Smart Licensing is enabled by default starting on IOS-XE 16.9.1 and above on Cisco Catalyst 3650/3850 and 9000 series switches and 16.10.1 and above on Cisco ASR1K, ISR1K and ISR4K series routers.
4321#show version
Cisco IOS XE Software, Version 16.12.04
Cisco IOS Software [Gibraltar], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.12.4, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Jul-20 21:44 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2020 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: 16.12(2r)
4321 uptime is 14 hours, 1 minute
Uptime for this control processor is 14 hours, 4 minutes
System returned to ROM by Reload Command at 09:29:30 UTC Thu Mar 18 2021
System restarted at 09:34:02 UTC Thu Mar 18 2021
System image file is "bootflash:isr4300-universalk9.16.12.04.SPA.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Suite License Information for Module:'esg'
--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None Smart License None
securityk9
appxk9
AdvUCSuiteK9 None Smart License None
uck9
cme-srst
cube
Technology Package License Information:
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None Smart License None
uck9 uck9 Smart License uck9
securityk9 None Smart License None
ipbase ipbasek9 Smart License ipbasek9
The current throughput level is unthrottled
Smart Licensing Status: UNREGISTERED/EVAL MODE
cisco ISR4321/K9 (1RU) processor with 1694893K/3071K bytes of memory.
Processor board ID FLM24481234
1 Virtual Ethernet interface
10 Gigabit Ethernet interfaces
24 Serial interfaces
2 Channelized T1/PRI ports
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3125247K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.
Configuration register is 0x2102
Smart Call-Home (SCH) is configured by default per above IOS-XE releases.
4321#show run | section call-home
service call-home
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
To check the Smart License status, issue either a show license status or show license summary command.
Notice the device Status is UNREGISTERED and License Count Status is EVAL MODE.
4321#show license status
Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: UNREGISTERED - REGISTRATION PENDING
Export-Controlled Functionality: NOT ALLOWED
Initial Registration: First Attempt Pending
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 86 days, 8 hours, 10 minutes, 38 seconds
License Conversion:
Automatic Conversion Enabled: False
Status: Not started
Export Authorization Key:
Features Authorized:
<none>
4321#show license summary
Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED - REGISTRATION PENDING
Export-Controlled Functionality: NOT ALLOWED
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 86 days, 8 hours, 9 minutes, 48 seconds
License Usage:
License Entitlement tag Count Status
-----------------------------------------------------------------------------
(ISR_4321_UnifiedCommun...) 1 EVAL MODE
(ISR_4321_BOOST) 1 EVAL MODE
You need to create a Virtual Account on the Cisco Smart Software Manager (CSSM) portal, which is under Administration > click Manage Smart Account.
To manage Smart Licenses in the CSSM portal go under License > click Smart Software Licensing.
First generate a registration token in CSSM under Inventory.
Select
the Virtual Account > click New Token.
Type a Description (i.e. router hostname) > leave the default Expire After: 30 Days > leave blank for the Max. Number of Users > leave the Allow export-controlled functionality selected > click Create Token.
Notice the top most token that was generated. It has a 30 days (1 month) expiration date/use.
Click the blue arrow icon beside the newly generated token > hit Ctrl+C to copy to clipboard.
Before applying the new token, ensure the router can reach the SCH/CSSM cloud over the Internet.
4321#ping tools.cisco.com
% Unrecognized host or address, or protocol not running.
4321#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Configure DNS
and domain lookup on the router . You can alternatively use the ip host <HOSTNAME> <IP ADDRESS> command to manually map Call Home to a static public IP address.
4321(config)#ip name-server 8.8.8.8
4321(config)#ip domain lookup
4321(config)#end
4321#ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 218/218/219 ms
Next, issue a license smart register idtoken <TOKEN>
privilege mode command.
4321#license ?
smart Smart licensing
4321#license smart ?
clear Clear
conversion Start or stop a license conversion
deregister deregister this device
export Get or return an export authorization key
factory Execute Smart Licensing Factory commands
register register token id
renew Smart License renew
send license smart send
4321#license smart register ?
idtoken id token
4321#license smart register idtoken ?
WORD reg id
4321#license smart register idtoken ZTVmZDQ3MGItZTY4My00NDgzLWEwZmItZTVkZDYxMzVlODQ0LTE2MTg3MDUx%0AODU4Mzl8aXJLOXNYb0JORmtrZHJsY3ZRbHZqbzd3RC9NbUQxWGRDY2M1TmMw%0AejFsTT0%12345
Registration process is in progress. Use the 'show license status' command to check the progress and result
Mar 19 00:43:51.297 UTC: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by crypto-engine
Mar 19 00:43:51.375 UTC: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configurations
You can check the Smart License status using either the show license status or show license summary command. Notice the Status changed to UNREGISTERED - REGISTRATION PENDING.
4321#show license status
Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: UNREGISTERED - REGISTRATION PENDING
Export-Controlled Functionality: NOT ALLOWED
Initial Registration: First Attempt Pending
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 86 days, 8 hours, 10 minutes, 38 seconds
License Conversion:
Automatic Conversion Enabled: False
Status: Not started
Export Authorization Key:
Features Authorized:
<none>
4321#show license summary
Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED - REGISTRATION PENDING
Export-Controlled Functionality: NOT ALLOWED
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 86 days, 8 hours, 9 minutes, 48 seconds
License Usage:
License Entitlement tag Count Status
-----------------------------------------------------------------------------
(ISR_4321_UnifiedCommun...) 1 EVAL MODE
(ISR_4321_BOOST) 1 EVAL MODE
The Internet connection was initially unstable/intermittent causing the SCH connection to fail.
4321#
Mar 19 00:57:45.880 UTC: %CALL_HOME-5-SL_MESSAGE_FAILED: Fail to send out Smart Licensing message to: https://tools.cisco.com/its/service/oddce/services/DDCEService (ERR 220 : HTTP protocol level failure)
Mar 19 00:57:45.880 UTC: %SMART_LIC-3-AGENT_REG_FAILED: Smart Agent for Licensing Registration with the Cisco Smart Software Manager (CSSM) failed: Fail to send out Call Home HTTP message.
Mar 19 00:57:45.881 UTC: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : Fail to send out Call Home HTTP message.
Verify again the Smart License status. Notice the Status changed to REGISTERING - REGISTRATION IN PROGRESS. Also notice the next registration attempt is few minutes away from the router clock (my router used NTP)
4321#show license status
Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: REGISTERING - REGISTRATION IN PROGRESS
Export-Controlled Functionality: NOT ALLOWED
Initial Registration: FAILED on Mar 19 00:57:45 2021 UTC
Failure reason: Fail to send out Call Home HTTP message.
Next Registration Attempt: Mar 19 01:15:54 2021 UTC
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 86 days, 7 hours, 52 minutes, 58 seconds
License Conversion:
Automatic Conversion Enabled: False
Status: Not started
Export Authorization Key:
Features Authorized:
<none>
4321#show clock
01:04:53.188 UTC Fri Mar 19 2021
You can force update the SCH/device registration using the license smart register idtoken <TOKEN> force command
4321# license smart register idtoken ZTVmZDQ3MGItZTY4My00NDgzLWEwZmItZTVkZDYxMzVlODQ0LTE2MTg3MDUx%0AODU4Mzl8aXJLOXNYb0JORmtrZHJsY3ZRbHZqbzd3RC9NbUQxWGRDY2M1TmMw%0AejFsTT0%12345 ?
force Forcefully register
<cr> <cr>
4321#license smart register idtoken ItZTY4My00NDgzLWEwZmItZTVkZDYxMzVlODQ0LTE2MTg3MDUx%0AODU4Mzl8aXJLOXNYb0JORmtrZHJsY3ZRbHZqbzd3RC9NbUQxWGRDY2M1TmMw%0AejFsTT0%12345 force
Registration process is in progress. Use the 'show license status' command to check the progress and result
4321#
Mar 19 01:31:22.261 UTC: %CRYPTO_ENGINE-5-KEY_DELETED: A key named SLA-KeyPair has been removed from key storage
Mar 19 01:31:24.012 UTC: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by crypto-engine
Mar 19 01:31:24.088 UTC: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
Mar 19 01:31:37.371 UTC: %CALL_HOME-6-SCH_REGISTRATION_IN_PROGRESS: SCH device registration is in progress. Call-home will poll SCH server for registration result. You can also check SCH registration status with "call-home request registration-info" under EXEC mode.
