Without telling their customers, networking hardware manufacturer Cisco has drastically changed the way it sells products.
Update: A previous version of this article stated that units with Smart Licensing would cease to function without a valid license. After further review, we’ve determined that this is not necessarily the case—Cisco’s documentation is vague and goes out of its way not to say what happens. We haven’t tested this ourselves, we don’t know what will happen until we see some instances of these licenses expiring in the wild. We’ve removed that sentence, clarified some other points, and rephrased our concerns about the way this new licensing system works.
Not-So-Smart Licensing
Cisco’s new Smart Licensing System was introduced in 2014, but started becoming mandatory with the IOS XE 16.9 update in October, which brought Smart Licensing to Cisco’s Catalyst 3650, 3850, and 9000 series switches. Cisco claims this allows for easier, more flexible management of hardware licenses—but it also gives Cisco more control over hardware you’ve purchased.
Before Smart Licensing, switches were largely a set it and forget it deployment—you bought a piece of hardware along with a license to use the software on it. If you sold that hardware, the license went with it. Third-party companies could help you maintain your equipment when you ran into problems, even if the manufacturer had deemed the product End of Life for first-party support.
Smart Licensing works differently. Companies can acquire a pool of licenses for their account, which are shared automatically among devices they’ve deployed. Those devices phone home to Cisco regularly for validation, and if they aren’t able to do so will go back to “Evaluation Mode” after one year. (Cisco has alternative methods for validating devices in air gapped networks, but they still require regular validation in some form.) Evaluation Mode doesn’t contain any strict functionality limitations on most devices, but it’s unclear what happens after the evaluation expires.
More importantly, since the license resides on Cisco’s servers, and “Cisco will be in charge of whether the unit works or not,” explains Todd Bone, founder and president of XS International, a third-party IT maintenance company. They could change their minds later on and limit your ability to use hardware you thought you owned. XSi isn’t the only company expressing their concerns—third party maintainer Curvature hosted a webinar walking their customers through the problems with this approach.
The End of Ownership
Since these devices are tied to the original purchaser’s account, it has potential ramifications for buying and selling used hardware. “This will dramatically change the ability to buy used or refurbished Cisco hardware that run smart licensing because the original end user only owns the hardware, not its usage,” explains Bone. If you’re trying to sell a unit that is regularly showing alerts about its unlicensed status, it may drive potential buyers away. They could re-purchase and re-certify the license with Cisco, but—according to Curvature—that could cost enough to negate whatever savings you get from buying pre-owned hardware.
Ultimately, we’ll need to wait and see what effect this actually has on the used market. But by enabling smart licensing, you’re putting more control in Cisco’s hands, giving them the ability to make bigger sweeping changes down the line.
Furthermore, this could limit your ability to get service from third-party companies when a product reaches end-of-support with Cisco. “It’s not clear if the owners of Cisco hardware will continue to have entitlements outside a SMARTnet contract,” says Bone. “Cisco may cut access to their entitlement servers for units they don’t support.” Coupled with a decline in the used market, that could lead to more Cisco e-waste in landfills.
Bone says he’s afraid most Cisco customers don’t realize what they’re giving up when they “upgrade” to Smart Licensing, since Cisco has been evasive on clarifying the matter. (The audience of Curvature’s webinar would support this fear, since many were unaware about some of the changes imposed by the new system.) So many folks will update and unintentionally give up that control.
If you can’t fix it, you don’t own it. And with these changes, Cisco has taken a step toward stripping crucial rights away from their customers. This is exactly why Right to Repair is so important, so make your voice heard to your legislators. And if you’re a Cisco customer, make sure you reach out and complain directly to Cisco, too.
Title photo by Johannes Weber/Flickr.
32 件のコメント
This will Mark the end of CISCO use in at least four companies that I maintain. As well as my work place which is a government contractor we can't use subscriber based solutions.
