[c-nsp] Re-licensing secondhand Cisco equipment

Tony td_miles at yahoo.com
Tue Jan 7 19:12:44 EST 2014


I can confirm getting software from TAC due to a PSIRT vulnerability as well, it's not usually too much trouble (although more hassle than just being able to download it).


We had the strange situation where an EOL piece of kit was out of maintenance and past the date for adding maintenance to it. We needed a software update for it but could NOT purchase maintenance for it (we tried !) and so could not download the file via Cisco website.


Found a PSIRT issue that was revelant to the box in question and then opened a case with TAC referencing this and eventually got the software we needed.


Be prepared to refer the TAC person to the PSIRT website and get the case referred to the PSIRT team as a couple of TAC people just said "no maintenance, no free software upgrade". It took for the director of PSIRT to intervene and kick some heads and then TAC gave us a download for the software.



In terms of transferring licenses on a product that is re-sold (ie. purchase something from ebay), Cisco are fine with this as long as the license isn't a separately purchased product, it's the one that came with the hardware.


http://www.cisco.com/en/US/prod/cisco_software_transfer_relicensing_policy.html


Although you are supposed to provide "prior written notice to Cisco of a transfer permitted under the Exceptions section", wonder how many people do this ?



regards,
Tony.


________________________________
 From: Nick Hilliard <nick at foobar.org>
To: Chris Marget <chris at marget.com>; Andrew Miehs <andrew at 2sheds.de> 
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net> 
Sent: Wednesday, 8 January 2014 9:13 AM
Subject: Re: [c-nsp] Re-licensing secondhand Cisco equipment
 

On 07/01/2014 22:54, Chris Marget wrote:
> FWIW, it seems that the security fixes might be available for free, so long
> as Cisco PSIRT recognizes a vulnerability in a particular bit of software.
> ...But the document describing that process suggests calling TAC, which
> doesn't usually go well if the serial number of the device isn't covered by
> a support contract...
> http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

This works and I've done it.  There are two main limitations: first, the
caller needs to be the registered owner of the device.  Second, the fix
will usually be from the same or nearest train for the box.  No support
contract is needed.

Nick


More information about the cisco-nsp mailing list