Published On: July 14ᵗʰ, 2021 08:10

System Management Configuration Guide, Cisco IOS XE Amsterdam 17.3.x (Catalyst 9500 Switches)

Contents

Introduction to Smart Licensing Using Policy

Smart Licensing Using Policy is an enhanced version of Smart Licensing, with the overarching objective of providing a licensing solution that does not interrupt the operations of your network, rather, one that enables a compliance relationship to account for the hardware and software licenses you purchase and use.

Smart Licensing Using Policy is supported starting with Cisco IOS XE Amsterdam 17.3.2a.

The primary benefits of this enhanced licensing model are:

  • Seamless day-0 operations

    After a license is ordered, no preliminary steps, such as registration or generation of keys etc., are required unless you use an export-controlled or enforced license. There are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches, and product features can be configured on the device right-away.

  • Consistency in Cisco IOS XE

    Campus and industrial ethernet switching, routing, and wireless devices that run Cisco IOS XE software, have a uniform licensing experience.

  • Visibility and manageability

    Tools, telemetry and product tagging, to know what is in-use.

  • Flexible, time series reporting to remain compliant

    Easy reporting options are available, whether you are directly or indirectly connected to Cisco Smart Software Manager (CSSM), or in an air-gapped network.

This document provides conceptual, configuration, and troubleshooting information for Smart Licensing Using Policy on Cisco Catalyst Access, Core, and Aggregation Switches.

For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.

Information About Smart Licensing Using Policy

This section provides information about the components that can be part of your implementation of Smart Licensing Using Policy, the key concepts associated with the feature, the supported products, overviews of all supported topologies (the different ways in which you can implement the feature), and how Smart Licensing Using Policy interacts with other features.

Overview

Smart Licensing Using Policy is a software license management solution that provides a seamless experience with the various aspects of licensing.

  • Purchase licenses: Purchase licenses through the existing channels and use the Cisco Smart Software Manager (CSSM) portal to view product instances and licenses.


    Note

    To simplify your implementation of Smart Licensing Using Policy, provide your Smart Account and Virtual Account information when placing an order for new hardware or software. This allows Cisco to install applicable policies and authorization codes (terms explained in the Concepts section below), at the time of manufacturing.


  • Use: All licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced. This means that you do not have to complete any licensing-specific operations, such as registering or generating keys before you start using the software and the licenses that are tied to it. License usage is recorded on your device with timestamps and the required workflows can be completed at a later date.

  • Report license usage to CSSM: Multiple options are available for license usage reporting. You can use the Cisco Smart Licensing Utility (CSLU), or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where you download usage information and upload it to CSSM, is also available. The usage report is in plain text XML format. See: Sample Resource Utilization Measurement Report.

  • Reconcile: For situations where delta billing applies (purchased versus consumed).

Architecture

This section explains the various components that can be part of your implementation of Smart Licensing Using Policy.

Product Instance

A product instance is a single instance of a Cisco product, identified by a Unique Device Identifier (UDI).

A product instance records and reports license usage (RUM reports), and provides alerts and system messages about overdue reports, communication failures, etc. RUM reports and usage data are securely stored in the product instance.

Throughout this document, the term product instance refers to all supported physical and virtual product instances - unless noted otherwise. For information about the product instances that are within the scope of this document, see Supported Products.

CSSM

Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses from a centralized location. CSSM helps you manage current requirements and review usage trends to plan for future license requirements.

You can access the CSSM Web UI at https://software.cisco.com. Under the License tab, click the Smart Software Licensing link.

See the Supported Topologies section to know about the different ways in which you can connect to CSSM

In CSSM you can:

  • Create, manage, or view virtual accounts.

  • Create and manage Product Instance Registration Tokens.

  • Transfer licenses between virtual accounts or view licenses.

  • Transfer, remove, or view product instances.

  • Run reports against your virtual accounts.

  • Modify your email notification settings.

  • View overall account information.

CSLU

Cisco Smart License Utility (CSLU) is a Windows-based reporting utility that provides aggregate licensing workflows. This utility performs the following key functions:

  • Provides options relating to how workflows are triggered. The workflows can be triggered by CSLU or by the product instance.

  • Collects usage reports from the product instance and uploads these usage reports to the corresponding Smart Account or Virtual Account – online, or offline, using files. Similarly, the RUM report ACK is collected online, or offline, and sent back to the product instance.

  • Sends authorization code requests to CSSM and receives authorization codes from CSSM, if applicable.

CSLU can be part of your implementation in the following ways:

  • Install the windows application, to use CSLU as a standalone tool that is connected to CSSM.

  • Install the windows application, to use CSLU as a standalone tool that is disconnected from CSSM. With this option, the required usage information is downloaded to a file and then uploaded to CSSM. This is suited to air-gapped networks.

Controller

A management application or service that manages multiple product instances.

On Cisco Catalyst Access, Core, and Aggregation Switches, Cisco DNA Center is the supported controller. Information about the controller, product instances that support the controller, and minimum required software versions on the controller and on the product instance is provided below:

Table 1. Support Information for Controller: Cisco DNA Center

Minimum Required Cisco DNA Center Version for Smart Licensing Using Policy1

Minimum Required Cisco IOS XE Version2

Supported Product Instances

Cisco DNA Center Release 2.2.2

Cisco IOS XE Amsterdam 17.3.2a

  • Cisco Catalyst 9200 Series Switches

  • Cisco Catalyst 9300 Series Switches

  • Cisco Catalyst 9400 Series Switches

  • Cisco Catalyst 9500 Series Switches

  • Cisco Catalyst 9600 Series Switches

1 The minimum required software version on the controller. This means support continues on all subsequent releases - unless noted otherwise
2 The minimum required software version on the product instance. This means support continues on all subsequent releases - unless noted otherwise.

For more information about Cisco DNA Center, see the support page at: https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-center/series.html.

SSM On-Prem

Smart Software Manager On-Prem (SSM On-Prem) is an asset manager, which works in conjunction with CSSM. It enables you to administer products and licenses on your premises instead of having to directly connect to CSSM.

Information about the required software versions to implement Smart Licensing Using Policy with SSM On-Prem, is provided below:

Minimum Required SSM On-Prem Version for Smart Licensing Using Policy3

Minimum Required Cisco IOS XE Version4

Supported Product Instances

Version 8, Release 202102

Cisco IOS XE Amsterdam 17.3.3

  • Cisco Catalyst 9200 Series Switches

  • Cisco Catalyst 9300 Series Switches

  • Cisco Catalyst 9400 Series Switches

  • Cisco Catalyst 9500 Series Switches

  • Cisco Catalyst 9600 Series Switches

3 The minimum required SSM On-Prem version. This means support continues on all subsequent releases - unless noted otherwise
4 The minimum required software version on the product instance. This means support continues on all subsequent releases - unless noted otherwise.

For more information about SSM On-Prem, see Smart Software Manager On-Prem on the Software Download page. Hover over the .iso image to display the documentation links.

Concepts

This section explains the key concepts of Smart Licensing Using Policy.

License Enforcement Types

A given license belongs to one of three enforcement types. The enforcement type indicates if the license requires authorization before use, or not.

  • Unenforced or Not Enforced

    Unenforced licenses do not require authorization before use in air-gapped networks, or registration, in connected networks. The terms of use for such licenses are as per the end user license agreement (EULA).

    All licenses available on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced licenses.

  • Enforced

    Licenses that belong to this enforcement type require authorization before use. The required authorization is in the form of an authorization code, which must be installed in the corresponding product instance.

    An example of an enforced license is the Media Redundancy Protocol (MRP) Client license, which is available on Cisco’s Industrial Ethernet Switches.

  • Export-Controlled

    Licences that belong to this enforcement type are export-restricted by U.S. trade-control laws and these licenses require authorization before use. The required authorization code must be installed in the corresponding product instance for these licenses as well. Cisco may pre-install export-controlled licenses when ordered with hardware purchase.

    An example of an export-controlled license is the High Speed Encryption (HSECK9) license, which is available on certain Cisco Routers.

License Duration

This refers to the duration or term for which a purchased license is valid. A given license may belong to any one of the enforcement types mentioned above and be valid for the following durations:

  • Perpetual: There is no expiration date for such a license.

    Network Essentials and Network Advantage licenses are examples of perpetual licenses that are available on Cisco Catalyst Access, Core, and Aggregation Switches.

  • Subscription: The license is valid only until a certain date.

    Digital Network Architecture (DNA) Essentials and DNA Advantage licenses are examples of subscription licenses that are available on Cisco Catalyst Access, Core, and Aggregation Switches.

Authorization Code

The Smart Licensing Authorization Code (SLAC) allows activation and continued use of a license that is export-controlled or enforced.

A SLAC is not required for any of the licenses available on Cisco Catalyst Access, Core, and Aggregation Switches, but if you are upgrading from an earlier licensing model to Smart Licensing Using Policy, you may have a Specific License Reservation (SLR) with its own authorization code. An SLR authorization code is supported after upgrade to Smart Licensing Using Policy.


Note

While existing SLRs are carried over after upgrade, you cannot request a new SLR in the Smart Licensing Using Policy environment, because the notion of “reservation” does not apply. If you are in an air-gapped network, the No Connectivity to CSSM and No CSLU topology applies instead.


For more information about how the SLR authorization code is handled, see Upgrades. If you want to return an SLR authorization code, see Removing and Returning an Authorization Code.

Policy

A policy provides the product instance with these reporting instructions:

  • License usage report acknowledgement requirement (Reporting ACK required): The license usage report is known as a RUM Report and the acknowledgement is referred to as an ACK (See RUM Report and Report Acknowledgement). This is a yes or no value which specifies if the report for this product instance requires CSSM acknowledgement or not. The default policy is always set to “yes”.

  • First report requirement (days): The first report must be sent within the duration specified here.

    If the value here is zero, no first report is required.

  • Reporting frequency (days): The subsequent report must be sent within the duration specified here.

    If the value here is zero, it means no further reporting is required unless there is a usage change.

  • Report on change (days): In case of a change in license usage, a report must be sent within the duration specified here.

    If the value here is zero, no report is required on usage change.

    If the value here is not zero, reporting is required after the change is made. All the scenarios listed below count as changes in license usage on the product instance:

    • Changing licenses consumed (includes changing to a different license, and, adding or removing a license).

    • Going from consuming zero licenses to consuming one or more licenses.

    • Going from consuming one or more licenses to consuming zero licenses.


Note

If a product instance has never consumed a license, reporting is not required even if the policy has a non-zero value for any of the reporting requirements (First report requirement, Reporting frequency, Report on change).
Understanding Policy Selection

CSSM determines the policy that is applied to a product instance. Only one policy is in use at a given point in time. The policy and its values are based on a number of factors, including the licenses being used.

Cisco default is the default policy that is always available in the product instance. If no other policy is applied, the product instance applies this default policy. The table below (Table 1) shows the Cisco default policy values.

While you cannot configure a policy, you can request for a customized one, by contacting the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing. The licensing team will contact you to start the process or for any additional information. Customized policies are also made available through your Smart account in CSSM.


Note

To know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command in privileged EXEC mode.


Table 2. Policy: Cisco default

Policy: Cisco default

Default Policy Values

Export (Perpetual/Subscription)

Note 

Applied only to licenses with enforcement type "Export-Controlled".

Reporting ACK required: Yes

First report requirement (days): 0

Reporting frequency (days): 0

Report on change (days): 0

Enforced (Perpetual/Subscription)

Note 

Applied only to licenses with enforcement type "Enforced".

Reporting ACK required: Yes

First report requirement (days): 0

Reporting frequency (days): 0

Report on change (days): 0

Unenforced/Non-Export Perpetual5

Reporting ACK required: Yes

First report requirement (days): 365

Reporting frequency (days): 0

Report on change (days): 90

Unenforced/Non-Export Subscription

Reporting ACK required: Yes

First report requirement (days): 90

Reporting frequency (days): 90

Report on change (days): 90

5 For Unenforced/Non-Export Perpetual: the default policy’s first report requirement (within 365 days) applies only if you have purchased hardware or software from a distributor or partner.

RUM Report and Report Acknowledgement

A Resource Utilization Measurement report (RUM report) is a license usage report, which the product instance generates, to fulfil reporting requirements as specified by the policy.

An acknowledgement (ACK) is a response from CSSM and provides information about the status of a RUM report.

The policy that is applied to a product instance determines the following reporting requirements:

  • Whether a RUM report is sent to CSSM and the maximum number of days provided to meet this requirement.

  • Whether the RUM report requires an acknowledgement (ACK) from CSSM.

  • The maximum number of days provided to report a change in license consumption.

A RUM report may be accompanied by other requests, such as a trust code request, or a SLAC request. So in addition to the RUM report IDs that have been received, an ACK from CSSM may include authorization codes, trust codes, and policy files as well.

The reporting method, that is, how a RUM report is sent to CSSM, depends on the topology you implement.

Trust Code

A UDI-tied public key with which the product instance signs a RUM report. This prevents tampering and ensures data authenticity.

Supported Topologies

This section describes the various ways in which you can implement Smart Licensing Using Policy. For each topology, refer to the accompanying overview to know the how the set-up is designed to work, and refer to the considerations and recommendations, if any.

After Topology Selection

After you have selected a topology, see How to Configure Smart Licensing Using Policy: Workflows by Topology. These workflows are only for new deployments. They provide the simplest and fastest way to implement a topology.

If you are migrating from an existing licensing model, see Migrating to Smart Licensing Using Policy.

If you want to perform any additional configuration tasks, for instance, if you want to configure a different license, or use an add-on license, or if you want to configure a narrower reporting interval, see the Task Library for Smart Licensing Using Policy. Check the "Supported Topologies" where provided, before you proceed.

Connected to CSSM Through CSLU

Overview:

Here, product instances in the network are connected to CSLU, and CSLU becomes the single point of interface with CSSM. A product instance can be configured to push the required information to CSLU. Alternatively, CSLU can be set-up to pull the required information from a product instance at a configurable frequency.

Product instance-initiated communication (push): A product instance initiates communication with CSLU, by connecting to a REST endpoint in CSLU. Data that is sent includes RUM reports and requests for authorization codes and trust codes. You can configure the product instance to automatically send RUM reports to CSLU at required intervals. This is the default method for a product instance.

CSLU-initiated communication (pull): To initiate the retrieval of information from a product instance, CSLU uses NETCONF, or RESTCONF, or gRPC with YANG models, or native REST APIs, to connect to the product instance. Supported workflows include receiving RUM reports from the product instance and sending the same to CSSM, authorization code installation, trust code installation, and application of policies.

Figure 1. Topology: Connected to CSSM Through CSLU
Considerations or Recommendations:

Choose the method of communication depending on your network’s security policy.

Where to Go Next:

To implement this topology, see Workflow for Topology: Connected to CSSM Through CSLU.

Connected Directly to CSSM

Overview:

This topology is available in the earlier version of Smart Licensing and continues to be supported with Smart Licensing Using Policy.

Here, you establish a direct and trusted connection from a product instance to CSSM. The direct connection, requires network reachability to CSSM. For the product instance to then exchange messages and communicate with CSSM, configure one of the transport options available with this topology (described below). Lastly, the establishment of trust requires the generation of a token from the corresponding Smart Account and Virtual Account in CSSM, and installation on the product instance.

You can configure a product instance to communicate with CSSM in the following ways:

  • Use Smart transport to communicate with CSSM

    Smart transport is a transport method where a Smart Licensing (JSON) message is contained within an HTTPs message, and exchanged between a product instance and CSSM, to communicate. The following Smart transport configuration options are available:

    • Smart transport: In this method, a product instance uses a specific Smart transport licensing server URL. This must be configured exactly as shown in the workflow section.

    • Smart transport through an HTTPs proxy: In this method, a product instance uses a proxy server to communicate with the licensing server, and eventually, CSSM.

  • Use Call Home to communicate with CSSM.

    Call Home provides e-mail-based and web-based notification of critical system events. This method of connecting to CSSM is available in the earlier Smart Licensing environment, and continues to be available with Smart Licensing Using Policy. The following Call Home configuration options are available:

    • Direct cloud access: In this method, a product instance sends usage information directly over the internet to CSSM; no additional components are needed for the connection.

    • Direct cloud access through an HTTPs proxy: In this method, a product instance sends usage information over the internet through a proxy server - either a Call Home Transport Gateway or an off-the-shelf proxy (such as Apache) to CSSM.

Figure 2. Topology: Connected Directly to CSSM
Considerations or Recommendations:

Smart transport is the recommended transport method when directly connecting to CSSM. This recommendation applies to:

  • New deployments.

  • Earlier licensing models. Change configuration after migration to Smart Licensing Using Policy.

  • Registered licenses that currently use the Call Home transport method. Change configuration after migration to Smart Licensing Using Policy.

