Smart Licensing Using Policy for Cisco Nexus 9000 and 3000 Switches

This article provides information about the deployment of Smart Licensing Using Policy (SLP) on Cisco Nexus 9000 and 3000 Switches. Before reading this document, ensure that you have read the Cisco NX-OS Smart Licensing Using Policy on Nexus Switches article from the Learn category on the Cisco NX-OS Licensing collection page on Cisco.com.

Understand Key Concepts of SLP Before Deployment

This section explains the key components that you need to understand before deploying SLP on Cisco Nexus 9000 and 3000 Switches.

Policy Selection

To know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command.

Policies can be customized. To customize policies, contact the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing. The licensing team will contact you to start the process or for any additional information. Customized policies are also made available through your Smart account in CSSM.

RUM Report and Report Acknowledgment

A Resource Utilization Measurement report (RUM report) is a license usage report, which the product instance generates, to fulfill reporting requirements as specified by the policy. RUM reports are data files with information about license usage and device identity. These reports are securely stored in the device and are cert-signed by the hardware.

 Note

When a switch does not consume a license, it does not generate any RUM report. To verify license consumption, use the show license usage command.

An acknowledgment (ACK) is a response from CSSM and provides information about the status of a RUM report.

The policy that is applied to a product instance determines the following reporting requirements:

  • Whether a RUM report is sent to CSSM, and the maximum number of days that are provided to meet this requirement.

  • Whether the RUM report requires an acknowledgment (ACK) from CSSM.

  • The maximum number of days provided to report a change in license consumption.

A RUM report sent to CSSM from device or CSLU can be accompanied by other requests.

 Note

System logs are generated at X and X-30 days if reporting is not done. X is the reporting interval per the policy.

For more information about RUM reports, see Reporting License Usage.

RUM States

The RUM reports change state throughout the communication between product instance and CSSM.

State

Description

SmartAgentRumStateOpen

New report that is created by Smart Agent on the device

SmartAgentRumStateClosed

RUM report that is sent to CSSM (reloads will also push the open reports to closed state)

Sample RUM Report

<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<RUMReport>
<![CDATA[
{
"payload":{ "asset_identification":{
"asset":{

"name":"regid.2017-11.com.cisco.Nexus_9300,1.0_ac6ddieu7-89ju-4dne7-8699-4eeeklljnk"
},
"instance":{
"sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":"FDjhjudyw8778"
},
"product_instance_identifier":"f804e59b-7296-4c6d-a4f4-e61207ddf150"
},
"signature":{ "signing_type":"CISC123", "key":"00000000",
"value":"A0EPZ4grbhDeNG2q1wJxeRAkEIFabnHp8UCB+qoFMFRA3oMkZ3G572mm FDFZXVSaA2yfVRym0GMgKDo2glzz7er1RVIyB8XnrqgdgFBMkvJiuHb5B9Bdvs 8qABGErQZP7m5HTUQcHNwczYYAoflIMo2ltaaUzhbmjppoh1b6cIvjUqTVTyg37cj/

Z0r7hIviUxrzvHBVFFVA50Ik8wXPFWS24aLC4ubXvEDNzDv1UWQwfJy0XmkegJ07PBVAfcRPhfZ4/5J9YtsQ1xRb5ot+ IdogZmhX7ISVOAh3WFjvAMVhQrH4xeSKD1wgIZtLAC+TnixvU6HAc4p168UK6aZV4A=="
}
},
"meta":{
"entitlement_tag":"regid.2019-06.com.cisco.LAN_Nexus9300_XF2,1.0_ ac6ddieu7-89ju-4dne7-8699-4eeeklljnk",
"report_id":16283555555, "software_version":"10.2(1)FI9(1)", "ha_udi":[
{
"role":"Active", "sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":" FDjhjudyw8778"
}
}
]
},
"measurements":[
{
"log_time":1628323253, "metric_name":"ENTITLEMENT", "start_time":1628323253, "end_time":1628323254, "sample_interval":1, "num_samples":1,
"meta":{
"termination_reason":"CurrentUsageRequested"
},
"value":{
"type":"COUNT",
"value":"1"
}
}
]
},
"header":{
"type":"rum"
},
"signature":{
"sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":"FDOkjahwdiuw78"
},
"signing_type":"CISC123", "key":"782198723987",
"value":"BIoW16suShhDdAJZgRGtxdk/b4yhdvtDJQzE4eujgG+w/ UKICJ40oEsh2HfIy0kcbfSn3gaAPwhlwHxFUVjLh+kYHxuwSvsI0RwwyIgBIlYbc9JojQ40dZGLRVmJt05djYIRkRHI5dYMO0Fn/

a/F+VnaEQ2hVbbTWMW0pDLnJksPyQ9Mn91RmI4ZCfkS5gGNeS9U0CyeBpSYfh/r+N4bn/gmf+XDmK30x6yukTflvUC6IV/


lNMxJYOpZ87mV/4XX6Bw88Ab1K3KX6VHVpeMr45UeUNGd0efaigReB9ERISJnERxAEs4SuU/ZhnFMONAwW/4WCpDXD/p8bcw76mmSkw=="

}
}
]]>
</RUMReport>
</smartLicense>

Sample RUM ACK

<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<smartLicenseRumAck>
<data>
<![CDATA[[
{
"status_code":"OK",
"status_message":"Rum Report is accepted.", "localized_message":"Rum Report is accepted.",
"product_instance_identifier":"f80003456-1234-3g5h-b6b6-e1234hrtu5678", "sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":"FDO3456yuth"
 

}
]]]>
 
},
"report_id":162123456, "correlation_id":"610e4fcecebababeyro678990-bf94ajdu47878787hdj", "subscription_id":null
 
  </data>
  <signature>MEQCIBtBcrLc384LDGgD9axXIMFiV4usLWOeOvJiP4nL9PKhAiA16   yiPufFIFwfEPIGbqMbfTKB+gGxB52m5tPVWZ/MP6Q==</signature>
  </smartLicenseRumAck>
  <smartLicenseAccountInfo>
  <customerInfo>
  <timestamp>1628327760658</timestamp>
  <smartAccount>InternalTestDemoAccount10.cisco.com</smartAccount>
  <virtualAccount>nxofirst</virtualAccount>
  <smartAccountId>2312345</smartAccountId>
  <virtualAccountId>509876</virtualAccountId>
  <smartAccountDomain>internaltestdemoaccount10.cisco.com</smartAccountDomain>
  </customerInfo>
  <signature>MEQCIBelsrxUBMzZSi406NeeHOJRlboJedEThjgyutwiqwge2iuey2   uehdufydwinGOsmgLaef1HAG+naWneLqZ139ARFiTsmA==</signature>
  </smartLicenseAccountInfo>
  <correlationID>ngnx-d3chwyt37hgdytf1924b4a57c190bc6</correlationID>
  </smartLicense>

Smart Licensing Using Policy Workflow

Smart Licensing Using Policy solution makes it easier for you to procure, deploy, and manage your license. Cisco Smart Software Manager (CSSM) is your primary licensing server and portal where you can create your smart accounts and manage licenses.

Smart Software Manager On-Prem and Cisco Smart Licensing Utility are your locally installed on-premises user portals that work with CSSM.

After purchasing licenses, activate your licenses on your devices in your deployments. As the devices establish trust and report license usage, you can manage your licenses through continuous reporting.

Workflow to Deploy Smart Licensing Using Policy

Smart Licensing Using Policy Workflow In a Nutshell

These are the stages for deploying Smart Licensing Using Policy:

  1. Order licenses

    1. Order your license from Cisco Commerce Workspace (CCW).

    2. Access CSSM and create the smart account and virtual accounts to organize your licenses.

  2. Activate licenses.

    1. Select the deployment methods.

      • Online Deployments

      • Offline or Air-gapped Deployments

    2. Configure the smart license transport mode and establish trust with CSSM.

  3. Manage licenses.

    1. Generate your Resource Utilization Measurement (RUM) report from the device. Synchronize the report with CSSM either automatically or manually.

    2. Monitor the license usage and compliance status through the CSSM portal.

Deployment Models for Smart Licensing Using Policy

Smart Licensing Using Policy offers the following deployments:

Online Deployments

  • Direct Deployments (with transport mode as Smart or Call Home)

    • Direct Cloud Access (CSSM)

    • Direct Cloud Access (CSSM) through a proxy server

  • On-premises Deployments

    • Smart Software Manager (SSM) On-Prem (recommended)

    • Smart Software Manager (SSM) On-Prem through a proxy server

    • Cisco Smart License Utility (CSLU)

    • Cisco Smart License Utility (CSLU) through a proxy server

Offline or Air-gapped Deployments

  • Disconnected (from the switch where transport is off) or Air-gapped deployment from the switch

  • SSM On-Prem Disconnected (remote deployment)

  • CSLU Offline (remote deployment)

Supported Deployment Models and Topologies

This section describes the various ways in which you can implement a smart licensing policy. For each topology, refer to the accompanying overview to know how the setup is designed to work, and refer to the considerations and recommendations, if any.

Choosing a Topology

The following table allows you to choose a topology depending on your network deployment.

 Note

To learn about the Topologies, see NX-OS Smart Licensing Using Policy under the Learn category on the Cisco NX-OS Licensing collection page on Cisco.com.

Deployment Model

Topology

Recommendations

Online Deployment > Direct (Smart transport/call home)

Topology 2: Connected Directly to CSSM

Use this topology when you have switches that are already registered to CSSM and need to continue in the same mode. If you need to continue using this topology after upgrading to SLP, then Smart Transport is the preferred transport method. See Direct Deployments.

Online Deployment > On-Prem > Smart Software Manager (SSM) On-Prem (Recommended)

Topology 4: Connected to CSSM through SSM On-Prem

Use this topology when you want to collect licensing information from each switch in the network and when there is no connectivity to CSSM. See Connected Mode in Smart Software Manager On-Prem

Online Deployment > On-Prem > CSLU

Topology 1: Connected to CSSM through CSLU

Use this topology when you do not want the switches to be directly connected to CSSM. This topology supports only one SA/VA combination. See Online Mode in Cisco Smart Licensing Utility.

Offline Deployment > from the switch

Topology 6: No Connectivity to CSSM and No CSLU (Offline mode)

Use this topology when you want to collect licensing information from a single source and when there is no connectivity to CSSM. You cannot view license consumption locally. Also, only a single VA can be used. See Air-Gapped Deployment from the Switch.

Offline Deployment > SSM On-Prem Disconnected

Topology 5: SSM On-Prem Disconnected from CSSM

Use this topology when you want to manage or view licenses from a single source. You can view license consumption locally. You can also use multiple SA/VA combinations. See SSM On-Prem in Disconnected Mode in Remote Deployments.

Offline Deployment > CSLU Offline

Topology 3: CSLU Disconnected from CSSM

Use this topology when you need to manage or view license consumption locally. You can also use multiple VA. See CSLU in Offline Mode in Remote Deployments.

Guidelines and limitations for Smart Licensing Using Policy

This section lists the guidelines and limitations for Smart Licensing Using Policy for the following categories:

General

  • Cisco NX-OS Release 10.2(1)F supports only the SLP licensing mode.

  • Cisco NX-OS Release 10.2(1)F does not support SL and PAK-based licensing.

  • SLP MIB is not supported.

  • In Cisco NX-OS Release 10.2(x), management VRF is supported on CSLU, Smart, and Callhome modes, and non-management VRF is supported only on Callhome. Beginning with Cisco NX-OS Release 10.3(2)F, non-management VRF is also supported on Smart and CSLU modes of transport.

  • Beginning with Cisco NX-OS Release 10.3(1)F, logging 2.0 is supported for SLP. From Release 10.5(1)F onwards, logging 2.0 support for callhome is introduced for SLP.

  • Beginning with Cisco NX-OS Release 10.3(2)F, source-interface is supported on Callhome mode with direct CSSM connectivity only. Beginning with Cisco NX-OS Release 10.3(3)F, support is introduced for source-interface with CSLU and Smart transport with both direct and indirect CSSM connectivity.

  • Beginning with Cisco NX-OS Release 10.4(3)F, Cisco Nexus switches provide TLSv1.3 support in SLP licensing mode.

Upgrade

  • For SL registered devices, when upgrading from Cisco NX-OS Release 9.3(3) or 9.3(4) to Cisco NX-OS Release 10.2(1)F, the transport mode may go to CSLU instead of callhome. It is recommended that you configure the transport mode to callhome manually and establish the trust with CSSM.

  • During upgrade from earlier release with Traditional Licensing (PAK) to Cisco NX-OS Release 10.2(1)F, reflection of RUM sync in show command may take up to 24 hrs after migration.

  • In Cisco NX-OS Release 10.3(2)F, license smart vrf is not supported on Cisco Nexus C92348GC-X switch. When management VRF is configured, upgrade of Cisco Nexus C92348GC-X switch from Cisco NX-OS Release 10.3(2)F to 10.3(3)F is supported. When management VRF is not configured, to upgrade Cisco Nexus C92348GC-X switch from Cisco NX-OS Release 10.3(2)F to 10.3(3)F, first configure no license smart vrf and then proceed with the upgrade.

  • For SL registered devices that are connected to On-Prem, when upgrading from any Traditional Licensing (PAK) to Cisco NX-OS Release 10.2(1)F, the license consumption may not adhere hierarchy rules of tier licenses at On-Prem. It is recommended that CSSM to be referred for proper consumption of licenses post sync from On-Prem.

  • For SL registered devices with CSSM, when upgrading from Cisco NX-OS Release 9.3(3) or 9.3(4) to Cisco NX-OS Release 10.2(1)F, duplicate entry may occur for the same product instance on CSSM/On-Prem for a day.

DNS

  • When configuring the DNS resolution, configure it under the management VRF, as only management VRF is supported.

Transport

Callhome

  • IPv6 is only supported on callhome transport mode.

CSLU

  • CSLU-initiated communication/pull mode is not supported in Cisco NX-OS Release 10.2(1)F.

  • Only CSLU mode of transport is supported on On-Prem.

  • For auto discovery, only one CSLU can be used in the network.

  • CSLU configuration is mandatory if callhome is not configured and the device is not registered with CSSM, when moving from pre-SLP releases to SLP in Cisco NX-OS Release 10.2(1)F. For more information, see Connected to CSSM Through CSLU.

  • While using the transport mode as CSLU, if licenses do not get released from the SA/VA after write-erase and reload of the switch, it is recommended to delete the product instance from the SA/VA.

  • Standalone CSLU does not support multi-tenancy, it supports only single SA/VA. However, SSM On-Prem supports multi-tenancy.

Commands

  • When a switch is being reset to factory defaults using the write erase command, it is recommended to do a license smart factory reset before reloading the switch.

  • The following commands do not support XMLized output:

    • show-tech support license

    • show license eventlog

    • show license history message

    • show license rum id all

    • show license data conversion

  • The output of the show license status command may show discrepancy in timer values, but has no functional impact. The timer gets updated automatically and the RUM Reporting will be retried after 24 hours.

  • To find more information about rum reports, use the following show commands:

    • show license rum id all - The output of this show command displays the list of all rum ids.

       Note

      The show license rum id 0 command also displays the list of all rum reports. The value 0 also represents all in the case of this command.

    • show license rum id report_id - This command allows you to select one rum id from the list and the output of this command displays a short summary of the report.

    • show license rum id all detail - The output of this command provides a list of all rum ids in a detailed format.

    • show license rum id report_id detail - This command allows you to select one rum id, about which you want to know the details, from the list and the output displays a detailed format of the report.

Online Deployments

Online Deployments are classified as Direct and On-premises deployments. The direct deployment is done using either Smart or Call Home Transport mode. Both the transport modes have the option to use proxy servers. The On-premises deployment is done using either SSM On-prem or CSLU. SSM On-prem and CSLU also have the option to use proxy servers.

Direct Deployments

Direct deployment involves connecting devices to tools.cisco.com through the internet or an HTTP proxy server to report usage information using the Smart transport mode. Direct deployment works out of the box with no additional configuration.

Direct deployment is most suitable for small networks, especially in the enterprise world. It's when a user doesn't want to manage an on-premises server and communicates with Cisco directly or through a proxy.

Transport Modes

The two modes of transport available for Direct deployment are Smart and Call home.

Smart - The Smart Transport mode is a transport method where a Smart Licensing (JSON) message is contained within an HTTP message and exchanged between a product instance and CSSM to communicate.

Call Home - The Call Home Transport mode provides e-mail-based and web-based notifications of critical system events. This method of connecting to CSSM is available in the Smart Licensing environment and remains available with SLP.

Direct Deployment Methods

Direct deployment is also termed as Topology 2: Connected Directly to CSSM. The transport mode is Smart transport or call home. Direct deployment offers these methods:

  • Direct Cloud Access: In this method, the product instance or device sends usage information directly over the internet to CSSM. The transport mode can be either Smart or Call Home.

  • Direct Cloud access through a proxy server: In this method, the product instance or device sends usage information over the internet through a proxy server using either Smart or Call Home transport mode to CSSM.

Report License Usage

In direct deployments, the device automatically generates reports once it establishes a trusted connection with the CSSM. The device initiates communication and automatically sends out the license usage report as per the default policy. CSSM automatically sends the ACK reports in the first 5 minutes. You can set up a subsequent reporting frequency as per the policy.

Steps to Deploy SLP using Direct Deployment Mode

After you order the licenses and set up your smart accounts in CSSM, activate and manage licenses for your chosen mode of direct deployment.

  1. Based on your choice of transport mode, choose any one of these procedure to activate licenses.

  2. Irrespective of the mode of transport used, the procedure to manage the licenses in the direct deployment mode is the same - Manage Licenses on Direct Deployment with Smart or Call Home Transport Mode

Activate Licenses on Direct Deployment with Smart Transport Mode

Step 1

Enable smart transport mode on your device using the license smart transport smart command.

Example:
switch# configure
switch(config)# license smart transport smart

Step 2

Configure the transport URL with the license smart url smart transport-url command.

The switch automatically configures the Smart URL (https://smartreceiver.cisco.com/licservice/license).

Example:
switch(config)# license smart url smart https://smartreceiver.cisco.com/licservice/license

Step 3

If you are deploying Direct Cloud access through an HTTPS proxy method, configure a proxy for the smart transport mode using the license smart proxy hostname port port-number command. Skip this step for Direct Cloud Access deployment.

When you configure a proxy server, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message to CSSM.

Example:
switch(config)# license smart proxy hostname proxy.esl.cisco.com port 80
switch(config)# commit
switch(config)# exit

Step 4

Establish trust by generating a token from the smart account and virtual account in CSSM and copy the token on the devices using the license smart trust idtoken command.

Example:
switch# license smart trust idtoken MjczNDMwZWYtNDAzMS00NjNmLWJmMTQtMzM1YmRhZDAxZWNmLTE3MjA1OTE3%0ANzM4MTh8eit1NENmLzNYaHg3WVk3VzFYeDVxc0xSaEZqNjhtNERGMnc5UHZK%0AU1RMYz0%3D%0A all force

Step 5

View the trust establishment on the device using the license smart save trust-request filepath_filename command.

Example:
switch# license smart save trust-request file1

Step 6

Verify license status using the show license status command. Verify the latest date at Trust Code Installed.

Example:
switch# show license status

switch(config)# show license status 
Utility: 
    Status: DISABLED

Smart Licensing using Policy:
    Status: ENABLED

Data Privacy: 
    Sending Hostname: yes 
    Callhome Hostname Privacy: DISABLED 
        Smart Licensing Hostname Privacy: DISABLED 
    Version Privacy: DISABLED 

Transport: 
    Type: Smart
    URL: https://smartreceiver.cisco.com/licservice/license
    Proxy: 
        Not configured
    VRF: management

Policy: 
    Policy in use: Merged from multiple sources 
    Reporting ACK required: Yes
    Unenforced/Non-Export: 
        First report requirement (days): 90 (CISCO default)
        Ongoing reporting frequency (days): 365 (CISCO default)
        On change reporting (days): 90 (CISCO default)
    Enforced (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)
    Export (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)

Miscellaneous:
    Custom Id: <empty>

Usage reporting:
    Last ACK received: Oct 11 19:53:10 2023  UTC
    Next ACK deadline: Jan  9 19:53:10 2024  UTC
    Reporting push interval: 30 days
    Next ACK push check: Oct 11 19:59:06 2023  UTC
    Next report push: Nov 10 19:55:08 2023  UTC
    Last report push: Oct 11 19:55:08 2023  UTC
    Last report file write: <none>

Trust Code installed: Oct 11 18:52:39 2023  UTC
    Active: PID: N9K-C9364C-H1, SN: FDO27220LPP 
        Oct 11 18:52:39 2023  UTC 

switch(config)#

Activate Licenses on Direct Deployment with Call Home Transport Mode

Step 1

Enable call home transport mode on your device using the license smart transport callhome command.

Example:
switch# configure
switch(config)# license smart transport callhome

Step 2

Configure the basic call home configurations.

  1. callhome

  2. email-contact <email_id>

  3. phone-contact <contact_number>

  4. streetaddress <address>

  5. destination-profile CiscoTAC-1 transport-method http

  6. destination-profile CiscoTAC-1 index 1 http https://tools.cisco.com/its/service/oddce/services/DDCEService

  7. transport http use-vrf <vrf>

  8. enable

Example:
switch(config)# callhome
switch(config-callhome)# email-contact sch-smart-licensing@cisco.com
switch(config-callhome)# phone-contact +1-408-800-900
switch(config-callhome)# streetaddress 270 E Tasman Dr
switch(config-callhome)# destination-profile CiscoTAC-1 transport-method http
switch(config-callhome)# destination-profile CiscoTAC-1 index 1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
switch(config-callhome)# transport http use-vrf management
switch(config-callhome)# enable
switch(config-callhome)# exit
switch(config)#

Step 3

If you are deploying Direct Cloud access through a proxy method, configure a proxy for the call home transport mode using the transport http proxy hostname port port-number command. Skip this step for Direct Cloud Access deployment.

When you configure a proxy server, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message to CSSM.

Example:
switch(config)# callhome
switch(config-callhome)# transport http proxy server 192.168.0.1 port 3128
switch(config-callhome)# exit

Step 4

Establish trust by generating a token from the smart account and virtual account in CSSM and copy the token on the devices using the license smart trust idtoken command.

Example:
switch# license smart trust idtoken MjczNDMwZWYtNDAzMS00NjNmLWJmMTQtMzM1YmRhZDAxZWNmLTE3MjA1OTE3%0ANzM4MTh8eit1NENmLzNYaHg3WVk3VzFYeDVxc0xSaEZqNjhtNERGMnc5UHZK%0AU1RMYz0%3D%0A all force

Step 5

View the trust establishment on the device using the license smart save trust-request filepath_filename command.

Example:
switch# license smart save trust-request file1

Step 6

Verify license status using the show license status command. Verify the latest date at Trust Code Installed.

Example:
switch(config-callhome)# show license status 
Utility: 
Status: DISABLED

Smart Licensing using Policy:
Status: ENABLED

Data Privacy: 
Sending Hostname: yes 
Callhome Hostname Privacy: DISABLED 
Smart Licensing Hostname Privacy: DISABLED 
Version Privacy: DISABLED 

Transport: 
Type: Callhome

Policy: 
Policy in use: Merged from multiple sources 
Reporting ACK required: Yes
Unenforced/Non-Export: 
First report requirement (days): 1 (Installed)
Ongoing reporting frequency (days): 1 (Installed)
On change reporting (days): 1 (Installed)
Enforced (Perpetual/Subscription): 
First report requirement (days): 1 (Installed)
Ongoing reporting frequency (days): 1 (Installed)
On change reporting (days): 1 (Installed)
Export (Perpetual/Subscription): 
First report requirement (days): 1 (Installed)
Ongoing reporting frequency (days): 1 (Installed)
On change reporting (days): 1 (Installed)

Miscellaneous:
Custom Id: <empty>

Usage reporting:
Last ACK received: <none>
Next ACK deadline: Oct 1 08:10:04 2024 UTC
Reporting push interval: 1 days
Next ACK push check: <none>
Next report push: Sep 30 08:10:34 2024 UTC
Last report push: <none>
Last report file write: <none>

Trust Code installed: Sep 30 08:10:03 2024 UTC
Active: PID: N9K-C93600CD-GX, SN: FDO24510644 
Sep 30 08:10:03 2024 UTC 


switch(config-callhome)#

Manage Licenses on Direct Deployment with Smart or Call Home Transport Mode

Step 1

Navigate to Smart Software Licensing > Reports on the CSSM UI.

Step 2

Download the acknowledgment sent and upload to your device.

Step 3

Manage the license consumption on your devices. View the license status and summary using the show license summary show license usage command.

Example:
switch# show license usage
switch(config)# show license usage 

License Authorization: 
  Status: Not Applicable

(DCN_NDB):
  Description: DCN NDB Add-On License
  Count: 1
  Version: 1.0
  Status: IN USE
  Enforcement Type: NOT ENFORCED
  License Type: Generic

(NXOS_ESSENTIALS):
  Description: NX-OS essentials license for fixed XF2 platforms
  Count: 1
  Version: 1.0
  Status: IN USE
  Enforcement Type: NOT ENFORCED
  License Type: Generic

switch(config):

Step 4

(Optional) Set the time interval to automatically synchronize RUM reports using the license smart usage interval command.

Example:
switch# license smart usage interval

You can generate and view RUM report on your device. See Reporting License Usage.

.

On-Premises Deployments

On-Premises deployment is a deployment option for organizations that prefer not to have their products communicate directly with CSSM over the internet. This type of deployment involves the use of either a license server, such as Smart Software Manager (SSM), or a Windows application, such as Cisco Smart License Utility (CSLU), on the premises to manage devices and licenses. These tools use a synchronization process to exchange license information with CSSM, which can be done automatically over the network or manually offline.

The two ways to set up On-Premises deployments are:

  • SSM On-Prem

  • CSLU

Smart Software Manager On-Prem

Smart Software Manager (SSM) is an On-Premise version of CSSM and provides a similar set of features. When you connect a device to SSM On-Prem, SSM On-Prem becomes the single point of interface with CSSM. Once the SSM On-Prem is operational, devices register to SSM On-Prem and report license consumption.

SSM On-Prem Modes

SSM On-Prem connects with Cisco Smart Software Manager in the cloud to synchronize license consumption and usage at the desired frequency such as daily, weekly, or monthly. You can also deploy SSM On-Prem in a totally disconnected mode.

  • Connected - Manage your devices on premises with a license server connected to CSSM. Devices register to SSM On-Prem and report license consumption and usage to CSSM at the desired frequency. Based on topologies, this online deployment is classified as On-Premises Deployment using SSM On-Prem and also termed as Topology 4: Connected to CSSM through SSM On-Prem. See Steps to Deploy SSM On-Prem to deploy SSM-On Prem in Connected Mode.

  • Disconnected - Manage your devices on premises without connecting to CSSM. SSM On-Prem synchronizes to CSSM through a manual file transfer process for reporting license consumption and usage. Based on topologies, this Offline Deployment mode is classified as SSM On-Prem in Disconnected Mode and also termed as Topology 5: SSM On-Prem disconnected from CSSM. See the deployment of SSM On-Prem in Disconnected Mode in the Remote Deployments section.

Report License Usage

To report license usage, synchronize local accounts on SSM On-Prem with CSSM by using the Synchronization widget in the SSM On-Prem UI.

Execute the license smart sync all command to synchronize device information with SSM On-Prem. You can synchronize license usage with CSSM using the following:

  • Set up on-demand synchronization with CSSM

  • Schedule synchronization with CSSM at a specified time

  • Synchronize the license usage with CSSM, either by connecting to CSSM immediately or by downloading and uploading files for SSM On-Prem disconnected mode.

Steps to Deploy SSM On-Prem in Connected Mode

After you order the license and set up your smart accounts in CSSM:

  1. Activate Licenses on SSM On-Prem in Connected Mode

  2. Manage Licenses on SSM On-Prem in Connected Mode

 Note

Use the same procedures to deploy SSM On-prem proxy method.

Activate Licenses on SSM On-Prem in Connected Mode
 Note

If the device is registered to SSM On-Prem with pre-SLP release using callhome transport, then the transport mode changes to CSLU after the migration. Also, the url is populated on the product instance from OnPrem CSLU tenant ID. Ensure that you save the configuration using the copy running-config startup-config command.


Step 1

Go to the Software Download. page, click Smart Software Manager On-Prem, and download and install Smart Software Manager On-Prem. See Cisco Smart License Utility Quick Start Setup Guide.

Step 2

Configure SSM On-Prem and create a local account. See SSM On-Prem User Guide

Step 3

Navigate to the License workspace > Inventory > General > Product Usage Registration Tokens, select CSLU Transport URL at the SSM On-Prem UI.

 Note

If you are deploying SSM On-Prem proxy method, to configure a proxy see Cisco Smart Software Manager On-Prem User Guide.

Step 4

Configure the transport mode and SSM On-Prem URL on your device using the license smart transport cslu command.

The SSM On-Prem URL is http://<ip>/cslu/v1/pi/<tenant ID>. Enter the hostname or the IP address of the server where you have installed SSM On-Prem. The tenantID is the default local virtual account ID.

Example:
switch# configure
switch(config)# license smart transport cslu
switch(config)# license smart url cslu http://192.0.2.1:8182/cslu/v1/pi/SATELLITE9-1 
switch(config)# exit

Step 5

Establish trust by generating the token from the SSM On-Prem UI and copy the token to the switch using the license smart trust idtoken idtoken all force command.

Example:
switch# license smart trust idtoken MjczNDMwZWYtNDAzMS00NjNmLWJmMTQtMzM1YmRhZDAxZWNmLTE3MjA1OTE3%0ANzM4MTh8eit1NENmLzNYaHg3WVk3VzFYeDVxc0xSaEZqNjhtNERGMnc5UHZK%0AU1RMYz0%3D%0A
all force

Step 6

Verify the license status using the show license status command. View the trust establishment on the device and verify the latest date at Trust Code Installed.

Example:
switch# show license status
Utility: 
    Status: DISABLED

Smart Licensing using Policy:
    Status: ENABLED

Data Privacy: 
    Sending Hostname: yes 
    Callhome Hostname Privacy: DISABLED 
        Smart Licensing Hostname Privacy: DISABLED 
    Version Privacy: DISABLED 

Transport: 
    Type: CSLU
    Cslu address: cslu-local
    VRF: management

Policy: 
    Policy in use: Merged from multiple sources 
    Reporting ACK required: Yes
    Unenforced/Non-Export: 
        First report requirement (days): 90 (CISCO default)
        Ongoing reporting frequency (days): 365 (CISCO default)
        On change reporting (days): 90 (CISCO default)
    Enforced (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)
    Export (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)

Miscellaneous:
    Custom Id: <empty>

Usage reporting:
    Last ACK received: <none>
    Next ACK deadline: Dec 17 16:56:03 2024  IST
    Reporting push interval: 30 days
    Next ACK push check: <none>
    Next report push: Sep 18 16:58:03 2024  IST
    Last report push: <none>
    Last report file write: <none>

Trust Code installed: May  2 17:42:31 2024  IST
    Active: PID: N9K-C93240YC-FX2, SN: FDO250202BV 
        May  2 17:42:31 2024  IST 

switch(config)#

Manage Licenses on SSM On-Prem in Connected Mode

Step 1

Log into the SSM On-Prem > Smart Licensing workspace.

If you have deployed ....Then perform these steps ...

