Table Of Contents
Obtaining and Installing Licenses
Licensing Terminology
Licensing Model
Licensing High Availability
Options to Install a License
Obtaining a Factory-Installed License
Performing a Manual Installation
Obtaining the License Key File
Installing the License Key File
Backing Up License Files
Uninstalling Licenses
Updating Licenses
License Expiry Alerts
Grace Period Countdown
License Transfers Between Switches
Displaying License Information
Obtaining and Installing Licenses
The licensing functionality is available in all switches in the Cisco MDS 9000 Family. This functionality allows you to access specified premium features on the switch after you install the appropriate license for that feature. Licenses are sold, supported, and enforced as of Cisco MDS SAN-OS Release 1.3(1).
This chapter contains information related to licensing types, options, procedures, installation, and management for the Cisco MDS SAN-OS software.
This chapter includes the following sections:
•
Licensing Terminology
•Licensing Model
•Licensing High Availability
•Options to Install a License
•Obtaining a Factory-Installed License
•Performing a Manual Installation
•Obtaining the License Key File
•Installing the License Key File
•Backing Up License Files
•Uninstalling Licenses
•Updating Licenses
•License Expiry Alerts
•License Transfers Between Switches
•Displaying License Information
Licensing Terminology
The following terms are used in this chapter:
•Licensed feature—Permission to use a particular feature through a license file, a hardware object, or a legal contract. This permission is limited to the number of users, number of instances, time span, and the implemented switch.
•License expiry—The time span during which a licensed feature is valid. The software tracks all licenses and sends periodic alerts before shutting down the licensed feature.
•Counted license—The number of usage instances for a licensed feature.
•Licensed application—A software feature that requires a license to be used.
•License enforcement—A mechanism that prevents a feature from being used without first obtaining a license.
•Node-locked license—A license that can only be used on a particular switch using the switch's unique host ID.
•Host IDs—A unique chassis serial number that is specific to each Cisco MDS switch.
•Proof of purchase—A document entitling its rightful owner to use licensed feature(s) on one Cisco MDS switch as described in that document. Also known as the claim certificate.
•Product Authorization Key (PAK)—The PAK allows you to obtain a license key from one of the sites listed in the proof of purchase document. After registering at the specified website, you will receive your license key file and installation instructions through e-mail.
•License key file—A switch-specific unique file that specifies the licensed features. Each file contains digital signatures to prevent tampering and modification. License keys are required to use a licensed feature. License keys are enforced within a specified time span.
–License keys are required if your switch is running Cisco MDS SAN-OS Release 1.3 or later.
–License keys are not required to use licensed features in Cisco MDS SAN-OS Release 1.2 or earlier.
•Counted license—The number of licenses issued for a single feature (for example, FCIP). You can increase counted licenses (incremental licenses) should a need arise in the future.
•Incremental license—An additional licensed feature that was not in the initial license file. License keys are incremental—if you purchase some features now and others later, the license file and the software detect the sum of all features for the specified switch.
•Evaluation license—A temporary license. Evaluation licenses are time bound (valid for a specified number of days) and are not tied to a host ID (switch serial number).
•Permanent license—A license that is not time bound (does not have an expiry date) is called a permanent license.
•Grace period—The amount of time the features in a license package can continue functioning without a license.
•Support—If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Licensing Model
The licensing model defined for the Cisco MDS product line has two options:
•Feature-based licensing: features that are applicable to the entire switch. The cost varies based on a per-switch usage. Table 3-1 lists the feature-based license packages.
•Module-based licensing: features that require additional hardware modules. The cost varies based on a per-module usage. An example is the IPS-8 or IPS-4 module using the FCIP feature.
