Licensing

This document provides details on the security licensing for the Cisco IR800 Integrated Services Router.

The IOS feature set is aligned with the IOT 15.x M/T release strategy. They are:

  • S800IUK9-15503M – Cisco IR800 Series UNIVERSAL

  • S800INPEK9-15503M – Cisco IR800 Series UNIVERSAL – NO PAYLOAD ENCRYPTION

Software License PIDs

The Software License PIDs are shown in the following table:

Software License PIDs

Software PID

Name

Description

SL-IR800-IPB-K9

Cisco 800 Series Industrial Routers IP Base License

Routing (BGP, OSPF, RIP, EIGRP, ISIS,), PBR, IGMP/MLD, Multicast, QoS, AAA, Raw Sockets, Manageability

SL-IR800-SEC-K9

Cisco 800 Series Industrial Routers Security License

SSL, VPN, IPSec, DMVPN, FlexVPN, IOS Firewall

SL-IR800-SNPE-K9

Cisco 800 Series Industrial Routers No Payload Encryption License

SL-IR800-DATA-K9

Cisco 800 Series Industrial Routers Data License

L2TPv3, IP SLA, BFD, MPLS (subset)

SWAP1530-81-A1-K9

Cisco 1530 Series Unified & Autonomous 8.1 SW

IR829 AP803 WI-FI

Install Licenses

To enable the RightToUse license, perform the following steps:

Before you begin

Licenses are installed at manufacturing. If the securityk9 technology-package is not installed, the crypto related functions will not work. See additional information under Hardware Crypto Support.

Procedure

Step 1

Accept the EULA.

Router# license accept end user agreement

Step 2

Enable the technology-package.

Router# license boot module ir800 technology-package securityk9
Router# license boot module ir800 technology-package datak9

Step 3

Reload the IR800 router.

Router# reload

Step 4

Verify the licensing status on the router.

Router# show license feature

Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse 
ipbasek9                 no           no          no             yes      no         
securityk9               yes          yes         no             yes      yes

Hardware Crypto Support

In the initial IOS release 15.5(3)M, only software-based cryptographic support was available. Later, hardware-based cryptographic support was introduced. To enable hardware-based crypto functionality, a security license must be installed.

To check which version of cryptographic support is being used on a device, use the following command:

Router# show crypto engine configuration
 
        crypto engine name:  Virtual Private Network (VPN) Module
        crypto engine type:  hardware
                     State:  Enabled
                  Location:  onboard 0
              Product Name:  Onboard-VPN
                HW Version:  1.0
               Compression:  No
                       DES:  Yes
                     3 DES:  Yes
                   AES CBC:  Yes (128,192,256)
                  AES CNTR:  No
     Maximum buffer length:  4096
          Maximum DH index:  0000
          Maximum SA index:  0000
        Maximum Flow index:  0256
      Maximum RSA key size:  0000
        crypto lib version:  22.0.0
     crypto engine in slot:  0
                  platform:  VPN hardware accelerator
        crypto lib version:  22.0.0