Discussion:
[rancid] Cisco licenses
Roman Hochuli
2014-04-28 08:34:42 UTC
Permalink
Hello All

Did anyone ever considered to add 'sh license' for Cisco devices?

If so: how to handle devices that do not care about this command? Simply
ignore the lacking/erroring output?

Or better take care to only run this code on selected devices that a
known to support it. And if so how: what would be the best way to apply
that kind of filter (if possible at all in RANCID)?
--
Best regards,
Roman Hochuli
Operations Manager

nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg

Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent

Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
heasley
2014-04-28 16:19:50 UTC
Permalink
Post by Roman Hochuli
Hello All
Did anyone ever considered to add 'sh license' for Cisco devices?
If so: how to handle devices that do not care about this command? Simply
ignore the lacking/erroring output?
Or better take care to only run this code on selected devices that a
known to support it. And if so how: what would be the best way to apply
that kind of filter (if possible at all in RANCID)?
an example? its already collected on junos and iosxr.
Roman Hochuli
2014-04-29 18:15:58 UTC
Permalink
Hello Heasly
Post by heasley
an example? its already collected on junos and iosxr.
Routers having the licensing ability react for example this way:

--snip
Router#show license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 CISCO2901/K9 FCZXXXXXXXX CISCO2901/K9:FCZXXXXXXXX

Router# show license feature
Feature name Enforcement Evaluation Subscription Enabled
RightToUse
ipbasek9 no no no yes no
securityk9 yes yes no yes
yes
uck9 yes yes no no
yes
datak9 yes yes no yes
yes
gatekeeper yes yes no no
yes
SSL_VPN yes yes no no
yes
ios-ips-update yes yes yes no
yes
SNASw yes yes no no
yes
hseck9 yes no no no no
cme-srst yes yes no no
yes
WAAS_Express yes yes no no
yes
UCVideo yes yes no no
yes

Router# show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: uck9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: datak9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 5 Feature: gatekeeper
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 7 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 8 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: hseck9
Index 10 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 11 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 12 Feature: UCVideo
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None

Router# show license detail
Index: 1 Feature: SNASw Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 6
Store Name: Built-In License Storage
Index: 2 Feature: SSL_VPN Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: 0/0 (In-use/Violation)
License Priority: None
Store Index: 4
Store Name: Built-In License Storage
Index: 3 Feature: UCVideo Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 9
Store Name: Built-In License Storage
Index: 4 Feature: WAAS_Express Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 8
Store Name: Built-In License Storage
Index: 5 Feature: cme-srst Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: 0/0 (In-use/Violation)
License Priority: None
Store Index: 7
Store Name: Built-In License Storage
Index: 6 Feature: datak9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 0
Store Name: Primary License Storage
Index: 7 Feature: datak9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 2
Store Name: Built-In License Storage
Index: 8 Feature: gatekeeper Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 3
Store Name: Built-In License Storage
Index: 9 Feature: ios-ips-update Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 5
Store Name: Built-In License Storage
Index: 10 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 2
Store Name: Primary License Storage
Index: 11 Feature: securityk9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 1
Store Name: Primary License Storage
Index: 12 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 0
Store Name: Built-In License Storage
Index: 13 Feature: uck9 Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 1
Store Name: Built-In License Storage

Router#
--snap


Routers not having that ability react like this:
--snip
Router# show license
^
% Invalid input detected at '^' marker.

Router#
--snap
--
Best regards,
Roman Hochuli
Operations Manager

nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg

Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent

Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
Bob Brunette
2014-04-29 18:55:39 UTC
Permalink
On Cisco ASA¹s, the command is ³show activation-key². Here is what the
output looks like on an ASA configured for failover:
firewall# show activation-key
Serial Number: FCHxxxxxxxx
Running Permanent Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn
0xnnnnnnnn 0xnnnnnnnn
Running Timebased Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn
0xnnnnnnnn 0xnnnnnnnn

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 7 3 days
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2500 3 days
AnyConnect Essentials : 2500 perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled 3 days
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 52 3 days
Total UC Proxy Sessions : 52 3 days
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Enabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual

This platform has an ASA5545 VPN Premium license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 9 3 days
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2500 3 days
AnyConnect Essentials : 2500 perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 54 3 days
Total UC Proxy Sessions : 54 3 days
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Enabled perpetual
Cluster : Enabled perpetual

This platform has an ASA5545 VPN Premium license.

The Running Activation Key feature: 5000 AnyConnect Premium sessions
exceed the limit on the platform, reduced to 2500 AnyConnect Premium
sessions.

The flash permanent activation key is the SAME as the running permanent
key.