Mar 19 01:31:37.373 UTC: %SMART_LIC-5-COMM_RESTORED: Communications with the Cisco Smart Software Manager (CSSM) restored
Mar 19 01:31:37.567 UTC: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is allowed
Mar 19 01:31:37.568 UTC: %SMART_LIC-6-AGENT_REG_SUCCESS: Smart Agent for Licensing Registration successful. udi PID:ISR4321/K9,SN:FLM24471234
Mar 19 01:31:46.142 UTC: %SMART_LIC-5-IN_COMPLIANCE: All entitlements and licenses in use on this device are authorized
Mar 19 01:31:46.146 UTC: %SMART_LIC-5-END_POINT_RESET: End Point list reset
Mar 19 01:31:46.148 UTC: %SMART_LIC-6-AUTH_RENEW_SUCCESS: Authorization renewal successful. State=authorized for udi PID:ISR4321/K9,SN:FLM24471234
Notice the registration status changed to SUCCEEDED and the Count Status changed to AUTHORIZED.
4321#show license status
Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: REGISTERED
Smart Account: MY_SMART_ACCOUNT
Virtual Account: MY_VIRTUAL_ACCOUNT
Export-Controlled Functionality: ALLOWED
Initial Registration: SUCCEEDED on Mar 19 01:31:37 2021 UTC
Last Renewal Attempt: None
Next Renewal Attempt: Sep 15 01:31:36 2021 UTC
Registration Expires: Mar 19 01:26:31 2022 UTC
License Authorization:
Status: AUTHORIZED on Mar 19 01:31:46 2021 UTC
Last Communication Attempt: SUCCEEDED on Mar 19 01:31:46 2021 UTC
Next Communication Attempt: Apr 18 01:31:45 2021 UTC
Communication Deadline: Jun 17 01:26:43 2021 UTC
License Conversion:
Automatic Conversion Enabled: False
Status: Not started
Export Authorization Key:
Features Authorized:
<none>
4321#show license summary
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: MY_SMART_ACCOUNT
Virtual Account: MY_VIRTUAL_ACCOUNT
Export-Controlled Functionality: ALLOWED
Last Renewal Attempt: None
Next Renewal Attempt: Sep 15 01:31:37 2021 UTC
License Authorization:
Status: AUTHORIZED
Last Communication Attempt: SUCCEEDED
Next Communication Attempt: Apr 18 01:31:45 2021 UTC
License Usage:
License Entitlement tag Count Status
-----------------------------------------------------------------------------
ISR_4321_UnifiedComm... (ISR_4321_UnifiedCommun...) 1 AUTHORIZED
Boost Performance fo... (ISR_4321_BOOST) 1 AUTHORIZED
To check the device registration status in CSSM, select the Virtual Account > go to Product Instances tab > check the Name of the device > check under Last Contact (2021-Mar-19 01:31:44).
Select the Name (a hyperlink) > under Overview tab > check the Registration Date and Last Contact.
Go to Licenses tab > check under License: Boost Performance for ISR4321 and ISR_4321_UnifiedCommunication > notice the number under Purchased and In use.
I registered two ISR 4321 routers so the count under Purchased and In Use were both 2.
To view call-home config and status, issue a show call-home profile all command. Notice the router periodically contacts SCH every 15 days so it's important for the router to have a stable Internet.
4321#show call-home ?
alert-group Show available alert group
detail Show call-home configuration in detail
diagnostic-signature Show diagnostic-signature
events Show active events
mail-server Show call-home mail server related information
profile Show existing profiles
smart-licensing Show Smart License
statistics Show call-home statistics
version Show call-home version
| Output modifiers
<cr> <cr>
4321#show call-home profile ?
WORD Profile name
all Show all profiles
4321#show call-home profile all
Profile Name: CiscoTAC-1
Profile status: ACTIVE
Profile mode: Full Reporting
Reporting Data: Smart Call Home, Smart Licensing
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: http
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Other address(es): default
Periodic configuration info message is scheduled every 15 day of the month at 15:41
Periodic inventory info message is scheduled every 15 day of the month at 15:26
Alert-group Severity
------------------------ ------------
crash debug
environment minor
inventory normal
Syslog-Pattern Severity
------------------------ ------------
.* major
The log message below is a Cisco bug and it was mentioned to simply ignore it since there's no impact.
Mar 19 01:33:17.938 UTC: %CALL_HOME-6-UPDATE_SCH_REGISTRATION_STATUS: Device Registration details are not Available
Don't forget to save config.
4321#write memory
Building configuration...
[OK]
No comments:
Post a Comment