I am installing a security license on Cisco 2911 Router for the first time. It already has a temporary license installed on it which is expiring soon. Cisco has already mailed me the procedure for installation. I want to know if i need to uninstall the previous license before installing the new one. View 2 Replies Similar Messages. This tutorial explains how add, install, import or mount Cisco IOS in GNS3 step by step with practical examples. In order to use any Cisco device such as router and switch in GNS3, we must have to install that device’s IOS first. Learn how to install, configure and use Cisco IOS in GNS3 in detail. This is a step by step using Cisco documentation on how to setup and configure the HTTP interface to manage the Cisco 2911 router - of course there are thing. At the Cisco Product License Registration Portal, provide the UDI and the PAK. Download the license file. Copy the license file to the router/switch. Install the license on the router/switch. Cisco Manuals; Network Router; 2911; Cisco 2911 Manuals Manuals and User Guides for Cisco 2911. We have 5 Cisco 2911 manuals available for free PDF download: Configuration Manual, Installation Manual, Datasheet, Manual.

The Cisco licenses play an important role in Cisco hardware upgrading, the HSEC-K9 license and the SEC-K9 license, the two Cisco license are designed for Cisco ISR G2 routers. Both are for Cisco ISR G2. May be you wanna know that the difference between SEC-K9 license and HSEC-k9 license?

What’s the main difference between SEC-K9 and HSEC-k9 license?

The HSEC-K9 license removes the curtailment enforced by the U.S. government export restrictions on the encrypted tunnel count and encrypted throughput. HSEC-K9 is available only on the Cisco 2921, Cisco 2951, Cisco 3925, Cisco 3945, Cisco 3925E, and Cisco 3945E. With the HSEC-K9 license, the ISRG2 router can go over the curtailment limit of 225 tunnels maximum for IP Security (IPsec) and encrypted throughput of 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. The Cisco 1941, Cisco 2901, and Cisco 2911 already have maximum encryption capacities within export limits.

The HSEC license and curtailment was introduced in the Cisco IOS Software Release 15.0(1)M1 and will be enforced on all images following that release.

Designed to comply with both local and U.S. export requirements for global distribution to all countries, the SEC-K9 license enables standard encryption (VPN payload and secure voice) on the ISR G2 platforms. This license enforces a curtailment on the maximum number of encrypted tunnels and the maximum encrypted throughput on the ISR G2 platforms. The SEC-K9 license limits the number of concurrent encrypted sessions and maximum encrypted throughput per device. This limit helps ensure that the ISR G2 complies with U. S. government export restrictions regardless of the final destination country.

If you purchase a Cisco ISR G2 chassis and later decide to turn on security features, you must buy a SEC-K9 license. The administrator must download the license to the router and follow the license installation instructions that come with the license to be able to use the security features on the router.

The SEC-K9 permanent licenses apply to the Cisco 1900, 2900, and 3900 ISR G2 platforms; these licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions.

The SEC-K9 license limits encrypted throughput to less than or equal to 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. This requirement applies for the Cisco 1900, 2900, and 3900 ISR G2 platforms.

All threat defense and VPN features that are supported on the Cisco ISR G2 routers are functionally available for configuration with the SEC-K9. The image that includes this license is the universal-k9 image. For example, the Cisco IOS release version is c3900-universalk9-mz.SPA.150-1.M1.

To order the licenses as spares, you need the output of the following command-line interface (CLI) command: show license udi, shown at the end of this section. You must enter the product ID (PID) and the serial number into the tool to complete the order. This information makes the license unique for a particular router, and the license is not transferrable between routers.

The command output follows:

3925-perf#sh license udi

Device# PID SN UDI

—————————————————————————–

*0 C3900-SPE100/K9 FOC133037J9 C3900-SPE100/K9:FOC133037J9

For more information about software license activation on the ISR G2 platforms, please visit: https://www.cisco.com/en/US/docs/routers/access/sw_activation/SA_on_ISR.html

You can order the HSEC-k9 license from the Cisco.com website for the Cisco 2900, 3900 ISR G2 , 3925E and 3945E platforms. You can order the HSEC license as a spare for e-delivery.

After you complete the ordering, the license is delivered as an attachment in an email message. The attachment has a “.lic” suffix. For example, FOC133037J9_20100322212822257.lic is a license file generated for a specific ISR G2 router.

You should perform all of the following steps on a Windows PC or laptop. Using an Apple Macintosh has been found to cause problems with loading and installation of the license on the router.

The email containing the license file also contains instructions to load and install the HSEC-k9 license on the ISR G2 router. Please follow the instructions carefully.

To begin with, the ISR G2 router should have a SEC-K9 security feature license that has already been installed on the router. If the router does not have a SEC-K9 license installed, you can purchase the license as a spare using the ordering tool from the Cisco.com website.

