Q&A Specific to the Cisco 800 Series (Cisco 860 and 880) Integrated Services Routers
Q. What is software activation? How does it work?
A. Software activation authorizes and enables the usage of a Cisco software feature or feature sets. A special file contained in the device, called a license file, is examined by Cisco software when the device is powered on. Based on the license file installed, Cisco software enables the appropriate feature set(s).
License files can be changed or upgraded to enable a different feature set.
Note: A particular license file only functions with the device for which it was created (that is, a license file is generated based on the unique serial number [SN] and product ID [PID] of the device, known as the unique device identifier [UDI]).
Q. What are the different types of licenses (general overview not necessarily applicable to Cisco 860 and 880 Integrated Service Routers)?
A. Software activation offers various types of licenses:
Permanent license requires one-time installation, independent of the release version. We offer several types of permanent licenses:
• Permanent feature/feature set/image (uncounted): This applies to a feature, feature set, or entire image. A permanent license requires a one-time license installation independent of the software release version.
• Permanent feature license (counted): This applies to a count-based feature within an image. A permanent license requires a one time installation independent of the software release version; if an increase in count is necessary, a new license is required to activate the additional counts. This typically applies to features such as Secure Sockets Layer (SSL).
• Subscription base license: This applies to a feature within an image that requires frequent downloads to keep the device up to date. This typically applies to security features such as Intrusion Prevention Systems (IPSs).
Temporary license offers a typical 60-day trial period; once expired, it reverts back to the base functionality offered. There are three types of temporary licenses:
• Evaluation/emergency license: Comes preloaded in the software activation code release. This allows for a 60-day trial period of the feature or feature sets/image. The emergency license is best used when the customer has received a new unit (through an RMA), has no Internet connection to transfer the licenses over, and would like to get a device up and running immediately. Without any further delay or phone calls, the emergency license can be activated for 60 days after accepting an end user license agreement (EULA) on the CLI or Cisco License Manager interface.
• Evaluation license/demo license: Provides a 60-day demo license for licensed features or feature sets/image, available on the following URL http://www.cisco.com/go/license
• Extension license: License extension available by calling the Cisco Technical Assistance Center (TAC), and upon approval, a defined time frame is offered based on a joint agreement (more or less than 60 days).
Q. What is licensed on the Cisco 800 Series using software activation?
A. With respect to only the new Cisco 800 Series Integrated Services Routers (ISRs): for theCisco 860 and 880 ISRs, software activation is introduced to enable activation of thepermanent and temporary licenses for the Advance Security and Advanced IP Services feature set images. (See Table 1.)
Table 1. Default Images/Licenses per Platform
Cisco 880 SRST
Cisco IAD 880
Advanced IP Services
• Advanced Security: This is the default feature set and hence the default license (preinstalled at factory) for the Cisco 860, 880 Data, and IAD880 platforms.
• Advanced IP Services: This is an upgrade option for the Cisco 880 data or IAD platforms, and is the default feature set for Cisco 880 SRST.
If a user purchases an upgrade to Advanced IP Services at time of manufacturing, both the Advanced Security and Advanced IP Services licenses will be preinstalled, so no additional work is required out of the box.
If the user decides at a later time to upgrade to Advanced IP Services, a license has to be purchased and installed before the Advanced IP Services feature sets are activated. See question "How do I upgrade using software activation?" below.
Q. How are licenses managed? What is Cisco License Manager?
A. Several options exist to manage software licenses. The command-line interface (CLI) provides the ability to install, view, and clear software licenses per device. This functionality is also available through Simple Network Management Protocol (SNMP) for integration with standards-based network management tools.
For a larger number of devices, Cisco License Manager discovers and manages the licenses for up to 30,000 devices. Cisco License Manager can be used standalone or integrated with the CiscoWorks family of management tools.
For the Cisco 860 and 880 ISRs, if using the CounterPoint Management tool for device configuration, Cisco License Manager can be installed on the same machine as CounterPoint. Cross-launching Cisco License Manager from CounterPoint can be used at this point.
Cisco License Manager
Cisco License Manager is a secure client-server application running on Windows XP and Solaris operating systems. Cisco License Manager manages Cisco IOS® Software activation and licenses for Cisco network devices. It automates the Cisco IOS Software licensing workflows using its wizard-based, easy-to-use, and intuitive GUI and scales for large network deployments. Cisco License Manager is a standalone application and does not require any other Cisco network management application for it to work. It provides an optional full-functionality Java software development kit (SDK) for integration with third-party software or homegrown management applications
Q. What is a universal image? How does it work with licensing?
A. A universal image is a superset of the offered images and is already loaded on each applicable platform. When a universal image is loaded in a device, it contains all the offered images bundled together.
If a user wants to upgrade to Advanced IP Services using the same code release, that user needs to acquire the license and install it, and the Advanced IP Services feature set is ready for use after a device reboot. (See Figure 1.)
Figure 1. Universal Image and Licensing
Note: *Advanced Security license is installed by default for the applicable platforms.
A. For all orders placed at the time of manufacturing, the licenses will be preinstalled. For example: if user purchases a Cisco IAD880 platform with the Advanced IP Services image at the time of order, the Advanced IP Services license will come preinstalled, not requiring the user to install additional licenses.
Q. How do I upgrade using software activation?
A. For orders placed after the product has shipped (that is, upgrades), a license must be purchased (using a product authorization key [PAK]) and registered before the license is activated on the device. See the following question.
Q. What is a PAK? What are the different types?
A. PAKs are purchasable items, ordered in the same manner as other Cisco equipment; they are used to obtain license files for feature sets on specific classes of devices.
A PAK is used to generate one or more licenses. A PAK that generates more than one license is similar in concept to a debit card. The PAK code is reused to generate the number of licenses originally specified during the PAK purchase. After that number of licenses has been generated, no additional licenses can be created using the same PAK. A PAK can be configured and purchased with quantities anywhere from 1 up to 5000 licenses.
Software-activated SKUs (Table 2) are recognized by SL-XXX-XXX= or L-XXX-XXX=. (See Table 1 for all offered Cisco 880 upgrade SKUs.)
• SL-880-AIS= upgrade SKU generating a PAK that is provided by regular mail
• L-880-AIS= upgrade SKU generating a PAK that is provided by electronically
• SL-IAD880-AIS= upgrade SKU generating a PAK that is provided by regular mail
• L-IAD880-AIS= upgrade SKU generating a PAK that is provided by electronically
Table 2. Software-Activated Upgrade SKUs
Cisco 880 Data
Upgrade from Advanced Security to Advanced IP Services for Cisco 880 Data SKUs. PAK is mailed out.
Upgrade from Advanced Security to Advanced IP Services for Cisco 880 Data SKUs. PAK is delivered electronically.
Upgrade from Advanced Security to Advanced IP Services for Cisco IAD880 SKUs. PAK is mailed out.
Upgrade from Advanced Security to Advanced IP Services for Cisco IAD880 SKUs. PAK is delivered electronically.
Cisco 880 Quantity
Purchase upgrade quantities: user will receive 1 PAK for multiple license upgrades, up to 5000.
The user must decide which option to purchase (SL or L SKU): that is, mail PAK delivery or edelivery.
Q. What do I do if I lose the purchased PAK?
A. The PAK can be retrieved using the current Cisco ordering tool; Sales Order entry is required before the PAK can be provided.
Q. What is licensing call home? What are the various call home functions?
A. Licensing call home provides the ability to perform certain licensing operations from the device by communicating directly with the licensing backend using HTTPS secure connectivity.
The following call home functionality is supported
• license call-home install pak <PAK>: install the licenses to the device using a PAK
• license call-home resend: retrieve all the licenses to which the device is entitled
• license call-home revoke udi <target-udi>: transfer/rehost a given product ID from the device to a target device
Q. How is a license obtained and installed?
A. A license can be obtained and installed following a four-step process:
1. Purchase a PAK for the desired type of license(s): that is, SL-xxx-xxx or L-xxx-xxx.
3. Install the license file returned from the license portal to the provided e-mail address (using CLI, call home, or Cisco License Manager).
4. Reboot the device. The new feature set/image is enabled.
Note that a license is generated based on the UDI of the device; for multiple purchased licenses using the same PAK, the user needs to register the same PAK using all UDIs to received license files for each device.
Cisco License Manager can be used to facilitate this process for networkwide license deployment (refer to question 4).
