Chapter 10

IOS Images and Licensing

Routing Protocols - CCNA version 5

CIS 82 Routing Protocols and Concepts

Rick Graziani
Cabrillo College
[email protected]

Spring 2014
Chapter 10
10.0 Introduction
10.1 Managing IOS System Files
10.2 IOS Licensing
10.3 Summary
Chapter 10: Objectives
 Understand the necessity of managing IOS system image files to increase
network reliability in a small-to-medium-sized business network.
 Explain the Cisco IOS image naming conventions.
 Calculate memory requirements needed when upgrading an IOS system
image.
 Explain the licensing process for the Cisco IOS software in a small-to-
medium-sized business network.
 Configure a router to install a Cisco IOS image license.
IOS Families and
Trains
Cisco IOS concepts

 Cisco IOS Software was developed as a single platform operating

system for routing.

 It has now evolved to a sophisticated operating system that

supports many features such as:
 VoIP
 NetFlow
 IPsec.

 To better meet the needs of clients, the IOS is organized into

software release families and software trains.
IOS Software Release Families

 A software release family is comprised of multiple IOS software

release versions that:
 Share a code base
 Apply to related hardware
 Overlap in support coverage - (as one OS comes to end-of-life,
another OS is introduced and supported)

 Examples of IOS releases, within a software release family, include

12.3, 12.4, 15.0, and 15.1.
IOS Software Trains

 A Cisco IOS train is a version of the software released to implement

bug fixes and add new features.
 Think “Service pack”

 A Cisco IOS train is used to:

 Deliver releases with a common code base,
 To a specific set of platforms and features.
 A train may contain several releases.
 Because different software release families can apply to different
platforms or market segments, several trains can be current at any
point in time.

 This chapter examines the trains of both IOS 12.4 and 15.
12.4 Trains
Cisco IOS 12.4 Mainline and T Trains

 The Cisco IOS 12.4 train is considered the

mainline train.
 It receives mostly software (bug) fixes
 Releases are designated as
Maintenance Deployment (MD)
releases
 Is always associated with a technology
train (T train)
Cisco IOS 12.4 Mainline and T Trains

 A T train, such as 12.4T:

 receives the same software bug fixes
as the mainline train.
 receives new software and hardware
support features.
 Becomes it’s own code base
 Considered Early Deployment (ED)
releases.
Cisco IOS 12.4 Mainline and T Numbering
 The IOS release numbering convention is used to identify the
release of the IOS software, including any bug fixes and new
software features.
 Cisco IOS 12.4 System Image Packaging
Premium Packages

Advanced Enterprise Services

(Full Cisco IOS Software)

Advanced IP Services Enterprise Services

(Merge Advanced Security & SP Services) (Merge Enterprise Base & and SP Services)
IPv6

Advanced Security
(Add Security & VPN)
Cisco IOS Firewall, IDS/IPS,
IPSec, 3DES, VPN
Enterprise Base
SP Services
(Add Multiprotocol
(Add SP Services)
Services)
SSH/SSL, ATM, VoATM,
Appletalk, IPX and IBM
MPLS
Layer 3 Routed Protocols

 IOS 12.4 Software

IP Voice
packaging consisted of 8 (Add Voice)
packages: VoIP and VoFR

 5 non-premium
packages: IP Base
Entry Level Cisco IOS
 3 premium IPv4, Trunking and DSL
packages:
Decode the IOS 12 Image Name
Trai Maintenance Train Rebuild
IOS Image Hardware Feature Set
n# Release Identifier Identifier

