Contents

License management commands‌· 1

display license· 1

display license device-id· 2

display license feature· 3

license activation-file install 4

license activation-file uninstall 5

license compress· 5

snmp-agent trap enable license· 6

License client commands· 0

display license client 0

license client username· 1

license client enable· 2

license client install feature· 3

license client install standard· 4

license server 4

 

License management commands‌

All commands in this chapter are supported only on the default context. Features licensed to the default context are also licensed to non-default contexts. For information about contexts, see Virtual Technologies Configuration Guide.

display license

Use display license to display detailed license information.

Syntax

display license [ activation-file ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

activation-file: Displays license information about activation files. The device supports only license installation through activation files, so this command always displays license information about activation files whether you specify this keyword or not.

slot slot-number: Specifies the member ID of an IRF member device. If no member device is specified, this command displays license information for all IRF member devices.

Usage guidelines

The device supports license installation through only activation files in the current software version.

Examples

# Display detailed information about all licenses.

<Sysname> display license

Slot 1:

flash:/license/NGFirewall2017111419524513753.ak

Feature: IPS

Product Description: Trial IPS License, 30 Days

Registered at: 2017-11-14 20:07:06

License Type: Trial (date restricted)

Trial Validity Period: 2017-11-14 to 2017-12-14

Current State: Expired

Table 1 Command output

Field	Description
Feature	Feature name.
Product Description	License description.
Registered at	Time when the license was installed.
License Type	License type by validity period: ·     NA—The system cannot obtain the license type. ·     Permanent—Purchased license that never expires and is always valid. ·     Days restricted—Purchased license that is valid for a period of days, for example, 30 days. ·     Trial (days restricted)—Free trial license that is valid for a period of days.
Time Left (days)	Remaining days of the license. This field is available for a purchased license.
Trial Time Left (days)	Remaining days of the trial period. This field is available for a trial license.
Current State	State of the license: ·     In use—The license is being used. ·     Usable—The license is available for use. ¡     If multiple days-restricted licenses for one feature are installed, only one license is in In use state and the rest licenses are in Usable state. ¡     A date restricted license is in this state if its start date is not reached. ·     Expired—The license has expired. ·     Uninstalled—The license has been uninstalled. ·     Unusable—The license cannot be used. ·     Invalid—The license is invalid and cannot be used.
Uninstall Key	This field is available for licenses that have been uninstalled. When you uninstall an activation file, an Uninstall file that contains an Uninstall key is created. The Uninstall key is required for transferring the license.
Uninstall Date	Date when the activation file was uninstalled.

 

display license device-id

Use display license device-id to display SN and DID information.

Syntax

display license device-id slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

When you register a license for a device, you must provide its unique SN and DID.

The DID changes each time you use the license compress command to compress the license storage. Use the display license device-id command to identify the up-to-date DID each time you register licenses.

The DID is contained in a .did file. Upload the file when you register the license with the license center.

Examples

# Display the SN and DID for the specified slot.

<Sysname> display license device-id slot 1

SN: 210235A1FXH164000026

Device ID: flash:/license/210235A1FXH164000026.did

display license feature

Use display license feature to display brief license information for features.

Syntax

display license feature

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Examples

# Display brief feature license information.

<Sysname> display license feature

Slot 1:

Total: 32  Usage: 0

Feature                         Licensed        State          

ACG                             N               -              

AV                              N               -              

IPS                             N               -              

SLB                             N               -              

SSLVPN                          N               -              

UFLT                            N               -

Table 2 Command output

Field	Description
Total	Total number of licenses that can be installed.
Usage	Number of licenses stored in the license storage.
Feature	Feature that must be licensed before being used.
Licensed	Licensing state of the feature: ·     N—Not licensed. ·     Y—Licensed.
State	License type by purchasing state: ·     Formal—Purchased license. ·     Trial—Trial license. If the feature is not licensed, this field displays a hyphen (-). To use the feature, you must install a valid license file.

 

license activation-file install

Use license activation-file install to install an activation file.

Syntax

license activation-file install license-file slot slot-number

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

license-file: Specifies the path of an activation file, a case-sensitive string of 1 to 127 characters. The activation file must be valid and stored on the device.

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

To install a license activation file successfully, make sure the SN and DID used for registering the feature license matches the current SN and DID of the device.

Activation files are device locked rather than MPU locked. A licensed feature can run on the entire system even after an MPU replacement.

Examples

# Install activation file package 20170101.tar.

<Sysname> system-view

[Sysname] license activation-file install flash:/license/20170101.tar

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...

Decompress......Done.

Begain to install test01.ak …Done.

Begain to install test02.ak …Done.

Begain to install test03.ak …Done.

 

Total Num:3

Success Num:3

Failed Num:0

# Install activation file 20170811.ak to the specified slot.

<Sysname> system-view

[Sysname] license activation-file install flash:/license/20170811.ak slot 1

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...Done.

Related commands

display license activation-file

display license device-id

license activation-file uninstall

license activation-file uninstall

Use license activation-file uninstall to uninstall an activation file.

Syntax

license activation-file uninstall license-file slot slot-number

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

license-file: Specifies the file path, a case-sensitive string of 1 to 127 characters.

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

Use this command to revoke an unexpired license if you want to transfer the license from one device to another.

When an activation file is uninstalled, the system creates an Uninstall file. Use this file together with the SN and DID of the transfer destination to register the license for the transfer destination.

A feature cannot run after you uninstall all of its activation files.

Trial licenses are not transferrable. When you uninstall the activation file of a trial license, no Uninstall file is created.

Examples

# Uninstall activation file flash:/license/20130811.ak from the specified slot.

<Sysname> system-view

[Sysname] license activation-file uninstall flash:/license/20130811.ak slot 1

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...Done.

Uninstall file: flash:/license/20130811.uak

Related commands

display license activation-file

license activation-file install

license compress

Use license compress to compress the license storage.

Syntax

license compress slot slot-number

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

Use this command if the free license storage (see the display license feature command) is not sufficient.

This command clears expired licenses and uninstalled licensesthat are installed by using activation files.

If uninstalled licenses or expired licenses exist on the device, the compression operation will make the DID change. Before performing a compression, make sure all licenses registered with the old DID have been installed. You will be unable to install such licenses after the compression.

This command clears invalid licenses (expired licenses and uninstalled licenses) and Uninstall keys from the license storage area. Back up the Uninstall keys before you compress the license storage.

Examples

# Compress the license storage on the specified slot.

<Sysname> system-view

[Sysname] license compress slot 1

This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.

Are you sure you want to continue? [Y/N]: Y

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...Done.

snmp-agent trap enable license

Use snmp-agent trap enable license to enable SNMP notifications for the license module.

Use undo snmp-agent trap enable license to disable SNMP notifications for the license module.

Syntax

snmp-agent trap enable license

undo snmp-agent trap enable license

The following compatibility matrix shows the support of hardware platforms for this command:

 

Hardware	Command compatibility
F5010, F5020, F5020-GM, F5030, F5030-6GW, F5040, F5060, F5080, F5000-AI-20, F5000-AI-40, F5000-V30, F5000-C, F5000-S, F5000-M, F5000-A	No
F1000-AI-20, F1000-AI-30, F1000-AI-50, F1000-AI-60, F1000-AI-70, F1000-AI-80, F1000-AI-90	No
F1003-L, F1005-L, F1010-L	No
F1005, F1010	No
F1020, F1020-GM, F1030, F1030-GM, F1050, F1060, F1070, F1070-GM, F1070-GM-L, F1080, F1090, F1000-V70	No
F1000-AK1110, F1000-AK1120, F1000-AK1130, F1000-AK1140	No
F1000-AK1212, F1000-AK1222, F1000-AK1232, F1000-AK1312, F1000-AK1322, F1000-AK1332	No
F1000-AK1414, F1000-AK1424, F1000-AK1434, F1000-AK1514, F1000-AK1524, F1000-AK1534, F1000-AK1614	No
F1000-AK108, F1000-AK109, F1000-AK110, F1000-AK115, F1000-AK120, F1000-AK125, F1000-AK710	No
F1000-AK130, F1000-AK135, F1000-AK140, F1000-AK145, F1000-AK150, F1000-AK155, F1000-AK160, F1000-AK165, F1000-AK170, F1000-AK175, F1000-AK180, F1000-AK185, F1000-GM-AK370, F1000-GM-AK380, F1000-AK711	No
LSU3FWCEA0, LSUM1FWCEAB0, LSX1FWCEA1	No
LSXM1FWDF1, LSUM1FWDEC0, IM-NGFWX-IV, LSQM1FWDSC0, LSWM1FWD0, LSPM6FWD, LSQM2FWDSC0	No
vFW1000, vFW2000	Yes

‌

Default

SNMP notifications for the license module are enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable SNMP notifications for the license module, the device automatically generates notifications for the following events:

·     An activation file being used by the device is lost. To view the activation files in use, execute the display license command.

·     The device disconnects from the license server or reconnects to the license server successfully after it disconnects from the license server.

·     A license obtained from the license server is about to expire or has expired.

