Guest

Cisco Secure Access Control Server for Unix

Licensing Issues for Cisco Secure UNIX

Cisco - Licensing Issues for Cisco Secure UNIX

Document ID: 13851

Updated: May 14, 2009

   Print

Introduction

Each copy of Cisco Secure UNIX software requires a license in order to function properly. This document describes the process used to obtain a license key for the software.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Obtain the License Key

When Cisco Secure UNIX is purchased, there is a unique 16-digit number on the outside of the white paper CD sleeve and/or on a white sheet of paper in the box that says Requires Immediate Attention. This serves as a "proof-of-purchase number."

In order to obtain the license key for the software, submit the 16-digit proof of purchase and the hostid for your UNIX system to Cisco's licensing department by fax to 408 526-4323 or by e-mail to licensing@cisco.com.

Note: Every UNIX system has a unique eight-digit hostid. Type hostid on your UNIX system to determine the hostid for your system.

When you submit your proof-of-purchase number and hostid, you receive a 20-digit permanent license key to use to run the software. This permanent license key must be inserted into the Cisco Secure $BASE/config/CSU.cfg file on the first line, as shown here:

LIST config_license_key = {"12345678912345678912"};

You can obtain two license keys for two different UNIX boxes (one primary and one backup). The license key is tied to your system's specific hostid. Therefore, the key does not work if it is moved to a UNIX system with a different hostid.

License Transfers and Issues

The license key is not version-specific, so it can be reused for later Cisco Secure versions as long as the software remains on the same UNIX system (with the same hostid as when the software was initially licensed).

In some instances, a license transfer or further processing is necessary. Consider these scenarios:

  • You originally had a license for machine_A and machine_B, but now you need to transfer the machine_A license to machine_C. The proof of purchase might or might not be available.

  • You licensed machine_A at some point but did not obtain a license for machine_B. The proof of purchase cannot be located.

Cisco's licensing group also handles license transfers with or without the proof of purchase. If the original proof of purchase is available, submit the 16-digit number as well as the hostid of the intended new system. If the original proof of purchase is not available, provide as much information as possible so that the purchase can be researched. For example, you can provide a sales order number, purchase order number, SAS or SAU contract number, old Cisco Secure CCO case number, your name, your company's name, and any additional information that can help the licensing group track down your purchase.

Key Emergencies

Cisco Secure can run up to four ports (four users that authenticate at a time) without a valid key. But, when you authenticate any amount of traffic without a valid key, the message Licensed number of ports exceeded appears in the Cisco Secure log (if logging has been set up). This message usually appears on the router as "Protocol garbled." Conditions that cause this are:

  • no key in the CSU.cfg file

  • key is invalid for that hostid in the CSU.cfg file

  • expired key in the CSU.cfg file

In case of emergency, an evaluation key good for 30 days can be obtained through Cisco's Downloads Registration (registered customers only) . This temporary key can be swapped into the CSU.cfg file. The Cisco Secure services must be recycled once the key is changed, as shown here:

/etc/rc0.d/K80CiscoSecure
/etc/rc2.d/S80CiscoSecure

Since the evaluation key is only valid for a limited time, you still need to obtain a permanent license key. When you get your permanent key, remove the temporary evaluation key from the CSU.cfg file and insert the permanent key. Recycle the services to implement the new key.

Related Information

Updated: May 14, 2009
Document ID: 13851