Configuring Smart Licensing

Licenses are managed as Smart licenses from Cisco IOS XE Fuji 16.9.1 and later. Right-to-Use licenses are deprecated from Cisco IOS XE Fuji 16.9.1 .

Overview of CSSM

CSSM enables you to manage all your Cisco smart software licenses from one centralized portal. With CSSM, you can organize and view your licenses in groups called virtual accounts (collections of licenses and product instances).

You can access the CSSM on https://software.cisco.com/#, by clicking the Smart Software Licensing link under the License tab.

Use a Chrome 32.0, Firefox 25.0, or Safari 6.0.5 web browser to access CSSM. Also, ensure that Javascript 1.5 or a later version is enabled in your browser.

Connecting to CSSM

The following illustration shows the various options available to connect to CSSM:

  1. Direct cloud access: In this method, Cisco products send usage information directly over the internet to Cisco.com; no additional components are needed for the connection.
  2. Direct cloud access through an HTTPs proxy: In this method, Cisco products send usage information over the internet through a proxy server - either a Call Home Transport Gateway or an off-the-shelf proxy (such as Apache) to Cisco.com.
  3. Mediated access through a connected on-premises collector: In this method, Cisco products send usage information to a locally-connected collector, which acts as a local license authority. Periodically, this information is exchanged to keep the databases synchronized.
  4. Mediated access through a disconnected on-premises collector: In this method, Cisco products send usage information to a local disconnected collector, which acts as a local license authority. Exchange of human-readable information takes place occasionally (maybe once a month) to keep the databases synchronized.

Options 1 and 2 provide an easy connection option, and options 3 and 4 provide a secure environment connection option. Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite) provides support for options 3 and 4.

Linking Existing Licenses to CSSM

The following section is required for those licenses that were purchased without a Cisco Smart Account. These licenses will not be available in CSSM after you have upgraded to Cisco IOS XE Fuji 16.9.1 . You are requested to contact the Cisco Global Licensing Operations (GLO) team with the following email template. Fill the template with the appropriate information to request linking of your existing licenses to your Cisco Smart Account in CSSM.

Email Template:

To: licensing@cisco.com

Subject: Request for Linking Existing Licenses to Cisco Smart Account

Email Text:

Cisco.com ID: #####

Smart virtual account name: #####

Smart account domain ID (domain in the form of "xyz.com"): #####

List of UDIs:

List of licenses with count:

Proof of purchase (Please attach your proof of purchase along with this mail)

Configuring a Connection to CSSM and Setting Up the License Level

The following sections provide information about how to set up a connection to CSSM and set up the license level.

Setting Up a Connection to CSSM

The following steps show how to set up a Layer 3 connection to CSSM to verify network reachability. Skip this section if you already have Layer 3 connectivity to CSSM.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. < ip | ipv6 >name-server server-address 1 [ server-address 2 ] [ server-address 3 ] [ server-address 4 ] [ server-address 5 ] [ server-address 6 ]
  4. ip name-server vrf Mgmt-vrf server-address 1 [ server-address 2 ] [ server-address 3 ] [ server-address 4 ] [ server-address 5 ] [ server-address 6 ]
  5. ip domain lookup source-interface interface-type interface-number
  6. ip domain name example.com
  7. ip host tools.cisco.com ip-address
  8. interface vlan_id
  9. ntp server ip-address [ version number ] [ key key-id ] [ prefer ]
  10. switchport access vlan vlan_id
  11. ip route ip-address ip-mask subnet mask
  12. license smart transport callhome
  13. ip http client source-interface interface-type interface-number
  14. exit
  15. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Example:

Device# configure terminal

Enters global configuration mode.

Example:

Device(config)# ip name-server 209.165.201.1 209.165.200.225 209.165.201.14 209.165.200.230

Configures Domain Name System (DNS).

Example:

Device(config)# ip name-server vrf Mgmt-vrf 209.165.201.1 209.165.200.225 209.165.201.14 209.165.200.230

(Optional) Configures DNS on the VRF interface.

You should configure this command as an alternative to the ip name-server command.

Example:

Device(config)# ip domain lookup source-interface Vlan100

(Optional) Configures the source interface for the DNS domain lookup.

Example:

Device(config)# ip domain name example.com

Configures the domain name.

