cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
758
Views
5
Helpful
4
Replies
John Patrick Lopez
Enthusiast

Cisco 9800 17.3.3 Licensing

Hello. We have installed 9800L on our network running HA. It is running 17.3.3 and we are struggling with the license configuration. The licensing configuration guide is 17.3.x but the licensing model for 17.3.1 and 17.3.2 (and above) are different. So we did the following.

 

9800(config)#license smart transport smart

9800(config)#license smart url default

9800#license smart trustid token xxxxxxxxx <- token generated from CSSM

 

It looked something like this after (this is from Cisco website)

Trust Code Installed:
  Active: PID:C9800-CL-K9,SN:93BBAH93MGS
    INSTALLED on Nov 02 08:59:26 2020 IST
  Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN
    INSTALLED on Nov 02 09:00:45 2020 IST

Then we tried to do the reservation

 

9800(config)#license smart reservation

9800#license smart reservation request all

 

We followed this.

 

We were able to successfully install the authorization code file but we still do not know if we have the correct license. We purchased 20 AP license for this but on CSSM website, I needed to split 10 and 10 for active and standby to have a total of 20 because when I did 20 and 20 for active and standby, it consumed 40 of our licenses.

 

This is what our device looks like after installing the authorization key. (From Cisco documentation but ours look almost the same except for the Total reserved count, summary says 0)

 

Device# show license summary
License Reservation is ENABLED

License Usage:
  License                 Entitlement Tag      Count Status
  ------------------------------------------------------------------
  Aironet DNA Advantag... (AIR-DNA-A)             0 NOT IN USE
  AP Perpetual Network... (DNA_NWStack)           0 NOT IN USE

 

Device# show license authorization 
Overall status:
  Active: PID:C9800-CL-K9,SN:93BBAH93MGS
      Status: SPECIFIC INSTALLED on Nov 02 03:16:01 2020 IST
      Last Confirmation code: 102fc949
  Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN
      Status: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
      Last Confirmation code: ad4382fe

Specified license reservations:
  Aironet DNA Advantage Term Licenses (AIR-DNA-A):
    Description: DNA Advantage for Wireless
    Total reserved count: 20
    Enforcement type: NOT ENFORCED
    Term information:
      Active: PID:C9800-CL-K9,SN:93BBAH93MGS
        Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
        License type: TERM
          Start Date: 2020-OCT-14 UTC
          End Date: 2021-APR-12 UTC
          Term Count: 5
        Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
        License type: TERM
          Start Date: 2020-JUN-18 UTC
          End Date: 2020-DEC-15 UTC
          Term Count: 5
      Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN
        Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
        License type: TERM
          Start Date: 2020-OCT-14 UTC
          End Date: 2021-APR-12 UTC
          Term Count: 10
  AP Perpetual Networkstack Advantage (DNA_NWStack):
    Description: AP Perpetual Network Stack entitled with DNA-A
    Total reserved count: 20
    Enforcement type: NOT ENFORCED
    Term information:
      Active: PID:C9800-CL-K9,SN:93BBAH93MGS
        Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
        License type: TERM
          Start Date: 2020-OCT-14 UTC
          End Date: 2021-APR-12 UTC
          Term Count: 5
        Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
        License type: TERM
          Start Date: 2020-JUN-18 UTC
          End Date: 2020-DEC-15 UTC
          Term Count: 5
      Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN
        Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST
        License type: TERM
          Start Date: 2020-OCT-14 UTC
          End Date: 2021-APR-12 UTC
          Term Count: 10

 

We tried to register an AP but the license summary count did not increase to 1. According to documentation, it will be zero when no APs are registered but we already registered one and it is still zero.

 

This new model is really confusing. Are we missing anything? 

4 REPLIES 4
John Patrick Lopez
Enthusiast

I read the documentation again and sounds like Smart Licensing, Smart License Reservation, and Smart License Using Policy are all different things. I understand that the SL is the old way of doing it but what we did is Smart License Reservation. Then SLUP is another way and in our case we just need to establish trust between the WLC and CSSM.

 

I read this part on the documentation.

  • Use: All licenses on Cisco Catalyst Wireless Controllers are unenforced. This means that you do not have to complete any licensing-specific operations, such as registering or generating keys before you start using the software and the licenses that are tied to it. License usage is recorded on your device with timestamps and the required workflows can be completed at a later date.