  • Evaluation or expired licenses in an earlier licensing model. Change configuration after migration to Smart Licensing Using Policy.

To change configuration after migration, see Workflow for Topology: Connected Directly to CSSM > Product Instance Configuration > Configure a connection method and transport type > Option 1.

Where to Go Next:

To implement this topology, see Workflow for Topology: Connected Directly to CSSM.

Connected to CSSM Through a Controller

When you use a controller to manage a product instance, the controller connects to CSSM, and is the interface for all communication to and from CSSM. The supported controller for Cisco Catalyst Access, Core, and Aggregation Switches is Cisco DNA Center.

Overview

If a product instance is managed by Cisco DNA Center as the controller, the product instance records license usage and saves the same, but it is the Cisco DNA Center that initiates communication with the product instance to retrieve RUM reports, report to CSSM, and return the ACK for installation on the product instance.

All product instances that must be managed by Cisco DNA Center must be part of its inventory and must be assigned to a site. Cisco DNA Center uses the NETCONF protocol to provision configuration and retrieve the required information from the product instance - the product instance must therefore have NETCONF enabled, to facilitate this.

In order to meet reporting requirements, Cisco DNA Center retrieves the applicable policy from CSSM and provides the following reporting options:

  • Ad hoc reporting: You can trigger an ad hoc report when required.

  • Scheduled reporting: Corresponds with the reporting frequency specified in the policy and is automatically handled by Cisco DNA Center.


Note

Ad hoc reporting must be performed at least once before a product instance is eligible for scheduled reporting.


The first ad hoc report enables Cisco DNA Center to determine the Smart Account and Virtual Account to which subsequent RUM reports must be uploaded. You will receive notifications if ad hoc reporting for a product instance has not been performed even once.

Cisco DNA Center also enables you to install and remove SLAC for export-controlled licenses. Since all available licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced licenses, SLAC installation and removal do not apply.

A trust code is not required.

Figure 3. Topology: Connected to CSSM Through a Controller
Considerations or Recommendations:

This is the recommended topology if you are using Cisco DNA Center.

Where to Go Next:

To implement this topology, see Workflow for Topology: Connected to CSSM Through a Controller

CSLU Disconnected from CSSM

Overview:

Here, a product instance communicates with CSLU, and you have the option of implementing product instance-initiated communication or CSLU-initiated communication (as in the Connected to CSSM Through CSLU topology). The other side of the communication, between CSLU and CSSM, is offline. CSLU provides you with the option of working in a mode that is disconnected from CSSM.

Communication between CSLU and CSSM is sent and received in the form of signed files that are saved offline and then uploaded to or downloaded from CSLU or CSSM, as the case may be.

Figure 4. Topology: CSLU Disconnected from CSSM
Considerations or Recommendations:

None.

Where to Go Next:

To implement this topology, see Workflow for Topology: CSLU Disconnected from CSSM.

No Connectivity to CSSM and No CSLU

Overview:

Here you have a product instance and CSSM disconnected from each other, and without any other intermediary utilities or components. All communication is in the form of uploaded and downloaded files.

Figure 5. Topology: No Connectivity to CSSM and No CSLU
Considerations or Recommendations:

This topology is suited to a high-security deployment where a product instance cannot communicate online, with anything outside its network.

Where to Go Next:

To implement this topology, see Workflow for Topology: No Connectivity to CSSM and No CSLU.

Supported Products

This section provides information about the Cisco IOS-XE product instances that are within the scope of this document and support Smart Licensing Using Policy. All models (Product IDs or PIDs) in a product series are supported – unless indicated otherwise.

Table 3. Supported Product Instances: Cisco Catalyst Access, Core, and Aggregation Switches

Cisco Catalyst Access, Core, and Aggregation Switches

When Support was Introduced

Cisco Catalyst 9200 Series Switches

Cisco IOS XE Amsterdam 17.3.2a

Cisco Catalyst 9300 Series Switches

Cisco IOS XE Amsterdam 17.3.2a

Cisco Catalyst 9400 Series Switches

Cisco IOS XE Amsterdam 17.3.2a

Cisco Catalyst 9500 Series Switches

Cisco IOS XE Amsterdam 17.3.2a

Cisco Catalyst 9600 Series Switches

Cisco IOS XE Amsterdam 17.3.2a

Interactions with Other Features

High Availability

This section explains considerations that apply to a High Availability configuration, when running a software version that supports Smart Licensing Using Policy. The following High Availability set-ups are within the scope of this document:

A device stack with an active, a standby and one or more members

A dual-RP (route processor) set-up, where two RPs are installed in a chassis, one being the active and the other, the standby.

A dual-chassis set-up6 (could be fixed or modular), with the active in one chassis and a standby in the other chassis.

A dual-chassis and dual-RP set-up7, on a modular chassis. Two chassis are involved here as well, with an active RP in one chassis, a standby RP in the other chassis. The dual-RP aspect refers to an additional in-chassis standby RP in just one of the chassis, which is the minimum requirement, or an in-chassis standby RP in each chassis.

Trust Code Requirements in a High Availability Set-Up

The number of trust codes required depends on the number of UDIs. The active product instance can submit requests for all devices in the High Availability set-up and install all the trust codes that are returned in an ACK.

Policy Requirements in a High Availability Set-Up

There are no policy requirements that apply exclusively to a High Availability set-up. As in the case of a standalone product instance, only one policy exists in a High Availability set-up as well, and this is on the active. The policy on the active applies to the standby or members in the set-up.

Product Instance Functions in a High Availability Set-Up

This section explains general product instance functions in a High Availability set-up, as well as what the product instance does when a new standby or member is added to an existing High Available set-up.

For authorization and trust codes: The active product instance can request (if required) and install authorization codes and trust codes for standbys and members.

For policies: The active product instance synchronizes with the standby.

For reporting: Only the active product instance reports usage. The active reports usage information for all devices (standbys or members – as applicable) in the High Availability set-up.

In addition to scheduled reporting, the following events trigger reporting:

  • The addition or removal of a standby. The RUM report includes information about the standby that was added or removed.

  • The addition or removal of a member, including stack merge and stack split events. The RUM report includes information about member that was added or removed.

  • A switchover.

  • A reload.

When one of the above events occur, the “Next report push” date of the show license status privileged EXEC command is updated. But it is the implemented topology and associated reporting method that determine if the report is sent by the product instance or not. For example, if you have implemented a topology where the product instance is disconnected (Transport Type is Off), then the product instance does not send RUM reports even if the “Next report push” date is updated.

For a new member or standby addition:

  • A product instance that is connected to CSLU, does not take any further action.

  • A product instance that is directly connected to CSSM, performs trust synchronization. Trust synchronization involves the following:

    Installation of trust code on the standby or member if not installed already.

    If a trust code is already installed, the trust synchronization process ensures that the new standby or member is in the same Smart Account and Virtual Account as the active. If it is not, the new standby or member is moved to the same Smart Account and Virtual Account as the active.

    Installation of an authorization code, policy, and purchase information, if applicable

    Sending of a RUM report with current usage information.

Upgrades

This section describes how upgrade or migration to Smart Licensing Using Policy is handled. It also clarifies how Smart Licensing Using Policy handles all earlier licensing models including: the earlier version of Smart Licensing, Specific License Reservation (SLR), Right-to-Use Licensing (RTU), and how evaluation or expired licenses from any of the earlier licensing models are handled in Smart Licensing Using Policy environment.

To migrate to Smart Licensing Using Policy, you must upgrade to a software version that supports Smart Licensing Using Policy. After you upgrade, Smart Licensing Using Policy is the only supported licensing model and the product instance continues to operate without any licensing changes. The Migrating to Smart Licensing Using Policy section provides details and examples for migration scenarios that apply to Cisco Catalyst Access, Core, and Aggregation Switches.

Device-led conversion is not supported for migration to Smart Licensing Using Policy.

Identifying the Current Licensing Model Before Upgrade

Before you upgrade to Smart Licensing Using Policy, if you want to know the current licensing model that is effective on the product instance, enter the show license all command in privileged EXEC mode. This command displays information about the current licensing model for all except the RTU licensing model. The show license right-to-use privileged EXEC command displays license information only if the licensing model is RTU.

How Upgrade Affects Enforcement Types for Existing Licenses

When you upgrade to a software version which supports Smart Licensing Using Policy, the way existing licenses are handled, depends primarily on the license enforcement type.

  • An unenforced license that was being used before upgrade, continues to be available after the upgrade. All licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced licenses. This includes licenses from all earlier licensing models:

    • Smart Licensing.

    • Specific License Reservation (SLR), which has an accompanying authorization code. The authorization code continues to be valid after upgrade to Smart Licensing Using Policy and authorizes existing license consumption.

    • Right-to-Use (RTU) Licensing.

    • Evaluation or expired licenses from any of the above mentioned licensing models.

  • An enforced or export-controlled license that was being used before upgrade, continues to be available after upgrade if the required authorization exists.

    There are no export-controlled or enforced licenses on any of the supported Cisco Catalyst Access, Core, and Aggregation Switches, therefore, these enforcement types and the requisite SLAC do not apply.

How Upgrade Affects Reporting for Existing Licenses

Existing License

Reporting Requirements After Migration to Smart Licensing Using Policy

Right-to-Use (RTU)

Depends on the license being used.

After migration and deployment of a supported topology, in output of the show license usage command, refer to the Next ACK deadline field to know if and when reporting is required.

Specific License Reservation (SLR)

Required only if there is a change in license consumption.

An existing SLR authorization code authorizes existing license consumption after upgrade to Smart Licensing Using Policy.

Smart Licensing (Registered and Authorized licenses): Reporting for these licenses is based on the reporting requirements in the policy.

Depends on the policy.

Evaluation or expired licenses

Based on the reporting requirements of the Cisco default policy.

How Upgrade Affects Transport Type for Existing Licenses

The transport type, if configured in your existing set-up, is retained after upgrade to Smart Licensing Using Policy.

When compared to the earlier version of Smart Licensing, additional transport types are available with Smart Licensing Using Policy. There is also a change in the default transport mode. The following table clarifies how this may affect upgrades:

Transport type Before Upgrade

License or License State Before Upgrade

Transport Type After Upgrade

Default (callhome)

evaluation

cslu (default in Smart Licensing Using Policy)

SLR

off

registered

callhome

smart

evaluation

off

SLR

off

registered

smart

Not applicable

For example, if the existing licensing model is RTU.

Not applicable

For example, if the existing licensing model is RTU.

cslu

How Upgrade Affects the Token Registration Process

In the earlier version of Smart Licensing, a token was used to register and connect to CSSM. ID token registration is not required in Smart Licensing Using Policy. The token generation feature is still available in CSSM, and is used to establish trust when a product instance is directly connected to CSSM. See Connected Directly to CSSM.

Downgrades

To downgrade, you must downgrade the software version on the product instance. This section provides information about downgrades for new deployments and existing deployments (you upgraded to Smart Licensing Using Policy and now want to downgrade).

New Deployment Downgrade

This section applies if you had a newly purchased product instance with a software version where Smart Licensing Using Policy was already enabled by default and you want to downgrade to a software version where Smart Licensing Using Policy is not supported.

The outcome of the downgrade depends on whether a trust code was installed while you were still operating in the Smart Licensing Using Policy environment, and further action may be required depending on the release you downgrade to.

If the topology you implemented while in the Smart Licensing Using Policy environment was "Connected Directly to CSSM", then a trust code installation can be expected or assumed, because it is required as part of topology implementation. For any of the other topologies, trust establishment is not mandatory. Downgrading product instances with one of these other topologies will therefore mean that you have to restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment. See Table 1 below.

Table 4. Outcome and Action for New Deployment Downgrade to Smart Licensing

In the Smart Licensing Using Policy Environment

Downgrade to..

Outcome and Further Action

Standalone product instance, connected directly to CSSM, and trust established.

Cisco IOS XE Amsterdam 17.3.1

OR

Cisco IOS XE Gibraltar 16.12.4 and later releases in Cisco IOS XE Gibraltar 16.12.x

OR

Cisco IOS XE Fuji 16.9.6 and later releases in Cisco IOS XE Fuji 16.9.x

No further action is required.

The product instance attempts to renew trust with CSSM after downgrade.

After a successful renewal, licenses are in a registered state and the earlier version of Smart Licensing is effective on the product instance.

Any other release (other than the ones mentioned in the row above) that supports Smart Licensing

Action is required: You must reregister the product instance.

Generate an ID token in the CSSM Web UI and on the product instance, configure the license smart register idtoken idtoken command in global configuration mode.

High Availability set-up, connected directly to CSSM, and trust established.

Any release that supports Smart Licensing

Action is required: You must reregister the product instance.

Generate an ID token in the CSSM Web UI and on the product instance, configure the license smart register idtoken idtoken all command in global configuration mode.

Any other topology. (Connected to CSSM Through CSLU, CSLU Disconnected from CSSM, No Connectivity to CSSM and No CSLU)

Any release that supports Smart Licensing

Action is required.

Restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment.

Upgrade and Then Downgrade

If you upgrade to a software version that supports Smart Licensing Using Policy and then downgrade to any of the earlier licensing models, license consumption does not change and any product features you have configured on the product instance are preserved – only the features and functions that are available with Smart Licensing Using Policy are not available anymore. Refer to the corresponding section below to know more about reverting to an earlier licensing model.

Upgrade to Smart Licensing Using Policy and then Downgrade to Smart Licensing

The outcome of the downgrade depends on whether a trust code was installed while you were still operating in the Smart Licensing Using Policy environment, and further action may be required depending on the release you downgrade to. See Table 2.

Table 5. Outcome and Action for Upgrade to Smart Licensing Using Policy and then Downgrade to Smart Licensing

In the Smart Licensing Using Policy Environment

Downgrade to..

Outcome and Further Action

Standalone product instance, connected directly to CSSM, and trust established.

Cisco IOS XE Amsterdam 17.3.1

OR

Cisco IOS XE Gibraltar 16.12.4 and later releases in Cisco IOS XE Gibraltar 16.12.x

OR

Cisco IOS XE Fuji 16.9.6 and later releases in Cisco IOS XE Fuji 16.9.x

No further action is required.

The system recognizes the trust code and converts it back to a registered ID token, and this reverts the license to an AUTHORIZED and REGISTERED state.

Any other release (other than the ones mentioned in the row above) that supports Smart Licensing

Action is required: You must reregister the product instance.

Generate an ID token in the CSSM Web UI and on the product instance, configure the license smart register idtokenidtoken command in global configuration mode.

High Availability set-up, connected directly to CSSM, and trust established.

Any release that supports Smart Licensing

Action is required: You must reregister the product instance.

Generate an ID token in the CSSM Web UI and on the product instance, configure the license smart register idtoken idtoken all command in global configuration mode.

Any other topology (Connected to CSSM Through CSLU, CSLU Disconnected from CSSM, No Connectivity to CSSM and No CSLU)

Any release that supports Smart Licensing.

Action is required.

Restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment.


Note

Licenses that were in an evaluation or expired state in the Smart Licensing environment, revert to that same state after downgrade.

Upgrade to Smart Licensing Using Policy and then Downgrade to SLR

To revert to SLR, all that is required is for the image to be downgraded. The license remains reserved and authorized – no further action is required.

However, if you have returned an SLR while in the Smart Licensing Using Policy environment, then you must repeat the process of procuring an SLR as required, in the supported release.

Downgrade to RTU

To revert to RTU, all that is required is for the image to be downgraded.

Licenses that were in an evaluation or expired state in the RTU Licensing environment, revert to that same state after downgrade.

How to Configure Smart Licensing Using Policy: Workflows by Topology

This section provides the simplest and fastest way to implement a topology.


Note

These workflows are meant for new deployments only. If you are migrating from an existing licensing model, see Migrating to Smart Licensing Using Policy.


Workflow for Topology: Connected to CSSM Through CSLU

Depending on whether you want to implement a product instance-initiated or CSLU-initiated method of communication, complete the corresponding sequence of tasks:

Tasks for Product Instance-Initiated Communication

CSLU Installation CSLU Preference SettingsProduct Instance Configuration

  1. CSLU Installation

    Where task is performed: A Windows host (laptop, destop, or a Virtual Machine (VM)

    Download the file from Smart Software Manager > Smart Licensing Utility.

    Refer to the Cisco Smart License Utility Quick Start Setup Guide for help with installation and set-up.

