cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1282
Views
15
Helpful
18
Replies
Highlighted
Community Manager

Ask Me Anything - Introduction to Smart Licensing on Catalyst Switches

This topic is a chance to clarify your questions about smart licensing on Cisco Catalyst switches, including 9000 (9200, 9300, 9400, 9500, 9500H, and 9600 Series) and 3000 (3650 and 3850 Series) switches. Cisco experts will review and clarify the benefits, basic concepts, considerations, different types of registrations, and general FAQs. In addition, a live demonstration on how to register a license with a Cisco server will be provided.

To participate in this event, please use the Join the Discussion : Cisco Ask the Expertbutton below to ask your questions

Ask questions from Thursday, July 30 to Friday, August 7 2020

Featured Expert
lcelisve.jpgLuis Celis is a Technical Consulting Engineer on the Enterprise Routing & Switching team at Cisco’s Technical Assistance Center in Mexico. He provides top-level technical support for global customers with Catalyst 9000 and 6800 switches. Previously, he collaborated with the Service Provider team. Before joining Cisco, he worked with Ericsson solving customers challenges and providing solutions for massive network optimizations. Luis holds a bachelor’s degree in Communications and Electronics Engineering from the Instituto Politecnico Nacional (IPN) in Mexico.

Luis might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Switching category.

Do you know you  can get answers before opening a TAC case by visiting the Cisco Community.  

Slides AMA Slides Slides

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
18 REPLIES 18
Highlighted
Beginner

Hello, I am very confused on getting DNA licensing fully activated on my Cisco 9500 switches that we purchased back in March. I do show on the 9500 switches callhome is active, and Smart licensing is enabled. The 9500 switches do show we are on license level C9500 Network Advantage 2 AUTHORIZED.

 

The cisco website shows the C9500-DNA-40X-A not in use for 2 purchased licenses, and I just purchased the C9500-DNA-40X-E licenses so we can use Netflow features. Those are also not in use and I am not sure if just a reboot of Cisco 9500 switches resolves add-on licensing. 

 

Thank you for your assistance as I have spent many hours trying to figure out the licensing. Thanks,

 

Mike Anderson

Highlighted

Hello Mike.

 

Thanks for your question on this topic.

 

Please consider checking the license boot level on the switch. It should look like this:

 

C9500#show run | i license boot
license boot level network-advantage addon dna-advantage

 

If you're having just the network-advantage portion, then run this command, save you running configuration, and reload the switch.

 

C9500# configure terminal

C9500(config)# license boot level network-advantage addon dna-advantage

C9500(config)# end

C9500# write

C9500# reload

 

After the reload, check if the license boot level includes the dna addon:

 

C9500# show run | i license boot

license boot level network-advantage addon dna-advantage

 

Then try the following:

 

C9500# license smart renew auth

 

If the issue persists after the reload, de-register the license and go through the registration process again by generating the id-token from your Cisco Smart Account in CSSM.

 

C9500# license smart deregister

 

!Try registering the license again.

 

I hope this helps.

 

Best regards.

Highlighted

What happens if I upgrade a switch to a code that needs SA and I don't have it? Could you say a very complete answer? What happens if my device with SA stops having communication with the cisco cloud?  Is there a way to know by which method my device was registered to SA?

Highlighted

Hello A. Gonzalez.

 

  • What happens if I upgrade a switch to a code that needs SA and I don't have it?

Starting from Cisco IOS XE Fuji 16.9.1, Smart Licensing is the default and the only available method to manage licenses. The Right-To-Use (RTU) licensing mode is deprecated, and the associated license right-to-use command is no longer available on the CLI.

 

So if you upgrade to IOS-XE 16.9.1 or above Smart Licensing will be mandatory. However, if you don't have a Smart Account and/or the license has not been provisioned in Cisco CSSM preventing you from registering the license, then the switch will go to EVAL EXPIRY mode after the 90 days of of the evaluation period. However there is no functional impact or disruption in functionality, even after reload. Currently, there is no enforcement in place.

 

  • What happens if my device with SA stops having communication with the cisco cloud?

 

The device will reach the Authorization Expired state (if it was registered previously). This is the state when the device is using an entitlement has not been able to communicate with the Cisco Smart Account associated for over 90 days.

 

While in this state the device will continue to try to contact Cisco, every hour, to renew the entitlement authorization, until the registration period (id certificate) expires. If the software Agent re-establishes communications with Cisco and receives to its request for authorization it will process that reply normally and enter into one of the established states

 

  • Is there a way to know by which method my device was registered to SA?

 

 

You could check the call-home profile and based on the URL you might infer the method.