For license event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for the license module.

<Sysname> system-view

[Sysname] snmp-agent trap enable license

Related commands

display snmp-agent trap-list (Network Management and Monitoring Command Reference)

license client enable

License client commands

The following compatibility matrix shows the support of hardware platforms for license client:

 

Hardware	License client compatibility
F5010, F5020, F5020-GM, F5030, F5030-6GW, F5040, F5060, F5080, F5000-AI-20, F5000-AI-40, F5000-V30, F5000-C, F5000-S, F5000-M, F5000-A	No
F1000-AI-20, F1000-AI-30, F1000-AI-50, F1000-AI-60, F1000-AI-70, F1000-AI-80, F1000-AI-90	No
F1003-L, F1005-L, F1010-L	No
F1005, F1010	No
F1020, F1020-GM, F1030, F1030-GM, F1050, F1060, F1070, F1070-GM, F1070-GM-L, F1080, F1090, F1000-V70	No
F1000-AK1110, F1000-AK1120, F1000-AK1130, F1000-AK1140	No
F1000-AK1212, F1000-AK1222, F1000-AK1232, F1000-AK1312, F1000-AK1322, F1000-AK1332	No
F1000-AK1414, F1000-AK1424, F1000-AK1434, F1000-AK1514, F1000-AK1524, F1000-AK1534, F1000-AK1614	No
F1000-AK108, F1000-AK109, F1000-AK110, F1000-AK115, F1000-AK120, F1000-AK125, F1000-AK710	No
F1000-AK130, F1000-AK135, F1000-AK140, F1000-AK145, F1000-AK150, F1000-AK155, F1000-AK160, F1000-AK165, F1000-AK170, F1000-AK175, F1000-AK180, F1000-AK185, F1000-GM-AK370, F1000-GM-AK380, F1000-AK711	No
LSU3FWCEA0, LSUM1FWCEAB0, LSX1FWCEA1	No
LSXM1FWDF1, LSUM1FWDEC0, IM-NGFWX-IV, LSQM1FWDSC0, LSWM1FWD0, LSPM6FWD, LSQM2FWDSC0	No
vFW1000, vFW2000	Yes

‌

display license client

Use display license client to display the license client configuration and the obtained license information on the license client.

Syntax

display license client slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the license client configuration and the obtained license information on the license client.

<Sysname> display license client slot 1

Username: user      

Ciphertext password: ******

License server's IPv4 address: 192.168.3.124, port: 5001

License client: Enabled

 

License Name: SSLVPN_25

License Description: H3C NFV Feature License(Comware V7,SSL VPN,25 Users)

Current State: In use

Get Time: 2019-02-06 05:08:33

Table 3 Command output

Field	Description
Username	Username for login to the license server. This field displays Not configured if no username is specified.
Ciphertext password	Password in encrypted form for login to the license server. This field displays Not configured if no password is specified.
License server's IPv4 address	IPv4 address of the license server. This field displays Not configured if no IPv4 address of the license server is specified.
Port	Port number of the license server. This field displays Not configured if no port number of the license server is specified.
License client	Status of the license client: ·     Enabled. ·     Disabled.
License name	Name of the license.
License description	Description of the license.
Current State	Current status of the license: ·     In use—The license is in use. ·     Unusable—The license is not in use. ·     Reserved (client is disconnected from license server, but license is still available for n days)—The device is disconnected from the license server for more than 32 hours (excluding 32 hours), and the value n represents the number of validity days of the license. ·     Expired (will be reclaimed in n days)—The license is expired and will be reclaimed in n days.
Get Time	Time when the license was obtained from the license server.

‌

license client username

Use license client username to specify the username and password on the license client for logging in to the license server.

Use undo license client username to delete the username and password settings.

Syntax

license client username username password { cipher | simple } password

undo license client username

Default

No username or password is specified on the license client.

Views

System view

Predefined user roles

network-admin

Parameters

username: Specify the username, a case-sensitive string of 1 to 31 characters.

cipher: Specify a password in encrypted form.

simple: Specifies a password in plaintext form.

password: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 31 characters. Its encrypted form is a case-sensitive string of 33 to 73 characters.

Usage guidelines

You can specify only one username and one password on the license client for login to the license server.

If you execute the command multiple times before enabling the license client, the most recent configuration takes effect.

To modify the username and password settings on an enabled license client, disable the license client first.

Examples

# Specify test and 123456 as the username and password on the license client.

<Sysname> system-view

[Sysname] license client username test password simple 123456

license client enable

Use license client enable to enable the license client.

Use undo license client enable to disable the license client.

