The future of Cisco IOS images

wildfirewildfire Member Posts: 654
We had a brief by our onsite Cisco Engineer (yes we spend so much money Cisco give us a pre/post sales guy to assist)

He was talking about the new 3560/3750-E series. while they look like an impressive product, the worrying thing that struck out was that he confirmed that the images for these devices will require an activation key. Moving away from the old system of download an image on and TFTP it on the switch.

These every switch has the full feature set but each stage is released using an activation key which is tied to individual serial number.

What he also did say was that people buying routers and swtiches from ebay beware, its actually illegal to transfer a software image even if its on a device. Officially if you buy a switch say from ebay you should delete the image, then the purchase the relevant key from Cisco.

The new Key activation software will use a 'Free' key management server provided by Cisco.

The logistics for work is going to be a nightmare! getting activation keys for all our switches across our 3000+ sites! icon_eek.gif

Also before a 6500 IOS image with certain feature sets would be a resonable size, now you will need the whole size image meaning you need the bigger can see where this is going

Also E seems to be the theme for the future all new annoucnments have E in them, like the sup 1440-E.

Anyway beware in the future, buying a Switch on ebay could mean you have a $500 paperweight until you purchase an activation key or a smartnet contract.

Dont panic to much its only the new hardware platforms and the 2800 series ISR that will be affected.
Looking for CCIE lab study partnerts, in the UK or Online.


  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Well... it will be good for Techexams, at least initially, when everyone rushes to certify while they can still afford the labs.

    Then I guess it will become good for the rack rental places. icon_lol.gif

    It could be worse -- they could use hardware dongles and make you physically show up on site for every piece of equipment to load the features from a hardware key into the dongle.... icon_eek.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Thanks for sharing this very interesting info!

    I wish Cisco would encourage students to get hands-on experience through homelabs instead making it a more expensive option. A 120-days trial/limited/educational IOS edition would be nice.

    The activation doesn't come as a total surprise. I recently wondered whether Cisco is going to release a IOS version 'thirteen' ( icon_confused.gif: ) or use it as an opportunity to start with something fresh. Which amongst other things I expected would be used as an opporunity to include some sort of licensing through activation, considering that's almost standard for software nowadays. Or just skip to version 14 ;)
  • jvaxjvax Member Posts: 117
    Webmaster wrote:
    A 120-days trial/limited/educational IOS edition would be nice.
    It would be very nice indeed.

    Or Cisco could exclude say 12.2 and below from its license agreement!! How about that?

    Has anyone ever brought up the idea of "Open Source IOS" for discussion?

    Just curious icon_rolleyes.gif
    "Beer is proof that God loves us, and wants us to be happy" -- Benjamin Franklin
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Obviously Cisco is killing them selves by using this type of activation technology. By
    far they are preventing piracy but yet they are going to run more people to different
    brands due to the lack of trained professionals avaliable in the indusry because of limited
    resources of real lab equipment due to high ass prices, just to gain hands on experince.

    Once this happens I can garuentee you calix, redback, and junipers will become prime
    choices in infrastructure deployment due to avaliablity of certified professionals able to
    support the high end equipment.

    I agree with webmaster there, if they dont offere a trial version of the IOS or some type
    of trainning software that works along the lines of dynamips then the salary and the demand
    of cisco certified professionals will increase exponetially. With hundreds of Cisco Certified
    Professionals letting their certs expire due to inavaliability of Cisco Lab equipment to gain skills
    on new technology, would consideriably fuel a revolutionary market change.

    If Cisco does deploy this, I will get my juniper certs and start teaching their courses as
    well because I'm sure they will be in demand after this stupid microsoft ideal is deployed.

    I hate it when companies always think about the money instead of the people.
    There is no place like
  • Darthn3ssDarthn3ss Member Posts: 1,096
    what/ you mean you can't prepare for CCIE lab with a boson simulator? :-p
    Fantastic. The project manager is inspired.

