ManualsPro Cisco CISCO SD-WAN Catalyst Manage HSEC Licenses User Guide

CISCO SD-WAN Catalyst Manage HSEC Licenses User Guide

June 15, 2024
Cisco

CISCO SD-WAN Catalyst Manage HSEC Licenses

CISCO-SD-WAN-Catalyst-Manage-HSEC-Licenses-product

Product Information

Specifications

  • Feature Name: Manage HSEC Licenses
  • Release Information: Cisco IOS XE Catalyst SD-WAN Release 17.9.2a, Cisco vManage Release 20.9.2
  • Requirements: An HSEC license is required for devices to support encrypted traffic throughput of 250 Mbps or higher
  • Supported Devices: HSEC-compatible Cisco IOS XE Catalyst SD-WAN devices

Product Usage Instructions

Information About Managing HSEC Licenses

  • Devices that use the Smart Licensing Using Policy and need to support encrypted traffic throughput of 250 Mbps or greater require an HSEC license. This is a requirement of US export control regulation.
  • You can use Cisco SD-WAN Manager to install HSEC licenses. Cisco SD-WAN Manager contacts the Cisco Smart Software Manager (SSM) to obtain a smart license authorization code (SLAC) for loading onto a device, enabling the HSEC license.

Figure 1: Cisco SD-WAN Manager Requests HSEC Licenses for Devices (not shown)

Workflow:

  1. Synchronize license information between Cisco Smart Software Manager (SSM) and Cisco SD-WAN Manager for all HSEC-compatible devices. See “Synchronize HSEC Licenses, Online Mode” and “Synchronize HSEC Licenses, Offline Mode”.
  2. Install the HSEC licenses on the desired devices. See “Install HSEC Licenses”.

Benefits of Managing HSEC Licenses

  • Cisco SD-WAN Manager consolidates license management tasks, including HSEC license installation. It eliminates the need to install HSEC licenses individually using CLI.
  • For information on managing Smart Licensing Using Policy for devices in the network, refer to “Manage Licenses for Smart Licensing Using Policy”.

FAQ

Restrictions for Managing HSEC Licenses

  • Restriction: Installing HSEC licenses using Cisco SD-WAN Manager does not query devices to determine if they already have an HSEC license installed. If you install an HSEC license on a device without using Cisco SD-WAN Manager, the manager will not account for that license and will continue to list the device as eligible for an HSEC license. If you use Cisco SD-WAN Manager to install the same HSEC license that has already been installed outside of the manager, there will be no change to the license. If you use Cisco SD-WAN Manager to install a different HSEC license on the device, the device will have two HSEC licenses installed.
  • Uninstalling an HSEC license: Cisco SD-WAN Manager does not support uninstalling an HSEC license from a device. To release the license for use elsewhere, contact Cisco TAC for assistance. If you uninstall the HSEC license from a device with assistance from TAC, the Cisco SD-WAN Manager will not be able to correctly report the HSEC license status for the device.

Note
To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, and Cisco vSmart to Cisco Catalyst SD-WAN Controller. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Table 1: Feature History

Feature Name Release Information Description
Manage HSEC Licenses Cisco IOS XE Catalyst SD-WAN Release 17.9.2a

Cisco vManage Release 20.9.2

| This feature enables you to install high security (HSEC) licenses on devices managed by Cisco SD-WAN Manager. An HSEC license is required to enable devices to support encrypted traffic throughput of 250 Mbps or higher.

Information About Managing HSEC Licenses

Devices that use Smart Licensing Using Policy, and that must support an encrypted traffic throughput of 250 Mbps or greater, require an HSEC license. This is a requirement of US export control regulation. You can use Cisco SD- WAN Manager to install HSEC licenses. Cisco SD-WAN Manager contacts Cisco Smart Software Manager (SSM), which provides a smart license authorization code (SLAC) to load onto a device. Loading the SLAC on a device enables an HSEC license.

Figure 1: Cisco SD-WAN Manager Requests HSEC Licenses for Devices

CISCO-SD-WAN-Catalyst-Manage-HSEC-Licenses-fig-1

Use the following workflow:

  1. Synchronize license information between Cisco Smart Software Manager (SSM) and Cisco SD-WAN Manager for all HSEC-compatible devices.
    See Synchronize HSEC Licenses, Online Mode, on page 4 and Synchronize HSEC Licenses.