Example:

Device(config)# ip host tools.cisco.com 209.165.201.30

(Optional) Configures static hostname-to-address mappings in the DNS hostname cache if automatic DNS mapping is not available.

Example:

 Device(config)# interface Vlan100 Device(config-if)# ip address 192.0.2.10 255.255.255.0 Device(config-if)# exit

Configures a Layer 3 interface.

Example:

 Device(config)# ntp server 198.51.100.100 version 2 prefer

Forms a server association with the specified system.

The ntp server command is mandatory to ensure that the device time is synchronized with CSSM.

Example:

 Device(config)# interface GigabitEthernet1/0/1 Device(config-if)# switchport access vlan 100 Device(config-if)# switchport mode access Device(config-if)# exit Device(config)# 

(Optional) Enables the VLAN for which this access port carries traffic and sets the interface as a nontrunking nontagged single-VLAN Ethernet interface.

This step is to be configured only if the switchport access mode is required.

Example:

 Device(config)# ip route 192.0.2.0 255.255.255.255 192.0.2.1 

Configures a route on the device.

You can configure either a static route or a dynamic route.

Example:

Device(config)# license smart transport callhome

Enables the transport mode as Call Home.

The license smart transport callhome command is mandatory.

Example:

Device(config)# ip http client source-interface Vlan100

Configures a source interface for the HTTP client.

The ip http client source-interface interface-type interface-number command is mandatory.

Example:

Device(config)# exit

(Optional) Exits global configuration mode and returns to privileged EXEC mode.

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configuring the Call Home Service for Direct Cloud Access

By default, the CiscoTAC-1 profile is already set up on the device. Use the show call-home profile all command to check the profile status.

The Call Home service provides email-based and web-based notification of critical system events to CSSM.

To configure and enable the Call Home service, perform this procedure:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. call-home
  4. no http secure server-identity-check
  5. contact-email-address email-address
  6. profile CiscoTAC-1
  7. destination transport-method http
  8. destination address http url
  9. active
  10. no destination transport-method email
  11. exit
  12. exit
  13. service call-home
  14. exit
  15. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Example:

Device# configure terminal

Enters global configuration mode.

Example:

Device(config)# call-home

Enters Call Home configuration mode.

Example:

Device(config-call-home)# no http secure server-identity-check

Disables server identity check when HTTP connection is established.

Example:

Device(config-call-home)# contact-email-addr username@example.com

Assigns customer's email address. You can enter up to 200 characters in email address format with no spaces.

Example:

Device(config-call-home)# profile CiscoTAC-1

By default, the CiscoTAC-1 profile is inactive. To use this profile with the Call Home service, you must enable the profile.

Example:

Device(config-call-home-profile)# destination transport-method http

Enables the Call Home service via HTTP.

Example:

Device(config-call-home-profile)# destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

Connects to CSSM.

Example:

Device(config-call-home-profile)# active

Enables the destination profile.

Example:

Device(config-call-home-profile)# no destination transport-method email

Disables the Call Home service via email.

Example:

Device(config-call-home-profile)# exit

Exits Call Home destination profile configuration mode and returns to Call Home configuration mode.

Example:

Device(config-call-home)# exit

Exits Call Home configuration mode and returns to global configuration mode.

Example:

Device(config)# service call-home

Enables the Call Home feature.

Example:

Device(config)# exit

Exits global configuration mode and returns to privileged EXEC mode.

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server

The Call Home service can be configured through an HTTPs proxy server. This configuration requires no user authentication to connect to CSSM.

Authenticated HTTPs proxy configurations are not supported.

To configure and enable the Call Home service through an HTTPs proxy, perform this procedure:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. call-home
  4. contact-email-address email-address
  5. http-proxy proxy-address proxy-port port-number
  6. profile CiscoTAC-1
  7. destination transport-method http
  8. no destination transport-method email
  9. profile name
  10. reporting smart-licensing-data
  11. destination transport-method http
  12. destination address http url
  13. active
  14. exit
  15. exit
  16. service call-home
  17. ip http client proxy-server proxy-address proxy-port port-number
  18. exit
  19. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Example:

Device# configure terminal

Enters global configuration mode.

Example:

Device(config)# call-home

Enters Call Home configuration mode.

Example:

Device(config-call-home)# contact-email-addr sch-smart-licensing@cisco.com

Configures the default email address as sch-smart-licensing@cisco.com.