  2. CSLU Preference Settings

    Where tasks are performed: CSLU

    1. Logging into Cisco (CSLU Interface)

    2. Configuring a Smart Account and a Virtual Account (CSLU Interface)

    3. Adding a Product-Initiated Product Instance in CSLU (CSLU Interface)

  3. Product Instance Configuration

    Where tasks are performed: Product Instance

    1. Ensuring Network Reachability for Product Instance-Initiated Communication

    2. Ensure that transport type is set to cslu.

      CSLU is the default transport type. If you have configured a different option, enter the license smart transport cslu command in global configuration mode. Save any changes to the configuration file.
      Device(config)# license smart transport cslu
      Device(config)# exit
      Device# copy running-config startup-config
      
    3. Specify how you want CSLU to be discovered (choose one):

      • Option 1:

        No action required. Name server configured for Zero-touch DNS discovery of cslu-local

        Here, if you have configured DNS (The name server IP address is configured on the product instance), and the DNS server has an entry where hostname cslu-local is mapped to the CSLU IP address, then no further action is required. The product instance automatically discovers hostname cslu-local.

      • Option 2:

        No action required. Name server and domain configured for Zero-touch DNS discovery of cslu-local.<domain>

        Here if you have configured DNS, (The name server IP address and domain is configured on the product instance), and the DNS server has an entry where cslu-local.<domain> is mapped to the CSLU IP address, then no further action is required. The product instance automatically discovers hostname cslu-local.

      • Option 3:

        Configure a specific URL for CSLU.

        Enter the license smart url cslu http://<cslu_ip_or_host>:8182/cslu/v1/pi command in global configuration mode. For <cslu_ip_or_host>, enter the hostname or the IP address of the windows host where you have installed CSLU. 8182 is the port number and it is the only port number that CSLU uses.
        Device(config)# license smart url cslu http://192.168.0.1:8182/cslu/v1/pi
        Device(config)# exit
        Device# copy running-config startup-config
        

Result:

Since the product instance initiates communication, it automatically sends out the first RUM report at the scheduled time, as per the policy. Along with this first report, if applicable and if required, it sends a trust code request. To know when the product instance will be sending this information, enter the show license all command in privileged EXEC mode and in the output, check the date for field Next report push:.

CSLU forwards the information to CSSM and the returning ACK from CSSM, to the product instance.

In case of a change in license usage, see Configuring a License to know how it affects reporting.

Tasks for CSLU-Initiated Communication

CSLU Installation CSLU Preference SettingsProduct Instance Configuration

  1. CSLU Installation

    Where task is performed: A Windows host (laptop, destop, or a Virtual Machine (VM)

    Download the file from Smart Software Manager > Smart Licensing Utility.

    Refer to the Cisco Smart License Utility Quick Start Setup Guide for help with installation and set-up.

  2. CSLU Preference Settings

    Where tasks is performed: CSLU

    1. Logging into Cisco (CSLU Interface)

    2. Configuring a Smart Account and a Virtual Account (CSLU Interface)

    3. Adding a CSLU-Initiated Product Instance in CSLU (CSLU Interface)

    4. Collecting Usage Reports: CSLU Initiated

  3. Product Instance Configuration

    Where tasks is performed: Product Instance

    Ensuring Network Reachability for CSLU-Initiated Communication

Result:

You can now collect and send a RUM report to CSSM, in CSLU, by navigating to the Actions for Selected… menu in CSLU, and selecting Collect Usage. The RUM report is sent to CSSM. Along with this first report, if applicable and if required, CSLU sends a trust code request to CSSM. It gets the ACK from CSSM and sends this back to the product instance for installation.

In case of a change in license usage, see Configuring a License to know how it affects reporting.

Workflow for Topology: Connected Directly to CSSM

Smart Account Set-UpProduct Instance ConfigurationTrust Establishment with CSSM

  1. Smart Account Set-Up

    Where task is performed: CSSM Web UI, https://software.cisco.com/.

    Ensure that you have a user role with proper access rights to a Smart Account and the required Virtual Accounts.

  2. Product Instance Configuration

    Where tasks are performed: Product Instance

    1. Set-Up product instance connection to CSSM: Setting Up a Connection to CSSM.

    2. Configure a connection method and transport type (choose one)

  3. Trust Establishment with CSSM

    Where task is performed: CSSM Web UI and then the product instance

    1. Generate one token for each Virtual Account you have. You can use same token for all the product instances that are part of one Virtual Account: Generating a New Token for a Trust Code from CSSM.

    2. Having downloaded the token, you can now install the trust code on the product instance: Installing a Trust Code.

Result:

After establishing trust, CSSM returns a policy. The policy is automatically installed on all product instances of that Virtual Account. The policy specifies if and how often the product instance reports usage.

If you want to change your reporting interval to report more frequently: on the product instance, configure the license smart usage interval command in global configuration mode. For syntax details see the license smart (privileged EXEC) command in the Command Reference for the corresponding release.

In case of a change in license usage, see Configuring a License to know how it affects reporting.

Workflow for Topology: Connected to CSSM Through a Controller

To deploy Cisco DNA Center as the controller, complete the following workflow:

Product Instance ConfigurationCisco DNA Center Configuration

  1. Product Instance Configuration

    Where task is performed: Product Instance

    Enable NETCONF. Cisco DNA Center uses the NETCONF protocol to provision configuration and retrieve the required information from the product instance - the product instance must therefore have NETCONF enabled, to facilitate this.

    For more information, see the Programmability Configuration Guide, Cisco IOS XE Amsterdam 17.3.x. In the guide, go to Model-Driven Programmability > NETCONF Protocol.

  2. Cisco DNA Center Configuration

    Where tasks is performed: Cisco DNA Center GUI

    An outline of the tasks you must complete and the accompanying documentation reference is provided below. The document provides detailed steps you have to complete in the Cisco DNA Center GUI:

    1. Set-up the Smart Account and Virtual Account.

      Enter the same log in credentials that you use to log in to the CSSM Web UI. This enables Cisco DNA Center to establish a connection with CSSM.

      See the Cisco DNA Center Administrator Guide of the required release (Release 2.2.2 onwards) > Manage Licenses > Set Up License Manager.

    2. Add the required product instances to Cisco DNA Center inventory and assign them to a site.

      This enables Cisco DNA Center to push any necessary configuration, including the required certificates, for Smart Licensing Using Policy to work as expected.

      See the Cisco DNA Center User Guide of the required release (Release 2.2.2 onwards) > Display Your Network Topology > Assign Devices to a Site.

Result:

After you implement the topology, you must trigger the very first ad hoc report in Cisco DNA Center, to establish a mapping between the Smart Account and Virtual Account, and product instance. See the Cisco DNA Center Administrator Guide of the required release (Release 2.2.2 onwards) > Manage Licenses > Upload Resource Utilization Details to CSSM. Once this is done, Cisco DNA Center handles subsequent reporting based on the reporting policy.

If multiple policies are available, Cisco DNA Center maintains the narrowest reporting interval. You can change this, but only to report more frequently (a narrower interval). See the Cisco DNA Center Administrator Guide of the required release (Release 2.2.2 onwards) > Manage Licenses > Modify License Policy.

If you want to change the license level after this, see the Cisco DNA Center Administrator Guide of the required release (Release 2.2.2 onwards) > Manage Licenses > Change License Level.

Workflow for Topology: CSLU Disconnected from CSSM

Depending on whether you want to implement a product instance-initiated or CSLU-initiated method of communication. Complete the corresponding table of tasks below.

Tasks for Product Instance-Initiated Communication

CSLU Installation CSLU Preference SettingsProduct Instance ConfigurationDownload All for Cisco and Upload From Cisco

  1. CSLU Installation

    Where task is performed: A Windows host (laptop, destop, or a Virtual Machine (VM)

    Download the file from Smart Software Manager > Smart Licensing Utility.

    Refer to the Cisco Smart License Utility Quick Start Setup Guide for help with installation and set-up.

  2. CSLU Preference Settings

    Where tasks are performed: CSLU

    1. In the CSLU Preferences tab, click the Cisco Connectivity toggle switch to off. The field switches to “Cisco Is Not Available”.

    2. Configuring a Smart Account and a Virtual Account (CSLU Interface)

    3. Adding a Product-Initiated Product Instance in CSLU (CSLU Interface)

  3. Product Instance Configuration

    Where tasks are performed: Product Instance

    1. Ensuring Network Reachability for Product Instance-Initiated Communication

    2. Ensure that transport type is set to cslu.

      CSLU is the default transport type. If you have configured a different option, enter the license smart transport cslu command in global configuration mode. Save any changes to the configuration file.
      Device(config)# license smart transport cslu
      Device(config)# exit
      Device# copy running-config startup-config
      
    3. Specify how you want CSLU to be discovered (choose one)

      • Option 1:

        No action required. Name server configured for Zero-touch DNS discovery of cslu-local

        Here, if you have configured DNS (The name server IP address is configured on the product instance), and the DNS server has an entry where hostname cslu-local is mapped to the CSLU IP address, then no further action is required. The product instance automatically discovers hostname cslu-local.

      • Option 2:

        No action required. Name server and domain configured for Zero-touch DNS discovery of cslu-local.<domain>

        Here if you have configured DNS, (The name server IP address and domain is configured on the product instance), and the DNS server has an entry where cslu-local.<domain> is mapped to the CSLU IP address, then no further action is required. The product instance automatically discovers hostname cslu-local.

      • Option 3:

        Configure a specific URL for CSLU.

        Enter the license smart url cslu http://<cslu_ip_or_host>:8182/cslu/v1/pi command in global configuration mode. For <cslu_ip_or_host>, enter the hostname or the IP address of the windows host where you have installed CSLU. 8182 is the port number and it is the only port number that CSLU uses.
        Device(config)# license smart url cslu http://192.168.0.1:8182/cslu/v1/pi
        Device(config)# exit
        Device# copy running-config startup-config
        
  4. Download All for Cisco and Upload From Cisco

    Where tasks are performed: CSLU and CSSM

    1. Download All For Cisco (CSLU Interface)

    2. Uploading Usage Data to CSSM and Downloading an ACK

    3. Upload From Cisco (CSLU Interface)

Result:

Since the product instance initiates communication, it automatically sends out the first RUM report at the scheduled time, as per the policy. Along with this first report, if applicable and if required, it sends a trust code request. To know when the product instance will be sending this information, enter the show license all command in privileged EXEC mode and in the output, check the date for field Next report push:.

Since CSLU is disconnected from CSSM, you must save usage data which CSLU has collected from the product instance to a file. Then, from a workstation that is connected to Cisco, upload it to CSSM. After this, download the ACK from CSSM. In the workstation where CSLU is installed and connected to the product instance, upload the file to CSLU.

In case of a change in license usage, see Configuring a License to know how it affects reporting.



Tasks for CSLU-Initiated Communication

CSLU Installation CSLU Preference SettingsProduct Instance ConfigurationDownload All for Cisco and Upload From Cisco

  1. CSLU Installation

    Where task is performed: A Windows host (laptop, destop, or a Virtual Machine (VM)

    Download the file from Smart Software Manager > Smart Licensing Utility.

    Refer to the Cisco Smart License Utility Quick Start Setup Guide for help with installation and set-up.

  2. CSLU Preference Settings

    Where tasks is performed: CSLU

    1. In the CSLU Preferences tab, click the Cisco Connectivity toggle switch to off. The field switches to “Cisco Is Not Available”.

    2. Configuring a Smart Account and a Virtual Account (CSLU Interface)

    3. Adding a CSLU-Initiated Product Instance in CSLU (CSLU Interface)

    4. Collecting Usage Reports: CSLU Initiated

  3. Product Instance Configuration

    Where task is performed: Product Instance

    Ensuring Network Reachability for CSLU-Initiated Communication

  4. Download All for Cisco and Upload From Cisco

    Where tasks are performed: CSLU and CSSM

    1. Download All For Cisco (CSLU Interface)

    2. Uploading Usage Data to CSSM and Downloading an ACK

    3. Upload From Cisco (CSLU Interface)

Result:

You can now collect and send a RUM report to CSSM, in CSLU, by navigating to the Actions for Selected… menu, and selecting Collect Usage. If applicable the report also includes a trust code request and authorization code request.

Since CSLU is disconnected from CSSM, you must save usage data which CSLU has collected from the product instance to a file. Then, from a workstation that is connected to Cisco, upload it to CSSM. After this, download the ACK from CSSM. In the workstation where CSLU is installed and connected to the product instance, upload the file to CSLU.

In case of a change in license usage, see Configuring a License to know how it affects reporting.

Workflow for Topology: No Connectivity to CSSM and No CSLU

Since you do not have to configure connectivity to any other component, the list of tasks required to set-up the topology is a small one. See, the Results section at the end of the workflow to know how you can complete requisite usage reporting after you have implemented this topology.

Product Instance Configuration

Where task is performed: Product Instance

Set transport type to off.

Enter the license smart transport off command in global configuration mode. Save any changes to the configuration file.
Device(config)# license smart transport off
Device(config)# exit
Device# copy running-config startup-config

Result:

All communication to and from the product instance is disabled. To report license usage you must save RUM reports to a file (on your product instance) and upload it to CSSM (from a workstation that has connectivity to the internet, and Cisco):

  1. Generate and save RUM reports

    Enter the license smart save usage command in privileged EXEC mode. In the example below, all RUM reports are saved to the flash memory of the product instance, in file all_rum.txt. In the example, the file is first saved to bootflash and then copied to a TFTP location:

    Device# license smart save usage all bootflash:all_rum.txt
    Device# copy bootflash:all_rum.txt tftp://10.8.0.6/all_rum.txt 
    
  2. Upload usage data to CSSM: Uploading Usage Data to CSSM and Downloading an ACK

  3. Install the ACK on the product instance: Installing a File on the Product Instance

In case of a change in license usage, see Configuring a License to know how it affects reporting.

Migrating to Smart Licensing Using Policy

To upgrade to Smart Licensing Using Policy, you must upgrade the software version (image) on the product instance to a supported version.

Before you Begin

Ensure that you have read the Upgrades section, to understand how Smart Licensing Using Policy handles various aspects of all earlier licensing models.

Smart Licensing Using Policy is introduced in Cisco IOS XE Amsterdam 17.3.2. This is therefore the minimum required version for Smart Licensing Using Policy.

Device-led conversion is not supported for migration to Smart Licensing Using Policy.

Upgrading the Switch Software

See the corresponding release note for the upgrade procedure. If there are any general release-specific considerations, these are called-out in the corresponding release notes. For example, to upgrade to Cisco IOS XE Amsterdam 17.3.2, see Release Notes for Cisco <platform name>, Cisco IOS XE Amsterdam 17.3.x.

You can use the procedure to upgrade in install mode or with In-Service Software Upgrade (ISSU) (on supported platforms and supported releases).

Also refer to the sample show command outputs of the migration scenarios provided below. Sample outputs are provided for before and after migration, for comparison.

Example: Smart Licensing to Smart Licensing Using Policy

The following is an example of a Cisco Catalyst 9500 switch migrating from Smart Licensing to Smart Licensing Using Policy. This is a High Availability set-up with an active and standby.

The show command outputs below call-out key fields to check, before and after migration.

Table 6. Smart Licensing to Smart Licensing Using Policy: show Commands

Before Upgrade

After Upgrade

show license summary (Smart Licensing)

The Status and License Authorization fields show that the license is REGISTERED and AUTHORIZED.

show license summary (Smart Licensing Using Policy)

The Status field shows that the licenses are now IN USE instead of registered and authorized.

Device# show license summary

Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: SA-Switching-Polaris
Virtual Account: SLE_Test
Export-Controlled Functionality: ALLOWED
Last Renewal Attempt: None
Next Renewal Attempt: Mar 21 11:08:58 2021 PST
License Authorization: 
Status: AUTHORIZED
Last Communication Attempt: SUCCEEDED
Next Communication Attempt: Oct 22 11:09:07 2020 PST
License Usage:
License                 Entitlement tag         Count Status
----------------------------------------------------------------
C9500 Network Advantage (C9500 Network Advantage)  2 AUTHORIZED
C9500-DNA-16X-A         (C9500-16X DNA Advantage)  2 AUTHORIZED

Device# show license summary
License Usage:
License           Entitlement tag          Count Status
--------------------------------------------------------
network-advantage (C9500 Network Advantage)  2 IN USE
dna-advantage     (C9500-16X DNA Advantage)  2 IN USE

show license usage (Smart Licensing)

show license usage (Smart Licensing Using Policy)

The license counts remain the same.

The Enforcement Type field displays NOT ENFORCED. (There are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches).

Device# show license usage
License Authorization: 
Status: AUTHORIZED on Sep 22 11:09:07 2020 PST
C9500 Network Advantage (C9500 Network Advantage):
Description: C9500 Network Advantage
Count: 2
Version: 1.0
Status: AUTHORIZED
Export status: NOT RESTRICTED
C9500-DNA-16X-A (C9500-16X DNA Advantage):
Description: C9500-DNA-16X-A
Count: 2
Version: 1.0
Status: AUTHORIZED
Export status: NOT RESTRICTED


Device# show license usage


License Authorization:
  Status: Not Applicable
network-advantage (C9500 Network Advantage):
  Description: network-advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: network-advantage
  Feature Description: network-advantage
  Enforcement type: NOT ENFORCED
  License type: Perpetual
dna-advantage (C9500-16X DNA Advantage):
  Description: C9500-16X DNA Advantage
  Count: 2  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: dna-advantage
  Feature Description: C9500-16X DNA Advantage
  Enforcement type: NOT ENFORCED
  License type: Subscription

show license status (Smart Licensing)

show license status (Smart Licensing Using Policy)

The Transport: field: A transport type was configured and therefore retained after upgrade.

