Licenses and Licensing Models

Feature Information for Available Licenses and Licensing Models

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Available Licenses

This section lists all the licenses that are available on Cisco Catalyst 8000 Edge Platforms Family, usage guidelines, and ordering considerations.

Device# show license summary

Account Information:
Smart Account: Eg-SA As of Dec 03 15:26:02 2021 UTC
Virtual Account: Eg-VA

License Usage:
 License Entitlement Tag Count Status
 ---------------------------------------------------------------------------
 network-advantage_T2 (NWSTACK_T2_A) 1 IN USE

Guidelines for Using an HSECK9 License

The HSECK9 license is tied to the chassis. Therefore, one HSECK9 license is required for each chassis UDI where you want to use cryptographic functionality.

An HSECK9 license requires authorization before use. This authorisation is provided by a Smart Licensing Authorization Code (SLAC), which you must install on the device. You must install a SLAC for each HSECK9 license you use. A SLAC is generated in and obtained from CSSM. How you obtain SLAC from CSSM depends on the topology you have implemented. For more information, see Installing SLAC for an HSECK9 License, on page 25.

Once SLAC is installed, enter the show license authorization command in privileged exec mode, to confirm. If SLAC is installed, the status field displays: SMART AUTHORIZATION INSTALLED on <timestamp>. For example:

Device# show license authorization
Overall status:
Active: PID:C8300-1N1S-4T2X,SN:FDO2250A0J5
Status: SMART AUTHORIZATION INSTALLED on Dec 03 08:24:35 2021 UTC
Last Confirmation code: 418b11b3

Authorizations:
 Router US Export Lic. for DNA (DNA_HSEC):
 Description: U.S. Export Restriction Compliance license for DNA based Routers
 Total available count: 1
 Enforcement type: EXPORT RESTRICTED
 Term information:
 Active: PID:C8300-1N1S-4T2X,SN:FDO2250A0J5
 Authorization type: SMART AUTHORIZATION INSTALLED
 License type: PERPETUAL
 Term Count: 1

Purchased Licenses:
 No Purchase Information Available

Cisco CUBE License

A Cisco Unified Border Element License (Cisco UBE license) does not require any boot level configuration before you enable it. After purchase, you can refer to the configuration guide to configure the available Cisco UBE features.

For information about the features available with a Cisco UBE license, see the Cisco Unified Border Element Configuration Guide for the required release at: https://www.cisco.com/c/en/us/support/unified-communications/unified-border-element/products-installation-and-configuration-guides-list.html.

For information about supported platforms and about purchasing a Cisco UBE license, see the datasheet at: https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/data-sheet-c78-729692.html.

You must order a Cisco UBE license separately if required. It is not automatically included with any other license.

For information about how to report usage of a Cisco UBE license, see Smart Licensing Using Policy for Cisco Enterprise Routing Platforms. In the context of this licensing model, a Cisco UBE license is an unenforced license.

Cisco Unified CME License

A Cisco Unified Communications Manager Express License (Cisco Unified CME license) does not require any boot level configuration before you enable it. After purchase, you can refer to the configuration guide to configure the available features.

For information about the features available with a Cisco Unified CME license, see the Cisco Unified Communications Manager Express System Administrator Guide.

For information about supported platforms and about purchasing a Cisco Unified CME license, see the datasheet at: https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-express/datasheet-c78-744069.html.

You must order a Cisco Unified CME license separately if required. It is not automatically included with any other license.

For information about how to report usage of a Cisco Unified CME license, see Smart Licensing Using Policy for Cisco Enterprise Routing Platforms. In the context of this licensing model, a Cisco Unified CME license is an unenforced license.

Cisco Unified SRST License

A Cisco Unified Survivable Remote Site Telephony License (Cisco Unified SRST license) does not require any boot level configuration before you enable it. After purchase, you can refer to the configuration guide to configure the available Unified SRST features.

For information about the features available with a Cisco Unified SRST license, see the Cisco Unified SCCP and SIP SRST System Administrator Guide (All Versions).

For information about supported platforms and about purchasing a Cisco Unified SRST license, see the datasheet at: https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-express/datasheet-c78-744069.html.

You must order a Cisco Unified SRST license separately if required. It is not automatically included with any other license.

Throughput

For information about how to report usage of a Unified SRST license, see Smart Licensing Using Policy for Cisco Enterprise Routing Platforms. In the context of this licensing model, a Unified SRST license is an unenforced license.

The throughput tells you how much data is allowed to be transferred on the device. You can configure this value in the autonomous mode. Data is then transmitted (Tx) and received (Rx) at the configured rate. If you don't explicitly configure a throughput, default throughput is effective.

