Licensing and Security

This chapter provides details on the security licensing for the IR800 series.

The IOS feature set is aligned with the IOT 15.x M/T release strategy. They are:

  • S800IUK9-15503M – Cisco IR800 Series UNIVERSAL

  • S800INPEK9-15503M – Cisco IR800 Series UNIVERSAL – NO PAYLOAD ENCRYPTION

The Software License PIDs are shown in the following table.

Table 1. Software License PIDs

Software PID

Name

Description

SL-IR800-IPB-K9

Cisco 800 Series Industrial Routers IP Base License

Routing (BGP, OSPF, RIP, EIGRP, ISIS,), PBR, IGMP/MLD, Multicast, QoS, AAA, Raw Sockets, Manageability

SL-IR800-SEC-K9

Cisco 800 Series Industrial Routers Security License

SSL, VPN, IPSec, DMVPN, FlexVPN, IOS Firewall

SL-IR800-SNPE-K9

Cisco 800 Series Industrial Routers No Payload Encryption License

SL-IR800-DATA-K9

Cisco 800 Series Industrial Routers Data License

L2TPv3, IP SLA, BFD, MPLS (subset)

SWAP1530-81-A1-K9

Cisco 1530 Series Unified & Autonomous 8.1 SW

IR829 AP803 WI-FI

Licensing

Licenses are installed at manufacturing. If the securityk9 technology-package is not installed, the crypto related functions will not work. See additional information under Hardware Crypto Support

To enable the RightToUse license, perform the following:

  1. Accept the EULA.

  2. Enable the technology-package.

  3. Reload the IR800.

Licensing CLI


IR800# show version
License Info:
License UDI:
-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*1        IR829GW-LTE-GA-EK9    FGL194520VZ     
Suite License Information for Module:'ir800’ 
--------------------------------------------------------------------------------
Suite                 Suite Current         Type           Suite Next reboot     
--------------------------------------------------------------------------------
Technology Package License Information for Module:'ir800’ 
------------------------------------------------------------------------
Technology    Technology-package                  Technology-package
              Current              Type           Next reboot  
------------------------------------------------------------------------
ipbase        ipbasek9             Permanent      ipbasek9
security      securityk9           Permanent      securityk9
data          datak9               Permanent      datak9

IR800# conf term
license udi pid IR829GW-LTE-GA-EK9 sn FGL190726G8
license accept end user agreement
license boot module ir800 technology-package securityk9
license boot module ir800 technology-package datak9

IR829#show license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse 
ipbasek9                 no           no          no             yes      no         
securityk9               yes          yes         no             yes      yes        
datak9                   yes          yes         no             yes      yes

Hardware Crypto Support

The initial IOS software release, 15.5(3)M, provided only software based crypto support. With the introduction of IOS software release 15.5(3)M, hardware based crypto support was added. A security license must be installed to enable hardware based crypto support.

To see which version of crypto support is being used: 


IR800#show crypto engine configuration
 
        crypto engine name:  Virtual Private Network (VPN) Module
        crypto engine type:  hardware
                     State:  Enabled
                  Location:  onboard 0
              Product Name:  Onboard-VPN
                HW Version:  1.0
               Compression:  No
                       DES:  Yes
                     3 DES:  Yes
                   AES CBC:  Yes (128,192,256)
                  AES CNTR:  No
     Maximum buffer length:  4096
          Maximum DH index:  0000
          Maximum SA index:  0000
        Maximum Flow index:  0256
      Maximum RSA key size:  0000
        crypto lib version:  22.0.0
     crypto engine in slot:  0
                  platform:  VPN hardware accelerator
        crypto lib version:  22.0.0