fasadarena.blogg.se - Cisco asa show license command

CISCO ASA SHOW LICENSE COMMAND SOFTWARE

As shown in Example 3-8, this feature set supersedes the licensed feature set of the local unit as long as it continues to participate in a failover pair or a cluster. Notice that the combined count of 1000 sessions from the individual licenses exceeds the Total VPN session count of 750 for this platform this causes the downward adjustment.Īfter license aggregation, each failover peer or cluster member displays an additional section in the output of the show version and show activation-key commands to reflect the combined active feature set of the device. After aggregating these capacities, each device in this failover pair allows up to 750 sessions for this feature. Consider a failover pair of Cisco ASA 5525-X appliances where both the primary and secondary units have the active An圜onnect Premium Peers licenses for 500 sessions each. This happens even if the particular tiered counts for the same feature do not match between all participating members.

For each tiered feature, the licensed capacities of the individual units combine up to the platform limit of each member.

For instance, each unit of a cluster enables the IPS Module license if at least one of the members has it enabled in the local feature set.

For each feature that can be either enabled or disabled, the combined failover or cluster license inherits the best setting from all of the feature sets of the participating devices.

Each failover unit or cluster member computes its local feature set by combining the permanent and active time-based activation keys using the rules discussed earlier.

The system follows these steps to create a combined feature set of a failover pair or a cluster: The Encryption-3DES-AES license must be in the same state on both failover peers and all cluster members.Īfter satisfying these basic requirements, the rest of the licensed features and capacities from both failover peers and all active cluster members combine to form a single feature set that all the participating devices use concurrently.

For both failover and clustering, all units must have the same encryption license.

CISCO ASA SHOW LICENSE COMMAND SOFTWARE

Cisco ASA 5500-X appliances require Cisco ASA 9.1(4) software to use this feature, and it is enabled by default on all Cisco ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X models and on the Cisco ASA 5512-X with the Security Plus license. For clustering, each Cisco ASA 5580 and ASA 5585-X unit must have the Cluster feature enabled independently.These have to match because all cluster members must have the 10GE I/O feature in the same state. For clustering, all participating Cisco ASA 5585-X appliances with SSP-10 and SSP-20 must have either the Base license or the Security Plus license.For failover, Cisco ASA 5505, ASA 5510, and ASA 5512-X appliances must have the Security Plus license installed.After the changes in Cisco ASA 8.3(1) software, only the following license requirements remain for the ASA devices that participate in failover or clustering: Given that most designs used the Active/Standby failover configuration, this led to underutilization of licensed capacities. Prior to Cisco ASA Software version 8.3(1), both units in a failover pair required identical licensed feature sets.

Combined Licenses in Failover and Clustering