Login
- Table of Contents
-
- 01-Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-RBAC configuration
- 03-Login management configuration
- 04-License management
- 05-Device management configuration
- 06-FTP and TFTP configuration
- 07-File system management configuration
- 08-Configuration file management configuration
- 09-Software upgrade configuration
- 10-ISSU configuration
- 11-Automatic configuration
- 12-Tcl configuration
- 13-Python configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-License management | 202.55 KB |
Restrictions and guidelines: License management
Management operation restrictions
Registering and installing a license
License registration and installation workflow
Identifying the license storage
Compressing the license storage
Obtaining required information for license registration
Configuring SNMP notifications for license module
Display and maintenance commands for license management
Restrictions: Hardware compatibility with license client
Registering and installing a license
License registration and installation workflow
Display and maintenance commands for license client
Managing licenses
About licenses
To use license-based features, you must purchase licenses from H3C and install the licenses.
To obtain information about license-based features, their licensing status, and license availability, execute the display license feature command on the device. Then, you can purchase and install licenses as needed.
License types
H3C offers trial (or temporary), preinstalled, and formal licenses. For more information about the license options available for a product, see the license matrixes document for that product.
Preinstalled licenses
Preinstalled licenses are built into a system and are available for use on initial startup of the system. Users do not need to activate them.
A preinstalled license is typically time limited and cannot be uninstalled or transferred.
When a preinstalled license expires, the license-based feature becomes unavailable. To continue to use the feature, you must purchase and install a formal license for it.
Trial licenses
Trial licenses are provided for you to verify the functionality of premium features so you can make an educated purchase decision.
A trial license is time limited and cannot be uninstalled or transferred.
When a trial license expires, the license-based feature becomes unavailable. To continue to use the feature, you must purchase and install a formal license for it.
To obtain a trial license for a feature:
1. Contact your H3C sales representative or technical support.
2. Register the trial license key with H3C License Management Platform to obtain an activation file.
3. Install the activation file to activate the feature.
Formal licenses
To gain most from a license-based feature, purchase a formal license for it.
Formal licenses are available with different validity periods and their support for uninstallation and transfer of formal licenses depends on product model. For more information, see the license matrixes document for the product.
To install a formal license for a feature:
1. Purchase a software license certificate through an official channel.
2. Access H3C License Management Platform, and then enter the license key in the certificate and the required device information to obtain an activation file.
3. Install the activation file in the target system.
Basic concepts
The following information describes the basic concepts that you might encounter when you register, install, and manage licenses.
H3C License Management Platform
H3C License Management Platform provides product licensing services for H3C customers. You can access this system to obtain an activation file, transfer licenses, or remove the device and license binding for an uninstalled license.
H3C License Management Platform is accessible at http://www.h3c.com/en/License/.
Software license certificate
A software license certificate allows users to use a license-based feature. It contains license key, license capacity, and other information.
License key
A license key uniquely identifies a license.
· To obtain a formal license key, purchase a software license certificate. The authorization serial number in the software license certificate is the license key.
· To obtain a trial license key, contact your H3C sales representative or H3C technical support. Support for trial licenses depends on the device model. For more information, see the license matrixes document for the product.
Device serial number
A device serial number (SN or S/N) is a barcode that uniquely identifies a device. It comes with the device and must be provided when you request a license in H3C License Management Platform.
Device ID (DID) and DID file
A DID is a string of characters that uniquely identifies a hardware device. A DID file stores the DID and other information. The device comes with a DID or DID file. You must provide the DID or DID file when you request a license for the device on H3C License Management Platform.
Activation file
An activation file binds a license to a system.
To use a license-based feature on a system, you must perform the following tasks:
1. Use the license key and the required device information to obtain an activation file from H3C License Management Platform.
2. Install the activation file on the system.
Uninstall key and Uninstall file
When you uninstall a license, an Uninstall file that contains an Uninstall key is created. The Uninstall key is required for transferring the license.
License storage
License storage is a persistent storage of fixed size for storing licensing information. This information includes the licensing state, validity period, Uninstall key or Uninstall file, and other related information.
Data in the license storage persists through reboot. This ensures licensing accuracy and continuity.
Restrictions and guidelines: License management
Management operation restrictions
· Purchase licenses from H3C official channels.
