In this article we will discuss Cisco IOS licensing and take a closer look at:
Old licensing model
New licensing model
IOS software license activation
The Cisco IOS software is a single file that is downloaded from the Cisco website, copied on the router or switch and then installed. This hasn’t changed for decades. What has changed is what is found in these images.
In the IOS context, each version corresponds to a major revision of the IOS software while each release only includes smaller changes to IOS.
Cisco builds software images separately for each routing and switching family and for each version and release.
Old Licensing Model
In the original packaging model, a software image was developed for each feature set combination. A feature set is a group of features that are related to each other. For instance, the voice feature set has features related only to voice and it is different from the security feature set.
The reason for having feature sets is that not all customers need all the possible feature sets that Cisco can provide on that specific platform.
There are a few feature sets that Cisco has support for. IOS software can have one or more feature sets integrated. This means that there can be multiple combinations to accommodate any customer feature requests. Then the customer will need to know exactly what feature plans to use to get the right image. This was the old way of providing the feature sets to customers.
New Licensing Model
In the new IOS packaging, Cisco built one image that has all the feature sets, though there will still be a different image for every platform family and for each version and release.
With the introduction of the Integrated Services Routers Generation 2 (ISR G2) series, the use of universal images with software activation was introduced as well. This means that users can download the universal image that has the basic feature set already activated. Then if they want to activate the security feature set, they will still use the same software image, but will need to install a license key to activate the additional feature set.
For ISR G2, the following are the four feature sets that can be used, including a short description of what they contain:
|ipbasek9 (IP Base)||Default feature set|
|datak9 (Data)||MPLS, routing protocols|
|uck9 (Unified Communications)||VoIP|
|security9k (Security)||IOS firewall, IDS, IPsec|
The licenses can be applied when the device is ordered so that when the customer receives it, the license will be already activated. The licenses can also be purchased later and activated when the customer realizes the need for another feature set.
IOS Software License Activation
There are two ways to manage software licensing on Cisco devices. One is by using Cisco License Manager and the other is by manually activating the licenses.
Usually, customers who have several devices whose licenses need to be managed use Cisco License Manager. This software can be installed on different operating systems and can do the following:
Communicates with Cisco’s Product License Registration Portal
Communicates with network devices to install licenses and activate the proper feature sets
This is more of a plug-and-play way to manage the licences and also allows you to look at detailed information about what licenses are installed on which devices.
The other method to install licenses is manually. To do this, you will need information from the device on which the feature set will be installed.
Each device that supports licensing has a unique identifier called Unique Device Identifier (UDI). The UDI is composed of the Product ID (PID) and serial number (SN).
Another component that comes into place when a license is installed is the Product Authorization Key (PAK). This is the proof that the license was purchased and it is used in combination with the UDI to provide the license file (via email or direct download from the Cisco website).
Basically these are the steps to install a license file:
At the Cisco Product License Registration Portal, provide the UDI and the PAK.
Download the license file.
Copy the license file to the router/switch.
Install the license on the router/switch.
Reload the router/switch to activate the license.
You can find the UDI of the device using the command “show license udi”:
R3#show license udi Device# PID SN UDI ----------------------------------------------------------------------------- *0 CISCO2911/K9 FTX1524P9QH CISCO2911/K9:FTX1524P9QH R3#
As you can see, this is a Cisco 2911 and you can see from the above output the PID and the SN.
To find out what feature sets you can install on the device, you need to use the command “show licence feature”:
R3#show license feature Feature name Enforcement Evaluation Subscription Enabled RightToUse ipbasek9 no no no yes no securityk9 yes yes no no yes datak9 yes no no no yes uck9 yes yes no no yes R3#
As you can see, we only have the ipbasek9 license installed which is the default.
If you want to know more about the license installed, you can use “show license detail” command to find what type of license it is and for how long you will be able to use it.
