Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1605
Views
5
Helpful
2
Replies

Cisco Smart Licensing for ISR4351

Go to solution
CarsonDavis56998
Level 1
Level 1

‎05-29-2022 12:08 PM

currently have a ISR4351 that is using traditional licensing. The box currently has ipbase,advanced, and sec licensing installed. However I have recently found that because the router does not have HSEC we are limited to 85mbps for our vpns, which is throttling traffic for one of our branch sites, so the plan is to GET HSEC applied to the device to resolve this issue. We currently have an ISR4351 HSEC license available in our Smartnet account. Would I be able to convert this device that is currently using traditional licensing to smart licensing to add HSEC , but still retain my licensing already installed in the box? Or is their perhaps a better route I should be taking to complete this? I am a noob when it comes cisco licensing so let me know if further details/clarification is needed. Thanks.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎05-29-2022 07:13 PM - edited ‎05-29-2022 07:38 PM

Contact Cisco License Team and they can provide the PKU to activate HSEC easier, faster and less hassle.  

If it is possible, avoid upgrading to 16.10.X and later.  Cisco "Smart" License (CSL) is not crack up as it meant to be.  CSL does not provide any "benefit" to anyone.  Not even to Cisco themselves.  CSL is high in maintenance.  For instance, if the appliance has an expired QuoVadis root CA 2 certificate and nobody was able to detect this then the appliance's memory will have a leak in the "keyman" process.

Have a look at the two pictures below.  

Normal memory leakNormal memory leak

Picture above is a "normal" (control plane) memory leak of a stacked 3850/9300 switch.  Notice the rate of climb is pretty "gradual" or smooth. 
Compare that to the next one.  

12.png

Orange box is a "normal" (control plane) memory leak of a stacked 3850/9300 switch.  Starting March 2022, the QuoVadis certificate expired and the memory leak spiked because we "did nothing".  Green box is when I applied the workaround.  

The message I want to push is this:  Keep it simpleIOS-XE is not the same as classic IOS.  IOS-XE is far more complicated than classic IOS and a lot of things can go (really) wrong with IOS-XE.  IOS-XE requires daily monitoring of CPU and memory utilization (data and control plane). 

Keep it simple.  Avoid CSL.   

View solution in original post

2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎05-29-2022 03:21 PM

Hi

 

There´s a procedure to change from traditional licensing to smart licensing. If you already have Smart Account  you can follow this procedure and have all you licensing on the smart account.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_chapter_011.pdf 

 

smart_lic.JPG

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎05-29-2022 07:13 PM - edited ‎05-29-2022 07:38 PM

Contact Cisco License Team and they can provide the PKU to activate HSEC easier, faster and less hassle.  

If it is possible, avoid upgrading to 16.10.X and later.  Cisco "Smart" License (CSL) is not crack up as it meant to be.  CSL does not provide any "benefit" to anyone.  Not even to Cisco themselves.  CSL is high in maintenance.  For instance, if the appliance has an expired QuoVadis root CA 2 certificate and nobody was able to detect this then the appliance's memory will have a leak in the "keyman" process.

Have a look at the two pictures below.  

Normal memory leakNormal memory leak

Picture above is a "normal" (control plane) memory leak of a stacked 3850/9300 switch.  Notice the rate of climb is pretty "gradual" or smooth. 
Compare that to the next one.  

12.png

Orange box is a "normal" (control plane) memory leak of a stacked 3850/9300 switch.  Starting March 2022, the QuoVadis certificate expired and the memory leak spiked because we "did nothing".  Green box is when I applied the workaround.  

The message I want to push is this:  Keep it simpleIOS-XE is not the same as classic IOS.  IOS-XE is far more complicated than classic IOS and a lot of things can go (really) wrong with IOS-XE.  IOS-XE requires daily monitoring of CPU and memory utilization (data and control plane). 

Keep it simple.  Avoid CSL.   

Customers Also Viewed These Support Documents