Smart Licensing Using Policy

About this Guide

This document provides information about Smart Licensing Using Policy such as the concept, architecture, supported products and topologies, configuration, migration, tasks, and troubleshooting only for Cisco Nexus 9000 and 3000 Series switches.

Overview

Introduction to Smart Licensing Using Policy

Smart Licensing Using Policy (SLP) is an enhanced version of Smart Licensing, the objective of which is to provide a licensing solution that does not interrupt the operations of your network and to enable a compliance relationship to account for the hardware and software licenses you purchase and use.

Smart Licensing Using Policy is introduced in Cisco NX-OS Release 10.2(1)F for Cisco Nexus 3000 and 9000 series switches.

The following image illustrates the evolution of Smart Licensing Using Policy (SLP) from the traditional licensing model through Cisco NX-OS Releases.

Figure 1. Evolution of licensing in Nexus 9000/3000 Series Platform Switches

This document provides information only on SLP. For information on older version licensing, refer to Cisco Smart License Utility User Guide.

The primary benefits of this enhanced licensing model are:

  • Seamless day-0 operations

    After a license is ordered, no preliminary steps, such as registration or generation of keys, are required unless you use an export-controlled or enforced license. There are no export-controlled or enforced licenses on Cisco Nexus Switches, and product features can be configured on the device right-away.

  • Consistency in Cisco NX-OS

    Devices that run Cisco NX-OS software have a uniform licensing experience.

  • Visibility and manageability

    Tools, telemetry, and product tagging.

  • Flexible, time series reporting to remain compliant

    Easy reporting options are available, whether you are directly or indirectly connected to Cisco Smart Software Manager (CSSM) or are in an air-gapped network.

This document provides conceptual, configuration, and troubleshooting information for SLP on Cisco Nexus Switches. For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.

The conceptual information includes an overview of SLP, supported products, supported topology, and explains how SLP interacts with other features. SLP is a software license management solution that provides a seamless experience with the following aspects of licensing:

  • Purchase: Purchase licenses through the existing channels and use the Cisco Smart Software Manager (CSSM) portal to view product instances and licenses.

    To simplify the implementation of SLP, provide your Smart Account and Virtual Account information when placing an order for new hardware or software. This allows Cisco to install applicable policies (terms explained in the Concepts section below), at the time of manufacturing.

  • License Type: All licenses on Cisco Nexus Switches are unenforced. This means that you do not have to complete any licensing-specific operations, such as registering or generating keys before you start using the software and the licenses that are tied to it. License usage is recorded on your device with timestamps and the required workflows can be completed later.

  • Report: License usage should be reported to CSSM. Multiple options are available for license usage reporting. You can use the Cisco Smart Licensing Utility (CSLU), or report usage information directly to CSSM. For air-gapped networks, a provision for offline reporting where you download usage information and upload it to CSSM, is also available. The usage report is in plain text XML format.

  • Reconcile: For situations where delta billing applies (purchased versus consumed).

Guidelines and limitations for Smart Licensing Using Policy

This section lists the guidelines and limitations for Smart Licensing Using Policy for the following categories:

General

  • Cisco NX-OS Release 10.2(1)F supports only the SLP licensing mode.

  • Cisco NX-OS Release 10.2(1)F does not support SL and PAK-based licensing.

  • SLP MIB is not supported.

  • In Cisco NX-OS Release 10.2(x), management VRF is supported on CSLU, Smart, and Callhome modes, and non-management VRF is supported only on Callhome. Beginning with Cisco NX-OS Release 10.3(2)F, non-management VRF is also supported on Smart and CSLU modes of transport.

  • Beginning with Cisco NX-OS Release 10.3(1)F, logging 2.0 is supported for SLP. From Release 10.5(1)F onwards, logging 2.0 support for callhome is introduced for SLP.

  • Beginning with Cisco NX-OS Release 10.3(2)F, source-interface is supported on Callhome mode with direct CSSM connectivity only. Beginning with Cisco NX-OS Release 10.3(3)F, support is introduced for source-interface with CSLU and Smart transport with both direct and indirect CSSM connectivity.

  • Beginning with Cisco NX-OS Release 10.4(3)F, Cisco Nexus switches provide TLSv1.3 support in SLP licensing mode.

Upgrade

  • For SL registered devices, when upgrading from Cisco NX-OS Release 9.3(3) or 9.3(4) to Cisco NX-OS Release 10.2(1)F, the transport mode may go to CSLU instead of callhome. It is recommended that you configure the transport mode to callhome manually and establish the trust with CSSM.

  • During upgrade from earlier release with Traditional Licensing (PAK) to Cisco NX-OS Release 10.2(1)F, reflection of RUM sync in show command may take up to 24 hrs after migration.

  • In Cisco NX-OS Release 10.3(2)F, license smart vrf is not supported on Cisco Nexus C92348GC-X switch. When management VRF is configured, upgrade of Cisco Nexus C92348GC-X switch from Cisco NX-OS Release 10.3(2)F to 10.3(3)F is supported. When management VRF is not configured, to upgrade Cisco Nexus C92348GC-X switch from Cisco NX-OS Release 10.3(2)F to 10.3(3)F, first configure no license smart vrf and then proceed with the upgrade.

  • For SL registered devices that are connected to On-Prem, when upgrading from any Traditional Licensing (PAK) to Cisco NX-OS Release 10.2(1)F, the license consumption may not adhere hierarchy rules of tier licenses at On-Prem. It is recommended that CSSM to be referred for proper consumption of licenses post sync from On-Prem.

  • For SL registered devices with CSSM, when upgrading from Cisco NX-OS Release 9.3(3) or 9.3(4) to Cisco NX-OS Release 10.2(1)F, duplicate entry may occur for the same product instance on CSSM/On-Prem for a day.

DNS

  • When configuring the DNS resolution, configure it under the management VRF, as only management VRF is supported.

Transport

Callhome

  • IPv6 is only supported on callhome transport mode.

CSLU

  • CSLU-initiated communication/pull mode is not supported in Cisco NX-OS Release 10.2(1)F.

  • Only CSLU mode of transport is supported on On-Prem.

  • For auto discovery, only one CSLU can be used in the network.

  • CSLU configuration is mandatory if callhome is not configured and the device is not registered with CSSM, when moving from pre-SLP releases to SLP in Cisco NX-OS Release 10.2(1)F. For more information, see Connected to CSSM Through CSLU.

  • While using the transport mode as CSLU, if licenses do not get released from the SA/VA after write-erase and reload of the switch, it is recommended to delete the product instance from the SA/VA.

  • Standalone CSLU does not support multi-tenancy, it supports only single SA/VA. However, SSM On-Prem supports multi-tenancy.

Commands

  • When a switch is being reset to factory defaults using the write erase command, it is recommended to do a license smart factory reset before reloading the switch.

  • The following commands do not support XMLized output:

    • show-tech support license

    • show license eventlog

    • show license history message

    • show license rum id all

    • show license data conversion

  • The output of the show license status command may show discrepancy in timer values, but has no functional impact. The timer gets updated automatically and the RUM Reporting will be retried after 24 hours.

  • To find more information about rum reports, use the following show commands:

    • show license rum id all - The output of this show command displays the list of all rum ids.


      Note


      The show license rum id 0 command also displays the list of all rum reports. The value 0 also represents all in the case of this command.


    • show license rum id report_id - This command allows you to select one rum id from the list and the output of this command displays a short summary of the report.

    • show license rum id all detail - The output of this command provides a list of all rum ids in a detailed format.

    • show license rum id report_id detail - This command allows you to select one rum id, about which you want to know the details, from the list and the output displays a detailed format of the report.

Concepts

This section explains the key concepts of SLP.

License Enforcement Types

The only enforcement type supported on Cisco Nexus 9000 and 3000 platform switches is Unenforced or Not Enforced. Unenforced licenses do not require authorization before use in air-gapped networks or in connected networks. The terms of use for such licenses are as per the end user license agreement (EULA).


Note


Enforced and Export licenses are not supported on Cisco Nexus 9000 platform switches.


License Duration

This refers to the duration or term for which a purchased license is valid. A given license may belong to any one of the enforcement types mentioned above and be valid for the following durations:

  • Perpetual: A perpetual license enables you to make a one-time purchase of a license that does not expire.

  • Subscription: A subscription-based license enables you to purchase a license for a specific period of time based on your requirement.

Policy

A policy provides the switch with these reporting instructions:

  • License usage report acknowledgment requirement (Reporting ACK required): The license usage report is known as a RUM Report and the acknowledgment is referred to as an ACK (See RUM Report and Report Acknowledgement). This is a yes or no value that specifies if the report for this product instance requires CSSM acknowledgment. The default policy is always set to yes.

  • First report requirement (days): The first report must be sent within the duration specified here.

  • Reporting frequency (days): The subsequent report must be sent within the duration specified here.

  • Report on change (days): If there is a change in license usage, a report must be sent within the duration specified here.

Understanding the Policy Selection

CSSM determines the policy that is applied to a switch. Only one policy is in use at a given point in time. The policy and its values are based on several factors, including the licenses being used.

Cisco default is the default policy that is always available in the product instance. If no other policy is applied, the product instance applies this default policy. Table 1 shows the Cisco default policy values.

If you cannot configure a policy, you can request for a customized one, by contacting the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing. The licensing team will contact you to start the process or for any additional information. Customized policies are also made available through your Smart account in CSSM.


Note


To know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command in privileged EXEC mode.


Table 1. Policy Cisco default for NX-OS
Policy: Cisco Default Default Policy Values
Unenforced/Non-Export

Reporting ACK required: Yes

First report requirement (days): 90

Reporting frequency (days): 365

Report on change (days): 90

RUM Report and Report Acknowledgment

A Resource Utilization Measurement report (RUM report) is a license usage report, which the product instance generates, to fulfill reporting requirements as specified by the policy.


Note


When a switch does not consume a license, it does not generate any RUM report. To verify license consumption, use the show license usage command.


An acknowledgment (ACK) is a response from CSSM and provides information about the status of a RUM report.

The policy that is applied to a product instance determines the following reporting requirements:

  • Whether a RUM report is sent to CSSM, and the maximum number of days provided to meet this requirement.

  • Whether the RUM report requires an acknowledgment (ACK) from CSSM.

  • The maximum number of days provided to report a change in license consumption.

A RUM report sent to CSSM from device/CSLU may be accompanied by other requests.


Note


System logs are generated at X and X-30 days if reporting is not done. X is the reporting interval per the policy.


Below is the example for RUM:
<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
<RUMReport>
<![CDATA[
{
   "payload":{
      "asset_identification":{
         "asset":{
            "name":"regid.2017-11.com.cisco.Nexus_9300,1.0_ac6ddieu7-89ju-4dne7-8699-4eeeklljnk"
         },
         "instance":{
            "sudi":{
               "udi_pid":"N9K-C9364C-GX",
               "udi_serial_number":"FDjhjudyw8778"
            },
            "product_instance_identifier":"f804e59b-7296-4c6d-a4f4-e61207ddf150"
         },
         "signature":{
            "signing_type":"CISC123",
            "key":"00000000",
            "value":"A0EPZ4grbhDeNG2q1wJxeRAkEIFabnHp8UCB+qoFMFRA3oMkZ3G572mm
             FDFZXVSaA2yfVRym0GMgKDo2glzz7er1RVIyB8XnrqgdgFBMkvJiuHb5B9Bdvs
             8qABGErQZP7m5HTUQcHNwczYYAoflIMo2ltaaUzhbmjppoh1b6cIvjUqTVTyg37cj/
             Z0r7hIviUxrzvHBVFFVA50Ik8wXPFWS24aLC4ubXvEDNzDv1UWQwfJy0XmkegJ07PBVAfcRPhfZ4/5J9YtsQ1xRb5ot+
             IdogZmhX7ISVOAh3WFjvAMVhQrH4xeSKD1wgIZtLAC+TnixvU6HAc4p168UK6aZV4A=="
         }
      },
      "meta":{
         "entitlement_tag":"regid.2019-06.com.cisco.LAN_Nexus9300_XF2,1.0_ ac6ddieu7-89ju-4dne7-8699-4eeeklljnk",
         "report_id":16283555555,
         "software_version":"10.2(1)FI9(1)",
         "ha_udi":[
            {
               "role":"Active",
               "sudi":{
                  "udi_pid":"N9K-C9364C-GX",
                  "udi_serial_number":" FDjhjudyw8778"
               }
            }
         ]
      },
      "measurements":[
         {
            "log_time":1628323253,
            "metric_name":"ENTITLEMENT",
            "start_time":1628323253,
            "end_time":1628323254,
            "sample_interval":1,
            "num_samples":1,
            "meta":{
               "termination_reason":"CurrentUsageRequested"
            },
            "value":{
               "type":"COUNT",
               "value":"1"
            }
         }
      ]
   },
   "header":{
      "type":"rum"
   },
   "signature":{
      "sudi":{
         "udi_pid":"N9K-C9364C-GX",
         "udi_serial_number":"FDOkjahwdiuw78"
      },
      "signing_type":"CISC123",
      "key":"782198723987",
      "value":"BIoW16suShhDdAJZgRGtxdk/b4yhdvtDJQzE4eujgG+w/
       UKICJ40oEsh2HfIy0kcbfSn3gaAPwhlwHxFUVjLh+kYHxuwSvsI0RwwyIgBIlYbc9JojQ40dZGLRVmJt05djYIRkRHI5dYMO0Fn/
       a/F+VnaEQ2hVbbTWMW0pDLnJksPyQ9Mn91RmI4ZCfkS5gGNeS9U0CyeBpSYfh/r+N4bn/gmf+XDmK30x6yukTflvUC6IV/
       lNMxJYOpZ87mV/4XX6Bw88Ab1K3KX6VHVpeMr45UeUNGd0efaigReB9ERISJnERxAEs4SuU/ZhnFMONAwW/4WCpDXD/p8bcw76mmSkw=="
   }
}
]]>
</RUMReport>
</smartLicense>
Below is the example for RUM ACK
<?xml version="1.0" encoding="UTF-8"?>
<smartLicense>
   <smartLicenseRumAck>
      <data>
        <![CDATA[[
        {
           "status_code":"OK",
           "status_message":"Rum Report is accepted.",
           "localized_message":"Rum Report is accepted.",
           "product_instance_identifier":"f80003456-1234-3g5h-b6b6-e1234hrtu5678",
           "sudi":{
              "udi_pid":"N9K-C9364C-GX",
              "udi_serial_number":"FDO3456yuth"
           },
           "report_id":162123456,
           "correlation_id":"610e4fcecebababeyro678990-bf94ajdu47878787hdj",
           "subscription_id":null
        }      
      ]]]>
    </data>
    <signature>MEQCIBtBcrLc384LDGgD9axXIMFiV4usLWOeOvJiP4nL9PKhAiA16
yiPufFIFwfEPIGbqMbfTKB+gGxB52m5tPVWZ/MP6Q==</signature>
   </smartLicenseRumAck>
   <smartLicenseAccountInfo>
      <customerInfo>
         <timestamp>1628327760658</timestamp>
         <smartAccount>InternalTestDemoAccount10.cisco.com</smartAccount>
         <virtualAccount>nxofirst</virtualAccount>
         <smartAccountId>2312345</smartAccountId>
         <virtualAccountId>509876</virtualAccountId>
         <smartAccountDomain>internaltestdemoaccount10.cisco.com</smartAccountDomain>
      </customerInfo>
      <signature>MEQCIBelsrxUBMzZSi406NeeHOJRlboJedEThjgyutwiqwge2iuey2
uehdufydwinGOsmgLaef1HAG+naWneLqZ139ARFiTsmA==</signature>
   </smartLicenseAccountInfo>
   <correlationID>ngnx-d3chwyt37hgdytf1924b4a57c190bc6</correlationID>
</smartLicense>

Trust Code

Trust code is a UDI-tied public key with which the product instance signs a RUM report. This prevents tampering and ensures data authenticity.

Supported Products

This section provides information about the Cisco NX-OS switches that are within the scope of this document and support SLP. All models (Product IDs or PIDs) in a product series are supported – unless indicated otherwise.

Table 2. Cisco Nexus Switches
Cisco Nexus Switches When Support was Introduced

Cisco Nexus 9364C-H1 switch

Cisco NX-OS Release 10.4(3)F

Cisco Nexus 93108TC-FX3 switch,

Cisco Nexus 93400LD-H1 switch

Cisco NX-OS Release 10.4(2)F

Cisco Nexus 9804 switch,

Cisco Nexus 9332D-H2R switch,

Cisco Nexus 9348GC-FX3 switch,

Cisco Nexus 9348GC-FX3PH switch

Cisco NX-OS Release 10.4(1)F

Cisco Nexus 9408 Platform Switches

Cisco NX-OS Release 10.3(2)F

Cisco Nexus 9808 Platform Switches

Cisco NX-OS Release 10.3(1)F

Cisco Nexus 9500 Series Switches

Cisco NX-OS Release 10.2(1)F

Cisco Nexus 9300 Series Switches

Cisco NX-OS Release 10.2(1)F

Note

 

Beginning from Cisco NX-OS Release 10.3(1)F, 24-port licensing support is provided for the following Cisco Nexus platform switches:

  • N9K-C93108TC-FX3P

  • N9K-C93180YC-FX3

  • N9K-C93180YC-FX3H

Cisco Nexus 3600 Series Switches

Cisco NX-OS Release 10.2(1)F

Cisco Nexus 3500 Series Switches

Cisco NX-OS Release 10.2(1)F


Note


For the hardware that are not supported, refer to Cisco Nexus 9000 Series NX-OS Release Notes, Release 10.1(1) - Cisco.