c1841-advipservicesk9-mz.124-24.T6.bin 1841 advipservicesk9 12.4 24 T 6

c1841-ipbasek9-mz.124-12.bin 1841 ipbasek9 12.4 12 M

c2800nm-advipservicesk9-mz.124-15.T9.bin 2811 12.4 15 T 9

advipservicesk9

c2801-ipbasek9-mz.124-25f.bin 2801 ipbasek9 12.4 25 M f

c2801-advsecurityk9-mz.124-18e.bin 2801 advsecurityk9 12 18 M e

15.0 Trains
IOS 15.0

 IOS 15.0 provides several enhancements to the operating system

including:
 New feature and hardware support
 Broadened feature consistency with other major IOS releases
 More predictable new feature release and rebuild schedules
 Proactive individual release support policies
 Simplified release numbering
 Clearer software deployment and migration guidelines
IOS 15.0
 While Cisco IOS 12.4 used mainline and T trains, Cisco IOS 15
uses:
 Mainline releases (M trains)
 Extended maintenance release (EM release)
 Standard maintenance release (T release).
 Cisco IOS 15.0 Train Numbering
 Extended Maintenance (EM) Release:
 Incorporates the features and hardware support of all the previous T releases.
 This makes newer EM releases available that contain the full functionality of
the train at the time of release.
 EM releases approximately every 16 to 20 months and includes new features
 Standard Maintenance (T) Release:
 New feature releases approximately two to three times a year delivered
sequentially from a single train
 Ideal to support new hardware and features before the next EM release.
 Maintenance rebuilds of M and T releases contain bug fixes only
Cisco IOS 15.0 Train Numbering
Universal Images

 Cisco Integrated Services Routers Generation Two (ISR G2)

support 2 types of universal images:
 universalk9:
 Images offer all of the Cisco IOS Software features.
 Includes strong payload cryptography features (e.g., IPsec
VPN, SSL VPN), and Secure Unified Communications.
 universalk9_npe:
 Images do not support strong payload encryption.
 This satisfies countries with import requirements.
 IOS 15 System Image Packaging
 The universalk9 IOS image includes all features.
 Devices ship with a universal IP Base image installed by default.

 ISR G2 support “services on demand” through the use of software

licensing.
 A license is used to enable the specific feature sets.

Security Unified Communication Data

Supports: IOS Firewall, IPS, IPsec, Supports: CUBE, CUCME, SRST, Supports: MPLS, BFD, RSVP,
SSL VPN, DMVPN, GETVPN, etc. Voice Gateway, DSP, VXML, etc. L2VPN, L2TPv3, IP SLA, , etc
Devices: 1900, 2900, 3900 Devices: 2900, 3900 Devices: 1900, 2900, 3900

IP Base

Supports: RIP, OSPF, EIGRP, ISIS, BGP, IGMP, Multicast

Devices: Default image for 1900, 2900, 3900
Suggested Transition from IOS 12 to 15
IOS 12 Reformation Packaging IOS 15 Simplified Packaging
IPBase IPBase

IP Voice Unified Communications

Enterprise Base Data

Enterprise Services Data + Unified Communications

Data + Unified Communications

SP Services
(for feature parity and Enterprise features)

Advanced Security Security

Security + Unified Communications + Data

Advanced IP Services
(for feature parity and Enterprise features)

Advanced Enterprise Services Security + Unified Communications + Data

Displaying the Cisco IOS Image
R1# show flash0:
-# - --length-- -----date/time------ path

<Output omitted>

8 68831808 c1900-universalk9-mz.SPA.152-4.M3.bin
Apr 2 2013 21:29:58 +00:00 c1900-universalk9-mz.SPA.152-4.M3.bin

182394880 bytes available (74092544 bytes used)

R1#
The most common designation for memory location
and compression format is mz.

Hardware The first letter indicates the location where the image
is executed on the router:
Feature Set •m - RAM
•f - flash
Memory Location •r - ROM
and Compression Format •l - relocatable

Major Release The second letter specifies how the file was
compressed (zipped) to effectively reduce the size of
Minor Release the image.

New Feature Release The compression format can be either z for zip or x
for mzip.
Extended Maintenance Release
And Maintenance Rebuild Images are self-unzipping, therefore when loaded
into RAM for execution, the first action is to unzip
File Extension
12.4 Image Filename
 Decode the IOS 15 Image Name
New
Feature Major Minor Maintenance Maintenance
IOS Image Hardware Feature
Set Release Release Release Rebuild
Release

c1900-universalk9-mz.SPA.153-2.T.bin 1900 universal 15 3 2 T

c1900-universalk9-mz.SPA.152-4.M2.bin 1900 universal 15 2 4 M 2

c2900-universalk9-mz.SPA.151-4.M4.bin 2900 universal 15 1 4 M 4

c2900-universalk9-mz.SPA.152-3.T3.bin 2900 universal 15 2 3 T 3

10.1.1.9
Managing Cisco
IOS Images
 Deploying TFTP

 Images and configuration files can be stored on a central TFTP server.

 Backup IOS and configuration files
 Can be used in case the system image in the router becomes
corrupted or accidentally erased.
 TFTP server allows image and configuration uploads and downloads over
the network.
 TFTP server can be another router, a workstation, or a host system.
 Saving a Backup IOS Image File to TFTP

 Example, the network administrator wants to create a backup of the

current image file on the router (c1900-universalk9-mz.SPA.152-
4.M3.bin) to the TFTP server at 172.16.1.100.
 Steps to Create Cisco IOS Image Backup

1. Ensure that there is access to the network TFTP server.

 Ping the TFTP server to test connectivity.

2. Verify that the TFTP server has sufficient disk space to accommodate
the Cisco IOS Software image.
 Use the show flash0: command on the router to determine the size of
the Cisco IOS image file.

3. Copy the image to the TFTP server using the copy source-url

destination-url command.
Install a TFTP Server – Free and Easy

30
 1 - Verify Connectivity to the TFTP Server

R1# ping 172.16.1.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/56/56 ms
 2 - Verify Image Name and Size

R1# show flash0:

-# - --length-- -----date/time------ path

8 68831808 Apr 2 2013 21:29:58 +00:00 c1900-

universalk9-mz.SPA.152-4.M3.bin

<Output omitted>
 3 – Copy Image to TFTP Server

R1# copy flash: tftp:

Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin
Address or name of remote host []? 172.16.1.100
Destination filename []? c1900-universalk9-mz.SPA.152-4.M3.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<output omitted>

68831808 bytes copied in 363.468 secs (269058 bytes/sec)

R1#
 Copying an Image From a TFTP Server

 New releases of Cisco IOS software become available to resolve

caveats and provide new features.

 This example illustrates copying a Cisco IOS software image from a

TFTP server.

 A new image file (c1900-universalk9-mz.SPA.152-4.M3.bin) will be

copied from the TFTP server at 2001:DB8:CAFE:100::99 to the router.
Steps to Copy an Image From a TFTP Server

1. Select a Cisco IOS image file that meets the requirements in terms of
platform, features, and software.
 Download the file from http://www.cisco.com and transfer it to the TFTP server.
2. Verify connectivity to the TFTP server.
 Ping the TFTP server from the router.
3. Ensure that there is sufficient flash space on the router.
4. Copy the IOS image file from the TFTP server to the router.
 2 - Verify Connectivity to the TFTP server

R1# ping 2001:DB8:CAFE:100::99

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:CAFE:100::99,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
56/56/56 ms
 3 - Verify Image Name and Size

R1# show flash0:

-# - --length-- -----date/time------ path

<Output omitted>

182394880 bytes available (74092544 bytes used)

R1#
 4 – Copy Image From TFTP Server

R1# copy tftp: flash:

Address or name of remote host []? 2001:DB8:CAFE:100::99
Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin
Destination filename []? c1900-universalk9-mz.SPA.152-4.M3.bin
Accessing tftp://2001:DB8:CAFE:100::99/c1900-universalk9-
mz.SPA.152-4.M3.bin...
Loading c1900-universalk9-mz.SPA.152-4.M3.bin from
2001:DB8:CAFE:100::99 (via
GigabitEthernet0/0): !!!!!!!!!!!!!!!!!!!!
<Output omitted>
[OK – 68831808 bytes]
68831808 bytes copied in 368.128 secs (265652 bytes/sec)
R1#
Loading the New IOS Image to RAM

1. Use the boot system command to configure the router to load

the new image during bootup.

