Tuesday, August 27, 2019

Configuring Cisco Smart Licensing on the Catalyst Platform

According to Cisco Smart Licensing is the future. From the Cisco website:

"Smart Licensing is a cloud-based, software license management solution that allows you to manage and track the status of your license and hardware and software usage trends. Smart Licensing also enables you to automate time-consuming, manual licensing tasks."

The important statement on the website is this statement:

"Licenses are managed as smart licenses from Cisco IOS XE Fuji 16.9.1 and later."

That means that as soon as you upgrade to 16.9.1 or later your Right to Use licensing will no longer work. So how do you set up Smart Licensing on the switch?

It's actually pretty easy but it does require Internet access. You can use a proxy but I am not going to cover that today. If you are building the switches at your office for a customer you can configure the management interface and use your internal network. That is what I am doing in this example. If your switch already has internet access you can skip the management interface configuration.

Set the correct license level

There will be a printed card in the box with the swiitch that lists the type and quantity of licenses that were purchased. Notice in the picture below that the quantity is 17. That is because there were 17 switches on the sales order.

Near the bottom is a bar code label "Order #". This is what Cisco calls the Sales Order (SO) number. You will need this if you contact TAC or the licensing team.



My switches were purchased with network-advantage licensing so I entered the code listed below. If you don't do this, the call-home service will try to register DNA Advantage and Network Advantage licenses. It works, but you get an Alert on the CSSM portal and you will see this in the output of "show license all"

License Usage
==============

C9300 48P DNA Advantage (C9300-48 DNA Advantage):
  Description: C9300 48P DNA Advantage
  Count: 4
  Version: 1.0
  Status: OUT OF COMPLIANCE
  Export status: NOT RESTRICTED


Enter the following to set the license level to network-advantage. Note that a reload is required.


test#Conf t
test(config)#license boot level network-advantage 
test(config)#exit 
test#write memory 
test#show version (showing just the relevant output)

Technology Package License Information:

------------------------------------------------------------------------------
Technology-package                                     Technology-package
Current                        Type                       Next reboot
------------------------------------------------------------------------------
network-advantage       Smart License                    network-advantage
dna-advantage           Subscription Smart License       None
AIR License Level: AIR DNA Advantage
Next reload AIR license Level: AIR DNA Advantage


reload


If you purchased additional add ons such as DNA your boot level command will look like this:

license boot level network-advantage addon dna-advantage 


Configure the Management interface

I was connecting to a LAN with a DHCP server so I used DHCP. If you don't have access to a DHCP server use a valid static IP address.

conf t
test(config)#interface GigabitEthernet0/0
test(config-if)#ip address dhcp
test(config-if)#no shut
exit

Configure routing and host resolution

Smart Licensing uses the "Call-Home" service and must be able to reach tools.cisco.com. I added a host entry since this customer doesn't allow name servers.

Since I am using the management interface I had to use the Mgmt-vrf for the host. Once the switch is installed, the management interface will be down so I added a host outside the Mgmt-vrf

test(config)#ip host vrf Mgmt-vrf tools.cisco.com 72.163.4.38
test(config)#ip host tools.cisco.com 72.163.4.38
test(config)#ip route vrf Mgmt-vrf 72.163.4.38 255.255.255.255 10.253.4.1
test(config)#ip http client source-interface g0/0

The "ip http client" statement must be in the configuration while using the management interface. You must remove if you don't use the management interface after install.

Make sure you can ping tools.cisco.com:

ping vrf Mgmt-vrf tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!

Configure the Smart Call-Home service


test(config)#service call-home
test(config)#license smart transport callhome
test(config)#call-home
test(cfg-call-home)#no http secure server-identity-check
test(cfg-call-home)#profile CiscoTAC-1
test(cfg-call-home-profile)#reporting all
test(cfg-call-home-profile)#destination transport-method http
test(cfg-call-home-profile)#no destination transport-method email
test(cfg-call-home-profile)active
test(cfg-call-home-profile)#end
test#wr mem

Use show commands to review:
sh run | sec call-home
service call-home
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 no http secure server-identity-check
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email


sh run | i call
service call-home
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
license smart transport callhome



Create the Smart Account

Smart licensing requires a "Smart" account before you can activate the license on the switch. To create your account go to CSSM.

When the page loads you will see 5 sections. Look for Administration:


Click on "Request a Smart Account" and follow the instructions.

Create Token

You will need a "token" that gets pasted into the switch. Once you have your account, log in and click on Smart Licensing in the "License" section:




When the page loads click on the Inventory tab.

Click the General tab, click "New Token..."



In the dialog that opens, enter a description and set the number of uses. Cisco recommends 30 and that is what I have been using.



