Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
54243
Views
6
Helpful
3
Comments

Smart License Using Policy - FAQ

Pradeep Chaudhari
Cisco Employee
Cisco Employee

‎06-09-2021 10:11 AM - edited ‎11-24-2022 10:13 PM

1. Smart Licensing

1.1. What is Smart Licensing?

A. Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure – you control what users can access. With Smart Licensing you get: 

Easy Activation: Smart Licensing establishes a pool of software licenses that can be used across the entire organization—no more PAKs (Product Activation Keys). 

Unified Management: My Cisco Entitlements (MCE) provides a complete view into all of your Cisco products and services in an easy-to-use portal, so you always know what you have and what you are using. 

License Flexibility: Your software is not node-locked to your hardware, so you can easily use, and transfer licenses as needed. 

To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central (software.cisco.com).

For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide

1.2. What are the benefits of Cisco Smart Software Licensing?

A. Smart Software Licensing makes it easier to do business with Cisco. We believe that software should just work. Benefits for Partners include:

Visibility to devices and software purchased and deployed

Ability to monitor and manage devices, licenses, and usage in real time

Automatic license activation

Product simplicity with standard software offers, licensing platform, and policies

Decreased operational costs

1.3. What is required to use Smart Software Licensing?

A. A new Smart Account is required for Smart Software Licensing. Existing Cisco.com IDs can be linked to the Smart Account. The product will also need to be Smart License-Enabled to leverage the Smart licensing features.

1.4. Can you go see what classic license a device is using today? Can you go to a device and see what Smart License is connected, or can you only view that information from SSM?

A. For classic licenses, if you go to the device you are able to see what license you are running. For Smart Licensing, if you go to the device you will see which entitlements you are consuming as you have to tell the device what you want it to consume.

1.5. Which purchasing models does Cisco Smart Software Licensing support?

A. Currently, perpetual and term/subscription licenses are available for Smart Software License-Enabled products. Some products also support the Managed Service Provider License Agreement (MSLA) via Smart Licensing as well. More models will be added over time.

1.6. What is the difference between perpetual and subscription licensing?

A. In the subscription model, the Customer pays an annual fee that includes the cost of the license(s) term right to use and the cost of Software Support Service for software support, suite updates, version upgrades and license portability. If the Customer decides to cancel the subscription, they lose the right to use the license(s).

In the perpetual model, the Customer pays the entire cost of the license(s) perpetual right to use at the time of purchase. The Customer must maintain an annual Software Support Service contract in order to get software support, updates, upgrades and license portability rights. If Customer stops paying the Software Support Service contract, they can continue to use the license on that device. However, they would not be eligible for support, updates, upgrades or license portability if they move to a new device in the future.

1.7. What is SLR & PLR?

A. SLR is stands for a smart licensing reservation and PLR is permanent licensing reservation. These licenses were specifically for the offline Network environment such as government customer who don't want to connect their devices to access the internet and reach to the Cisco smart licensing server in Cisco cloud.

 

2. Smart Licensing Using Policy

2.1. What is Smart Licensing using Policy?

A. The Smart Licensing Using Policy is an evolved version of the Smart Licensing. Starting with IOS-XE 17.3.2 / 17.4.1 all product running these versions of software will only support Smart Licensing Using Policy. PAKs and Specific License Reservation (SLR) keys will persist through the upgrade and remain intact unless explicitly removed. The Smart Licensing Using Policy simplifies the day-0 operations for customers. The product will not boot in evaluation-mode, per product software registration is not required, and on-going communication every 30 days with the Cisco cloud is not required. However, license use compliance does require software reporting.

2.2. What are the key differences between Smart Licensing and Smart Licensing Using Policy?

A.

Smart License

Smart License using Policy

 

Mandatory evaluation mode

 

No registration, No evaluation mode

 

Day0 registration to CSSM or SSM on-prem per device for software compliance

Allows un-enforced license change, but reporting required

 

On-going license reporting every 30 days

On-change reporting policies and customer-specific reporting policies

 

SLR/PLR for off-line customers

1. Supports SLR/PLR for brownfield

2. No SLR/PLR for greenfield

3. Disconnected networks supports by default

Software compliance is a pre-use per product activity requirement

Software compliance is managed on-change, automation tools provided to assist with SW compliance

 

Export Control Flag method for crypto feature enablement is no longer approved for use by Global Export Trade.

Design supports Global Export Trade Software use requirements for 100% compliance with US Commerce.