The Policy: header and details: A custom policy was available in the Smart Account or Virtual Account – this has also been automatically installed on the product instance. (After establishing trust, CSSM returns a policy. The policy is then automatically installed.)

The Usage Reporting: header: The Next report push: field provides information about when the product instance will send the next RUM report to CSSM.

The Trust Code Installed: field: The ID token is successfully converted and a trusted connected has been established with CSSM.

Device# show license status

Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: REGISTERED
Smart Account: SA-Switching-Polaris
Virtual Account: SLE_Test
Export-Controlled Functionality: ALLOWED
Initial Registration: SUCCEEDED on Sep 22 11:08:58 2020 PST
Last Renewal Attempt: None
Next Renewal Attempt: Mar 21 11:08:57 2021 PST
Registration Expires: Sep 22 11:04:23 2021 PST
License Authorization: 
Status: AUTHORIZED on Sep 22 11:09:07 2020 PST
Last Communication Attempt: SUCCEEDED on Sep 22 11:09:07 2020 PST
Next Communication Attempt: Oct 22 11:09:06 2020 PST
Communication Deadline: Dec 21 11:04:34 2020 PST
Export Authorization Key:
Features Authorized:
<none>
Miscellaneus:
Custom Id: <empty>



Device# show license status

Utility:
  Status: DISABLED
Smart Licensing Using Policy:
  Status: ENABLED
Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED
Transport:
  Type: Callhome
Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
Miscellaneous:
  Custom Id: <empty>
Usage Reporting:
  Last ACK received: Sep 22 13:49:38 2020 PST
  Next ACK deadline: Dec 21 12:02:21 2020 PST
  Reporting push interval: 30 days
  Next ACK push check: Sep 22 12:20:34 2020 PST
  Next report push: Oct 22 12:05:43 2020 PST
  Last report push: Sep 22 12:05:43 2020 PST
  Last report file write: <none>
Trust Code Installed:
  Active: PID:C9500-16X,SN:FCW2233A5ZV
  INSTALLED on Sep 22 12:02:20 2020 PST
  Standby: PID:C9500-16X,SN:FCW2233A5ZY
  INSTALLED on Sep 22 12:02:20 2020 PST

show license udi (Smart Licensing)

show license udi (Smart Licensing Using Policy)

This is a High Availability set-up and the command displays all UDIs in the set-up.

Device# show license udi

UDI: PID:C9500-16X,SN:FCW2233A5ZV
HA UDI List:
Active:PID:C9500-16X,SN:FCW2233A5ZV
Standby:PID:C9500-16X,SN:FCW2233A5ZY

Device# show license udi

UDI: PID:C9500-16X,SN:FCW2233A5ZV
HA UDI List:
Active:PID:C9500-16X,SN:FCW2233A5ZV
Standby:PID:C9500-16X,SN:FCW2233A5ZY

The CSSM Web UI After Migration

Log in to the CSSM Web UI at https://software.cisco.com and click Smart Software Licensing. Under Inventory > Product Instances.

Registered licenses in the Smart Licensing environment were displayed with the hostname of the product instance in the Name column. After upgrade to Smart Licensing Using Policy, they are displayed with the UDI of the product instance. All migrated UDIs are displayed. In this example, they are PID:C9500-16X,SN:FCW2233A5ZV and PID:C9500-16X,SN:FCW2233A5ZY.

Only the active product instance reports usage, therefore PID:C9500-16X,SN:FCW2233A5ZV displays license consumption information under License Usage. The standby does not report usage and the License Usage section for the standby displays No Records Found.

It is always the active that reports usage, so if the active in this High Availabilty set-up changes, the new active product instance will display license consumption information and report usage.

Figure 6. Smart Licensing to Smart Licensing Using Policy: Active and Standby Product Instances After Migration Figure 7. Smart Licensing to Smart Licensing Using Policy: UDI and License Usage under Active Product Instance

Reporting After Migration

The product instance sends the next RUM report to CSSM, based on the policy.

If you want to change your reporting interval to report more frequently: on the product instance, configure the license smart usage interval command. For syntax details see the license smart (global config) command in the Command Reference for the corresponding release.

Example: RTU Licensing to Smart Licensing Using Policy

The following is an example of a Cisco Catalyst 9300 switch migrating from Right-to-Use (RTU) Licensing to Smart Licensing Using Policy. This is a set-up with an active and members.

RTU Licensing is available on Cisco Catalyst 9300, 9400, and 9500 Series Switches until Cisco IOS XE Fuji 16.8.x. Smart Licensing was introduced starting from Cisco IOS XE Fuji 16.9.1.

When the software version is upgraded to one that supports Smart Licensing Using Policy, all licenses are displayed as IN USE and the Cisco default policy is applied on the product instance. If any add-on licenses are used, the Cisco default policy requires usage reporting in 90 days. Since all licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced, (enforcement type), no functionality is lost.

The table below calls out key changes or new fields to check for in the show command outputs, after upgrade to Smart Licensing Using Policy

Table 7. RTU Licensing to Smart Licensing Using Policy: show Commands

Before Upgrade

After Upgrade

show license right-to-use summary (RTU Licensing)

show license summary (Smart Licensing Using Policy)

All licenses are migrated and IN USE.

Device# show license right-to-use summary
License Name Type Period left
------------------------------------------------
network-essentials Permanent Lifetime
dna-essentials Subscription CSSM Managed
------------------------------------------------

License Level In Use: network-essentials+dna-essentials Subscription
License Level on Reboot: network-essentials+dna-essentials Subscription

Device#show license summary
License Usage:
License             Entitlement Tag         Count Status
-----------------------------------------------------------
network-essentials  (C9300-24 Network Essen...) 2 IN USE
dna-essentials      (C9300-24 DNA Essentials)   2 IN USE
network-essentials  (C9300-48 Network Essen...) 1 IN USE
dna-essentials      (C9300-48 DNA Essentials)   1 IN USE

show license right-to-use usage (Smart Licensing)

show license usage (Smart Licensing Using Policy)

All licenses (permanent, subscription) have been migrated and the licenses are now IN USE and have types Perpetual and Subscription.

The Enforcement Type field displays NOT ENFORCED. (There are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches).

Device# show license right-to-use usage

Slot# License Name Type usage-duration(y:m:d) In-Use EULA
---------------------------------------------------------
1 network-essentials Permanent 00:00:00 yes yes
1 network-essentials Evaluation 00:00:00 no no
1 network-essentials Subscription 00:00:00 no no
1 network-advantage Permanent 00:00:00 no no
1 network-advantage Evaluation 00:00:00 no no
1 network-advantage Subscription 00:00:00 no no
1 dna-essentials Evaluation 00:00:00 no no
1 dna-essentials Subscription 00:00:00 yes yes
1 dna-advantage Evaluation 00:00:00 no no
1 dna-advantage Subscription 00:00:00 no no
----------------------------------------------------------
Slot# License Name Type usage-duration(y:m:d) In-Use EULA
----------------------------------------------------------
2 network-essentials Permanent 00:00:00 yes yes
2 network-essentials Evaluation 00:00:00 no no
2 network-essentials Subscription 00:00:00 no no
2 network-advantage Permanent 00:00:00 no no
2 network-advantage Evaluation 00:00:00 no no
2 network-advantage Subscription 00:00:00 no no
2 dna-essentials Evaluation 00:00:00 no no
2 dna-essentials Subscription 00:00:00 yes yes
2 dna-advantage Evaluation 00:00:00 no no
2 dna-advantage Subscription 00:00:00 no no
----------------------------------------------------------
Slot# License Name Type usage-duration(y:m:d) In-Use EULA
----------------------------------------------------------
3 network-essentials Permanent 00:00:00 yes yes
3 network-essentials Evaluation 00:00:00 no no
3 network-essentials Subscription 00:00:00 no no
3 network-advantage Permanent 00:00:00 no no
3 network-advantage Evaluation 00:00:00 no no
3 network-advantage Subscription 00:00:00 no no
3 dna-essentials Evaluation 00:00:00 no no
3 dna-essentials Subscription 00:00:00 yes yes
3 dna-advantage Evaluation 00:00:00 no no
3 dna-advantage Subscription 00:00:00 no no
---------------------------------------------------------

Device# show license usage

License Authorization:
  Status: Not Applicable
network-advantage (C9300-24 Network Advantage):
  Description: C9300-24 Network Advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: network-advantage
  Feature Description: C9300-24 Network Advantage
  Enforcement type: NOT ENFORCED
  License type: Perpetual
dna-advantage (C9300-24 DNA Advantage):
  Description: C9300-24 DNA Advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: dna-advantage
  Feature Description: C9300-24 DNA Advantage
  Enforcement type: NOT ENFORCED
  License type: Subscription
network-advantage (C9300-48 Network Advantage):
  Description: C9300-48 Network Advantage
  Count: 1
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: network-advantage
  Feature Description: C9300-48 Network Advantage
  Enforcement type: NOT ENFORCED
  License type: Perpetual
dna-advantage (C9300-48 DNA Advantage):
  Description: C9300-48 DNA Advantage
  Count: 1
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: dna-advantage
  Feature Description: C9300-48 DNA Advantage
  Enforcement type: NOT ENFORCED
  License type: Subscription

show license right-to-use (RTU Licensing)

show license status (Smart Licensing Using Policy)

The Transport: field displays its off.

The Trust Code Installed: field displays that a trust code is not installed.

Under the Usage Reporting: header, the Next report push: field provides information about when the next RUM report must be sent to CSSM.

Device# show license right-to-use 
Slot# License Name Type Period left
----------------------------------------------------
1 network-essentials Permanent Lifetime
1 dna-essentials Subscription CSSM Managed
----------------------------------------------------
License Level on Reboot: network-essentials+dna-essentials 
Subscription

Slot# License Name Type Period left
----------------------------------------------------
2 network-essentials Permanent Lifetime
2 dna-essentials Subscription CSSM Managed
----------------------------------------------------
License Level on Reboot: network-essentials+dna-essentials 
Subscription

Slot# License Name Type Period left
----------------------------------------------------
3 network-essentials Permanent Lifetime
3 dna-essentials Subscription CSSM Managed
----------------------------------------------------
License Level on Reboot: network-essentials+dna-essentials 
Subscription

Device# show license status
Utility:
  Status: DISABLED
Smart Licensing Using Policy:
  Status: ENABLED
Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED
Transport:
  Type: Transport Off
Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
Miscellaneous:
  Custom Id: <empty> 
Usage Reporting:
  Last ACK received: <none>
  Next ACK deadline: Jan 26 10:27:59 2021 PST
  Reporting push interval: 20  days
  Next ACK push check: <none>
  Next report push: Oct 28 10:29:59 2020 PST
  Last report push: <none>
  Last report file write: <none>
Trust Code Installed: <none>

The CSSM Web UI After Migration

No changes in the CSSM Web UI.

Reporting After Migration

Implement any one of the supported topologies, and fulfil reporting requirements. See Supported Topologies and How to Configure Smart Licensing Using Policy: Workflows by Topology. The reporting method you can use depends on the topology you implement.

Example: SLR to Smart Licensing Using Policy

The following is an example of a Cisco Catalyst 9500 switch migrating from Specific License Reservation (SLR) to Smart Licensing Using Policy. This is a High Availability set-up with an active and standby.

The license conversion is automatic and authorization codes are migratied. No further action is required to complete migration. After migration the No Connectivity to CSSM and No CSLU topology is effective. For information about the SLR authorization code in the Smart Licensing Using Policy environment, see Authorization Code.

The show command outputs below call-out key fields to check, before and after migration.

Table 8. SLR to Smart Licensing Using Policy: show Commands

Before Upgrade

After Upgrade

show license summary (SLR)

The Registration and License Authorization status fields show that the license was REGISTERED - SPECIFIC LICENSE RESERVATION and AUTHORIZED - RESERVED.

show license summary (Smart Licensing Using Policy)

The Status field shows that the licenses are now IN USE instead of registered and authorized.

Device# show license summary

Smart Licensing is ENABLED
License Reservation is ENABLED
Registration:
  Status: REGISTERED - SPECIFIC LICENSE RESERVATION  
Export-Controlled Functionality: ALLOWED
License Authorization:
  Status: AUTHORIZED - RESERVED
License Usage:
License                Entitlement tag         Count Status
--------------------------------------------------------------
C9500 Network Advantage(C9500 Network Advantage)  2 AUTHORIZED
C9500-DNA-16X-A        (C9500-16X DNA Advantage)  2 AUTHORIZED

Device# show license summary

License Reservation is ENABLED
License Usage:
License           Entitlement tag          Count Status 
---------------------------------------------------------
network-advantage(C9500 Network Advantage)     2 IN USE
dna-advantage    (C9500-16X DNA Advantage)     2 IN USE

show license reservation (SLR)

show license all (Smart Licensing Using Policy)

The License Authorizations header: shows that base (C9500 Network Advantage) and add-on (C9500-DNA-16X-A) licenses on the active and standby product instances were authorized with Specific License Reservation. The Authorization type: field shows SPECIFIC INSTALLED.

The Last Confirmation code: field: shows that the SLR authorization code is successfully migrated for the active and standby product instances in the High Availability set-up.

Device# show license reservation
License reservation: ENABLED
Overall status:
  Active: PID:C9500-16X,SN:FCW2233A5ZV
      Reservation status: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
      Export-Controlled Functionality: ALLOWED
      Last Confirmation code: 4bfbea7f
  Standby: PID:C9500-16X,SN:FCW2233A5ZY
      Reservation status: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
      Export-Controlled Functionality: ALLOWED
      Last Confirmation code: 9394f196
Specified license reservations:
  C9500 Network Advantage (C9500 Network Advantage):
    Description: C9500 Network Advantage
    Total reserved count: 2
    Term information:
      Active: PID:C9500-16X,SN:FCW2233A5ZV
        License type: PERPETUAL
          Term Count: 1
      Standby: PID:C9500-16X,SN:FCW2233A5ZY
        License type: PERPETUAL
          Term Count: 1
  C9500-DNA-16X-A (C9500-16X DNA Advantage):
    Description: C9500-DNA-16X-A
    Total reserved count: 2
    Term information:
      Active: PID:C9500-16X,SN:FCW2233A5ZV
        License type: TERM
          Start Date: 2020-MAR-17 UTC
          End Date: 2021-MAR-17 UTC
          Term Count: 1
      Standby: PID:C9500-16X,SN:FCW2233A5ZY

Device# show license reservation

Smart Licensing Status
======================
Smart Licensing is ENABLED
License Reservation is ENABLED
Export Authorization Key:
  Features Authorized:
    <none>
Utility:
  Status: DISABLED
Smart Licensing Using Policy:
  Status: ENABLED
Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED
Transport:
  Type: Transport Off
Miscellaneous:
  Custom Id: <empty>
Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
Usage Reporting:
  Last ACK received: <none>
  Next ACK deadline: Nov 29 10:50:05 2020 PDT
  Reporting Interval: 30
  Next ACK push check: <none>
  Next report push: Aug 31 10:52:05 2020 PDT
  Last report push: <none>
  Last report file write: <none>
Trust Code Installed: <none>
License Usage
=============
network-advantage (C9500 Network Advantage):
  Description: network-advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: network-advantage
  Feature Description: network-advantage
  Enforcement type: NOT ENFORCED
  License type: Perpetual
  Reservation:
    Reservation status: SPECIFIC INSTALLED
    Total reserved count: 2
dna-advantage (C9500-16X DNA Advantage):
  Description: C9500-16X DNA Advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: dna-advantage
  Feature Description: C9500-16X DNA Advantage
  Enforcement type: NOT ENFORCED
  License type: Subscription
  Reservation:
    Reservation status: SPECIFIC INSTALLED
    Total reserved count: 2
Product Information
===================
UDI: PID:C9500-16X,SN:FCW2233A5ZV
HA UDI List:
    Active:PID:C9500-16X,SN:FCW2233A5ZV
    Standby:PID:C9500-16X,SN:FCW2233A5ZY 
Agent Version
=============
Smart Agent for Licensing: 5.0.5_rel/42 
License Authorizations
======================
Overall status:
  Active: PID:C9500-16X,SN:FCW2233A5ZV
      Status: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
      Last Confirmation code: 4bfbea7f
  Standby: PID:C9500-16X,SN:FCW2233A5ZY
      Status: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
      Last Confirmation code: 9394f196
Specified license reservations:
  C9500 Network Advantage (C9500 Network Advantage):
    Description: C9500 Network Advantage
    Total reserved count: 2
    Enforcement type: NOT ENFORCED
    Term information:
      Active: PID:C9500-16X,SN:FCW2233A5ZV
        Authorization type: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
        License type: PERPETUAL
          Term Count: 1
      Standby: PID:C9500-16X,SN:FCW2233A5ZY
        Authorization type: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
        License type: PERPETUAL
          Term Count: 1
  C9500-DNA-16X-A (C9500-16X DNA Advantage):
    Description: C9500-DNA-16X-A
    Total reserved count: 2
    Enforcement type: NOT ENFORCED
    Term information:
      Active: PID:C9500-16X,SN:FCW2233A5ZV
        Authorization type: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
        License type: PERPETUAL
          Term Count: 1
      Standby: PID:C9500-16X,SN:FCW2233A5ZY
        Authorization type: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT
        License type: PERPETUAL
          Term Count: 1
Purchased Licenses:
  No Purchase Information Available
Derived Licenses:
  Entitlement Tag: regid.2017-03.com.cisco.advantagek9-Nyquist-C9500,
1.0_f1563759-2e03-4a4c-bec5-5feec525a12c
  Entitlement Tag: regid.2017-07.com.cisco.C9500-DNA-16X-A,
1.0_ef3574d1-156b-486a-864f-9f779ff3ee49

show license status (SLR)

show license status (Smart Licensing Using Policy)

The Transport: header: Type:displays that the transport type is set to off.

