Licensing on the Cisco IR807 Industrial Integrated Services Router
Licensing
This document provides details on the security licensing for the Cisco IR807 Industrial Integrated Services Router.
The IOS feature set is aligned with the IOT 15.x M/T release strategy. They are:
-
IR800IUK9-15703M - Cisco IR800L Series UNIVERSAL
-
IR800INPEK9-15703M – Cisco IR800L Series UNIVERSAL – NO PAYLOAD ENCRYPTION
Software License PIDs
The Software License PIDs are shown in the following table:
|
Software PID |
Name |
Description |
|---|---|---|
|
SL-810-AIS |
Cisco 800 Series Industrial Routers IP Base License |
Routing (BGP, OSPF, RIP, EIGRP, ISIS,), PBR, IGMP/MLD, Multicast, QoS, AAA, Raw Sockets, Manageability |
|
SL-810-ADVSEC |
Cisco 800 Series Industrial Routers Security License |
SSL, VPN, IPSec, DMVPN, FlexVPN, IOS Firewall |
Install Licenses
To enable the RightToUse license, perform the following steps:
Before you begin
Licenses are installed at manufacturing. If the advsecurity technology-package is not installed, the crypto related functions will not work. See additional information under Hardware Crypto Support.
Procedure
Step 1 | Check the current version of the license. |
Step 2 | Install the license. |
Step 3 | Accept the EULA. |
Step 4 | Enable the technology-packages. |
Step 5 | Reload the IR800 router. |
Step 6 | Verify the licensing status on the router. |
Hardware Crypto Support
A security license must be installed to enable hardware based crypto support.
To check which version of cryptographic support is being used on a device, use the following commands:
Use the show crypto engine configuration command to find details about the cryptographic engines being used. This command helps to understand the current crypto support status, including acceleration type and configuration.
Router# show crypto engine configuration
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
HW Version: 1.0
Compression: No
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0000
Maximum SA index: 0000
Maximum Flow index: 0256
Maximum RSA key size: 0000
crypto lib version: 22.0.0
crypto engine in slot: 0
platform: VPN hardware accelerator
crypto lib version: 22.0.0Use the show crypto engine brief command to get a high-level summary of the cryptographic engines on a router. This is useful for quickly determining the status and type of cryptographic acceleration (software or hardware) that is being used.
Router# show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 1
Time running: 1335 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0500
Maximum SA index: 0500
Maximum Flow index: 1000
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: FF98383A
crypto engine state: installed
crypto engine in slot: N/A
Use the show crypto engine config command to view the configuration settings related to cryptographic features and modules.
Router# show crypto engine config
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 1
Time running: 1358 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0500
Maximum SA index: 0500
Maximum Flow index: 1000
Maximum RSA key size: 0000
crypto lib version: 22_421.0.0
crypto engine in slot: 0
platform: VPN hardware accelerator
crypto lib version: 22_421.0.0
Use the show crypto engine accelerator stat command to view the status and statistics of the cryptographic accelerators.
Router# show crypto engine accelerator stat
Device: Onboard VPN
Location: Onboard: 0
:Statistics for encryption device since the last clear
of counters 1404 seconds ago
0 packets in 0 packets out
0 bytes in 0 bytes out
0 paks/sec in 0 paks/sec out
0 Kbits/sec in 0 Kbits/sec out
0 packets decrypted 0 packets encrypted
0 bytes before decrypt 0 bytes encrypted
0 bytes decrypted 0 bytes after encrypt
0 packets decompressed 0 packets compressed
0 bytes before decomp 0 bytes before comp
0 bytes after decomp 0 bytes after comp
0 packets bypass decompr 0 packets bypass compres
0 bytes bypass decompres 0 bytes bypass compressi
0 packets not decompress 0 packets not compressed
0 bytes not decompressed 0 bytes not compressed
1.0:1 compression ratio 1.0:1 overall
Last 5 minutes:
0 packets in 0 packets out
0 paks/sec in 0 paks/sec out
0 bits/sec in 0 bits/sec out
0 bytes decrypted 0 bytes encrypted
0 Kbits/sec decrypted 0 Kbits/sec encrypted
1.0:1 compression ratio 1.0:1 overall
Errors:
Total Number of Packet Drops = 0
Pad Error = 0
Data Error = 0
Packet Error = 0
Null IP Error = 0
Hardware Error = 0
CP Unavailable = 0
HP Unavailable = 0
AH Seq Failure = 0
Link Down Error = 0
ESP Seq Failure = 0
AH Auth Failure = 0
ESP Auth Failure = 0
Queue Full Error = 0
API Request Error = 0
Invalid Flow Error = 0
Buffer Unavailable = 0
QOS Queue Full Error = 0
Packet too Big Error = 0
AH Replay Check Failure = 0
Too Many Particles Error = 0
ESP Replay Check Failure = 0
Input Queue Full Error = 0
Output Queue Full Error = 0
raw_PAK_alloc = 0
raw_PAK_free = 0
mod_exp_PAK_alloc = 3
mod_exp_PAK_free = 3
extropy_PAK_alloc = 0
entropy_PAK_free = 0
Pre-batch Queue Full Error = 0
Post-batch Queue Full Error = 0
batch_PAK_free = 0
BATCHING Statistics:
Batching Allowed
Batching currently Inactive
No of times batching turned on = 0
No of times batching turned off = 0
No of Flush Done = 0
Flush Timer in Milli Seconds = 8
Disable Timer in Seconds = 20
Threshold Crypto Paks/Sec
to enable batching = 10000
POST-BATCHING Enabled
Post-batch count, max_count = 0, 16
Packets queued to post-batch queue = 0
Packets flushed from post-batch queue = 0
The Post-batch Queue Information
The Queuesize is = 512
The no entries currently being used = 0
The Read Index is = 0
The Write Index is = 0
The entries in use are between Read and Write Index
The entries in use are
SEC MFIFO Statistics:
Channel 0 allocated times = 3
Channel 1 allocated times = 0
Channel 2 allocated times = 0
Channel 3 allocated times = 0
Channel 0 freed times = 3
Channel 1 freed times = 0
Channel 2 freed times = 0
Channel 3 freed times = 0
Sec MFIFO flush count = 3
Sec MFIFO interrupt count = 3
Sec MFIFO put back count = 0
Sec MFIFO Timer flush count = 0
Sec MFIFO Timer put back count = 0
Sec alloc workq count = 0
Sec free workq count = 64