· For licenses that have been installed on the device, execute the display license command to view the license validity period. To use a license-based feature continuously, install a new license for the feature before the old license expires.
· Licenses are typically device locked. To ensure a successful licensing, use the following licensing guidelines:
a. When you purchase a license certificate, verify the following items:
- Make sure the license is compatible with the target device.
- Make sure its licensed functionality and capacity meet your requirements.
b. When you obtain an activation file, make sure the provided license key and hardware information are correct.
c. Install the activation file on the correct target device.
· Make sure no one else is performing license management tasks while you are managing licenses on the device.
· You can manage licenses only on the default context. Any license operation performed on the default context takes effect on all contexts. For information about contexts, see Virtual Technologies Configuration Guide.
File operation restrictions
When you manage DID files, activation files, or Uninstall files, follow these restrictions and guidelines:
· To avoid licensing error, do not modify the name of a DID file, activation file, or Uninstall file, or edit the file content.
· Before you install an activation file, download the activation file to the storage media of the device such as flash memory. When installing an activation file, the device automatically copies the activation file to the license folder in the root directory of the storage media. The license folder stores important files for licensing. For licensed features to function correctly, do not delete or modify the license folder or the files in this folder.
License consolidation
License consolidation combines multiple licenses to create one activation file. It delivers the following benefits:
· Ease of license installation and management—This feature enables you to install one activation file to activate multiple licenses, without having to install one activation file for each of them.
· Storage conservation—This feature enables the device to store one activation file for multiple licenses, which conserves the license storage space on the device. Licenses that support consolidation are called consolidable licenses.
Licensing methods
The system supports local licensing and remote licensing.
· With local licensing, you install and manage licenses on the device.
· With remote licensing, you install and manage licenses on a license server, which allocates licenses to its license clients (nodes on the network).
Table 1 Licensing methods
|
Licensing method |
License installation location |
Licensed location |
Applicable scenario |
|
Local licensing |
Local device |
Local device |
Applicable to small-sized networks. You must activate licenses device by device.
|
|
Remote licensing |
H3C license server |
License clients |
Applicable to large-sized networks. You activate licenses on the license server, which then automatically assigns licenses to its clients either proactively or on request.
|
Configuring local licensing
About local licensing
Local licensing requires license activation device by device. It is applicable to small-sized networks.
To install a license on a device:
1. Obtain the license key and the required device information.
2. Access H3C License Management Platform to apply for an activation file based on the license key and the device information.
3. Install the activation file on the device to activate the license.
The activation file for a license is device locked. You cannot install the activation file for one device to activate the license on another device.
Figure 1 Local licensing procedure
Registering and installing a license
License registration and installation workflow
The procedures for installing formal licenses and trial licenses are the same, as shown in Figure 2.
This chapter only describes the operations performed on the device. For more information, see the licensing guide for the device.
Figure 2 License registration and installation flowchart
Identifying the license storage
To identify the free space of the license storage, execute the following command in any view:
display license feature
From the command output, view the Total and Usage fields to examine whether the remaining license storage is sufficient for installing new licenses. If the remaining license storage is not sufficient, compress the license storage.
Compressing the license storage
About this task
The license storage stores licensing information and has a fixed size.
You can compress the license storage to delete expired and uninstalled license information to ensure sufficient storage space for installing new licenses.
If no license has been installed on the device, you do not need to compress the license storage.
Prerequisites
Back up the Uninstall keys or Uninstall files for the uninstalled licenses for subsequent license transfer or license uninstallation on H3C License Management Platform.
If uninstalled licenses or expired licenses exist on the device, the compression operation will make the DID change. You will be unable to install the activation file obtained by using the old DID on the device. As a best practice, install all activation files registered with the old DID before performing a compression.
If you have not installed an activation file registered with the old DID, take the following actions:
· If the license storage is sufficient, install the activation file on the device. For more information, see the licensing guide for the device.
· If the license storage is insufficient and the activation file cannot be installed after the compression, contact H3C Support.
Procedure
1. Enter system view.
system-view
2. Compress the license storage.
license compress slot slot-number
Obtaining required information for license registration
To obtain SN and DID information, execute the following command in any view:
display license device-id slot slot-number
Installing an activation file
About this task
|
|
CAUTION: Back up an activation file before you install it. If the activation file is inadvertently deleted or becomes unavailable for some other reason, you can use the backup activation file to restore the license. |
To obtain a license, install an activation file for the license on the device.
