Home > Articles > Cisco > CCNP Security

  • Print
  • + Share This
This chapter is from the book

Software Licensing and Activation Keys

The PIX firewall licensing is unique compared to some of Cisco's other products. PIX licensing usually doesn't require the installation of new software, unlike licensing for Cisco routers. The PIX uses activation keys to enable extra features such as adding more RAM, failover, extra interface cards, and so on. Activation keys are acquired by sending Cisco your serial number and the feature you want enabled (oh, and don't forget the cash, too!). Cisco then sends you a unique activation key computed from both the hardware serial number and the required new feature. Because the activation key is unique to each feature, you must get a new activation key if you replace your flash.

Displaying activation key information is straightforward. By using the show version command, you can display information such as the software version, hardware platform, enabled licensed features, serial number, and running activation key. Listing 3.1 displays the show version command and its output.

Listing 3.1 The show version Command

Pixfirewall# show version

Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.1(1)
Compiled on Fri 07-Jun-02 17:49 by morlee
pixfirewall up 16 days 21 hours
Hardware:  PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 000c.3085.5640, irq 9
1: ethernet1: address is 000c.3085.5641, irq 10
Licensed Features:
Failover:      Disabled
VPN-DES:      Enabled
VPN-3DES:      Disabled
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards:       Enabled
URL-filtering:   Enabled
Inside Hosts:    10
Throughput:     Limited
IKE peers:     5

Serial Number: 807082785 (0x301b1b21)
Running Activation Key: 0x2d284af1 0xd032aa26 0x38b7db1f 0x70cfa8ee
Configuration last modified by enable_15 at 09:57:56.047 UTC Sun Mar 30 2003

The show activation-key command shows information about the activation key. Listing 3.2 displays the output of this command.

Listing 3.2 The show activation-key Command

pixfirewall# show activation-key
Serial Number: 807082785 (0x301b1b21)
Running Activation Key: 0x2d284af1 0xd032aa26 0x38b7db1f 0x70cfa8ee
Licensed Features:
Failover:      Disabled
VPN-DES:      Enabled
VPN-3DES:      Disabled
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards:       Enabled
URL-filtering:   Enabled
Inside Hosts:    10
Throughput:     Limited
IKE peers:     5

Updating the activation keys on the latest software release is a simple process. After you have received your new activation key from Cisco, you can use the activation-key command, like so:

activation-key <activation-key-four-tuple>

Here's another example of the activation-key command in use:

Pixfirewall(config)# activation-key 2d284af1 d032aa26 38b7db1f 70cfa8ee
  • + Share This
  • 🔖 Save To Your Account