Example:

Device(config-call-home)# http-proxy 198.51.100.10 port 3128

Configures the proxy server information to the Call Home service.

Example:

Device(config-call-home)# profile CiscoTAC-1

By default, the CiscoTAC-1 profile is inactive. To use this profile with the Call Home service, you must enable the profile.

Example:

Device(config-call-home-profile)# destination transport-method http

Enables the Call Home service via HTTP.

Example:

Device(config-call-home-profile)# no destination transport-method email

Disables the Call Home service via email.

Example:

Device(config-call-home)# profile test1

Enters Call Home destination profile configuration mode for the specified destination profile name. If the specified destination profile does not exist, it is created.

Example:

Device(config-call-home-profile)# reporting smart-licensing-data

Enables data sharing with the Call Home service via HTTP.

Example:

Device(config-call-home-profile)# destination transport-method http

Enables the HTTP message transport method.

Example:

Device(config-call-home-profile)# destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

Connects to CSSM.

Example:

Device(config-call-home-profile)# active

Enables the destination profile.

Example:

Device(config-call-home-profile)# exit

Exits Call Home destination profile configuration mode and returns to Call Home configuration mode.

Example:

Device(config-call-home)# exit

Exits Call Home configuration mode and returns to global configuration mode.

Example:

Device(config)# service call-home

Enables the Call Home feature.

Example:

Device(config)# ip http client proxy-server 198.51.100.10 port 3128

Enables the Call Home feature.

Example:

Device(config)# exit

Exits global configuration mode and returns to privileged EXEC mode.

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configuring the Call Home Service for Cisco Smart Software Manager On-Prem

For information about Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite), see https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager-satellite.html.

To configure the Call Home service for the Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite), perform this procedure:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. call-home
  4. no http secure server-identity-check
  5. profile name
  6. reporting smart-licensing-data
  7. destination transport-method http
  8. destination address http url
  9. destination preferred-msg-format
  10. active
  11. exit
  12. exit
  13. ip http client source-interface interface-type interface-number
  14. crypto pki trustpoint name
  15. revocation-check none
  16. end
  17. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Example:

Device# configure terminal

Enters global configuration mode.

Example:

Device(config)# call-home

Enters Call Home configuration mode.

Example:

Device(config-call-home)# no http secure server-identity-check

Disables server identity check when HTTP connection is established.

Example:

Device(config-call-home)# profile test1

Enters Call Home destination profile configuration mode for the specified destination profile name. If the specified destination profile does not exist, it is created.

Example:

Device(config-call-home-profile)# reporting smart-licensing-data

Enables data sharing with the Call Home service via HTTP.

Example:

Device(config-call-home-profile)# destination transport-method http

Enables the HTTP message transport method.

Example:

Device(config-call-home-profile)# destination address http https://209.165.201.15:443/Transportgateway/services/DeviceRequestHandler 
Device(config-call-home-profile)# destination address http http://209.165.201.15:80/Transportgateway/services/DeviceRequestHandler

Configures the destination URL (CSSM) to which Call Home messages are sent.

Note

Ensure the IP address or the fully qualified domain name (FQDN) in the destination URL matches the IP address or the FQDN as configured for the Satellite Name on the Cisco Smart Software Manager On-Prem.

Example:

Device(config-call-home-profile)# destination preferred-msg-format xml

(Optional) Configures a preferred message format. The default is XML.

Example:

Device(config-call-home-profile)# active

Enables the destination profile. By default, a profile is enabled when it is created.

Example:

Device(config-call-home-profile)# exit

Exits Call Home destination profile configuration mode and returns to Call Home configuration mode.

Example:

Device(config-call-home)# exit

Exits Call Home configuration mode and returns to global configuration mode.

Example:

Device(config)# ip http client source-interface Vlan100

Configures a source interface for the HTTP client.

The ip http client source-interface interface-type interface-number command is mandatory for a vrf interface.

Example:

Device(config)# crypto pki trustpoint SLA-TrustPoint

(Optional) Declares the trustpoint and a given name and enters ca-trustpoint configuration mode.

Example:

Device(ca-trustpoint)# revocation-check none

(Optional) Specifies that certificate checking is ignored.

Example:

Device(ca-trustpoint)# end

(Optional) Exits ca-trustpoint configuration mode and returns to privileged EXEC mode.

