Les licences IOS sous CISCO

Article de blog | Finger In The Net

 

INTRODUCTION


 

IOSInternetwork Operating System

Un IOS est un système d’exploitation développé par CISCO pour les équipements CISCO.

 

 

 

Les anciens IOS



Problématique pour CISCO :

– Pas assez rentable car facilement duplicable.

Vérification : 

Router# show version

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1
, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team

ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.
System returned to ROM by power-on
System image file is "c2800nm-advipservicesk9-mz.124-15.T1.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
239K bytes of NVRAM.
62720K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102

 

 

Les nouveaux IOS



Lorsque l’on achète un équipement actif CISCO, il est fourni avec un IOS propre à la série de l’équipement. Cet IOS est un IOS dit “IP BASE“.

Nous pouvons lui rajouter 3 modules différents :

DATA
VOICE (pour activer les fonctions liées à la VOIP)
SECURITY (pour activer les fonctions de cryptologies)

Router# show version

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, 
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thurs 5-Jan-12 15:41 by pt_team
ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
cisco2901 uptime is 33 seconds
System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.151-1.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2901/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FTX152400KS
2 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249856K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device#     PID                 SN
-------------------------------------------------
*0          CISCO2901/K9        FTX1524C7FA

Technology Package License Information for Module:'c2900'

----------------------------------------------------------------
Technology   Technology-package         Technology-package
             Current       Type         Next reboot
-----------------------------------------------------------------
ipbase       ipbasek9      Permanent    ipbasek9
security     None          None         None
uc           None          None         None
data         None          None         None

Configuration register is 0x2102

 

Router# show license

Index 1 Feature: ipbasek9
  Period left: Life time
  License Type: Permanent
  License State: Active, In Use
  License Count: Non-Counted
  License Priority: Medium

Index 2 Feature: securityk9
  Period left: Not Activated
  Period Used: 0 minute 0 second
  License Type: EvalRightToUse
  License State: Not in Use, EULA not accepted
  License Count: Non-Counted
  License Priority: None

Index 3 Feature: uck9
  Period left: Not Activated
  Period Used: 0 minute 0 second
  License Type: EvalRightToUse
  License State: Not in Use, EULA not accepted
  License Count: Non-Counted
  License Priority: None

Index 4 Feature: datak9
  Period left: Not Activated
  Period Used: 0 minute 0 second
  License Type: EvalRightToUse
  License State: Not in Use, EULA not accepted
  License Count: Non-Counted
  License Priority: Medium

Nous voulons mettre en place un tunnel IPSEC entre deux routeurs. Avec l’IP Base, nous pouvons monter un tunnel GRE mais nous ne pouvons pas lui appliquer de la cryptologie. Nous avons besoin du package “Security“.

Pour ce faire nous allons contacter un CISCO Reseller pour acheter ce package.

Ce dernier va nous fournir un numéro PKT (Product Authorization Key).

Il faudra se connecter sur le site cisco.com, et fournir le numéro PKT ainsi que le numéro UDI.

Le numéro UDI se récupère via la commande “show licence udi”.

Router# show license udi
Device#        PID             SN             UDI
-------------------------------------------------------------------
*0             CISCO2901/K9    FTX1524C7FA    CISCO2951/K9:FTX1524C7FA

 

PID = Product ID
SN = Serial Number
UDI = Unique Device Identifier

UDI = PID : SN (ExempleCISCO2951/K9:FTX162883H0)

CISCO va vérifier si le PKT n’est pas déjà lié avec un autre UDI. Si ce n’est pas le cas, il va générer et nous envoyer notre licence.

 

Il nous reste plus qu’à l’installer :

Router# license install usbflash1:FTX1524C7FA_201703171233752126.lic
Installing...Feature:securityk9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install

Feb 11 22:35:20.786: %LICENSE-6-INSTALL: Feature securityk9 1.0 was installed in 
this device. UDI=CISCO2901/K9:FTX1524C7FA; StoreIndex=1:Primary License Storage
Aug 10 21:31:21.038: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name=
c2900 Next reboot level = securityk9 and License = securityk9
Router# reload

Dès que notre routeur à redémarrer, il ne nous reste plus qu’à vérifier si l’installation c’est bien passé :

Router# show license

Index 1 Feature: ipbasek9
  Period left: Life time
  License Type: Permanent
  License State: Active, In Use
  License Count: Non-Counted
  License Priority: Medium

Index 2 Feature: securityk9
  Period left: Life time
  License Type: Permanent
  License State: Active, in Use
  License Count: Non-Counted
  License Priority: None

Index 3 Feature: uck9
  Period left: Not Activated
  Period Used: 0 minute 0 second
  License Type: EvalRightToUse
  License State: Not in Use, EULA not accepted
  License Count: Non-Counted
  License Priority: None

Index 4 Feature: datak9
  Period left: Not Activated
  Period Used: 0 minute 0 second
  License Type: EvalRightToUse
  License State: Not in Use, EULA not accepted
  License Count: Non-Counted
  License Priority: Medium

 

 

Cisco Licence Manager



Cisco licence Manager (CLM)  est un logiciel CISCO qui permet de gérer toutes les licences CISCO du parc informatique. Il est gratuit.

Cliquer ici pour le télécharger => ICI (cisco.com)
Cliquer ici pour voir la procédure d’installation => ICI (cisco.com)

 

 

ET VOILA !


 

En espérant avoir pu vous aidez !

N’hésitez pas si vous avez des questions ou si vous avez des informations à apporter !!

 

FingerInTheNet

Tu veux débloquer l'intégralité du site et avoir accès à notre formation CCNA 200-301 ?

Noël NICOLAS

Auteur de l'article

Expert Réseau
15 ans d’expérience
CCNP Routing and Switching
Fondateur du site FingerInTheNet

Eric JOUFFRILLON

Co-auteur de l'article

Expert SATCOM
Technicien Réseau
17 ans d’éxpérience déploiement réseau SATCOM
Spécialisé LFN (Long Fat Network).Diffusion vidéo et QOS.

CURSUS DE FORMATION

Administrateur Réseau