IOS Licensing

This topic is to discuss the following lesson:

Dear Rene, excellent explanation! Thanks a lot!
Can you please explain why, after activating security tech package and accepting EULA, the sh lic output of shows ‘License State: Not in Use, EULA not accepted’.? Why ‘not in use’? And why 'eula not accepted?
Thank you!
A.

Dear Adrian,

I’d have to check it but I think this is because it is an evaluation license we are using.

Rene

Dear Rene,

How Could I know if IOS support BFD or it need License . in what category BFD exist ?

Dear Abdelrahman,

Take a look at Cisco’s feature navigator. You can use it to find supported features/protocols on different models/IOS versions.

Rene

Hi Rene,

I have quite understand.
If I have older devices, for example 18xx series.
How I can find the best images for this devices. As you say, I can download it free. This one right or not?
But if I have devices 19xx, 29xx,39xx,… series, we have the universal sets in this image by default.
If I want to add more features sets, I have to buy and active it later. If I dont buy this features, I have evaluation period (60 days)for all features (ipbasek9, securityk9, uck9, gatekeeper,SSL_VPN,LI, IOS-IPS-UPDATE, SNASw ,hseck9, WAAS_Express )?

Thanks

Hi net2@net.com,

The older IOS routers like the 18xx series use different IOS images, depending on the feature sets you need. Here’s an example:

The Advanced Enterprise Services is the image that has everything. Cisco’s problem with the older images is probably that it was too easy to run IOS images that you didn’t pay for. You could find the latest advanced enterprise services image, upload it to your router and that’s it. With the new system, you have to use a license key to unlock new features.

If you want to find the latest image for your router, then it’s best to check the Cisco.com support section. You’ll need a CCO account to download images; they are not free.

The 19xx, 29xx and 39xx series use the universal images. You’ll have to buy the license key before you can unlock their features (or use the evaluation period).

Rene

Roughly what cost are we looking at for a licence? What does an older IOS cost?

Hi Matt,

Licenses are quite expensive. For example, here’s the Cisco 1941 with IP Base:

And here’s the security license for it:

http://www.amazon.com/Security-E-Delivery-PAK-Cisco-1900/dp/B003DXZWDG

Rene

Hi Rene,
Please can you explain License Count and License Priority.
Also let me know if there any difference EvalRightToUse and RightToUse.

Thanks,
Pradeep

Hello Pandeep!

License Count gives you the number of licenses available and the number in use for a “countable” feature. For example, if the license is for SSL VPNs, then the license count will display something like this:

License Count: 200/0/0 (Active/In-use/Violation)

This tells you how many active licenses you have, in this case you can create up to 200 SSL VPNs, how many are in use, currently 0, and how many are in violation, i.e., over and above the licensed number. In cases where the feature is not countable, for example, a voice Gatekeeper or an ios-ips, then the license count will look something like this:

License Count: Non-Counted

License priority is used in the following scinarios: When you have several licenses available for example, datak9, securityk9 and uck9, not all licenses will be active. The license with the highest priority will be chosen and activated. You are able to go in and change the priority of specific features in order to cause them to be active. If for whatever reason a high priority feature cannot be activated, (license expiry for example) then the next highest priority feature is loaded. The priority can be changed using the license modify priority command.

Right To Use (RTU) licensing just simplifies software licensing process. It allows allows you to order and activate a specific license type and level via command line. EvalRightToUse or ERTU on the other hand is a license that allows you to use a feature for a limited time for evaluation purposes.

I hope this has been helpful!

Laz

Hi Lazaros,
For evaluation license, i think if the period has expired, the license will still active until a reload is occurred to the router.
Is that right?

hi Mahmoud,

As Rene has explained on the lesson, when the evaluation license is expired the feature(s) won’t be disabled and Cisco expect its customers to behave and not take advantage of it.
With reloading a router which has an expired evaluation license, you may get an output on the router like this:

Router# reload

 The following license(s) are expiring or have expired.
 Features with expired licenses may not work after Reload.
 Feature: uc,Status: expiring, Period Left: 4  wks 2  days

 Proceed with reload? [confirm]

So it is always recommended to purchase the PAK from Cisco once the evaluation license is expired to keep the feature active.

Hope I could answer your question.

Hi Maher,
let me clarify some thing, because i faced this issue before an i opened a TAC case with cisco team.

for examole (cme-srst license)–for voice enabled router-- it is (right to use ) and you can enable it on the router and the router will show you that it is evaluation license and will expire after 8 weeks but it will be continue and never expired even if the router is reloaded.

for example (seck9 license), it is evaluation license and not Right to use. you can enable it on the router but it will expire after 8 weeks. so you must purchase a license for seck9 feature.

Hello again Mahmoud

What you describe for the voice and security licenses makes sense. Keep the following in mind:

RTU or Right to Use licenses are licenses that use the “honour system” that is, they will always function even if their evaluation period has expired. This follows Cisco’s traditional IOS licensing scheme where the license is not tied down to a serial number or UDI (Unique Device Identifier). This is why even after a reboot, the feature continues to function.

Evaluation licenses can be enabled, but they will expire after the evaluation period. The functionality will stop working after the evaluation period is over. As you state, the feature must be purchased in order to continue using it.

I hope this has been helpful!

Laz

1 Like

One thing I have struggled with since completing my CCNA and going into the real world as a Network Engineer is dealing with Licensing as a topic and how it applies in the real world. I have come to realize that Cisco Licensing isn’t the easiest and there are plenty of gotcha’s that I have had to deal with.

One Example is that I recently had to RMA a Router that had MPLS configuration on it. I was able to load the correct iOS (as I had learnt about this previously on my CCNA) but soon after got stuck because none of the MPLS commands would work on the replacement device. After contacting Cisco TAC I was advised that most of the IOS-XE versions for Enterprise customers are universal and it all comes down to the license thats applied to each machine. All it took to resolve the MPLS issue was to change the license with a line of code that I wasn’t familiar with or had experience with.

If I ever see a Licensing Lesson on Networklessons.com I’ll be crying with joy! I spent an hour or so in a Data Centre last night troubleshooting iOS images when it was simply a license command that would have done the job.

Hello Jonathan

Be joyful my friend! :stuck_out_tongue: There is a licensing lesson on NetworkLessons. Here’s the link:


I know, I know, it may not be as detailed as what you need, or it may not cover some of the topics that you described above, but it’s an excellent start. It gives you the basics of how licensing works for Cisco. Now if you have a suggestion to enrich this topic or to have some licensing subtopics included, I suggest you go to the Member Ideas page where you can make your suggestion and also vote for the suggestions that others have made as well.

I hope this has been helpful!

Laz

Hello team!
What are the differences between the Cisco Catalyst 2960 LAN Base and LAN Lite switches? Please clarify me. Thanks.

Hello Boris

For Cisco switches, there are four general categories: LAN Lite, LAN Base, IP Base, and IP Services. Each of these increases in features in the order stated. So LAN Base is a superset of LAN Lite, IP Base is a superset of LAN Base, and so on. In order to get the full details of the differences between them, you can take a look at the Cisco feature navigator.

In general, LAN Lite has some layer 2 features such as VLANs, STP, trunks, DTP, and VTP, but doesn’t support private VLANs for example. It has no Layer 3 functionality at all, and is capable of very basic security and QoS features. LAN base on the other hand has support for a redundant power system (RPS), Layer 2 to 4 ACLs, DHCP snooping, as well as 802.1x support. Extensive queuing features for QOS such as policing, class and policy maps, and AutoQoS. It also supports an increased number of VLANs and MLD snooping for IPv6.

I hope this has been helpful!

Laz

1 Like

Hello Laz.
Thank you very much!

1 Like