Home_Banner_2_-_Mid-Year_Mega_Sale-Network-Switch_Official Home_Banner_2_-_Mid-Year_Mega_Sale-Network-Switch_Official
Blogs Page Banner Blogs Page Banner

Find what you want to Know

Ask Our Experts
Project Solutions & Tech.
true_know_how1 true_know_how2 Project Inquiry
Get Advice: Live Chat | +852-63593631

How to Locally Activate or Bypass SLP on an Air-Gapped Cisco Catalyst 1200?

author
David Lorame
CCIE/HCIE Senior Engineer
author https://network-switch.com/pages/david-lorame

I am a Senior Network Solutions Architect at Network-Switch.com, holding dual CCIE and HCIE certifications. With over two decades of hands-on experience deeply rooted in data centers and enterprise environments, my focus is singular: building fast, secure, and infinitely scalable IT infrastructure.

Authored by:

David Lorame, Technical Director & Senior Network Architect (CCIE & HCIE)


Expertise:


Last Updated:

Table of contents
Network Hardware Field Configuration Setup

Deploying the Cisco Catalyst 1200 in a standard office is simple: plug it in, let it reach the internet, and Smart Licensing Using Policy (SLP) automatically registers the device with Cisco's cloud. But what happens when you deploy this switch in an air-gapped environment-like a manufacturing plant, a defense facility, or an isolated CCTV network-where internet access is strictly forbidden?

If you search for offline SLP activation, most documentation (especially pre-2024 guides) will tell you to deploy a Cisco Smart Software Manager (SSM) On-Prem server. For an enterprise core network, that makes sense. But spinning up a heavy VM server just to license three Catalyst 1200 edge switches is an absolute architectural nightmare.

In the Network-Switch.com engineering lab, we configure air-gapped networks daily. Here is the reality of how the Catalyst 1200 behaves in the dark under 2025/2026 firmware, and the exact CLI steps to locally activate it-or completely silence the SLP warnings.

The Symptom: SLP Console Spam in the Dark

When a Catalyst 1200 cannot reach smartreceiver.cisco.com, it doesn't shut down your traffic (SLP is non-blocking). However, the switch will relentlessly spam your console and syslog with Call Home and SLP communication failures: 

%SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM)
%CALL_HOME-5-SL_CLIENT_FAIL: Fail to send Smart Licensing message to CSSM

To stop the spam and achieve compliance, you have two practical choices: Local Activation (SLR) or the Syslog Bypass.

Method 1: Local Activation via Specific License Reservation (SLR)

SLR allows you to permanently tie a license to the switch's hardware serial number using a USB drive or text strings, never requiring the switch itself to touch the internet.

Step 1: Generate the Request Code on the Switch

Console into the isolated Catalyst 1200 and generate a unique reservation request code. 

Cat1200# license smart reservation enable
Cat1200# license smart reservation request local

The switch will output a long alphanumeric string (the Request Code). Copy this to a text file on your laptop.

Step 2: Generate the Auth Code via Cisco Portal

Take your laptop to a network with internet access. Log into your Cisco Smart Software Manager (CSSM) account. Navigate to Licenses > License Reservation, and paste the Request Code. Cisco will generate an Authorization Code.

Step 3: Install the Auth Code Offline

Go back to the air-gapped Cat 1200. Paste the authorization code into the CLI to permanently license the switch. 

Cat1200# license smart reservation install "PASTE_YOUR_AUTH_CODE_HERE"
Cat1200# show license status

Status will now show as "Registered - Specific License Reservation". The console spam is permanently gone.

Method 2: The "Syslog Bypass" (Lab & Unmanaged Environments)

What if you don't have the licenses yet, or this is a temporary lab environment, and you just want the switch to work quietly without SLP screaming at you? Since Catalyst 1200 base features (Network Essentials) are not strictly enforced by SLP disruption, you can use standard syslog discriminators to hide the errors. 

Cat1200(config)# logging discriminator NoSLP msg-body drops SMART_LIC
Cat1200(config)# logging discriminator NoCallHome msg-body drops CALL_HOME
Cat1200(config)# logging console discriminator NoSLP
Cat1200(config)# logging console discriminator NoCallHome

This doesn't "crack" the license, but it effectively bypasses the operational annoyance of SLP in isolated edge networks, keeping your logging buffers clean for real network events.

Architect's Takeaway

Air-gapped licensing shouldn't be an afterthought. Relying on cloud-based SLP for secure deployments is a recipe for auditing nightmares and log pollution.

At Network-Switch.com, we specialize in high-security deployments. If you are procuring enterprise switches for offline environments, our engineering team can perform the SLR authorization offline in our lab before the equipment is shipped to your secure facility. Your Catalyst switches arrive 100% compliant and silent, ready for immediate dark-net deployment.

Frequently asked questions (FAQs)

Will the Catalyst 1200 stop routing traffic if SLP cannot connect to Cisco?

No. In the 2025/2026 firmware, SLP on the Catalyst 1200 is non-blocking. The switch will continue to switch and route packets normally. However, it will continuously generate syslog errors, and you will be out of software compliance until registered.

Do I need an SSM On-Prem server for an air-gapped Catalyst 1200?

No. While SSM On-Prem is recommended for large isolated networks, deploying it for just a few edge switches is inefficient. Using the CLI-based Specific License Reservation (SLR) method is much faster and requires zero additional local infrastructure.

Why does my Catalyst 1200 say "Reservation Not Supported" when I run the command?

Your Smart Account must be explicitly authorized by Cisco to use License Reservation. If your portal does not show the "License Reservation" tab, you must contact Cisco TAC or your partner (like Network-Switch.com) to have the SLR feature unlocked for your account.

Can I use a USB drive to transfer the SLP auth code to the Catalyst 1200?

Yes. You can save the Auth Code text file to a FAT32 formatted USB drive, plug it into the front panel of the switch, and run license smart reservation install usbflash0:authcode.txt.

If I use the Syslog Bypass, am I violating Cisco's licensing terms?

Yes. Filtering the syslog messages only solves the operational annoyance of console spam; it does not legally license the device. You are still required to purchase the appropriate hardware and software licenses for production environments.

References & Official Documents

, , , , , , , ,

Make Inquiry Today