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configuring the License Level

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. license boot level license_level
  4. exit
  5. write memory
  6. show version
  7. reload

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Example:

Device# configure terminal

Enters global configuration mode.

Example:

Device(config)# license boot level network-essentials

Activates the licenses on the switch.

Example:

Device(config)# exit

Returns to the privileged EXEC mode.

Example:

Device# write memory

Saves the license information on the switch.

Example:

Device# show version ------------------------------------------------------------------------------ Technology-package Current Type Technology-package Next reboot ------------------------------------------------------------------------------ network-essentials Smart License network-essentials None Subscription Smart License None 

Shows license-level information.

Example:

Device# reload

Reloads the device.

Registering a Device on CSSM

  1. Generate a unique token from the CSSM.
  2. Register the device with the generated token.

Downgrading a device from Cisco IOS XE Fuji 16.9.1 to any prior release will migrate the smart license to traditional license. All smart license information on the device will be removed. In case the device needs to be upgraded back to Cisco IOS XE Fuji 16.9.1 , the license status will remain in evaluation mode until the device is registered again in CSSM.

Generating a New Token from CSSM

Tokens are generated to register new product instances to the virtual account.

Procedure

You must log in to the portal using the username and password provided by Cisco.

The Create Registration Token window is displayed.

Enabling this checkbox ensures Cisco compliance with US and country-specific export policies and guidelines. For more information, see https://www.cisco.com/c/en/us/about/legal/global-export-trade.html.

Registering a Device with the New Token

To register a device with the new token, perform this procedure:

SUMMARY STEPS

  1. enable
  2. license smart register idtoken token_ID
  3. write memory

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Example:

Device# license smart register idtoken $Tl4UytrNXBzbEs1ck8veUtWaG5abnZJOFdDa1FwbVRa%0AblRMbz0%3D%0A  

Registers the device with the back-end server using the token generated from CSSM.

Example:

Device# write memory

Saves the license information on the device.

Verifying the License Status After Registration

To verify the status of a license after registration, use the show license all command.

 Device> enable Device# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED Registration: Status: REGISTERED Smart Account: Smart Account Name Virtual Account: Virtual Account 1 Export-Controlled Functionality: Allowed Initial Registration: SUCCEEDED on Jul 16 09:44:50 2018 IST Last Renewal Attempt: None Next Renewal Attempt: Jan 12 09:44:49 2019 IST Registration Expires: Jul 16 09:39:05 2019 IST License Authorization: Status: AUTHORIZED on Jul 31 17:30:02 2018 IST Last Communication Attempt: SUCCEEDED on Jul 31 17:30:02 2018 IST Next Communication Attempt: Aug 30 17:30:01 2018 IST Communication Deadline: Oct 29 17:24:12 2018 IST Export Authorization Key: Features Authorized: Utility: Status: DISABLED Data Privacy: Sending Hostname: yes Callhome hostname privacy: DISABLED Smart Licensing hostname privacy: DISABLED Version privacy: DISABLED Transport: Type: Callhome License Usage ============== C9500 48Y4C DNA Advantage (C9500-DNA-48Y4C-A): Description: C9500 48Y4C DNA Advantage Count: 1 Version: 1.0 Status: AUTHORIZED Export status: NOT RESTRICTED C9500 48Y4C NW Advantage (C9500-48Y4C-A): Description: C9500 48Y4C NW Advantage Count: 1 Version: 1.0 Status: AUTHORIZED Export status: NOT RESTRICTED Product Information =================== UDI: PID:C9500-48Y4C,SN:CAT2150L5HK Agent Version ============= Smart Agent for Licensing: 4.5.2_rel/32 Component Versions: SA:(1_3_dev)1.0.15, SI:(dev22)1.2.1, CH:(rel5)1.0.3, PK:(dev18)1.0.3 Reservation Info ================ License reservation: DISABLED 

Canceling a Device's Registration in CSSM

When your device is taken off the inventory, shipped elsewhere for redeployment, or returned to Cisco for replacement using the return merchandise authorization (RMA) process, you can use the deregister command to cancel the registration of your device.

To cancel device registration, follow this procedure:

Before you begin

Layer 3 connection to CSSM must be available to successfully deregister the device.

SUMMARY STEPS

  1. enable
  2. license smart deregister

DETAILED STEPS

Command or Action Purpose

Step 1

enable