topic Hello Amir,ACS used to tie in Network Access Control

Is there any mechanism for preventing Cisco Virtual Appliances from being cloned or exported as OVF/OVA ??

Amir.csco — Mon, 11 Mar 2019 05:23:02 GMT

I am very confused why Cisco has no mechanism for preventing its virtual appliances from being cloned or copied, for example i can install ACS 5.6 , buy license and deploy it, then i can export the virtual appliance as and OVA file and deploy it somewhere else in other license without need to buy another license, after deploying OVA file i can even change IP address, Default Gateway, NTP server or any parameters that i want but license is steel valid...

why on earth this is happening ??

Hello Amir,ACS used to tie

nspasov — Tue, 27 Jan 2015 07:53:19 GMT

Hello Amir,

ACS used to tie the license to the MAC address of the machine but I believe Cisco removed that in version 5.1 or 5.2 as users were facing with issues if the MAC changed on a virtual machine.

Other Cisco products, such as the ASA, Call Manger, and even ISE are a lot more restrictive when it comes to licensing. However, Cisco in general has many products that are licensed on the "honor system" where you are responsible for reporting and paying for everything that you are using.

Also, I suppose Cisco could audit any companies out there and figure out what the company is using vs what it actually paid for 🙂

I hope this helps!

Thank you for rating helpful posts!

Thank you Neno for your

Amir.csco — Tue, 27 Jan 2015 18:20:51 GMT

Thank you Neno for your attention and response

but its really strange and confusing, im looking for a way that i can restrict ACS and prevent this from happening because i think this is some kind of bug,

you said that CUCM and ISE don't have this issue and they come with more restrictions, is there any documentations or references that describe about these restrictions

Not a bug, this is the way

jan.nielsen — Thu, 29 Jan 2015 15:27:47 GMT

Not a bug, this is the way ACS works now, it's up to your ethical standards whether you break this system of "trust" that Cisco has implemented. This is actually how most Cisco products worked back in the day, and some products are returning to this model (ASA APEX ex.)