All licenses have an enforcement type. The enforcement type indicates if a license requires authorization before use, or not. These are the enforcement types.

• Licenses that belong to this enforcement type require authorization before use. The required authorization is in the form of an authorization code, which must be installed in the corresponding product instance.

  An example of an enforced license is the Media Redundancy Protocol (MRP) Client license, which is available on Cisco’s Industrial Ethernet Switches. Enforced licenses are not applicable to Cisco wireless controllers.

• Export-Controlled

  Licenses that belong to this enforcement type are export-restricted by U.S. trade-control laws and these licenses require authorization before use. The required authorization code must be installed in the corresponding product instance for these licenses as well. Cisco may pre-install export-controlled licenses when ordered with hardware purchase.

  An example of an export-controlled license is the High Speed Encryption (HSECK9) license, which is available on certain Cisco Routers. Export-controlled licenses are not applicable to Cisco wireless controllers.

This refers to the duration or term for which a purchased license is valid. A given license may belong to any one of the enforcement types mentioned above and be valid for the following durations:

• Perpetual: There is no expiration date for such a license.

  AIR Network Essentials and AIR Network Advantage licenses are examples of unenforced, perpetual licenses that are available on Cisco wireless controllers.

• Subscription: The license is valid only until a certain date.

  AIR Digital Network Architecture (DNA) Essentials and AIR DNA Advantage licenses are examples of unenforced subscription licenses that are available on Cisco wireless controllers.

An authorization code is not required for any of the licenses available on Cisco wireless controllers, but if you are upgrading from an earlier licensing model to Smart Licensing Using Policy, you may have a Specific License Reservation (SLR) with its own authorization code. The SLR authorization code is supported after upgrade to Smart Licensing Using Policy.

Note	While existing SLRs are carried over after upgrade, you cannot request a new SLR in the Smart Licensing Using Policy environment, because the notion of “reservation” does not apply. For an air-gapped network, the No Connectivity to CSSM and No CSLU topology applies instead.

For more information about how the SLR authorization code is handled, see Example: SLR to Smart Licensing Using Policy. If you want to return an SLR authorization code, see Removing and Returning an Authorization Code.

A policy provides the product instance with these reporting instructions:

• License usage report acknowledgement requirement (Reporting ACK required): The license usage report is known as a RUM Report and the acknowledgement is referred to as an ACK (See RUM Report and Report Acknowledgement). This is a yes or no value which specifies if the report for this product instance requires CSSM acknowledgement or not. The default policy is always set to “yes”.

• First report requirement (days): The first report must be sent within the duration specified here.

  If the value here is zero, no first report is required.

• Reporting frequency (days): The subsequent report must be sent within the duration specified here.

  If the value here is zero, it means no further reporting is required unless there is a usage change.

• Report on change (days): In case of a change in license usage, a report must be sent within the duration specified here.

  If the value here is zero, no report is required on usage change.

  If the value here is not zero, reporting is required after the change is made. All the scenarios listed below count as changes in license usage on the product instance:

  • Changing licenses consumed (includes changing to a different license, and, adding or removing a license).

  • Going from consuming zero licenses to consuming one or more licenses.

  • Going from consuming one or more licenses to consuming zero licenses.

Note	If a product instance has never consumed a license, reporting is not required even if the policy has a non-zero value for any of the reporting requirements (First report requirement, Reporting frequency, Report on change).

Understanding Policy Selection

CSSM determines the policy that is applied to a product instance. Only one policy is in use at a given point in time. The policy and its values are based on a number of factors, including the licenses being used.

Cisco default is the default policy that is always available in the product instance. If no other policy is applied, the product instance applies this default policy. The table shows the Cisco default policy values.

While you cannot configure a policy, you can request for a customized one, by contacting the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing. The licensing team will contact you to start the process or for any additional information. Customized policies are also made available through your Smart account in CSSM.

Note	To know which policy is applied (the policy in-use) and its reporting requirements, enter the show license all command in privileged EXEC mode.

A Resource Utilization Measurement report (RUM report) is a license usage report, which fulfils reporting requirements as specified by the policy. RUM reports are generated by the product instance and consumed by CSSM. The product instance records license usage information and all license usage changes in an open RUM report. At system-determined intervals, open RUM reports are closed and new RUM reports are opened to continue recording license usage. A closed RUM report is ready to be sent to CSSM.

A RUM acknowledgement (RUM ACK or ACK) is a response from CSSM and provides information about the status of a RUM report. Once the ACK for a report is available on the product instance, it indicates that the corresponding RUM report is no longer required and can be deleted.

The reporting method, that is, how a RUM report is sent to CSSM, depends on the topology you implement.

CSSM displays license usage information as per the last received RUM report.

A RUM report may be accompanied by other requests, such as a trust code request, or a SLAC request. So in addition to the RUM report IDs that have been received, an ACK from CSSM may include authorization codes, trust codes, and policy files.

The policy that is applied to a product instance determines the following aspects of the reporting requirement:

• Whether a RUM report is sent to CSSM and the maximum number of days provided to meet this requirement.

• Whether the RUM report requires an acknowledgement (ACK) from CSSM.

• The maximum number of days provided to report a change in license consumption.

If the product instance you are using is a Cisco Catalyst 9800-CL Wireless Controller, ensure that you are familiar with the conditions for a mandatory ACK starting with Cisco IOS XE Cupertino 17.7.1. For more information, see RUM Reporting and Acknowledgment Requirement for Cisco Catalyst 9800-CL Wireless Controller.

A UDI-tied public key, which the product instance uses to

• Sign a RUM report. This prevents tampering and ensures data authenticity.

• Enable secure communication with CSSM.

There are multiple ways to obtain a trust code.

• From Cisco IOS XE Cupertino 17.7.1, a trust code is factory-installed for all new orders.

  Note	A factory-installed trust code cannot be used for communication with CSSM.

• A trust code can obtained from CSSM, using an ID token.

  Here you generate an ID token in the CSSM Web UI to obtain a trust code and install it on the product instance. You must overwrite the factory-installed trust code if there is one. If a product instance is directly connected to CSSM, use this method to enable the product instance to communicate with CSSM in a secure manner. This method of obtaining a trust code is applicable to all the options of directly connecting to CSSM. For more information, see Connected Directly to CSSM.

• From Cisco IOS XE Cupertino 17.7.1, a trust code is automatically obtained in topologies where the product instance initiates the sending of data to CSLU and in topologies where the product instance is in an air-gapped network.

  If there is a factory-installed trust code, it is automatically overwritten. A trust code obtained this way can be used for secure communication with CSSM.

  Refer to the topology description and corresponding workflow to know how the trust code is requested and installed in each scenario: Connecting to Cisco SSM.

If a trust code is installed on the product instance, the output of the show license status command displays a timestamp in the Trust Code Installed: field.