cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13566
Views
15
Helpful
12
Replies

9800-CL wlc 17.3.2a Smart licensing

nareh84
Level 3
Level 3

hi,

 

I have recently installed 9800cl version 17.3.2a using ova. i am now trying to enable smart licensing. when i installed previous versions (16.x), licensing was showing options to register via gui. this time i am not seeing this option. also show version and show license all (attached file) doesn't show evaluation period.

 

vWLC#sh ver | incl Smart
Smart Licensing Status: Registration Not Applicable/Not Applicable

 

 

12 Replies 12

nareh84
Level 3
Level 3

hi

 

i followed procedure mentioned in the link "No CSLU - Product instance direct-connect using trust token". I can ping smartreceiver.cisco.com. time is synched. i can also ping using hostname,

 

# sh run | incl license smart
license smart url default
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart

 

still i am getting following log message when i enter license smart trust idtoken command

 

Jan 4 04:07:44.924: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : No detailed information given. i have also sorted out hostname/domain issue using ip host command on wlc.

 

2021-01-04 09:35:12.758 AEST SAEVT_COMM_FAIL error="Unable to resolve server hostname/domain name"
2021-01-04 14:52:43.171 AEST SAEVT_COMM_FAIL error="No detailed information given"
2021-01-04 15:16:53.791 AEST SAEVT_CONFIG_PERSISTED
2021-01-04 15:16:58.431 AEST SAEVT_COMM_FAIL error="No detailed information given"

 

 - Further check the failure reason with show license all  ; and use this checklist -> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_chapter_01001.html?dtid=osscdc000283#id_92458

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Anyone get this solved ? I'm with the same issue:

 

T: %CRYPTO_ENGINE-5-KEY_DELETED: A key named SLA-KeyPair has been removed from key storage
Sep 13 19:59:55.822 BRT: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by crypto-engine
Sep 13 19:59:55.967 BRT: %PKI-6-CONFIGAUTOSAVE: Running configuration saved to NVRAM
Sep 13 20:00:16.807 BRT: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : No detailed information given

I used the configuration below but no sucess:

Device direclty to the CSSM
Device(config)# license smart transport smart
Device(config)# license smart url default
Device(config)# exit
Device# copy running-config startup-config

Device# license smart trust idtoken xxxxxxxxxxxx all force

sh ver | incl Smart

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-3/configuration_guide/sys_mgmt/b_173_sys_mgmt_9500_cg/sl_using_policy.html#Cisco_Concept.dita_851fd9c1-1733-452f-94dd-de496074abfc
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-3/configuration_guide/sys_mgmt/b_173_sys_mgmt_9500_cg/sl_using_policy.html#Cisco_Task.dita_cb38a44e-58aa-43f4-bbed-1b9ce17bdabd

 

The error: 

T: %CRYPTO_ENGINE-5-KEY_DELETED: A key named SLA-KeyPair has been removed from key storage
Sep 13 19:59:55.822 BRT: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by crypto-engine
Sep 13 19:59:55.967 BRT: %PKI-6-CONFIGAUTOSAVE: Running configuration saved to NVRAM
Sep 13 20:00:16.807 BRT: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : No detailed information given

Do you happen to have IPv6 enabled? I think tools.cisco.com is currently unreachable by it. 

No, I do not using ipv6

In that case, can you try with a device inside the same network as the management address of the WLC to "telnet tools.cisco.com 443" and check if you can open a connection? That must work (over IPv4).

nareh84
Level 3
Level 3

hi,

 

i am getting following log message. show license all doesnt show failure reason. i changed config to call-home and checked both call-home config with and without vrf. currently 9800vwlc is configured with mgmt-intf vrf (gig1)

Jan 4 08:06:45.344: %CALL_HOME-5-SL_MESSAGE_FAILED: Fail to send out Smart Licensing message to: https://tools.cisco.com/its/service/oddce/services/DDCEService (ERR 205 : Request Aborted)
BH-Gina-L1-vWLC#
Jan 4 08:06:45.344: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : Fail to send out Call Home HTTP message.

 

i can ping to tools.cisco.com and also telnet using ip and port 80 and 443 but not name

vWLC#telnet 72.163.4.38 80
Trying 72.163.4.38, 80 ... Open
^C
vWLC#telnet 72.163.4.38 443
Trying 72.163.4.38, 443 ... Open
^C
vWLC#telnet tools.cisco.com 443
Trying 2001:420:1201:5::A, 443 ...
% Destination unreachable; gateway or host down

 

                  >vWLC#telnet tools.cisco.com 443
                   Trying 2001:420:1201:5::A, 443 ...
                    % Destination unreachable; gateway or host down

 

   - Check if you have any (local) firewalling-restrictions , preventing this

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

your device does not use the right ip to reach the CISCO Smart license server. You have to enable the right IP address to go out towards the internet with the command http source-interface loopback0 (or an int vlan enabled to internet)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: