Licensing
This chapter provides details on the licensing for the IR807.
The IOS feature set is aligned with the IOT 15.x M/T release strategy. They are:
- IR800IUK9-15703M - Cisco IR800L Series UNIVERSAL
- IR800INPEK9-15703M – Cisco IR800L Series UNIVERSAL – NO PAYLOAD ENCRYPTION
The Software License PIDs are shown in Table 1
|
Software PID |
Name |
Description |
|---|---|---|
|
SL-810-AIS |
Cisco 800 Series Industrial Routers IP Base License |
Routing (BGP, OSPF, RIP, EIGRP, ISIS,), PBR, IGMP/MLD, Multicast, QoS, AAA, Raw Sockets, Manageability |
|
SL-810-ADVSEC |
Cisco 800 Series Industrial Routers Security License |
SSL, VPN, IPSec, DMVPN, FlexVPN, IOS Firewall |
Licensing
Licenses are installed at manufacturing. If the advsecurity technology-package is not installed, the crypto related functions will not work. See additional information under Hardware Crypto Support
To enable the RightToUse license, perform the following:
- Accept the EULA
- Enable the technology-package
- Reload the IR807
Licensing CLI
IR807# show version
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 IR807G-LTE-GA-K9 FCW2132001S
License Information
License Level: advipservices Type: RightToUse
Next reboot license Level: advipservices
IR807# license install flash:FCW2132001S_201710030808172450.lic
IR807# conf term
license accept end user agreement
license boot module ir800l level advsecurity
license boot module ir800l level advipservices
IR807#show license feature
Feature name Enforcement Evaluation Subscription Enabled RightToUse
advipservices no yes no yes yes
advsecurity no no no no no
ios-ips-update yes yes yes no yes
Hardware Crypto Support
Hardware and Software based crypto support is available. A security license must be installed to enable hardware based crypto support.
To see information relating to crypto support, use variations on the show crypto command:
IR807#show crypto engine configuration
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
HW Version: 1.0
Compression: No
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0000
Maximum SA index: 0000
Maximum Flow index: 0256
Maximum RSA key size: 0000
crypto lib version: 22.0.0
crypto engine in slot: 0
platform: VPN hardware accelerator
crypto lib version: 22.0.0
IR807#sh crypto engine ?
accelerator Show crypto accelerator information
brief Show all crypto engines in the system
configuration Show crypto engine config
connections Show connection information
qos Show QoS information
token Show crypto token engine info
IR807sh crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 1
Time running: 1335 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0500
Maximum SA index: 0500
Maximum Flow index: 1000
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: FF98383A
crypto engine state: installed
crypto engine in slot: N/A
IR807#sh crypto engine config
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 1
Time running: 1358 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0500
Maximum SA index: 0500
Maximum Flow index: 1000
Maximum RSA key size: 0000
crypto lib version: 22_421.0.0
crypto engine in slot: 0
platform: VPN hardware accelerator
crypto lib version: 22_421.0.0
IR807#sh crypto engine accelerator stat
Device: Onboard VPN
Location: Onboard: 0
:Statistics for encryption device since the last clear
of counters 1404 seconds ago
0 packets in 0 packets out
0 bytes in 0 bytes out
0 paks/sec in 0 paks/sec out
0 Kbits/sec in 0 Kbits/sec out
0 packets decrypted 0 packets encrypted
0 bytes before decrypt 0 bytes encrypted
0 bytes decrypted 0 bytes after encrypt
0 packets decompressed 0 packets compressed
0 bytes before decomp 0 bytes before comp
0 bytes after decomp 0 bytes after comp
0 packets bypass decompr 0 packets bypass compres
0 bytes bypass decompres 0 bytes bypass compressi
0 packets not decompress 0 packets not compressed
0 bytes not decompressed 0 bytes not compressed
1.0:1 compression ratio 1.0:1 overall
Last 5 minutes:
0 packets in 0 packets out
0 paks/sec in 0 paks/sec out
0 bits/sec in 0 bits/sec out
0 bytes decrypted 0 bytes encrypted
0 Kbits/sec decrypted 0 Kbits/sec encrypted
1.0:1 compression ratio 1.0:1 overall
Errors:
Total Number of Packet Drops = 0
Pad Error = 0
Data Error = 0
Packet Error = 0
Null IP Error = 0
Hardware Error = 0
CP Unavailable = 0
HP Unavailable = 0
AH Seq Failure = 0
Link Down Error = 0
ESP Seq Failure = 0
AH Auth Failure = 0
ESP Auth Failure = 0
Queue Full Error = 0
API Request Error = 0
Invalid Flow Error = 0
Buffer Unavailable = 0
QOS Queue Full Error = 0
Packet too Big Error = 0
AH Replay Check Failure = 0
Too Many Particles Error = 0
ESP Replay Check Failure = 0
Input Queue Full Error = 0
Output Queue Full Error = 0
raw_PAK_alloc = 0
raw_PAK_free = 0
mod_exp_PAK_alloc = 3
mod_exp_PAK_free = 3
extropy_PAK_alloc = 0
entropy_PAK_free = 0
Pre-batch Queue Full Error = 0
Post-batch Queue Full Error = 0
batch_PAK_free = 0
BATCHING Statistics:
Batching Allowed
Batching currently Inactive
No of times batching turned on = 0
No of times batching turned off = 0
No of Flush Done = 0
Flush Timer in Milli Seconds = 8
Disable Timer in Seconds = 20
Threshold Crypto Paks/Sec
to enable batching = 10000
POST-BATCHING Enabled
Post-batch count, max_count = 0, 16
Packets queued to post-batch queue = 0
Packets flushed from post-batch queue = 0
The Post-batch Queue Information
The Queuesize is = 512
The no entries currently being used = 0
The Read Index is = 0
The Write Index is = 0
The entries in use are between Read and Write Index
The entries in use are
SEC MFIFO Statistics:
Channel 0 allocated times = 3
Channel 1 allocated times = 0
Channel 2 allocated times = 0
Channel 3 allocated times = 0
Channel 0 freed times = 3
Channel 1 freed times = 0
Channel 2 freed times = 0
Channel 3 freed times = 0
Sec MFIFO flush count = 3
Sec MFIFO interrupt count = 3
Sec MFIFO put back count = 0
Sec MFIFO Timer flush count = 0
Sec MFIFO Timer put back count = 0
Sec alloc workq count = 0
Sec free workq count = 64
Feedback