The Usage Reporting: header: Next report push: field displays if and when the next RUM report must be uploaded to CSSM.

Device# show license status

Smart Licensing is ENABLED
Utility:
  Status: DISABLED
License Reservation is ENABLED
Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED
Transport:
  Type: Callhome
Registration:
  Status: REGISTERED - SPECIFIC LICENSE RESERVATION
  Export-Controlled Functionality: ALLOWED
  Initial Registration: SUCCEEDED on Aug 31 11:07:39 2020 PDT
License Authorization:
  Status: AUTHORIZED - RESERVED on Aug 31 10:15:01 2020 PDT
Export Authorization Key:
  Features Authorized:
    <none>
        License type: TERM
          Start Date: 2020-MAR-17 UTC
          End Date: 2021-MAR-17 UTC
          Term Count: 1

Device# show license status

Utility:
  Status: DISABLED
License Reservation is ENABLED
Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
   Version privacy: DISABLED
Transport:
  Type: Transport Off
Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
Miscellaneous:
  Custom Id: <empty>
Usage Reporting:
  Last ACK received: <none>
  Next ACK deadline: Nov 29 10:50:05 2020 PDT
  Reporting Interval: 30
  Next ACK push check: <none>
  Next report push: Aug 31 10:52:05 2020 PDT
  Last report push: <none>
  Last report file write: <none>
Trust Code Installed: <none>

The CSSM Web UI After Migration

In CSSM, there are no changes in the Product Instances tab. The Last Contact column displays "Reserved Licenses" since there has been no usage reporting yet.

After the requisite RUM report is uploaded and acknowledged "Reserved Licenses" and license usage will only be seen in the Active PID product Instance.

Figure 8. SLR to Smart Licensing Using Policy: Active and Standby Product Instances After Migration, Before Reporting Figure 9. SLR to Smart Licensing Using Policy: Active and Standby Product Instances After Migration, After Reporting

Reporting After Migration

SLR licenses require reporting only when there is a change in licensing consumption (For example, when using an add-on license which is for specified term). The policy (show license status) indicates this, or you will receive syslog messages about this.

Since all communication to and from the product instance is disabled, to report license usage you must save RUM reports to a file and upload it to CSSM (from a workstation that has connectivity to the internet, and Cisco):

  1. Generate and save RUM reports.

    Enter the license smart save usage command in provileged EXEC mode. In the example below, all RUM reports are saved to the flash memory of the product instance, in file all_rum.txt. For syntax details see the license smart (privileged EXEC) command in the Command Reference for the corresponding release. In the example, the file is first saved to bootflash and then copied to a TFTP location:

    Device# license smart save usage all bootflash:all_rum.txt
    Device# copy bootflash:all_rum.txt tftp://10.8.0.6/all_rum.txt 
    
  2. Upload usage data to CSSM: Uploading Usage Data to CSSM and Downloading an ACK.

  3. Install the ACK on the product instance: Installing a File on the Product Instance.

Example: Evaluation or Expired to Smart Licensing Using Policy

The following is an example of a Cisco Catalyst 9500 switch with evaluation licenses (Smart Licensing) that are migrated to Smart Licensing Using Policy.

The notion of evaluation licenses does not apply to Smart Licensing Using Policy. When the software version is upgraded to one that supports Smart Licensing Using Policy, all licenses are displayed as IN USE and the Cisco default policy is applied to the product instance. Since all licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced, (enforcement type), no functionality is lost.

The table below calls out key changes or new fields to check for in the show command outputs, after upgrade to Smart Licensing Using Policy

Table 9. Evaluation or Expired to Smart Licensing Using Policy: show Commands

Before Upgrade

After Upgrade

show license summary (Smart Licensing, Evaluation Mode)

Licenses are UNREGISTERED and in EVAL MODE.

show license summary (Smart Licensing Using Policy)

All licenses are migrated and IN USE. There are no EVAL MODE licenses.

Device# show license summary

Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED
Export-Controlled Functionality: NOT ALLOWED
License Authorization: 
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 21 hours, 37 minutes, 
30 seconds
License Usage:
License Entitlement tag         Count  Status
-------------------------------------------------------------
(C9500 Network Advantage)           2 EVAL MODE
(C9500-16X DNA Advantage)           2 EVAL MODE

Device# show license summary

License Usage:
License            Entitlement tag            Count Status
--------------------------------------------------------------
network-advantage (C9500 Network Advantage)       2 IN USE
dna-advantage     (C9500-16X DNA Advantage)       2 IN USE

show license usage (Smart Licensing, Evaluation Mode)

show license usage (Smart Licensing Using Policy)

The Enforcement Type field displays NOT ENFORCED. (There are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches).

Device# show license usage

License Authorization: 
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 21 hours, 37 minutes,
 21 seconds
(C9500 Network Advantage):
Description: 
Count: 2
Version: 1.0
Status: EVAL MODE
Export status: NOT RESTRICTED
(C9500-16X DNA Advantage):
Description: 
Count: 2
Version: 1.0
Status: EVAL MODE
Export status: NOT RESTRICTED

Device# show license usage
License Authorization:
  Status: Not Applicable
network-advantage (C9500 Network Advantage):
  Description: network-advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: network-advantage
  Feature Description: network-advantage
  Enforcement type: NOT ENFORCED
  License type: Perpetual
dna-advantage (C9500-16X DNA Advantage):
  Description: C9500-16X DNA Advantage
  Count: 2
  Version: 1.0
  Status: IN USE
  Export status: NOT RESTRICTED
  Feature Name: dna-advantage
  Feature Description: C9500-16X DNA Advantage
  Enforcement type: NOT ENFORCED
  License type: Subscription

show license status (Smart Licensing, Evaluation Mode)

show license status (Smart Licensing Using Policy)

The Transport: field displays that its off.

The Policy field shows that the Cisco default policy is applied

The Trust Code Installed: field displays that a trust code is not installed.

The Usage Reporting: header: The Next report push: field provides information about when the next RUM report must be sent to CSSM.

Switch# show license status

Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: UNREGISTERED
Export-Controlled Functionality: NOT ALLOWED
License Authorization: 
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 21 hours, 37 minutes, 15 seconds
Export Authorization Key:
Features Authorized:
<none>
Miscellaneus:
Custom Id: <empty>

Switch# show license status

Utility:
  Status: DISABLED
Smart Licensing Using Policy:
  Status: ENABLED
Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED
Transport:
  Type: Transport Off
Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default) 
Miscellaneous:
  Custom Id: <empty>
Usage Reporting:
  Last ACK received: <none>
  Next ACK deadline: Jan 26 10:27:59 2021 PST
  Reporting push interval: 20  days
  Next ACK push check: <none>
  Next report push: Oct 28 10:29:59 2020 PST
  Last report push: <none>
  Last report file write: <none>
Trust Code Installed: <none>

The CSSM Web UI After Migration

No changes in the CSSM Web UI.

Reporting After Migration

Implement any one of the supported topologies, and fulfil reporting requirements. See Supported Topologies and How to Configure Smart Licensing Using Policy: Workflows by Topology. The reporting method you can use depends on the topology you implement.

Task Library for Smart Licensing Using Policy

This section is a grouping of tasks that apply to Smart Licensing Using Policy. It includes tasks performed on a product instance, on the CSLU interface, and on the CSSM Web UI.

To implement a particular topology, refer to the corresponding workflow to know the sequential order of tasks that apply. See How to Configure Smart Licensing Using Policy: Workflows by Topology

To perform any additional configuration tasks, for instance, to configure a different license, or use an add-on license, or to configure a narrower reporting interval, refer to the corresponding task here. Check the "Supported Topologies" where provided, before you proceed.

Logging into Cisco (CSLU Interface)

Depending on your needs, when working in CSLU, you can either be in connected or disconnected mode. To work in the connected mode, complete these steps to connect with Cisco.

Procedure


Step 1

From the CSLU Main screen, click Login to Cisco (located at the top right corner of the screen).

Step 2

Enter: CCO User Name and CCO Password.

Step 3

In the CSLU Preferences tab, check that the Cisco connectivity toggle displays “Cisco Is Available”.


Configuring a Smart Account and a Virtual Account (CSLU Interface)

Both the Smart Account and Virtual Account are configured through the Preferences tab. Complete the following steps to configure both Smart and Virtual Accounts for connecting to Cisco.

Procedure


Step 1

Select the Preferences Tab from the CSLU home screen.

Step 2

Perform these steps for adding both a Smart Account and Virtual Account:

  1. In the Preferences screen navigate to the Smart Account field and add the Smart Account Name.

  2. Next, navigate to the Virtual Account field and add the Virtual Account Name.

If you are connected to CSSM (In the Preferences tab, Cisco is Available), you can select from the list of available SA/VAs.

If you are not connected to CSSM (In the Preferences tab, Cisco Is Not Available), enter the SA/VAs manually.

Note 

SA/VA names are case sensitive.

Step 3

Click Save. The SA/VA accounts are saved to the system

Only one SA/VA pair can reside on CSLU at a time. You cannot add multiple accounts. To change to another SA/VA pair, repeat Steps 2a and 2b then Save. A new SA/VA account pair replaces the previous saved pair


Adding a Product-Initiated Product Instance in CSLU (CSLU Interface)

Complete these steps to add a device-created Product Instance using the Preferences tab.

Procedure


Step 1

Select the Preferences tab.

Step 2

In the Preferences screen, de-select the Validate Instance check box.

Step 3

Set the Default Connect Method to Product Instance Initiated and then click Save.


Ensuring Network Reachability for Product Instance-Initiated Communication

This task provides possible configurations that may be required to ensure network reachability for product instance-initiated communication. Steps marked as "(Required)" are required for all product instances, all other steps my be required or optional, depending the kind of product instance and network requirements. Configure the applicable commands:

Before you begin

Supported topologies: Connected to CSSM Through CSLU (product instance-initiated communication).

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface interface-type-number

Example:

Device (config)# interface gigabitethernet0/0

Enters interface configuration mode and specifies the Ethernet interface, subinterface, or VLAN to be associated with the VRF.

Step 4

vrf forwarding vrf-name

Example:

Device(config-if)# vrf forwarding Mgmt-vrf

Associates the VRF with the Layer 3 interface. This command activates multiprotocol VRF on an interface

Step 5

ip address ip-address mask

Example:

Device(config-if)# ip address 192.168.0.1 
255.255.0.0

Defines the IP address for the VRF.

Step 6

negotiation auto

Example:

Device(config-if)# negotiation auto

Enables auto-negotiation operation for the speed and duplex parameters of an interface.

Step 7

end

Example:

Device(config-if)# end

Exits the interface configuration mode and enters global configuration mode.

Step 8

ip http client source-interface interface-type-number

Example:

Device(config)# ip http client 
source-interface gigabitethernet0/0

Configures a source interface for the HTTP client.

Step 9

ip route ip-address ip-mask subnet mask

Example:

Device(config)# ip route vrf mgmt-vrf 
192.168.0.1 255.255.0.0 192.168.255.1

(Required) Configures a route and gateway on the product instance. You can configure either a static route or a dynamic route.

Step 10

{ ip| ipv6} name-server server-address 1 ...server-address 6]

Example:

Device(config)# Device(config)# ip name-server 
vrf mgmt-vrf 173.37.137.85

Configures Domain Name System (DNS) on the VRF interface.

Step 11

ip domain lookup source-interface interface-type-number

Example:

Device(config)# ip domain lookup 
source-interface gigabitethernet0/0

Configures the source interface for the DNS domain lookup.

Step 12

ip domain name domain-name

Example:

Device(config)# ip domain name example.com

Configure DNS discovery of your domain. In accompanying example, the name-server creates entry cslu-local.example.com.

Adding a CSLU-Initiated Product Instance in CSLU (CSLU Interface)

Using the CSLU interface, you can configure the connect method to be CSLU Initiated. This connect method (mode) enables CSLU to retrieve Product Instance information from the Product Instance.


Note

The default Connect Method is set in the Preferences tab.

Complete these steps to add a Product Instance from the Inventory tab

Procedure


Step 1

Go to the Inventory tab and from the Product Instances table, select Available ActionsAdd Single Product Instance.

Step 2

Enter the Host (IP Addressof the Host).

Step 3

Select the Connect Method and select an appropriate CSLU Initiated connect method.

Step 4

In the right panel, click Product Instance Login Credentials. The left panel of the screen changes to show the User Name and Password fields

If you click General, the detailed Add Product modal opens.

Step 5

Enter the Product Instance User Name and Password

Step 6

Click Save.

The information is saved to the system and the device is listed in the Product Instances with the Last Contact listed as -never-.


Collecting Usage Reports: CSLU Initiated

CSLU also allows you to manually trigger the gathering of usage reports from devices.

After configuring and selecting a Product Instance (selecting Add Single Product Instance, filling in the Host name and selecting a CSLU Initiated connect method), select Actions for Selected > Collect Usage. CSLU connects to the selected Product Instance(s)and collects the usage reports. These usage reports are stored in CSLU’s local library. These reports can then be transferred to Cisco if CSLU is connected to Cisco, or (if you are not connected to Cisco) you can manually trigger usage collection by selecting Product Instances > Download for Cisco.

If you are working in CSLU-initiated mode, complete these steps to configure CSLU to collect RUM reports from Product Instances.

Procedure


Step 1

Select the Preference tab and enter a valid Smart Account and Virtual Account, and then selectan appropriate CSLU Initiated collect method. (If there have been any changes in Preferences, make sure you click Save.)

Step 2

Open the Inventory tab and select one or more Product Instances.

Step 3

From the CSLU main screen, select Available actions > Collect Usage

RUM reports are retrieved from each selected device and stored in the CSLU local library. The Last Contacted column is updated to show the time the report was received, and the Alerts column shows the status.

If CSLU is currently logged into Cisco the reports will be automatically sent to the associated Smart Account and Virtual Account in Cisco and Cisco will send an acknowledgement to CSLU as well as to the Product Instance. The acknowledgement will be listed in the alerts column of the Product Instance table.

To manually transfer Usage Reports to Cisco, select Download for Cisco from the Product Instances Menu.

Step 4

From the Download for Cisco modal, select the local directory where the reports are to be stored. (<CSLU_WORKING_Directory>/data/default/rum/unsent)

At this point, the usage reports are saved in your local directory (library). To upload these usage reports to Cisco, follow the steps described in Uploading Usage Data to CSSM and Downloading an ACK.

Note 

The Windows operating system can change the behavior of a usage report file properties by dropping the extension when that file is renamed. The behavior change happens when you rename the downloaded file and the renamed file drops the extension. For example, the downloaded default file named UD_xxx.tar is renamed to UD_yyy. The file loses its TAR extension and cannot function. To enable the usage file to function normally, after re-naming a usage report file, you must also add the TAR extension back to the file name, for example UD_yyy.tar.


Download All For Cisco (CSLU Interface)

The Download All for Cisco menu option is a manual process used for offline purposes. Complete these steps to use the Download For Cisco menu option

Procedure


Step 1

From the CSLU Preferences Tab screen, click the Cisco Connectivity toggle switch to off.

The field switches to “Cisco Is Not Available”.