  2. Install the HSEC licenses on the desired devices.
    See Install HSEC Licenses.

Benefits of Managing HSEC Licenses

  • By addressing numerous license-related tasks, including the installation of HSEC and other licenses, the Cisco SD-WAN Manager consolidates the workflow for license management. Installing HSEC licenses using Cisco SD-WAN Manager makes it unnecessary to install HSEC licenses individually by CLI.
  • For information about managing Smart Licensing Using Policy for devices in the network, see Manage Licenses for Smart Licensing Using Policy.

Supported Devices for Managing HSEC Licenses

  • HSEC-compatible Cisco IOS XE Catalyst SD-WAN devices

Prerequisites for Managing HSEC Licenses

  • Cisco SSM account with the required licenses.
  • HSEC-compatible devices are available in the Cisco SD-WAN Manager device list.
  • Synchronizing license information between Cisco SSM and Cisco SD-WAN Manager requires one of the following:
    • Online method: Internet access for Cisco SD-WAN Manager.The  Cisco SD-WAN Manager must be able to connect to Cisco SSM.
    • Offline method: Access to your Cisco SSM account through an internet-connected web browser.

Restrictions for Managing HSEC Licenses

Restriction Description
Installing HSEC licenses using Cisco SD-WAN Manager Cisco SD-WAN Manager does

not query devices to determine whether they have an HSEC license installed. If you install an HSEC license on a device without using Cisco SD-WAN Manager, then Cisco SD-WAN Manager does not account for that license, and continues to list the device as eligible for an HSEC license. If you use Cisco

SD-WAN Manager to install the same HSEC license that has already been installed outside of Cisco SD-WAN Manager, there is no change to the license. If you use Cisco SD-WAN Manager to install a different HSEC license on the device, the device will have two HSEC licenses installed.

You can use the show license authorization command on a device to check whether the device has an HSEC license installed.

Uninstalling an HSEC license| Cisco SD-WAN Manager does not support uninstalling an HSEC license from a device. If you need to do this to release the license for use elsewhere, contact Cisco TAC for assistance. If you uninstall the HSEC license from a device with assistance from TAC, the Cisco SD-WAN Manager will not be able to correctly report the HSEC license status for the device.
Generic HSEC entitlement tag| The introduction of Cisco Digital Network Architecture (Cisco DNA) licensing changed how entitlement tags work for HSEC licenses. Instead of tagging licenses according to a router model (for example, ISR_4331_Hsec), HSEC licenses are generic, tagged as DNA_HSEC.

Note This change does not apply to the Cisco Catalyst 8000V.

For devices using Cisco IOS XE Release 17.6.1a or later, use an HSEC license with a generic DNA_HSEC entitlement tag rather than a license tagged according to the router model. However, if you have an HSEC license tagged according to a specific router model, you can use one of the following workarounds to use the license with Cisco IOS XE Release 17.6.1a or later or to convert the license:

•  Option 1: Install a smart license authorization code (SLAC) for a device- specific HSEC license in offline mode. To do this, use the procedures described in the following sections of Smart Licensing Using Policy for Cisco Enterprise Routing Platforms :

Generating and Downloading SLAC from CSSM to a File Installing a File on the Product Instance

•  Option 2: Convert a device-specific HSEC license to a DNA_HSEC license, as follows:

1. Order a DNA-HSEC-UPGD= license, at no charge, from the Cisco Commerce Workspace.

2. Convert the device-specific HSEC license to a DNA_HSEC license, using the Converting a Device-Specific HSECK9 License procedure described in Smart Licensing Using Policy for Cisco Enterprise Routing Platforms.

3. Install an SLAC on the device to enable you to use the DNA_HSEC license.

•  Option 3: Downgrade the device to a release earlier than Cisco IOS XE Release 17.6.1a, install the HSEC license, then upgrade the Cisco IOS XE software to a later release. The router continues to use the installed HSEC license.

---|---

Synchronize HSEC Licenses, Online Mode

Information about synchronizing HSEC licenses in the online mode.

Before You Begin

  • This procedure requires the Cisco SD-WAN Manager to have internet access. If the Cisco SD-WAN Manager does not have internet access, such as for security reasons, use the Synchronize HSEC Licenses, Offline Mode procedure.
  • This procedure requires entering credentials for your Cisco Smart Account

Synchronize HSEC Licenses, Online Mode

  1. From the Cisco SD-WAN Manager menu, choose Workflows > Workflow Library.

  2. Click the Sync and Install HSEC Devices workflow.

  3. Click Sync Licenses and then click Next.

  4. Click Online and then click Next.

  5. Enter the credentials for your Cisco SSM account and then click Next.

  6. On the HSEC Device Activation Overview page, click Next.

  7. On the Select Virtual Account page, choose a virtual account from the drop-down list. The list is populated by the Cisco SSM account that you logged into in a previous step.