R3#show license detail Index: 1 Feature : ipbasek9 Version: 1.0 License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 0 Store Name: Primary License Storage Index: 2 Feature : securityk9 Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 208 weeks 2 days Evaluation period left: 208 weeks 2 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 0 Store Name: Evaluation License Storage ===== output cut ===== R3#
The above output was taken from Packet Tracer, but it is not that much different from the output from a real device. As you can see, the “security9k” feature set is an evaluation license and it is inactive.
There are two types of licenses: permanent and right to use licenses. Packet Tracer doesn’t support permanent license installation, not even as a test. The permanent ones are the licenses downloaded from the Cisco website and once they are installed, they will never expire. The right to use licenses are evaluation licenses. This means that you can install them for a predefined period of time so you can test the features from the feature set before deciding whether or not to purchase the license.
This is how you install a permanent license for the data9k feature set (you will need to have the file copied on a USB flash drive):
R2# license install usbflash1:FFTX1232R9QG_201504111644563170.lic Installing...Feature:datak9...Successful:Supported 1/1 licenses were successfully installed 0/1 licenses were existing licenses 0/1 licenses were failed to install R2# Apr 12 08:45:40.566: %LICENSE-6-INSTALL: Feature datak9 1.0 was installed in this device. UDI=CISCO2911/K9:FFTX1232R9QG; StoreIndex=1:Primary License Storage Apr 12 22:35:41.608: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c2900 Next reboot level = datak9 and License = datak9
After a reboot, you should see something similar when you are checking the details for the feature sets:
===== output cut ===== Index 4 Feature: datak9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium ===== output cut =====
As you can see, the license is active.
How do you install a right to use license? You will need to use this command and then choose the feature set that you want to test:
R3(config)#license boot module c2900 technology-package securityk9 ? disable disable the technology R3(config)# ===== output cut ===== ACCEPT? [yes/no]: yes % use 'write' command to make license boot config take effect on next boot %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = C2900 Next reboot level = securityk9 and License = securityk9 %LICENSE-6-EULA_ACCEPTED: EULA for feature securityk9 1.0 has been accepted. UDI=CISCO2911/K9:FTX1524P9QH; StoreIndex=0:Evaluation License Storage R3(config)#
The license will be added in the configuration file and it will be active after rebooting the device:
! license udi pid CISCO2911/K9 sn FTX1524P9QH license boot module c2900 technology-package securityk9 !
After the reboot, you can see that security9k is enabled and that it is an evaluation (right to use) license and not a permanent one.
R3#show license feature Feature name Enforcement Evaluation Subscription Enabled RightToUse ipbasek9 no no no yes no securityk9 yes yes no yes yes datak9 yes no no no yes uck9 yes yes no no yes R3#
These are the details about how long the license will be active (remember that this output was taken from Packet Tracer and the output from a real device might be slightly different).
Index: 2 Feature : securityk9 Version: 1.0 License Type: Evaluation License State: Active, In Use Evaluation total period: 208 weeks 2 days Evaluation period left: 208 weeks 2 days Period used: 0 minute 0 second License Count: Non-Counted License Priority: None Store Index: 0 Store Name: Evaluation License Storage
One other way to check what licenses are installed on the device is to use “show version” command and then look for this:
Technology Package License Information for Module:'c2900' ---------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ----------------------------------------------------------------- ipbase ipbasek9 Permanent ipbasek9 security securityk9 Evaluation securityk9 uc None None None data None None None
And that would be all on managing Cisco IOS licensing. We saw how the old software licensing model worked and how it differs from the current one. We saw how to install a permanent and right to use license on a Cisco 2900 platform.
Working with licenses is not a technically complicated job but rather an administrative burden. If you have many devices where licenses need to be installed, most likely Cisco License Manager will be your friend. Otherwise, you will have to use the manual approach and install the licenses one by one.
Cisco CCNA Routing and Switching ICND2 200-101 Official Cert Guide – Wendell Odom