Step 2

Navigate to Product Instances > Download All For Cisco

Step 3

Select the file from the modal that opens and click Save. You now have the file saved.

Note 

At this point you have a DLC file, RUM file, or both.

Step 4

Go to a station that has connectivity to Cisco, and complete the following: Uploading Usage Data to CSSM and Downloading an ACK

Once the file is downloaded, you can transfer to CSLU.

Step 5

Click Upload From Cisco. See: Upload From Cisco (CSLU Interface).


Upload From Cisco (CSLU Interface)

Once you have received the ACK or other file (such as an authorization code) from Cisco, you are ready to Upload that file to your system. This procedure can be used for workstations that are offline. Complete these steps to select and upload files from Cisco.

Procedure


Step 1

Make sure you have downloaded the ACK file for the device. See: Download All For Cisco (CSLU Interface)

Step 2

From the CSLU main screen, select Product Instance > Upload from Cisco.

Step 3

A Cisco File Upload modal opens for you to either:

  • Drag and Drop a File that resides on your local drive, or

  • Browse for the appropriate *.xml file, select the File and click Open.

If the upload is successful, you will get message indicating that the ACK file was successfully sent to the server. If the upload is not successful, you will get an import error.

Step 4

When you have finished uploading, click the x at the top right corner of the modal to close it.


Ensuring Network Reachability for CSLU-Initiated Communication

This task provides possible configurations that may be required to ensure network reachability for CSLU-initiated communication. Steps marked as "(Required)" are required for all product instances, all other steps may be required or optional, depending the kind of product instance and network requirements. Configure the applicable commands:

Before you begin

Supported topologies: Connected to CSSM Through CSLU (CSLU-initiated communication).

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

aaa new model

Example:

Device(config)# aaa new model

(Required) Enable the authentication, authorization, and accounting (AAA) access control model.

Step 4

aaa authentication login default local

Example:

Device(config)# aaa authentication login default local

(Required) Sets AAA authentication to use the local username database for authentication.

Step 5

aaa authorization exec default local

Example:

Device(config)# aaa authorization exec default local

Sets the parameters that restrict user access to a network. The user is allowed to run an EXEC shell.

Step 6

ip routing

Example:

Device(config)# ip routing

Enables IP routing.

Step 7

{ ip| ipv6} name-server server-address 1 ...server-address 6]

Example:

Device(config)# ip name-server vrf Mgmt-vrf 
192.168.1.100 192.168.1.200 192.168.1.300

(Optional) Specifies the address of one or more name servers to use for name and address resolution.

You can specify up to six name servers. Separate each server address with a space. The first server specified is the primary server. The device sends DNS queries to the primary server first. If that query fails, the backup servers are queried.

Step 8

ip domain lookup source-interface interface-type-number

Example:

Device(config)# ip domain lookup 
source-interface gigabitethernet0/0

Enables DNS-based hostname-to-address translation on your device. This feature is enabled by default.

If your network devices require connectivity with devices in networks for which you do not control name assignment, you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS).

Step 9

ip domain name name

Example:

Device(config)# ip domain name vrf 
Mgmt-vrf cisco.com

Defines a default domain name that the software uses to complete unqualified hostnames (names without a dotted-decimal domain name).

Step 10

no username name

Example:

Device(config)# no username admin

(Required) Clears the specified username, if it exists. For name , enter the same username you will create in the next step. This ensures that a duplicate of the username you are going to create in the next step does not exist.

If you plan to use REST APIs for CSLU-initiated retrieval of RUM reports, you have to log in to CSLU. Duplicate usernames may cause the feature to work incorrectly if there are duplicate usernames in the system.

Step 11

username name privilege level password password

Example:

Device(config)# username admin privilege 15 
password 0 lab

(Required) Establishes a username-based authentication system.

The privilege keyword sets the privilege level for the user. A number between 0 and 15 that specifies the privilege level for the user.

The password allows access to the name argument. A password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command.

This enables CSLU to use the product instance native REST.

Note 

Enter this username and password in CSLU (Collecting Usage Reports: CSLU InitiatedStep 4. f. CSLU can then collect RUM reports from the product instance.

Step 12

interface interface-type-number

Example:

Device (config)# interface gigabitethernet0/0

Enters interface configuration mode and specifies the Ethernet interface, subinterface, or VLAN to be associated with the VRF.

Step 13

vrf forwarding vrf-name

Example:

Device(config-if)# vrf forwarding Mgmt-vrf

Associates the VRF with the Layer 3 interface. This command activates multiprotocol VRF on an interface

Step 14

ip address ip-address mask

Example:

Device(config-if)# ip address 192.168.0.1 255.255.0.0

Defines the IP address for the VRF.

Step 15

negotiation auto

Example:

Device(config-if)# negotiation auto

Enables auto-negotiation operation for the speed and duplex parameters of an interface.

Step 16

no shutdown

Example:

Device(config-if)# no shutdown

Restarts a disabled interface.

Step 17

end

Example:

Device(config-if)# end

Exits the interface configuration mode and enters global configuration mode.

Step 18

ip http server

Example:

Device(config)# ip http server

(Required) Enables the HTTP server on your IP or IPv6 system, including a Cisco web browser user interface. The HTTP server uses the standard port 80, by default.

Step 19

ip http authentication local

Example:

ip http authentication local
Device(config)# 

(Required) Specifies a particular authentication method for HTTP server users.

The local keyword means that the login user name, password and privilege level access combination specified in the local system configuration (by the username global configuration command) should be used for authentication and authorization.

Step 20

ip http secure-server

Example:

Device(config)# ip http server

(Required) Enables a secure HTTP (HTTPS) server. The HTTPS server uses the Secure Sockets Layer (SSL) version 3.0 protocol.

Step 21

ip http max-connections

Example:

Device(config)# ip http max-connections 16

(Required) Configures the maximum number of concurrent connections allowed for the HTTP server. Enter an integer in the range from 1 to 16. The default is 5.

Step 22

ip tftp source-interface interface-type-number

Example:

Device(config)# ip tftp source-interface 
GigabitEthernet0/0

Specifies the IP address of an interface as the source address for TFTP connections.

Step 23

ip route ip-address ip-mask subnet mask

Example:

Device(config)# ip route vrf mgmt-vrf 
192.168.0.1 255.255.0.0 192.168.255.1

Configures a route and gateway on the product instance. You can configure either a static route or a dynamic route.

Step 24

logging host

Example:

Device(config)# logging host 172.25.33.20 
vrf Mgmt-vrf

Logs system messages and debug output to a remote host.

Step 25

end

Example:

Device(config)# end

Exits the global configuration mode and enters priveleged EXEC mode.

Step 26

show ip http server session-module

Example:

Device# show ip http server session-module

(Required) Verifies HTTP connectivity. In the output, check that SL_HTTP is active. Additionally, you can also perform the following checks :

  • From device where CSLU is installed, verify that you can ping the product instance. A successful ping confirms that the product instance is reachable.

  • From a Web browser on the device where CSLU is installed verify https://<product-instance-ip>/. This ensures that the REST API from CSLU to the product instance works as expected.

Setting Up a Connection to CSSM

The following steps show how to set up a Layer 3 connection to CSSM to verify network reachability. Steps marked as "(Required)" are required for all product instances, all other steps may be required or optional, depending the kind of product instance and network requirements. Configure the applicable commands:

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

{ ip| ipv6} name-server server-address 1 ...server-address 6]

Example:

Device(config)# ip name-server 
209.165.201.1 209.165.200.225 209.165.201.14 209.165.200.230

Specifies the address of one or more name servers to use for name and address resolution.

You can specify up to six name servers. Separate each server address with a space. The first server specified is the primary server. The device sends DNS queries to the primary server first. If that query fails, the backup servers are queried.

Step 4

ip name-server vrf Mgmt-vrf server-address 1...server-address 6

Example:

Device(config)# ip name-server vrf Mgmt-vrf 
209.165.201.1 209.165.200.225 209.165.201.14 209.165.200.230

(Optional) Configures DNS on the VRF interface. You can specify up to six name servers. Separate each server address with a space.

Note 

This command is an alternative to the ip name-server command.

Step 5

ip domain lookup source-interface interface-type interface-number

Example:

Device(config)# ip domain lookup source-interface Vlan100

Configures the source interface for the DNS domain lookup.

Step 6

ip domain name domain-name

Example:

Device(config)# ip domain name example.com

Configures the domain name.

Step 7

ip host tools.cisco.com ip-address

Example:

Device(config)# ip host tools.cisco.com 209.165.201.30

Configures static hostname-to-address mappings in the DNS hostname cache if automatic DNS mapping is not available.

Step 8

interface interface-type-number

Example:

Device(config)# interface Vlan100
Device(config-if)# ip address 192.0.2.10 255.255.255.0
Device(config-if)# exit

Configures a Layer 3 interface. Enter an interface type and number or a VLAN.

Step 9

ntp server ip-address [version number] [key key-id] [prefer]

Example:

Device(config)# ntp server 198.51.100.100 version 2 prefer

(Required) Activates the NTP service (if it has not already been activated) and enables the system to synchronize the system software clock with the specified NTP server. This ensures that the device time is synchronized with CSSM.

Use the prefer keyword if you need to use this command multiple times and you want to set a preferred server. Using this keyword reduces switching between servers.

Step 10

switchport access vlan vlan_id

Example:

Device(config)# interface GigabitEthernet1/0/1
Device(config-if)# switchport access vlan 100
Device(config-if)# switchport mode access
Device(config-if)# exit
OR
Device(config)# 

Enables the VLAN for which this access port carries traffic and sets the interface as a nontrunking nontagged single-VLAN Ethernet interface.

Note 

This step is to be configured only if the switchport access mode is required. The switchport access vlan command may apply to Catalyst switching product instances, for example, and for routing product instances you may want to configure the ip address ip-address mask command instead.

Step 11

ip route ip-address ip-mask subnet mask

Example:

Device(config)# ip route 192.0.2.0 255.255.255.255 192.0.2.1

Configures a route on the device. You can configure either a static route or a dynamic route.

Step 12

ip http client source-interface interface-type-number

Example:

Device(config)# ip http client source-interface Vlan100

(Required) Configures a source interface for the HTTP client. Enter an interface type and number or a VLAN.

Step 13

exit

Example:

Device(config)# exit

Exits global configuration mode and returns to privileged EXEC mode.

Step 14

copy running-config startup-config

Example:

Device# copy running-config startup-config

Saves your entries in the configuration file.

Configuring Smart Transport Through an HTTPs Proxy

To use a proxy server to communicate with CSSM when using the Smart transport mode, complete the following steps:


Note

Authenticated HTTPs proxy configurations are not supported.


Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

license smart transport smart

Example:

Device(config)# license smart transport smart

Enables Smart transport mode.

Step 4

license smart url default

Example:

Device(config)# license smart transport default

Automatically configures the Smart URL (https://smartreceiver.cisco.com/licservice/license). For this option to work as expected, the transport mode in the previous step must be configured as smart.

Step 5

license smart proxy { address address_hostname| port port_num}

Example:

Device(config)# license smart proxy 198.51.100.10 port 3128

Configures a proxy for the Smart transport mode. When a proxy is configured, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message on to CSSM. Provide the address and port information:

  • address address_hostname : Specifies the proxy address. Enter the IP address or hostname of the proxy server.

  • port port_num : Specifies the proxy port. Enter the proxy port number.

Step 6

exit

Example:

Device(config)# exit

Exits global configuration mode and returns to privileged EXEC mode.

Step 7

copy running-config startup-config

Example:

Device# copy running-config startup-config

Saves your entries in the configuration file.

Configuring the Call Home Service for Direct Cloud Access

The Call Home service provides email-based and web-based notification of critical system events to CSSM. To configure the transport mode, enable the Call Home service, and configure a destination profile (A destination profile contains the required delivery information for an alert notification. At least one destination profile is required.), complete the following steps:


Note

All steps are required unless specifically called-out as “(Optional)”.


Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

license smart transport callhome

Example:

Device(config)# license smart transport callhome

Enables Call Home as the transport mode.

Step 4

license smart url url

Example:

Device(config)# license smart url 
https://tools.cisco.com/its/service/oddce/services/DDCEService

For the callhome transport mode, configure the CSSM URL exactly as shown in the example.

Step 5

service call-home

Example:

Device(config)# service call-home

Enables the Call Home feature.

Step 6

call-home

Example:

Device(config)# call-home

Enters Call Home configuration mode.

Step 7

contact-email-address email-address

Example:

Device(config-call-home)# contact-email-addr
username@example.com

Assigns customer's email address and enables Smart Call Home service full reporting capability and sends a full inventory message from Call-Home TAC profile to Smart Call Home server to start full registration process. You can enter up to 200 characters in email address format with no spaces.

Step 8

profile name

Example:

Device(config-call-home)# profile CiscoTAC-1
Device(config-call-home-profile)#

Enters the Call Home destination profile configuration submode for the specified destination profile.

By default:

  • The CiscoTAC-1 profile is inactive. To use this profile with the Call Home service, you must enable the profile.

  • The CiscoTAC-1 profile sends a full report of all types of events subscribed in the profile. The alternative is to additionally configure Device(cfg-call-home-profile)# anonymous-reporting-only anonymous-reporting-only. When this is set, only crash, inventory, and test messages will be sent.

Use the show call-home profile all command to check the profile status.

Step 9

active

Example:

Device(config-call-home-profile)# active

Enables the destination profile.

Step 10

destination transport-method http{email |http}

Example:

Device(config-call-home-profile)# destination transport-method 
http
AND
Device(config-call-home-profile)# no destination transport-method
 email

Enables the message transport method. In the example, Call Home service is enabled via HTTP and transport via email is disabled.

The no form of the command disables the method.

Step 11

destination address { email email_address |http url}

Example:

Device(config-call-home-profile)# destination address http 
https://tools.cisco.com/its/service/oddce/services/DDCEService
AND
Device(config-call-home-profile)# no destination address http 
https://tools.cisco.com/its/service/oddce/services/DDCEService

Configures the destination e-mail address or URL to which Call Home messages are sent. When entering a destination URL, include either http:// (default) or https://, depending on whether the server is a secure server.

In the example provided here, a http:// destination URL is configured; and the no form of the command is configured for https://.

Step 12

exit

Example:

Device(config-call-home-profile)# exit

Exits Call Home destination profile configuration mode and returns to Call Home configuration mode.

Step 13

exit

Example:

Device(config-call-home)# end

Exits Call Home configuration mode and returns to privileged EXEC mode.

Step 14

copy running-config startup-config

Example:

Device# copy running-config startup-config

Saves your entries in the configuration file.

Step 15

show call-home profile {name |all}

Displays the destination profile configuration for the specified profile or all configured profiles.

Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server

The Call Home service can be configured through an HTTPs proxy server. This configuration requires no user authentication to connect to CSSM.


Note

Authenticated HTTPs proxy configurations are not supported.


To configure and enable the Call Home service through an HTTPs proxy, complete the following steps:


Note

All steps are required unless specifically called-out as “(Optional)”.


Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

license smart transport callhome

Example:

Device(config)# license smart transport callhome

Enables Call Home as the transport mode.

Step 4

service call-home

Example:

Device(config)# service call-home

Enables the Call Home feature.

Step 5

call-home

Example:

Device(config)# call-home

Enters Call Home configuration mode.

Step 6

http-proxy proxy-address proxy-port port-number

Example:

Device(config-call-home)# http-proxy 198.51.100.10 port 5000

Configures the proxy server information to the Call Home service.

Step 7

exit

Example:

Device(config-call-home)# exit

Exits Call Home configuration mode and enters global configuration mode.

Step 8

exit

Example:

Device(config)# exit

Exits global configuration mode and enters privileged EXEC mode.

Step 9

copy running-config startup-config

Example:

Device# copy running-config startup-config

Saves your entries in the configuration file.

Removing and Returning an Authorization Code

To remove and return an SLR authorization code, complete the following steps.

Before you begin

Supported topologies: all

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

show license summary

Example:

Device# show license summary

Ensure that the license that you want to remove and return is not in-use. If it is in-use, you must first disable the feature.

Step 3

license smart authorization return{ all| local} { offline[ path] | online}

Example:

Device# license smart authorization return local online
OR
Device# license smart authorization return local offline
Enter this return code in Cisco Smart Software Manager portal: 
UDI: PID:C9500-16X,SN:FCW2233A5ZV 
Return code: Cr9JHx-L1x5Rj-ftwzg1-h9QZAU-LE5DT1-babWeL-FABPt9-Wr1Dn7-Rp7

Returns an authorization code back to the license pool in CSSM. A return code is displayed after you enter this command.

Specify the product instance:

  • all: Performs the action for all connected product instances in a High Availability set-up.

  • local: Performs the action for the active product instance. This is the default option.