  8. On the Select HSEC-Compatible Devices page, select the devices on which you want to install an HSEC license and then click Summary.
    Note
    If an HSEC-compatible device already has an HSEC license installed by the Cisco SD-WAN Manager, then the device is not selectable.

  9. Review the summary and then click Assign to begin the synchronization. Cisco SD-WAN Manager loads the requested licenses from Cisco SSM and assigns them to the devices.

  10. The process of loading and assigning licenses may take several minutes. You can monitor the progress by viewing the Cisco SD-WAN Manager task list.

  11. After the HSEC licenses have been loaded and assigned, to install them, use the Install HSEC Licenses procedure.

Synchronize HSEC Licenses, Offline Mode

Before You Begin

  • If the Cisco SD-WAN Manager has internet access, we recommend using the Synchronize HSEC Licenses, Online Mode procedure.
  • Use this procedure if the Cisco SD-WAN Manager does not have internet access, such as for security reasons.
  • This procedure requires entering credentials for your Cisco SSM Account.

Synchronize HSEC Licenses, Offline Mode

  1. From the Cisco SD-WAN Manager menu, choose Workflows > Workflow Library.

  2. Click the Sync and Install HSEC Licenses workflow.

  3. Click Sync Licenses and then click Next.

  4. Click Offline and then click Next.

  5. On the HSEC Device Activation Overview page, click Next.

  6. Click Download Process and then click Next.

  7. On the Offline Mode – Sync Licenses Task page, select the devices on which to install an HSEC license.

  8. Click Next.

  9. Click Download HSEC Device File.

  10. On the summary page, click Download to download a file to a local location. The file contains the list of devices that require an HSEC license.

  11. Click Done.

  12. Click Cisco Smart Software Manager to open Cisco SSM.

  13. Log in to Cisco SSM and complete the following two steps:
    Note
    The details of procedures in the Cisco SSM portal are outside the scope of this documentation and subject to change.

    • Upload the file that you downloaded from Cisco SD-WAN Manager. The procedure is identical to uploading a usage report file, as described in License Management Offline Mode.
    • Download the Acknowledgement file. This file contains the HSEC licenses required for the devices that you selected.

  14. From the Cisco SD-WAN Manager menu, choose Workflows > Workflow Library.

  15. Click the Sync and Install HSEC Devices workflow.

  16. Click Sync Licenses and then click Next.

  17. Click Offline and then click Next.

  18. On the HSEC Device Activation Overview page, click Next.

  19. Click Upload Process and then click Next.

  20. On the Upload Smart License Authorization Code File page, upload the acknowledgment file that you downloaded from Cisco SSM.

  21. Click Summary.
    The process of loading and assigning licenses may take several minutes. You can monitor the progress by viewing the Cisco SD-WAN Manager task list.

After the HSEC licenses have been loaded and assigned, to install them, use the Install HSEC Licenses procedure.

Install HSEC Licenses

  1. From the Cisco SD-WAN Manager menu, choose Workflows > Workflow Library.
  2. Click the Sync and Install HSEC Licenses workflow.
  3. Click Install Devices.
  4. Select the desired devices on which to install an HSEC license.
  5. Click Install to install the licenses.

You can monitor the progress by viewing the Cisco SD-WAN Manager task list.

Verify HSEC License Installation

  1. From the Cisco SD-WAN Manager menu, choose Administration > License Management.
  2. Above the table click Device. The HSEC license information appears in two columns.
Column Description
HSEC Compatible Yes or No indicates HSEC compatibility.
HSEC Status •  scheduled : An HSEC license is pending installation on the

device.

•  success : An HSEC license is installed on the device.

Troubleshooting HSEC Licenses

Problem
Cisco SSM has assigned two HSEC licenses (a product-ID-specific PID license, and a Cisco DNA software subscription license) to one or more devices. This scenario is called double entitlement.

Possible Cause
The following scenario may cause Cisco SSM to have two licenses assigned to a device:

  1. You have installed a PID-specific HSEC license on a device using Cisco IOS XE Catalyst SD-WAN Release 17.6.x or earlier.
  2. You upgrade the device to use Cisco IOS XE Catalyst SD-WAN Release 17.9.1a or later.
  3. You perform a license synchronization using Cisco SD-WAN Manager.

