[Cisco] What to do when CSSM offline is adopted [Smart License]

Switch
2021.10.30

Target environment

  • C9000 series switches
    • IOS-XE 17.3.2 or later

[Smart License] CSSM Offline

IOS-XE 17.3.2 and later C9000 series switches use a new mechanism called Smart Licensing Using Policy to manage licenses.

There are several license management methods for Smart Licensing Using Policy, but I think the most commonly used method is one of the following.

  • CSSM Online
  • CSSM Offline

If you want to run the device in an environment with internet connection, you will use CSSM online, otherwise you will use CSSM offline.

The following describes what to do as an engineer when CSSM offline is adopted.

CSSM offline support flow

(1) Obtain the report file by outputting the report on the Cisco device and transferring the report file to a TFTP server or the like.

(2) The engineer sends the report file to the end user, requesting the end user to upload the report file and export the Ack file on the Cisco account management system.
*If there is an intermediary, ask the intermediary.

(3) Receive an Ack file from the end user.

(4) Transfer the Ack file from the TFTP server etc. to the Cisco device, and import the Ack file on the Cisco device.

This completes the response.

In the case of a stack configuration, the above measures are taken after the stack configuration. In this case, only one report file is output, and the reports for each stack are recorded in one file. Similarly, there is only one Ack file.

Specific measures for Cisco device

The corresponding procedure is as follows.

  1. Transport mode settings
  2. License level setting (if needed)
    • Reboot required after changing settings
  3. Report file output
  4. Import Ack file
  5. Check status

Transport mode settings

The transport mode is cslu by default, but if you are CSSM offline, change it to off.

  • (config)# license smart transport off
C9000(config)# license smart transport off

License level setting

Change the license level of the device as needed.

  • (config)# license boot level <Network-license> [addon <DNA-license>]

Since the license level change will be reflected after restarting, restart the device after changing the setting.

C9000(config)# license boot level network-essentials addon dna-essentials

Report file output

Output the report file in privileged mode with the following command.

  • # license smart save usage all file flash:<file-name>
    • <file-name>:Any file name. The extension is .txt

The report file is output in flash. The content of the report is in XML format.

The file name is arbitrary, but I think it would be nice to have a name that can identify which device the report is from.

C9000# license smart save usage all file flash:C9000_cssm_offline_report.txt

After the report is output, it will be transferred to a TFTP server, etc.

C9000# copy flash:C9000_cssm_offline_report.txt tftp://10.1.10.4

Import Ack file

This is the method of importing after receiving the Ack file from the end user.

First, transfer the Ack file from the TFTP server, etc. to the Cisco device.

C9000# copy tftp://10.1.10.4/C9000_cssm_offline_ack.txt flash:

After transferring the Ack file, execute the following command on the Cisco device to import the Ack file.

  • # license smart import flash:<file-name>
    • <file-name>:Ack file name
C9000# license smart import flash:C9000_cssm_offline_ack.txt
Import Data Successful

Check status

To check the status, check Usage Reporting: for show license status or show license all.

The display before importing Ack is as follows.

Usage Reporting:
  Last ACK received: <none> '<---------'
  Next ACK deadline: Mmm dd hh:mm:ss 2021 UTC '<---------'
  Reporting push interval: 30  days
  Next ACK push check: <none>
  Next report push: Mmm dd hh:mm:ss 2021 UTC
  Last report push: <none>
  Last report file write: <none>

The display after importing Ack is as follows.

Usage Reporting:
  Last ACK received: Mmm dd hh:mm:ss 2021 UTC '<---------'
  Next ACK deadline: Mmm dd hh:mm:ss 2022 UTC '<---------'
  Reporting push interval: 30  days
  Next ACK push check: <none>
  Next report push: Mmm dd hh:mm:ss 2021 UTC
  Last report push: <none>
  Last report file write: <none>

As shown above, the date and time when the Ack import was executed is displayed in Last ACK received:. Also, the display of Next ACK deadline: is updated.

That’s all for CSSM offline support.

CSSM offline may require regular manual operation

When using only Network license

The Network license is an Unenforced/Non-Export and Perpetual type license.

The policies that apply to this type of license eliminate the need for regular reports after the initial report.

When using a DNA license

The DNA license is an Unenforced/Non-Export and Subscription type license.

According to the policy applicable to this type of license, the reporting deadline comes every 90 days, which requires regular reporting operations every 90 days.

Cisco Device Configuration Information Summary
IOS How to check the ios version recommended by Cisco C9300 Series Switch IOS Version Upgrade Procedure Which one should...
network-knowledge.work
2021.11.01
スポンサーリンク

Comments

Copied title and URL