables such as re-transmit attempts and time-outs to compensate for best-effort transport, but it lacks the level of built-in support that a
  TCP transport offers:
  TCP usage provides a separate acknowledgment that a request has been received, within (approximately) a network round-trip time (RTT), regardless of how loaded and slow the backend authentication mechanism (a TCP acknowledgment) might be.
  TCP provides immediate indication of a crashed, or not running, server by a reset (RST). You can determine when a server crashes and returns to service if you use long-lived TCP connections. UDP cannot tell the difference between a server that is down, a slow server, and a non-existent server.
  Using TCP keepalives, server crashes can be detected out-of-band with actual requests. Connections to multiple servers can be maintained simultaneously, and you only need to send messages to the ones that are known to be up and running.
  TCP is more scalable and adapts to growing, as well as congested, networks.
  Packet Encryption
  RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.
  TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted for more secure communications.
  Authentication and Authorization
  RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
  TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.
  During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.
  Multiprotocol Support
  RADIUS does not support these protocols:
  AppleTalk Remote Access (ARA) protocol
  NetBIOS Frame Protocol Control protocol
  Novell Asynchronous Services Interface (NASI)
  X.25 PAD connection
  TACACS+ offers multiprotocol support.
  Router Management
  RADIUS does not allow users to control which commands can be executed on a router and which cannot. Therefore, RADIUS is not as useful for router management or as flexible for terminal services.
  TACACS+ provides two methods to control the authorization of router commands on a per-user or per-group basis. The first method is to assign privilege levels to commands and have the router verify with the TACACS+ server whether or not the user is authorized at the specified privilege level. The second method is to explicitly specify in the TACACS+ server, on a per-user or per-group basis, the commands that are allowed.
  Interoperability
  Due to various interpretations of the RADIUS Request for Comments (RFCs), compliance with the RADIUS RFCs does not guarantee interoperability. Even though several vendors implement RADIUS clients, this does not mean they are interoperable. Cisco implements most RADIUS attributes and consistently adds more. If customers use only the standard RADIUS attributes in their servers, they can interoperate between several vendors as long as these vendors implement the same attributes. However, many vendors implement extensions that are proprietary attributes. If a customer uses one of these vendor-specific extended attributes, interoperability is not possible.
  Traffic
  Due to the previously cited differences between TACACS+ and RADIUS, the amount of traffic generated between the client and server differs. These examples illustrate the traffic between the client and server for TACACS+ and RADIUS when used for router management with authentication, exec authorization, command authorization (which RADIUS cannot do), exec accounting, and command accounting (which RADIUS cannot do).

• Cisco ISE on VMware blank Web GUI

  Hi,
  I have just installed Cisco ISE on a VM in VMware workstation 7.1 so that I can play around with the interface.
  I have tried multiple browsers including Mozilla 3.6 all with the same symtoms.
  From the host I can-
  -Ping the ISE
  -I can browse to https://10.0.0.2/admin and I recieve a certificate error ( if I check the certificate I can validate it is a self signed certificate from the ISE) I continue and I get a blank webpage with Identity Services Engine on the tab at the top.
  From the ISE CLI-
  - I can ping the host 10.0.0.1.
  - I can do a "sh application status ise" and all applications are running and have PIDs
  VM settings -
  - Memory 4096
  - Hard drive 60 Gig
  - 1 prcecessor
  - Host only network connection

  If I do a view source in Mozilla 3.6 I get the following the page itself appears blank. I have also verified java is installed and up to date.
       Identity Services Engine
       css/images/favicon.ico">
       lib/xwt/themes/kubricklite/kubricklite-base.css">
       lib/xwt/themes/kubricklite/kubricklite-xwt.css">
       css/errorpage.css">
            djConfig = {
                    isDebug: false,
                    debugAtAllCosts: false,
                    parseOnLoad: true
       lib/dojo/dojo.js">
       lib/cpm/widget/ErrorPage.js">
                 var hrefurl = "http://www.cisco.com";

• Cisco ISE - expired demo license alarm

  Hi,
  We are implementing Cisco ISE 1.2.0.899 and have an alarm reporting expired license. This alarm refers to the Advanced License demo and is therefore a false positive.
  This issue is that we cannot remove the demo icense and stop the root cause of this false positive alarm.
  Does anyone has an idea?
  Thanks in advance.
  Regards,
  Telmo Oliveira

  Please refer the discussion below
  https://supportforums.cisco.com/discussion/12059041/ise-advanced-eval-license-alerts-after-full-base-install

• ISE base vs advanced license

  Dear,
  Initial I was looking to use VMPS (dynamic VLAN assignment to ports based on MAC).But after some reading I understand 802.1X with Radius is a better solution, and finally I came to ISE.  My question: Is the BASE license for ISE sufficient to use the dynamic VLAN assignment (I.e. After authentication and authorization, a port will be set to a VLAN) or do I need to install the ADVANCED license ?
  Regards
  Jan

  The Base License is consumed whenever an authentication notification is  received by Cisco ISE. A single Advanced License is consumed when any  one or more of the following services or conditions are applied to the  endpoint session:
  •Posture
  •Security Group Tag assignment
  •Authorization using profile information
  •Endpoint is registered in the MyDevices Portal

• Cisco ISE Error, System Alarm (Colector)

  Hi there,
  Some Authentication erros won't show up on the Cisco ISE /Operations/Authentications Log.
  There is an error on the database:
  Details:                                                               Database failure (<ise-hostname>, RadiusAuthenticationFailed)
  Exception:
  ORA-01461: can bind a LONG value only for insert into a LONG column
  Any ideas?
  Thanks,
  Norbert

  Hi Jallaluddin
  I work for Centrify Support and saw your posting. Here our analysis on checking the adlogs.txt.zip:
  Server not found in Kerberos database" (reference base/adbind.cpp:495 rc: -1765328377)
  That error is likely coming from the KDC - meaning there is some problem with server side SPNs
  We need the following:
  1) A network trace.
  2) adcheck output.
  3) adinfo --support output
  4) Run dcdiag or netdiag on the server side.
  Also we partner with Cisco and so would it possible to work with your partners and I am pretty sure they have seen this before with DC issues etc. Can you please work with them and see?. TIA
  Best Regards
  Raghu Srinivasan