In this article we will discuss Cisco IOS licensing and take a closer look at:

  • Old licensing model
  • New licensing model
  • IOS software license activation

The Cisco IOS software is a single file that is downloaded from the Cisco website, copied on the router or switch and then installed. This hasn’t changed for decades. What has changed is what is found in these images.

In the IOS context, each version corresponds to a major revision of the IOS software while each release only includes smaller changes to IOS.

Cisco builds software images separately for each routing and switching family and for each version and release.

Old Licensing Model

In the original packaging model, a software image was developed for each feature set combination. A feature set is a group of features that are related to each other. For instance, the voice feature set has features related only to voice and it is different from the security feature set.

The reason for having feature sets is that not all customers need all the possible feature sets that Cisco can provide on that specific platform.

There are a few feature sets that Cisco has support for. IOS software can have one or more feature sets integrated. This means that there can be multiple combinations to accommodate any customer feature requests. Then the customer will need to know exactly what feature plans to use to get the right image. This was the old way of providing the feature sets to customers.

New Licensing Model

In the new IOS packaging, Cisco built one image that has all the feature sets, though there will still be a different image for every platform family and for each version and release.

With the introduction of the Integrated Services Routers Generation 2 (ISR G2) series, the use of universal images with software activation was introduced as well. This means that users can download the universal image that has the basic feature set already activated. Then if they want to activate the security feature set, they will still use the same software image, but will need to install a license key to activate the additional feature set.

For ISR G2, the following are the four feature sets that can be used, including a short description of what they contain:

Feature Set Description
ipbasek9 (IP Base) Default feature set
datak9 (Data) MPLS, routing protocols
uck9 (Unified Communications) VoIP
security9k (Security) IOS firewall, IDS, IPsec

The licenses can be applied when the device is ordered so that when the customer receives it, the license will be already activated. The licenses can also be purchased later and activated when the customer realizes the need for another feature set.

IOS Software License Activation

There are two ways to manage software licensing on Cisco devices. One is by using Cisco License Manager and the other is by manually activating the licenses.

Usually, customers who have several devices whose licenses need to be managed use Cisco License Manager. This software can be installed on different operating systems and can do the following:

  • Communicates with Cisco’s Product License Registration Portal
  • Communicates with network devices to install licenses and activate the proper feature sets

This is more of a plug-and-play way to manage the licences and also allows you to look at detailed information about what licenses are installed on which devices.

The other method to install licenses is manually. To do this, you will need information from the device on which the feature set will be installed.

Each device that supports licensing has a unique identifier called Unique Device Identifier (UDI). The UDI is composed of the Product ID (PID) and serial number (SN).

Another component that comes into place when a license is installed is the Product Authorization Key (PAK). This is the proof that the license was purchased and it is used in combination with the UDI to provide the license file (via email or direct download from the Cisco website).

Basically these are the steps to install a license file:

  • At the Cisco Product License Registration Portal, provide the UDI and the PAK.
  • Download the license file.
  • Copy the license file to the router/switch.
  • Install the license on the router/switch.
  • Reload the router/switch to activate the license.

You can find the UDI of the device using the command “show license udi”:

R3#show license udi 

Device#   PID                   SN              UDI

-----------------------------------------------------------------------------

*0        CISCO2911/K9          FTX1524P9QH     CISCO2911/K9:FTX1524P9QH

R3#

As you can see, this is a Cisco 2911 and you can see from the above output the PID and the SN.

To find out what feature sets you can install on the device, you need to use the command “show licence feature”:

R3#show license feature 

Feature name      Enforcement  Evaluation  Subscription   Enabled  RightToUse

ipbasek9          no           no          no             yes      no

securityk9        yes          yes         no             no       yes

datak9            yes          no          no             no       yes

uck9              yes          yes         no             no       yes



R3#

As you can see, we only have the ipbasek9 license installed which is the default.

If you want to know more about the license installed, you can use “show license detail” command to find what type of license it is and for how long you will be able to use it.