Prerequisites
Use FTP or TFTP to upload the activation file to be installed to the device. If FTP is used to transfer the activation file, set it in binary mode.
Installing an activation file
1. Enter system view.
system-view
2. Install an activation file.
license activation-file install license-file slot slot-number
You can install a single .ak file or multiple .ak files through one operation. To install multiple .ak files, save all activation files in the same directory and specify the directory as the value of the license-file argument
Configuring SNMP notifications for license module
About this task
After you enable SNMP notifications for the license module, the device automatically generates notifications for the following events:
· The activation file being used by the device is lost.
· The device, as a license client, disconnects from the license server or reconnects to the license server successfully after it disconnects from the license server.
· The license obtained from the license server is about to expire or has expired.
For license event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.
Hardware and feature compatibility
|
Series |
Models |
Feature compatibility |
|
F50X0 series |
F5010, F5020, F5020-GM, F5030, F5030-6GW, F5040, F5060, F5080, F5000-A, F5000-C, F5000-S, F5000-M |
No |
|
F5000-CN series |
F5000-CN30, F5000-CN60 |
No |
|
F5000-AI series |
F5000-AI-15, F5000-AI-20, F5000-AI-40 |
No |
|
F5000-V series |
F5000-V30 |
No |
|
F1000-AI series |
F1000-AI-05, F1000-AI-10, F1000-AI-15, F1000-AI-20, F1000-AI-25, F1000-AI-30, F1000-AI-35, F1000-AI-50, F1000-AI-55, F1000-AI-60, F1000-AI-65, F1000-AI-70, F1000-AI-75, F1000-AI-80, F1000-AI-90 |
No |
|
F1000-L series |
F1003-L, F1005-L, F1010-L |
No |
|
F10X0 series |
F1005, F1010, F1020, F1020-GM, F1030, F1030-GM, F1050, F1060, F1070, F1070-GM, F1070-GM-L, F1080, F1090 |
No |
|
F1000-V series |
F1000-V50, F1000-V60, F1000-V70, F1000-V90 |
No |
|
F1000-SASE series |
F1000-SASE100, F1000-SASE200 |
No |
|
F1000-AK series |
F1000-AK108, F1000-AK109, F1000-AK110, F1000-AK115, F1000-AK120, F1000-AK125, F1000-AK130, F1000-AK135, F1000-AK140, F1000-AK145, F1000-AK150, F1000-AK155, F1000-AK160, F1000-AK165, F1000-AK170, F1000-AK175, F1000-AK180, F1000-AK185, F1000-GM-AK370, F1000-GM-AK380, F1000-AK710, F1000-AK711, F1000-AK1010, F1000-AK1020, F1000-AK1030, F1000-AK1110, F1000-AK1120, F1000-AK1130, F1000-AK1140, F1000-AK1150, F1000-AK1160, F1000-AK1170, F1000-AK1180, F1000-AK1212, F1000-AK1222, F1000-AK1232, F1000-AK1242, F1000-AK1252, F1000-AK1262, F1000-AK1272, F1000-AK1312, F1000-AK1322, F1000-AK1332, F1000-AK1342, F1000-AK1352, F1000-AK1362, F1000-AK1414, F1000-AK1424, F1000-AK1434, F1000-AK1514, F1000-AK1524, F1000-AK1534, F1000-AK1614, F1000-AK9110, F1000-AK9210 |
No |
|
Firewall modules |
IM-NGFWX-IV, LSPM6FWD, LSPM6FWDB, LSQM1FWDSC0, LSQM2FWDSC0, LSU3FWCEA0, LSUM1FWCEAB0, LSUM1FWDEC0, LSWM1FWD0, LSX1FWCEA1, LSXM1FWDF1 |
No |
|
vFW series |
vFW1000, vFW2000 |
Yes |
Procedure
1. Enter system view.
system-view
2. Enable SNMP notifications for the license client.
snmp-agent trap enable license
By default, SNMP notifications for the license module are enabled.
Display and maintenance commands for license management
Execute display commands in any view.
|
Task |
Command |
|
Display detailed license information. |
display license [ activation-file ] [ slot slot-number ] |
|
Display the SN and DID information. |
display license device-id slot slot-number |
|
Display brief feature license information. |
display license feature |
Configuring remote licensing
About remote licensing
Remote licensing is based on the client-server architecture and applicable to large-sized networks. Remote licensing simplifies license installation and management. With remote licensing, you install licenses, uninstall licenses, or transfer licenses for all license clients from the license server.
The following is the procedure to set up remote licensing:
1. Install the H3C license server on a host.
The H3C license server provides centralized management on licensing and license distribution.
2. Install the licenses required by license clients on the license server.
If license clients request for licenses, the license server will assign the licenses to the license clients.
3. Enable a license client on each managed device and configure the parameters for communicating with the license server. The parameters include the IP address and port number of the license server and the username and password for accessing the license server.
The managed devices can then connect to the license server to obtain licenses as license clients.
Figure 3 Remote licensing
Restrictions: Hardware compatibility with license client
|
Series |
Models |
License client compatibility |
|
F50X0 series |
F5010, F5020, F5020-GM, F5030, F5030-6GW, F5040, F5060, F5080, F5000-A, F5000-C, F5000-S, F5000-M |
No |
|
F5000-CN series |
F5000-CN30, F5000-CN60 |
No |
|
F5000-AI series |
F5000-AI-15, F5000-AI-20, F5000-AI-40 |
No |
|
F5000-V series |
F5000-V30 |
No |
|
F1000-AI series |
F1000-AI-05, F1000-AI-10, F1000-AI-15, F1000-AI-20, F1000-AI-25, F1000-AI-30, F1000-AI-35, F1000-AI-50, F1000-AI-55, F1000-AI-60, F1000-AI-65, F1000-AI-70, F1000-AI-75, F1000-AI-80, F1000-AI-90 |
No |
|
F1000-L series |
F1003-L, F1005-L, F1010-L |
No |
|
F10X0 series |
F1005, F1010, F1020, F1020-GM, F1030, F1030-GM, F1050, F1060, F1070, F1070-GM, F1070-GM-L, F1080, F1090 |
No |
|
F1000-V series |
F1000-V50, F1000-V60, F1000-V70, F1000-V90 |
No |
|
F1000-SASE series |
F1000-SASE100, F1000-SASE200 |
No |
|
F1000-AK series |
F1000-AK108, F1000-AK109, F1000-AK110, F1000-AK115, F1000-AK120, F1000-AK125, F1000-AK130, F1000-AK135, F1000-AK140, F1000-AK145, F1000-AK150, F1000-AK155, F1000-AK160, F1000-AK165, F1000-AK170, F1000-AK175, F1000-AK180, F1000-AK185, F1000-GM-AK370, F1000-GM-AK380, F1000-AK710, F1000-AK711, F1000-AK1010, F1000-AK1020, F1000-AK1030, F1000-AK1110, F1000-AK1120, F1000-AK1130, F1000-AK1140, F1000-AK1150, F1000-AK1160, F1000-AK1170, F1000-AK1180, F1000-AK1212, F1000-AK1222, F1000-AK1232, F1000-AK1242, F1000-AK1252, F1000-AK1262, F1000-AK1272, F1000-AK1312, F1000-AK1322, F1000-AK1332, F1000-AK1342, F1000-AK1352, F1000-AK1362, F1000-AK1414, F1000-AK1424, F1000-AK1434, F1000-AK1514, F1000-AK1524, F1000-AK1534, F1000-AK1614, F1000-AK9110, F1000-AK9210 |
No |
|
Firewall modules |
IM-NGFWX-IV, LSPM6FWD, LSPM6FWDB, LSQM1FWDSC0, LSQM2FWDSC0, LSU3FWCEA0, LSUM1FWCEAB0, LSUM1FWDEC0, LSWM1FWD0, LSX1FWCEA1, LSXM1FWDF1 |
No |
|
vFW series |
vFW1000, vFW2000 |
Yes |
Registering and installing a license
License registration and installation workflow
The procedures for registering and installing formal licenses and trial licenses are the same, as shown in Figure 4.
This chapter only describes the license client configuration. For more information about the complete procedures, see the licensing guide for the device.