More rules for ordering and stocking the ISR G2 HSEC-K9 license, you can read the Q&A for Cisco ISR G2 SEC and HSEC Licensing-Export Control Part.https://www.cisco.com/c/dam/en/us/products/collateral/routers/3900-series-integrated-services-routers-isr/qa_c67_606268.pdf

More examples that are related to Cisco 2900 router license will share here

Q1: We have installed a 60 day license for the security k9. The Cisco 2900 router we got. And we are trying to set up a client to site vpn on this and it still does not recognize the ipsec and isakmp commands. Is there a command I need to do to now enable ipsec and isakmp?

For the above problem, make sure your Cisco 2900 took the license, issue ‘show license’ and verify. Show license shows that it is in there and active. I rebooted and it still throws an error whenever i issue crypto ipsec or crypto isakmp

Here is your problem: from “show license”

License State: Active, Not in Use, EULA accepted
“not in use” is the key. Try using “license modify priority securityk9 high” or the config command “license boot module c2900 tech securityk9” to make this feature in use, rather than not in use.

Q2: We know the ISR2 series included VPN hardware acceleration but there is a “HSEC” which included an “advanced” encryption card. We are just trying to get my head around it. Is the HSEC bundle really needed over the standard SEC bundle? Now we need to support a 50meg Internet connection with 4 Site-to-Site VPNs and use of the firewall, NAT and QOS on each router. We are looking at the Cisco2921-SEC/K9 bundle. Does this sound about right?

Ahem, if your internet link is 50mb, then a 2921 (non-HSEC) can handle the encryption/decryption. The standard SEC license comes with a software-based rate limiter of 85 Mbps each way. If the protocol does not handle loss/retransmissions very well, throughput can easily plummet. Testing in a lab environment with two Cisco 2921s, I saw speeds drop to 25 Mbps.

Also info on the HSEC license can be found here in regards to what it is and what t does for you. It allows for addition through for encrypted traffic NASA higher number of VPN tunnels.

More Related Cisco License Topics

Cisco :: Installation PI1.2 Basic License With LMS4.0 License For 100 Devices

I’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other.
- I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit.
- So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?

Cisco WAN :: IP Base And Unified Communication License In 2921

How to install IP base liecense and Unified communication liecense in 2921 router?

Cisco AAA/Identity/Nac :: ACS 5.2 License File Installation Failed

have a ACS 5.2 version installed on Vmware . I purchased below liscense
Product Name : L-CSACS-5-LRG-LIC=
Product Description : L-CSACS-5-LRG-LIC= : ACS 5 Large Deployment License (Electronic Delivery)
When i am trying to upgrade the liscense i am getting an Error ' Liscense file installation failed : The liscense file must contain single base liscense '

Cisco Application :: ACE 4710 License Installation Failed With No Space Left On Device

The installation of an ACE-4710 throughput upgrade license licence (ACE-AP-02-UP1) failed with an error message :CH01AC03/Admin# license install disk0:ACE20111213081741975.lic.Installing license... failed: No space left on device. [code]

Cisco Switching/Routing :: 3845 - License Installation Failed With Error / XML Parsing Failed

I am having Cisco 3845 series router with c3900-universalk9-mz.SPA.151-4.M2.bin IOS . I want to install new Licence on it for DATA. When i am trying to install licence on it i am facing the error '% Error: License installation failed with error: XML parsing failed'.

Cisco Firewall :: Difference Of VPN Plus License And Security Plus License ASA 5520

What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.

Cisco WAN :: Router 2921 Enough For BGP?

I need a router to connect to our ISP by BGP and in a future to a second ISP. Our ISP is going to provide us about 300.000 route entries by BGP. So router 2921 would be enough??? or should i go to a higher model?We are going to have 100Mbps with this ISP and probably in 3 months we'll have to double it. Also we'll need IPv6 support.I saw router performance install-license-cisco-2911-router.htmlf and it's has 480.000 PPS and 245 Mbps but for 64 bytes lenght packages. If the packets are bigger the throughput should be best I suppose... 1500 bytes about 5,5 Gbps. In the case you consider the model is sufficient, the flash or RAM should be increased?

Cisco WAN :: GRE Tunnels On 2921 Router

Is there a recommended number of GRE tunnels that Cisco 2921 ISR router with default configuration (512MB DDR2 ECC DRAM) can support?

