• はじめに
• 初期設定
• CSSM へ直接接続の設定
• CSSM の 接続確認
• DNS は必要？

はじめに

本ドキュメントは Catalyst の Smart License (スマートライセンス) で CSSM (シスコスマートソフトウェアマネージャー) へ直接接続 の 設定を紹介します。

初期設定

スマートライセンスをサポートするソフトウェアバージョンで起動しますと、次のデフォルト設定がデバイスに追加されます。

service call-home
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
 ! Alternatively, if you cannot resolve DNS, a static entry can be configued with "ip host" for CSSM IPs.

CSSM へ直接接続の設定

設定のポイントがいくつかあります。

1. DNS の指定
2. Catalyst が HTTPS Client、CSSM が HTTPS Serverの関係
3. CSSM へ接続用の 経路情報を設定

ip routing
!
license smart enable
! to enable smart licensing
license smart transport callhome
! call-home is the transport method used
!
! L3 SVI Config
interface Vlan100
 ip address 192.168.1.11 255.255.255.0
!
! Ensure http client source interface can reach tools.cisco.com and port 443 is open.
ip http client source-interface Vlan100  
! http is used to communicate via call-home therefore we must define the http client interface
!
! Route 
ip route 0.0.0.0 0.0.0.0 192.168.1.254
! DNS Server 
ip name-server 8.8.8.8

CSSM の 接続確認

CSSM へ 接続を開始から 接続が完了し、CSSM で SA (スマートアカウント), VA (バーチャルアカウント),ライセンスの認証されるログを確認します。

! Smart licensing process starts
!
Registration process is in progress. Use the 'show license status' command to check the progress and result
!
! Crypto key is automatically generated for HTTPS communication
!
Generating 2048 bit RSA keys, keys will be exportable... [OK] (elapsed time was 1 seconds)
%CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by crypto-engine
%PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
!
! Call-home start registration process
!
%CALL_HOME-6-SCH_REGISTRATION_IN_PROGRESS: SCH device registration is in progress. Call-home will poll SCH server for registration result. You can also check SCH registration status with "call-home request registration-info" under EXEC mode.
!
! Smart Licensing process connects with CSSM and check entitlement.
!
%SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is allowed
%SMART_LIC-6-AGENT_REG_SUCCESS: Smart Agent for Licensing Registration with the Cisco Smart Software Manager or satellitefor udi PID:<PID>,SN:<SN>
%SMART_LIC-4-CONFIG_NOT_SAVED: Smart Licensing configuration has not been saved

show コマンドで 合わせて AUTHORIZED を確認します

Catalyst# show license status
Tue Sep 29 07:34:36.023 PDT
Smart Licensing is ENABLED
  Initial Registration: SUCCEEDED on Mon Sep 28 2017 21:55:46 PDT
  Last Renewal Attempt: None
  Registration Expires: Sun Dec 27 2017 11:49:40 PDT
License Authorization:
  Status: AUTHORIZED on Mon Sep 28 2017 21:56:10 PDT
  Last Communication Attempt: SUCCEEDED on Mon Sep 28 2017 21:56:10 PDT
  Next Communication Attempt: Wed Oct 28 2017 21:56:10 PDT
  Communication Deadline: Sun Dec 27 2017 11:49:16 PDT

DNS は必要？

DNS の静的なエントリーの設定、または DNS Server を指定する設定が必要となります。

1) DNS の静的なエントリーの設定

ip host tools.cisco.com <NSLOOKUP-IP> << CSSMのアドレスを設定
例： ip host tools.cisco.com 72.163.4.38 173.37.145.8

2) DNS Server を指定する設定

ip name-server <DNS-IP>
例： ip name-server  8.8.8.8   <<< Google Public DNSサーバーを指定