Click here to request your free 14-day trial of Cisco Umbrella through NetCraftsmen today!

9/9
2016
Carole Warner Reece

Adding a License File to a Cisco Nexus 5500 Switch

I was recently troubleshooting an HSRP issue with two Nexus 5500 switches that both were in the active state. The root cause appeared to be a missing LAN_Base license.

Although the information on copying and adding licenses to a Nexus 5500 is available at www.cisco.com, I found I had to go to a couple of different pages to get it. Here are the steps I used to add a new license to my Cisco Nexus 5500 switches.

Step 1. Verify that no license is already installed with the show license command, or exists in bootflash ready to be installed with the dir command. You should look for a *.LIC file in bootflash:

If you find a .LIC file in bootflash:, you probably just need to install it and can skip to Step 5.

HQ-ST-5K1# show license
HQ-ST-5K1#

Note: No response from NX-OS means no license is installed.

HQ-ST-5K1# dir bootflash:
         0    Jan 01 14:18:03 2009  20090101_191803_poap_4557_init.log
         0    Jan 01 14:34:16 2009  20090101_193416_poap_4464_init.log
         0    Jan 15 09:37:37 2009  20090115_143737_poap_4464_init.log
    169740    Jun 16 13:49:40 2015  20150616_154841_poap_4461_init.log
      8989    Apr 29 09:21:37 2015  b4config.txt
      9861    Jun 16 11:31:01 2015  b4config2.txt
      4096    Apr 08 15:11:22 2015  lost+found/
  34672128    Jul 07 15:12:50 2014  n5000-uk9-kickstart.6.0.2.N1.2.bin
 238082390    Jul 07 15:13:39 2014  n5000-uk9.6.0.2.N1.2.binexit

      4096    Jan 01 14:16:55 2009  vdc_2/
      4096    Jan 01 14:16:55 2009  vdc_3/
      4096    Jan 01 14:16:55 2009  vdc_4/
      4096    Jan 01 14:16:55 2009  virt_strg_pool_bf/

Usage for bootflash://
  390721536 bytes used
 1260183552 bytes free
 1650905088 bytes total
HQ-ST-5K1#

Note: Since there is no file with a .lic extension, the license file is missing. I needed at least a LAN Base license to run HSRP. The 5500 switches also need a L3 forwarding module, which mine had.

Step 2. As needed, obtain the license files.

I got mine though chatting with Cisco staff and providing them with the results from the show license host-id command. After some discussion, they emailed me two base license files that were keyed to the license host-id of the 5Ks.

Note: Depending on your situation, you may need to contact your reseller or open a TAC case.

The license files I obtained from Software licensing were readable in a text editor, and looked like this:

SERVER this_host ANY
VENDOR cisco
INCREMENT LAN_BASE_SERVICES_PKG cisco 1.0 permanent uncounted \
VENDOR_STRING=<LIC_SOURCE>MDS_SWIFT</LIC_SOURCE><SKU>N55-BAS1K9</SKU> \
HOSTID=VDH=SSI123456AB \
NOTICE="<LicFileID>20160804111111111</LicFileID><LicLineID>1</LicLineID> \
<PAK></PAK>" SIGN=###E##C#A###

Note: I also found some non-installed license files in the directory of a different N5K. This pre-installed license included a PAK value that appears to be associated with the host ID and the license file name in the following format:

HQ-END-5K1# dir bootflash:
. . .
        272    Jan 01 01:34:17 2009  license_SSI234567E5_15.lic
       4096    Jan 23 18:22:41 2015  lost+found/
       6661    Apr 13 07:03:34 2015  mts.log
   31646720    Oct 17 02:27:26 2012  n5000-uk9-kickstart.5.2.1.N1.1.bin
   34407424    Oct 28 15:50:19 2014  n5000-uk9-kickstart.5.2.1.N1.7.bin
  173087826    Oct 17 02:28:14 2012  n5000-uk9.5.2.1.N1.1.bin
  175642440    Oct 28 15:49:52 2014  n5000-uk9.5.2.1.N1.7.bin
       1152    Oct 28 16:33:41 2014  span.log
       4096    Jan 01 01:31:07 2009  vdc_2/
       4096    Jan 01 01:31:07 2009  vdc_3/
       4096    Jan 01 01:31:07 2009  vdc_4/

Usage for bootflash://
  532897792 bytes used
 1118007296 bytes free
 1650905088 bytes total
HQ-END-5K1#

HQ-END-5K1# sh file license_SSI234567E5_15.lic
SERVER this_host ANY
VENDOR cisco
INCREMENT LAN_BASE_SERVICES_PKG cisco 1.0 permanent uncounted \
        VENDOR_STRING=MDS HOSTID=VDH=SSI234567E5 \

NOTICE=<LicFileID>20121016111111111</LicFileID><LicLineID>1</LicLineID><PAK>N5K-C5548UP-FASSI234567E5</PAK> \
               SIGN=F1111DB1D111

HQ-END-5K1#
HQ-END-5K1# sh license host-id
License hostid: VDH=SSI234567E5
HQ-END-5K1#

Note: Place holder IDs and license numbers are shown in the example.

