05-29-2022 12:08 PM
currently have a ISR4351 that is using traditional licensing. The box currently has ipbase,advanced, and sec licensing installed. However I have recently found that because the router does not have HSEC we are limited to 85mbps for our vpns, which is throttling traffic for one of our branch sites, so the plan is to GET HSEC applied to the device to resolve this issue. We currently have an ISR4351 HSEC license available in our Smartnet account. Would I be able to convert this device that is currently using traditional licensing to smart licensing to add HSEC , but still retain my licensing already installed in the box? Or is their perhaps a better route I should be taking to complete this? I am a noob when it comes cisco licensing so let me know if further details/clarification is needed. Thanks.
Solved! Go to Solution.
05-29-2022 07:13 PM - edited 05-29-2022 07:38 PM
Contact Cisco License Team and they can provide the PKU to activate HSEC easier, faster and less hassle.
If it is possible, avoid upgrading to 16.10.X and later. Cisco "Smart" License (CSL) is not crack up as it meant to be. CSL does not provide any "benefit" to anyone. Not even to Cisco themselves. CSL is high in maintenance. For instance, if the appliance has an expired QuoVadis root CA 2 certificate and nobody was able to detect this then the appliance's memory will have a leak in the "keyman" process.
Have a look at the two pictures below.
Normal memory leak
Picture above is a "normal" (control plane) memory leak of a stacked 3850/9300 switch. Notice the rate of climb is pretty "gradual" or smooth.
Compare that to the next one.
Orange box is a "normal" (control plane) memory leak of a stacked 3850/9300 switch. Starting March 2022, the QuoVadis certificate expired and the memory leak spiked because we "did nothing". Green box is when I applied the workaround.
The message I want to push is this: Keep it simple. IOS-XE is not the same as classic IOS. IOS-XE is far more complicated than classic IOS and a lot of things can go (really) wrong with IOS-XE. IOS-XE requires daily monitoring of CPU and memory utilization (data and control plane).
Keep it simple. Avoid CSL.
05-29-2022 03:21 PM
Hi
There´s a procedure to change from traditional licensing to smart licensing. If you already have Smart Account you can follow this procedure and have all you licensing on the smart account.
05-29-2022 07:13 PM - edited 05-29-2022 07:38 PM
Contact Cisco License Team and they can provide the PKU to activate HSEC easier, faster and less hassle.
If it is possible, avoid upgrading to 16.10.X and later. Cisco "Smart" License (CSL) is not crack up as it meant to be. CSL does not provide any "benefit" to anyone. Not even to Cisco themselves. CSL is high in maintenance. For instance, if the appliance has an expired QuoVadis root CA 2 certificate and nobody was able to detect this then the appliance's memory will have a leak in the "keyman" process.
Have a look at the two pictures below.
Normal memory leak
Picture above is a "normal" (control plane) memory leak of a stacked 3850/9300 switch. Notice the rate of climb is pretty "gradual" or smooth.
Compare that to the next one.
Orange box is a "normal" (control plane) memory leak of a stacked 3850/9300 switch. Starting March 2022, the QuoVadis certificate expired and the memory leak spiked because we "did nothing". Green box is when I applied the workaround.
The message I want to push is this: Keep it simple. IOS-XE is not the same as classic IOS. IOS-XE is far more complicated than classic IOS and a lot of things can go (really) wrong with IOS-XE. IOS-XE requires daily monitoring of CPU and memory utilization (data and control plane).
Keep it simple. Avoid CSL.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide