The future of Cisco IOS images
We had a brief by our onsite Cisco Engineer (yes we spend so much money Cisco give us a pre/post sales guy to assist)
He was talking about the new 3560/3750-E series. while they look like an impressive product, the worrying thing that struck out was that he confirmed that the images for these devices will require an activation key. Moving away from the old system of download an image on and TFTP it on the switch.
These every switch has the full feature set but each stage is released using an activation key which is tied to individual serial number.
What he also did say was that people buying routers and swtiches from ebay beware, its actually illegal to transfer a software image even if its on a device. Officially if you buy a switch say from ebay you should delete the image, then the purchase the relevant key from Cisco.
The new Key activation software will use a 'Free' key management server provided by Cisco.
The logistics for work is going to be a nightmare! getting activation keys for all our switches across our 3000+ sites!
Also before a 6500 IOS image with certain feature sets would be a resonable size, now you will need the whole size image meaning you need the bigger flash....you can see where this is going
Also E seems to be the theme for the future all new annoucnments have E in them, like the sup 1440-E.
Anyway beware in the future, buying a Switch on ebay could mean you have a $500 paperweight until you purchase an activation key or a smartnet contract.
Dont panic to much its only the new hardware platforms and the 2800 series ISR that will be affected.
He was talking about the new 3560/3750-E series. while they look like an impressive product, the worrying thing that struck out was that he confirmed that the images for these devices will require an activation key. Moving away from the old system of download an image on and TFTP it on the switch.
These every switch has the full feature set but each stage is released using an activation key which is tied to individual serial number.
What he also did say was that people buying routers and swtiches from ebay beware, its actually illegal to transfer a software image even if its on a device. Officially if you buy a switch say from ebay you should delete the image, then the purchase the relevant key from Cisco.
The new Key activation software will use a 'Free' key management server provided by Cisco.
The logistics for work is going to be a nightmare! getting activation keys for all our switches across our 3000+ sites!

Also before a 6500 IOS image with certain feature sets would be a resonable size, now you will need the whole size image meaning you need the bigger flash....you can see where this is going
Also E seems to be the theme for the future all new annoucnments have E in them, like the sup 1440-E.
Anyway beware in the future, buying a Switch on ebay could mean you have a $500 paperweight until you purchase an activation key or a smartnet contract.
Dont panic to much its only the new hardware platforms and the 2800 series ISR that will be affected.
Looking for CCIE lab study partnerts, in the UK or Online.
Comments
Then I guess it will become good for the rack rental places.
It could be worse -- they could use hardware dongles and make you physically show up on site for every piece of equipment to load the features from a hardware key into the dongle....
I wish Cisco would encourage students to get hands-on experience through homelabs instead making it a more expensive option. A 120-days trial/limited/educational IOS edition would be nice.
The activation doesn't come as a total surprise. I recently wondered whether Cisco is going to release a IOS version 'thirteen' (
Or Cisco could exclude say 12.2 and below from its license agreement!! How about that?
Has anyone ever brought up the idea of "Open Source IOS" for discussion?
Just curious
far they are preventing piracy but yet they are going to run more people to different
brands due to the lack of trained professionals avaliable in the indusry because of limited
resources of real lab equipment due to high ass prices, just to gain hands on experince.
Once this happens I can garuentee you calix, redback, and junipers will become prime
choices in infrastructure deployment due to avaliablity of certified professionals able to
support the high end equipment.
I agree with webmaster there, if they dont offere a trial version of the IOS or some type
of trainning software that works along the lines of dynamips then the salary and the demand
of cisco certified professionals will increase exponetially. With hundreds of Cisco Certified
Professionals letting their certs expire due to inavaliability of Cisco Lab equipment to gain skills
on new technology, would consideriably fuel a revolutionary market change.
If Cisco does deploy this, I will get my juniper certs and start teaching their courses as
well because I'm sure they will be in demand after this stupid microsoft ideal is deployed.
I hate it when companies always think about the money instead of the people.
In Progress: 70-640, 70-685
Are they gonna' stop me from learning 80% to 90% on my home lab?
(or anyone using 12.2/12.3/12.4?)
Unless they plan on coming across town (over to Raleigh from RTP) to
lock down my routers, I'll continue to get busy.
Except if people "thought" they were easy to administer (via the SDM, for example) they would screw up their networks even more
It's the difference between fixing a network that has gotten out of hand versus fixing a broken network where knew just enough to screw it up.
become 300-400 bucks on ebay thats when most people trying to learn the latest and greatest technologies
will be litterly screwed because they cannot activate the IOS
And I love the ideal that each activation key is unique to the Cisco box... I love how they stole
that ideal from the Xbox360 CPU.
The license file is not tied to the serial numbers or any thing, it is tied to the "UDI" of the device (Unique Device Identifier) So when purchasing a new license you must submit the PAK Code (which is a code you get when purchsing a license) and the UDI number of the device you purchased it for to Cisco's online license portal. Then you install the license file provided by CLP (Cisco Licensing Portal) to the switch, then reboot and botta bing!!! You have a new featureset.
The UDI can be found on a sticker on the back of the device.