Step 3. You need to load each license file on the appropriate Nexus switch. You can use the copy scp: command to place the file in the bootdir: of the appropriate switch.

The license file will need to be accessible via an SCP.

HQ-ST-5K1# copy scp://cwr@172.20.21.22/Volumes/Projects/01-GPO/MDS20160804113133333/MDS201608040222222222.lic bootflash:license.lic
Enter vrf (If no input, current vrf 'default' is considered): management
The authenticity of host '172.20.21.22 (172.20.21.22)' can't be established.
RSA key fingerprint is d5:10:11:13:10:19:14:1d:1b:b1:18:19:18:19:19:18.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.20.21.22' (RSA) to the list of known hosts.
Password:
MDS201608040222222222.lic                                                                      
100%  304     0.3KB/s   00:00
Copy complete, now saving to disk (please wait)...
HQ-ST-5K1#

During the copy, I renamed the license file to the name license.lic for ease of typing.

Note: I was able to turn on file sharing and remote access under System Preferences>Sharing on my Mac so the copy SCP from the switch would work. PC users may need to start an SCP server.

Step 4. Verify file has been copied to bootflash:

HQ-ST-5K1# dir
          0    Jan 01 14:18:03 2009  20090101_191803_poap_4557_init.log
          0    Jan 01 14:34:16 2009  20090101_193416_poap_4464_init.log
          0    Jan 15 09:37:37 2009  20090115_143737_poap_4464_init.log
     169740    Jun 16 13:49:40 2015  20150616_154841_poap_4461_init.log
       8989    Apr 29 09:21:37 2015  b4config.txt
       9861    Jun 16 11:31:01 2015  b4config2.txt
        304    Aug 04 12:21:31 2016  license.lic
       4096    Apr 08 15:11:22 2015  lost+found/
   34672128    Jul 07 15:12:50 2014  n5000-uk9-kickstart.6.0.2.N1.2.bin
  238082390    Jul 07 15:13:39 2014  n5000-uk9.6.0.2.N1.2.bin
       4096    Jan 01 14:16:55 2009  vdc_2/
       4096    Jan 01 14:16:55 2009  vdc_3/
       4096    Jan 01 14:16:55 2009  vdc_4/
       4096    Jan 01 14:16:55 2009  virt_strg_pool_bf/

Usage for bootflash://
  390725632 bytes used
 1260179456 bytes free
 1650905088 bytes total
HQ-ST-5K1#

Note: I later turned off file sharing and remote access under System Preferences>Sharing on my Mac.

Step 5. Verify contents of file HOST-ID in the license file match the N5K using the show file command and the show license host-id command. (This is very important if you are working with more than one license file, and want the license to work.)

HQ-ST-5K1# show file license.lic
SERVER this_host ANY
VENDOR cisco
INCREMENT LAN_BASE_SERVICES_PKG cisco 1.0 permanent uncounted \
        VENDOR_STRING=<LIC_SOURCE>MDS_SWIFT</LIC_SOURCE><SKU>N55-BAS1K9</SKU> \
        HOSTID=VDH=SSI123456AB \

NOTICE="<LicFileID>20160804111111111</LicFileID><LicLineID>1</LicLineID> \
        <PAK></PAK>" SIGN=###E##C#A###
HQ-ST-5K1#
HQ-ST-5K1# sh license host-id
License hostid: VDH=SSI123456ABS
HQ-ST-5K1#

Step 6. Install the license with the install license command.

HQ-ST-5K1# install license bootflash:license.lic
Installing license .......Enable Layer 3.

Please reload the switch if the switch has previously gone through a non-disruptive NX-OS upgrade.
done
HQ-ST-5K1#

Note: I assumed that I did not need to reload since I had not done a NX-OS upgrade

Step 7. Verify the license has been installed with the show license command.

HQ-ST-5K1# sh license
license.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT LAN_BASE_SERVICES_PKG cisco 1.0 permanent uncounted \
        VENDOR_STRING=<LIC_SOURCE>MDS_SWIFT</LIC_SOURCE><SKU>N55-BAS1K9</SKU> \
        HOSTID=VDH=SSI123456AB \

NOTICE="<LicFileID>20160804111111111</LicFileID><LicLineID>1</LicLineID> \
        <PAK></PAK>" SIGN=###E##C#A###

HQ-ST-5K1#

I hope this may help others who need to install or work with licenses on a Nexus 5500.

Carole Warner Reece

Architect

A senior network consultant with more than fifteen years of industry experience, Carole is one of our most highly experienced network professionals. Her current focus is on the data center and on network infrastructure.

View more Posts

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.