Table 3-1 Feature-Based Licenses
Feature License
|
Features
|
Standard package (free—no license required)
|
•FCP, SSH, SFTP, and iSCSI protocols
•Fabric manager and remote monitoring (RMON)
•VSANs, high availability, PortChannel, and zoning
•Fibre Channel Congestion Control (FCC)
•Virtual output queuing (VOQ)
•Diagnostics (SPAN, RSPAN, and FC Analyzer)
•SNMPv3, role-based access control, RADIUS
•Call Home and interoperability modes
•IP access control lists (ACLs)
•Terminal Access Controller Access Control System (TACACS+)
•Fabric Device Management Interface (FDMI)
•Internet Storage Name Service (iSNS) client.
|
Enterprise package
(ENTERPRISE_PKG)
|
•Enhanced security features:
–LUN zoning
–Read-only zones
–Port security
–VSAN-based access control
–Fibre Channel Security Protocol (FC-SP) authentication
•Advanced traffic engineering—Quality of Service (QoS)
•Enhanced VSAN routing—inter-VSAN routing
|
SAN extension over IP
(SAN_EXTN_OVER_IP)
|
•FCIP for the IPS-8 module
•FCIP compression for the IPS-8 module
•FCIP write acceleration for the IPS-8 module
|
SAN extension over IP
(SAN_EXTN_OVER_IP_IPS4)
|
•FCIP for the IPS-4 module
•FCIP compression for the IPS-4 module
•FCIP write acceleration for the IPS-4 module
|
Mainframe
(MAINFRAME_PKG)
|
•FICON protocol and CUP management
•FICON VSAN and intermixing
•Switch cascading
•Fabric binding
|
Fabric Manager Server
(FM_SERVER_PKG)
|
•Multiple physical fabric management
•Centralized fabric discovery services
•Continuous MDS health and event monitoring
•Long term historical Fibre Channel performance monitoring
•Performance reports and charting for hotspot analysis
|
Licensing High Availability
As with other Cisco MDS SAN-OS features, the licensing feature also maintains the following high availability standards for all switches in the Cisco MDS 9000 Family:
•Installing any license in any switch is a nondisruptive process.
•Installing a license automatically saves a copy of permanent licenses to the chassis in all switches.
•Enabling a license feature without a license key starts a counter on the grace period. You then have 120 days to install the appropriate license keys or disable the use of that feature. If at the end of the 120 day grace period the switch does not have a valid license key for the feature, the feature is automatically disabled by the switch.
Directors in the Cisco MDS 9500 Series have the following additional high availability features:
•The license software runs on both supervisor modules and provides failover protection.
•The license key file is mirrored on both supervisor modules. Even if both supervisor modules fail, the license file continues to function from the version that is available on the chassis.
Options to Install a License
If you have purchased a new switch through either your reseller or through Cisco Systems, you can:
•Obtain a factory-installed license (only applies to new switch orders).
•Perform a manual license Installation (applies to existing switches).
Obtaining a Factory-Installed License
You can obtain factory-installed licenses for a new switch.
To obtain a factory-installed license for a new Cisco MDS switch, follow these steps.
Step 1 Contact your reseller or Cisco representative and request this service.
Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Your switch is shipped with the required licenses installed in the system. The proof of purchase document is sent along with the switch.
Step 2 Obtain the host ID from the proof of purchase for future use.
Step 3 Start to use the switch and the licensed features.
Performing a Manual Installation
If you have existing switches or if you wish to install the licenses on your own, you must first obtain the license key file and then install that file in the switch (see Figure 3-1).
Figure 3-1 Obtaining a License Key File
Obtaining the License Key File
Note Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide for details on installing automated licenses using the Fabric Manager GUI.
To obtain new or updated license key files using the CLI, follow these steps.
Step 1 Use the show license host-id command to obtain the serial number for your switch. The host ID is also referred to as the switch serial number.
switch# show license host-id
License hostid: VDH=FOX064317SQ
Tip Use the entire ID that appears after the colon (:) sign. In this example, the host ID is VDH=FOX064317SQ.
Step 2 Obtain either your claim certificate or your proof of purchase document. This document accompanies every Cisco MDS switch.
Step 3 Get the product authorization key (PAK) from either the claim certificate or the proof of purchase document.
Step 4 Locate the website URL from either the claim certificate or the proof of purchase document.
Step 5 Access the specified URL that applies to your switch and enter the switch serial number and the PAK.
The license key file is sent to you by e-mail. The license key file is digitally signed to only authorize use on the requested switch. The requested features are also enabled once the Cisco SAN-OS software on the specified switch accesses the license key file.
Caution Install the license key file in the specified MDS switch without making any modifications.
A license is either permanent or it expires on a fixed date. If you do not have a license, the grace period for using that feature starts from the first time you start using a feature offered by that license (see the "License Expiry Alerts" section).
Step 6 Use the copy licenses command in EXEC mode to save your license file to one of two locations—the bootflash: directory or the slot0: device (see the "Backing Up License Files" section).
Installing the License Key File
Tip If you need to install multiple licenses in any switch in the Cisco MDS 9000 Family, be sure to provide unique file names for each license key file.
To install a license key file in any switch, follow these steps:
Step 1 Log into the switch through the console port of the active supervisor.
Step 2 Perform the installation by issuing the install license command on the active supervisor module from the switch console.
switch# install license bootflash:license_file.lic
Installing license ..done
Note If you provide a target name for the license key file, the file is installed with the specified name. Otherwise, the file name specified in the license key file is used to install the license.
Step 3 Exit the switch console and open a new terminal session to view all license files installed on the switch using the show license command.
INCREMENT MAINFRAME_PKG cisco 1.0 permanent uncounted \
NOTICE="<LicFileID></LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>" SIGN=EE9F91EA4B64
Note If the license meets all guidelines when the install license command is issued, all features and modules continue functioning as configured. This is true for any switch in the Cisco MDS 9000 Family.
Backing Up License Files
All installed license files can be backed up as a .tar file in the user specified location. Use the copy licenses command in EXEC mode to save your license file to one of three locations—the bootflash: directory or the slot0: device. The following example saves all licenses to a file named Enterprise.tar.
switch# copy licenses bootflash:/Enterprise.tar
Tip We recommend backing up your license files immediately after installing them and just before issuing a write erase command.
Caution If you erase any existing licenses, you can only install them using the
install license command.
Uninstalling Licenses
You can only uninstall a permanent license that is not in use. If you try to delete a permanent license that is currently being used, the software rejects the request and issues an error message. Uninstalling an unused license causes the grace period to come into effect. The grace period is counted from the first use of the feature without a license and is reset when a valid license file is installed.
Note Permanent licenses cannot be uninstalled if they are currently being used. Features turned on by permanent licenses must first be disabled, before that license is uninstalled.
Tip If you are using an evaluation license and would like to install a new permanent license, you can do so without service disruption and before the evaluation license expires. Removing an evaluation license immediately triggers a grace period without service disruption.
Caution Uninstalling a license requires the related features to first be disabled.
To uninstall a license, follow these steps:
Step 1 Save your running configuration to a remote server using the copy command (see the "Copying Files" section).
Step 2 Disable the features provided by the license to be uninstalled. Issue the show license usage package_name command to view the enabled features for a specified package.
switch# show license usage ENTERPRISE_PKG
Step 3 Issue the show license brief command in EXEC mode to view a list of all installed license key files and identify the file to be uninstalled. In this example, the file to be uninstalled is the Ficon.lic file.
switch# show license brief
Step 4 Uninstall the Ficon.lic file using the clear license filename command, where filename is the name of the installed license key file.
switch# clear license Ficon.lic
Clearing license Ficon.lic:
Step 5 Enter yes (yes is the default) to continue with the license update.
Do you want to continue? (y/n) y
The Ficon.lic license key file is now uninstalled.
Updating Licenses
If your license is time bound, you must obtain and install an updated license. Contact technical support to request an updated license.
Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
To update a license, follow these steps:
Step 1 Obtain the updated license file using the procedure described in the "Obtaining the License Key File" section.
Step 2 Save your running configuration to a remote server using the copy command (see the "Copying Files" section).
