This article goes through manual Smart Account registration for devices running IOS-XE 16.X o To add devices running newer versions of IOS-XE (like version 17.3+), check out this article instead Cisco Catalyst 9K DNA License registration for non-DNA Center networks (IOS-XE 17.3+).
Introduction
When you purchase a Cisco Catalyst 9K series switch (which includes 9200/L, 9300/L, 9400, and 9500 models) you must purchase a so-called DNA License for a minimum of 3 years regardless of whether you intend to use it or not. A weird decision by Cisco since a lot of organizations are not ready to move on to the DNA Center solution but it is what it is.
If you are running DNA Center then these instructions are not for you since DNA Center will help you register your switches to your SmartAccount in order for them to claim their license.
However, if you are not using DNA Center, you must manually add your devices to your SmartAccount where all your DNA licenses are stored so that the device can claim its license and get out of Evaluation Mode. Your device will also claim its perpetual (lifetime) base license which is either a Network Essentials och a Network Advantage license.
Cisco has already been getting a lot of flak online because of the DNA licensing concept since it requires the switch to go out on the internet to claim its license from Cisco. There is an option to set up an offline on-prem server for DNA licensing purposes but I haven’t had a chance to try it out yet.
The steps below assume that you/your customer already has a SmartAccount setup. When you purchase a 9200, 9200L, 9300, 9400, or 9500 switches, the ordered license (a Network Advantage switch must be ordered with a DNA Network Advantage license for example) will automatically appear in your SmartAccount. In my experience the license shows up around the switch is considered delivered from Cisco and not when the actual order is made.
See which licenses are available in your SmartAccount
Navigate to Cisco Licensing and to the SmartAccount. The URL changes from time to time so I’m not gonna link it here but if you can find Smart Software Licensing on Cisco’s website then you are in the right place. Navigate using the highlighted menus below (Inventory > Licenses) to find out which licenses are stored on your SmartAccount. Don’t forget to select the correct Virtual Account in case you have more than the DEFAULT account. In the example below you can see that my SmartAccount has a bunch of 9200 and 9200L Network Essentials (lifetime licenses) and DNA licenses (subscription-based) available.
Create a SmartAccount Token
To connect your 9K switches to your SmartAccount you first need to access your SmartAccount and create a token to be used for the registration. A token is essentially a generated string that is used for identification when you switch connects to Cisco’s SmartAccount service. Go through Inventory > General and click on the New Token… button.
A window will pop up where you can set the options of the token. Give it a good description and a reasonable valid time (set in days) or enter how many devices can use the token until it is considered redeemed. Click on Create Token when you are done.
Your newly created token should now appear in the Token list. Click on the token to view and copy it, you will need it for the switch configuration. The token should look something like the one below (which isn’t real, by the way).
Register switch to SmartAccount using the Token
Now then, assuming your switch is up and running in your network and it has basic access to the internet, you need to make sure the switch has the following configuration.
A DNS-server to use for looking up the Cisco SmartAccount portal:
My9200(config)# ip name-server 8.8.8.8 Don’t forget to use the VRF version of the command above if you are running VRFs!
My9200(config)# ip dns source-interface Vlan250To make sure this connection works you could try the command ping google.com and see if you get any replies back.
Next up we need to configure an NTP-server so that your switch has the correct time and date.
My9200(config)# ntp server 193.228.143.22And the last thing we need is in interface selected for HTTP/HTTPS communication:
My9200(config)# ip http client source-interface Vlan250Now we have all the pieces in place and it is time to tell the switch to go claim its rightful licenses from your SmartAccount. Please note that the following command is entered in Privileged Exec Mode (“enable mode”)
My9200> enableMy9200# license smart register idtoken NWY3NDM3OTlt……3D%0ANow the switch is going to connect to the Cisco SmartAccount portal using your token. Give it a few seconds and you will be able to see that the connection has been successful using this command:
My9200# show license statusAs you can see below, the registration went okay because Initial Registration: SUCCEEDED
Smart Licensing is ENABLEDUtility: Status: DISABLEDData Privacy: Sending Hostname: yes Callhome hostname privacy: DISABLED Smart Licensing hostname privacy: DISABLED Version privacy: DISABLEDTransport: Type: CallhomeRegistration: Status: REGISTERED Smart Account: MySmartAccount Virtual Account: DEFAULT Export-Controlled Functionality: ALLOWED Initial Registration: SUCCEEDED on Jun 14 12:45:19 2019 CEST Last Renewal Attempt: None Next Renewal Attempt: Dec 11 12:45:19 2019 CEST Registration Expires: Jun 13 12:40:16 2020 CESTLicense Authorization: Status: AUTHORIZED on Jul 14 12:45:29 2019 CEST Last Communication Attempt: SUCCEEDED on Jul 14 12:45:29 2019 CEST Next Communication Attempt: Aug 13 12:45:29 2019 CEST Communication Deadline: Oct 12 12:40:28 2019 CESTExport Authorization Key: Features Authorized: <none>There is also some useful information in this command:My9200# show license summarySmart Licensing is ENABLEDRegistration: Status: REGISTERED Smart Account: MySmartAccount Virtual Account: DEFAULT Export-Controlled Functionality: ALLOWED Last Renewal Attempt: None Next Renewal Attempt: Dec 11 12:45:19 2019 CESTLicense Authorization: Status: AUTHORIZED Last Communication Attempt: SUCCEEDED Next Communication Attempt: Aug 13 12:45:29 2019 CESTLicense Usage: License Entitlement tag Count Status ----------------------------------------------------------------------------- C9200 DNA Essentials... (C9200-DNA-E-48) 4 AUTHORIZED C9200 Network Essent... (C9200-NW-E-48) 4 AUTHORIZEDAs you can see, this is a stack of 4 switches each claiming a C9200-48-port license each (Count = 4). You can also see the times and dates of when the switch will contact Cisco again to authorize and renew its licenses.
In your SmartAccount you can also see which devices have been registered to your account and claimed their licenses. The hostname of the actual switch will be shown here. The icon next to some of the names in the list below means that the item is in High Availability mode, which means it’s either a switch stack (9200, 9200L, and 9300) or a StackWise Virtual stack (9400, 9500).
Is there a difference in the registration process of a stack of switches and a standalone switch?
No, registration is done in the exact same way for stacked and standalone switches. If you have a stack of different 9K models they will know which licenses to claim from the SmartAccount.
Notes
Running the command above while the switch is not connected to the internet seems to put the switch in a weird state because it doesn’t seem to make any more attempts to contact Cisco’s SmartAccount service after it has been installed in the network and connection to the internet is possible. I have left a switch running for days without having it claim its license from Cisco despite having internet access.
Your switch will periodically connect to the SmartAccount portal to check the status of the license.