Throughput as a Numeric Value

To display current throughput configuration on the device:

• For physical platforms enter the show platform hardware throughput crypto privileged EXEC command.
• For virtual platforms enter the show platform hardware throughput level privileged EXEC command.

Depending on whether your license PID has a numeric throughput value, or tier-based throughput value, refer to the corresponding section below for further details.

This refers to a numeric value (10M, 15M, 250M, 1G, and so on) that is configured as throughput.

The numeric throughput value you are entitled to is in the license PID and it is bi-directional. It is the maximum throughput that is allowed in each direction (Tx and Rx). The aggregate throughput is the sum of the throughput in both directions and therefore double the bi-directional throughput.

For example, if the license PID is DNA-C-10M-E-3Y, 10 Mbps is the bi-directional throughput, and the throughput value you configure on the device. It means that a maximum of 10 Mbps can be transmitted and 10 Mbps can be received. The aggregate throughput available is 20 Mbps.

Starting with Cisco IOS XE Cupertino 17.8.1a, throttling behaviour has changed as follows: Only on physical platforms, and for throughput levels greater than 250 Mbps, when you configure a throughput value on the device, aggregate throughput throttling is effective. This means that traffic is throttled in an aggregate manner irrespective of the distribution of Tx and Rx traffic.

Starting with Cisco IOS XE Cupertino 17.9.1a, throttling behaviour has changed as follows: On virtual platforms, for all throughput levels, when you configure a bidirectional throughput value on the device, aggregate throughput throttling is effective. This enhancement does not change the throttling behaviour that has always been applicable to virtual platforms: any throttling applies only to Tx data. Rx data is always unthrottled.

? If the aggregate for the throughput level you configure on a virtual platform is greater than 250 Mbps, aggregate throttling is not effective unless an HSECK9 license is available on the device (that is, SLAC is installed).

▶️ Example: Throttling when throughput is greater than 250 Mbps

Let us suppose that you order license PID DNA-C-500M-A-3Y. This means that 500 Mbps is the bi-directional throughput and 1Gbps is the aggregate throughput. The release-wise configuration and behaviour is as follows:

• Until Cisco IOS XE Cupertino 17.7.x, on physical and virtual platforms: If you configure a throughput of 500 Mbps on the device, the maximum Tx throughput available is 500 Mbps and the maximum Rx throughput is 500 Mbps. (Except on virtual platforms, where Rx is not throttled.)
• From Cisco IOS XE Cupertino 17.8.1a: On physical platforms, if you configure a throughput of 500 Mbps on the device, a maximum of 1 Gbps Tx and 0 Mbps Rx, or, 100 Mbps Tx and 900 Mbps Rx or any other ratio within the aggregate 1 Gbps throughput limit, is supported. On virtual platforms, if you configure a throughput of 500 Mbps on the device, a maximum of 500 Mbps Tx throughput is supported. Rx is not throttled.

Throughput and System Hardware Throttling Specifications in the Autonomous Mode

From Cisco IOS XE Cupertino 17.9.1a:

• On physical platforms, throughput throttling behaviour described above (starting with 17.8.1a) continues to apply.
• On virtual platforms, if you configure a throughput of 500 Mbps on the device, a maximum of 1 Gbps Tx throughput is supported. Rx continues to remain unthrottled.

▶️ Example: Throttling when throughput is equal to or lesser than 250 Mbps

Let us suppose that you order license PID DNA-C-250M-A-3Y. This means that 250 Mbps is the bi-directional throughput, and 500 Mbps is the aggregate throughput. The release-wise configuration and behaviour is as follows:

• Until Cisco IOS XE Cupertino 17.8.x, on physical and virtual platforms: If you configure a throughput of 250 Mbps on the device, the maximum Tx throughput supported is 250 Mbps and the maximum Rx throughput is 250 Mbps - it is not aggregated. (Except on virtual platforms where Rx is not throttled.)
• From Cisco IOS XE Cupertino 17.9.1a, only on virtual platforms, if you configure a throughput of 250 Mbps on the device, the aggregate amounts to 500 Mbps, which requires an HSECK9 license. If you have installed SLAC for the HSECK9 license, then the maximum Tx throughput available is 500 Mbps. Rx throughput continues to remain unthrottled. By contrast, if you configure a throughput of 100 Mbps on a virtual device, then the maximum Tx throughput available is 200 Mbps. Rx throughput remains unthrottled.

? On C8200-1N-4T-L, if you configure a numeric value of 250 Mbps, a maximum of 250 Mbps is available in each direction. But if you configure a tier-based value (T2), 500 Mbps is available for use in any Tx and Rx ratio.