2. Save the configuration.

3. Reload the router to boot the router with new image.

4. After the router has booted, to verify the new image has loaded, use
the show version command.
 Loading the New IOS Image to RAM
R1# configure terminal
R1(config)# boot system flash0://c1900-universalk9-mz.SPA.152-4.M3.bin
R1(config)# exit
R1#
R1# copy running-config startup-config
R1#
R1# reload
R1#

<Output Omitted>

R1# show version

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M3,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 26-Feb-13 02:11 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

R1 uptime is 1 hour, 2 minutes

System returned to ROM by power-on
System image file is "flash0:c1900-universalk9-mz.SPA.152-4.M3.bin“
10.1.2.5
10.1.2.6
IOS Software
Licensing
Licensing
Overview

 The Cisco IOS Software Release 15.0 incorporates cross-platform

feature sets to simplify the image selection process.
 Each device ships with the same IP Base universal image. 
 Technology packages are enabled in the universal image via Cisco
Software Activation licensing keys.
 Technology package licenses are supported on Cisco ISR G2
platforms (Cisco 1900, 2900, and 3900 Series routers).
 Use the show license feature command to view the technology
package licenses and feature licenses supported on the router.
 IOS 15 System Image Packaging

Security Unified Communication Data

Supports: IOS Firewall, IPS, IPsec, Supports: CUBE, CUCME, SRST, Supports: MPLS, BFD, RSVP,
SSL VPN, DMVPN, GETVPN, etc. Voice Gateway, DSP, VXML, etc. L2VPN, L2TPv3, IP SLA, , etc
Devices: 1900, 2900, 3900 Devices: 2900, 3900 Devices: 1900, 2900, 3900

IP Base

Supports: RIP, OSPF, EIGRP, ISIS, BGP, IGMP, Multicast

Devices: Default image for 1900, 2900, 3900
Licensing Process

 A new router is shipped preinstalled with:

 software image
 corresponding permanent licenses for the customer-specified
packages and features.
 New routers also comes with the evaluation license (temporary
license)
 Most packages and features supported on the specified router
for customer review.
IOS Image Licensing

 Features are activated through licensing.

 The technology packages (E.g., IP Base, Security, Unified
Communications, and Data) are enabled in the universal image using
Cisco Software Activation licensing keys.
 Each licensing key is unique to a particular device
 Obtained from Cisco by providing the product ID and serial
number of the router and a Product Activation Key (PAK).
 The PAK is provided by Cisco at the time of software purchase.
 Licensing Overview
 There are three steps to permanently activate a new software
package or feature on a router.

1. Purchase a package
or feature.

2. Obtain a license

3. Install license
Step 1: Purchase the
Software Package

 The first step is to purchase the software package or feature

needed.
 Software Claim Certificates are used for licenses that require
software activation.
 They provide Product Activation Key (PAK) and important
information regarding the Cisco End User License Agreement
(EULA).
Step 2: Obtain a
License

 The second step is to obtain a license or license file using one of the
following options:
 Cisco License Manager (CLM): A free software application available
at http://www.cisco.com/go/clm.
 Cisco License Manager can discover network devices, view their
license information, and acquire and deploy licenses from Cisco.
 Cisco License Registration Portal: A web-based portal for
obtaining and registering individual software licenses, available at
http://www.cisco.com/go/license.
 Both options require a PAK number and a unique device identifier (UDI).
Step 2: Obtain a
License

 The UDI (Unique Device Identifier) is a combination of the:

 Product ID (PID): Identifies the type of device.
 Serial Number (SN): 11 digit number which uniquely identifies a
device.
 Hardware version

 Only the PID and SN are used for license creation.

Step 2: Obtain a License
R1# show license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 CISCO1941/K9 FTX1636848Z CISCO1941/K9:FTX1636848Z

R1#

 This UDI can be displayed

using the show license
udi command.
 This information is also
available on a pull-out
label tray found on the
device.
Permanent Licenses

 A permanent license is a license that never expires.

 Once installed on a router, it is good for that particular feature
set for the life of the router, even across IOS versions. 
 Cisco manufacturing preinstalls the appropriate permanent
license on the ordered device for the purchased feature set;
therefore, it’s not necessary to enable that license on new
hardware.
 Step 3: Install the License
 After obtaining the license file (an XML text file with a .lic extension),
install the permanent license:
1. Use the license install stored-location-url
privileged EXEC mode command to install a license file.
2. Reload the router using the reload privileged EXEC mode
command.
 A reload is not required if an evaluation license is active.
R1# license install flash0:seck9-C1900-SPE150_K9-FHH12250057.xml
Installing licenses from “seck9-c1900-SPE150_K9-FHH12250057.xml"
Installing...Feature:seck9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
R1#
*Jul 7 17:24:57.391: %LICENSE-6-INSTALL: Feature seck9 1.0 was installed in
this device.
UDI=1900-SPE150/K9:FHH12250057; StoreIndex=15:Primary License Storage
*Jul 7 17:24:57.615: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module
name = c1900
Next reboot level = seck9 and License = seck9
R1# reload
Verify the Licenses on a Router
R1# show version

<Output omitted>

License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 FTX1636848Z
Technology Package License Information for Module:'c1900'
----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security seck9 Permanent seck9
uc None None None
data None None None
Verify the Licenses on a Router
 Use the show license command to verify that the license has
been installed.
R1# show license

Index 1 Feature: ipbasek9

Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None

<Output omitted>
Activate an Evaluation License

 An Evaluation License is good for a 60 day period.

 After the 60 days, this license automatically transitions into an
Right-to-Use (RTU) license.

 To configure a one-time acceptance of the EULA, use the license

accept end user agreement global config command.

 To activate an Evaluation RTU license use the license boot

module module-name technology-package package-name

Technology package names for Cisco ISR G2 platforms are:

•ipbasek9 - IP Base technology package
•securityk9 - Security technology package
•datak9 - Data technology package
•uck9 - Unified Communications package
Activate an Evaluation License
R1(config)# license accept end user agreement
R1(config)# license boot module c1900 technology-package datak9
% use 'write' command to make license boot config take effect on
next boot
R1(config)#
*Apr 25 23:15:01.874: %IOS_LICENSE_IMAGE_APPLICATION-6-
LICENSE_LEVEL: Module name = c1900 Next reboot level = datak9 and
License = datak9
*Apr 25 23:15:02.502: %LICENSE-6-EULA_ACCEPTED: EULA for feature
datak9 1.0 has been accepted. UDI=CISCO1941/K9:FTX1636848Z;
StoreIndex=1:Built-In License Storage
R1(config)# exit
R1#
R1# reload
Verify the Licenses on a Router
 Use the show license command to verify that the license has been installed.

R1# show license

Index 1 Feature: ipbasek9

Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: datak9
Period left: 8 weeks 4 days
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA accepted
License Count: Non-Counted
License Priority: Low

<Output omitted>
 Backing Up the License
 The license save file-sys://lic-location command is
used to copy licenses from a device and store them in a format required
by the specified storage location.

 Saved licenses are restored by using the license install

command.
R1# license save flash0:all_licenses.lic
license lines saved ..... to flash0:all_licenses.lic

R1#
R1# show flash0:
-# - --length-- -----date/time------ path

<Output omitted>

8 68831808 Apr 2 2013 21:29:58 +00:00 c1900-universalk9-mz.SPA.152-

4.M3.bin
9 1153 Apr 26 2013 02:24:30 +00:00 all_licenses.lic

182390784 bytes available (74096640 bytes used)

R1#
 Uninstalling a License
1. To clear an active permanent license, disable it using the license
boot module module-name technology-package package-
name disable
 Reload the router using the reload command.

l Clear the technology package license from license storage using the
license clear feature-name global config command.

l Use the no license boot module module-name

technology-package package-name disable to remove the
license from the startup config.

 Note: Some licenses, such as built-in licenses and evaluation licenses

cannot be cleared.
 Only licenses that have been added by using the license install
command are removed.
 Uninstalling a License
Step 1. Disable the Technology Package

R1(config)# license boot module c1900 technology-package seck9 disable

R1(config)# exit
R1# reload

Step 2. Clear the License

R1# license clear seck9

R1# configure terminal
R1(config)# no license boot module c1900 technology-package seck9 disable
R1(config)# exit
R1# reload
10.2.2.5
Chapter 10
IOS Images and Licensing
Routing Protocols - CCNA version 5

CIS 82 Routing Protocols and Concepts

Rick Graziani
Cabrillo College
[email protected]

Spring 2014