Cisco WAN :: Multicast To Unicast Through 2921 Router

We recently acquire a cisco 2921/K9 router to interface 2 networks
Network 1 : 169.254.XXX.XXX/16 on GigabitEthernet0/0 interface
Network 2 : 192.168.1.XXX/24 on GigabitEthernet0/1 interface
On the network 1 side there is a multicast source (169.254.200.200 destination : 225.0.0.1) on the network 2 side there is 1 receiver which is not multicast capable(old) but i want it to receive the multicast stream for the moment we configure the ip multicast-routing and each interface each interface with ip pim sparse-dense-mode then configure the GigabitEthernet0/1 in order to join the multicast group (using ip igmp static-group 225.0.0.1) and wireshark confirm that the multicast stream on the network 2 side from 169.254.200.200 -> 225.0.0.1 of course the receiver don't the stream, but if i force a 'multicast to unicast' process inside the router it shall be ok.. after many hour of internet browsing i found 2 solution :
- NAT, install-license-cisco-2911-router.html
- multicast service reflection (Cisco documentation)
The NAT example don't work ,what is the best way to do this task.

Cisco :: Configure Router 2921 For Snmp V3?

I need to configure cisco router 2921 for snmp v3,

Cisco WAN :: Firewall Setup On 2921 Router?

I just purchased thie Cisco 2921 router and have all the configuration completed except the Firewall and NAT. We have 4 supnets at our location on the router each with a DHCP handed from the router to our network. Any examples for the Firewall and Nat configurations?

Cisco WAN :: RPS 2300 Not Backing Router 2921

We have a 2300 RPS with single 1150WAC power supply (C3K-PWR-1150WAC) which is connected to one 2921 Router. But it is not backing the rotuer.
Router 2921 running IOS
c2900-universalk9-mz.SPA.152-2.T1.bin
I am getting the following logs:
*** External Redundant Power Supply is present, but type is unknown or not supported.***
%ENVMON-1-POWER_WARNING: : RPS Online Insertion and Removal is not supported.
Do we required any configuration to be done on Router end.
Note: The RPS is backing 2960 Switch.

Cisco WAN :: Router 2921 With Ethernet Switch

I contact you due that I’m currently configuring a Router Cisco 2921 with an Etherswitch module. The specific inventory of Router Cisco 2921 is:
Router#show inventory,NAME: 'CISCO2921/K9 chassis', DESCR: 'CISCO2921/K9 chassis'
PID: CISCO2921/K9 , VID: V06 , SN: XXXXXXXXXXX
NAME: 'High Speed WAN Interface Card - 1 Port Gigabit Ethernet on Slot 0 SubSlot 0', DESCR: 'High Speed WAN Interface Card - 1 Port Gigabit Ethernet'
PID: HWIC-1GE-SFP , VID: V01 , SN: XXXXXXXXXXX'
[Code]....

Cisco WAN :: 2921 Router - Configuration Required As NAT / PAT Gateway

I have a Cisco 2921 Router,with 3 giga interfacesi have a leased line for the internet with a public ip address and i want to configure this router as NAT /PAT gateway, so that users in my network can ue the internet by the router,my wan interface is g0/0 - ip 122.xx.xx.xx lan is g 0/1 -- 192.168.1.1 /24 . i have tried doing nat once but i was not able to make the wan port up.using cisco CP when i test the interface it givves error and i dont get internet to my users.

Cisco VPN :: PPTP Between Windows Clients And 2921 Router

I have a trouble with PPTP VPN between Windows clients and Cisco 2921 router with RADIUS (IAS) authorization. When I try to connect to Cisco 2921 from Windows 7 using MS-CHAP v2 I receive error 778: it was not possible to verify the identity of server . Then I use PAP - everythig is OK. On Windows XP the same situation.
Cisco config:
version 15.0
service timestamps debug datetime msec
[Code].....

Cisco WAN :: 2921 Router Not Detecting EHWIC-1GE-SFP-CU Card

I just got a brand new Cisco 2951 router that has built-in 3 gigabit interfaces cards. We want to add additonal 2 GE EHWIC-1GE-SFP-CU card to it. When it booted up and type show inventory, it did not detect the presence of the card. There was light on at the back of it. I have checked the compatibility on Cisco. The card is compatible with this router. Do we have to install the card with special instructions in order for the router to see it?

Cisco WAN :: VWIC2-1MFT-G703 In 2921 Router

I have installed a VWIC2-1MFT-G703 module into cisco 2921 router, I can verify the card by show inventory command. but in show run, I do not see the E1 controller card there. this card is used for TPG lease line for data only. Those card is compatible with new 2921 router? or need some extra command to bring it up?

Cisco VPN :: Create VPN Tunnel Between ASA5520 And 2921 Router

I am getting the following errow message while trying to create a VPN tunnel between an ASA5520 and a 2921 router. [code]

Cisco WAN :: 2921 Router For Both MPLS And Internet Connection

i m planning to use the 2921 router for both mpls and internet connection , to 2 different isp also am planning to use bgp with a public providor independant
i m planning to buy sla for the mpls link

Cisco WAN :: Unable To Recover Password For 2921 Router

I have one new cisco 2921 router but after first login into the new router . I have made some configuration but forget to change the default password . Now i am unable to login into the router after first log off but iam not able to recover password because the router don't have any external flash memory.