BKG - 返信
I can’t recommend Cisco to any of my customers moving forward. It is a shame, I have installed so many Cisco switches and firewalls over the years.
Joe Corea - 返信
I would think this would make Cisco switches a no-go for secure networks or off internet networks.
Tim Dingus - 返信
They have a standalone server that airgapped networks can use. You can burn a license file to disc, import it into the server, and the switches will license from that server.
Michael Christiansen -
It's why I went with Ubiquiti for my home lab and recommend Ubiquiti over Cisco in most cases. Unless you're a large organization that can afford Cisco licensing, EOL upgrades, and is better served by a CCNA the saying “no one ever got fired for recommending Cisco” should be dead…
David Barone - 返信
I just finished the CCNA…what then, do you recommend?
Mark N -
Our company is in the beginning stages of replacing our aging Cisco hardware we purchased from Curvature years ago. Looks like we can take Cisco off the list of contenders. One less quote to look at.
James Wood - 返信
Are we overlooking the BIGGEST problem here? If it needs to phone home to Cisco, what about in organizations that heavily restrict outbound communication? I block all phone-home traffic on my networks, data and ipmi. That would mean within one year of deploying this switch update, my switches would become eval units? Cisco is garbage. Arista in the Enterprise, mikrotik or ubiquity for the home.
Evan Richardson - 返信
Simple, they have an on prem server too that you can use. I'd rather Juniper than Arista any day
Fred Smith -
Also, how's that third party optic license fee you have to pay and ask them for to use other optics working out for you with Arista?
Fred Smith -
Funny how all this is due to greed and profits and will have the exact opposite effect. RIP Cisco
Mike Stebih - 返信
Meraki, and many other cloud managed solutions have similar setups. This isn't new really
Fred Smith - 返信
Looks like cisco is trying to close its stake in market without compitator.
Manjunath S Chickmath - 返信
Move to Ubiquiti and let those aholes eat their %#*@ licenses. Starting to tell all the people I work with DUMP Cisco, I like Ubiquiti, have created like 16 networks so far for different clients, and no drama license here. Later Cisco
Ricardo - 返信
Totally agree with all comments this cisco subscriptions will kill tons of places of work… sadly
But good thing is that there are alternatives so we just need to start to recommend as engineers!!!
Eduardo Ramirez - 返信
This is why I like Aruba. Wired and wireless can work without a license. If you buy a cloud license it is just for cloud management. If the license lapses or you decide you don't want it you just lose the cloud management and you still own the hardware and can use it by managing locally.
Wir3d - 返信
I am an IT consultant who generally recommends and installs non-Cisco network hardware. On a few occasions, I've recommended refurbished Cisco hardware, but I will steer clear of any Cisco recommendations going forward.
Would you buy that shiny new 2020 Cisco vehicle that stops running if you don't renew a software license for the engine control module or body control module? Absolutely ridiculous.
#HowToDestroyYourCompany
SayNo2Cisco - 返信
Smart licensing is great. No more finding license files/keys and no issues moving licenses.
A lot of incorrect info in this blog post. I recommend everyone interested to read the official docs on the subject yourself and don't take this blog or even MSPs word
ppe1700 - 返信
What should you do if the switch is to be used in a network which cannot possibly be connected to the outside, not even via NAT, due to security or other policies? That precludes any possibility to validate the license.
Paul-Stelian Olaru -
There is another HUGE problem: what about switches used in private networks with no access to the public Internet? I'm willing to bet that at least some customers actually need that. Do you really have to set up another VLAN so that the switches have access to the license validation servers? That's &&^&@@ up.
Paul-Stelian Olaru - 返信
Cisco is on its way down with such monopolistic policies. Good we will get a new fresh face in networking.
