04-30-2020 07:57 PM
Hello, can someone give me the procedure to point devices in DNAC to Cisco Smart Software Manager on prem smart licensing server?
Thanks
05-01-2020 09:54 AM
Hello @NETAD
Hopefully, you are doing well!
You must set up access to your Cisco Smart Account before you can use the Cisco DNA Center License Manager tools.
Ensure that you have SUPER-ADMIN-ROLE permissions and the appropriate RBAC scope to perform this procedure.
Collect the Cisco user ID and password for your Smart Account.
If you have one or more Smart Accounts: Select the Smart Account that you want to use with Cisco DNA Center, and collect that account's user ID and password.
To enable a Smart Account, Cisco DNA Center must have reachability to tools.cisco.com.
To apply licenses to a device in Cisco DNA Center, the device must be present in Inventory, must have a site assigned to it, and must have reachability to tools.cisco.com.
Step 1 | Log in using a Cisco DNA Center system administrator username and password. |
Step 2 | Choose |
Step 3 | Under Cisco.com Credentials, enter the username and password for your Smart Account. |
Step 4 | To access your Smart Account using a virtual or subordinate Smart Account name and password, under Link Your Smart Account, choose:
|
Step 5 | Click View all virtual accounts to view all virtual Smart License Accounts. |
Step 6 | Click Apply. |
05-27-2020 12:38 PM
Hi Mohamed, is this procedure for if you have an on prem satellite server? Do we still need to configure the switches via a template?
for instance:
on prem ssm configuration:
!
enable
configure terminal
call-home
profile name <>
destination transport-method http
destination address http url <>
active
exit
!
end
!
load license
!
enable
configure terminal
license boot level license_level
write memory
end
show version
configure terminal
reload
end
!
show version
!
and what about the token piece? Do we generate one and apply it somewhere in DNAC?
02-23-2021 02:38 PM
Hope you worked this out. You need to go into the API module on the On-Prem licencing server and Create Client Credentials which generates the ClientID and Client Secret that you need to enter into DNA Under SSM Connection Mode, On Prem-CSSM .
This doesn't seem to be documented anywhere.
02-10-2022 08:20 PM
Thanks @Andrew Woolman
I don't understand why every Cisco product has such a widely differing approach to how Smart Licensing is configured. It's utterly astounding. DNAC is just the most (unnecessarily) complicated piece of equipment I have had to deal with. Makes something simple like registering licenses with SSM very hard. Why can't DNAC just talk to the SSM and have some trusted comms channel to exchange data (perhaps using Cisco signed CA) to talk Cisco-Cisco ? The only creds we should provide is perhaps a username and a login. But asking the user to setup the API stuff is one step too far.
01-21-2025 10:17 AM
Its 2025 and I still no updated documentation for this process.
01-21-2025 11:29 AM
@Charles V There's no need to configure Smart License after IOS 17.3.2. It has been replaced with Smart License Using policy (SLP) (which despite the similar name, works differently). Look for documentation (especially youtube videos) on Smart License Using policy. It's especially easy to deploy if you have Catalyst Center deployed.
01-21-2025 01:00 PM
I would highly recommend getting all of your Cat9K devices to 17.12.4 if you're not already on that release. Let's leave older IOS-XE (16.12) out of this discussion for now. My journey with Smart Licensing has been a miserable and tedious one. In the beginning (before I heard DNAC can help with this) I started out lovingly SSH'ing to every device and pasting the 'call-home' config into each device, and ensuring that the Inventory in On-Prem SSM reflected the device. Then a colleague told me that DNAC could handle this at scale. It's true - it can. But here are some facts that apply to customers who have Catalyst devices, On-prem SSM, and a DNAC:
- On-prem SSM is no longer required when you have SLUP capable IOS-XE devices, but you must configure DNAC into Smart Proxy Mode - this turns DNAC into a licensing gateway box - In this mode DNAC logs into (SSH I think) IOS-XE SLUP devices and fetches files and then uploads them to the cloud on your behalf (proxy). Here's the kicker - if you have SLUP devices, then you MUST either run DNAC in Proxy Mode, or Direct Mode or else you can't manage SLUP devices in DNAC itself - in other words, you must change the mode from On-Prem SSM to one of the others - and then you suddenly have features in DNAC to manage the SLUP devices. There is a conversion process that DNAC can handle for you, and you have to convert all your devices to use the new world. But here's what they don't tell you
Smart Proxy Mode is great and IOS-XE 17.3.2 and later device use SLUP - you can ignore/delete the 'call-home and 'license smart transport' commands in the show run, because SLUP uses HTTPS mechanisms to transport a little file from the flash to DNAC. But as mentioned above, you must ensure that devices can talk securely to DNAC for this to happen.
Older devices still using call-home, that are not SLUP compatible but support smart transport can be converted through DNAC GUI to have their config changed to use DNAC as their gateway. Luckily DNAC will provision its enterprise IPv4 address into the 'license smart url' URL so you don't have to faff around with DNS resolution (which was the bane of my life with call-home, because I had to resolve the FQDN of the on-prem SSM on my devices). The only gotcha I found with this one is that you have to sometimes tell the IOS-XE devices which source interface to use for https comms, as well as VRF (if applicable) - DNAC cannot do this for you because it's not clever enough to make that decision. And again, in this mode, the call-home section of the config is no longer used.
The long story short, is that 17.12.4 made my life easier, because DNAC/CatCenter was finally happy with this release and seems to manage the devices really well in Proxy Mode.
if you decide that you don't want DNAC to be your Licensing middle man, then you can manually configure your SLUP devices to talk to your on-prem CSSM in CSLU mode. Ensure that your on-prem has the CSLU enabled (all the latest versions have this) and then use 'license smart transport cslu' and the corresponding URL that points to your on-prem - but beware of CRL checks, VRF hurdles and DNS resolution (if the URL contains FQDN). Of the hours I have wasted on this ...
I think On-prem SSM will stay around for a while, since many other Cisco products talk to it (ISE, Prime, FMC, etc.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide