Cisco NX-OS Smart Licensing Using Policy Deployment on Nexus Switches
Smart Licensing Using Policy for Cisco Nexus 9000 and 3000 Switches
This article provides information about the deployment of Smart Licensing Using Policy (SLP) on Cisco Nexus 9000 and 3000 Switches. Before reading this document, ensure that you have read the Cisco NX-OS Smart Licensing Using Policy on Nexus Switches article from the Learn category on the Cisco NX-OS Licensing collection page on Cisco.com.
Understand Key Concepts of SLP Before Deployment
This section explains the key components that you need to understand before deploying SLP on Cisco Nexus 9000 and 3000 Switches.
Policy Selection
To know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command.
Policies can be customized. To customize policies, contact the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing. The licensing team will contact you to start the process or for any additional information. Customized policies are also made available through your Smart account in CSSM.
RUM Report and Report Acknowledgment
A Resource Utilization Measurement report (RUM report) is a license usage report, which the product instance generates, to fulfill reporting requirements as specified by the policy. RUM reports are data files with information about license usage and device identity. These reports are securely stored in the device and are cert-signed by the hardware.
When a switch does not consume a license, it does not generate any RUM report. To verify license consumption, use the show license usage command.
An acknowledgment (ACK) is a response from CSSM and provides information about the status of a RUM report.
The policy that is applied to a product instance determines the following reporting requirements:
-
Whether a RUM report is sent to CSSM, and the maximum number of days that are provided to meet this requirement.
-
Whether the RUM report requires an acknowledgment (ACK) from CSSM.
-
The maximum number of days provided to report a change in license consumption.
A RUM report sent to CSSM from device or CSLU can be accompanied by other requests.
System logs are generated at X and X-30 days if reporting is not done. X is the reporting interval per the policy.
For more information about RUM reports, see Reporting License Usage.
RUM States
The RUM reports change state throughout the communication between product instance and CSSM.
State |
Description |
---|---|
SmartAgentRumStateOpen |
New report that is created by Smart Agent on the device |
SmartAgentRumStateClosed |
RUM report that is sent to CSSM (reloads will also push the open reports to closed state) |
Sample RUM Report
<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<RUMReport>
<![CDATA[
{
"payload":{ "asset_identification":{
"asset":{
"name":"regid.2017-11.com.cisco.Nexus_9300,1.0_ac6ddieu7-89ju-4dne7-8699-4eeeklljnk"
},
"instance":{
"sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":"FDjhjudyw8778"
},
"product_instance_identifier":"f804e59b-7296-4c6d-a4f4-e61207ddf150"
},
"signature":{ "signing_type":"CISC123", "key":"00000000",
"value":"A0EPZ4grbhDeNG2q1wJxeRAkEIFabnHp8UCB+qoFMFRA3oMkZ3G572mm FDFZXVSaA2yfVRym0GMgKDo2glzz7er1RVIyB8XnrqgdgFBMkvJiuHb5B9Bdvs 8qABGErQZP7m5HTUQcHNwczYYAoflIMo2ltaaUzhbmjppoh1b6cIvjUqTVTyg37cj/
Z0r7hIviUxrzvHBVFFVA50Ik8wXPFWS24aLC4ubXvEDNzDv1UWQwfJy0XmkegJ07PBVAfcRPhfZ4/5J9YtsQ1xRb5ot+ IdogZmhX7ISVOAh3WFjvAMVhQrH4xeSKD1wgIZtLAC+TnixvU6HAc4p168UK6aZV4A=="
}
},
"meta":{
"entitlement_tag":"regid.2019-06.com.cisco.LAN_Nexus9300_XF2,1.0_ ac6ddieu7-89ju-4dne7-8699-4eeeklljnk",
"report_id":16283555555, "software_version":"10.2(1)FI9(1)", "ha_udi":[
{
"role":"Active", "sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":" FDjhjudyw8778"
}
}
]
},
"measurements":[
{
"log_time":1628323253, "metric_name":"ENTITLEMENT", "start_time":1628323253, "end_time":1628323254, "sample_interval":1, "num_samples":1,
"meta":{
"termination_reason":"CurrentUsageRequested"
},
"value":{
"type":"COUNT",
"value":"1"
}
}
]
},
"header":{
"type":"rum"
},
"signature":{
"sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":"FDOkjahwdiuw78"
},
"signing_type":"CISC123", "key":"782198723987",
"value":"BIoW16suShhDdAJZgRGtxdk/b4yhdvtDJQzE4eujgG+w/ UKICJ40oEsh2HfIy0kcbfSn3gaAPwhlwHxFUVjLh+kYHxuwSvsI0RwwyIgBIlYbc9JojQ40dZGLRVmJt05djYIRkRHI5dYMO0Fn/
a/F+VnaEQ2hVbbTWMW0pDLnJksPyQ9Mn91RmI4ZCfkS5gGNeS9U0CyeBpSYfh/r+N4bn/gmf+XDmK30x6yukTflvUC6IV/
lNMxJYOpZ87mV/4XX6Bw88Ab1K3KX6VHVpeMr45UeUNGd0efaigReB9ERISJnERxAEs4SuU/ZhnFMONAwW/4WCpDXD/p8bcw76mmSkw=="
}
}
]]>
</RUMReport>
</smartLicense>
Sample RUM ACK
<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<smartLicenseRumAck>
<data>
<![CDATA[[
{
"status_code":"OK",
"status_message":"Rum Report is accepted.", "localized_message":"Rum Report is accepted.",
"product_instance_identifier":"f80003456-1234-3g5h-b6b6-e1234hrtu5678", "sudi":{
"udi_pid":"N9K-C9364C-GX",
"udi_serial_number":"FDO3456yuth"
}
]]]>
},
"report_id":162123456, "correlation_id":"610e4fcecebababeyro678990-bf94ajdu47878787hdj", "subscription_id":null
</data>
<signature>MEQCIBtBcrLc384LDGgD9axXIMFiV4usLWOeOvJiP4nL9PKhAiA16 yiPufFIFwfEPIGbqMbfTKB+gGxB52m5tPVWZ/MP6Q==</signature>
</smartLicenseRumAck>
<smartLicenseAccountInfo>
<customerInfo>
<timestamp>1628327760658</timestamp>
<smartAccount>InternalTestDemoAccount10.cisco.com</smartAccount>
<virtualAccount>nxofirst</virtualAccount>
<smartAccountId>2312345</smartAccountId>
<virtualAccountId>509876</virtualAccountId>
<smartAccountDomain>internaltestdemoaccount10.cisco.com</smartAccountDomain>
</customerInfo>
<signature>MEQCIBelsrxUBMzZSi406NeeHOJRlboJedEThjgyutwiqwge2iuey2 uehdufydwinGOsmgLaef1HAG+naWneLqZ139ARFiTsmA==</signature>
</smartLicenseAccountInfo>
<correlationID>ngnx-d3chwyt37hgdytf1924b4a57c190bc6</correlationID>
</smartLicense>
Smart Licensing Using Policy Workflow
Smart Licensing Using Policy solution makes it easier for you to procure, deploy, and manage your license. Cisco Smart Software Manager (CSSM) is your primary licensing server and portal where you can create your smart accounts and manage licenses.
Smart Software Manager On-Prem and Cisco Smart Licensing Utility are your locally installed on-premises user portals that work with CSSM.
After purchasing licenses, activate your licenses on your devices in your deployments. As the devices establish trust and report license usage, you can manage your licenses through continuous reporting.
Smart Licensing Using Policy Workflow In a Nutshell
These are the stages for deploying Smart Licensing Using Policy:
-
Order licenses
-
Order your license from Cisco Commerce Workspace (CCW).
-
Access CSSM and create the smart account and virtual accounts to organize your licenses.
-
-
Activate licenses.
-
Select the deployment methods.
-
Online Deployments
-
Offline or Air-gapped Deployments
-
-
Configure the smart license transport mode and establish trust with CSSM.
-
-
Manage licenses.
-
Generate your Resource Utilization Measurement (RUM) report from the device. Synchronize the report with CSSM either automatically or manually.
-
Monitor the license usage and compliance status through the CSSM portal.
-
Deployment Models for Smart Licensing Using Policy
Smart Licensing Using Policy offers the following deployments:
Online Deployments
-
Direct Deployments (with transport mode as Smart or Call Home)
-
Direct Cloud Access (CSSM)
-
Direct Cloud Access (CSSM) through a proxy server
-
-
On-premises Deployments
-
Smart Software Manager (SSM) On-Prem (recommended)
-
Smart Software Manager (SSM) On-Prem through a proxy server
-
Cisco Smart License Utility (CSLU)
-
Cisco Smart License Utility (CSLU) through a proxy server
-
Offline or Air-gapped Deployments
-
Disconnected (from the switch where transport is off) or Air-gapped deployment from the switch
-
SSM On-Prem Disconnected (remote deployment)
-
CSLU Offline (remote deployment)
Supported Deployment Models and Topologies
This section describes the various ways in which you can implement a smart licensing policy. For each topology, refer to the accompanying overview to know how the setup is designed to work, and refer to the considerations and recommendations, if any.
Choosing a Topology
The following table allows you to choose a topology depending on your network deployment.
To learn about the Topologies, see NX-OS Smart Licensing Using Policy under the Learn category on the Cisco NX-OS Licensing collection page on Cisco.com.
Deployment Model |
Topology |
Recommendations |
---|---|---|
Online Deployment > Direct (Smart transport/call home) |
Topology 2: Connected Directly to CSSM |
Use this topology when you have switches that are already registered to CSSM and need to continue in the same mode. If you need to continue using this topology after upgrading to SLP, then Smart Transport is the preferred transport method. See Direct Deployments. |
Online Deployment > On-Prem > Smart Software Manager (SSM) On-Prem (Recommended) |
Topology 4: Connected to CSSM through SSM On-Prem |
Use this topology when you want to collect licensing information from each switch in the network and when there is no connectivity to CSSM. See Connected Mode in Smart Software Manager On-Prem |
Online Deployment > On-Prem > CSLU |
Topology 1: Connected to CSSM through CSLU |
Use this topology when you do not want the switches to be directly connected to CSSM. This topology supports only one SA/VA combination. See Online Mode in Cisco Smart Licensing Utility. |
Offline Deployment > from the switch |
Topology 6: No Connectivity to CSSM and No CSLU (Offline mode) |
Use this topology when you want to collect licensing information from a single source and when there is no connectivity to CSSM. You cannot view license consumption locally. Also, only a single VA can be used. See Air-Gapped Deployment from the Switch. |
Offline Deployment > SSM On-Prem Disconnected |
Topology 5: SSM On-Prem Disconnected from CSSM |
Use this topology when you want to manage or view licenses from a single source. You can view license consumption locally. You can also use multiple SA/VA combinations. See SSM On-Prem in Disconnected Mode in Remote Deployments. |
Offline Deployment > CSLU Offline |
Topology 3: CSLU Disconnected from CSSM |
Use this topology when you need to manage or view license consumption locally. You can also use multiple VA. See CSLU in Offline Mode in Remote Deployments. |
Guidelines and limitations for Smart Licensing Using Policy
This section lists the guidelines and limitations for Smart Licensing Using Policy for the following categories:
General
-
Cisco NX-OS Release 10.2(1)F supports only the SLP licensing mode.
-
Cisco NX-OS Release 10.2(1)F does not support SL and PAK-based licensing.
-
SLP MIB is not supported.
-
In Cisco NX-OS Release 10.2(x), management VRF is supported on CSLU, Smart, and Callhome modes, and non-management VRF is supported only on Callhome. Beginning with Cisco NX-OS Release 10.3(2)F, non-management VRF is also supported on Smart and CSLU modes of transport.
-
Beginning with Cisco NX-OS Release 10.3(1)F, logging 2.0 is supported for SLP. From Release 10.5(1)F onwards, logging 2.0 support for callhome is introduced for SLP.
-
Beginning with Cisco NX-OS Release 10.3(2)F, source-interface is supported on Callhome mode with direct CSSM connectivity only. Beginning with Cisco NX-OS Release 10.3(3)F, support is introduced for source-interface with CSLU and Smart transport with both direct and indirect CSSM connectivity.
-
Beginning with Cisco NX-OS Release 10.4(3)F, Cisco Nexus switches provide TLSv1.3 support in SLP licensing mode.
Upgrade
-
For SL registered devices, when upgrading from Cisco NX-OS Release 9.3(3) or 9.3(4) to Cisco NX-OS Release 10.2(1)F, the transport mode may go to CSLU instead of callhome. It is recommended that you configure the transport mode to callhome manually and establish the trust with CSSM.
-
During upgrade from earlier release with Traditional Licensing (PAK) to Cisco NX-OS Release 10.2(1)F, reflection of RUM sync in show command may take up to 24 hrs after migration.
-
In Cisco NX-OS Release 10.3(2)F, license smart vrf is not supported on Cisco Nexus C92348GC-X switch. When management VRF is configured, upgrade of Cisco Nexus C92348GC-X switch from Cisco NX-OS Release 10.3(2)F to 10.3(3)F is supported. When management VRF is not configured, to upgrade Cisco Nexus C92348GC-X switch from Cisco NX-OS Release 10.3(2)F to 10.3(3)F, first configure no license smart vrf and then proceed with the upgrade.
-
For SL registered devices that are connected to On-Prem, when upgrading from any Traditional Licensing (PAK) to Cisco NX-OS Release 10.2(1)F, the license consumption may not adhere hierarchy rules of tier licenses at On-Prem. It is recommended that CSSM to be referred for proper consumption of licenses post sync from On-Prem.
-
For SL registered devices with CSSM, when upgrading from Cisco NX-OS Release 9.3(3) or 9.3(4) to Cisco NX-OS Release 10.2(1)F, duplicate entry may occur for the same product instance on CSSM/On-Prem for a day.
DNS
-
When configuring the DNS resolution, configure it under the management VRF, as only management VRF is supported.
Transport
Callhome
-
IPv6 is only supported on callhome transport mode.
CSLU
-
CSLU-initiated communication/pull mode is not supported in Cisco NX-OS Release 10.2(1)F.
-
Only CSLU mode of transport is supported on On-Prem.
-
For auto discovery, only one CSLU can be used in the network.
-
CSLU configuration is mandatory if callhome is not configured and the device is not registered with CSSM, when moving from pre-SLP releases to SLP in Cisco NX-OS Release 10.2(1)F. For more information, see Connected to CSSM Through CSLU.
-
While using the transport mode as CSLU, if licenses do not get released from the SA/VA after write-erase and reload of the switch, it is recommended to delete the product instance from the SA/VA.
-
Standalone CSLU does not support multi-tenancy, it supports only single SA/VA. However, SSM On-Prem supports multi-tenancy.
Commands
-
When a switch is being reset to factory defaults using the write erase command, it is recommended to do a license smart factory reset before reloading the switch.
-
The following commands do not support XMLized output:
-
show-tech support license
-
show license eventlog
-
show license history message
-
show license rum id all
-
show license data conversion
-
-
The output of the show license status command may show discrepancy in timer values, but has no functional impact. The timer gets updated automatically and the RUM Reporting will be retried after 24 hours.
-
To find more information about rum reports, use the following show commands:
-
show license rum id all - The output of this show command displays the list of all rum ids.
NoteThe show license rum id 0 command also displays the list of all rum reports. The value 0 also represents all in the case of this command.
-
show license rum id report_id - This command allows you to select one rum id from the list and the output of this command displays a short summary of the report.
-
show license rum id all detail - The output of this command provides a list of all rum ids in a detailed format.
-
show license rum id report_id detail - This command allows you to select one rum id, about which you want to know the details, from the list and the output displays a detailed format of the report.
-
Online Deployments
Online Deployments are classified as Direct and On-premises deployments. The direct deployment is done using either Smart or Call Home Transport mode. Both the transport modes have the option to use proxy servers. The On-premises deployment is done using either SSM On-prem or CSLU. SSM On-prem and CSLU also have the option to use proxy servers.
Direct Deployments
Direct deployment involves connecting devices to tools.cisco.com through the internet or an HTTP proxy server to report usage information using the Smart transport mode. Direct deployment works out of the box with no additional configuration.
Direct deployment is most suitable for small networks, especially in the enterprise world. It's when a user doesn't want to manage an on-premises server and communicates with Cisco directly or through a proxy.
Transport Modes
The two modes of transport available for Direct deployment are Smart and Call home.
Smart - The Smart Transport mode is a transport method where a Smart Licensing (JSON) message is contained within an HTTP message and exchanged between a product instance and CSSM to communicate.
Call Home - The Call Home Transport mode provides e-mail-based and web-based notifications of critical system events. This method of connecting to CSSM is available in the Smart Licensing environment and remains available with SLP.
Direct Deployment Methods
Direct deployment is also termed as Topology 2: Connected Directly to CSSM. The transport mode is Smart transport or call home. Direct deployment offers these methods:
-
Direct Cloud Access: In this method, the product instance or device sends usage information directly over the internet to CSSM. The transport mode can be either Smart or Call Home.
-
Direct Cloud access through a proxy server: In this method, the product instance or device sends usage information over the internet through a proxy server using either Smart or Call Home transport mode to CSSM.
Report License Usage
In direct deployments, the device automatically generates reports once it establishes a trusted connection with the CSSM. The device initiates communication and automatically sends out the license usage report as per the default policy. CSSM automatically sends the ACK reports in the first 5 minutes. You can set up a subsequent reporting frequency as per the policy.
Steps to Deploy SLP using Direct Deployment Mode
After you order the licenses and set up your smart accounts in CSSM, activate and manage licenses for your chosen mode of direct deployment.
-
Based on your choice of transport mode, choose any one of these procedure to activate licenses.
-
Irrespective of the mode of transport used, the procedure to manage the licenses in the direct deployment mode is the same - Manage Licenses on Direct Deployment with Smart or Call Home Transport Mode
Activate Licenses on Direct Deployment with Smart Transport Mode
Step 1 | Enable smart transport mode on your device using the license smart transport smart command. Example:
|
Step 2 | Configure the transport URL with the license smart url smart transport-url command. The switch automatically configures the Smart URL (https://smartreceiver.cisco.com/licservice/license). Example:
|
Step 3 | If you are deploying Direct Cloud access through an HTTPS proxy method, configure a proxy for the smart transport mode using the license smart proxy hostname port port-number command. Skip this step for Direct Cloud Access deployment. When you configure a proxy server, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message to CSSM. Example:
|
Step 4 | Establish trust by generating a token from the smart account and virtual account in CSSM and copy the token on the devices using the license smart trust idtoken command. Example:
|
Step 5 | View the trust establishment on the device using the license smart save trust-request filepath_filename command. Example:
|
Step 6 | Verify license status using the show license status command. Verify the latest date at Trust Code Installed. Example:
|
Activate Licenses on Direct Deployment with Call Home Transport Mode
Step 1 | Enable call home transport mode on your device using the license smart transport callhome command. Example:
|
Step 2 | Configure the basic call home configurations.
Example:
|
Step 3 | If you are deploying Direct Cloud access through a proxy method, configure a proxy for the call home transport mode using the transport http proxy hostname port port-number command. Skip this step for Direct Cloud Access deployment. When you configure a proxy server, licensing messages are sent to the proxy along with the final destination URL (CSSM). The proxy sends the message to CSSM. Example:
|
Step 4 | Establish trust by generating a token from the smart account and virtual account in CSSM and copy the token on the devices using the license smart trust idtoken command. Example:
|
Step 5 | View the trust establishment on the device using the license smart save trust-request filepath_filename command. Example:
|
Step 6 | Verify license status using the show license status command. Verify the latest date at Trust Code Installed. Example:
|
Manage Licenses on Direct Deployment with Smart or Call Home Transport Mode
Step 1 | Navigate to Smart Software Licensing > Reports on the CSSM UI. |
Step 2 | Download the acknowledgment sent and upload to your device. |
Step 3 | Manage the license consumption on your devices. View the license status and summary using the show license summary show license usage command. Example:
|
Step 4 | (Optional) Set the time interval to automatically synchronize RUM reports using the license smart usage interval command. Example:
You can generate and view RUM report on your device. See Reporting License Usage. . |
On-Premises Deployments
On-Premises deployment is a deployment option for organizations that prefer not to have their products communicate directly with CSSM over the internet. This type of deployment involves the use of either a license server, such as Smart Software Manager (SSM), or a Windows application, such as Cisco Smart License Utility (CSLU), on the premises to manage devices and licenses. These tools use a synchronization process to exchange license information with CSSM, which can be done automatically over the network or manually offline.
The two ways to set up On-Premises deployments are:
-
SSM On-Prem
-
CSLU
Smart Software Manager On-Prem
Smart Software Manager (SSM) is an On-Premise version of CSSM and provides a similar set of features. When you connect a device to SSM On-Prem, SSM On-Prem becomes the single point of interface with CSSM. Once the SSM On-Prem is operational, devices register to SSM On-Prem and report license consumption.
SSM On-Prem Modes
SSM On-Prem connects with Cisco Smart Software Manager in the cloud to synchronize license consumption and usage at the desired frequency such as daily, weekly, or monthly. You can also deploy SSM On-Prem in a totally disconnected mode.
-
Connected - Manage your devices on premises with a license server connected to CSSM. Devices register to SSM On-Prem and report license consumption and usage to CSSM at the desired frequency. Based on topologies, this online deployment is classified as On-Premises Deployment using SSM On-Prem and also termed as Topology 4: Connected to CSSM through SSM On-Prem. See Steps to Deploy SSM On-Prem to deploy SSM-On Prem in Connected Mode.
