Hello. We have installed 9800L on our network running HA. It is running 17.3.3 and we are struggling with the license configuration. The licensing configuration guide is 17.3.x but the licensing model for 17.3.1 and 17.3.2 (and above) are different. So we did the following.
9800(config)#license smart transport smart
9800(config)#license smart url default
9800#license smart trustid token xxxxxxxxx <- token generated from CSSM
It looked something like this after (this is from Cisco website)
Trust Code Installed: Active: PID:C9800-CL-K9,SN:93BBAH93MGS INSTALLED on Nov 02 08:59:26 2020 IST Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN INSTALLED on Nov 02 09:00:45 2020 IST
Then we tried to do the reservation
9800(config)#license smart reservation
9800#license smart reservation request all
We followed this.
We were able to successfully install the authorization code file but we still do not know if we have the correct license. We purchased 20 AP license for this but on CSSM website, I needed to split 10 and 10 for active and standby to have a total of 20 because when I did 20 and 20 for active and standby, it consumed 40 of our licenses.
This is what our device looks like after installing the authorization key. (From Cisco documentation but ours look almost the same except for the Total reserved count, summary says 0)
Device# show license summary License Reservation is ENABLED License Usage: License Entitlement Tag Count Status ------------------------------------------------------------------ Aironet DNA Advantag... (AIR-DNA-A) 0 NOT IN USE AP Perpetual Network... (DNA_NWStack) 0 NOT IN USE
Device# show license authorization Overall status: Active: PID:C9800-CL-K9,SN:93BBAH93MGS Status: SPECIFIC INSTALLED on Nov 02 03:16:01 2020 IST Last Confirmation code: 102fc949 Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN Status: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST Last Confirmation code: ad4382fe Specified license reservations: Aironet DNA Advantage Term Licenses (AIR-DNA-A): Description: DNA Advantage for Wireless Total reserved count: 20 Enforcement type: NOT ENFORCED Term information: Active: PID:C9800-CL-K9,SN:93BBAH93MGS Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST License type: TERM Start Date: 2020-OCT-14 UTC End Date: 2021-APR-12 UTC Term Count: 5 Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST License type: TERM Start Date: 2020-JUN-18 UTC End Date: 2020-DEC-15 UTC Term Count: 5 Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST License type: TERM Start Date: 2020-OCT-14 UTC End Date: 2021-APR-12 UTC Term Count: 10 AP Perpetual Networkstack Advantage (DNA_NWStack): Description: AP Perpetual Network Stack entitled with DNA-A Total reserved count: 20 Enforcement type: NOT ENFORCED Term information: Active: PID:C9800-CL-K9,SN:93BBAH93MGS Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST License type: TERM Start Date: 2020-OCT-14 UTC End Date: 2021-APR-12 UTC Term Count: 5 Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST License type: TERM Start Date: 2020-JUN-18 UTC End Date: 2020-DEC-15 UTC Term Count: 5 Standby: PID:C9800-CL-K9,SN:9XECPSUU4XN Authorization type: SPECIFIC INSTALLED on Nov 02 03:15:45 2020 IST License type: TERM Start Date: 2020-OCT-14 UTC End Date: 2021-APR-12 UTC Term Count: 10
We tried to register an AP but the license summary count did not increase to 1. According to documentation, it will be zero when no APs are registered but we already registered one and it is still zero.
This new model is really confusing. Are we missing anything?
I read the documentation again and sounds like Smart Licensing, Smart License Reservation, and Smart License Using Policy are all different things. I understand that the SL is the old way of doing it but what we did is Smart License Reservation. Then SLUP is another way and in our case we just need to establish trust between the WLC and CSSM.
I read this part on the documentation.
Use: All licenses on Cisco Catalyst Wireless Controllers are unenforced. This means that you do not have to complete any licensing-specific operations, such as registering or generating keys before you start using the software and the licenses that are tied to it. License usage is recorded on your device with timestamps and the required workflows can be completed at a later date.
Report license usage to CSSM: Multiple options are available for license usage reporting. You can use Cisco Smart Licensing Utility (CSLU), or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where you download usage information and upload it to CSSM, is also available.The usage report is in plain text XML format. See: Sample Resource Utilization Measurement Report.
So from how I understand it, all licenses of WLCs are unenforced and I do not need to complete any licensing operation other than establishing a trust between WLC and CSSM. I no longer need to add or indicate the AP count licenses that I need. (Correct me if I am wrong here)
Next, can I know return my reservation and rely solely on these commands.
Smart transport: Set transport type to smart and configure the corresponding URL.
If the transport mode is set to license smart transport smart , and you configure license smart url default , the Smart URL is automatically configured. Save any changes to the configuration file.
Device(config)# license smart transport smart Device(config)# license smart url default Device(config)# exit Device# copy running-config startup-config
Trust Establishment with CSSM
Where task is performed: CSSM Web UI and then the product instance
Generate one token for each Virtual Account you have. You can use same token for all the product instances that are part of one Virtual Account: Generating a New Token for a Trust Code from CSSM
Having downloaded the token, you can now install the trust code on the product instance: Installing a Trust Code
I think what we did is we established the SLUP initially then got confused, deleted the product instance in CSSM and did SLR instead. And then we activated SLUP again.
Any advice? Thanks.
Hey, Are you using CSSM on-prem or CSSM cloud?
You need to dedicate licenses for Active and Standby only if you are running SLR/PLR. Since licenses are not strictly enforced in 9800, you may also consider licensing only the active controller using SLR and then running EVAL licenses in Standby WLC.
You may follow below steps if you have Cloud CSSM or on-prem CSSM. For Cloud DNS must work and you may follow the below if you are using on-prem SSM (I prefer call-home)
no http secure server-identity-check
destination transport-method http
destination address http http://10.X.X.X/Transportgateway/services/DeviceRequestHandler
destination preferred-msg-format xml
ip http client source-interface Vlan10
crypto pki trustpoint SLA-TrustPoint
If you are using Cloud CSSM then you may follow the below
destination transport-method http
no destination transport-method email
ip name-server 188.8.131.52 184.108.40.206
license smart transport callhome
crypto pki trustpoint TP-self-signed-512219172
ip http client source-interface GigabitEthernet0
After configuring this you can generate the token from CSSM and add in to the WLC as below
license smart register idtoken XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Hello. Thanks for the reply. Apparently that method no longer works for 17.3.3. The "smart register idtoken" has been removed already. We are directly connecting to Cisco Smart Licensing server.
This is our template for smart licensing on the 9800s:
license smart transport smart
license smart url default
ip name-server vrf management a.b.c.d
ip name-server vrf management a.b.c.e
ip domain lookup
ip domain lookup vrf management source-interface VlanXXX
ip domain name <your domain>.com
ip http client source-interface VlanXXX
ip route vrf management 0.0.0.0 0.0.0.0 g.h.i.j
license smart trust idtoken <your CSSM token> all force
where vlan XXX is the management interface in VRF management. That interface/VRF needs internet connectivity to smartreceiver.cisco.com
That's all you need to do. License reservation was from the previous version of smart licensing for air-gapped devices. In SLUP the 9800 will simply report it's current usage in to your smart account. That will consume and release licenses as needed and you'll need to make sure you have enough licenses in the account to cover those consumed.
FYI: we tried using on-prem server but it's a disaster (long list of problems) and we're now going direct (with appropriate firewall and logging) to CSSM.