 

2.3. Which platform and software release supports Smart Licensing Using Policy?

A. The Cisco Polaris IOS-XE release 17.3.2 / 17.4.1 and later releases will support Smart Licensing Using Policy for the following Cisco products.

  • Cisco Catalyst 9000 series switches.
  • The routing platforms such as the ASR1K, ISR1K, ISR4K.
  • The Next Generation virtual routers starting with Polaris IOS-XE release 17.4.1
  • Cisco Catalyst 9800 Series Wireless Controllers and APs.
  • Internet of Things (IoT) Next Generation platforms such as Industrial Router IR 1101, Industrial Ethernet IE 3200/3300/3400 and any Next Gen IoT products will also adopt Smart Licensing Using Policy.
  • Collaboration paroducts; CUBE, SRST, and CME with their November release.

 

2.4. Is the Policy a hard requirement?

A. The policy is a requirement from Cisco. It is a soft requirement on device and not an enforcement. 

 

2.5. Who determines the policy and how many polices can be applied on a single device?

A. CSSM determines the policy that is applied to a product. Only one policy is in use at a given point in time.

 

2.6. How does Smart Licensing Using Policy work with device replacement (RMA)?

A. If customers are connected to CSSM through Cisco controller, then the reporting policy will be managed by a Cisco controller or it can be manually performed with the help of Cisco TAC.

Replacement identified per Product Instance within a free form field by a customer – optional Depot Terms

  • Will rely upon normal process for trade controlled HW and SW, per ECCN (Export Control Classification Number)
  • Config Center process will follow the standard trade control PRR checks

 

2.7. Are all this change ONLY for IOS-XE devices? Not things like ISE or Nexus?

A. SL is being improved across Cisco products. Nexus-OS device are in the road-map. Check with Cisco DC team.

 

2.8. Is there a timeline for when these other products SLP support will be rolled out?

A. Other products are in the road-map but no committed timeframe

 

2.9.  Will ISE, NX-OS, etc product support SLP?

A. DC NX-OS products - target fall, ISE - roadmap but no committed timeframe

 

2.10. How will it work if we have both Cat9200, ISR4200, and ISE and NX-OS will the non-SLP devices work as they do today until such time they are supported?

A. Yes, those non SLP devices are still supported

 

2.11. Is Policy Licensing supported on Catalyst 9200/9300/9400 switches?

A. Yes, these are supported.

 

2.12. What about Cat9k....does that support SLP with 17.3.2 and higher as well? Did not see that on the list?

A. It does support Cat9K. All Enterprise Products (Router, Switch & wireless, IoT) supports SLP. This session was focused on Enterprise Routing Products, hence we covered only routing platforms ASR1K, iSR1K, ISR4K, Catalyst8K, Cat8KV.

 

2.13. What Products are supported with Smart License using Policy?

A.  The below platforms supports SLP starting with 17.3.2 onwards

  • All ISR1K family
  • All ISR4300 family
  • All ISR4400 family
  • All C8300 family
  • All C8500 family

And below platform including virtual routers supports for SLP starting with OS-XE 17.4.1 release onwards.

  • All products supported in 17.3.2
  • All C8200 family
  • CSR1000v upgrade to Catalyst8000V
  • ISRv upgrade to Catalyst8000V
  • Catalyst8000V

3. Deploying Smart Licensing Using Policy

3.1. What are the supported topologies for connecting to Cisco Smart Software Manager (CSSM)?

A. The following are the supported topologies.

Topology 1: Direct connection from Cisco devices to the CSSM.

Topology-1 -DIrect Access.png

 

Topology 2: Cisco devices connected to CSSM through a Cisco On-Prem DNAC.

Topology-2 -DNAC.png

 

 

Topology 3: Cisco devices are connected to CSSM through an On-Prem SSM (satellite)

Topology-3 -On-Prem SSM.png

 

 

Topology 4: Cisco devices connected to CSSM through a Cisco Smart License Utility (CSLU) – Online Mode

Topology-4 -CSLU-Online Mode.png

 

Topology 5: Cisco devices connected to CSSM through a Cisco Smart License Utility (CSLU) – Offline Mode

Topology-5 -CSLU-Offline Mode.png

Topology-5 -CSLU-Offline Mode.png

 

Topology 6: No connection between Cisco devices and CSSM

Topology-6 - Offline Mode.png

 

3.2. What is Cisco Smart Licensing Utility (CSLU)?

A. Cisco Smart Licensing Utility (CSLU) is a Windows application that is used to automate receiving or pulling software use reports from a Cisco product and report the software use to a Smart Account on Cisco Smart Software Manager (CSSM). It is also capable of managing trade-controlled software authorization codes per product as required for one or many products.

 

3.3. What are the key features of CSLU?

A. The CSLU report format is based on ISO 19770-4 standard RUM report format. It is delivered in JSON format and is signed per trust model.

 

3.4. What are the minimum Windows system requirements to install CSLU?

A.

Component

Minimum

Recommended

Hard disk

100 GB

200 GB

RAM

8 GB

8 GB

CPU

x86 Dual Core

x86 Quad Core

Ethernet NIC

1

1

 

3.5. Which version of SSM On-Prem supports Smart Licensing Using Policy?

A. On-Prem SSM with Smart Licensing Using Policy support will be available in version 8-202012 which is planned for release in April 2021.

 

3.6. With SLP, DNAC appliance does not need a connection to the cloud anymore during STAGING?

A. DNAC does support an on-line mode, SLP does not require each device to connect to a customer SA.  It is an air-gapped solution which has easy tools for reporting SW use.  APIs and CLIs for cisco tools and 3rd party

 

3.7. What is different in CSSM with IOS-XE version 17.3.2?

A. In CSSM, users will no longer need to register devices prior to use. However, to set up automated reporting a Cisco tool, API reporting, or direct connection from a product using a trusted connection to CSSM can be used. Alternatively, users can manually upload software use records (RUM reports) directly to CSSM via the Upload Usage Data button under the Reporting and Usage Data Files tabs. An active Smart Account is required in order to submit software use RUM reports.

 

3.8. Customer who just invested in On-Prem SSM (Satellite) deployment, Will it support SLP?

A. All use-case scenarios are covered for smooth migration. The SSM On-Prem Version 8 Release 202102 support SLP and is available from May 2021.

 

3.9. When will On-Prem SSM with SLP support be available?

A. The On-Prem SSM support for SLP is available with version 8-202012. 

 

3.10. What version of DNA Centre supports Smart License using Policy (SLP)?

A. DNAC version 2.2.1.0 onward

 

3.11. For those that have no experience with API/Programming (by choice or circumstance) will Cisco assist in creating these API calls?

A. We do have instructions for using APIs / CLIs if needed. GitHub repository for supported APIs would be available on release basis. we also have lot of dev-net resources for overall API/programming guidance. WebUI can also be used. 

 

3.12. How does the direct to smart account reporting works from a router/switch? The same as today with "call-home" functionality?

A. Yes. Very similar. Customer can use existing call-home functionality and trigger the report from the device using CLI.

 

3.13. Does the customer require to install a trust token?

A. No, unless customer is using a direct connection to CSSM then a one-time trust exchange is established.

 

3.14. Cisco ISE just started supporting On-Prem SSM. What will happen to this ISE support now?

A. On-Prem SSM will support previous and new capabilities. And it can support both Smart license as well as Smart License using policy

 

3.15. Is there any way to debug the timestamps between SSM Cloud and On-Prem SSM. We have experienced deviation in the amounts of licenses in the different virtual account when transferring these?

A. SSM side logs should have time stamps on the registration events

 

3.16. What IOS-XE extended maintenance release will support SSM On-Prem with SLP? Will it be integrated into 17.3 train or will we have to wait for 17.6?

A. IOS XE 17.3.3 onward releases support On-Prem SSM with SLP

 

3.17. Is license server supported by DNAC 2.1.2.6?

A. No. DNAC SLP support starts from DNAC 2.2.1.0 release onward.

 

3.18. I wonder, will the ACI / NX-OS integration actually be via Nexus Dashboard since DNAC is very Catalyst centric?

A. We can’t comment much at this point, our goal would be to have simplicity in licensing across platforms.

 

3.19. Besides DNAC....does DCNM have this functionality? Not used it yet, but we are looking into purchase?

A. For IOS XE routing platforms, DNAC is the tool. DCNM will support this in the fall 2021

 

3.20. Will we get DNAC + SSM On-Prem in April also?

A. We have On-Prem DNAC support with SLP starting with DNAC 2.2.1.0 Release

    On-Prem SSM support with SLP is available with version 8-202012. 

 

3.21. What version of DNAC is required for acting as CSLU?

A: DNAC version 2.2.1.0 and later release.

 

3.22. If we have been using the current Lic Reg method on our devices (i.e. Direct with CSSM w/automated reporting), do we need to do ANYTHING at all to transition to New Policy based Licensing model, after we upgrade IOS-XE to 17.4+?

A. No changes are required in the configuration upon upgrade to 17.4.x

 

3.23. You talked about the client we are split across multiple sites so ideally would need to have multiple people using the client to look at the licenses - does the client work this way?