SSM On-Prem connected mode

  1. Navigate to Reports > Usage Schedules > Synchronize now with Cisco and generate a license usage RUM report in the Smart Licensing workspace.

  2. Navigate to Inventory > SL Using Policy and select one or more devices by enabling the corresponding check box, and Click Actions for Selected... > Collect Usage.

Step 2

Manage the license consumption on your devices. View the license status and summary using the show license summary or show license usage commands.

Example:
switch# show license summary
License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
LAN license for Nexus 9... (LAN_ENTERPRISE_SERVICES_PKG)    1       IN USE
switch#
switch# show license usage
	License Authorization: 
Status: Not Applicable

(LAN_ENTERPRISE_SERVICES_PKG):
Description: LAN license for Nexus 9300-XF
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic


switch(config)# 

Step 3

(Optional) Set the time interval for automatic synchronizing of the RUM reports using the license smart usage interval <1-365> command.

Example:
switch# license smart usage interval 90

Cisco Smart Licensing Utility

Cisco Smart License Utility Manager (CSLU) is a Windows-based application that enables you to administer licenses for your devices on premises instead of having to directly connect your devices to CSSM. When you connect a device to CSLU, CSLU becomes the only interface with CSSM. Once the CSLU is operational, devices register to CSLU and report license consumption.

For information about downloading, installing, and using CSLU, see Cisco Smart License Utility

CSLU Modes

The CSLU can be configured in both Online and Offline modes.

  • CSLU Online or Connected - Device initiates communication automatically and sends the RUM report to CSLU as per the default policy. CSLU forwards the RUM report to CSSM and retrieves the acknowledgment (ACK). Based on topologies, this Online Deployment is classified as On-Premises Deployment using CSLU and also termed as Topology1: Connected to CSSM through CSLU. See Steps to Deploy CSLU On-Prem in Online Mode.

  • CSLU Offline or Disconnected - Device initiates communication automatically and sends the RUM reports to CSLU. CSLU is not connected to CSSM, so you need to manually connect to CSSM and upload the RUM reports. Based on the topologies, this Offline Deployment is classified as Offline Deployment using CSLU in Offline Mode and also termed as Topology 3: CSLU Disconnected from CSSM. See CSLU Offline Mode in the Remote Deployments section.

Report License Usage

By default, the CSLU utility application is scheduled to collect data information at 24-hour intervals. CSLU connects to the selected Product Instance(s) and collects the RUM reports. These RUM reports are then stored in the CSLU’s local library.

Steps to Deploy CSLU On-Prem in Online Mode

After you order the license and set up your smart accounts in CSSM:

  1. Activate Licenses on CSLU in Online Mode

  2. Manage Licenses on CSLU in Online Mode

 Note

Use the same procedures to deploy CSLU On-prem proxy method.

Activate Licenses on CSLU in Online Mode

Step 1

Go to the Software Download page, click Smart Licensing Utility, and download and install the latest version of CSLU application on your Windows or Linux server. See Cisco Smart Licensing Utility Quick Start Setup Guide for CSLU and Software Download for Linux.

 Note

If you are deploying CSLU proxy method, to configure a proxy see Cisco Smart Licensing Utility User Guide.

Step 2

Set up CSLU preference settings and associate the Smart account and virtual account details. See Cisco Smart Licensing Utility User Guide.

Step 3

Configure the transport mode on the device using the license smart transport cslu command.

Example:
switch# configure
switch(config)# license smart transport cslu

Step 4

Configure the transport URL using the license smart url cslu command.

The default CSLU URL is http://cslu-local:8182/cslu/v1/pi. 8182 is the port number on the CSLU.

Example:
switch(config)# license smart url cslu http://192.0.2.1:8182/cslu/v1/pi
switch(config)# exit

Step 5

If you want to establish trust immediately with CSLU, use the license smart sync all command.

Step 6

Verify the license status using the show license status command. Verify the latest date in the Trust Code Installed field.

Example:
switch# show license status

Utility: 
    Status: DISABLED

Smart Licensing using Policy:
    Status: ENABLED

Data Privacy: 
    Sending Hostname: yes 
    Callhome Hostname Privacy: DISABLED 
        Smart Licensing Hostname Privacy: DISABLED 
    Version Privacy: DISABLED 

Transport: 
    Type: CSLU
    Cslu address: cslu-local
    VRF: cisco

Policy: 
    Policy in use: Merged from multiple sources 
    Reporting ACK required: Yes
    Unenforced/Non-Export: 
        First report requirement (days): 90 (Installed)
        Ongoing reporting frequency (days): 365 (Installed)
        On change reporting (days): 120 (Installed)
    Enforced (Perpetual/Subscription): 
        First report requirement (days): 30 (Installed)
        Ongoing reporting frequency (days): 90 (Installed)
        On change reporting (days): 60 (Installed)
    Export (Perpetual/Subscription): 
        First report requirement (days): 30 (Installed)
        Ongoing reporting frequency (days): 30 (Installed)
        On change reporting (days): 30 (Installed)

Miscellaneous:
    Custom Id: <empty>

Usage reporting:
    Last ACK received: Nov 15 02:51:57 2022  UTC
    Next ACK deadline: Nov 15 02:51:57 2023  UTC
    Reporting push interval: 30 days
    Next ACK push check: <none>
    Next report push: Dec 15 02:46:56 2022  UTC
    Last report push: Nov 15 02:46:56 2022  UTC
    Last report file write: <none>

Trust Code installed: Nov 13 22:36:48 2022  UTC
    Active: PID: N9K-C93180YC-FX3H, SN: FDO26170Q6A 
        Nov 13 22:36:48 2022  UTC


Manage Licenses on CSLU in Online Mode

Perform these steps to manage licenses on CSLU.

.


Step 1

Log into CSLU UI .

Step 2

Synchronize the reports from CSLU with Cisco using the CSLU UI..

If you have deployed ....Then perform these steps ...

CSLU Online

Navigate to CSLU > Data Menu > Send to CSSM to immediately send RUM reports to Cisco. See Reporting License Usage.


Offline Deployments

Offline deployment is when a device is not communicating with Cisco. Offline deployments, also termed as air-gapped deployments, are used in highly secure environments which have no internet access.

Offline Deployments Based on your Network

Depending on your network environment, you can select the offline deployment methods.

  • Remote deployments - Your On-Premises servers offer disconnected modes. Use disconnected licensing mode by turning off communication with Cisco on your On-Premises servers.

    • SSM On-Prem in Disconnected Mode

    • CSLU in Offline Mode or Disconnected

    See Remote Deployments.

  • Air-gapped deployments from the switch - License reservation offers security for organizations that need a full air-gapped environment when on-premises licensing is not an option. The license reservation solution is for classified environments that don’t allow electronic communication in or out of the environment. With a license reservation solution, you are fully offline without any ongoing communication or additional infrastructure. After you order the license and set up your smart accounts in CSSM, you can Activate Licenses in Air-Gapped Deployment from the Switch.

Report License Usage

Report license usage for remote environments - In remote offline deployments, turn off device communication to CSSM on the On-Premises servers. Manually upload the license consumption using RUM reports to establish trust and reporting to CSSM.

Report license usage for air-gapped environments from the switch - In fully offline deployment, no action is required, as there is no trust establishment or reporting of devices to CSSM.

Remote Deployments

Based on the topologies, the two types of remote deployments, where licenses are activated on SSM On-Prem and on CSLU are also termed as Topology 5: SSM On-Prem Disconnected from CSSM and Topology 3: CSLU Disconnected from CSSM respectively.

Steps to Deploy SSM On-Prem in Disconnected Mode

To deploy SLP remotely using SSM On-Prem in Disconnected mode, perform these two steps.

  1. Activate Licenses on SSM On-Prem in Disconnected Mode

  2. Manage Licenses on SSM On-Prem in Disconnected Mode

Activate Licenses on SSM On-Prem in Disconnected Mode

Step 1

Go to the Software Download page, click Smart Software Manager On-Prem, and download and install Smart Software Manager On-Prem. See Cisco Smart License Utility Quick Start Setup Guide.

Step 2

Configure SSM On-Prem and create a local account. See SSM On-Prem User Guide

Step 3

Navigate to the License workspace > Inventory > General > Product Usage Registration Tokens, select CSLU Transport URL at the SSM On-Prem UI.

Step 4

Configure the transport mode and SSM On-Prem URL on your device using the license smart transport cslu command.

The SSM On-Prem URL is http://<ip>/cslu/v1/pi/<tenant ID>. Enter the hostname or the IP address of the server where you have installed SSM On-Prem. The tenantID is the default local virtual account ID.

Example:
switch# configure
switch(config)# license smart transport cslu
switch(config)# license smart url cslu http://192.0.2.1:8182/cslu/v1/pi/SATELLITE9-1
switch(config)# exit

Step 5

If you are deploying SSM On-Prem disconnected mode, log off from CSSM.

  1. Set the license transport mode on the device using the license smart transport cslu command.

  2. Retrieve the RUM report on the device using the license smart save usage command.

    Example:
    switch# license smart save usage all usage.txt
  3. Navigate to Manage Licenses > Reports > Usage Data Files in the CSSM workspace to upload the report manually.

  4. Download the acknowledgment (ACK) file from CSSM and import it to the device using the license smart import command.

    Example:
    switch# license smart import tftp://203.0.113.5/auto/tftp-abc/ACK_RUM-usage-20240125.txt
    Import Data Successfull

Manage Licenses on SSM On-Prem in Disconnected Mode

Step 1

Log into SSM On-Prem > Smart Licensing workspace.

Step 2

Synchronize the reports from SSM On-Prem with Cisco using the SSM On-Prem > Smart Licensing workspace.

If you have deployed ....Then perform these steps ...

SSM On-Prem disconnected mode

  1. Navigate to Inventory > SL Using Policy> Export/Import All and select Export Usage to Cisco to manually trigger usage collection from the device. Upload the report to CSSM and receive the ACK file.

  2. Navigate to Inventory > SL Using Policy> Export/Import All... and select Import From Cisco to upload the .tar ACK file on the device.

Step 3

Manage the license consumption on your devices. View the license status and summary using the show license summary or show license usage commands.

Example:
switch# show license summary
License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
LAN license for Nexus 9... (LAN_ENTERPRISE_SERVICES_PKG)    1       IN USE
switch#
switch# show license usage
	License Authorization: 
Status: Not Applicable

(LAN_ENTERPRISE_SERVICES_PKG):
Description: LAN license for Nexus 9300-XF
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic


switch(config)# 

Step 4

(Optional) In the disconnected mode, manually upload the RUM reports with SSM On-Prem for synchronization.


Steps to Deploy CSLU in Offline Mode

To deploy SLP remotely using CSLU in Offline mode, perform these two steps.