-
Disconnected - Manage your devices on premises without connecting to CSSM. SSM On-Prem synchronizes to CSSM through a manual file transfer process for reporting license consumption and usage. Based on topologies, this Offline Deployment mode is classified as SSM On-Prem in Disconnected Mode and also termed as Topology 5: SSM On-Prem disconnected from CSSM. See the deployment of SSM On-Prem in Disconnected Mode in the Remote Deployments section.
Report License Usage
To report license usage, synchronize local accounts on SSM On-Prem with CSSM by using the Synchronization widget in the SSM On-Prem UI.
Execute the license smart sync all command to synchronize device information with SSM On-Prem. You can synchronize license usage with CSSM using the following:
-
Set up on-demand synchronization with CSSM
-
Schedule synchronization with CSSM at a specified time
-
Synchronize the license usage with CSSM, either by connecting to CSSM immediately or by downloading and uploading files for SSM On-Prem disconnected mode.
Steps to Deploy SSM On-Prem in Connected Mode
After you order the license and set up your smart accounts in CSSM:
Use the same procedures to deploy SSM On-prem proxy method.
Activate Licenses on SSM On-Prem in Connected Mode
If the device is registered to SSM On-Prem with pre-SLP release using callhome transport, then the transport mode changes to CSLU after the migration. Also, the url is populated on the product instance from OnPrem CSLU tenant ID. Ensure that you save the configuration using the copy running-config startup-config command.
Step 1 | Go to the Software Download. page, click Smart Software Manager On-Prem, and download and install Smart Software Manager On-Prem. See Cisco Smart License Utility Quick Start Setup Guide. |
Step 2 | Configure SSM On-Prem and create a local account. See SSM On-Prem User Guide |
Step 3 | Navigate to the License workspace > Inventory > General > Product Usage Registration Tokens, select CSLU Transport URL at the SSM On-Prem UI. Note If you are deploying SSM On-Prem proxy method, to configure a proxy see Cisco Smart Software Manager On-Prem User Guide. |
Step 4 | Configure the transport mode and SSM On-Prem URL on your device using the license smart transport cslu command. The SSM On-Prem URL is http://<ip>/cslu/v1/pi/<tenant ID>. Enter the hostname or the IP address of the server where you have installed SSM On-Prem. The tenantID is the default local virtual account ID. Example:
|
Step 5 | Establish trust by generating the token from the SSM On-Prem UI and copy the token to the switch using the license smart trust idtoken idtoken all force command. Example:
|
Step 6 | Verify the license status using the show license status command. View the trust establishment on the device and verify the latest date at Example:
|
Manage Licenses on SSM On-Prem in Connected Mode
Step 1 | Log into the SSM On-Prem > Smart Licensing workspace.
| ||||
Step 2 | Manage the license consumption on your devices. View the license status and summary using the show license summary or show license usage commands. Example:
| ||||
Step 3 | (Optional) Set the time interval for automatic synchronizing of the RUM reports using the license smart usage interval <1-365> command. Example:
|
Cisco Smart Licensing Utility
Cisco Smart License Utility Manager (CSLU) is a Windows-based application that enables you to administer licenses for your devices on premises instead of having to directly connect your devices to CSSM. When you connect a device to CSLU, CSLU becomes the only interface with CSSM. Once the CSLU is operational, devices register to CSLU and report license consumption.
For information about downloading, installing, and using CSLU, see Cisco Smart License Utility
CSLU Modes
The CSLU can be configured in both Online and Offline modes.
-
CSLU Online or Connected - Device initiates communication automatically and sends the RUM report to CSLU as per the default policy. CSLU forwards the RUM report to CSSM and retrieves the acknowledgment (ACK). Based on topologies, this Online Deployment is classified as On-Premises Deployment using CSLU and also termed as Topology1: Connected to CSSM through CSLU. See Steps to Deploy CSLU On-Prem in Online Mode.
-
CSLU Offline or Disconnected - Device initiates communication automatically and sends the RUM reports to CSLU. CSLU is not connected to CSSM, so you need to manually connect to CSSM and upload the RUM reports. Based on the topologies, this Offline Deployment is classified as Offline Deployment using CSLU in Offline Mode and also termed as Topology 3: CSLU Disconnected from CSSM. See CSLU Offline Mode in the Remote Deployments section.
Report License Usage
By default, the CSLU utility application is scheduled to collect data information at 24-hour intervals. CSLU connects to the selected Product Instance(s) and collects the RUM reports. These RUM reports are then stored in the CSLU’s local library.
Steps to Deploy CSLU On-Prem in Online Mode
After you order the license and set up your smart accounts in CSSM:
Use the same procedures to deploy CSLU On-prem proxy method.
Activate Licenses on CSLU in Online Mode
Step 1 | Go to the Software Download page, click Smart Licensing Utility, and download and install the latest version of CSLU application on your Windows or Linux server. See Cisco Smart Licensing Utility Quick Start Setup Guide for CSLU and Software Download for Linux. Note If you are deploying CSLU proxy method, to configure a proxy see Cisco Smart Licensing Utility User Guide. |
Step 2 | Set up CSLU preference settings and associate the Smart account and virtual account details. See Cisco Smart Licensing Utility User Guide. |
Step 3 | Configure the transport mode on the device using the license smart transport cslu command. Example:
|
Step 4 | Configure the transport URL using the license smart url cslu command. The default CSLU URL is http://cslu-local:8182/cslu/v1/pi. 8182 is the port number on the CSLU. Example:
|
Step 5 | If you want to establish trust immediately with CSLU, use the license smart sync all command. |
Step 6 | Verify the license status using the show license status command. Verify the latest date in the Example:
|
Manage Licenses on CSLU in Online Mode
Perform these steps to manage licenses on CSLU.
.
Step 1 | Log into CSLU UI . | ||||
Step 2 | Synchronize the reports from CSLU with Cisco using the CSLU UI..
|
Offline Deployments
Offline deployment is when a device is not communicating with Cisco. Offline deployments, also termed as air-gapped deployments, are used in highly secure environments which have no internet access.
Offline Deployments Based on your Network
Depending on your network environment, you can select the offline deployment methods.
-
Remote deployments - Your On-Premises servers offer disconnected modes. Use disconnected licensing mode by turning off communication with Cisco on your On-Premises servers.
-
SSM On-Prem in Disconnected Mode
-
CSLU in Offline Mode or Disconnected
See Remote Deployments.
-
-
Air-gapped deployments from the switch - License reservation offers security for organizations that need a full air-gapped environment when on-premises licensing is not an option. The license reservation solution is for classified environments that don’t allow electronic communication in or out of the environment. With a license reservation solution, you are fully offline without any ongoing communication or additional infrastructure. After you order the license and set up your smart accounts in CSSM, you can Activate Licenses in Air-Gapped Deployment from the Switch.
Report License Usage
Report license usage for remote environments - In remote offline deployments, turn off device communication to CSSM on the On-Premises servers. Manually upload the license consumption using RUM reports to establish trust and reporting to CSSM.
Report license usage for air-gapped environments from the switch - In fully offline deployment, no action is required, as there is no trust establishment or reporting of devices to CSSM.