A: If CSLU - you define the scope of CSLU across locations as it relates to the SA/ VA.

 

3.24. Can CSLU automatically discover all SLP capable devices, or should we do it from devices?

A. Zero-touch DNS discovery of cslu-local. Once device upgrade to SLP code, the default transport is cslu and cslu-local as dns name. Devices can discovered the CSLU if you have configured the name server with an entry where hostname cslu-local is mapped to the CSLU IP address (the windows host where you installed CSLU), no configuration is required. The product instance automatically discovers hostname cslu-local.

 

3.25. How often does CSLU talk to CSSM?

A. It depends on the configured value.

 

3.26. Shouldn’t we have an case mentioning the configuration of URL?

A. Please refer Deploying Smart License Using Policy section for configuration.

https://www.cisco.com/c/en/us/td/docs/routers/sl_using_policy/b-sl-using-policy.html

 

3.27. Maybe I got it wrong (or missed it) but from what I’ve seen devices adding on CSLU is done one by one. Is there any way to do a « bulk » add of several devices?

A. Device can be added in CSLU by both ways:

  • Bulk Upload using CSV file
  • Add one-by-one using GUI

 

3.28. Which is preferred transport method while connecting to CSSM ?

    A. Smart transport is the recommended transport method when directly connecting to CSSM.

 

3.29.  Why is Hostname not displayed in CSSM, PI entry.

     A. From 17.3.2 to 17.8.x only UDI is displayed as PI Entry on CSSM. Starting from 17.9.1

         Hostname will be displayed as PI Entry on CSSM.

 

3.30. Is "Smart Licensing Status: Registration Not Applicable/Not Applicable" in show version is expected after upgrade to SLP?     

     A. Yes, It is expected.

 

3.31. Why "Next report push: <none>" is displayed when reporting push interval is 0 ?


     A. If Reporting push interval is 0, it mean no rum report needed, so this is expected.

 

3.32. Why License Authorization displayed "Status: NOT INSTALLED"  when use SLP?


     A. This is expected. Customer could ignore this display and check "Usage Reporting:" instead.

 

3.33. Why does Product Instance (PI) cannot be discovered by CSLU after triggering "license smart sync all" on the PI?

       A: If you want the CSLU to 'auto-discover' new Product Instances based on the receipt of (RUM) reports, then make sure that                 “validate device” check box in CSLU is NOT checked.

4. Reporting in Smart License Using Policy

4.1. How do customers Report software use?

A. Cisco Smart Licensing Using Policy provides various reporting options using online and offline modes to report software use.

  • From Cisco factory when all new purchases include a Smart Account in an order
  • Using Cisco DNA Center On-Prem controller
  • Smart Software Manager (SSM) On-Prem  
  • Cisco Smart Licensing Utility (CSLU) light wight windows application
  • Via APIs / CLIs for any 3rd party system
  • Direct to CSSM via APIs or UI portal
  • SD WAN’s vManage (Available from IOS XE 17.5 Release)

With the help of Cisco controllers’ customers can run an application once in 90 days to pull the software use record and then upload the RUM report.

 

4.2. What data does Cisco care about specific to License reporting in SLP?

A. Below are the required data fields for software reconciliation for each Cisco products that supports Smart Licensing Using Policy.

UDI

Hardware Product serial number

SN

Software Unique ID Serial Number

Software Package and Reg ID

Software product package and entitlement tag

Count

Software use count per license entitlement

Time and date stamp

Per license entitlement change and use

 

Below are optional data fields for software reconciliation for each Cisco products that support Smart Licensing Using Policy.

 

SA-VA Level 1

e.g., Entity (map to a SA)

SA-VA Level 2

e.g., GEO (map to a SA)

SA-VA Level 3

e.g., department (map to a SA)

SA-VA Level 4

e.g., building (map to a SA)

SA-VA Level 5

e.g., room (map to a SA)

Free form

Data does not go back to Cisco

Free form

Data does not go back to Cisco

 

4.3. What are the various tools to collect software use report?

A. Customers can use various sets of APIs that are available through the YANG model. They can also use the Command Line Interface (CLI) and the SNMP (via MIB’s) to collect the software use for reporting.

 

4.4. How often is reporting required?

A. For perpetual licenses-

  • Report is required within 90 days only when there is a change in software use.
  • However, if there is no change in software use than no report is required ever. We do recommend uploading software use reports of all products that have been upgraded to a Smart Licensing Using Policy release in order to establish a software use baseline against purchased assets in order to have an accurate accounting going forward.