  1. Activate Licenses on CSLU in Offline Mode

  2. Manage Licenses on CSLU in Offline Mode

Activate Licenses on CSLU in Offline Mode

Step 1

Go to the Software Download page, click Smart Licensing Utility. and download and install the latest version of the CSLU application on your Windows or Linux server. See Cisco Smart Licensing Utility Quick Start Setup Guide for CSLU and Software Download for Linux.

Step 2

Set up CSLU preference settings and associate the Smart account and virtual account details. See Cisco Smart Licensing Utility User Guide.

Step 3

If you want to deploy CSLU Offline mode, navigate to CSLU Preference > Cisco Connectivity and set the option to off in the CSLU UI.

The field switches to Cisco Is Not Available.

  1. Set the license transport mode on the device using the license smart transport off command.

    Example:
    switch# license smart transport off
  2. Retrieve the RUM report using the license smart save usage all command. Specify the filename (usage.txt) for the report.

    Example:
    switch# license smart save usage all usage.txt
  3. Navigate to Manage Licenses > Reports > Usage Data Files and select Upload Usage Data on the CSSM workspace to upload the report manually. The reporting status changes to No errors.

  4. Download the acknowledgment (ACK) file from CSSM and import the acknowledgment (ACK) file using the license smart import command. The first offline communication establishes trust on the device after the import. You can view the updates using the show license summary or show license usage command.

Example:
switch# show license summary
		License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
LAN license for Nexus 9... (LAN_ENTERPRISE_SERVICES_PKG)    1       IN USE
switch#

switch# show license usage
	License Authorization: 
Status: Not Applicable

(LAN_ENTERPRISE_SERVICES_PKG):
Description: LAN license for Nexus 9300-XF
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic


switch(config)# 

Step 4

Verify the license status using the show license status command. Verify the latest date in the Trust Code Installed field.

Example:
switch# show license status
	             
switch# show license status
Utility: 
    Status: DISABLED

Smart Licensing using Policy:
    Status: ENABLED

Data Privacy: 
    Sending Hostname: yes 
    Callhome Hostname Privacy: DISABLED 
        Smart Licensing Hostname Privacy: DISABLED 
    Version Privacy: DISABLED 

Transport: 
    Type: Off

Policy: 
    Policy in use: Merged from multiple sources 
    Reporting ACK required: Yes
    Unenforced/Non-Export: 
        First report requirement (days): 90 (Installed)
        Ongoing reporting frequency (days): 365 (Installed)
        On change reporting (days): 120 (Installed)
    Enforced (Perpetual/Subscription): 
        First report requirement (days): 30 (Installed)
        Ongoing reporting frequency (days): 90 (Installed)
        On change reporting (days): 60 (Installed)
    Export (Perpetual/Subscription): 
        First report requirement (days): 30 (Installed)
        Ongoing reporting frequency (days): 30 (Installed)
        On change reporting (days): 30 (Installed)

Miscellaneous:
    Custom Id: <empty>

Usage reporting:
    Last ACK received: <none>
    Next ACK deadline: <none>
    Reporting push interval: 30 days
    Next ACK push check: <none>
    Next report push: <none>
    Last report push: <none>
    Last report file write: <none>

Trust Code installed: Nov 13 22:36:48 2022  UTC
    Active: PID: N9K-C93180YC-FX3H, SN: FDO26170Q6A 
        Nov 13 22:36:48 2022  UTC

Manage Licenses on CSLU in Offline Mode

Log into CSLU UI to synchronize the reports from CSLU with Cisco.

If you have deployed...Then perform these steps....
CSLU Offline
  1. Navigate to Menu > Product Instances > Download All for Cisco and download the tar.gz file.

  2. Access the CSSM UI and upload the report at Manage Licenses > Reports > Usage Data Files > Upload Usage Data. Download the acknowledgment (ACK) file from CSSM.

  3. Specify a file path on the device and import the acknowledgment (ACK) file using the license smart import command.


Air-Gapped Deployment from the Switch

Based on the topology you have chosen, that is, if you have chosen Topology 6 No Connectivity to CSSM and No CSLU (Offline mode), the air-gapped deployment is done from the switch.

Activate Licenses in Air-Gapped Deployments from the Switch


Step 1

On the device, configure transport mode to off using the license smart transport off command.

Example:

switch(config)# license smart transport off 
switch(config)# exit 

Step 2

Generate and save the RUM report on the device using the license smart save usage command.

Example:

switch# license smart save usage all bootflash:all_rum.txt 
switch# copy bootflash:all_rum.txt tftp://10.8.0.6/all_rum.txt
 Note

The RUM reports capture the licensing transactions in the device for upload. On a greenfield device, there is nothing to report, so it is empty and not generated. Also, when there are no licensing transactions, and the user tries to save the report, the "Failure: save status: The requested item was not found" error appears. After a few licensing transactions, such as enabling a licensing feature, the report gets populated and generated for online/offline upload.

Step 3

Navigate to Manage Licenses > Reports > Usage Data Files in the CSSM workspace to upload the report manually.

Step 4

Download the acknowledgment (ACK) file from CSSM and import it to the device using the license smart import command.

Example:

switch# license smart import tftp://203.0.113.5/auto/tftp-abc/ACK_RUM-usage-20240125.txt
Import Data Successfull

Step 5

Verify the installed ACK on the device using the show license status command.

Example:

switch(config)# show license status
Utility: 
Status: DISABLED

Smart Licensing using Policy:
Status: ENABLED

Data Privacy: 
Sending Hostname: yes 
Callhome Hostname Privacy: DISABLED 
Smart Licensing Hostname Privacy: DISABLED 
Version Privacy: DISABLED 

Transport: 
Type: Off

Policy: 
Policy in use: Merged from multiple sources 
Reporting ACK required: Yes
Unenforced/Non-Export: 
First report requirement (days): 90 (Installed)
Ongoing reporting frequency (days): 365 (Installed)
On change reporting (days): 120 (Installed)
Enforced (Perpetual/Subscription): 
First report requirement (days): 30 (Installed)
Ongoing reporting frequency (days): 90 (Installed)
On change reporting (days): 60 (Installed)
Export (Perpetual/Subscription): 
First report requirement (days): 30 (Installed)
Ongoing reporting frequency (days): 30 (Installed)
On change reporting (days): 30 (Installed)

Miscellaneous:
Custom Id: <empty>

Usage reporting:
Last ACK received: <none>
Next ACK deadline: <none>
Reporting push interval: 30 days
Next ACK push check: <none>
Next report push: <none>
Last report push: <none>
Last report file write: <none>

Trust Code installed: Oct 23 22:10:21 2023 UTC
Active: PID: N9K-C9364C-H1, SN: FDO27220LPP 
Oct 23 22:10:21 2023 UTC 


switch(config)# 

Reporting License Usage

License reporting is important to manage license consumption. Devices generate the Resource Utilization Measurement (RUM) report and CSSM uses RUM reports to manage license consumption.

Verification Commands for RUM Reports in NX-OS

  • show license rum id all - The output of this show command displays the list of all rum ids.

     Note
    • The show license rum id 0 command also displays the list of all rum reports. The value 0 also represents all in the case of this command.

    • This command does not support XML output.

    Sample output

    switch(config)# show license rum id all
    Smart Licensing Usage Report:
    ====================================
    Report Id,          State,    Flag, Feature Name
    1726227775          CLOSED    N     LAN_ENTERPRISE_SERVICES_PKG
    1726227776          OPEN      N     LAN_ENTERPRISE_SERVICES_PKG
    1726227777          OPEN      N     VPN_FABRIC
    
  • show license rum id report_id - This command allows you to select one rum id from the list and the output of this command displays a short summary of the report.

    Sample output

    switch(config)# show license rum id 1726227777
    Smart Licensing Usage Report:
    ====================================
    Report Id,          State,    Flag, Feature Name
    1726227777          OPEN      N     VPN_FABRIC
    
  • show license rum id all detail - The output of this command provides a list of all rum ids in a detailed format.

    Sample output

    switch(config)# show license rum id all detail 
    Smart Licensing Usage Report Detail:
    ====================================
    
    Report Id: 1726227775
      Metric Name: ENTITLEMENT
      Feature Name: LAN_ENTERPRISE_SERVICES_PKG
      Metric Value: regid.2019-06.com.cisco.LAN_Nexus9300_XF,1.0_76a87ea7-465b-40fd-b403-1bf9d845aa1b
      UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ
      Previous Report Id: 1726227774,    Next Report Id: 1726227776
      State: CLOSED,      State Change Reason: DECONFIG
      Close Reason: DECONFIG
      Start Time: Sep 20 2024 22:53:49 IST,      End Time: Sep 26 2024 18:49:13 IST
      Storage State: EXIST
      Transaction ID: 0
      Transaction Message: <none>
    
    Report Id: 1726227776
      Metric Name: ENTITLEMENT
      Feature Name: LAN_ENTERPRISE_SERVICES_PKG
      Metric Value: regid.2019-06.com.cisco.LAN_Nexus9300_XF,1.0_76a87ea7-465b-40fd-b403-1bf9d845aa1b
      UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ
      Previous Report Id: 1726227775,    Next Report Id: 0
      State: OPEN,      State Change Reason: None
      Close Reason: None
      Start Time: Sep 26 2024 18:59:29 IST,      End Time: Sep 27 2024 14:30:45 IST
      Storage State: EXIST
      Transaction ID: 0
      Transaction Message: <none>
    
    Report Id: 1726227777
      Metric Name: ENTITLEMENT
      Feature Name: VPN_FABRIC
      Metric Value: regid.2019-06.com.cisco.FAB_Nexus9300_XF,1.0_e0928396-a363-443a-b2b0-f1fcc15d0553
      UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ
      Previous Report Id: 0,    Next Report Id: 0
      State: OPEN,      State Change Reason: None
      Close Reason: None
      Start Time: Sep 27 2024 14:30:45 IST,      End Time: Sep 27 2024 14:30:46 IST
      Storage State: EXIST
      Transaction ID: 0
      Transaction Message: <none>
    
  • show license rum id report_id detail - This command allows you to select one rum id, about which you want to know the details, from the list and the output displays a detailed format of the report.

    Sample output

    switch(config)# show license rum id 1726227777 detail 
    Smart Licensing Usage Report Detail:
    ====================================
    Report Id: 1726227777
      Metric Name: ENTITLEMENT
      Feature Name: VPN_FABRIC
      Metric Value: regid.2019-06.com.cisco.FAB_Nexus9300_XF,1.0_e0928396-a363-443a-b2b0-f1fcc15d0553
      UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ
      Previous Report Id: 0,    Next Report Id: 0
      State: OPEN,      State Change Reason: None
      Close Reason: None
      Start Time: Sep 27 2024 14:30:45 IST,      End Time: Sep 27 2024 14:30:46 IST
      Storage State: EXIST
      Transaction ID: 0
     Transaction Message: <none>
    

Generate RUM Reports

You can generate the RUM report from the device using the show license rum id command. You can sync or manually upload the RUM report to CSSM based on your deployment.

