02-03-2023 12:58 AM - edited 02-03-2023 12:59 AM
Good day,
we want to evaluate the IDS and IPS functionalities of the C9800 controller series with C9120 Access Points, right now we use this setup with DNA Essentials licenses in our lab. The controllers are used standalone without DNA center.
I checked the licensing matrix and discovered, that "aWIPS" (Adaptive Wireless Intrustion Protection System) is only supported with DNA Advantage licenses. We are irritated about this since the aWIPS functionality can be configured in our AP join profile and seems to work with our Essentials license.
Link to licensing matrix: https://www.cisco.com/c/m/en_us/products/software/dna-subscription-wireless/en-sw-sub-matrix-wireless.html
I have following questions:
1. Is there a "basic" IDS/IPS functionality that is working with every license type (like AP Rogue detection?)
2. Why am I able to use the aWIPS feature with my DNA Essentials license, if it's part of Advantage only (per license matrix)?
3. Could someone clarify which licenses are needed to use the full feature-set of IDS/IPS without DNA center, would Essentials really be enough or is Advantage needed?
4. Which restrictions do I have if my DNA license expires and is downgraded to Network Essentials / Network Advantage?
It would help a lot to get your support, since we plan to further evaluate these functionalities in a customer environment.
Thanks a lot!
Solved! Go to Solution.
02-03-2023 01:48 AM
Cisco-DNA-Software-Subscription-Matrix-for-Wireless - Cisco
c95-742696-02-dna-software-wireless-featurematrix (cisco.com)
Please refer the above link for license feature support. Rogue AP detection is part of essentials offer. As per the documentation essentials license covers.
02-03-2023 01:22 AM
You need advantage for the feature you looking - essential is basic features as you rightly mentioned the URL has that information.
The features may sometime work, but it may be not compliance in legal point of view.
02-03-2023 01:25 AM - edited 02-03-2023 01:29 AM
Thank you.
I understand that aWIPS is a DNA Advantage feature and that we require a DNA Advantage license for legal reasons to use that feature.
Are there still some basic IDS/IPS functionalities which are supported by DNA Essentials or Network Essentials (like Rogue AP detection) if we don't use aWIPS?
Which IDS/IPS features am I legally allowed to use with DNA Essentials or Network Essentials licenses, is there some documentation for that or could someone share more insights?
02-04-2023 06:58 AM
on your URL if you mouse over on Essential License you see the option you looking :
02-03-2023 01:48 AM
Cisco-DNA-Software-Subscription-Matrix-for-Wireless - Cisco
c95-742696-02-dna-software-wireless-featurematrix (cisco.com)
Please refer the above link for license feature support. Rogue AP detection is part of essentials offer. As per the documentation essentials license covers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: