How to Activate the PLR license on Cisco Security Products?
The comprehensive Cisco license reservation option is still unfamiliar to most customers. Permanent license reserve is a feature of Cisco’s smart licensing solution. A smart License requires a smart account and connection to Cisco Smart Software Management (CSSM) or Smart Software Manage (SSM on-Prem) to reactivate and report the most current license status. However, some clients have highly protected internal networks with limited internet access. So, what can they do? This is where the Cisco PLR license (Permanent License Reservation) comes into play.
What is the Cisco PLR License?
Cisco PLR licensing is a long-term solution for a highly secure network design with minimal outward connections. Using a reservation code issued by Cisco partners, you can register all product instances with exclusive features indefinitely and permanently (no renewal required). This solution is primarily available for Cisco NXOS, IOS XE/XR-based devices, and Cisco Secure product lines.
Furthermore, because most consumers are uncomfortable with Cisco smart licensing methods and find all smart accounts and virtual accounts notions complicated, PLR licenses are a straightforward solution you can use on many different devices.
Besides, you cannot use Smart Licensing if there is no path to the Internet for the system. In that case, activating Cisco PLR License is your only option.
Additionally, it may eliminate all issues regarding Cisco Essential, Advantage, and Premier Licenses, all of which have different features and expiration dates, by offering a single authorization number that can permanently enable all premium capabilities.
How to apply for a Cisco PLR License?
Some basic CLI commands on most Cisco IOS/NXOS devices, such as Cisco Catalyst switches and Cisco Nexus switches, can produce a reservation code for you. You’ll receive a unique permission number after sending the code to the sales experts. All functionalities would be permanently activated by inputting the code in the CLI.
Cisco PLR licensing is also supported by Cisco security solutions such as Cisco Identity Service Engine, Cisco Secure Firewall Management Center, Cisco Secure Firewalls, and Cisco Firewall Threat Defiance. The GUI interface provides access to this feature.
PLR License Activation on Cisco FDM
When you only have one firewall to manage, you can use Firepower Device Manager across the network. It’s a web-based database manager that operates natively on your Firepower with FTD’s box.
Workflows, illustrations, and default setup settings are all included. Cisco Device Manager comes standard with the Cisco Firepower Firewall with FTD. The FDM is a consolidated platform for applying and managing Firepower licenses.
You can use Cisco smart licenses to register all Cisco Firepower product instances. The cloud-based Cisco Smart Licensing solution allows you to automate time-consuming licensing activities.
You can check the status of your license and software usage patterns with this service. Three main functions are simplified with Smart Licensing. This new licensing method necessitates a direct or proxy Internet connection to the Cisco Smart Software Management (CSSM) website.
Although a connection to the Internet is not an alternative in highly protected areas, the Cisco PLR License allows you to install an authorization code that permanently activates all premium features on your device.
The FDM does not require any licensing. It can, however, be utilized for Firepower with the registration of FTD product instances. To activate your Firepower with FTD with a Cisco FDM PLR license, follow the procedures below:
- Turn on the device and connect via the Console Port.
- Accept the EULA and continue the procedure by entering your IP address and GW.
- The device will ask you if you wish to administer the device locally at the end of the wizard: You must select yes.
- Open a web browser and type in the IP address that you previously assigned to the device.
- You can continue the configuration procedure after connecting to the device through the Web interface and setting the Output interface IP and NTP Server.
- The procedure will ask you whether you want to activate the 90-day evaluation period without Registration or Register the device with Cisco Smart Software Manager in the last stage. You should choose a 90-day evaluation and complete it.
- When the prompt appears, choose solitary device and tap Got It. Then, on the left side of the screen, select the Smart License tab.
- A drop-down menu will appear on the right side of the screen on the Smart License page. To install the Cisco FDM PLR license, press Switch to Universal PLR.
- You now have access to the Request Code. Send this code to the supplier so that they can give you a Cisco FDM PLR license.
PLR License Activation on Cisco ISE
Using a Cisco ISE PLR license to enable all features on the Cisco Identity Service Engine platform is a straightforward process. In essence, Cisco’s permanent license reserve is a safe and dependable licensing solution for secure environments where no inbound or outgoing connections are permitted.
An authorization number issued by Cisco can be used to activate a Cisco PLR license. Customers should produce a request code from the Cisco ISE web interface and share it with sales representatives. After that, Cisco will supply you with an authorization code. Then you can register your device by following the instructions below:
Enter Setup on the CLI after finishing the Cisco ISE first deployment to begin ISE basic configuration. After that, you can use the administration IP to access the Web interface.
- Use the new username and password to log in to the device.
- Open the Hamburger menu on the ISE platform to activate the license reservation option.
- Choose the Licensing option from the Administration tab.
- Then click the Generate code button and choose PLR.
- Copy the generated code and send it to Cisco’s sales team to acquire the permission code.
- Then, in the box, type the code and click Enable.
- Your device will be fully registered and ready to use after completing these procedures.
How to Apply Permanent Licenses in Networks without Internet Access (Air-Gapped Networks)
An air-gapped network is a type of network that does not have access to the Internet. Such networks are built for high-end security services where you cannot tolerate external attacks or intrusions. Since there is no path for the Internet, it is impossible to register your devices through Cisco Smart Software Manager. In this case, you can switch to Permanent License Reservation (PLR) mode to get the license for your device.
Things to Keep in Mind to Use PLR Mode Before Activating PLR License
- All features that require internet access, such as file policies, URL lookups, etc. will not work.
- Cisco cannot collect data even if you enable Web Analytics and Cisco Success Network.
- You are required to upload all the updates manually to the Geolocation Database, Intrusion Rules, and Vulnerability Database (VDB). In other words, you can use a flashdrive for updates download, carry the drive to your secured building, and manually upload the updates in the devices.
- You need to verify that your smart account provides a universal license and you have purchased the required Universal License.
- For those in evaluation mode, they cannot switch back to evaluation mode if they switch to PLR mode.
- In case you have a High Availability configured (HA) device, you need to complete the process separately for both devices in the HA group.
Steps to Switch to PLR Mode and Apply License to Your System
Step 1: Go to Device, then select View Configuration in the Smart License summary.
Step 2: If the device has been registered using Smart Licensing, choose “Unregister Device” from the settings drop-down list.
- Confirm the unregistration and wait for the task to complete before taking any further steps.
Step 3: Select “Switch to Universal PLR” from the settings to transition to Universal Permanent License Reservation (PLR) mode.
- Once you read the warning, click “Yes” to confirm your switching process.
- The system will convert to PLR mode and initiate the PLR registration process.
Step 4: Complete PLR Registration:
- Upon opening the Universal Permanent License Reservation dialog box, save the request code displayed in the first step in a text file by clicking on “Save As TXT” option. You can also print it or simply copy it to the clipboard using CTRL + C.
- If you previously exited the process after switching modes, you can resume by clicking “Continue Reservation” on the Licensing page.
- Log into CSSM Account: Navigate to Smart Software Licensing > Inventory, then click on the “Licenses” tab.
- Click License Reservation button to initiate the reservation process by following the instructions in the wizard.
- Enter the license request code or upload the saved txt file. Click Next.
- The products details will be displayed in front of you for the system you want to license, along with a bulleted list of available licenses for the device. For a locally managed FTD device, select the Universal License and click Next.
- Once you check that you have the correct license required, click Generate Authorization code. The code will be generated in the following format: XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXX
- [Note: In the above format, X is an alphanumeric character. In case authorization code is an XML file, it means you have specific license instead of universal license and you cannot use it on the system. In such a case, please Cancel the PLR Registration to ensure that you release the reserved licenses in your CSSM account and work with a Cisco representative to switch from Smart Account to PLR.]
- Once you see the authorization code, choose “Download as File” or “Copy to Clipboard” to save the code and click Close to get out of the wizard.
- Once you get back to the FDM, enter the authorization code by pasting or uploading the file. Click Register to initiate the registration.
- To check the status of registration, refresh the Licensing page.
Step 5: Enable option features that you need.
- Note that the Universal license registers the device for the Base license only. So, you can click Enable for each specific feature you need.
Steps to Cancel PLR Registration
Step 1: Click “Device” and navigate to “View Configuration“.
Step 2: Select “Cancel PLR” from the settings to begin the cancellation process.
Step 3: Choose an option based on your scenario. Based on the scenario you have, select the appropriate option:
- “I have a license in CSSM“: If you have licenses reserved in CSSM and obtained an authorization code.
- “I do not have a license in CSSM“: If you haven’t completed the CSSM wizard to obtain an authorization code.
Step 4: Obtain release code (If CSSM License Exists). If you selected “I have a license in CSSM,” paste the authorization code into the dialog box of cancellation and click “Generate Release Code.”
- Once a code appears in the Release License Code field, click Save As TXT file or Print it. Or, copy the release code.
- In CSSM, locate the device in Smart Software Licensing > Inventory, click Action > Remove, and enter the release code.
- Wait for CSSM to confirm the successful removal of the product.
Step 5: Click “OK” to finalize the cancellation process.
The system reverts to Smart License mode, but note that the device is now unregistered, and restarting evaluation mode is not possible.
To use the device, either register it using a Smart License or switch back to PLR mode and register again.
Wrapping Up
Remember that PLR licenses are node-locked, meaning they cannot be transferred between platforms. Each authorization number you’ve got is unique to your current product, and no one can use it without your permission.
For any queries related, please feel free to connect with us via WhatsApp (+971585811786).