For subscription licenses -

  • Reporting is required within 90 days if there is a change in software use from what was purchased.
  • A true-forward accounting will occur for products under an Enterprise Agreement, true-up accounting and quotes for over-use will be prepared for invoicing.

4.5. After migrating to Smart Licensing Using Policy, what’s the maximum amount of time I get before I send the first report?

A. For perpetual licenses, a report is required within 90 days only when there is a change in the package of software use. However, if there is no change in software use than no report is required ever.

For subscription licenses, a report is required within 90 days if there is a change from what was purchased

 

4.6. Is Report mandatory at least once?

A. It is best to send a report to establish a baseline, then report on-change and annual for cleaning up RMAs, changes, etc.  Reporting can be fully automated with Cisco or 3rd party tools

 

4.7. Will the device licensing details be collectible via SNMP?

A. There are some SNMP traps to track the Smart Licensing alarms, however licensing details are not collected using SNMP

 

4.8. For customer who invested on Satellite deployment, can we update reports through Satellite?

A. Yes. On-Prem SSM will support all the SLP functionality including Reporting. The SLP support on On-Prem SSM is already available with version 8-202012.

 

4.9. What happens if there are multiple things in place that would report usage (DNAC On-Prem, Direct to smart account, etc)?  Is there ever an instance they would report conflicting things and cause an issue?

A. There should not be, if device A is direct-connect and device B is via DNAC and that is how they are set-up then there will not be a conflict. Always the source of information is device itself, so hopefully when being reported around same time (with no device side consumption change), we should not have conflicts.

 

4.10. What happens to a device if it doesn't report in 365 days?

A. There is no impact on device functionality. It’s recommended to report within specific time as mentioned depending on the license type.

 

4.11. Do we need License Reporting and ACK from CSSM for Voice features such as CME, SRST, or CUBE?

A: Since the introduction of Smart Licensing using Policy with IOS XE 17.3.2, CUBE, CME and SRST applications have required acknowledged license usage reporting in accordance with account policy.  Failure to comply with reporting requirements resulted in call processing enforcement.

 

Note : This enforcement has now been removed (CSCvz89043), so from 17.3.5, 17.6.2, 17.7.1 and all later release trains call processing will NOT be impacted if licenses are not acknowledged as before.  (17.4 and 17.5 are PSIRT only releases, so will NOT receive this update.)

 

4.12. Can ACI and NX-OS Devices report to DNAC On-Prem or do I need additional SSM On-Prem?

A. Most NX-OS is supported. Please check with DC team if this is supported.

 

4.13. Can DNAC collect license information from devices that are not DNAC capable like the catalyst 1k?

A. No. In order to collect license information, device needs to be added in DNAC controller.

 

4.14. With direct access we have call-home sending the router hostname, but this is not captured in CSSM - is this by design?

A. This is by design for security, but it is possible for direct connect where the devices are connected directly to the cloud.

 

4.15.  If we add network advantage – should we get the ACK?

A. Yes, if you are making changes or adding license, you are required to report it to CSSM, and you’ll receive an ACK for it.

 

4.16. So, with default license there is nothing to report - therefore no ACK?

A. If you upgraded your Cisco device from Smart License to Smart licensing using policy then it is recommended to send a report even if you are using a network licenses to establish the baseline on your smart account. Otherwise, if in future if you make changes in the network license level (ie: from NW Adv to NW Essential) then you are required to send a report (which is report on-change) so that your smart account is updated with the new license info

 

4.17. How will we see adoption of the licenses (through telemetry) if devices are not connected?

A. In case of Air-Gap environment, license consumption report needs to manually download from device and upload it into customer specific smart account / virtual account in CSSM portal. The CSSM portal reflects the license consumption for such scenarios.

5. Export-Controlled Software Licenses:

5.1. What are Licenses Enforcement types?

A. The enforcement type indicates if the license requires authorization before use. Following are the three types of license enforcement.

  • Unenforced - Unenforced licenses do not require authorization before use in air-gapped networks, or registration in connected networks. The terms of use for such licenses are as per the End User License Agreement (EULA)
  • Enforced - Licenses that belong to this enforcement type require authorization before use. The required authorization is in the form of an authorization code, which must be installed in the corresponding product instance.

An example of an enforced license is the Media Redundancy Protocol (MRP) Client license, which is available on Cisco’s Industrial Ethernet Switches.

  • Export-Controlled - Licenses that belong to this enforcement type are export-restricted by U.S. trade-control laws, and these licenses require authorization before use. The required authorization code must be installed in the corresponding product instance for these licenses, as well. Cisco may pre-install export-controlled licenses when ordered with hardware purchase.

