Troubleshoot Smart Licensing with Policy on Catalyst 9K after Upgrade to 17.3.2 and Later

Introduction

This document describes an issue related to Catalyst Platforms from the Cat9k family after upgrading to the latest Cisco IOS® XE 17.3.2.

Prerequisites

Requirements

Cisco recommends that you have knowledge of Smart Licensing operations on Cisco IOS XE devices.

Components Used 

The information in this document is based on Cisco IOS XE devices starting 17.3.2 and later.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

The issue involves the failure of Smart Licensing communication with Cisco Smart Software Manager (CSSM), Cisco Smart License Utility (CSLU), or Cisco Smart Software Manager (SSM) On-Prem. Smart Licensing Using Policy (SLP) is an enhanced version of Smart Licensing. It aims to provide a licensing solution that does not disrupt network operations while ensuring compliance with hardware and software licenses. SLP is supported starting with Cisco IOS XE Amsterdam 17.3.2.

 Topology

Connected to CSSM Through CSLU

Overview of SLP

SLP eliminates the earlier concepts of Evaluation mode, Registration, and Reservation. Instead, it focuses on reporting license usage. The licenses are unenforced, and licensing levels remain the same. The primary change with SLP is in the reporting and tracking of license usage. This section discusses the terminologies, the reasons for changes, and the new components introduced with SLP.

Issue Observed

After upgrading Cat9k switches to the latest Cisco IOS 17.3.2 or later, Smart Licensing communication with CSSM, CSLU, or SSM On-Prem fails.

Error Message: %SMART_LIC-3-COMM_FAILED: Communications failure with the [chars]: [chars]

Possible Reason: The failure could be due to network reachability issues or the CSSM server being down.

Remediation Steps

Topology 

Directly connected to CSSM

Steps Involved

Step 1. Verify Reachability to CSSM

When using a direct connection to CSSM on a Switch supporting Smart Licensing using Policy (Cisco IOS XE 17.3.2 or later) these steps help establish a connection with the portal and get the licenses:
1. Verify the Switch can reach the Cisco licensing server.

Ping reachability to CSSM from the device

Note: Please refer to the Cisco live document in the reference section.

2. If you can’t reach the server by the domain name, you can configure a DNS static entry, for example:

Configure DNS static entry

3. In order to obtain the IP address of smartreceiver.cisco.com, use nslookup or a similar utility. Currently, it’s being load

balanced between these IP addresses:

IP address for smartreceiver.cisco.com

Step 2. Configure the Smart Transport on the Switch

1. The call-home transport can still be used for SLP. However, it’s a legacy method and it is recommended to use smart transport instead.

Configure the smart transport

2. If communication with CSSM occurs in a particular VRF, assign a specific source interface as needed:

Assign specific source interface for VRF

3. In case you are using a PROXY for internet reachability please configure these commands:

Configure proxy for internet reachability

Step 3. Obtain a Token from the CSSM Portal

Navigate to  software.cisco.com > Smart Software Manager > Manage Licenses . Then, navigate to  Inventory .Then, select the proper Virtual Account and then select  General .

Step 4. Establish Trust with CSSM

The switch must establish trust with CSSM using the token obtained from the Virtual Account on CSSM.

Establish trust with CSSM using token

Step 5. Trigger a License Usage Report

After a few minutes in the  show license status  output, you see the  Last report push  and  Last ACK received  timestamps.

Verify the license status

Troubleshoot Steps for CSSM Not Reachable

If CSSM is not reachable and the configured transport type is "smart", perform these steps:

After Policy Updates on 17.3.2 Onwards

1. Verify the smart URL configuration using the command  show license status  in privileged EXEC mode. Ensure that the URL is set correctly to "https://smartreceiver.cisco.com/licservice/license."

2. Check DNS resolution by pinging "smartreceiver.cisco.com" or the translated IP address using the  ping  command. Example:  ping <public ip>

For Older Version

1. Verify DNS resolution by pinging  tools.cisco.com  or the translated IP address using the  ping  command. Example: ping tools.cisco.com
2. Check if the product instance is set correctly and if the product instance IP network is up. Ensure the interface configuration is not shut down by using the  no shutdown  command in interface configuration mode.
3. Verify if the device has a subnet mask and a configured DNS IP.
4. Check the correctness of the HTTPS client source interface using the command  show ip http client  in privileged EXEC mode. Reconfigure it if needed using the  ip http client source-interface  command in global configuration mode.
5. Double-check routing rules and firewall settings if these steps do not resolve the issue.

Recommended Actions

Based on the troubleshooting steps, please take these recommended actions:

• Ensure the correct smart URL is configured for CSSM communication.
• Verify DNS resolution for tools.cisco.com or smartreceiver.cisco.com
• Check the network connectivity of the product instance and interface configurations.
• Confirm the subnet mask and DNS IP settings.
• Reconfigure the HTTPS client source interface if necessary.
  
  

Review routing rules and firewall settings if all else fails.

Conclusion

In this document, an overview of the SLP is provided, and the issue faced by users after upgrading Catalyst 9300 switches to Cisco IOS XE 17.3.2 is addressed. Troubleshooting steps for CSSM, CSLU, and SSM On-Prem communication failures are offered, along with recommended actions to resolve the issue.

Related Information

• Smart Licensing Using Policy Update
• Cisco Technical Support & Downloads