 

#show call-home profile all 

 

Direct Cloud Access

Transport Method: http
HTTP  address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService

Cisco Smart Software Manager Satellite

Transport Method: http
HTTP  address(es): https://<IP/FQDN>/Transportgateway/services/DeviceRequestHandler

Transport Gateway HTTP Proxy

Transport Method: http
HTTP  address(es): https://<TransportGW-IP_Address>:<port_number>/Transportgateway/services/DeviceRequestHandler 

 

Please refer to the document below for more details about registration and license states.

 

Reference:

Registration and License States

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/214484-cisco-smart-licensing-troubleshooting.html#anc13

 

 

 

Highlighted

If I have 2 switches that are in stack and replace one, should I do some configuration or will my SA register automatically?

Highlighted

Answer:

 

Smart Software Licensing establishes a pool of software licenses or entitlements that can be used across your entire company in a flexible and automated manner. Pooling is particularly helpful with RMAs because it eliminates the need to re-host licenses.

 

In the case of box RMA, the customer is required to manually remove the device from the CSSM web page, in case that the license is still attached to the replaced switch, so that associated entitlements are released back to the pool of licenses on the Customer Smart Account and the license becomes available to use it on the replacement switch.

Highlighted
Beginner

It was mentioned that the satellite server is a VM.  What are the requirements for this VM, cpu, ram, drive space, etc.  Is there a configuration guide for it?

Highlighted

Hi.

 

Please refer to the Installation Guides > Smart Software Manager On-Prem Installation Guide section in the URL below at the bottom of the page. The Installation Guide includes the System Requirements.

 

Smart Software Manager

https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html 

 

Best regards.

 

Highlighted

Thank you for that. 

 

I have another hypothetical question.  Let's say I have a 9300 that, when configured, was connected to the internet and registered with Smart Licensing.  Then this 9300 was moved to a new location that did not have internet access except for 1 hour a day.  In 30 days, the switch would try to reach out to tools.cisco.com, but can't reach there because the firewall is blocking it.  Did I hear correctly that the switch will now try to reach out every hour?  So, theoretically, sooner or later, it should attempt to reach tools.cisco.com during the one hour time slot that the connection was permitted.  Until it does, the switch would function fine, but might say that the license is expired or whatever that state was called.  This whole process would happen every 30 days.

Highlighted

Hello.

 

The best way to understand what might happen in different scenarios is to take a look at the registration and license states documentation.

 

For this hypothetical question we can find the answer while reading the details of the following states:

 

  • Authorized State
    • This is the expected state when the device is using entitlement and is in Compliance (no negative balance), 
    • The Virtual Account on CSSM had the correct type and number of licenses to authorize the consumption of the device’s licenses
    • At the end of 30 days, the device will send a new request to CSSM to renew the authorization.
    • Has a time span of 90 days after which (if not successfully renewed) is moved to Authorization Expired state.
  • Authorization Expired State
    • This is the state when the device is using an entitlement has not been able to communicate with the Cisco Smart Account associated for over 90 days.
    • This is typically seen if the Cisco device loses internet access or cannot connect to tools.cisco.com after initial registration.
    • Online methods of smart licensing require Cisco devices to communicate a minimum of every 90 days to prevent this status.
    • CSSM will return all in use licenses for this device back to the pool since it has not had any communications for 90 days
    • While in this state the device will continue to try to contact Cisco, every hour, to renew the entitlement authorization, until the registration period (id certificate) expires
    • If the software Agent re-establishes communications with Cisco and receives to its request for authorization it will process that reply normally and enter into one of the established states.

Also,  at the moment there is no functional impact or disruption in functionality if the device is not in the authorized state.

 

Reference:

Registration and License States

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/214484-cisco-smart-licensing-troubleshooting.html#anc13

 

Highlighted
Community Manager

Hi Luis, Roberto, Andres and Marcos

Thanks for providing such a great session, we have learned lots.

Please help us to answer these remaining questions from the live session:

 

  • Can I use the same satellite VM on other technologies, such as collaboration (CallManager for example)?
  • What do you do with the switches on the lab?
Highlighted

Hi,

 

The satellite solution is thought to cover all devices that support smart licensing.

Please see the next links where On-Prem Server is explained in detail

 

Satellite Datasheet 

 

Satellite Introduction 

 

Configuration Guide 

 

 

For the second question: What do you do with the switches on the lab?

I understand this question is related to satellite. On the switches you need to make the proper changes and also make sure there is reachability to the satellite server.

 

Thanks for your questions!

Luis

 

Highlighted
Community Manager

  • How can I buy a Cisco Firewall?
Highlighted

Hi , 

 

You can contact to your Cisco Account Manager  or an official Cisco reseller, 

They will provide you the device which fulfill with your network requirements.

 

Regards 

Content for Community-Ad