IOS-XE routers are currently not being shipped with the ordered license level applied. This becomes an issue whenever you need non-default licensing level features during PNP onboarding(DMVPN spokes for example). In this post I will cover the simplest way I have found to remediate this.
The problem
Onboarding templates are quite limited in functionality. They don’t allow for any interactive commands such as reload and only permits you to push the full config in one go. It is hence not possible to simply set the license level directly in the onboarding template. Solving this will hence require some form of on-box or off-box automation. I will cover doing this on-box with EEM in this post.
The option to select license level during the PNP claim process should’ve been included in the Catalyst Center from day one. It is one of the first things you would typically do when configuring a router by hand. I cannot fathom why this hasn’t been prioritised.
EEM to the rescue!
For on-box automation your only real option is to use the embedded event manager.
First you will need a way to trigger your EEM script, as running it interactively isn’t possible. I found the most elegant way to do this is to set a countdown timer. This will both trigger the applet after pushing the template through PNP, and when the startup-config is loaded upon boot.
event manager applet set-license-level
event timer countdown time 10
Note: You shouldn’t set this timer below 10s as this gives you time to stop the EEM script in case you enter a boot loop.
Next up you need to assert whether the current license level is correct.
This can be done by checking for the string “network-advantage” in the output of show version.
action 00 syslog msg "Checking license level"
action 01 cli command "enable"
action 02 cli command "show version"
action 03 regexp "network-advantage" "$_cli_result" license_status
action 10 if $license_stat eq ""
! incorrect license level is set
action 20 else
! correct license level is set
Remediation of the license level can then be added.
action 11 cli command "configure terminal"
action 12 cli command "license boot level network-advantage addon dna-advantage"
action 13 cli command "end"
action 14 cli command "write"
action 15 syslog msg "Reloading device to apply correct license level"
action 16 cli command "reload" pattern "confirm"
action 17 cli command "y"
And you can add the device configuration using cli actions in a separate applet. By setting the event to “none” we can run this from our existing applet. This way we can reuse the set-license-level applet without modification across different templates.
Finally we clean up our config and send a celebratory syslog message.
Note: Certain symbols like $ that are common in secrets will need to be escaped when you create your device-config applet.
event manager applet device-config
event none
action 000 cli command "enable"
action 001 cli command "configure terminal"
! Your config goes here
action 200 cli command "no event manager applet set-license-level"
action 201 cli command "no event manager applet device-config"
action 300 syslog msg "Device configuration complete!"
!
event manager applet set-license-level
action 21 syslog msg "Correct license level set. Proceeding with configuration"
action 22 cli command "event manager run device-config"
Summary
Push an EEM applet that changes license level and applies required config on reboot. Make sure to escape special characters and set the countdown high enough that you can recover from any potential boot-loop.
Template:
event manager applet device-config
event none
action 000 cli command "en"
action 001 cli command "configure terminal"
! Your config goes here
action 200 cli command "no event manager applet set-license-level"
action 201 cli command "no event manager applet device-config"
action 300 syslog msg "Device configuration complete!"
!
event manager applet set-license-level
event timer countdown time 30
action 00 syslog msg "Checking license level"
action 01 cli command "enable"
action 02 cli command "show version"
action 03 regexp "network-advantage" "$_cli_result" license_status
!
action 10 if $license_status eq ""
action 11 cli command "configure terminal"
action 12 cli command "license boot level network-advantage addon dna-advantage"
action 13 cli command "end"
action 14 cli command "write"
action 15 syslog msg "Reloading device to apply correct license level"
action 16 cli command "reload" pattern "confirm"
action 17 cli command "y"
!
action 20 else
action 21 syslog msg "Correct license level set. Proceeding with configuration"
action 22 cli command "event manager run device-config"
action 23 end
See Also
- EEM in Catalyst Center templates 📅👨💼
- EVE-NG Netplan configuration 🌐🙆
- Ubuntu, SecureCRT & Telnet links 🐧🔗
- Catlyst 8000v cEdge support in EVE-ng 🧭🥼
- Hello world! 👋
Got feedback or a question?
Feel free to contact me at hello@torbjorn.dev