Supported Version of SA, CSLU, and NX-OS for On-prem Version

This table provides data about the supported Smart Account agent version and CSLU version for the respective Cisco NX-OS releases for the on-prem version of SLP.

NX-OS

SA Agent

On-Prem

CSLU

10.2(4)M

5.2.4_rel/79

8-202212, 8-202304

2.2.0

10.3(4a)M

5.7.25_rel/84

8-202212, 8-202304

2.2.0

10.4(3)F

5.7.30_rel/108

8-202304, 8-202308

2.2.0

10.5(1)F

5.7.30_rel/108

8-202401

2.2.0

Architecture

This section explains the various components that can be part of your implementation of SLP.

Product Instance or Switch

A Product Instance (PI), for example, a switch, is a single instance of a Cisco product, which is identified by a Unique Device Identifier (UDI).

A PI records and reports license usage (Resource Utilization Measurement reports) and provides alerts and system messages about issues such as overdue reports and communication failures. Resource Utilization Measurement (RUM) reports and usage data are securely stored in the product instance.

Throughout this document, the term product instance refers to all supported physical and virtual product instances, unless noted otherwise. For information about the product instances that are within the scope of this document, see Supported Products.

CSSM

Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses from a centralized location. CSSM helps you manage current requirements and review usage trends to plan for future license requirements.

You can access the CSSM Web UI at https://software.cisco.com/software/smart-licensing/alerts. Navigate to Manage licenses link.

See the Supported Topologies section to know about the different ways in which you can connect to CSSM.

In CSSM you can perform the following:

  • Create, manage, or view virtual accounts

  • Create and manage Product Instance Registration Tokens

  • Transfer licenses between virtual accounts or view licenses

  • Transfer, remove, or view Product Instance

  • Run reports against your virtual accounts

  • Modify your email notification settings

  • View overall account information

CSLU

Cisco Smart License Utility (CSLU) is a Windows-based reporting utility that provides aggregate licensing workflows. This utility performs the following key functions:

  • Provides options relating to how workflows are triggered. The workflows can be triggered by CSLU or by the product instance.

  • Collects usage reports from the product instance and uploads these usage reports to the corresponding Smart Account or Virtual Account, online or offline, using files. Similarly, the RUM report ACK is collected online or offline and sent back to the product instance.

  • Sends authorization code requests to CSSM and receives authorization codes from CSSM, if applicable.

CSLU can be part of your implementation in the following ways:

  • Install the Windows application to use CSLU as a standalone tool that is connected to CSSM.

  • Install the Windows application to use CSLU as a standalone tool that is disconnected from CSSM. With this option, the required usage information is downloaded to a file and then uploaded to CSSM. This is suited for air-gapped networks.

SSM On-Prem

Smart Software Manager On-Prem (SSM On-Prem) is an asset manager, which works in conjunction with CSSM. It enables you to administer products and licenses on your premises instead of having to directly connect to CSSM.

Information about the required software versions to implement SLP with SSM On-Prem, is provided below:

Minimum Required SSM On-Prem Version for SLP1 Minimum Required Cisco NX-OS Version2
Version 8, August, 2021 Cisco NX-OS Release 10.2(1)F
1

The minimum required SSM On-Prem version. This means support continues on all subsequent releases - unless noted otherwise.

2 The minimum required software version on the product instance. This means support continues on all subsequent releases - unless noted otherwise.

Note


The latest version of SSM On-Prem for SLP is Version 8, June 2022.


For more information about SSM On-Prem, see Smart Software Manager On-Prem on the Software Download page. Hover mouse over the .iso image to display the documentation links to the following guides:

  • Installation Guide – SSM On-Prem Installation Guide

  • Release Notes – Cisco Smart Software Manager On-Prem Release Notes

  • User Guide – Smart Software Manager On-Prem User Guide

  • Console Guide – Smart Software Manager On-Prem Console Reference Guide

  • Quick Start Guide – Smart Software Manager On-Prem Quick Start Installation Guide