An example of an export-controlled license is the High Security (HSECK9) license, which is available on certain Cisco Routers.

5.2. What happens when a customer orders new hardware with export-controlled software?

A. As per trade-control regulations, an authorization code is required per UDI or Serial Number. This authorization code is installed at a Cisco factory per product requiring the use of export-controlled software. This authorization code will persist through the software upgrades.

 

5.3. What happens when a customer buys new export-controlled software for existing hardware and software?

A. As per trade-control regulations, an authorization code is required per UDI or Serial Number. Cisco tools or APIs are available to automate the workflows.

 

5.4. What is Smart License Authorization Code (SLAC)?

A. Earlier in Smart Licensing, export-controlled features were implemented using export control flag which is specified per Smart Account. Cisco products that are registered to a Smart Account with an export control flag are allowed to configure more than 250M of throughput. However, the current export control regulation requires any throughput above 250M to have a smart license authorization code (SLAC) which is tied to UDI.

 

5.5. How does a customer use trade-controlled software report ACK file?

A. Customers will collect a license use report from the device using trade-controlled software and will upload the RUM report to their Cisco Smart Account. Once the RUM report is uploaded, CSSM will generate a Smart Licensing Authorization Code which will be embedded into the ACK file. Customers can install this ACK file on their device.

 

5.6. What happens when a customer purchases hardware from a Distributor?

A. Distributors always keep a stock of hardware without active Smart Accounts. When a customer buys hardware and software from the distributor, the software image comes with a default 90-day reporting policy. The initial report of perpetual licenses is satisfied as hardware and software leaves Cisco manufacturing. Customers can start using hardware and software with no day-0 configuration or connection to the internet. Customers can also download their policy from CSSM and apply it on the device.

 

5.7. Is there any enforcement of license for CSR1kv? Does the throughput drop down to the original value if 1) the device does not send reports and 2) if it loses access to the CSSM?

A. Yes, CSR1kv was always enforced license which is acquire before use of license

 

5.8. If CSR1kv lost access to the CSSM/CSLU....does the throughput drop then too?

A: Not for 90-days within which there is an expectation to reach CSSM.

 

5.9. Is there a list available which licenses are enforced? I experienced this on CUBE: *Mar 9 16:49:55.491: %SIP-1-LICENSING: SIP service disabled until license report is acknowledged. in 17.04.01b Was there a misconfiguration or is this license enforced?

A. Cube is enforced. HSEC is enforced.

 

5.10. What happens after this 90 days period? Is the license enforced meaning that there is no more operation until a successful report takes place?

A. Not exactly. At this point, there will be no enforcement from the Cisco side. Once this is very highly trust model, we recommend every customer to do the reporting part but from a functionality point of view there is absolutely no enforcement at this moment from Cisco side.

 

5.11. Does the On-Prem SSM (Satellite Sever) support (Authorize License-Enforced Features) via a single device or multiple devices? SSM does not and never did support SLR.

A. On-Prem SSM supports Authorize License-Enforced Features via both a single device or multiple devices.

 

5.12. What information and file type are needed for "Authorize License-Enforced Features" for multiple devices? (i.e. Do you just need the Serial number and PID and can you upload a .csv or .xls)?

A. You can upload .csv file to request Authorize License-enforced Features auth code for multiple devices. You will need the Host Name (IP Address), UDI, and Serial Number.

 

5.13. Can the SSM push out Authorize License-Enforced Features auth codes to Product Instances?

A. Yes. On-Prem SSM push the auth code (SLAC) onto Device once they receive it from CSSM.

 

6 Migrating to Smart License Using Policy

6.1. What will happen if customers upgrade from legacy licenses or from Smart Licensing to a Smart Licensing Using Policy for non-export-controlled software?

A. If a customer upgrades from a legacy license such as PAK (Product Activation Key) and RTU (Right-To-Use) or from a SL (Smart Licensing) to a Smart Licensing Using Policy, there will be no operational changes. All keys will persist through the upgrade

 

6.2. Will I lose Specific License Reservation (SLR) / Permanent License Reservation (PLR) keys after I move to Cisco IOS-XE 17.3.2 release or later?

A. No. SLR/PLR keys will persist through software upgrades. They are only removed if they are explicitly removed.

 

6.3. Will the Smart Account/Virtual Account migrate to Smart Licensing Using Policy by default, or does it need to be requested?

A. Starting November 2020, by default Smart Account/Virtual Account will be enabled with Smart Licensing Using Policy functionality. No migration of Smart Account is necessary.