Cisco also offers a licensing server used to manage licensing for devices (of course the license management server is free) - go figure
Dont worry guys, if no license file is present, it will default to IPBASE. So at least you wont be completely SOL. Example below;
Switch> show version
Cisco IOS Software, C3750E Software (C3750E-UNIVERSAL-M), Version 12.2(35)SE2, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Tue 19-Dec-06 01:36 by antonino
Image text-base: 0x00003000, data-base: 0x01473D34
ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750E-HBOOT-M) Version 12.2(35r)SE, RELEASE SOFTWARE (fc1)
cisl-9mem uptime is 0 day, 0 hours, 6 minutes
System returned to ROM by power-on
System restarted at 22:10:23 UTC Wed Sep 27 2006
System image file is "flash:IMG/c3750e-fa06-u-304k"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: ipbase Type: Default. No license found.
Next reboot license Level: ipbase
cisco WS-C3750E-24PD (PowerPC405) processor with 245760K/16376K bytes of memory.
Processor board ID CAT1006R0LH
Last reset from power-on
Target IOS Version 12.2(35)SE2
1 Virtual Ethernet interfaces
1 FastEthernet interface
24 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:12:80:A2:F2:00
Motherboard assembly number : 73-10314-06
Motherboard serial number : CAT10060XXX
Motherboard revision number : 04
Model number : 78-7056-05
System serial number : CAT100XXXXX
Hardware Board Revision Number : 0x00
Switch Ports Model SW Version SW Image
* 1 30 WS-C3750E-24PD 12.2(35)SE2 C3750E-UNIVERSALK9-M
Configuration register is 0xF
Lovely isnt it?
Rumor has it that in 12.5, it will be using the same technology, and will default to IPBASE as well if no license file is found. I cant really find no hard evidence to confirm this so like I said its just a rumor.
I know for now, the 3 feature sets available for switches will be IPBase, IP Services & Advanced IP Services.
I'm guessing from how Cisco is trying to standarize the IOS naming convention, the new flavors of IOS will probably be along the lines of IPBase, IP Voice, SP Services, Enterprise Base, Adv Security, Adv IP Services, Adv Enterprise Services.
Well figured i'd post more on this. If I learn any thing new ill post it as well
On a personal note i did have a great ideal that cisco could do to ensure self study cisco cert persuits can still gain hands on experince even with devices that require such licensing. They can provide a image for free (or a small charge) probably the latter (I'm sure cisco has to make money off of it in order for it to be possible) that could be used in a lab enviroment that will provide all features but have a limitation kinda like the Fail over license on ASA's where they reboot every so often. Lets say for example the lab devices reboot every 72 hours. Some people think why 72 hours, and thats where i'd say you have to consider the candidates persuing the CCIE, I leave my lab on for days at a time. I'll quit in the middle of a lab and come back to it 2 days later. But any who, thats just my idea
people learn what they can afford so maybe juniper and foundry will capitilze on thsi mistake!!
That is my prediction if Cisco does not offer a educational licensing program, because all of the simulators out there are crappy as hell, and dynamips will be useless then unless you use older ios.
and charge top dollar to get certified! a plan!
wow!
like oil people will pay if they need it!
but like microsoft. someone with crk them oops did i say crack! ahhahahaha
i meant remedy them hahaahahhha
I am hurying up to get my CCNP so i can sit on my Arse! hahaha and cash in!
hahhah just kidding!
Nothing chaps my ass more than calling in an engineer in for an interview with an AAA+++ resume and discovering that he/she is nothing more than a paper-cert who studied for a few weeks on some *&%&^$#$# braindumps.
Last week I asked a guy what STP was and he rambled on about OSPF costs!
....and the week before that another guy couldnt configure a trunk port or enable routing.
BOTH these guys had current CCNP certifications, wanting $110k.
PS: Here is a good one--->For my GWGK CCVP test I noticed that part of the Cisco agreement for taking a test says you cant use ****, or copies of test material (that is what a **** is)....yet their own business partners who do Cisco training hand out MODERATED material to their test-takers like it was candy!
I think I'll start a thread on this just to stir the pot!
And if they are also a VUE Test Center, report them to Pearson/Vue using the VUE Contact Form for Test Security.
And if this is a branch office of a large Cisco Business Partner, report them to their HQ. They may be doing it on their own to boost their training "success rate."
I sat through some Cisco training on the ASR 1000 and it runs on a Linux kernel. Also some of the new routers and switches are going to run a modularized IOS instead of the "single file" IOS. I deployed about 80 6509-E switches (some of which were VSS, very nice indeed!) with the new modular IOS and it offers the ability to upgrade one part of the IOS without needing to bring down the whole box for an upgrade. I guess there will still be some cases where a reload of the supervisor will be required, but this should minimize it. Another cool thing is the ability to have a box with 2 supervisors running SSO even though they don't have the same code version, in the past this would require RPR which required about 1 minute to switchover to the standby supervisor, where SSO is like 50ms for a switchover.
to prevent people from running it on any random device you can buy off ebay.
"WOW... I just stuck Cisco IOS on my laserjet printer!!! I can route and print simultaneously"
As dtlokee said, most of the new breakthroughs are with modularlization, they could
open source such code, but the core os will most likely be kept under lock and key.
It's not like the OS drastically changes very often either. IOS is Cisco's bread and butter. They bank on people being able to pick up a Cisco device and configure it with no prior knowledge other than how to work inside an IOS environment. If they changed the look and feel of IOS they would alienate a large portion of their customer base and that's bad business any way you slice it.
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
..are you craving a sandwich?