Click "Create Token". You will return to the previous screen. Click on the blue diagonal arrow on the right of the token to copy it to the clipboard. Save the token for use on the switch.

Enter the Token on the switch
From enable mode, not configuration mode, enter:
license smart register idtoken <your token>

and press enter.

You will see "Registration process is in progress. Use the 'show license status' command to check the progress and result" in the CLI.

You can use "show license status" to check on the progress. If everything worked you will see:

Registration:
  Status: REGISTERED
  <Account name>
  Virtual Account: DEFAULT
  Export-Controlled Functionality: ALLOWED
  Initial Registration: SUCCEEDED on Aug 27 13:58:49 2019 PDT
  Last Renewal Attempt: None
  Next Renewal Attempt: Feb 23 13:58:48 2020 PDT
  Registration Expires: Aug 26 13:52:59 2020 PDT

What if it didn't work?

As you can see, there are a lot of things that must go right for this to work. One thing I have run into is the licenses have to be associated with the switch serial number. If they aren't you will see:

License Authorization:
  Status: OUT OF COMPLIANCE on Aug 27 13:58:53 2019 PDT
  Last Communication Attempt: SUCCEEDED on Aug 27 13:58:53 2019 PDT

On the switch. Back on the portal, click on the "Alerts" tab and you will see:


You will need to contact TAC and get the liscense associated with the switch.


If you receive the message
"Operation not supported because the agent is running in Permanent License Reservation mode"

Run the following
(config)#no license smart reservation 



test#sh call-home profile all


Profile Name: CiscoTAC-1
    Profile status: ACTIVE
    Profile mode: Full Reporting
    Reporting Data: Smart Call Home, Smart Licensing
    Preferred Message Format: xml
    Message Size Limit: 3145728 Bytes
    Transport Method: http
    HTTP  address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
    Other address(es): default

    Periodic configuration info message is scheduled every 1 day of the month at 09:15

    Periodic inventory info message is scheduled every 1 day of the month at 09:00

    Alert-group               Severity
    ------------------------  ------------
    crash                     debug
    diagnostic                minor
    environment               warning
    inventory                 normal

    Syslog-Pattern            Severity
    ------------------------  ------------
    APF-.-WLC_.*              warning
    .*                        major



Show full license status
You can use "show license all" to see the complete license status


test#sh license all
Smart Licensing Status
======================

Smart Licensing is ENABLED

Registration:
  Status: REGISTERED
  Smart Account: The perfect customer
  Virtual Account: DEFAULT
  Export-Controlled Functionality: ALLOWED
  Initial Registration: SUCCEEDED on Aug 27 13:58:49 2019 PDT
  Last Renewal Attempt: SUCCEEDED on Aug 28 09:01:22 2019 PDT
  Next Renewal Attempt: Feb 24 09:01:21 2020 PDT
  Registration Expires: Aug 27 08:55:36 2020 PDT

License Authorization:
  Status: OUT OF COMPLIANCE on Aug 27 13:58:53 2019 PDT
  Last Communication Attempt: SUCCEEDED on Aug 28 09:01:28 2019 PDT
  Next Communication Attempt: Aug 28 21:01:28 2019 PDT
  Communication Deadline: Nov 26 08:55:44 2019 PDT

Export Authorization Key:
  Features Authorized:
    <none>

Utility:
  Status: DISABLED

Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED

Transport:
  Type: Callhome

License Usage
==============

C9300 48P DNA Advantage (C9300-48 DNA Advantage):
  Description: C9300 48P DNA Advantage
  Count: 4
  Version: 1.0
  Status: OUT OF COMPLIANCE
  Export status: NOT RESTRICTED

C9300 48P NW Advantage (C9300-48 Network Advantage):
  Description: C9300 48P NW Advantage
  Count: 4
  Version: 1.0
  Status: AUTHORIZED
  Export status: NOT RESTRICTED

Product Information
===================
UDI: PID:C9300-48UXM,SN:FJC2324S042

HA UDI List:
    Active:PID:C9300-48UXM,SN:XXXXXXXS042
    Standby:PID:C9300-48UXM,SN:XXXXXXXE014
    Member:PID:C9300-48UXM,SN:XXXXXXXE04M
    Member:PID:C9300-48UXM,SN:XXXXXXXB02D

Agent Version
=============
Smart Agent for Licensing: 4.8.5.1_rel/8

Reservation Info
================
License reservation: DISABLED


References

Configuring Smart Licensing 




2 comments:

  1. you saved my day. Thank you for the detailed information

    ReplyDelete
  2. I am glad to see this brilliant post. all the details are very helpful and good for us, keep up to good work.I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing.
    CCNA Course in pune

    ReplyDelete