  • Report license usage to CSSM: Multiple options are available for license usage reporting. You can use Cisco Smart Licensing Utility (CSLU), or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where you download usage information and upload it to CSSM, is also available.The usage report is in plain text XML format. See: Sample Resource Utilization Measurement Report.

So from how I understand it, all licenses of WLCs are unenforced and I do not need to complete any licensing operation other than establishing a trust between WLC and CSSM. I no longer need to add or indicate the AP count licenses that I need. (Correct me if I am wrong here)

 

Next, can I know return my reservation and rely solely on these commands.

 

Smart transport: Set transport type to smart and configure the corresponding URL.

If the transport mode is set to license smart transport smart , and you configure license smart url default , the Smart URL is automatically configured. Save any changes to the configuration file.

Device(config)# license smart transport smart
Device(config)# license smart url default
Device(config)# exit
Device# copy running-config startup-config
  1. Trust Establishment with CSSM

    Where task is performed: CSSM Web UI and then the product instance

    1. Generate one token for each Virtual Account you have. You can use same token for all the product instances that are part of one Virtual Account: Generating a New Token for a Trust Code from CSSM

    2. Having downloaded the token, you can now install the trust code on the product instance: Installing a Trust Code

 

I think what we did is we established the SLUP initially then got confused, deleted the product instance in CSSM and did SLR instead. And then we activated SLUP again.

 

Any advice? Thanks.

Arshadsaf
Rising star

Hey, Are you using CSSM on-prem or CSSM cloud? 

You need to dedicate licenses for Active and Standby only if you are running SLR/PLR. Since licenses are not strictly enforced in 9800, you may also consider licensing only the active controller using SLR and then running EVAL licenses in Standby WLC.

You may follow below steps if you have Cloud CSSM or on-prem CSSM. For Cloud DNS must work and you may follow the below if you are using on-prem SSM (I prefer call-home)

 

conf t

call-home

no http secure server-identity-check

!

profile CiscoTAC-1

no active

!

profile Smart-Licensing

reporting smart-licensing-data

destination transport-method http

destination address http http://10.X.X.X/Transportgateway/services/DeviceRequestHandler

destination preferred-msg-format xml

active

exit

!

ip http client source-interface Vlan10

crypto pki trustpoint SLA-TrustPoint

revocation-check none

end

 

If you are using Cloud CSSM then you may follow the below

 

call-home

source-interface GigabitEthernet0
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email

!

ip name-server 8.8.8.8 8.8.4.4 

!

license smart transport callhome

crypto pki trustpoint TP-self-signed-512219172

revocation-check none

!

ip http client source-interface GigabitEthernet0

!

 

After configuring this you can generate the token from CSSM and add in to the WLC as below

license smart register idtoken XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

______________
Arshad Safrulla

Hello. Thanks for the reply. Apparently that method no longer works for 17.3.3. The "smart register idtoken" has been removed already. We are directly connecting to Cisco Smart Licensing server.

This is our template for smart licensing on the 9800s:

conf t
!
license smart transport smart
license smart url default
ip name-server vrf management a.b.c.d
ip name-server vrf management a.b.c.e
ip domain lookup
ip domain lookup vrf management source-interface VlanXXX
ip domain name <your domain>.com
ip http client source-interface VlanXXX
ip route vrf management 0.0.0.0 0.0.0.0 g.h.i.j
!
call-home
vrf management
source-interface VlanXXX
exit
!
end
!
license smart trust idtoken <your CSSM token> all force

where vlan XXX is the management interface in VRF management.  That interface/VRF needs internet connectivity to smartreceiver.cisco.com

 

That's all you need to do.  License reservation was from the previous version of smart licensing for air-gapped devices.  In SLUP the 9800 will simply report it's current usage in to your smart account.  That will consume and release licenses as needed and you'll need to make sure you have enough licenses in the account to cover those consumed.

 

FYI: we tried using on-prem server but it's a disaster (long list of problems) and we're now going direct (with appropriate firewall and logging) to CSSM.

Create
Recognize Your Peers
Content for Community-Ad