Q. What happens in return merchandise authorization (RMA) cases?
A. As done today, customers will receive the replacement hardware (based on their Cisco SMARTnet® Service contract) for the specific device with the default image, which will include the default license. To transfer additional purchased licenses (for example, Advanced IP Services), an RMA portal is provided at http://www.cisco.com/go/license, select RMA.
If the user or location in which the replacement unit is installed does not have Internet to access the RMA portal, a built-in evaluation license (also referred to as emergency license in question 2) is provided to allow the user to immediately activate and reconfigure the features for 60 days until the RMA license transfer is complete.
Q. What do I do if a license is accidentally removed?
A. If a license has been cleared from the device, the user has the following options to retrieve it:
• If the device is connected to the Internet, a CLI call home function is provided to retrieve all registered licenses. (Note that this can only be implemented after the license has been issued based on a specific UDI.)
• If Cisco License Manager is deployed, Cisco License Manager can call home and retrieve the license(s) for the user to reinstall.
A. The license file is stored on a special area of the memory in the device. The license file is not directly viewable within the device file system, but the CLI exists to view and manage the license file.
Q. What is a license rehost?
A. License rehost is the ability to securely transfer a license from one working device to another working device within the same family or as defined in the license policy. For example, a user has conducted Advanced IP Services certification on a demo lab unit. Because that user purchased the license for Advanced IP Services and wants to transfer that license over to a product unit, the user can do so using the rehost function. The function can be achieved using one of the following methods:
• CLI call home function
• Cisco License Manager rehost function
Q. What is the procedure for obtaining licensing for customers with isolated networks (for example, with no Internet connectivity)?
A. If the customer is using Cisco License Manager, the procedure can be made automated to a large extent by deploying two Cisco License Managers: one inside the isolated network and one outside with Internet access. Note that this does require ability to copy data from Cisco License Manager deployed inside the isolated network. If this is not possible, then the first step will need to be manual: printing the device UDIs and adding them into Cisco License Manager with Internet connectivity using an Extensible Markup Language (XML) file.
For more information regarding various options for deploying Cisco License Manager or additional details, go to http://www.cisco.com/go/clm.
The device does not have to be connected to the Internet to be upgraded. The UDI (serial number and PID) has to be taken out of the secure network on paper, disk, whatever is allowed, and then sent to Cisco's license portal. A license gets sent back in response. The license is a small file. It must be brought back into the secure network on some type of approved media/process and installed on the device.
Glossary and Important Links
Cisco Software Activation
Table 3. Glossary
Cisco License Manager
A license management tool, similar to Network Management tool.
End-user license CA organization that provides support for licensing.
A free license that has usage-based expiration associated with it, provided to allow customers and sales engineers to evaluate new products. Recommended usage is in labs and other nonproduction networks. 60-day license.
A license that has a usage-based expiration associated with it. This is used for two purposes: to allow TAC and Cisco to provide a temporary license, and also provided to extend functionality when rehosting licenses. Available on Cisco Web portal for access.
Device is given a 60-day grace period, after a rehost has been performed.
Legal rights that permit the usage of legally obtained products. This is not a license line.
Enforcement of licenses using electronic means.
File generated by Cisco licensing tools. Used to install license on product. Has a user-readable part and contains one or more licenses.
This is a file that holds a collection of license lines. This file exists in permanent (read/write) storage on a device.
The movement of digital rights from one working router to another.
The binding of digital rights to a specific network node: a router or switch.
Product authorization key: Provided to customer when a spare upgrade license is purchased. Used to generate license line.
A set of data issued by SWIFT that has a human-readable and encrypted field. It informs the device about which licenses to revoke and which ones to install. See the rehost process for details.
The persistence file holds the license history for a device along with certain information about license removals, expiries, rehost, and so on.
Cisco self-service Website, where PAK can be registered to obtain a license line.
Returned merchandise authentication. The return of a failed unit of hardware back to the supplier or manufacturer. End user license.
Product support contract, expected to be one per product for a fixed period of time.
Stock keeping unit: Software on Cisco.com is an SKU. An SKU maps to one or more license features.
Cisco Website from which software can be downloaded.
Universal device identifier. Cisco wide identifier that contains product ID, serial number and version. Only product ID and serial number are used by this project.