[Cisco Firepower(ASA)] How to deal with Smart Licensing [Offline/PLR]

Operation confirmation environment

• Firepower 2100 series
  • ASA OS 9.16.x

Smart Licensing Support in Firepower

Firepower also requires license management with Smart Licensing.

Like other Cisco models, it has both online and offline options, but be aware that the method also differs depending on whether the Firepower uses his ASA or FTD OS.

As of March 2023, other models do not support the mainstream Smart Licensing Using Policy, so basically it will be an old-fashioned smart licensing method.

The following describes Smart Licensing workarounds in Firepower for the following conditions:

• ASA OS
• Offline method

Understanding Offline Method in Firepower (ASA OS)

For other Cisco models, the offline method in the old smart licensing method was the license reservation method (SLR: Specific License Reservation).

However, in Firepower (ASA OS), SLR is not available.

Instead, it is necessary to use a method called PLR (Permanent License Reservation).

In order to adopt PLR, a special license is required. Therefore, if you choose to use this method, you must ensure that the appropriate licenses have been purchased.

PLR processing flow

PLR handling procedure details

① Enabling Smart License Reservation on the device

Enable Smart License Reservation by executing the following command in global configuration mode.

• ciscoasa(config)# license smart reservation

② Issuing a Reservation Request Code on the device

Issue the request code by executing the following command in privileged mode.

• ciscoasa# license smart reservation request universal

Execution example:

ciscoasa# license smart reservation request universal
Enter this request code in the Cisco Smart Software Manager portal:
UDI: PID:FPR-2100,SN:JADxxxxxxxx
    Request code: CB-ZFPR-1010:JADxxxxxxxx-BhfSxxxxx-xx

The Request code: above is the Reservation Request Code.

③ Issuing a Reservation Authorization Code with CSSM

Distribute the Reservation Request Code issued in step 2 to the customer.

Then ask the customer to enter the Reservation Request Code on CSSM to get the Reservation Authorization Code.

④ Enter Reservation Authorization Code on device

After receiving the Reservation Authorization Code from the customer, execute the following command.

• ciscoasa(config)# license smart reservation install <Reservation Authorization Code>

If the code is successfully submitted, the prompt will return without any particular log output.

Check the current license status with the show license all command.

⑤ Activate the function on the device

Here is an example of activating only the standard Tier Standard license.

Configure with the following command.

1. ciscoasa(config)# license smart
2. ciscoasa(config-smart-lic)# feature tier standard
3. ciscoasa(config-smart-lic)# end

This completes the PLR handling.

Check license status

Check the status with the show license all command.

References

CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.16 - Licenses: Smart Software Licensing [Cisco Secure Firewall ASA]

Licenses:SmartSoftwareLicensing

www.cisco.com

Firepower(ASA) Configuration Information Summary

Telnet/SSHmanagementaccesssettingsandnotesonFirepower(ASA)Firepower(ASA)ConfigurationTipsHowtodealwithSmartLicensing

network-knowledge.work

2022.11.03