Procure RUM Reports

If your deployment is...

Then...

SSM On-Prem using connected mode

perform these tasks:

  1. Generate the RUM report from the device using the show license rum command.

    SSM On-Prem server connects to the selected device and collects the usage reports and stores the report in the local library.

  2. Navigate to SSM On-Prem > Smart Licensing workspace on SSM On-Prem UI to synchronize the reports with Cisco.

SSM On-Prem using disconnected mode

perform these tasks:

  1. Generate the RUM report on the router using the show license rum id command and upload it to CSSM.

  2. Download the ACK (acknowledgment) file and import it on the device using the license smart import command.

CSLU Utility using online mode

no action is required.

The device automatically sends RUM reports to CSLU as per the default policy.

If you want to synchronize the reports immediately, navigate to CSLU> Data Menu workspace, select Send to CSSM.

CSLU Utility using offline mode

perform these tasks:

  1. Generate the RUM report on the router using the show license rum id command and upload it to CSSM.

  2. Download the ACK (acknowledgment) file, and import it on the device using the license smart import command.

Direct deployment

no action is required.

The device automatically sends the RUM report as per the default policy.

Statistical View of RUM Reports

A statistical view of a RUM report includes

  • total number of reports on the device

  • number of reports that have a corresponding ACK

  • number of reports waiting for an ACK, and so on.

To view the statistical RUM report information, use the show license all and show license tech support commands.

Nexus Dashboard controller license consumption

Nexus Dashboard (ND) controller or cluster is bundled with Day2Ops applications. These applications request for controller licenses such as controller-ess, controller-adv, or controller-pre from the NX-OS switch. Based on this request, the corresponding licenses such as NXOS_ESSENTIALS, NXOS_ADVANTAGE, or DCN_PREMIER are used on the switch.

 Note

If you downgrade from NX-OS Release 10.5(2)F to a lower image version, and upgrade to the 10.5(2)F or later versions, you must verify the controller license again.

You can verify the license usage using the show license controller usage or show license usage commands.

This is a sample output for show license controller usage command.

switch# show license controller usage 
cluster01
NXOS_ESSENTIALS: TRUE
NXOS_ADVANTAGE: FALSE
DCN_PREMIER: FALSE

cluster02
NXOS_ESSENTIALS: FALSE
NXOS_ADVANTAGE: TRUE
DCN_PREMIER: FALSE

cluster03
NXOS_ESSENTIALS: FALSE
NXOS_ADVANTAGE: FALSE
DCN_PREMIER: TRUE

switch#

This is a sample output for show license usage command.

switch# show license usage 

License Authorization: 
Status: Not Applicable

(DCN_PREMIER):
Description: ACI Premier SW license for a 10/25/40G (XF) N9K Leaf
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic

switch# show license usage DCN_PREMIER 
Feature List:
controller-adv
controller-ess
controller-pre

switch#

When the feature is enabled on the NX-OS switch with the license feature on the ND controller side, the highest between the two licenses is used. This is a sample output that depicts this scenario.

switch# show license usage 

License Authorization: 
Status: Not Applicable

(DCN_PREMIER):
Description: ACI Premier SW license for a 10/25/40G (XF) N9K Leaf
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic

switch# show license usage DCN_PREMIER 
Feature List:
bgp
controller-adv
controller-ess
controller-pre

switch#
 Note

If there is no communication between the NX-OS switch and the ND controller for more than 24 hours, then the controller license usage information is deleted from the switch.

High Availability

This section explains considerations that apply to a High Availability configuration, when running a software version that supports SLP.

Trust Code Requirements in a High Availability Setup

In Dual Supervisor setup, two trust codes are installed. The active Product instance can submit the requests for both the supervisors and install the trust codes that are returned in an ACK.

Policy Requirements in a High Availability Setup

There are no policy requirements that apply exclusively to a High Availability setup. As in case of a standalone product instance, only one policy exists in a High Availability setup as well, and this is on the active. The policy on the active applies to the standby in the setup.

Product Instance Functions in a High Availability Setup

This section explains general product instance functions in a High Availability setup, and what the product instance does when a standby is added.

For trust codes: The active product instance can request (if necessary) and install trust codes for standby.

For policies: The active product instance synchronizes with the standby.

For reporting: Only the active product instance reports usage. The active reports usage information for standby.

In addition to scheduled reporting, the following events trigger reporting:

  • The addition or removal of a standby. The RUM report includes information about the standby that was added or removed.

  • A switchover.

  • A reload.

For addition of a standby:

  • A product instance that is connected to CSLU, does not take any further action.

  • A product instance that is directly connected to CSSM, performs trust synchronization. Trust synchronization involves the following:

    • Installation of trust code on the standby if not installed already.

    • Installation of policy and purchase information, if applicable.

    • Sending of a RUM report with current usage information.

Upgrades

This section describes how upgrade or migration to SLP is handled. It also clarifies how SLP handles all earlier licensing models including: the earlier version of Smart Licensing, Right-to-Use Licensing (RTU), and how evaluation or expired licenses from any of the earlier licensing models are handled in SLP environment.

To migrate to SLP, you must upgrade to a software version that supports SLP. After you upgrade, SLP is the only supported licensing model and the switch continues to operate without any licensing changes. The SLP section provides details and examples for migration scenarios that apply to Cisco Nexus Switches.

 Note

When migrating from traditional licensing model to SLP, license conversion takes place automatically. This Device Led Conversion (DLC) process is triggered when traditional licenses are detected on the device during an upgrade. DLC request is sent to CSSM as part of the license report and may take up to an hour to complete.

Identifying the Current Licensing Model Before Upgrade

Before you upgrade to SLP, if you want to know the current licensing model that is effective on the switch, enter the show running license all command in privileged EXEC mode. This command displays information about the current licensing model for all except the RTU licensing model.

How an Upgrade Affects Enforcement Types for Existing Licenses

An unenforced license that was being used before upgrade, remains available after upgrade. All licenses on Cisco Nexus Switches are unenforced licenses. This includes licenses from the earlier licensing models as follows:

  • Traditional Licensing (PAK)

  • Smart Licensing

  • Right-to-Use (RTU) Licensing

  • Evaluation or expired licenses from any of the above-mentioned licensing models

How an Upgrade Affects Reporting for Existing Licenses

When you upgrade to a software version which supports SLP, reporting is based on the reporting requirements in the policy which can be displayed in the output of the show license status command for the following licenses:

  • Traditional Licenses (PAK)

  • Smart Licenses (Registered and Authorized licenses)

  • Right-to-Use (RTU) Licenses

  • Evaluation or expired licenses

How an Upgrade Affects Transport Type for Existing Licenses

The transport type, if configured in your existing setup, is retained after upgrade to SLP.

When compared to the earlier version of Smart Licensing, other transport types are available with SLP. There is also a change in the default transport mode. The following table clarifies how this may affect upgrades:

Migration Transport Type Before Upgrade Transport Type After Upgrade
SL (EVAL) Callhome

CSLU

SL (Registered)

Callhome

PAK-based NA

CSLU

SL (Registered) with On-Prem callhome

CSLU

How an Upgrade Affects the Token Registration Process

In the earlier version of Smart Licensing, a token was used to register and connect to CSSM. ID token registration is not required in SLP. The token generation feature is still available in CSSM and is used to establish trust when a switch is directly connected to CSSM. See .

Downgrades

To downgrade, you must downgrade the software version on the switch. This section provides information about downgrades for new deployments and existing deployments (you upgraded to SLP and now want to downgrade).

New Deployment Downgrade

This section applies if you had a newly purchased switch with a software version where SLP was already enabled by default, and you want to downgrade to a software version where SLP is not supported.

The outcome of the downgrade depends on whether a Trust Code was installed while you were still operating in the SLP environment, and further action may be required depending on the release you downgrade to.

If the topology you implemented while in the SLP environment was connected directly to CSSM, then a trust code installation can be expected or assumed, because it is required as part of topology implementation. For any of the other topologies, trust establishment is not mandatory. Downgrading switches with one of these other topologies will therefore mean that you must restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment. The following table displays the outcome and action for new deployment downgrade to Smart Licensing.

Outcome and Action for New Deployment Downgrade to Smart Licensing

In the SLP Environment

Downgrade to…

Outcome and Further Action

Standalone product instance, which is connected directly to CSSM, and trust established.

Action is required: You must reregister the product instance.

Action is required: You must re-register the product instance.

High Availability setup, which is connected directly to CSSM, and trust established.

Any release that supports Smart Licensing.

Action is required: You must re-register the product instance.

Generate an ID token in the CSSM Web UI and on the product instance, enable smart licensing using license smart enable and configure the license smart register idtoken idtoken all command in global configuration mode.

Any other topology. (Connected to CSSM Through CSLU, CSLU Disconnected from CSSM, No Connectivity to CSSM and No CSLU)

Any release that supports Smart Licensing.

Action is required: Restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment.

Upgrade and Then Downgrade

If you upgrade to a software version that supports SLP and then downgrade to any of the earlier licensing models, license consumption does not change, and any product features you have configured on the product instance are preserved – only the features and functions that are available with SLP are not available anymore. Refer to the corresponding section below to know more about reverting to an earlier licensing model.

Upgrade to SLP and Then Downgrade to Smart Licensing

The outcome of the downgrade depends on whether a Trust Code was installed while you were still operating in the SLP environment, and further action may be required depending on the release you downgrade to. See Table 1.

Migrating to Smart Licensing Using Policy

To upgrade to SLP, you must upgrade the software version (image) on the switch to a supported version.

Before You Begin

Ensure that you have read the Upgrades section, to understand how SLP handles various aspects of all earlier licensing models.

When migrating from traditional licensing model to SLP, license conversion takes place automatically. This Device Led Conversion (DLC) process is triggered when traditional licenses are detected on the device during an upgrade. DLC request is sent to CSSM as part of the license report and may take up to an hour to complete.

Upgrading the Switch Software

See the corresponding release note for the upgrade procedure. If there are any general release-specific considerations, these are called-out in the corresponding release notes.

Also refer to the sample show command outputs of the migration scenarios provided below. Sample outputs are provided for before and after migration, for comparison.

Smart Licensing to Smart Licensing Using Policy

The following is an example of a Cisco Nexus 9000 switch migrating from Smart Licensing to SLP. This is a High Availability setup with an active and a standby.

