[c-nsp] IOS-XE Smart licensing

Hank Nussbacher hank at interall.co.il
Wed Feb 24 09:46:20 EST 2021

On 24/02/2021 13:28, Dave Bell wrote:

Thanks.  I was afraid of that.

Based on:

It appears to be using http (not https?) to connect to:

Seriously?!  No https?

And is it only gonna connect to or will other IPs try to 
connect?  So should I create some ACL to *only* allow to 
protect my routers?

What have others done?


> I believe it's required that it must stay there.
> You can run an on-prem version of the manager which your routers can 
> call in to. This will then call into Cisco for you.
> https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html 
> <https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html>
> It's all a massive pain. We have kit that randomly stops calling in, and 
> generates angry messages in dashboards.
> The sneaky alternative is that it's all honour based anyway (at least 
> for the range we are using). Just let it sit in eval mode and move on 
> with your life.
> Regards,
> Dave
> On Wed, 24 Feb 2021 at 11:22, Hank Nussbacher <hank at interall.co.il 
> <mailto:hank at interall.co.il>> wrote:
>     So we bought a bunch of ASR1009x along with IOS-XE and are encountering
>     the joy of Smart licensing.
>     Once we have our license established, do we need to leave the
>     "call-home" section?
>     To me it screams "security violation" and something I'd like to
>     permanently disable after getting the license activated.
>     Or does Cisco like to have their routers constantly ping the mothership
>     in regards to the licensing?
>     Regards,
>     Hank
>     _______________________________________________
>     cisco-nsp mailing list cisco-nsp at puck.nether.net
>     <mailto:cisco-nsp at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/cisco-nsp
>     <https://puck.nether.net/mailman/listinfo/cisco-nsp>
>     archive at http://puck.nether.net/pipermail/cisco-nsp/
>     <http://puck.nether.net/pipermail/cisco-nsp/>

More information about the cisco-nsp mailing list