I'm having an issue with the Smart License registration on a 9200 Stack running Version 16.09.04. Altough in both the Core Switch (an old 4500) and the access switch I'm trying to register (9200) I have configured the same name servers, on the 9200 it's resolving the IPv6 address for Cisco, and thus, is unable to ping to it.
Below you can see how the core switch (rigth side) resolves IPv4 addresses, but the 9200 is resolving Cisco or Facebook with IPv6. I can ping all the IPv4 addresses from the 9200, but I'm unable to ping to the names if they are resolved with IPv6
I've disabled "ipv6 unicast-routing" and also entered "ip host cisco.com 18.104.22.168" on the 9200 but still no luck.
Any ideas would be welcomed
Thanks in advance
Did you manage to find a solution for this or did TAC answered you?
It seems that I have the same issue with more Catalyst 9200 switches that have smart license, they are not communicating with tools.cisco.com.
When I ping the hostname it resolves it to IPv4 address, but when I telnet it on 443 it resolves it with IPv6 and then get an error.
Sending 5, 100-byte ICMP Echos to 22.214.171.124, timeout is 2 seconds:
SW#telnet tools.cisco.com 443
Trying 2001:420:1201:5::A, 443 ...
% Destination unreachable; gateway or host down
I tried to ping from the switch other hosts/domains (microsoft.com, fortigate.com) and they are all resolved with IPv4 address, but when I telnet them on let's say 443 some of them are resolved with IPv4 and then shows me the port is open, but for others it resolves with IPv6 and I got the same error like above, so I guess it is something related to this IPv6 DNS name resolution.
SW#telnet vmware.com 443
Trying 2A02:E980:B5::B7, 443 ...
% Destination unreachable; gateway or host down
SW#telnet fortigate.com 443
Trying fortigate.com (126.96.36.199, 443)... Open
So it seems you have the exact same problem. I opened a case, and couldn't find the issue. The customer's Firewall is managed by another company and we were thinking the problem is there, but now that I see that someone else has the same issue I doubt if there is something else.
Anyway, I'm having trouble to have an answer from the customer and their partner for the firewall so I'm stuck with no solution so far.
So, I'm not sure what you've done or not (it's a long thread), I just figured I'd post this while you wait for your ticket and see if it helps.
I run a highly secured infrastructure (we're actually moving to full air gap which is another issue with reservations and blah, blah, blah), and I found that nothing works with Smart unless the following configuration exists:
I've run into this multiple times and this is how I've fixed it.
1. Turn off DNS resolution on the switch - no ip domain-lookup
2. Set static host record for tools.cisco.com - ip host tools.cisco.com 188.8.131.52
3. Re-run the token registration - license smart register idtoken <token id> force
This seems to fix the issue of Smart Licensing trying to use IPv6 for registration, at least for me.
I faced the same issue with a new pair of C9300 stacks with 16.12.3a. One could register successfully, the other complained with the following messages:
000598: Oct 13 2020 07:43:57.659 UTC: %SMART_LIC-3-AGENT_REG_FAILED: Smart Agent for Licensing Registration with the Cisco Smart Software Manager (CSSM) failed: Fail to send out Call Home HTTP message. 000599: Oct 13 2020 07:43:57.659 UTC: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : Fail to send out Call Home HTTP message.
I tried all the solutions provided here but none worked. I then checked the config of the mgmt VLAN interfaces and found that one of them had the factory default IPv6 config (at least I didn't configure it and nobody else changed anything on that switch).
interface Vlan1 description mgmt ip address 10.1.2.3 255.255.255.0 ipv6 address dhcp ipv6 address autoconfig ipv6 enable ipv6 dhcp client request vendor !
I removed all the IPv6-related lines and then Smart licensing registration worked like a charm.
My comment above was referring to call-home transport used for Smart Licensing.
In 17.3.2 onwards there is Smart Licensing Using Policy and there's different endpoint being used depending on the deployment mode.
By default, if no explicit Smart Licensing endpoint is configured the device will try to resolve something called 'cslu-local'.
If DNS can't resolve this hostname you get the "Unable to resolve server hostname/domain name" error.
In a nutshell:
1. If the device communicates directly with CSSM you can simply configure:
license smart transport smart
license smart url default
2. if the device communicates with SSM OnPrem (Satellite) then you can configure:
license smart transport cslu
license smart url cslu <CSLU Transport URL copied from OnPrem>
crypto pki trustpoint SLA-TrustPoint