The show command outputs below call-out key fields to check, before and after migration.

Smart Licensing to Smart Licensing Using Policy: Show Commands
Before Upgrade After Upgrade

show license summary (Smart Licensing)

Device# show license summary 

Smart Licensing is ENABLED

Registration:
  Status: REGISTERED
  Smart Account: BU Production Test 1
  Virtual Account: N9K_SA_49_Testing
  Export-Controlled Functionality: Allowed

License Authorization: 
  Status: AUTHORIZED on Jul 16 14:26:01 2021 UTC

  Last Communication Attempt: SUCCEEDED
  Next Communication Attempt: Aug 15 14:26:01 2021 UTC
  Communication Deadline: Oct 14 14:20:59 2021 UTC

Smart License Conversion:
  Automatic Conversion Enabled: False
  Status: Not started

License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
LAN license for Nexus 9... (LAN_ENTERPRISE_SERVICES_PKG)    1       AUTHORIZED
Network Services for Ne... (NETWORK_SERVICES_PKG)           1       AUTHORIZED

The Status and License Authorization fields show that the license is REGISTERED and AUTHORIZED .

show license summary (SLP)

Device# show license summary 

License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
DCN NDB Add-On License ... (DCN_NDB)                        1       IN USE
Network Services for Ne... (NETWORK_SERVICES_PKG)           1       IN USE
LAN license for Nexus 9... (LAN_ENTERPRISE_SERVICES_PKG)    1       IN USE

The Status field shows that the licenses are now IN USE instead of registered and authorized.

show license usage (Smart Licensing)

Device# show license usage
License Authorization: 
  Status: AUTHORIZED on Jul 16 14:26:01 2021 UTC

(LAN_ENTERPRISE_SERVICES_PKG):
  Description: LAN license for Nexus 9500-M4
  Count: 1
  Version: 1.0
  Status: AUTHORIZED

(NETWORK_SERVICES_PKG):
  Description: Network Services for Nexus 9500 -M4
  Count: 1
  Version: 1.0
  Status: AUTHORIZED

show license usage (SLP)

License Authorization: Status: Not Applicable

(DCN_NDB):
Description: DCN NDB Add-On License N9K Modular <<< This is RTU license
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic

(NETWORK_SERVICES_PKG):
Description: Network Services for Nexus 9500 -M4
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic

(LAN_ENTERPRISE_SERVICES_PKG):
Description: LAN license for Nexus 9500-M4
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic

The license counts remain the same.

The Enforcement Type field displays NOT ENFORCED. (There are no export-controlled or enforced licenses on Cisco Nexus Switches).

show license status (Smart Licensing)
Device# show license status 
Smart Licensing is ENABLED

Registration:
  Status: REGISTERED
  Smart Account: BU Production Test 1
  Virtual Account: N9K_SA_49_Testing
  Export-Controlled Functionality: Allowed
  Initial Registration: SUCCEEDED on Jul 16 14:25:49 2021 UTC
  Last Renewal Attempt: None
  Next Renewal Attempt: Jan 12 14:25:48 2022 UTC
  Registration Expires: Jul 16 14:20:45 2022 UTC

License Authorization: 
  Status: AUTHORIZED on Jul 16 14:26:01 2021 UTC

  Last Communication Attempt: SUCCEEDED on Jul 16 14:26:01 2021 UTC
  Next Communication Attempt: Aug 15 14:26:00 2021 UTC
  Communication Deadline: Oct 14 14:20:58 2021 UTC

Smart License Conversion:
  Automatic Conversion Enabled: False
  Status: Not started

show license status (SLP)

Device# show license status 

Utility: 
    Status: DISABLED

Smart Licensing using Policy:
    Status: ENABLED

Data Privacy: 
    Sending Hostname: yes 
    Callhome Hostname Privacy: DISABLED 
        Smart Licensing Hostname Privacy: DISABLED 
    Version Privacy: DISABLED 

Transport: 
    Type: Callhome 

Policy: 
    Policy in use: Merged from multiple sources 
    Reporting ACK required: Yes
    Unenforced/Non-Export: 
        First report requirement (days): 90 (CISCO default)
        Ongoing reporting frequency (days): 365 (CISCO default)
        On change reporting (days): 90 (CISCO default)
    Enforced (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)
Export (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)
Miscellaneous:
    Custom Id: <empty>

Usage reporting:
    Last ACK received: Jul 16 15:22:31 2021 UTC
    Next ACK deadline: Jul 16 15:22:31 2022 UTC
    Reporting push interval: 30 days
    Next ACK push check: <none>
    Next report push: Aug 15 15:18:28 2021 UTC
    Last report push: Jul 16 15:18:28 2021 UTC
    Last report file write: <none>

Trust Code installed: Jul 16 15:15:47 2021 UTC
    Active: PID: N9K-C9504, SN: FOX2308PCEN 
        Jul 16 15:15:47 2021 UTC 
    Standby: PID: N9K-C9504, SN: FOX2308PCEN 
        Jul 16 15:15:47 2021 UTC 

The Transport: field: A transport type was configured and therefore retained after upgrade.

The Policy: header and details: A custom policy was available in the Smart Account or Virtual Account – this has also been automatically installed on the switch. (After establishing trust, CSSM returns a policy. The policy is then automatically installed.)

The Usage Reporting: header: The Next report push: field provides information about when the switch will send the next RUM report to CSSM.

The Trust Code Installed: field: The ID token is successfully converted and a trusted connected has been established with CSSM.

show license udi (Smart Licensing)

 Device# show license udi 
 UDI: PID:N9K-C9504, SN:FOX2308PCEN

show license udi (SLP)

Device# show license udi
 UDI: PID:N9K-C9504, SN:FOX2308PCEN
HA UDI List:
 Active: PID:N9K-C9504, SN:FOX2308PCEN
HA UDI List:
 Standby: PID:N9K-C9504, SN:FOX2308PCEN 

This is a High Availability setup, and the command displays all UDIs in the setup.

CSSM Web UI After Migration

Log in to the CSSM Web UI at https://software.cisco.com/software/smart-licensing/alerts and click Smart Software Licensing. Under Inventory > Product Instances.

Registered licenses in the Smart Licensing environment were displayed with the hostname of the product instance in the Name column. After upgrade to SLP, they are displayed with the UDI of the product instance. All migrated UDIs are displayed. In this example, they are

PID:C9500-16X,SN:FCW2233A5ZV and PID:C9500-16X,SN:FCW2233A5ZY.

Only the active product instance reports usage, therefore PID:C9500-16X,SN:FCW2233A5ZV displays license consumption information under License Usage.

Smart Licensing to Smart Licensing Using Policy: Active and Standby Product Instances After Migration


Smart Licensing to Smart Licensing Using Policy: UDI and License Usage under Active Product Instance


Smart Licensing to Smart Licensing Using Policy: DCN NDB/RTU Licenses Showing up After Upgrade

Reporting After Migration

The product instance sends the next RUM report to CSSM, based on the policy.

If you want to change your reporting interval to report more frequently: on the product instance, configure the license smart usage interval command. For syntax details see the license smart (global config) command in the Command Reference for the corresponding release.

RTU Licensing to Smart Licensing Using Policy

This section provides information about migrating a Cisco Nexus 9000 Series switch from Right-to-Use (RTU) licensing to Smart Licensing Using Policy.

RTU Licensing is available for Cisco Nexus 9000 Series Switches until Cisco NX-OS Release 10.1(2), and SLP is introduced from Cisco NX-OS Release 10.2(1)F.

When the software version is upgraded from a pre-SLP version to the SLP version, all licenses are displayed as IN USE and the Cisco default policy is applied on the product instance. If any add-on licenses are used, the Cisco default policy requires usage reporting in 90 days. As all licenses on Cisco Nexus Switches are unenforced, no functionality is lost.

RTU Licensing to SLP Migration - Feature TAP Aggregation

In a scenario where a Cisco Nexus 9000 Series switch is migrated from a pre-SLP to an SLP-supported release, an NDB license, which is the only RTU license, cannot be consumed unless ACL is configured as below in the pre-SLP release. This is equivalent of the consumption of NDB RTU license in pre-SLP release.

A sample configuration for pre-SLP release is as follows:
switch# config
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# ip access-list iptest
switch(config-acl)# permit ip any any redirect Ethernet1/1
switch(config-acl)#

A sample show command output after ACL configuration for a pre-SLP release is as follows:

sh ip access-lists iptest
IP access list iptest
10 permit ip any any redirect Ethernet1/1

A sample show command output for license verification after upgrading to an SLP-supported release is as follows and the show feature command shows that the feature tap-aggregation is enabled, and NDB license is consumed:

show license usage 
Device# show license usage 
License Authorization: 
  Status: Not Applicable
(DCN_NDB):
  Description: DCN NDB Add-On License N9K Modular    
  Count: 1
  Version: 1.0
  Status: IN USE
  Enforcement Type: NOT ENFORCED
  License Type: Generic
show feature 
sh feature | inc tap 
tap-aggregation        1          enabled
 Note

Beginning with Cisco NX-OS Release 10.2(1)F, feature tap-aggregation is licensed, supported on all Cisco Nexus 9000 Series switches, and requires you to configure feature tap-aggregation before configuring related commands.

CSSM Web UI After Migration

No changes in the CSSM Web UI.

Reporting After Migration

Implement any one of the supported topologies and fulfil reporting requirements. See Supported Deployment Models and Topologies. The reporting method you can use depends on the topology you implement.

Evaluation or Eval Expired to Smart Licensing Using Policy

The following is an example of a Cisco Nexus 9000 switch with evaluation licenses (Smart Licensing) that are migrated to SLP.

The notion of evaluation licenses does not apply to SLP. When the software version is upgraded to one that supports SLP, all licenses are displayed as IN USE and the Cisco default policy is applied to the product instance. Since all licenses on Cisco Nexus Switches are unenforced, no functionality is lost.