The recommended way to arrive at the required throughput for your network is to first calculate the aggregate throughput (Tx and Rx) and divide that by 2 to arrive at the bidirectional throughput value. Finally, select the license PID that is equal to or greater than the bidirectional throughput (tier-based or numeric).

The tables below provide throughput specifications for all devices in the Cisco Catalyst 8000 Edge Platforms Family:

? Separate tables are provided for throughput specifications in the autonomous mode and SD-WAN controller mode.

Throughput and System Hardware Throttling Specifications in the Autonomous Mode

• Supported throughputs: All the throughput values you can configure on the device. These are the only throughput values you can configure on the specified device. The column heading also mentions the default throughput for a PID.
• Hardware throttled throughput: The throttling limit imposed by the system's hardware, for a supported throughput level. This column in the tables below tell you if hardware is throttled for each supported throughput level and what that hardware throttled level is. Where the value is listed as unthrottled, it means that throughput is not throttled even if you configure a limit.
• Require HSECK9?: Indicates if a supported throughput level requires an HSECK9 license (anything lesser than or equal to 250 Mbps does not require HSECK9).
• Supported Release & Throughput Throttling Behavior: This column provides a few different details. The applicable release for the specified throttling behaviour, if what is finally available is bi-directional or aggregate, and if the throughput being referred to is encrypted or unencrypted. Note that throughput always refers to encrypted throughput for physical platforms; for for virtual platforms it is both, encrypted and unencrypted.

Throughput and System Hardware Throttling Specifications in the SD-WAN Controller Mode

Throughput as a Tier

Tier-based throughput configuration is supported starting with Cisco IOS XE Cupertino 17.7.1a.

A tier represents a throughput level. Starting with the lowest throughput level, the available tiers are Tier 0 (T0), Tier 1 (T1), Tier 2 (T2), and Tier 3 (T3). T2 and higher tiers require an HSECK9 license.

The tier-based throughput value you are entitled to is in the license PID and it is bi-directional. It is the maximum throughput that is allowed in each direction (Tx and Rx). The aggregate throughput is the sum of the throughput in both directions and therefore double the bi-directional throughput.

For example, if the license PID is DNA-C-T0-A-3Y, T0 is the bi-directional throughput, and the throughput value you configure on the device. When you configure this value, T0 Tx and T0 Rx, is supported. See table Tier and Numeric Throughput Mapping, on page 18 for information about how numeric throughput values are mapped to tiers and the DNA licenses that are available with each tier.

Note the following:

• All tiers are not available with all Cisco DNA licenses. For example, T3 is not available with the Network Essentials and DNA-Essentials licenses. This also means that if you have T3 as the configured throughput, you cannot change the boot level license to Network Essentials and DNA Essentials. The Tier and Numeric Throughput Mapping, on page 18 table clarifies this.
• Different platforms support different maximum throughput levels, therefore each tier means a different value for different platforms. For example, T2 means 1G throughput for C8300-2N2S-4T2, 500M for C8200-1N-4T, and 250M for C8200-1N-4T-L. The Tier and Numeric Throughput Mapping, on page 18 table clarifies this.

Starting with Cisco IOS XE Cupertino 17.8.1a, throttling behaviour has changed as follows: Only on physical platforms, and when you configure T2 or highter tiers, aggregate throughput throttling is effective. This means that traffic is throttled in an aggregate manner irrespective of the distribution of Tx and Rx traffic.

Starting with Cisco IOS XE Cupertino 17.9.1a, throttling behaviour has changed as follows: On virtual platforms, when you configure a tier (any tier), aggregate throughput throttling is effective. This enhancement does not change the throttling behaviour that has always been applicable to virtual platforms: any throttling applies only to Tx data. Rx data is always unthrottled.

▶️ Example: Throttling when throughput is T2 or a higher tier

Let us suppose that you order license PID DNA-C-T2-A-3Y. With T2, the bi-directional throughput can be upto 1 Gbps and the aggregate throughput can be upto 2 Gbps. The release-wise configuration and behaviour is as follows:

• Until Cisco IOS XE Cupertino 17.7.x, on physical and virtual platforms: You configure T2 on the device, and depending on the device, a maximum of up to 1 Gbps Tx and up to 1 Gbps Rx throughput is supported. Except on virtual platforms where Rx is not throttled.
• From Cisco IOS XE Cupertino 17.8.1a: On physical platforms if you configure T2, depending on the device, up to 2 Gbps of aggregate throughput is available for use in any Tx and Rx ratio.
• From Cisco IOS XE Cupertino 17.9.1a: On physical platforms, the throughput throttling behaviour described above (starting with 17.8.1a) continues to apply. On virtual platforms, if you configure T2, up to 2 Gbps of aggregate throughput is supported. Accordingly, Tx is throttled at the aggregate level and Rx continues to remain unthrottled.