R3#show license detail 

Index: 1        Feature : ipbasek9                          Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: Non-Counted

        License Priority: Medium

        Store Index: 0

        Store Name: Primary License Storage

Index: 2        Feature : securityk9                        Version: 1.0

        License Type: Evaluation

        License State: Inactive

            Evaluation total period: 208 weeks 2 days

            Evaluation period left: 208 weeks 2 days

            Period used: 0  minute  0  second

        License Count: Non-Counted

        License Priority: None

        Store Index: 0

        Store Name: Evaluation License Storage
===== output cut =====
R3#

The above output was taken from Packet Tracer, but it is not that much different from the output from a real device. As you can see, the “security9k” feature set is an evaluation license and it is inactive.

There are two types of licenses: permanent and right to use licenses. Packet Tracer doesn’t support permanent license installation, not even as a test. The permanent ones are the licenses downloaded from the Cisco website and once they are installed, they will never expire. The right to use licenses are evaluation licenses. This means that you can install them for a predefined period of time so you can test the features from the feature set before deciding whether or not to purchase the license.

This is how you install a permanent license for the data9k feature set (you will need to have the file copied on a USB flash drive):

R2# license install usbflash1:FFTX1232R9QG_201504111644563170.lic

Installing...Feature:datak9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install

R2#
Apr 12 08:45:40.566: %LICENSE-6-INSTALL: Feature datak9 1.0 was installed in this device. UDI=CISCO2911/K9:FFTX1232R9QG; StoreIndex=1:Primary License Storage
Apr 12 22:35:41.608: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c2900 Next reboot level = datak9 and License = datak9

After a reboot, you should see something similar when you are checking the details for the feature sets:

===== output cut =====
Index 4 Feature: datak9
	   Period left: Life time
	   License Type: Permanent
	   License State: Active, In Use
	   License Count: Non-Counted
	   License Priority: Medium
===== output cut =====

As you can see, the license is active.

How do you install a right to use license? You will need to use this command and then choose the feature set that you want to test:

R3(config)#license boot module c2900 technology-package securityk9 ?

  disable  disable the technology

  

R3(config)#

===== output cut =====

ACCEPT? [yes/no]: yes

% use 'write' command to make license boot config take effect on next boot

%IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = C2900 Next reboot level = securityk9 and License = securityk9

%LICENSE-6-EULA_ACCEPTED: EULA for feature securityk9 1.0 has been accepted. UDI=CISCO2911/K9:FTX1524P9QH; StoreIndex=0:Evaluation License Storage



R3(config)#

The license will be added in the configuration file and it will be active after rebooting the device:

!

license udi pid CISCO2911/K9 sn FTX1524P9QH

license boot module c2900 technology-package securityk9

!

After the reboot, you can see that security9k is enabled and that it is an evaluation (right to use) license and not a permanent one.

R3#show license feature 

Feature name      Enforcement  Evaluation  Subscription   Enabled  RightToUse

ipbasek9          no           no          no             yes      no

securityk9        yes          yes         no             yes      yes

datak9            yes          no          no             no       yes

uck9              yes          yes         no             no       yes



R3#

These are the details about how long the license will be active (remember that this output was taken from Packet Tracer and the output from a real device might be slightly different).

Index: 2        	        Feature : securityk9                        Version: 1.0
		        License Type: Evaluation
		        License State: Active, In Use
		        Evaluation total period: 208 weeks 2 days
		        Evaluation period left: 208 weeks 2 days
		        Period used: 0  minute  0  second
		        License Count: Non-Counted
		        License Priority: None
		        Store Index: 0
		        Store Name: Evaluation License Storage

One other way to check what licenses are installed on the device is to use “show version” command and then look for this:

Technology Package License Information for Module:'c2900'



----------------------------------------------------------------

Technology    Technology-package          Technology-package

              Current       Type          Next reboot

-----------------------------------------------------------------

ipbase        ipbasek9      Permanent     ipbasek9

security      securityk9    Evaluation    securityk9

uc            None          None          None

data          None          None          None

And that would be all on managing Cisco IOS licensing. We saw how the old software licensing model worked and how it differs from the current one. We saw how to install a permanent and right to use license on a Cisco 2900 platform.

Working with licenses is not a technically complicated job but rather an administrative burden. If you have many devices where licenses need to be installed, most likely Cisco License Manager will be your friend. Otherwise, you will have to use the manual approach and install the licenses one by one.

References:

  1. Cisco CCNA Routing and Switching ICND2 200-101 Official Cert Guide – Wendell Odom