The table below calls out key changes or new fields to check for in the show command outputs, after upgrade to SLP:

Evaluation or Eval Expired to Smart Licensing Using Policy: show Commands
Before Upgrade After Upgrade

PGBL-FX2-203(config)# show license usage

License Authorization: 
  Status: EVAL MODE
  Evaluation Period Remaining: 86 days, 11 hours, 49 minutes, 40 seconds 

(LAN_ENTERPRISE_SERVICES_PKG):
  Description: <empty>
  Count: 1
  Version: 1.0
  Status: EVAL MODE

(NETWORK_SERVICES_PKG):
  Description: <empty>
  Count: 1
  Version: 1.0
  Status: EVAL MODE

(VPN_FABRIC):
  Description: <empty>
  Count: 1
  Version: 1.0
  Status: EVAL MODE

PGBL-FX2-203# show license usage

License Authorization: 
  Status: Not Applicable

(NETWORK_SERVICES_PKG):
  Description: Network Services for Nexus9300-XF
  Count: 1
  Version: 1.0
    Status: IN USE     Enforcement Type: NOT ENFORCED
  License Type: Generic

(VPN_FABRIC):
  Description: FAB License for Nexus 9300-XF
  Count: 1
  Version: 1.0
    Status: IN USE 
    Enforcement Type: NOT ENFORCED
  License Type: Generic

(LAN_ENTERPRISE_SERVICES_PKG):
  Description: LAN license for Nexus 9300-XF
  Count: 1
  Version: 1.0
  Status: IN USE    Enforcement Type: NOT ENFORCED
  License Type: Generic

PGBL-FX2-203(config)# show license summary

Registration:
  Status: UNREGISTERED
  Smart Account: VDANI-ON-PREM-004
  Virtual Account: Default
  Export-Controlled Functionality: Allowed

License Authorization: 
  Status: EVAL MODE
  Evaluation Period Remaining: 86 days, 11 hours, 49 minutes, 6 seconds 

Smart License Conversion:
  Automatic Conversion Enabled: False
  Status: Successful on Aug 13 17:19:07 2021 UTC

License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
<empty>                    (LAN_ENTERPRISE_SERVICES_PKG)    1       EVAL MODE
<empty>                    (NETWORK_SERVICES_PKG)           1       EVAL MODE
<empty>                    (VPN_FABRIC)                     1       EVAL MODE

PGBL-FX2-203# show license summary

License Usage:
License                    Entitlement tag                 Count   Status
-------------------------------------------------------------------------
Network Services for Ne... (NETWORK_SERVICES_PKG)           1       IN USE
FAB License for Nexus 9... (VPN_FABRIC)                     1       IN USE
LAN license for Nexus 9... (LAN_ENTERPRISE_SERVICES_PKG)    1       IN USE
PGBL-FX2-203(config)# show license status
Smart Licensing is ENABLED

Registration:
  Status: UNREGISTERED
  Smart Account: VDANI-ON-PREM-004
  Virtual Account: Default
  Export-Controlled Functionality: Allowed

License Authorization: 
  Status: EVAL MODE
  Evaluation Period Remaining: 86 days, 11 hours, 49 minutes, 3 seconds 

Smart License Conversion:
  Automatic Conversion Enabled: False
  Status: Successful on Aug 13 17:19:07 2021 UTC

PGBL-FX2-203# show license status

Utility: 
    Status: DISABLED

Smart Licensing using Policy:
    Status: ENABLED

Data Privacy: 
    Sending Hostname: yes 
    Callhome Hostname Privacy: DISABLED 
        Smart Licensing Hostname Privacy: DISABLED 
    Version Privacy: DISABLED 

Transport: 
    Type: CSLU
    Cslu address: cslu-local
Policy: 
    Policy in use: Merged from multiple sources 
    Reporting ACK required: Yes
    Unenforced/Non-Export: 
        First report requirement (days): 90 (CISCO default)
        Ongoing reporting frequency (days): 365 (CISCO default)
        On change reporting (days): 90 (CISCO default)
    Enforced (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)
    Export (Perpetual/Subscription): 
        First report requirement (days): 0 (CISCO default)
        Ongoing reporting frequency (days): 0 (CISCO default)
        On change reporting (days): 0 (CISCO default)

Miscellaneous:
    Custom Id: <empty>

Usage reporting:
    Last ACK received: <none>
    Next ACK deadline: Nov 16 09:38:37 2021 UTC
    Reporting push interval: 30 days
    Next ACK push check: <none>
    Next report push: Aug 18 09:39:14 2021 UTC
    Last report push: <none>
    Last report file write: <none>

Trust Code installed: <none>

CSSM Web UI After Migration

No changes in the CSSM Web UI.

Reporting After Migration

Implement any one of the supported topologies and fulfill reporting requirements. See Supported Deployment Models and Topologies. The reporting method that you can use depends on the topology you implement.

Feature History for Smart Licensing Using Policy

This table provides release and related information for features that are explained in this module.

These features are available on all releases after the one they were introduced in, unless noted otherwise.

Release Feature Feature Information

Cisco NX-OS Release 10.5(2)F

Nexus Dashboard License consumption on NX-OS Switches

Added support to allow the NX-OS switch to be notified about the controller (ND) tier license consumption

Cisco NX-OS Release 10.5(1)F

Logging 2.0 support for callhome

Added logging 2.0 support for callhome for SLP

Cisco NX-OS Release 10.4(3)F

Licensing (SLP) Support for Cisco Nexus 9364C-H1 platform switch

Added support for SLP on Cisco Nexus 9364C-H1 platform switch

Cisco NX-OS Release 10.4(3)F

TLS v1.3

Added Transport Layer Security protocol version 1.3 support on SLP Licensing mode for Cisco Nexus platform switches

Cisco NX-OS Release 10.4(2)F

Licensing (SLP) Support for the following Cisco Nexus platform switches:

  • N9K-C9232E-B1

  • N9K-C93108TC-FX3

  • N9K-C93400LD-H1

Added support for SLP on the following Cisco Nexus platform switches.

  • N9K-C9232E-B1

  • N9K-C93108TC-FX3

  • N9K-C93400LD-H1

Cisco NX-OS Release 10.4(1)F

Licensing (SLP) Support for the following Cisco Nexus platform switches:

  • 9804

  • N9K-C9332D-H2R

  • N9K-C9348GC-FX3

  • N9K-C9348GC-FX3PH

Added support for SLP on the following Cisco Nexus platform switches:

  • 9804

  • N9K-C9332D-H2R

  • N9K-C9348GC-FX3

  • N9K-C9348GC-FX3PH

Cisco NX-OS Release 10.3(3)F

Ability to select Source Interface for DNS

Provides the user an option to define a source-interface through which the name server can be reached

  • Only one source interface can be mapped against one ip name-server.

  • The same source interface cannot be configured for more than one use-vrf.

Cisco NX-OS Release 10.3(3)F

Source interface support for Smart and CSLU modes of transport

Added a command to configure the source interface for Smart and CSLU modes of transport

Cisco NX-OS Release 10.3(2)F

Support for Source Interface for callhome

Added a CLI option source-interface under callhome context

Cisco NX-OS Release 10.3(2)F

Licensing (SLP) Support for Cisco Nexus 9408 platform switches

Added support for SLP on Cisco Nexus 9408 platform switches

Cisco NX-OS Release 10.3(2)F

CSSM to display the host name of the Product Instance

CSSM displays the host name of the Product Instance instead of UDI

Cisco NX-OS Release 10.3(2)F

Support SLP on Non-Management VRF

Added support for SLP on non-management VRF for smart transport and CSLU mode of transport

Cisco NX-OS Release 10.3(1)F

24-port Licensing (SLP) Support on Cisco Nexus 9300-FX3, 9300-FX3H, and 9300-FX3P platform switches

Added support for 24-port SLP on Cisco Nexus 9300-FX3, 9300-FX3H, and 9300-FX3P platform switches

Cisco NX-OS Release 10.2(1)F

Smart Licensing Using Policy (SLP)

An enhanced version of Smart Licensing, with the overarching objective of providing a licensing solution that does not interrupt the operations of your network, rather, one that enables a compliance relationship to account for the hardware and software licenses you purchase and use.

Starting with this release, SLP is automatically enabled on the device. This is also the case when you upgrade to this release.

By default, your Smart Account and Virtual Account in CSSM is enabled for SLP.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.

Appendix

This section includes common tasks that are required while configuring Smart Licensing Using Policy on Nexus switches.

Configuring a DNS Client

Before you begin

Make sure that the name server is reachable before you configure a DNS client.


Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# ip domain-lookup

Enables DNS-based address translation.

Step 3

switch(config)# vrf context vrf-name

Creates a new VRF and enters VRF configuration mode. The name can be any case-sensitive, alphanumeric string up to 32 characters.

Step 4

switch(config-vrf)# ip domain-name domain name

Defines the default domain name that Cisco NX-OS uses to resolve unqualified hostnames. Cisco NX-OS uses each entry in the domain list to append that domain name to any hostname that does not contain a complete domain name before starting a domain-name lookup. Cisco NX-OS continues this process for each entry in the domain list until it finds a match.

Step 5

switch(config-vrf)# ip name-server address1 [address2... address6] [source-interface {loopback | port-channel | ethernet | mgmt. | vlan}] [use-vrf vrf-name]

Defines up to six name servers. The address can be either an IPv4 or IPv6 address.

  • source-interface - Configures the source interface for all DNS packets. Available options for source-interface are loopback, port-channel, ethernet, management, or vlan interface. Only one source-interface can be mapped to one or more ip name-servers.

 Note

Multiple DNS servers are for the case of unresponsive servers.

If the first DNS server in the list replies to the DNS query with a reject, the remaining DNS servers are not queried. If the first one doesn't respond, the next DNS server in list is queried.

  • use-vrf - Configures the VRF on which the IP name server can be reached.


Configuring the Call Home Service for Direct Cloud Access

Make sure that Smart Call Home is enabled on the switch before configuring Smart Software Licensing.

Configuring a Source Interface to Send Messages Using HTTP

Beginning with Cisco NX-OS 10.3(2)F, you can optionally specify a source interface to send Smart Call Home messages over HTTP. If a source interface is not configured, the interface used to reach the Call Home server will be chosen.


Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

callhome

Example:

switch(config)# callhome
switch(config-callhome)#

Enters Smart Call Home configuration mode.

Step 3

source-interface interface

Example:

switch(config-callhome)# source-interface Ethernet1/1
switch(config-callhome)#

Configures Smart Call Home to use this source interface when connecting to the Call Home server.

Step 4

enable

Example:

switch(config-callhome)# enable
switch(config-callhome)#

Enables Call Home.

Step 5

(Optional) show callhome

Example:

switch(config-callhome)# show callhome
switch(config-callhome)#

(Optional) Displays information about Smart Call Home.

Step 6

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
switch(config-callhome)#

(Optional) Copies the running configuration to the startup configuration.


What's next

Optionally use VRFs to send Smart Call Home messages over HTTP.

Configuring a VRF to Send Messages Using HTTP


Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# callhome

Enters Call Home configuration mode.

Step 3

switch(config-callhome)# transport http use-vrf vrf-name

Configures the VRF used to send email and other Smart Call Home messages over HTTP.


Viewing a Smart Call Home Profile


switch# show running-config callhome

Displays the Smart Call Home profile.