2-12
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 2 Preparing Devices for Management
Configuring Licenses on Cisco IOS Devices
Manager determines the state of the Failover license and sets the property appropriately. You are
responsible for ensuring that the property remains accurate. You will see deployment failures if the
property is selected but the device has an inactive Failover license.
Tip If you add the device using the New Device or Configuration File options, you can set the License
Supports Failover property while adding the device instead of waiting to set it in the device properties.
Configuring Licenses on Cisco IOS Devices
Devices that run Cisco IOS Software require license files for various features, including security
features. If these licenses are not installed on the device (such as the securityk9 package), Security
Manager cannot configure commands that require a particular license level, and you will experience
deployment failures when you try to deploy your policies to an unlicensed device.
Although you can use Security Manager to deploy and manage IPS licenses, you cannot use it to deploy
and manage any other type of license. Configure these licenses directly on the device using the command
line interface or use Cisco License Manager. Following is the general process for configuring licenses.
For more information about configuring licenses, see Cisco IOS Software Activation Command Guide
and Cisco IOS Software Activation Command Reference on Cisco.com.
1. Obtain the licenses required for the features you want to use or you can use the evaluation licenses
that come bundled with some devices. Use the show license all command to view the available
licenses.
2. Copy the purchased licenses to the flash storage on the device or put them on a TFTP server. For
example, you could place the licenses on a TFTP server and use the copy tftp flash0: command to
copy the files to the flash0 storage area.
3. Use the license install command to install each purchased license. For example:
license install flash0:uc-base-CISCO2951-FHH1216P06Z.xml
Some licenses prompt you to read and accept a license agreement.
If you want to use an evaluation license, use the license boot command to enable them and then
reload the device. You must accept the end-user license agreement before Security Manager can
deploy configurations to the device.
4. You can use the show version, show license feature, and show license all commands to check on
your installed licenses.
Initializing IPS Devices
To initialize an IPS device, you must configure the following settings. These are network settings, and
only a user with administrator privileges on the IPS device can configure them:
Sensor name
IP address
Netmask
Default route
Enable TLS/SSL (to enable TLS/SSL in the web server on the device)