? On C8200-1N-4T-L, if you configure T2, 500 Mbps is available for use in any upstream and downstream ratio. But if you configure a numeric value of 250M, a maximum of 250 Mbps is available in each direction.

▶️ Example: Throttling when throughput is T0 or T1

Let us suppose that you order license PID DNA-C-T1-A-3Y. With T1, 100 Mbps is the bi-directional throughput, 200 Mbps is the aggregate throughput. The release-wise configuration and behaviour is as follows:

• Until Cisco IOS XE Cupertino 17.8.x, on physical and virtual platforms: if you configure a throughput of T1 on the device. A maximum of 100 Mbps Tx and 100 Mbps Rx throughput is available. (Except on virtual platforms where Rx is not throttled).
• From Cisco IOS XE Cupertino 17.9.1a, only on virtual platforms, if you configure a throughput of T1 on the device, Tx is throttled to a maximum of 200 Mbps. Rx continues to remain unthrottled.

Numeric vs. Tier-Based Throughput Configuration

With the introduction of tier-based throughput configuration in Cisco IOS XE Cupertino 17.7.1a, when you configure throughput on the device, both numeric and tier-based options are available. This section provides information about when to configure a numeric throughput value and when to configure tier-based throughput.

Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses. All the license PIDs you purchase are listed in the CSSM Web UI at: https://software.cisco.com → Manage licenses. Log in to the portal and in the corresponding Smart Account and Virtual Account, navigate to Inventory > Licences, to display the numeric and tier-based licenses in the account. Figure 1: Numeric and Tier Values Displayed in the CSSM Web UI, on page 21 shows you how to distinguish between the two.

• If you purchase a numeric license PID, the license is displayed with the numeric throughput value and tier-based value in the CSSM Web UI. For such a license, we recommend that you configure only a numeric throughput value. See Configuring a Numeric Throughput, on page 26.
• If you purchase a tier-based license PID, the license is displayed with only the tier value in the CSSM Web UI. For such a license, you can either configure a tier-based throughput value to match the display in the CSSM Web UI, or you can configure a numeric throughput value. See Configuring a Tier-Based Throughput, on page 29 or Configuring a Numeric Throughput, on page 26.

? There is no functional impact if you have tier-based license PID in CSSM and you configure a numeric throughput value on the device.

The following scenarios further clarify when you can convert from numeric to tier-based throughput configuration, or from tier-based throughput configuration to numeric, when conversion is required, and when it is optional:

• You have configured a numeric throughput value on the device and the license PID is a numeric license: You must not convert to tier-based throughput value.
• You have configured a numeric throughput value on the device and the license PID is a tier-based license: You can convert the throughput configuration to tier-based value - but this is optional. There is no functional impact if you do not convert to a tier-based throughput value. If you want to convert to a tier-based value, see Converting From a Numeric Throughput Value to a Tier, on page 33
• You are upgrading to a release where tier-based throughput values are supported and the license PID is tier-based: You can convert the throughput to tier-based value after upgrade - but this is optional. There is no functional impact if you do not convert to a tier-based throughput value. See Upgrading from a Release Supporting Numeric Throughput to a Release Supporting Tiers, on page 36.
• You are upgrading to a release where tier-based throughput values are supported, and your license PID is numeric: You must not convert to a tier-based throughput value.
• You are downgrading to a release where only numeric throughput values are supported and your license PID and throughput configuration are tier-based: You must change configuration to a numeric throughput value, before you downgrade. See Downgrading from a Release Supporting Tiers to a Release Supporting Only Numeric Throughput, on page 37.

How to Configure Available Licenses and Throughput

This section provides information about the tasks you must complete, for the licenses available on the Cisco Catalyst 8000 Edge Platforms Family - before you can start using them.

For a Cisco DNA license: Configure a Boot Level License → Configure Numeric or Tier-Based Throughput → Implement a Smart Licensing Using Policy Topology → Report License Usage (If Applicable).

For an HSECK9 license: Configure a Boot Level License → Implement a Smart Licensing Using Policy Topology → Install SLAC¹ → Enable HSECK9 on applicable platforms²→ Configure Numeric or Tier-Based Throughput → Report License Usage (If Applicable).

For a Cisco UBE, or Cisco Unified CME, or Cisco Unified SRST license: Implement a Smart Licensing Using Policy Topology → Report License Usage (If Applicable).

¹ If a SLAC has been factory-installed by Cisco manufactory (in case of new hardware), skip this step

² Enter the license feature hseck9 command in global configuration mode for Catalyst 8200, and 8300 Series Edge Platforms only.