Specify if you are connected to CSSM or not:

  • If connected to CSSM, enter online . The code is automatically returned to CSSM and a confirmation is returned and installed on the product instance. If you choose this option, the return code is automatically submitted to CSSM.

  • If not connected to CSSM, enter offline [ filepath_filename] .

    If you do not specify a filename and path, the return code is displayed on the CLI. If you specify a file name and path, the return code is saved in the specified location. The file format can be any readable format. For example: Device# license smart authorization return local offline bootflash:return-code.txt

    If you choose the offline option, you must complete the additional step of copying the return code from the CLI or the saved file and entering it in CSSM. See: Removing the Product Instance from CSSM. Proceed with the next step only after you complete this step.

Step 4

configure terminal

Example:

Device# configure terminal

Enters the global configuration mode.

Step 5

no license smart reservation

Example:

Device(config)# no license smart reservation

Disables SLR configuration on the product instance.

Note 
You must complete the authorization code return process in Step 3 above - whether online or offline, before you enter the no license smart reservation command in this step. Otherwise, the return may not be reflected in CSSM or in the show command, and you will have to contact your Cisco technical support representative to rectify the problem.
Step 6

exit

Example:

Device(config)# exit

Returns to privileged EXEC mode.

Step 7

show license all

Example:

Device# show license all
<output truncated>
License Authorizations
======================
Overall status:
  Active: PID:C9500-16X,SN:FCW2233A5ZV
      Status: NOT INSTALLED
      Last return code: CcjLk8-2SBwKP-cL5Bir-AFJEGP-89GpiJ-KCUnbi-ZFp2ij-txSCuD-8Ci
<output truncated>

Displays licensing information. Check the License Authorizations header in the output. If the return process is completed correctly, the Last return code: field displays the return code.

Removing the Product Instance from CSSM

To remove a product instance and return all licenses to the license pool, complete the following task:

Before you begin

Supported topologies: all

If you are removing a product instance that is using reserved licenses (SLR) ensure that you have generated a return code as shown in Removing and Returning an Authorization Code. (Enter it in Step 7 in this task).

Procedure


Step 1

Log in to the CSSM Web UI at https://software.cisco.com and click Smart Software Licensing.

Log in using the username and password provided by Cisco.

Step 2

Click the Inventory tab.

Step 3

From the Virtual Account drop-down list, choose your Virtual Account.

Step 4

Click the Product Instances tab.

The list of product instances that are available is displayed.

Step 5

Locate the required product instance from the product instances list. Optionally, you can enter a name or product type string in the search tab to locate the product instance.

Step 6

In the Actions column of the product instance you want to remove, click the Remove link.

  • If the product instance is not using a license with an SLR authorization code then the Confirm Remove Product Instance window is displayed.

  • If the product instance is using a license with an SLR authorization code, then the Remove Product Instance window, with a field for return code entry is displayed.

Step 7

In the Reservation Return Code field, enter the return code you generated.

Note 
This step applies only if the product instance is using a license with an SLR authorization code.
Step 8

Click Remove Product Instance.

The license is returned to the license pool and the product instance is removed.


Generating a New Token for a Trust Code from CSSM

To generate a token to request a trust code, complete the following steps.

Generate one token for each Virtual Account you have. You can use same token for all the product instances that are part of one Virtual Account.

Before you begin

Supported topologies: Connected Directly to CSSM

Procedure


Step 1

Log in to the CSSM Web UI at https://software.cisco.com and click Smart Software Licensing.

Log in using the username and password provided by Cisco.

Step 2

Click the Inventory tab.

Step 3

From the Virtual Account drop-down list, choose the required virtual account

Step 4

Click the General tab.

Step 5

Click New Token. The Create Registration Token window is displayed.

Step 6

In the Description field, enter the token description

Step 7

In the Expire After field, enter the number of days the token must be active.

Step 8

(Optional) In the Max. Number of Uses field, enter the maximum number of uses allowed after which the token expires.

Step 9

Click Create Token.

Step 10

You will see your new token in the list. Click Actions and download the token as a .txt file.


Installing a Trust Code

To manually install a trust code, complete the following steps

Before you begin

Supported topologies:

  • Connected Directly to CSSM

Procedure

  Command or Action Purpose
Step 1

Generating a New Token for a Trust Code from CSSM

In case you have not completed this already, generate and download a trust code file from CSSM.

Step 2

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted

Step 3

license smart trust idtoken id_token_value{ local| all} [ force]

Example:

Device# license smart trust idtoken 
NGMwMjk5mYtNZaxMS00NzMZmtgWm all force

Enables you to establish a trusted connection with CSSM. For id_token_value, enter the token you generated in CSSM.

Enter one of following options:

  • local: Submits the trust request only for the active device in a High Availability set-up. This is the default option.

  • all: Submits the trust request for all devices in a High Availability set-up.

Enter the force keyword to submit the trust code request in spite of an existing trust code on the product instance.

Trust codes are node-locked to the UDI of the product instance. If a UDI is already registered, CSSM does not allow a new registration for the same UDI. Entering the force keyword sets a force flag in the message sent to CSSM to create a new trust code even if one already exists.

Step 4

show license status

Example:

<output truncated>
Trust Code Installed:
  Active: PID:C9500-24Y4C,SN:CAT2344L4GH
    INSTALLED on Sep 04 01:01:46 2020 EDT
  Standby: PID:C9500-24Y4C,SN:CAT2344L4GJ
    INSTALLED on Sep 04 01:01:46 2020 EDT

Displays date and time if trust code is installed. Date and time are in the local time zone. See field Trust Code Installed:.

Downloading a Policy File from CSSM

If you have requested a custom policy or if you want to apply a policy that is different from the default that is applied to the product instance, complete the following task:

Before you begin

Supported topologies:

  • No Connectivity to CSSM and No CSLU

  • CSLU Disconnected from CSSM

Procedure


Step 1

Log in to the CSSM Web UI at https://software.cisco.com and click Smart Software Licensing.

Log in using the username and password provided by Cisco.

Step 2

Follow this directory path: Reports > Reporting Policy.

Step 3

Click Download, to save the .xml policy file.

You can now install the file on the product instance. See Installing a File on the Product Instance.


Uploading Usage Data to CSSM and Downloading an ACK

To upload a RUM report to CSSM and download an ACK when the product instance is not connected to CSSM or CSLU, complete the following task:

Before you begin

Supported topologies: No Connectivity to CSSM and No CSLU

Procedure


Step 1

Log in to the CSSM Web UI at https://software.cisco.com.

Log in using the username and password provided by Cisco.

Step 2

Select the Smart Account (upper left-hand corner of the screen) that will receive the report.

Step 3

Select Smart Software LicensingReportsUsage Data Files.

Step 4

Click Upload Usage Data. Browse to the file location (RUM report in tar format), select, and click Upload Data.

You cannot delete a usage report in CSSM, after it has been uploaded.

Step 5

From the Select Virtual Accounts pop-up, select the Virtual Account that will receive the uploaded file. The file is uploaded to Cisco and is listed in the Usage Data Files table in the Reports screen showing the File Name, time is was Reported, which Virtual Account it was uploaded to, the Reporting Status, Number of Product Instances reported, and the Acknowledgement status.

Step 6

In the Acknowledgement column, click Download to save the .txt ACK file for the report you uploaded.

Wait for the ACK to appear in the Acknowledgement column. If there many RUM reports to process, CSSM may take a few minutes.

You can now install the file on the product instance or you can transfer it to CSLU.


Installing a File on the Product Instance

To install a SLAC, or policy, or ACK, or token on the product instance when the product instance is not connected to CSSM or CSLU, complete the following task:

Before you begin

Supported topologies: No Connectivity to CSSM and No CSLU

You must have the corresponding file saved in a location that is accessible to the product instance.

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted

Step 2

copy source bootflash:file-name

Example:

Device# copy tftp://10.8.0.6/example.txt bootflash: 

Copies the file from its source location or directory to the flash memory of the product instance.

  • source : This is the location of the source file or directory to be copied. The source can be either local or remote

  • bootflash: : This is the destination for boot flash memory.

Step 3

license smart import bootflash: file-name

Example:

Device# license smart import bootflash:example.txt 

Imports and installs the file on the product instance. After installation, a system message displays the type of file you just installed.

Step 4

show license all

Example:

Device# show license all

Displays license authorization, policy and reporting information for the product instance.

Setting the Transport Type, URL, and Reporting Interval

To configure the mode of transport for a product instance, complete the following task:

Before you begin

Supported topologies: all

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal
Step 3

license smart transport{ automatic| callhome| cslu| off| smart}

Example:

Device(config)# license smart transport cslu

Selects the type of message transport the product instance will use. Choose from the following options:

  • automatic : Sets the transport mode cslu .

  • callhome : Enables Call Home as the transport mode.

  • cslu : Enables CSLU as the transport mode. This is the default transport mode.

  • off : Disables all communication from the product instance.

  • smart : Enables Smart transport.

Step 4

license smart url{ url | cslu cslu_url| default| smart smart_url| utility smart_url}

Example:

Device(config)# license smart url cslu 
http://192.168.0.1:8182/cslu/v1/pi

Sets a URL for the configured transport mode. Depending on the transort mode you have chosen to configure in the previous step, configure the corresponding URL here:

  • url : If you have configured the transport mode as callhome, configure this option. Enter the CSSM URL exactly as follows:

    https://tools.cisco.com/its/service/oddce/services/DDCEService

    The no license smart url url command reverts to the default URL.

  • cslu cslu_url : If you have configured the transport mode as cslu, configure this option. Enter the CSLU URL as follows:

    http://<cslu_ip_or_host>:8182/cslu/v1/pi

    For <cslu_ip_or_host>, enter the hostname or the IP address of the windows host where you have installed CSLU. 8182 is the port number and it is the only port number that CSLU uses.

    The no license smart url cslu cslu_url command reverts to http://cslu-local:8182/cslu/v1/pi

  • default : Depends on the configured transport mode. Only the smart and cslu transport modes are supported with this option.

    If the transport mode is set to cslu, and you configure license smart url default , the CSLU URL is configured automatically (https://cslu-local:8182/cslu/v1/pi).

    If the transport mode is set to smart, and you configure license smart url default , the Smart URL is configured automatically (https://smartreceiver.cisco.com/licservice/license).

  • smart smart_url : If you have configured the transport type as smart, configure this option. Enter the URL exactly as follows:

    https://smartreceiver.cisco.com/licservice/license

    When you configure this option, the system automatically creates a duplicate of the URL in license smart url url . You can ignore the duplicate entry, no further action is required.

    The no license smart url smartsmart_url command reverts to the default URL.

  • utility smart_url : Although available on the CLI, this option is not supported.

Step 5

license smart usage interval interval_in_days

Example:

Device(config)# license smart usage interval 40

(Optional) Sets the reporting interval in days. By default the RUM report is sent every 30 days. The valid value range is 1 to 3650.

If you set the value to zero, RUM reports are not sent, regardless of what the applied policy specifies - this applies to topologies where CSLU or CSSM may be on the receiving end.

If you set a value that is greater than zero and the transport type is set to off, then, between the interval_in_days and the policy value for Ongoing reporting frequency(days):, the lower of the two values is applied. For example, if interval_in_days is set to 100, and the value in the in the policy says Ongoing reporting frequency (days):90, RUM reports are sent every 90 days.

If you do not set an interval, and the default is effective, the reporting interval is determined entirely by the policy value. For example, if the default value is effective and only unenforced licenses are in use, if the policy states that reporting is not required, then RUM reports are not sent.

Step 6

exit

Example:

Device(config)# exit

Exits global configuration mode and returns to privileged EXEC mode.

Step 7

copy running-config startup-config

Example:

Device# copy running-config startup-config

Saves your entries in the configuration file.

Configuring a License

In the Smart Licensing Using Policy environment, you can use this task to change the license level being used on the product instance, or to additionally configure an add-on license on the product instance. For example, if you are currently using Network Advantage and you also want to use features available with a corresponding Digital Networking Architecture (DNA) Advantage license, you can configure the same using this task. Or for example, if you do not want to use an add-on license any more, configure the no form of the command in this task.

Information about available licenses can be found Smart Account or Virtual Account. The available licenses may be one of the following:

Base licenses

  • Network Essentials

  • Network Advantage (includes Network Essentials)

Add-on licenses—These can be subscribed for a fixed term of three, five, or seven years.

  • DNA Essentials

  • DNA Advantage (includes DNA Essentials)

To configure or change the license in-use, complete the following steps:

Before you begin

Supported topologies: all

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

license boot level license_level

Example:

Device(config)# license boot level network-advantage 
add-on dna-advantage

Activates the configured license on the product instance. In the accompanying example, the DNA Advantage license will be activated on the product instance after reload.

Step 4

exit

Example:

Device(config)# exit

Returns to the privileged EXEC mode.

Step 5

copy running-config startup-config

Example:

Device# copy running-config startup-config

Saves changes in the configuration file.

Step 6

show version

Example:

Device# show version

<output truncated>
Technology Package License Information:

------------------------------------------------------------------------------
Technology-package                              Technology-package
Current              Type                       Next reboot
------------------------------------------------------------------------------
network-advantage    Smart License              network-advantage
                     Subscription Smart License dna-advantage

<output truncated>

Shows currently configured license information and the licence that is applicable after reload.

Step 7

reload

Example:

Device# reload

Reloads the device.

What to do next

After you configure a license level, the change is effective after a reload. To know if reporting is required, refer to the output of the show license status privileged EXEC command and check the Next ACK deadline: and Next report push: fields.


Note

The change in license usage is recorded on the product instance. The next steps relating to reporting - if required - depend on your current topology.


Sample Resource Utilization Measurement Report

The following is a sample Resource Utilization Measurement (RUM) report, in XML format (See RUM Report and Report Acknowledgement). Several such reports may be concatenated to form one report.
<?xml version="1.0" encoding="UTF-8"?>
  <smartLicense>
      <RUMReport><![CDATA[{"payload":"{\"asset_identification\":{\"asset\":{\"name\":\"regid.2020-05.com.cisco.C8300BE,1.0_5b66594f-27ab-4615-9d15-4aad4969497f\"},\"instance\":{\"sudi\":{\"udi_pid\":\"C8300-2N2S-6T\",\"udi_serial_number\":\"FDO2303A20U\"}},\"signature\":{\"signing_type\":\"SHA256\",\"key\":\"9020805\",\"value\":\"iyqSaQdpqCQeamv21lgQP9e+lqYZFLoollEwmunSoBLz7DXi3Q7ScyZ5k1u8RHN+UMZU5sgzjX2rY926Gp/RKozHK7BG0o2XvTCfSKXcjdNVZgdd/P/dwhULZYDKkYCd4xGog9XeOTsvMNCCEi8CvtwFY6/IIiCA5MfcXXFf6QFJCTWt2c5+VxcYtKUsaCUEQreykdX8SIhPzsA7xIzKlCHHmHzBwcbBEIvhuVNyj+rEOl2z6vv05QpQOs76bNB8MvxtdOTIMomzAq23yzbeY780qNyjD/Wxm712Y+gW+/uk1xQkd0SoSRmuFN8l5Icv3wP4RSCLHicTYJwBkKKhoA==\"}},\"meta\":{\"entitlement_tag\":\"regid.2018-12.com.cisco.ESR_P_10M_E,1.0_328a8b3c-4a0e-49d3-82a0-acb83c7b83a3\",\"report_id\":1599040611,\"ha_udi\":[{\"role\":\"Active\",\"sudi\":{\"udi_pid\":\"C8300-2N2S-6T\",\"udi_serial_number\":\"FDO2303A20U\"}}]},\"measurements\":[{\"log_time\":1600795743,\"metric_name\":\"ENTITLEMENT\",\"start_time\":1600794833,\"end_time\":1600874943,\"sample_interval\":80110,\"num_samples\":89,\"meta\":{\"termination_reason\":\"CurrentUsageRequested\"},\"value\":{\"type\":\"COUNT\",\"value\":\"1\"}}]}","header":{"type":"rum"},"signature":{"sudi":{"udi_pid":"C8300-2N2S-6T","udi_serial_number":"FDO2303A20U"},"signing_type":"SHA256","key":"9020805","value":"jjOna5L3Vb9iXidDNckxWQqbJyfrnXdro0BsNTvWXRIH4HF9RnY1KwjarsxcpMgJ+BVUwdlqU9bGccv16c3lK8UUOP8PrMB1K0Ppcjx/go7gXlinzq70BRBqFLfD/8w7+PtUUkcv4hWlsuPIDBS3GIp4ZjF1rVIyuniaq1trGm3tQvpvkPPUp9APAJQRzIjTQ95T+boJmbMssJqy0FJQEeqZG59qo/DfHHtVCLlxvmssdL9F7ILjb7raPOLFkrt/RDABQ2JEWyBDz88/TPOQpOlxL5o7SqfjpADmo/q0xamSMw=="}}]]></RUMReport>
  </smartLicense>

Troubleshooting Smart Licensing Using Policy

This section provides the list of Smart Licensing Using Policy-related system messages you may encounter, possible reasons for failure, and recommended action.