Syntax

license client enable

undo license client enable

Default

License client is disabled, and it cannot get licenses from the license server.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Specify the IP address, username, and password of the license server before enabling the license client. Otherwise, the configuration fails.

After you enable the license client, the device automatically initiates a connection to the license server. The license server verifies the license client identity through the username and password. If they are consistent with those specified on the license server, the license client passes authentication. Then the client can apply for licenses from the license server and use the licensed features.

Examples

# Enable the license client.

<Sysname> system-view

[Sysname] license client enable

license client install feature

Use license client install feature to apply for feature licenses from the license server and install them.

Use undo license client install feature to uninstall feature licenses and release them.

Syntax

license client install feature { sslvpn-100 count count | sslvpn-1000 count count | sslvpn-25 count count | sslvpn-500 count count }

undo license client install feature { sslvpn-100 | sslvpn-1000 | sslvpn-25 | sslvpn-500 }

Default

The license client does not apply for feature licenses from the license server automatically.

Views

System view

Predefined user roles

network-admin

Parameters

sslvpn-100: Specify an SSL VPN license that allows 100 SSL VPNs.

sslvpn-1000: Specify an SSL VPN license that allows 1000 SSL VPNs.

sslvpn-25: Specify an SSL VPN license that allows 25 SSL VPNs.

sslvpn-500: Specify an SSL VPN license that allows 500 SSL VPNs.

count count: Specifies the maximum number of SSL VPN licenses, in the range of 1 to 64.

Usage guidelines

The n in the sslvpn-n license represents the number of SSL VPNs allowed on a virtual device. The number of allowed SSL VPNs are accumulated as multiple SSL VPN licenses are installed on a virtual device.

After a license is uninstalled and released, the license server withdraws the license. The withdrawn license can be used on other devices within the validity period.

Examples

# Apply for one SSL VPN-100 license and install it.

<Sysname> system-view

[Sysname] license client install feature sslvpn-100 count 1

license client install standard

Use license client install standard to apply for a standard license from the license server and install it.

Use undo license client install standard to uninstall the standard license and release it.

Syntax

license client install standard { 1cpu | 2cpu | 4cpu | license-type }

undo license client install standard

Default

The license client does not apply for a standard license from the license server automatically.

Views

System view

Predefined user roles

network-admin

Parameters

1cpu: Specifies the license that allows a maximum of one CPU.

2cpu: Specifies the license that allows a maximum of two CPUs.

4cpu: Specifies the license that allows a maximum of four CPUs.

license-type: Specify a standard license type in the format of mcpu. The value for m represents the number of physical CPUs.

Usage guidelines

Only one standard license is supported on a device. If you apply for a new standard license on a device with a standard license installed, the license client will first uninstall the existing license and release it, and then apply for the new license.

Before applying for a standard license, make sure the license client and license server are reachable to each other, and the specified license exists on the license server.

After a license is uninstalled and released, the license server withdraws the license. The withdrawn license can be used on other devices within the validity period.

Examples

# Apply for standard license 1cpu from the license server and install it.

<Sysname> system-view

[Sysname] license client install standard 1cpu

license server

Use license server to specify the IP address and port number of the license server.

Use undo license server to delete the license server settings on the license client.

Syntax

license server ipv4 ip-address port port-number [ vpn-instance vpn-instance-name ]

undo license server ipv4 ip-address port port-number [ vpn-instance vpn-instance-name ]

Default

No IP address or port number of the license server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies the IPv4 address of the license server.

Ipv6-address: Specifies the IPv6 address of the license server.

port-number: Specifies the port number of the license server, in the range of 1 to 65535.

vpn-instance vpn-instance-name: Specifies a VPN instance to which the license server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the license server is on the public network, do not specify this option.

Usage guidelines

You can specify a maximum of four license servers on the license client. Each license server is uniquely identified by the combination of an IP address and a port number.

When the upper limit is reached, you cannot specify new license servers unless you delete existing license server settings.

If you apply for a new standard license on a device with a standard license installed, the license client will first uninstall the existing license and release it, and then apply for the new license.

As a best practice, make sure only one license server is reachable.

To modify the license server settings on an enabled license client, disable the license client first.

Examples

# Specify 192.168.100.1 and 5001 as the IPv4 address and port number of the license server, respectively.

<Sysname> system-view

[Sysname] license server ipv4 192.168.100.1 port 5001

# Specify 3001::1 and 5555 as the IPv6 address and port number of the license server, respectively.

<Sysname> system-view

[Sysname] license server ipv6 3001::1 port 5555

Related commands

license client username

license client enable