    In Progress: 70-640, 70-685
  • ReardenRearden Member Posts: 222
    If this is really going to happen, am I wasting my time with Cisco? Maybe I should just go back to being a programmer.
    More systems have been wiped out by admins than any cracker could do in a lifetime.
  • seraphusseraphus Member Posts: 307
    I don't see the "lockdown" as a major issue for anyone in the near future...

    Are they gonna' stop me from learning 80% to 90% on my home lab?
    (or anyone using 12.2/12.3/12.4?)

    Unless they plan on coming across town (over to Raleigh from RTP) to
    lock down my routers, I'll continue to get busy.
    Lab first, ask questions later
  • malwethmalweth Member Posts: 42 ■■□□□□□□□□
    I think if Cisco made their products easy to administer, Cisco engineers would be getting lower salaries and infrastructure would run just as good. God bless Cisco for making us money!!!!

    Except if people "thought" they were easy to administer (via the SDM, for example) they would screw up their networks even more :)

    It's the difference between fixing a network that has gotten out of hand versus fixing a broken network where knew just enough to screw it up.
    128  64  32  16  |   8   4   2   1
    128 192 224 240  | 248 252 254 255
     25  26  27  28  |  29  30  31  32
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Well if they lock down their IOS it wont affect any one for a few years but when the 2800 service routers
    become 300-400 bucks on ebay thats when most people trying to learn the latest and greatest technologies
    will be litterly screwed because they cannot activate the IOS

    And I love the ideal that each activation key is unique to the Cisco box... I love how they stole
    that ideal from the Xbox360 CPU.
    There is no place like
  • milliampmilliamp Member Posts: 135
    I think Cisco's open nature up till now has helped them out quite a bit. This is a bummer.
  • Nik00117Nik00117 Member Posts: 21 ■□□□□□□□□□
    I agree, I think CISCO merely needs to ensure that corps are not pirating. However I feel that the individual who is studying for his CISCO cert should be given a certain amount of "we don't care type deal" I mean especially when starting out, we don't got hundreds of dollars to throw away. I think CISCO should be considerate towards its new and up coming engineers.
  • JohnDouglasJohnDouglas Member Posts: 186
    I guess it would go much the same way XP or Vista has gone. That's not stopped pirating and misuse on a private scale.
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Well I can definately confirm that 3560E's and 3750E's require a license file to derminate the feature set that is unlocked. The license file is stored in a secure flash memory space "as cisco likes to say" which is not directly accessable.

    The license file is not tied to the serial numbers or any thing, it is tied to the "UDI" of the device (Unique Device Identifier) So when purchasing a new license you must submit the PAK Code (which is a code you get when purchsing a license) and the UDI number of the device you purchased it for to Cisco's online license portal. Then you install the license file provided by CLP (Cisco Licensing Portal) to the switch, then reboot and botta bing!!! You have a new featureset.

    The UDI can be found on a sticker on the back of the device.

    Cisco also offers a licensing server used to manage licensing for devices (of course the license management server is free) - go figure

    Dont worry guys, if no license file is present, it will default to IPBASE. So at least you wont be completely SOL. Example below;

    Switch> show version
    Cisco IOS Software, C3750E Software (C3750E-UNIVERSAL-M), Version 12.2(35)SE2, RELEASE
    SOFTWARE (fc1)
    Copyright (c) 1986-2006 by Cisco Systems, Inc.
    Compiled Tue 19-Dec-06 01:36 by antonino
    Image text-base: 0x00003000, data-base: 0x01473D34
    ROM: Bootstrap program is C3750E boot loader
    BOOTLDR: C3750E Boot Loader (C3750E-HBOOT-M) Version 12.2(35r)SE, RELEASE SOFTWARE (fc1)
    cisl-9mem uptime is 0 day, 0 hours, 6 minutes
    System returned to ROM by power-on
    System restarted at 22:10:23 UTC Wed Sep 27 2006
    System image file is "flash:IMG/c3750e-fa06-u-304k"
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    If you require further assistance please contact us by sending email to
    [email protected].
    License Level: ipbase Type: Default. No license found.
    Next reboot license Level: ipbase
    cisco WS-C3750E-24PD (PowerPC405) processor with 245760K/16376K bytes of memory.
    Processor board ID CAT1006R0LH
    Last reset from power-on
    Target IOS Version 12.2(35)SE2
    1 Virtual Ethernet interfaces
    1 FastEthernet interface
    24 Gigabit Ethernet interfaces
    2 Ten Gigabit Ethernet interfaces
    The password-recovery mechanism is enabled.
    512K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address : 00:12:80:A2:F2:00
    Motherboard assembly number : 73-10314-06
    Motherboard serial number : CAT10060XXX
    Motherboard revision number : 04
    Model number : 78-7056-05
    System serial number : CAT100XXXXX
    Hardware Board Revision Number : 0x00
    Switch Ports Model SW Version SW Image