 

6.4. Are all Virtual Accounts inside a Smart Account enabled for Smart Licensing Using Policy?

A.  Yes.

 

6.5. Can a Smart Licensing Using Policy-enabled Smart Account/Virtual Account handle non-Smart Licensing Using Policy Images?

A. Yes.

 

6.6. Can a non-Smart Licensing Using Policy IOS-XE (example 16.12 release) connect to a Smart Licensing Using Policy Smart Account/Virtual Account?

A. Yes.

 

6.7. Does anything change with the existing software subscription tiers?

A. No. The software subscription tier will remain the same.

 

6.8. Can I continue to use SL with Software version 17.3.2? Or does it have to be only Smart Licensing Using Policy from this release onwards? What will not be supported if I stay with SL?

A. Starting software version 17.3.2 devices will only support Smart Licensing Using Policy. There are various features that will not be supported in SL, such as –

  • No evaluation, No registration.
  • Export control flag will not be complaint with the US trade commerce.
  • It will not support use of API and CLI to enable reporting automation.
  • Software use report via Cisco Smart Licensing Utility (CSLU) windows tool.
  • Product tagging.
  • Cisco DNAC appliance.

 

6.9. What happens when a customer enables Cisco DNA Advantage even when they are entitled to use Cisco DNA Essentials?

A. In such case a new report to Cisco is required before 90 days for an Enterprise Agreement true-forward or transactional true-up invoicing event.

 

6.10. How is this going to work for all the various Cisco products that are still Classic license only?  Boost license for example for ISR4Ks are still delivered via PAK?

A. SLP will use a similar method bit it is a higher secure method.  SL Auth Code (SLAC) is installed @ the factory or a SLAC can be acquired post-ship. Also, existing PAKs license on-board are honoured with the device upgrade to SLP IOS XE code

 

6.11. Will SLR/PLR = License Reservation be supported in SLP?

A. Yes, methods for off-line Customers. SLP is air-gapped by nature.

 

6.12. How can policy and Smart Licenses be moved in case of a subsidiary merger / carve out?

A. May have to take help from licensing team in some scenarios user may not be able to move licenses between smart/virtual accounts, please look out for further guidance on this.

A case can be opened so the assets can be transferred.  MCE (my cisco entitlements) will support that automation in future releases.

 

6.13. How about Cisco automatically reassigning perpetual and subscription licenses for RMAs?

A. Yes, RMA situation has to be handled gracefully. A report can clean-up the RMAs and SW use in a network.

 

6.14. I'm in the middle of deploying On-Prem SSM to enable smart licensing for IOS-XE devices older than 16.10.1a. What exactly do I need to do now to move to Smart Licensing using policy? Upgrade all devices to the supported 17.x versions? Upgrade On-Prem SSM version?

A. Yes - you can do upgrade to 17.3.2 or later. OnPrem SSM is still to be released - so please use the 17.6 with OnPrem CSSM - preferred so that you can use a long-lived release. You can use the 17.3, but 17.6 and SLUP with On-Prem is closer hence suggested.

 

6.15. What happens with Device Lead Conversion (DLC)? Is that still needed on SLP?

A. In SLP, Device Led Conversion (DLC) is still needed but you do not need to initiate DLC manually anymore. DLC will be automatically initiated once device upgrade to SLP code 17.3.2 & later. The DLC request will be forwarded to CSSM via CSLU, On-Prem DNAC or On-Prem SSM depend on the connectivity and CSSM will revert back with DLC completion status to device.

 

6.16. So, to understand, if I upgrade directly from 16.9.5 (non-Smart licensing) to 17.3.2 (or later), it is NOT necessary to do Device Led Conversion (DLC) manually anymore?

A. That’s correct. DLC will be automatically initiated once device upgrade to SLP code 17.3.2 & later. The DLC request will be forwarded to CSSM via CSLU, On-Prem DNAC or On-Prem SSM depend on the connectivity and CSSM will revert back with DLC completion status to device.

 

6.17. If I have On-Prem SSM I assume I'll need to upgrade to the new version supporting SLP in order for DLC work automatically, right?

A. On-Prem SSM needs to upgrade to SLP supported version V8-202102.

    Device needs to be upgraded to 17.3.3 or later to support On-Prem SSM with SLP.

 

7 Miscellaneous:

7.1. Where I can find more details on recently announced Field notice which affect Smart Licensing, Smart Call Home, and Other Functionality?

