Solved: C9500 C9300 C9200 CALL home issue

perkin · ‎04-30-2019

Hello Experts

we are recently introduced 9K series to our network family and we realized that the 16.9 + we need to call home to license the network switches,

so we follow the Call-home configuration and allow the switch with ADVANCED LICENSE to be call home which they are running 16.9/10

However, I realized cisco email below and I am not happy why we send syslog to cisco! I opened a TAC case and they claimed they can turn off on their side (instead of I can do configuration apply on CLI or even my own smart account portal)

any expert have a better idea on how to avoid the syslog sending to cisco while we can license via proxy connection?

From: call-home-notify@cisco.com <call-home-notify@cisco.com>
Sent: 30 April 2019 10:54
To: XXXXXXX
Subject: SCH-S5-Notification Message: Smart Call Home Notification For Host: XXXXXXX- MessageType: SYSLOG: - Event Time: 2019-04-30 09:54:08 GMT+00:00

Dear Smart Call Home User,

We have received a SYSLOG message from device "XXXXXXX" for which you are a contact person.

Problem Details:

Model 'XXXXXXX' with Host Name 'XXXXXXX' reported a System Error Message 'Apr 30 09:54:08.529: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel120 on VLAN0001. Inconsistent local vlan.'.......

perkin · ‎04-30-2019

Hello Mark,

Thanks for your input, and I actually read that page before implement (since we did not use call-home function although that is something exist since early 2010...) I do sure 90%+ of cisco networker won't turn that on :)

And I think that page did not tell us how to minimize information to be sent just for license. After try and error, and I can believe that is the solution to turn off non-licensing information sent to Cisco (but never can be ensured since that is HTTPS unless we decoded the cert ;-) )

SWITCH(config)#call-home
SWITCH(cfg-call-home)#profile CiscoTAC-1
SWITCH(cfg-call-home-profile)#reporting ?
all Report all data
smart-call-home-data Report Smart Call Home data
smart-licensing-data Report Smart Licensing data

SWITCH(cfg-call-home-profile)#no reporting smart-call-home-data
SWITCH(cfg-call-home-profile)#^Z

SWITCH#sh call-home profile all

Profile Name: CiscoTAC-1
Profile status: ACTIVE
Profile mode: Full Reporting
Reporting Data: Smart Licensing
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes

-VS- the out put from the link

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-9/configuration_guide/sys_mgmt/b_169_sys_mgmt_9300_cg/configuring_smart_licensing.html#id_89392

Device# show call-home profile all
Profile Name: CiscoTAC-1
    Profile status: ACTIVE
    Profile mode: Full Reporting
    Reporting Data: Smart Call Home, Smart Licensing
    Preferred Message Format: xml
    Message Size Limit: 3145728 Bytes
    Transport Method: http
    HTTP  address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
    Other address(es): default

    Periodic configuration info message is scheduled every 1 day of the month at 09:15

    Periodic inventory info message is scheduled every 1 day of the month at 09:00

    Alert-group               Severity
    ------------------------  ------------

View solution in original post

Mark Malone · ‎04-30-2019

Hi
its that or get a local server to do it , were in same issues with 16.9 , they have altered whole license system from that image moving forward
Cisco are bound by NDA anyway your information should not be jeopardized but i understand you were not happy about the change either and may integrate a server ourselves to do it rather than calling to Cisco , could always drop back to 16.8 for now , only the latest is 16.9/10

perkin · ‎04-30-2019

but I guess in theory using local server or direct proxy should be same,.

by the way I am I asking in parallel since we found one command under "reporting", smart-licensing-data seems the right way to config, but we have no way to verify LOL I better wait for expert command / TAC to confirm

SWITCH(cfg-call-home-profile)#reporting ?
all Report all data
smart-call-home-data Report Smart Call Home data
smart-licensing-data Report Smart Licensing data

SWITCH(cfg-call-home-profile)#

Mark Malone · ‎04-30-2019

yes to be honest its all very new and were holding back at the minute from 16.9 for this reason but eventually soon we will have to take the jump too , i have had a look at the config guide for it previously b elow , there is some examples to go by what the outputs should look like on the router depending on scenario you chose

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-9/configuration_guide/sys_mgmt/b_169_sys_mgmt_9300_cg/configuring_smart_licensing.html#id_89392

perkin · ‎04-30-2019

Hello Mark,

Thanks for your input, and I actually read that page before implement (since we did not use call-home function although that is something exist since early 2010...) I do sure 90%+ of cisco networker won't turn that on :)

And I think that page did not tell us how to minimize information to be sent just for license. After try and error, and I can believe that is the solution to turn off non-licensing information sent to Cisco (but never can be ensured since that is HTTPS unless we decoded the cert ;-) )

SWITCH(config)#call-home
SWITCH(cfg-call-home)#profile CiscoTAC-1
SWITCH(cfg-call-home-profile)#reporting ?
all Report all data
smart-call-home-data Report Smart Call Home data
smart-licensing-data Report Smart Licensing data

SWITCH(cfg-call-home-profile)#no reporting smart-call-home-data
SWITCH(cfg-call-home-profile)#^Z

SWITCH#sh call-home profile all

Profile Name: CiscoTAC-1
Profile status: ACTIVE
Profile mode: Full Reporting
Reporting Data: Smart Licensing
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes

-VS- the out put from the link

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-9/configuration_guide/sys_mgmt/b_169_sys_mgmt_9300_cg/configuring_smart_licensing.html#id_89392

Device# show call-home profile all
Profile Name: CiscoTAC-1
    Profile status: ACTIVE
    Profile mode: Full Reporting
    Reporting Data: Smart Call Home, Smart Licensing
    Preferred Message Format: xml
    Message Size Limit: 3145728 Bytes
    Transport Method: http
    HTTP  address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
    Other address(es): default

    Periodic configuration info message is scheduled every 1 day of the month at 09:15

    Periodic inventory info message is scheduled every 1 day of the month at 09:00

    Alert-group               Severity
    ------------------------  ------------

perkin · ‎05-03-2019

Hello Mark, (revisit this ticket before closing out)
The reason go for 16.9 coz we need to have a virtual stack on 9500
also,9200 is the product in 2019, they came with 16.9 already :)

Mark Malone · ‎05-03-2019

So when i get my new 9ks batch that are on order in few weeks most likely we will be stuck on this too , last batch came on 16.3.7 ,i did forget we already had an internal CSSM for IWAN though so it will make it easier but still it seemed to work fine the way it was :(

perkin · ‎05-03-2019

Yes , this is something TOTALLY new to networker since we not expected this will be doing HTTP and talk to internet!

:) if that is purely non virtual stack required please do not go for 16.9.X

I have one cisco ticket to get an official configuration from cisco the config I found which is able to fix the "data leakage"