Remote Deployments
Based on the topologies, the two types of remote deployments, where licenses are activated on SSM On-Prem and on CSLU are also termed as Topology 5: SSM On-Prem Disconnected from CSSM and Topology 3: CSLU Disconnected from CSSM respectively.
Steps to Deploy SSM On-Prem in Disconnected Mode
To deploy SLP remotely using SSM On-Prem in Disconnected mode, perform these two steps.
Activate Licenses on SSM On-Prem in Disconnected Mode
Step 1 | Go to the Software Download page, click Smart Software Manager On-Prem, and download and install Smart Software Manager On-Prem. See Cisco Smart License Utility Quick Start Setup Guide. |
Step 2 | Configure SSM On-Prem and create a local account. See SSM On-Prem User Guide |
Step 3 | Navigate to the License workspace > Inventory > General > Product Usage Registration Tokens, select CSLU Transport URL at the SSM On-Prem UI. |
Step 4 | Configure the transport mode and SSM On-Prem URL on your device using the license smart transport cslu command. The SSM On-Prem URL is http://<ip>/cslu/v1/pi/<tenant ID>. Enter the hostname or the IP address of the server where you have installed SSM On-Prem. The tenantID is the default local virtual account ID. Example:
|
Step 5 | If you are deploying SSM On-Prem disconnected mode, log off from CSSM. |
Manage Licenses on SSM On-Prem in Disconnected Mode
Step 1 | Log into SSM On-Prem > Smart Licensing workspace. | ||||
Step 2 | Synchronize the reports from SSM On-Prem with Cisco using the SSM On-Prem > Smart Licensing workspace.
| ||||
Step 3 | Manage the license consumption on your devices. View the license status and summary using the show license summary or show license usage commands. Example:
| ||||
Step 4 | (Optional) In the disconnected mode, manually upload the RUM reports with SSM On-Prem for synchronization. |
Steps to Deploy CSLU in Offline Mode
To deploy SLP remotely using CSLU in Offline mode, perform these two steps.
Activate Licenses on CSLU in Offline Mode
Step 1 | Go to the Software Download page, click Smart Licensing Utility. and download and install the latest version of the CSLU application on your Windows or Linux server. See Cisco Smart Licensing Utility Quick Start Setup Guide for CSLU and Software Download for Linux. |
Step 2 | Set up CSLU preference settings and associate the Smart account and virtual account details. See Cisco Smart Licensing Utility User Guide. |
Step 3 | If you want to deploy CSLU Offline mode, navigate to CSLU Preference > Cisco Connectivity and set the option to off in the CSLU UI. The field switches to Cisco Is Not Available. Example:
|
Step 4 | Verify the license status using the show license status command. Verify the latest date in the Trust Code Installed field. Example:
|
Manage Licenses on CSLU in Offline Mode
Log into CSLU UI to synchronize the reports from CSLU with Cisco.
|
Air-Gapped Deployment from the Switch
Based on the topology you have chosen, that is, if you have chosen Topology 6 No Connectivity to CSSM and No CSLU (Offline mode), the air-gapped deployment is done from the switch.
Activate Licenses in Air-Gapped Deployments from the Switch
Step 1 | On the device, configure transport mode to off using the license smart transport off command. Example:
|
Step 2 | Generate and save the RUM report on the device using the license smart save usage command. Example:
Note The RUM reports capture the licensing transactions in the device for upload. On a greenfield device, there is nothing to report, so it is empty and not generated. Also, when there are no licensing transactions, and the user tries to save the report, the "Failure: save status: The requested item was not found" error appears. After a few licensing transactions, such as enabling a licensing feature, the report gets populated and generated for online/offline upload. |
Step 3 | Navigate to Manage Licenses > Reports > Usage Data Files in the CSSM workspace to upload the report manually. |
Step 4 | Download the acknowledgment (ACK) file from CSSM and import it to the device using the license smart import command. Example:
|
Step 5 | Verify the installed ACK on the device using the show license status command. Example:
|
Reporting License Usage
License reporting is important to manage license consumption. Devices generate the Resource Utilization Measurement (RUM) report and CSSM uses RUM reports to manage license consumption.
Verification Commands for RUM Reports in NX-OS
-
show license rum id all - The output of this show command displays the list of all rum ids.
Note-
The show license rum id 0 command also displays the list of all rum reports. The value 0 also represents all in the case of this command.
-
This command does not support XML output.
Sample output
switch(config)# show license rum id all Smart Licensing Usage Report: ==================================== Report Id, State, Flag, Feature Name 1726227775 CLOSED N LAN_ENTERPRISE_SERVICES_PKG 1726227776 OPEN N LAN_ENTERPRISE_SERVICES_PKG 1726227777 OPEN N VPN_FABRIC
-
-
show license rum id report_id - This command allows you to select one rum id from the list and the output of this command displays a short summary of the report.
Sample output
switch(config)# show license rum id 1726227777 Smart Licensing Usage Report: ==================================== Report Id, State, Flag, Feature Name 1726227777 OPEN N VPN_FABRIC
-
show license rum id all detail - The output of this command provides a list of all rum ids in a detailed format.
Sample output
switch(config)# show license rum id all detail Smart Licensing Usage Report Detail: ==================================== Report Id: 1726227775 Metric Name: ENTITLEMENT Feature Name: LAN_ENTERPRISE_SERVICES_PKG Metric Value: regid.2019-06.com.cisco.LAN_Nexus9300_XF,1.0_76a87ea7-465b-40fd-b403-1bf9d845aa1b UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ Previous Report Id: 1726227774, Next Report Id: 1726227776 State: CLOSED, State Change Reason: DECONFIG Close Reason: DECONFIG Start Time: Sep 20 2024 22:53:49 IST, End Time: Sep 26 2024 18:49:13 IST Storage State: EXIST Transaction ID: 0 Transaction Message: <none> Report Id: 1726227776 Metric Name: ENTITLEMENT Feature Name: LAN_ENTERPRISE_SERVICES_PKG Metric Value: regid.2019-06.com.cisco.LAN_Nexus9300_XF,1.0_76a87ea7-465b-40fd-b403-1bf9d845aa1b UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ Previous Report Id: 1726227775, Next Report Id: 0 State: OPEN, State Change Reason: None Close Reason: None Start Time: Sep 26 2024 18:59:29 IST, End Time: Sep 27 2024 14:30:45 IST Storage State: EXIST Transaction ID: 0 Transaction Message: <none> Report Id: 1726227777 Metric Name: ENTITLEMENT Feature Name: VPN_FABRIC Metric Value: regid.2019-06.com.cisco.FAB_Nexus9300_XF,1.0_e0928396-a363-443a-b2b0-f1fcc15d0553 UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ Previous Report Id: 0, Next Report Id: 0 State: OPEN, State Change Reason: None Close Reason: None Start Time: Sep 27 2024 14:30:45 IST, End Time: Sep 27 2024 14:30:46 IST Storage State: EXIST Transaction ID: 0 Transaction Message: <none>
-
show license rum id report_id detail - This command allows you to select one rum id, about which you want to know the details, from the list and the output displays a detailed format of the report.
Sample output
switch(config)# show license rum id 1726227777 detail Smart Licensing Usage Report Detail: ==================================== Report Id: 1726227777 Metric Name: ENTITLEMENT Feature Name: VPN_FABRIC Metric Value: regid.2019-06.com.cisco.FAB_Nexus9300_XF,1.0_e0928396-a363-443a-b2b0-f1fcc15d0553 UDI: PID:N9K-C93180YC-FX3S,SN:FDO24521BTZ Previous Report Id: 0, Next Report Id: 0 State: OPEN, State Change Reason: None Close Reason: None Start Time: Sep 27 2024 14:30:45 IST, End Time: Sep 27 2024 14:30:46 IST Storage State: EXIST Transaction ID: 0 Transaction Message: <none>
Generate RUM Reports
You can generate the RUM report from the device using the show license rum id command. You can sync or manually upload the RUM report to CSSM based on your deployment.
If your deployment is... |
Then... |
---|---|
SSM On-Prem using connected mode |
perform these tasks:
|
SSM On-Prem using disconnected mode |
perform these tasks:
|
CSLU Utility using online mode |
no action is required. The device automatically sends RUM reports to CSLU as per the default policy. If you want to synchronize the reports immediately, navigate to CSLU> Data Menu workspace, select Send to CSSM. |
CSLU Utility using offline mode |
perform these tasks:
|
Direct deployment |
no action is required. The device automatically sends the RUM report as per the default policy. |
Statistical View of RUM Reports
A statistical view of a RUM report includes
-
total number of reports on the device
-
number of reports that have a corresponding ACK
-
number of reports waiting for an ACK, and so on.
To view the statistical RUM report information, use the show license all and show license tech support commands.
Nexus Dashboard controller license consumption
Nexus Dashboard (ND) controller or cluster is bundled with Day2Ops applications. These applications request for controller licenses such as controller-ess, controller-adv, or controller-pre from the NX-OS switch. Based on this request, the corresponding licenses such as NXOS_ESSENTIALS, NXOS_ADVANTAGE, or DCN_PREMIER are used on the switch.
If you downgrade from NX-OS Release 10.5(2)F to a lower image version, and upgrade to the 10.5(2)F or later versions, you must verify the controller license again.
You can verify the license usage using the show license controller usage or show license usage commands.
This is a sample output for show license controller usage command.
switch# show license controller usage
cluster01
NXOS_ESSENTIALS: TRUE
NXOS_ADVANTAGE: FALSE
DCN_PREMIER: FALSE
cluster02
NXOS_ESSENTIALS: FALSE
NXOS_ADVANTAGE: TRUE
DCN_PREMIER: FALSE
cluster03
NXOS_ESSENTIALS: FALSE
NXOS_ADVANTAGE: FALSE
DCN_PREMIER: TRUE
switch#
This is a sample output for show license usage command.
switch# show license usage
License Authorization:
Status: Not Applicable
(DCN_PREMIER):
Description: ACI Premier SW license for a 10/25/40G (XF) N9K Leaf
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic
switch# show license usage DCN_PREMIER
Feature List:
controller-adv
controller-ess
controller-pre
switch#
When the feature is enabled on the NX-OS switch with the license feature on the ND controller side, the highest between the two licenses is used. This is a sample output that depicts this scenario.
switch# show license usage
License Authorization:
Status: Not Applicable
(DCN_PREMIER):
Description: ACI Premier SW license for a 10/25/40G (XF) N9K Leaf
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic
switch# show license usage DCN_PREMIER
Feature List:
bgp
controller-adv
controller-ess
controller-pre
switch#
If there is no communication between the NX-OS switch and the ND controller for more than 24 hours, then the controller license usage information is deleted from the switch.
High Availability
This section explains considerations that apply to a High Availability configuration, when running a software version that supports SLP.
Trust Code Requirements in a High Availability Setup
In Dual Supervisor setup, two trust codes are installed. The active Product instance can submit the requests for both the supervisors and install the trust codes that are returned in an ACK.
Policy Requirements in a High Availability Setup
There are no policy requirements that apply exclusively to a High Availability setup. As in case of a standalone product instance, only one policy exists in a High Availability setup as well, and this is on the active. The policy on the active applies to the standby in the setup.
Product Instance Functions in a High Availability Setup
This section explains general product instance functions in a High Availability setup, and what the product instance does when a standby is added.
For trust codes: The active product instance can request (if necessary) and install trust codes for standby.
For policies: The active product instance synchronizes with the standby.
For reporting: Only the active product instance reports usage. The active reports usage information for standby.
In addition to scheduled reporting, the following events trigger reporting:
-
The addition or removal of a standby. The RUM report includes information about the standby that was added or removed.
-
A switchover.
-
A reload.
For addition of a standby:
-
A product instance that is connected to CSLU, does not take any further action.
-
A product instance that is directly connected to CSSM, performs trust synchronization. Trust synchronization involves the following:
-
Installation of trust code on the standby if not installed already.
-
Installation of policy and purchase information, if applicable.
-
Sending of a RUM report with current usage information.
-
Upgrades
This section describes how upgrade or migration to SLP is handled. It also clarifies how SLP handles all earlier licensing models including: the earlier version of Smart Licensing, Right-to-Use Licensing (RTU), and how evaluation or expired licenses from any of the earlier licensing models are handled in SLP environment.
To migrate to SLP, you must upgrade to a software version that supports SLP. After you upgrade, SLP is the only supported licensing model and the switch continues to operate without any licensing changes. The SLP section provides details and examples for migration scenarios that apply to Cisco Nexus Switches.
When migrating from traditional licensing model to SLP, license conversion takes place automatically. This Device Led Conversion (DLC) process is triggered when traditional licenses are detected on the device during an upgrade. DLC request is sent to CSSM as part of the license report and may take up to an hour to complete.
Identifying the Current Licensing Model Before Upgrade
Before you upgrade to SLP, if you want to know the current licensing model that is effective on the switch, enter the show running license all command in privileged EXEC mode. This command displays information about the current licensing model for all except the RTU licensing model.
How an Upgrade Affects Enforcement Types for Existing Licenses
An unenforced license that was being used before upgrade, remains available after upgrade. All licenses on Cisco Nexus Switches are unenforced licenses. This includes licenses from the earlier licensing models as follows:
-
Traditional Licensing (PAK)
-
Smart Licensing
-
Right-to-Use (RTU) Licensing
-
Evaluation or expired licenses from any of the above-mentioned licensing models
How an Upgrade Affects Reporting for Existing Licenses
When you upgrade to a software version which supports SLP, reporting is based on the reporting requirements in the policy which can be displayed in the output of the show license status command for the following licenses:
-
Traditional Licenses (PAK)
-
Smart Licenses (Registered and Authorized licenses)
-
Right-to-Use (RTU) Licenses
-
Evaluation or expired licenses
How an Upgrade Affects Transport Type for Existing Licenses
The transport type, if configured in your existing setup, is retained after upgrade to SLP.
When compared to the earlier version of Smart Licensing, other transport types are available with SLP. There is also a change in the default transport mode. The following table clarifies how this may affect upgrades:
Migration | Transport Type Before Upgrade | Transport Type After Upgrade |
---|---|---|
SL (EVAL) | Callhome |
CSLU |
SL (Registered) |
Callhome |
|
PAK-based | NA |
CSLU |
SL (Registered) with On-Prem | callhome |
CSLU |
How an Upgrade Affects the Token Registration Process
In the earlier version of Smart Licensing, a token was used to register and connect to CSSM. ID token registration is not required in SLP. The token generation feature is still available in CSSM and is used to establish trust when a switch is directly connected to CSSM. See .
Downgrades
To downgrade, you must downgrade the software version on the switch. This section provides information about downgrades for new deployments and existing deployments (you upgraded to SLP and now want to downgrade).
New Deployment Downgrade
This section applies if you had a newly purchased switch with a software version where SLP was already enabled by default, and you want to downgrade to a software version where SLP is not supported.
The outcome of the downgrade depends on whether a Trust Code was installed while you were still operating in the SLP environment, and further action may be required depending on the release you downgrade to.
If the topology you implemented while in the SLP environment was connected directly to CSSM, then a trust code installation can be expected or assumed, because it is required as part of topology implementation. For any of the other topologies, trust establishment is not mandatory. Downgrading switches with one of these other topologies will therefore mean that you must restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment. The following table displays the outcome and action for new deployment downgrade to Smart Licensing.
In the SLP Environment |
Downgrade to… |
Outcome and Further Action |
---|---|---|
Standalone product instance, which is connected directly to CSSM, and trust established. |
Action is required: You must reregister the product instance. |
Action is required: You must re-register the product instance. |
High Availability setup, which is connected directly to CSSM, and trust established. |
Any release that supports Smart Licensing. |
Action is required: You must re-register the product instance. Generate an ID token in the CSSM Web UI and on the product instance, enable smart licensing using license smart enable and configure the license smart register idtoken idtoken all command in global configuration mode. |
Any other topology. (Connected to CSSM Through CSLU, CSLU Disconnected from CSSM, No Connectivity to CSSM and No CSLU) |
Any release that supports Smart Licensing. |
Action is required: Restore licenses to a registered and authorized state by following the procedures that are applicable in the Smart Licensing environment. |
Upgrade and Then Downgrade
If you upgrade to a software version that supports SLP and then downgrade to any of the earlier licensing models, license consumption does not change, and any product features you have configured on the product instance are preserved – only the features and functions that are available with SLP are not available anymore. Refer to the corresponding section below to know more about reverting to an earlier licensing model.
Upgrade to SLP and Then Downgrade to Smart Licensing
The outcome of the downgrade depends on whether a Trust Code was installed while you were still operating in the SLP environment, and further action may be required depending on the release you downgrade to. See Table 1.
Migrating to Smart Licensing Using Policy
To upgrade to SLP, you must upgrade the software version (image) on the switch to a supported version.
Before You Begin
Ensure that you have read the Upgrades section, to understand how SLP handles various aspects of all earlier licensing models.
When migrating from traditional licensing model to SLP, license conversion takes place automatically. This Device Led Conversion (DLC) process is triggered when traditional licenses are detected on the device during an upgrade. DLC request is sent to CSSM as part of the license report and may take up to an hour to complete.
Upgrading the Switch Software
See the corresponding release note for the upgrade procedure. If there are any general release-specific considerations, these are called-out in the corresponding release notes.
Also refer to the sample show command outputs of the migration scenarios provided below. Sample outputs are provided for before and after migration, for comparison.
Smart Licensing to Smart Licensing Using Policy
The following is an example of a Cisco Nexus 9000 switch migrating from Smart Licensing to SLP. This is a High Availability setup with an active and a standby.
The show command outputs below call-out key fields to check, before and after migration.
Before Upgrade | After Upgrade |
---|---|
show license summary (Smart Licensing)
The Status and License Authorization fields show that the license is REGISTERED and AUTHORIZED . |
show license summary (SLP)
The Status field shows that the licenses are now IN USE instead of registered and authorized. |
show license usage (Smart Licensing)
|
show license usage (SLP)
The license counts remain the same. The Enforcement Type field displays NOT ENFORCED. (There are no export-controlled or enforced licenses on Cisco Nexus Switches). |
show license status (Smart Licensing)
|
show license status (SLP)
The Transport: field: A transport type was configured and therefore retained after upgrade. The The The |
show license udi (Smart Licensing)
|
show license udi (SLP)
This is a High Availability setup, and the command displays all UDIs in the setup. |
CSSM Web UI After Migration
Log in to the CSSM Web UI at https://software.cisco.com/software/smart-licensing/alerts and click Smart Software Licensing. Under .
Registered licenses in the Smart Licensing environment were displayed with the hostname of the product instance in the Name column. After upgrade to SLP, they are displayed with the UDI of the product instance. All migrated UDIs are displayed. In this example, they are
PID:C9500-16X,SN:FCW2233A5ZV and PID:C9500-16X,SN:FCW2233A5ZY.
Only the active product instance reports usage, therefore PID:C9500-16X,SN:FCW2233A5ZV displays license consumption information under License Usage.
Reporting After Migration
The product instance sends the next RUM report to CSSM, based on the policy.
If you want to change your reporting interval to report more frequently: on the product instance, configure the license smart usage interval command. For syntax details see the license smart (global config) command in the Command Reference for the corresponding release.
RTU Licensing to Smart Licensing Using Policy
This section provides information about migrating a Cisco Nexus 9000 Series switch from Right-to-Use (RTU) licensing to Smart Licensing Using Policy.
RTU Licensing is available for Cisco Nexus 9000 Series Switches until Cisco NX-OS Release 10.1(2), and SLP is introduced from Cisco NX-OS Release 10.2(1)F.
When the software version is upgraded from a pre-SLP version to the SLP version, all licenses are displayed as IN USE and the Cisco default policy is applied on the product instance. If any add-on licenses are used, the Cisco default policy requires usage reporting in 90 days. As all licenses on Cisco Nexus Switches are unenforced, no functionality is lost.
RTU Licensing to SLP Migration - Feature TAP Aggregation
In a scenario where a Cisco Nexus 9000 Series switch is migrated from a pre-SLP to an SLP-supported release, an NDB license, which is the only RTU license, cannot be consumed unless ACL is configured as below in the pre-SLP release. This is equivalent of the consumption of NDB RTU license in pre-SLP release.
switch# config
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# ip access-list iptest
switch(config-acl)# permit ip any any redirect Ethernet1/1
switch(config-acl)#
A sample show command output after ACL configuration for a pre-SLP release is as follows:
IP access list iptest
10 permit ip any any redirect Ethernet1/1
A sample show command output for license verification after upgrading to an SLP-supported release is as follows and the show feature command shows that the feature tap-aggregation is enabled, and NDB license is consumed:
show license usage
Device# show license usage
License Authorization:
Status: Not Applicable
(DCN_NDB):
Description: DCN NDB Add-On License N9K Modular
Count: 1
Version: 1.0
Status: IN USE
Enforcement Type: NOT ENFORCED
License Type: Generic
show feature
sh feature | inc tap
tap-aggregation 1 enabled
Beginning with Cisco NX-OS Release 10.2(1)F, feature tap-aggregation is licensed, supported on all Cisco Nexus 9000 Series switches, and requires you to configure feature tap-aggregation before configuring related commands.
CSSM Web UI After Migration
No changes in the CSSM Web UI.
Reporting After Migration
Implement any one of the supported topologies and fulfil reporting requirements. See Supported Deployment Models and Topologies. The reporting method you can use depends on the topology you implement.
Evaluation or Eval Expired to Smart Licensing Using Policy
The following is an example of a Cisco Nexus 9000 switch with evaluation licenses (Smart Licensing) that are migrated to SLP.
The notion of evaluation licenses does not apply to SLP. When the software version is upgraded to one that supports SLP, all licenses are displayed as IN USE and the Cisco default policy is applied to the product instance. Since all licenses on Cisco Nexus Switches are unenforced, no functionality is lost.
The table below calls out key changes or new fields to check for in the show command outputs, after upgrade to SLP:
Before Upgrade | After Upgrade |
---|---|
PGBL-FX2-203(config)# show license usage
|
PGBL-FX2-203# show license usage
|
PGBL-FX2-203(config)# show license summary
|
PGBL-FX2-203# show license summary
|
PGBL-FX2-203(config)# show license status
|
PGBL-FX2-203# show license status
|
CSSM Web UI After Migration
No changes in the CSSM Web UI.
Reporting After Migration
Implement any one of the supported topologies and fulfill reporting requirements. See Supported Deployment Models and Topologies. The reporting method that you can use depends on the topology you implement.
Feature History for Smart Licensing Using Policy
This table provides release and related information for features that are explained in this module.
These features are available on all releases after the one they were introduced in, unless noted otherwise.
Release | Feature | Feature Information |
---|---|---|
Cisco NX-OS Release 10.5(2)F |
Nexus Dashboard License consumption on NX-OS Switches |
Added support to allow the NX-OS switch to be notified about the controller (ND) tier license consumption |
Cisco NX-OS Release 10.5(1)F |
Logging 2.0 support for callhome |
Added logging 2.0 support for callhome for SLP |
Cisco NX-OS Release 10.4(3)F |
Licensing (SLP) Support for Cisco Nexus 9364C-H1 platform switch |
Added support for SLP on Cisco Nexus 9364C-H1 platform switch |
Cisco NX-OS Release 10.4(3)F |
TLS v1.3 |
Added Transport Layer Security protocol version 1.3 support on SLP Licensing mode for Cisco Nexus platform switches |
Cisco NX-OS Release 10.4(2)F |
Licensing (SLP) Support for the following Cisco Nexus platform switches:
|
Added support for SLP on the following Cisco Nexus platform switches.
|
Cisco NX-OS Release 10.4(1)F |
Licensing (SLP) Support for the following Cisco Nexus platform switches:
|
Added support for SLP on the following Cisco Nexus platform switches:
|
Cisco NX-OS Release 10.3(3)F |
Ability to select Source Interface for DNS |
Provides the user an option to define a source-interface through which the name server can be reached
|
Cisco NX-OS Release 10.3(3)F |
Source interface support for Smart and CSLU modes of transport |
Added a command to configure the source interface for Smart and CSLU modes of transport |
Cisco NX-OS Release 10.3(2)F |
Support for Source Interface for callhome |
Added a CLI option source-interface under callhome context |
Cisco NX-OS Release 10.3(2)F |
Licensing (SLP) Support for Cisco Nexus 9408 platform switches |
Added support for SLP on Cisco Nexus 9408 platform switches |
Cisco NX-OS Release 10.3(2)F |
CSSM to display the host name of the Product Instance |
CSSM displays the host name of the Product Instance instead of UDI |
Cisco NX-OS Release 10.3(2)F |
Support SLP on Non-Management VRF |
Added support for SLP on non-management VRF for smart transport and CSLU mode of transport |
Cisco NX-OS Release 10.3(1)F |
24-port Licensing (SLP) Support on Cisco Nexus 9300-FX3, 9300-FX3H, and 9300-FX3P platform switches |
Added support for 24-port SLP on Cisco Nexus 9300-FX3, 9300-FX3H, and 9300-FX3P platform switches |
Cisco NX-OS Release 10.2(1)F |
Smart Licensing Using Policy (SLP) |
An enhanced version of Smart Licensing, with the overarching objective of providing a licensing solution that does not interrupt the operations of your network, rather, one that enables a compliance relationship to account for the hardware and software licenses you purchase and use. Starting with this release, SLP is automatically enabled on the device. This is also the case when you upgrade to this release. By default, your Smart Account and Virtual Account in CSSM is enabled for SLP. |
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
Appendix
This section includes common tasks that are required while configuring Smart Licensing Using Policy on Nexus switches.
Configuring a DNS Client
Before you begin
Make sure that the name server is reachable before you configure a DNS client.
Step 1 | switch# configure terminal Enters global configuration mode. |
Step 2 | switch(config)# ip domain-lookup Enables DNS-based address translation. |
Step 3 | switch(config)# vrf context vrf-name Creates a new VRF and enters VRF configuration mode. The name can be any case-sensitive, alphanumeric string up to 32 characters. |
Step 4 | switch(config-vrf)# ip domain-name domain name Defines the default domain name that Cisco NX-OS uses to resolve unqualified hostnames. Cisco NX-OS uses each entry in the domain list to append that domain name to any hostname that does not contain a complete domain name before starting a domain-name lookup. Cisco NX-OS continues this process for each entry in the domain list until it finds a match. |
Step 5 | switch(config-vrf)# ip name-server address1 [address2... address6] [source-interface {loopback | port-channel | ethernet | mgmt. | vlan}] [use-vrf vrf-name] Defines up to six name servers. The address can be either an IPv4 or IPv6 address.
Note Multiple DNS servers are for the case of unresponsive servers. If the first DNS server in the list replies to the DNS query with a reject, the remaining DNS servers are not queried. If the first one doesn't respond, the next DNS server in list is queried.
|
Configuring the Call Home Service for Direct Cloud Access
Make sure that Smart Call Home is enabled on the switch before configuring Smart Software Licensing.
Configuring a Source Interface to Send Messages Using HTTP
Beginning with Cisco NX-OS 10.3(2)F, you can optionally specify a source interface to send Smart Call Home messages over HTTP. If a source interface is not configured, the interface used to reach the Call Home server will be chosen.
Step 1 | configure terminal Example:
Enters global configuration mode. |
Step 2 | callhome Example:
Enters Smart Call Home configuration mode. |
Step 3 | source-interface interface Example:
Configures Smart Call Home to use this source interface when connecting to the Call Home server. |
Step 4 | enable Example:
Enables Call Home. |
Step 5 | (Optional) show callhome Example:
(Optional) Displays information about Smart Call Home. |
Step 6 | (Optional) copy running-config startup-config Example:
(Optional) Copies the running configuration to the startup configuration. |
What's next
Optionally use VRFs to send Smart Call Home messages over HTTP.
Configuring a VRF to Send Messages Using HTTP
Step 1 | switch# configure terminal Enters global configuration mode. |
Step 2 | switch(config)# callhome Enters Call Home configuration mode. |
Step 3 | switch(config-callhome)# transport http use-vrf vrf-name Configures the VRF used to send email and other Smart Call Home messages over HTTP. |
Viewing a Smart Call Home Profile
switch# show running-config callhome Displays the Smart Call Home profile. |
Reference
For more information about SLP, see Cisco Nexus 9000 and 3000 Series NX-OS Smart Licensing Using Policy User Guide.