Step 3 Issue the show license brief command to verify the name of the file to be updated.
switch# show license brief
Step 4 Update the license file using the update license url command, where url specifies the bootflash:, slot0:, or volatile: directory location of the updated license file.
switch# update license bootflash:sanextn2.lic sanextn1.lic
# An example fcports license
INCREMENT SAN_EXTN_OVER_IP cisco 1.000 permanent 1 HOSTID=VDH=ABCD \
NOTICE=<LicFileID>san_extn1.lic</LicFileID><LicLineID>0</LicLineID> \
with bootflash:/sanextn2.lic:
# An example fcports license
INCREMENT SAN_EXTN_OVER_IP cisco 1.000 permanent 1 HOSTID=VDH=ABCD \
NOTICE=<LicFileID>san_extn2.lic</LicFileID><LicLineID>1</LicLineID> \
Step 5 Enter yes (yes is the default), to continue with the license update.
Do you want to continue? (y/n) y
The sanextn1.lic license key file is now updated.
License Expiry Alerts
The Cisco SAN-OS license counter keeps track of all licenses on a switch. Once an expiry period has started, you will receive console messages, SNMP traps, syslog error messages, and Call Home messages on a daily basis.
Beyond that, the frequency of these messages become hourly during the last seven days of the expiry time span. For example:
Your FICON license feature is scheduled to expire in 60 days. If today is December 1st, the license expires on January 30th. In this case, you will receive:
•Daily alerts from December 1st to January 23rd.
•Hourly alerts from January 24th to January 29th.
•From January 30th, the FICON feature runs without a license for a grace period of 120 days.
•From January 30th to May 21st, you receive daily alerts about the grace period usage.
•From May 22nd to May 30th, you receive hourly alerts about the grace period ending.
•On May 31st, the FICON feature is automatically turned off.
Note License expiry alerts cannot be configured.
Caution After the final seven days of the grace period, the feature is turned off and your network traffic may be disrupted. The grace period also applies to licensed features in Cisco MDS SAN-OS Release 1.2. While Cisco MDS SAN-OS Release 1.2 did not enforce licenses, any future upgrade will enforce license requirements and the 120-day grace period.
Grace Period Countdown
The grace period is set to 120 days, and the countdown starts or continues when either of the following two situations occur:
• You are evaluating a feature for which you have not purchased a license.
• You purchased a license that has reached its expiry date and you are still using the feature requiring that license.
License packages can contain several features.If you disable a feature during the grace period and there are other features in that license package which are still enabled, the clock does not stop for that license package. To suspend the grace period countdown for a licensed feature, you must disable every feature in that licence package.
License Transfers Between Switches
A license is specific to the switch for which it is issued and is not valid on any other switch. If you need to transfer a license from one switch to another, contact your customer service representative.
Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Displaying License Information
Use the show license commands to display all license information configured on this switch (see Examples 3-1 to 3-6).
Example 3-1 Displays Information About Current License Usage
switch# show license usage
Feature Installed License Status ExpiryDate Comments
------------------------------------------------------------------------------------------
FM_SERVER_PKG Yes - Unused never license missing
MAINFRAME_PKG No - Unused Grace Period 57days15hrs
ENTERPRISE_PKG Yes - InUse never -
SAN_EXTN_OVER_IP No 0 Unused -
SAN_EXTN_OVER_IP_IPS4 No 0 Unused
------------------------------------------------------------------------------------------
Example 3-2 Displays the List of Features in a Specified Package
switch# show license usage ENTERPRISE_PKG
Example 3-3 Displays the Host ID for the License
switch# show license host-id
License hostid: 1 VDH=FOX0646S017
Example 3-4 Displays All Installed License Key Files and their Contents
INCREMENT MAINFRAME_PKG cisco 1.0 permanent uncounted \
NOTICE="<LicFileID></LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>" SIGN=EE9F91EA4B64
INCREMENT MAINFRAME_PKG cisco 1.0 30-Dec-2003 uncounted \
NOTICE="<LicFileID></LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>" SIGN=EE9F91EA4B64
Example 3-5 Displays a List of Installed License Key Files
switch# show license brief
Example 3-6 Displays the Contents of a Specified License Key File
switch# show license file Permanent.lic
INCREMENT MAINFRAME_PKG cisco 1.0 permanent uncounted \
NOTICE="<LicFileID></LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>" SIGN=EE9F91EA4B64
1 VDH = Vendor Defined Host-ID—Use the entire ID that appears after the colon (:) sign.
Feedback