    * 1 30 WS-C3750E-24PD 12.2(35)SE2 C3750E-UNIVERSALK9-M
    Configuration register is 0xF

    Lovely isnt it?

    Rumor has it that in 12.5, it will be using the same technology, and will default to IPBASE as well if no license file is found. I cant really find no hard evidence to confirm this so like I said its just a rumor.

    I know for now, the 3 feature sets available for switches will be IPBase, IP Services & Advanced IP Services.

    I'm guessing from how Cisco is trying to standarize the IOS naming convention, the new flavors of IOS will probably be along the lines of IPBase, IP Voice, SP Services, Enterprise Base, Adv Security, Adv IP Services, Adv Enterprise Services.

    Well figured i'd post more on this. If I learn any thing new ill post it as well :)

    On a personal note i did have a great ideal that cisco could do to ensure self study cisco cert persuits can still gain hands on experince even with devices that require such licensing. They can provide a image for free (or a small charge) probably the latter (I'm sure cisco has to make money off of it in order for it to be possible) that could be used in a lab enviroment that will provide all features but have a limitation kinda like the Fail over license on ASA's where they reboot every so often. Lets say for example the lab devices reboot every 72 hours. Some people think why 72 hours, and thats where i'd say you have to consider the candidates persuing the CCIE, I leave my lab on for days at a time. I'll quit in the middle of a lab and come back to it 2 days later. But any who, thats just my idea :)
    There is no place like
  • larkspurlarkspur Member Posts: 235
    then it will look like dynaips and all the efforts to write that app will be wasted. I totaly dislike greedy companies. This pisses me off.

    people learn what they can afford so maybe juniper and foundry will capitilze on thsi mistake!!
    just trying to keep it all in perspective!
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    larkspur wrote:
    People learn what they can afford so maybe juniper and foundry will capitilze on thsi mistake!!

    That is my prediction if Cisco does not offer a educational licensing program, because all of the simulators out there are crappy as hell, and dynamips will be useless then unless you use older ios.
    There is no place like
  • networker050184networker050184 Mod Posts: 11,962 Mod
    From what I understand Juniper already has a software licensing and has stopped there JunOS from running on platforms other than Juniper hardware ie Olive. Not 100% sure though...
    An expert is a man who has made all the mistakes which can be made.
  • empc4000xlempc4000xl Member Posts: 322
    I guess this is why cisco never got into the dynampis mess, they already had a plan cooking. As far as people going to other vendors for gear I doubt it. When you have that much of the market share you can do what you want. People have been mad at big Bill for years and they still control more than half of the market share. It took Steve jobs to come back and actually take a bite of out of MS.
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    wow! well it would pay to be in business as a CISCO trainer
    and charge top dollar to get certified! a plan!

    like oil people will pay if they need it!

    but like microsoft. someone with crk them oops did i say crack! ahhahahaha
    i meant remedy them hahaahahhha

    I am hurying up to get my CCNP so i can sit on my Arse! hahaha and cash in!

    hahhah just kidding!
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    Well considering the current CCIE images are 2 revisions behind I don't think this will affect Dynamips/Dynagen anytime soon even if/when it is implemented. Still it would be beneficial to Cisco to create training images and perhaps buy/license Dynamips themselves, they could restrict bandwidth to say 1 mbps on these images so there is no way in hell they could be used in a live environment.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • pullin-gspullin-gs Member Posts: 38 ■■□□□□□□□□
    Vs lock down router code, I wish Cisco would spend more time working on a certification process that would do away with ****.
    Nothing chaps my ass more than calling in an engineer in for an interview with an AAA+++ resume and discovering that he/she is nothing more than a paper-cert who studied for a few weeks on some *&%&^$#$# braindumps. icon_mad.gif
    Last week I asked a guy what STP was and he rambled on about OSPF costs!
    ....and the week before that another guy couldnt configure a trunk port or enable routing.
    BOTH these guys had current CCNP certifications, wanting $110k.