Figure 4 License registration and installation workflow
Configuring a license client
About this task
In remote licensing, licenses are installed on the license server and are assigned to a requesting license client.
Restrictions and guidelines
You can uninstall a license on a license client whether the license has expired or not. After a license is uninstalled and released from the license client, the license server withdraws the license. The withdrawn license can be assigned to other requesting license clients if the license is within the validity period.
Each virtual device comes with a trial license that allows 256 vCPUs free for 180 days. The trial period starts when the virtual device is created. To ensure service continuity, execute the license client install standard command to apply for a formal license from the license server and install it before the trial period expires.
Choose a proper formal license to match the virtual device requirement. The number of licensed vCPUs must be equal to or greater than the vCPU upper limit supported by the virtual device. The upper limit is defined when the virtual device is created. For example, for a virtual device supporting a maximum of 5 vCPUs, an 8-vCPU license will be appropriate.
By default, a virtual device allows 8191 L3VPNs. The installation of a vCPU license does not affect this number count, but an l3vpn-advance license does. To license more than 8 vCPUs, you need to install the l3vpn-advance license. After installation, the number of allowed vCPUs is increased to 256 but the number of licensed L3VPNs is decreased to 240. In this case, you can use either of or both the following methods to increase the number of L3VPNs allowed on the virtual device:
· Remote licensing—Execute the license client install feature l3vpn-50 count l3vpn-count command to apply for l3vpn-50 licenses from the license server. The number of L3VPNs on the virtual device will be accumulated.
· Local licensing—Install the L3VPN advance licenses and L3VPN-50 licenses on the virtual device.
The number of licensed L3VPNs cannot exceed the L3VPN upper limit supported by the device.
Each virtual device supports only one standard license. If you apply for a new standard license on the device where a standard license has been installed, the license client will first uninstall the existing license and release it, and then apply for the new license.
Before applying for a standard license, make sure the license client and license server are reachable to each other, and the requested license exists on the license server.
After a license is uninstalled and released, the license server withdraws the license. The withdrawn license can be used on other virtual devices within the validity period.
Specifying the license server information
1. Enter system view.
system-view
2. Specify the IP address and port number of the license server.
license server { ipv4 ipv4-address | ipv6 ipv6-address } port port-number [ vpn-instance vpn-instance-name ]
By default, no license server information is specified on the license client.
You can specify a maximum of four license servers on the license client. Each license server is uniquely identified by the combination of an IPv4 address and a port number.
When the upper limit is reached, you cannot specify new license servers unless you delete existing license server settings.
As a best practice, make sure only one license server is reachable. If multiple license servers are reachable, the license client selects the first license server with which the client establishes a connection.
To modify license server settings after the license client is enabled, disable the license client first.
3. Specify the username and password for the license client to access the license server.
license client username username password { cipher | simple } password
By default, no username or password is specified on the license client.
Make sure the specified username and password on the license client are the same as those configured on the license server.
Enabling the license client
1. Enter system view.
system-view
2. Enable the license client.
license-client enable
By default, the license client is disabled, and the device cannot get licenses from the license server.
Applying for and installing a license
1. Enter system view.
system-view
2. Apply for a standard license from the license server and install it.
license client install standard { 1cpu | 1vcpu-1year | 1vcpu-3year | 1vcpu- permanent | 2cpu | 256cpu-permanent | 256vcpu-permanent | 4cpu | 4vcpu-1year | 4vcpu-3year | 4vcpu-permanent | 8vcpu-1year | 8vcpu-3year | 8vcpu-permanent | common-1year | common-permanent | l3vpn-advance | license-type }
3. Apply for the specified number of vLNS licenses from the license server and install them.
license client install feature { bras-4vcpu | bras-8vcpu | dpi-1year | ipsec-acc-2g | l3vpn-50 count l3vpn-count | sslvpn-100 count count | sslvpn-1000 count count | sslvpn-25 count count | sslvpn-500 count count | threat-intelligence-1year | threat-intelligence-3year | url-filter-1year | url-filter-3year | waf-1year | waf-3year }
Display and maintenance commands for license client
Execute display commands in any view.
|
Task |
Command |
|
Display the license client configuration and the obtained license information on the license client. |
display license client slot slot-number |
