I was at a client site and needed to register a Security license Product Authorization Key (PAK) via Cisco's License Administration Portal. I would need the Security license to be able to use the "crypto" commands and build an IPsec site-to-site IPsec back to our core network.
It's quite similar how licensing works on an ASA firewall, wherein you purchase a separate license to activate a particular feature. We can use either the show license udi or show version commands to get the UDI and Serial Number of the router's chassis.
Router#show license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 CISCO2911/K9 FGL18091abc CISCO2911/K9:FGL18091abc
Type the Product ID/PID (CISCO2911/K9) and device Serial Number (FGL18091abc) separately on its respective field. Check for any typo errors, otherwise you'll need to raise a Cisco License TAC case to retrieve the license manually.
Router#copy tftp://10.1.1.2/FGL18091abc_20141123183623264.lic flash
Destination filename [FGL18091abc_20141123183623264.lic]?
Accessing tftp://10.1.1.2/FGL18091abc_20141123183623264.lic...
Loading FGL18091abc_20141123183623264.lic from 10.1.1.2 (via GigabitEthernet0/0): !
[OK - 1155 bytes]
Router#show flash | inc FGL
245 1155 Nov 24 2014 02:37:36 +00:00 FGL18091abc_20141123183623264.lic
Router#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: uck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: gatekeeper
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 7 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 8 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: hseck9
Index 10 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 11 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 12 Feature: UCVideo
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Router#license ?
call-home License call-home information
clear Clear license information
comment Comment license information
install Install license information
modify Modify license
revoke Revoke license information
save Save license information
Router#license install ?
archive: Install from archive: file system
flash0: Install from flash0: file system
flash1: Install from flash1: file system
flash: Install from flash: file system
ftp: Install from ftp: file system
http: Install from http: file system
https: Install from https: file system
null: Install from null: file system
nvram: Install from nvram: file system
pram: Install from pram: file system
rcp: Install from rcp: file system
scp: Install from scp: file system
syslog: Install from syslog: file system
system: Install from system: file system
tftp: Install from tftp: file system
tmpsys: Install from tmpsys: file system
xmodem: Install from xmodem: file system
ymodem: Install from ymodem: file system
Router#license install flash:FGL18091abc_20141123183623264.lic
Installing licenses from "flash:FGL18091abc_20141123183623264.lic"
Installing...Feature:securityk9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
*Nov 24 02:43:20.971: %LICENSE-6-INSTALL: Feature securityk9 1.0 was installed in this device. UDI=CISCO2911/K9:FGL18091abc; StoreIndex=2:Primary License Storage
*Nov 24 02:43:21.231: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module
name = c2900 Next reboot level = securityk9 and License = securityk9
Router#reload
Proceed with reload? [confirm]
<OUTPUT TRUNCATED>
Router#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: uck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: gatekeeper
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 7 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 8 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: hseck9
Index 10 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 11 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 12 Feature: UCVideo
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Router>show version // ALTERNATE COMMAND TO VERIFY PERMANENT LICENSE
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 13-Sep-13 14:59 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Router uptime is 1 minute
System returned to ROM by reload at 02:44:35 UTC Mon Nov 24 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M5.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FGL18091abc
3 Gigabit Ethernet interfaces
1 terminal line
1 Channelized (E1 or T1)/PRI port
1 Virtual Private Network (VPN) Module
4 Voice FXS interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FGL18091abc
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
It's quite similar how licensing works on an ASA firewall, wherein you purchase a separate license to activate a particular feature. We can use either the show license udi or show version commands to get the UDI and Serial Number of the router's chassis.
Router#show license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 CISCO2911/K9 FGL18091abc CISCO2911/K9:FGL18091abc
Type the Product ID/PID (CISCO2911/K9) and device Serial Number (FGL18091abc) separately on its respective field. Check for any typo errors, otherwise you'll need to raise a Cisco License TAC case to retrieve the license manually.
You can choose to email the e-license and also download it and then TFTP the license to the router's flash.
Destination filename [FGL18091abc_20141123183623264.lic]?
Accessing tftp://10.1.1.2/FGL18091abc_20141123183623264.lic...
Loading FGL18091abc_20141123183623264.lic from 10.1.1.2 (via GigabitEthernet0/0): !
[OK - 1155 bytes]
Router#show flash | inc FGL
245 1155 Nov 24 2014 02:37:36 +00:00 FGL18091abc_20141123183623264.lic
Router#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: uck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: gatekeeper
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 7 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 8 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: hseck9
Index 10 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 11 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 12 Feature: UCVideo
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Router#license ?
call-home License call-home information
clear Clear license information
comment Comment license information
install Install license information
modify Modify license
revoke Revoke license information
save Save license information
Router#license install ?
archive: Install from archive: file system
flash0: Install from flash0: file system
flash1: Install from flash1: file system
flash: Install from flash: file system
ftp: Install from ftp: file system
http: Install from http: file system
https: Install from https: file system
null: Install from null: file system
nvram: Install from nvram: file system
pram: Install from pram: file system
rcp: Install from rcp: file system
scp: Install from scp: file system
syslog: Install from syslog: file system
system: Install from system: file system
tftp: Install from tftp: file system
tmpsys: Install from tmpsys: file system
xmodem: Install from xmodem: file system
ymodem: Install from ymodem: file system
Router#license install flash:FGL18091abc_20141123183623264.lic
Installing licenses from "flash:FGL18091abc_20141123183623264.lic"
Installing...Feature:securityk9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
*Nov 24 02:43:20.971: %LICENSE-6-INSTALL: Feature securityk9 1.0 was installed in this device. UDI=CISCO2911/K9:FGL18091abc; StoreIndex=2:Primary License Storage
*Nov 24 02:43:21.231: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module
name = c2900 Next reboot level = securityk9 and License = securityk9
Router#reload
Proceed with reload? [confirm]
<OUTPUT TRUNCATED>
Router#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: uck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: gatekeeper
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 7 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 8 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: hseck9
Index 10 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 11 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 12 Feature: UCVideo
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Router>show version // ALTERNATE COMMAND TO VERIFY PERMANENT LICENSE
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 13-Sep-13 14:59 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Router uptime is 1 minute
System returned to ROM by reload at 02:44:35 UTC Mon Nov 24 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M5.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FGL18091abc
3 Gigabit Ethernet interfaces
1 terminal line
1 Channelized (E1 or T1)/PRI port
1 Virtual Private Network (VPN) Module
4 Voice FXS interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FGL18091abc
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
No comments:
Post a Comment