    PS: Here is a good one--->For my GWGK CCVP test I noticed that part of the Cisco agreement for taking a test says you cant use ****, or copies of test material (that is what a **** is)....yet their own business partners who do Cisco training hand out MODERATED material to their test-takers like it was candy!

    I think I'll start a thread on this just to stir the pot! icon_twisted.gif
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    pullin-gs wrote:
    I think I'll start a thread on this just to stir the pot! icon_twisted.gif
    Or you could file a report online at the Cisco Brand Center. There is a link on the page to Report Usage Violations where you can
    Report suspected misuse of Cisco intellectual property, such as logos, trademarks, and copyrighted material.

    And if they are also a VUE Test Center, report them to Pearson/Vue using the VUE Contact Form for Test Security.

    And if this is a branch office of a large Cisco Business Partner, report them to their HQ. They may be doing it on their own to boost their training "success rate."
    :mike: Cisco Certifications -- Collect the Entire Set!
  • SepiraphSepiraph Member Posts: 179 ■■□□□□□□□□
    The more interesting question is whether the IOS is ever going to be open-source, even if partially.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    I don't think it will go open source :)

    I sat through some Cisco training on the ASR 1000 and it runs on a Linux kernel. Also some of the new routers and switches are going to run a modularized IOS instead of the "single file" IOS. I deployed about 80 6509-E switches (some of which were VSS, very nice indeed!) with the new modular IOS and it offers the ability to upgrade one part of the IOS without needing to bring down the whole box for an upgrade. I guess there will still be some cases where a reload of the supervisor will be required, but this should minimize it. Another cool thing is the ability to have a box with 2 supervisors running SSO even though they don't have the same code version, in the past this would require RPR which required about 1 minute to switchover to the standby supervisor, where SSO is like 50ms for a switchover.
    The only easy day was yesterday!
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    I doubt cisco will ever completely open source their ios code mainly because cisco wants
    to prevent people from running it on any random device you can buy off ebay.

    "WOW... I just stuck Cisco IOS on my laserjet printer!!! I can route and print simultaneously" icon_lol.gif

    As dtlokee said, most of the new breakthroughs are with modularlization, they could
    open source such code, but the core os will most likely be kept under lock and key.
    There is no place like
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I don't see a problem with Cisco locking down their devices. A big problem that many networks are facing right now (including many US government networks) is that of counterfeit hardware. Cisco has been tying operating systems to hardware codes with their security appliances for years now. This is nothing new. This is a further method for Cisco to ensure that their extremely well-engineered hardware isn't confused for counterfeit stuff. Dynamips isn't endangered. It will move on to operate like PEMU. Home labs aren't in danger. No one really has bleeding-edge devices in their home networks anyway so people won't see any problems for quite a while.

    It's not like the OS drastically changes very often either. IOS is Cisco's bread and butter. They bank on people being able to pick up a Cisco device and configure it with no prior knowledge other than how to work inside an IOS environment. If they changed the look and feel of IOS they would alienate a large portion of their customer base and that's bad business any way you slice it.
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Great points, but I have to wonder...
    Paul Boz wrote:
    It's not like the OS drastically changes very often either. IOS is Cisco's bread and butter. They bank on people being able to pick up a Cisco device and configure it with no prior knowledge other than how to work inside an IOS environment. If they changed the look and feel of IOS they would alienate a large portion of their customer base and that's bad business any way you slice it.

    ..are you craving a sandwich? icon_rolleyes.gif
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    hot ham and chedder... icon_rolleyes.gif
    There is no place like
Sign In or Register to comment.