Solution
Reload the device. When the device restarts, confirm that it is using only the Cisco DNA software subscription HSEC license.

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

Cisco User Manuals

cisco Configuring Console Access Instructions
Cisco
cisco HyperFlex HX-Series Data Platform for HCI Instructions
Cisco
CISCO Meraki Cloud Monitoring for Catalyst User Guide
Cisco
CISCO Cloud-Delivered Catalyst SD-WAN Platform User Guide
Cisco
CISCO 60079011 Wi Fi 6 E Access Point User Manual
Cisco
CISCO IP Phone o Through the Normal Startup Process User Guide
Cisco
CISCO Install Enterprise NFVIS Using USB User Guide
Cisco
CISCO NCS 1014 Network Convergence System 1014 Instruction Manual
Cisco
CISCO Set Up Webex User Guide
Cisco
CISCO Webex App User Guide
Cisco
CISCO DNA Center Configure Telemetry User Guide
Cisco
802.11 Parameters for Cisco Access Points User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide Release 9.3 Instruction Manual Product Information
Cisco
CISCO P-LTE-450 Cellular Pluggable Interface Module Configuration User Guide
Cisco
CISCO Nexus 3600 Series NX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 SeriesNX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide User Guide
Cisco
CISCO Nexus 9804 NX-OS Mode Switch Hardware Installation Guide
Cisco
CISCO Nexus 3548 Series NX-OS Verified Scalability Instructions
Cisco
CISCO 9.0SU Emergency Responder User Guide
Cisco

Related Manuals

Keyboards 87RGB USB-C Bluetooth and RGB Mechanical Keyboard Instructions
Keyboards
VOLLRATH T3893546 Cafeteria Breath Guard Instruction Manual
VOLLRATH
TRIPLETT VTC1000 Voltage and Current Tester with Phase Rotation Tester Instruction Manual
TRIPLETT
JASCO 76721 Plug In Outdoor Smart Switch Instruction Manual
JASCO
IKEA AA-2420670-1 Mattress Pad Instructions
Ikea
fungeneration 490457 Battery Led Pot Thomann User Manual
fungeneration
PELOTON Altos Cycling Shoe Instruction Manual
Peloton
cata INSB6032 60cm Induction Hot Plate Instruction Manual
cata
NISBETS ESSENTIAL CH732 Bain Marie Instruction Manual
NISBETS ESSENTIAL
FIFISH P3 Underwater Robot User Guide
FIFISH
GRANDSTREAM NETWORKS GXV3450 Zoom Phone Appliance User Guide
Grandstream Networks
Danfoss BOCK UL-HGX12e Reciprocating Compressor User Guide
Danfoss
Jimdary A4300 Mini Projector 4k Full HD Instruction Manual
Jimdary
Sophie s 238812 Sophies Doll House with Furniture 7 PCS Instruction Manual
Sophie s
bella BMD-448DDI American Refrigerator No Frost Digital Display Instruction Manual
Bella
MINSUO R15 Wireless Binaural Stereo Sound Music Headphones Instruction Manual
MINSUO
ELKAY SW1156CS Smartwell Countertop Beverage Dispenser Installation Guide
ELKAY
omega OBOP6016AM 60cm Built-In Oven User Guide
Omega
PRESTIGE 183BPTI Remote Key Fob Transmitter User Manual
PRESTIGE
STAHL 109085 PVC-Shroud Owner’s Manual
STAHL
AXIS P3265-V Dome Camera User Manual
AXIS
KOHLER K-16254 Towel Ring Owner’s Manual
Kohler
Omica 800601 Gas Fired Pizza Oven User Manual
Omica
TYAN TS75A-B7132 4th Gen Intel Xeon Scalable Barebones Installation Guide
TYAN
XKGLOW XK-COMMAND 8 Channel Bluetooth Switch Panel User Manual
XKGLOW
Trust GXT 256 Exxo USB Streaming Microphone Instruction Manual
Trust
EDIFIER W200BT MINI True Wireless Earbuds Headphones Instruction Manual
Edifier
Husky Corporation Warranty Information
Husky
Homedics BM-AC105 Air Compression Back Stretching Mat User Manual
Homedics
SW-MOTECH BC.HTA.06.869.30001-B Side Case Set Instruction Manual
SW-MOTECH
Contact Us   Privacy Policy   11.62ms