Enforcement behavior for smart licensing is a Day-N behavior model that
-
conditionally enforces Smart Licensing Using Policy in NFVIS
-
transitions devices between states based on trust establishment and synchronization status, and
-
maintains licensing compliance through operational recovery commands and state persistence.
Smart licensing states and transitions
When trust is established and account mapping is successful, the device transitions to AUTHORIZED state and reports the consumed
license units to CSSM. In this state, usage and reporting continue at the configured intervals with no service-impacting enforcement
action.
If trust is not established (for example after certificate loss, account/VA movement, or stale token/config mismatch), the
device can show a PENDING state and should be recovered using license smart trust and/or license smart sync .
If synchronization is overdue beyond policy limits, the device can move to out-of-compliance related states and follow policy
retry/overdue intervals.
Operationally, use these commands for lifecycle recovery and maintenance:
-
license smart trust to re-establish trust certificates with CSSM.
-
license smart sync to push policy/usage synchronization when state mismatch is observed.
-
license smart release to release entitlement usage from CSSM before decommissioning or transfer workflows.
For steady state validation, check that:
-
Licensing status is AUTHORIZED.
-
Trust Code Installed has a valid timestamp.
-
Last Attempt Status is success.
-
Smart Account and Virtual Account are populated.
NFVIS persists Smart Licensing enforcement state in the /data/cisco/licensing/state file.
This file is JSON and is used to track enforcement-related runtime state across service restarts and upgrades.
The current state keys and meaning are:
-
expired : Boolean. True when grace has expired and out-of-compliance must be enforced.
-
grace : Boolean. True when the device is currently in grace period.
-
overdue : Boolean. True when synchronization is overdue (sync overdue event).
-
grace_expiry_ts : UNIX timestamp (seconds). Grace period end time used to decide whether OOC is still within grace window.
-
grace_reason : String. Reason text captured from usage-specific out-of-compliance information.
Default state when file is absent:
{"expired": false, "grace": false, "overdue": false, "grace_expiry_ts": 0, "grace_reason": ""}
State transitions used by NFVIS Smart Licensing workflow:
-
in_compliance event : resets overdue/expired/grace and clears grace_expiry_ts and grace_reason.
-
grace_period event : sets grace=true, expired=false, and updates grace_expiry_ts/grace_reason when available.
-
out_of_compliance event : if grace window has expired, sets expired=true and clears grace metadata; if still in grace window, keeps grace=true.
-
sync_overdue event : sets overdue=true.