System Message Overview

The system software sends system messages to the console (and, optionally, to a logging server on another system). Not all system messages mean problems with your system. Some messages are informational, and others can help diagnose problems with communications lines, internal hardware, or the system software.

How to Read System Messages

System log messages can contain up to 80 characters. Each system message begins with a percent sign (%) and is structured as follows:

%FACILITY

Two or more uppercase letters that show the facility to which the message refers. A facility can be a hardware device, a protocol, or a module of the system software

SEVERITY

A single-digit code from 0 to 7 that reflects the severity of the condition. The lower the number, the more serious the situation.

Table 10. Message Severity Levels

Severity Level

Description

0 - emergency

System is unusable.

1 - alert

Immediate action required.

2 - critical

Critical condition.

3 - error

Error condition.

4 - warning

Warning condition.

5 - notification

Normal but significant condition.

6 - informational

Informational message only.

7 - debugging

Message that appears during debugging only.

MNEMONIC

A code that uniquely identifies the message.

Message-text

Message-text is a text string describing the condition. This portion of the message sometimes contains detailed information about the event, including terminal port numbers, network addresses, or addresses that correspond to locations in the system memory address space. Because the information in these variable fields changes from message to message, it is represented here by short strings enclosed in square brackets ([ ]). A decimal number, for example, is represented as [dec].

Table 11. Variable Fields in Messages

Severity Level

Description

[char]

Single character

[chars]

Character string

[dec]

Decimal number

[enet]

Ethernet address (for example, 0000.FEED.00C0)

[hex]

Hexadecimal number

[inet]

Internet address (for example, 10.0.2.16)

[int]

Integer

[node]

Address or node name

[t-line]

Terminal line number in octal (or in decimal if the decimal-TTY service is enabled)

[clock]

Clock (for example, 01:20:08 UTC Tue Mar 2 1993

System Messages

This section provides the list of Smart Licensing Using Policy-related system messages you may encounter, possible reasons for failure (incase it is a failure message), and recommended action (if action is required).

For all error messages, if you are not able to solve the problem, contact your Cisco technical support representative with the following information:

The message, exactly as it appears on the console or in the system log.

The output from the show license tech support , show license history message , and the show platform software sl-infra privileged EXEC commands.

Smart Licensing Using Policy-related system messages:

Error Message %SMART_LIC-3-POLICY_INSTALL_FAILED: The installation of a new 
licensing policy has failed: [chars].

Explanation: A policy was installed, but an error was detected while parsing the policy code, and installation failed. [chars] is the error string with details of the failure.

Possible reasons for failure include:

  • A signature mismatch: This means that the system clock is not accurate.

  • A timestamp mismatch: This means the system clock on the product instance is not synchronized with CSSM.

Recommended Action:

For both possible failure reasons, ensure that the system clock is accurate and synchronized with CSSM. Configure the ntp server command in global configuration mode. For example:
Device(config)# ntp server 198.51.100.100 version 2 prefer

If the above does not work and policy installation still fails, contact your Cisco technical support representative.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-3-AUTHORIZATION_INSTALL_FAILED: The install of a new 
licensing authorization code has failed on [chars]: [chars].

This message is not applicable to Cisco Catalyst Access, Core, and Aggregation Switches, because there are no enforced or export-controlled licenses on these product instances.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-3-COMM_FAILED: Communications failure with the [chars] :
[chars]

Explanation: Smart Licensing communication either with CSSM or with CSLU failed. The first [chars] is the currently configured transport type, and the second [chars] is the error string with details of the failure. This message appears for every communication attempt that fails.

Possible reasons for failure include:

  • CSSM or CSLU is not reachable: This means that there is a network reachability problem.

  • 404 host not found: This means the CSSM server is down.

For topologies where the product instance initiates the sending of RUM reports (Connected to CSSM Through CSLU: Product Instance-Initiated Communication, Connected Directly to CSSM, and CSLU Disconnected from CSSM: Product Instance-Initiated Communication) if this communication failure message coincides with scheduled reporting (license smart usage interval interval_in_days global configuration command), the product instance attempts to send out the RUM report for up to four hours after the scheduled time has expired. If it is still unable to send out the report (because the communication failure persists), the system resets the interval to 15 minutes. Once the communication failure is resolved, the system reverts the reporting interval to the value that you last configured.

Recommended Action:

Troubleshooting steps are provided for when CSSM is not reachable and when CSLU is not reachable.

If CSSM is not reachable and the configured transport type is smart:

  1. Check if the smart URL is configured correctly. Use the show license status command in privileged EXEC mode, to check if the URL is exactly as follows: https://smartreceiver.cisco.com/licservice/license. If it is not, reconfigure the license smart url smart smar_URL command in global configuration mode.

  2. Check DNS resolution. Verify that the product instance can ping smartreceiver.cisco.com or the nslookup translated IP. The following example shows how to ping the translated IP
    Device# ping 171.70.168.183
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 171.70.168.183, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
    

If CSSM is not reachable and the configured transport type is callhome:

  1. Check if the URL is entered correctly. Use the show license status command in privileged EXEC mode, to check if the URL is exactly as follows: https://tools.cisco.com/its/service/oddce/services/DDCEService.

  2. Check if Call Home profile CiscoTAC-1 is active and destination URL is correct. Use the show call-home profile all command in privileged EXEC mode:
    Current smart-licensing transport settings:
     Smart-license messages: enabled
     Profile: CiscoTAC-1 (status: ACTIVE)
     Destination  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService
    
    
  3. Check DNS Resolution. Verify that the product instance can ping tools.cisco.com, or the nslookup translated IP.
    Device# ping tools.cisco.com
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 173.37.145.8, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 41/41/42 ms
    
    

    If the above does not work check the following: if the product instance is set, if the product instance IP network is up. To ensure that the network is up, configure the no shutdown command in interface configuration mode.

    Check if the device is subnet masked with a subnet IP, and if the DNS IP is confgured.

  4. Verify that the HTTPs client source interface is correct.

    Use the show ip http client command in privileged EXEC mode to display current configuration. Use ip http client source-interface command in global configuration mode to reconfigure it.

    In case the above does not work, double-check your routing rules, and firewall settings.

If CSLU is not reachable:

  1. Check if CSLU discovery works.

    • Zero-touch DNS discovery of cslu-local or DNS discovery of your domain..

      In the show license all command output, check if the Last ACK received: field. If this has a recent timestamp it means that the product instance has connectivity with CSLU. If it is not, proceed with the following checks:

      Check if the product instance is able to ping cslu-local. A successful ping confirms that the product instance is reachable.

      If the above does not work, configure the name server with an entry where hostname cslu-local is mapped to the CSLU IP address (the windows host where you installed CSLU). Configure the ip domain name domain-name and ip name-server server-address commands in global configuration mode. Here the CSLU IP is 192.168.0.1 and name-server creates entry cslu-local.example.com:
      Device(config)# ip domain name example.com
      Device(config)# ip name-server 192.168.0.1
      
    • CSLU URL is configured.

      In the show license all command output, under the Transport: header check the following: The Type: must be csluand Cslu address: must have the hostname or the IP address of the windows host where you have installed CSLU. Check if the rest of the address is configured as shown below and check if the port number is 8182.
      Transport:
        Type: cslu
        Cslu address: http://192.168.0.1:8182/cslu/v1/pi
      
      If it is not, configure the license smart transport cslu and license smart url cslu http://<cslu_ip_or_host>:8182/cslu/v1/pi commands in global configuration mode
  2. For CSLU-initiated communication, in addition to the CSLU discovery checks listed above, check the following:

    Verify HTTP connectivity. Use the show ip http server session-module command in privileged EXEC mode. In the output, under header HTTP server current connections:, check that SL_HTTP is active. If it is not re-configure the ip http commands as mentioned in Ensuring Network Reachability for CSLU-Initiated Communication

    From a Web browser on the device where CSLU is installed, verify https://<product-instance-ip>/. This ensures that the REST API from CSLU to the product instance works as expected.

If the above does not work and policy installation still fails, contact your Cisco technical support representative.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message  %SMART_LIC-3-COMM_RESTORED: Communications with the [chars] restored.
[chars] - depends on the transport type
        - Cisco Smart Software Manager (CSSM)
        - Cisco Smart License utility (CSLU)
Smart Agent communication with either the Cisco Smart Software Manager (CSSM) or the Cisco Smart License 
utility (CSLU) has been restored. No action required.
 

Explanation: Product instance communication with either the CSSM or CSLU is restored.

Recommended Action: No action required.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-3-POLICY_REMOVED: The licensing policy has been removed.

Explanation: A previously installed licensing policy has been removed. The Cisco default policy is then automatically effective. This may cause a change in the behavior of smart licensing.

Possible reasons for failure include:

If you have entered the license smart factory reset command in privileged EXEC mode all licensing information including the policy is removed.

Recommended Action:

If the policy was removed intentionally, then no further action is required.

If the policy was removed inadvertantly, you can reapply the policy. Depending on the topology you have implemented, follow the corresponding method to retrieve the policy:


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-3-TRUST_CODE_INSTALL_FAILED: The install of a new licensing 
trust code has failed on [chars]: [chars].

Explanation: Trust code installation has failed. The first [chars] is the UDI where trust code installation was attempted. The second [chars] is the error string with details of the failure.

Possible reasons for failure include:

  • A trust code is already installed: Trust codes are node-locked to the UDI of the product instance. If the UDI is already registered, and you try to install another one, installation fails.

  • Smart Account-Virtual Account mismatch: This means the Smart Account or Virtual Account (for which the token ID was generated) does not include the product instance on which you installed the trust code. The token generated in CSSM, applies at the Smart Account or Virtual Account level and applies only to all product instances in that account.

  • A signature mismatch: This means that the system clock is not accurate.

  • Timestamp mismatch: This means the product instance time is not synchronized with CSSM, and can cause installation to fail.

Recommended Action:

  • A trust code is already installed: If you want to install a trust code inspite of an existing trust code on the product instance, re-configure the license smart trust idtoken id_token_value{ local| all} [ force] command in privileged EXEC mode, and be sure to include the force keyword this time. Entering the force keyword sets a force flag in the message sent to CSSM to create a new trust code even if one already exists.

  • Smart Account-Virtual Account mismatch:

    Log in to the CSSM Web UI at https://software.cisco.com and click Smart Software Licensing>Inventory > Product Instances.

    Check if the product instance on which you want to generate the token is listed in the selected Virtual Account. If it is, proceed to the next step. If not, check and select the correct Smart Account and Virtual Account. Then complete these tasks again: Generating a New Token for a Trust Code from CSSM and Installing a Trust Code.

  • Timestamp mismatch and signature mismatch: Configure the ntp server command in global configuration mode. For example:
    Device(config)# ntp server 198.51.100.100 version 2 prefer
    

----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message    %SMART_LIC-4-REPORTING_NOT_SUPPORTED: The CSSM OnPrem that this 
product instance is connected to is down rev and does not support the enhanced policy and usage 
reporting mode.
 

Explanation: Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite) is supported in the Smart Licensing Using Policy environment starting with Cisco IOS XE Amsterdam 17.3.3 only (See SSM On-Prem). In unsupported releases, the product instance will behave as follows:

  • Stop sending registration renewals and authorization renewals.

  • Start recording usage and saving RUM reports locally.

Recommended Action: Refer to and implement one of the supported topologies instead (See: Supported Topologies), or upgrade to a release where SSM On-Prem is supported with Smart Licensing Using Policy.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-6-POLICY_INSTALL_SUCCESS: A new licensing policy 
was successfully installed.

Explanation: A policy was installed in one of the following ways:

  • Using Cisco IOS commands.

  • CSLU-initiated communication.

  • As part of an ACK response.

Recommended Action: No action is required. If you want to know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command in privileged EXEC mode.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-6-AUTHORIZATION_INSTALL_SUCCESS: A new licensing 
authorization code was successfully installed on: [chars].

This message is not applicable to Cisco Catalyst Access, Core, and Aggregation Switches, because there are no enforced or export-controlled licenses on these product instances.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-6-AUTHORIZATION_REMOVED: A licensing authorization code has
 been removed from [chars]

Explanation: [chars] is the UDI where the authorization code was installed. The authorization code has been removed. This removes the licenses from the product instance and may cause a change in the behavior of smart licensing and the features using licenses.

Recommended Action: No action is required. If you want to see the current state of the license, enter the show license all command in privileged EXEC mode.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-6-REPORTING_REQUIRED: A Usage report acknowledgement 
will be required in [dec] days.

Explanation: This is an alert which means that RUM reporting to Cisco is required. [dec] is the amount of time (in days) left to meet this reporting requirements.

Recommended Action: Ensure that RUM reports are sent within the requested time.

  • If the product instance is directly connected to CSSM, or to CSLU and the product instance is configured to initiate communication complete this step on the product instance, the product instance will automatically send usage information at the scheduled time.

    If it is not sent at the scheduled time, because of technical difficulties, you can license smart sync command in privileged EXEC mode. For syntax details, see the license smart (privileged EXEC) in the Command Reference.

  • If the product instance is connected to CSLU and CSLU is configured to initiate communication, complete: Collecting Usage Reports: CSLU Initiated.

  • If the product instance is connected to CSLU, but CSLU is disconnected from CSSM, complete these tasks: Download All For Cisco (CSLU Interface), Uploading Usage Data to CSSM and Downloading an ACK, and Upload From Cisco (CSLU Interface).

  • If the product instance is disconnected from CSSM and you are not using CSLU either, enter the license smart save usage command in privileged EXEC mode, to save the required usage information in a file. Then, from a workstation where you have connectivity to CSSM, complete these tasks: Uploading Usage Data to CSSM and Downloading an ACK > Installing a File on the Product Instance.

  • If the product instance is managed by a controller, the controller will send the RUM report at the scheduled time. If you want to trigger an ad-hoc report, you can do so in the Cisco DNA Center GUI.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Error Message %SMART_LIC-6-TRUST_CODE_INSTALL_SUCCESS: A new licensing trust code
 was successfully installed on [chars].

Explanation:[chars] is the UDI where the trust code was successfully installed.

Recommended Action: No action is required. If you want to verify that the trust code is installed, enter the show license status command in privileged EXEC mode. Look for the updated timestamp under header Trust Code Installed: in the output.


----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------

Additional References for Smart Licensing Using Policy

Topic

Document Title

For complete syntax and usage information for the commands used in this chapter, see System Mangement > System Mangement Commands in the Command Reference of the required release.

Command Reference (Catalyst 9500 Series Switches)

Cisco Smart Software Manager Help

Smart Software Manager Help

Cisco Smart License Utility (CSLU) installation and user guides

Cisco Smart License Utility Quick Start Setup Guide

Cisco Smart License Utility User Guide

Feature History for Smart Licensing Using Policy

This table provides release and related information for features explained in this module.

These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature

Feature Information

Cisco IOS XE Fuji 16.9.1

Smart Licensing

A cloud-based, software license management solution that allows you to manage and track the status of your license, hardware, and software usage trends.

Starting from this release, Smart Licensing is the default and the only available method to manage licenses.

Starting from Cisco IOS XE Fuji 16.9.1 the Right-To-Use (RTU) licensing mode is deprecated, and the associated license right-to-use command is no longer available on the CLI.

Support for this feature was introduced on all models of Cisco Catalyst 9500 Series Switches.

Cisco IOS XE Amsterdam 17.3.2a

Smart Licensing Using Policy

An enhanced version of Smart Licensing, with the overarching objective of providing a licensing solution that does not interrupt the operations of your network, rather, one that enables a compliance relationship to account for the hardware and software licenses you purchase and use.

Starting with this release, Smart Licensing Using Policy is automatically enabled on the device. This is also the case when you upgrade to this release.

By default, your Smart Account and Virtual Account in CSSM is enabled for Smart Licensing Using Policy.

Cisco DNA Center support for Smart Licensing Using Policy

Cisco DNA Center supports Smart Licensing Using Policy functionality starting with Cisco DNA Center Release 2.2.2.

When you use Cisco DNA Center to manage a product instance, Cisco DNA Center connects to CSSM, and is the interface for all communication to and from CSSM.

For information about the comptabile controller and product instance versions, see Controller.

For information about this topology, see Connected to CSSM Through a Controller and Workflow for Topology: Connected to CSSM Through a Controller.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn

6 The Cisco StackWise Virtual feature, which is available on Cisco Catalyst switches, is an example of such a set-up.
7 The Quad-Supervisor with Route Processor Redundancy, which is available on Cisco Catalyst switches, is an example of such a set-up.