A. Please refer the link for field notice

https://tools.cisco.com/security/center/resources/Q-CA-Root-Change

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72323.html

7.2. Does this FN72323 affects IOS XE platforms?

A. It affects routers and switches with direct connection to CSSM using transport smart or transport call-home

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72323.html

 

7.3. How is SSM On-Prem impacted by QuoVadis decommission? 

A. On-Prem SSM is not impacted by QuoVadis cert expiry. The OnPrem uses self signed certificate when communicating with end devices so there is no root CA involved.

 

7.4. My device’s QuoVadis Root CA 2 certificate is not expiring, is my device still affected?

A. Cisco public-facing services are also migrating from QuoVadis Root CA 2 to IdenTrust Commercial CA 1. As these migrations occur, the affected devices will not be able to connect unless they have been upgraded to include the IdenTrust Commercial Root CA 1. Refer to the table below for QuoVadis Root CA 2 certificate expiration date. Refer to individual Field Notice for product-specific impact dates.

Cisco Cloud Server

QuoVadis Certificate Expiration Date

Affected Services

tools.cisco.com

February 5, 2022

·       Smart Licensing

·       Smart Call Home

smartreceiver.cisco.com

January 26, 2023

·       Smart Licensing

 

7.5. What is the expected impact to product instances?

A. For affected versions of the Cisco IOS XE® software, some Secure Sockets Layer (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before March 31, 2021 cannot be renewed from this CA. Once those certificates expire on devices or are removed from the Cisco cloud servers, functions such as Smart Licensing and Smart Call Home will fail to establish secure connections to Cisco and might not operate properly. Smart licenses might fail entitlement and reflect an Out of Compliance status.

 

7.6. What about the features that were installed on the router prior to the cert expiring?

A. The features that use Smart Licensing will continue to function for one year after the last successful secure connection. Some Smart Licensing symptoms are:

  • The device might indicate a failure to communicate with the Smart Licensing server within 30 days from the last successful connection.
  • The device will show the "Authorization Expired" state if there is no communication with the Smart Licensing server within 90 days.
  • The device will show the "Unregistered" state if there is no communication with the Smart Licensing server after one year and the licensed features usage become suspended.

 

7.7. What is the workaround for affected IOS XE software?

A. If a customer has a really old software without Identrust, Cisco recommends two options to add the new IdenTrust Commercial Root CA 1 certificate to the affected devices.

 

7.8. Why CSSM connection error still occurs after use of Workaround for FN - 72323?

     A. Customer need to reload the device and re-register the license again.

 

7.9. Why re-apply license, error occurs when generated RUM → deleted PI → re-config license again?


   A. When reapply license,  if RUM is collected before remove product instance, there is no new instance after upload the RUM and             cause error. RUM should be collected after removing the product instance.

 

7.10. If NTP setting is necessary when use SLUP?


     A. It is recommend to use NTP to sync up clock. If clock is not correct, error may occurs between device & CSSM.

7.11. Why "SMART_LIC-6-REPORTING_REQUIRED:" log is generated on offline mode.


     A. This is expected. Customer should ignore this log.

 

7.12. When we order HW along with Licenses, how much time does it take to reflect smart licenses  under a particular smart account after allocation?


     A. Smart Licenses will be reflected on CSSM in about 24 to 96 hours.

Comments
Munther
Level 1
Level 1
‎08-08-2022 06:02 AM

Hi Dears,

is there any effect on my Cisco 9500 switches, if i do not active any license inside it ?

kato
Level 1
Level 1
‎07-12-2023 07:09 AM

This is a great summary about Licensing, and thanks for providing it.

I'd monitor the status of the "Usage Reporting", such as "Last ACK received", "Next ACK deadline", "Next report push", "Last report push" by SNMP, but I failed to find corresponding MIB variables in CISCO-SMART-LIC-MIB or CISCO-LICENSE-MGMT-MIB. What variables shall I  check? I am using C8000V 17.6.5 network-essentials/dna-essentials for 100Mbps.

Rich R
VIP
VIP
‎07-29-2023 08:34 AM

@kato CISCO-LICENSE-MGMT-MIB hasn't been updated for years so doesn't support smart licensing at all.
CISCO-SMART-LIC-MIB was last updated July 2021 and comment says "Also added new traps for few more new notifications
for Policy mode." but there don't seem to be any other object changes to support SLUP so I'd say it's currently not supported in SNMP.  Note that most of Cisco dev effort is going into the YANG based management models now (netconf/restconf) so support in SNMP is limited or non-existent for many features.
https://github.com/YangModels/yang/blob/main/vendor/cisco/xe/1791/cisco-smart-license.yang

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card