Active Timebased Activation Key:
0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn
Encryption-3DES-AES : Enabled 3 days

Security Contexts : 5 3 days

AnyConnect Premium Peers : 2500 3 days

AnyConnect for Mobile : Enabled 3 days

AnyConnect for Cisco VPN Phone : Enabled 3 days

Total UC Proxy Sessions : 50 3 days

AnyConnect Essentials : 1 3 days

IPS Module : Enabled 3 days







Bob Brunette
Post by Roman Hochuli
Hello Heasly
Post by heasley
an example? its already collected on junos and iosxr.
--snip
Router#show license udi
Device# PID SN UDI
--------------------------------------------------------------------------
---
*0 CISCO2901/K9 FCZXXXXXXXX CISCO2901/K9:FCZXXXXXXXX
Router# show license feature
Feature name Enforcement Evaluation Subscription Enabled
RightToUse
ipbasek9 no no no yes
no
securityk9 yes yes no yes
yes
uck9 yes yes no no
yes
datak9 yes yes no yes
yes
gatekeeper yes yes no no
yes
SSL_VPN yes yes no no
yes
ios-ips-update yes yes yes no
yes
SNASw yes yes no no
yes
hseck9 yes no no no
no
cme-srst yes yes no no
yes
WAAS_Express yes yes no no
yes
UCVideo yes yes no no
yes
Router# show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: uck9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: datak9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 5 Feature: gatekeeper
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 7 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 8 Feature: SNASw
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 9 Feature: hseck9
Index 10 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 11 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 12 Feature: UCVideo
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Router# show license detail
Index: 1 Feature: SNASw Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 6
Store Name: Built-In License Storage
Index: 2 Feature: SSL_VPN Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: 0/0 (In-use/Violation)
License Priority: None
Store Index: 4
Store Name: Built-In License Storage
Index: 3 Feature: UCVideo Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 9
Store Name: Built-In License Storage
Index: 4 Feature: WAAS_Express Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 8
Store Name: Built-In License Storage
Index: 5 Feature: cme-srst Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: 0/0 (In-use/Violation)
License Priority: None
Store Index: 7
Store Name: Built-In License Storage
Index: 6 Feature: datak9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 0
Store Name: Primary License Storage
Index: 7 Feature: datak9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 2
Store Name: Built-In License Storage
Index: 8 Feature: gatekeeper Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 3
Store Name: Built-In License Storage
Index: 9 Feature: ios-ips-update Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 5
Store Name: Built-In License Storage
Index: 10 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 2
Store Name: Primary License Storage
Index: 11 Feature: securityk9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 1
Store Name: Primary License Storage
Index: 12 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 0
Store Name: Built-In License Storage
Index: 13 Feature: uck9 Version: 1.0
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 1
Store Name: Built-In License Storage
Router#
--snap
--snip
Router# show license
^
% Invalid input detected at '^' marker.
Router#
--snap
--
Best regards,
Roman Hochuli
Operations Manager
nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg
Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent
Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
heasley
2014-04-30 00:39:21 UTC
Permalink
Post by Bob Brunette
On Cisco ASA¹s, the command is ³show activation-key². Here is what the
firewall# show activation-key
Serial Number: FCHxxxxxxxx
Running Permanent Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn
0xnnnnnnnn 0xnnnnnnnn
Running Timebased Activation Key: 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn
0xnnnnnnnn 0xnnnnnnnn
i dont have ASAs/PIXs. i presume the second column is fixed; what is the
third column?
Post by Bob Brunette
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 7 3 days
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2500 3 days
AnyConnect Essentials : 2500 perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled 3 days
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 52 3 days
Total UC Proxy Sessions : 52 3 days
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Enabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5545 VPN Premium license.
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 300 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 9 3 days
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2500 3 days
AnyConnect Essentials : 2500 perpetual
Other VPN Peers : 2500 perpetual
Total VPN Peers : 2500 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 54 3 days
Total UC Proxy Sessions : 54 3 days
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Enabled perpetual
Cluster : Enabled perpetual
This platform has an ASA5545 VPN Premium license.
The Running Activation Key feature: 5000 AnyConnect Premium sessions
exceed the limit on the platform, reduced to 2500 AnyConnect Premium
sessions.
The flash permanent activation key is the SAME as the running permanent
key.
0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn 0xnnnnnnnn
Encryption-3DES-AES : Enabled 3 days
Security Contexts : 5 3 days
AnyConnect Premium Peers : 2500 3 days
AnyConnect for Mobile : Enabled 3 days
AnyConnect for Cisco VPN Phone : Enabled 3 days
Total UC Proxy Sessions : 50 3 days
AnyConnect Essentials : 1 3 days
IPS Module : Enabled 3 days
Loading...