Savio Varghese - 返信
Bullshit, gee ebay a few Cisco boxes for CCENT , @HOME now an arm and a leg…
mike - 返信
I have no comment for Cisco other than pick a finger. Do your talking with your wallet.
tyronzn - 返信
a few things to point out……1) the newer switches have a default/perpetual license (Essentials or Advantage) that are perpetual (forever) and do not lose functionality if you don’t phone home. After a period of time, it rolls to an eval mode and works just fine. 2) Once you go to 16.9 or higher, Cisco has set up a smart account that allows you to add/manage licenses/paks (relatively easy to set up). 3) Cisco is pushing hard with the DNA stuff / subscription model, and yes, those do require a 3 YR, 5YR, etc subscription to enable those DNA features. Yes, those DNA features require phone home (direct internet connection or proxy server). Lots of opinions about this (not weighing in) but important to clarify a bit.
Mike M. - 返信
From an IT Asset Disposition company that promotes reuse over recycle, this actually ends up being a double whammy for the end customer, as the proceeds generated from reselling end of life Cisco products to other clients around the globe enables ITAD/eWaste companies to offset the expense of ethical recycling on their other IT items. Without this revenue stream not only is the customer paying more in a subscription licensing scheme on the front end they will also now have to pay higher recycling charges to dispose of these Cisco items rather than offset their other expenses. Support the Right to Repair legislation as ownership of the asset and original use should not be compromised for one companies corporate greed.
corp1976 - 返信
Agree - Right to Repair Legislation is good for all consumers and something that we should be actively supporting. In regards to Cisco, what would keep an end-user from selling/trading in their older gear under this new model? The operating system continues to be default/perpetual as it always has been (naming has changed from LAN/IPBase/IPServices to Essentials/Advantage) and resides on the box regardless of phone home and has nothing to do with the DNA Subscription portion of this conversation (most clients aren’t using Cisco DNA anyway). Love the idea of being able to recycle and re-use and just hoping to understand a bit more from your perspective.
Mike M. -
We are running almost 700 cisco devices ( 65xx,2960x,45xx,38xx etc.) at oure side(s)…..
We are working in a restricted enviroment,
Until now, I had no plans, to give all devices Access to the Internet and I will not change my mind.
I think it’s time to take a look, what else is out there …..
Andreas Kneiseler - 返信
Andreas - this article is being trashed by those with some actual knowledge of the topic -
https://www.reddit.com/r/sysadmin/commen...
You can read my above comment for more detail but even under the new licensing model, your base (Essentials or Advantage) perpetual license will not lose functionality if it does not phone home. Unfortunately, this article is just poorly written with information that is simply not accurate. Again, not trying to take a side here - just trying to provide accurate information on a very muddy licensing model.
Mike M. -
Cisco will be shooting in the foot (as they say in Portuguese ... for decisions that will lead to failure). It is true that Cisco has been losing the market to competitors such as Juniper and mainly Huawey among others .. With such a decision the leasing markets will be closed to her, because in the return of the equipment can not get anything back and will have We have to bear the costs for (environmentally friendly) final destination and also companies will think twice about buying Cisco because it will also have to destroy the product. While Huawey comes in the opposite direction, offering increasingly low prices and facilities to end users ...
Sergio Torres - 返信
This does not feel if it is a benefit for the customer but it feels it is a benefit for Cisco , this will limit the non cisco authorized refurbisched market.
It is like you are not allowed to sell your car to a regular (non official) car dealer with all the car firmware and build in navigation software and maps installed. I buy the hardware and i want to buy the OS and i want to use my product as long as i want, and that exceeds the Cisco EOS product announcement date.
Sint Maarten - 返信
I work at the tip, we are seeing a lot of Cisco hardware, and I can't even give it away.
tipshop computers - 返信
This isn't even the case. You can't buy the Network Essentials or Advantage as a spare licence officially.
The only option might be to get the Network Feature licence through the Software Relicensing Program, but I've never heard of anyone taking advantage of that, on the other hand it's probably so expensive that then the whole purchase of the used hardware isn't worth it.
Huaw Ein - 返信