Linksys Wireless Router :: E1000 Router Come With Default Security Setting Upon Installation Using Supplied CD?

Does the E1000 router come with a default security setting upon installation using the supplied CD?

Cisco :: Router 2921 Base Load Supports Natting

If Cisco Router 2921 base load supports NAtting? I am looking to order a Router and want to make sure the new 2900 routers support Natting.

Cisco VPN :: Configuring IPSec VPN Tunnel ISR 2921 Router With Watchguard?

I am configuring a vpn ipsec tunnel with cisco isr 2921 router and Watchguard edge 1250e. I have the watchguard configured so I just need to make sure I have everything setup on the cisco side. At this point, there is no communication as I am not sure if I configured it correctly. Should I do the crypto map on g 0/0 or dialer 1?
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
[code]......

Cisco Switching/Routing :: 2921 Multiple Netflows From Same Router

Cisco 2911 Router Manual

What I’m looking to do is setup a net-flow monitor for traffic going across a PIX firewall. I know unfortunately I can’t do this directly from the PIX because it does not support net-flow.
I do have a 2921 router on the same network that I have net-flow enabled to monitor traffic across the MPLS Connection.
Since the traffic for the MPLS is going out a direct interface I have applied the IP Flow egress/ingress commands to that interface to obtain the net-flow data I need. The PIX firewall however is not a direct interface so this can’t be done. I have done a little reading and believe I could use a policy map to create a “filter” so that any traffic that meets the ACL associated with the Policy-Map would get sent to net-flow monitor.
My question is how do I set that up so that so I can have the two net-flow data “streams/sources” go to separate net-flow ports so that I can monitor them independently of each other or is that not possible?
Both devices are connected to a 3750X switch; however neither is connected to a 10GB port. To my understanding that means I can’t run net-flow on the switch itself.

Cisco WAN :: 2921 - Connect 2 ISP Links Into One Gigabit-interface On Router?

I want to connect 2 ISP links into one Gigabit-interface on my Router 2921, can any one tell me how to do that ? sub-interface creation is not possible on cisco 2921

Cisco WAN :: Service Module Installation In 3845 Router?

Is there any risk to install an HWIC-2FE card into a production 3845 router while it is in a powered up state? Is it recommended to power it down first, then install it?

Get A Installation Disk For D-link Model Dir-601 Router?

How do I install or get a installation disk for D-link model dir-601 Router

Rosewill RNX EasyN4 Router / Cannot Find Installation CD

I am planning to set to my new house a secure network with Cisco firewall. I have practically no experience with firewalls and specially no with ASA programming. Still I have quite a clear picture what the system will look like. But when I first opened the ADSM screen I was freaked out about the amount of selections to be made. I cannot even figure out where I shoud start from! I am afraid that even thou I am very good with computers, it will take years to get understand all this data not to mention of configuring the device.
At the moment the situation is as follows:
- Firewall is set as factory default and it cannot not get to internet. I can't figure out what is blocking the traffic out. Logs does not work.
- Cable modem router has DHCP, NAT and SPI firewall ON.
- Outside has line/link up and IP is DHCP configured, but no traffic.
- 5505s' DHCP is now off but tested and working
- No VPN tunnels built (never built one and don't know how to do it)
- No extra routes / rules / profiles / policies etc. done. All is at default/auto status.

Linksys Wireless Router :: Get Installation CD For WRT54GX2?

How can I get a installation CD for a WRT54GX2 Wireless router? Can you download from internet?

Cisco Switching/Routing :: 2921 - How To Access Router From Internet Using Public IP

the cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.

Install License Cisco 2911 Router Setup

Cisco Switching/Routing :: Bandwidth Shaping Two Links With 2921 Router

I have 2 links to 2 different departments switch with an up link of 10mb. I want to guarantee that both departments get at least 5mb, but can use part of the other 5mb that not in use. Is this possible?

Cisco 2911 Router Configuration Guide

Cisco Wireless :: Setup To 2921 Router Connected To Cable Modem

Cisco Router 2911 Images

I have one interface setup to a Cisco 2921 router connected to a Cable modem.DHCP is on the 2921.when I connect to the ssid for my guest i'm redirected to the authentification portal 1.1.1.1 .i'm putting valide credential and when pressing the submit button .. it just go anywhere.
I have setup another SSID with a psk and it's working fine.. getting ip and able to browse internet.From what i have read... it's apparently DNS issue on my router.. but what should I check.