As I mentioned, I was checking for USB eToken implementation details as I was helping a friend to think through his token testing process. My friend was looking to utilize his existing eTokens and I was happy to play with this cool technology with him.
This feature provides primary secure means to store and deploy information separate from the router chassis, usually a bootstrap configuration or VPN credentials. This feature enables secure and portable loading of router credentials and configuration data supported by low-touch and enterprise level provisioning systems.
Using USB eToken you can also store passwords, IOS images and IPSec VPN credentials. This is called ‘Removable Credentials’ in the Cisco language.
Starting IOS 12.3(14)T Cisco support a USB Flash Module, hardware device sold by Cisco that expand the router capabilities on the 2800 series that I was looking at. The USB module come in 64, 128 or 256MB USB 2.0 versions, the eToken is also USB 2.0 device. USB Flash module can be used with any Cisco IOS feature set, IP Base and above.
I’ll show some basic commands, use this white paper for more details:
router(config)#crypto pki token default user-pin 0 1234567890
That would be an auto login command using the default PIN.
Another command change the user PIN from 1234 to 9753:
crypto pki token usbtoken0 admin login 1234
crypto pki token usbtoken0 change-pin 9753
Check this crypto pki command reference for much more.
The following is an output after the router recognize the eToken:
*Aug 22 10:34:44.060: %CRYPTO-6-TOKENLOGIN: Cryptographic Token eToken Login Successful*Aug 22 10:34:47.711: %USB_TOKEN_FILESYS-6-REGISTERED_WITH_IFS: USB Token File System usbtoken0 is registered…
I was looking for some details on a 2800 router and as always, started with Google. I found all kind of results, some good and close (but general, I had to find a 2800 specific document) and some far far away. Then I remembered that there is one place I didn’t check: Cisco’s main Documentation site: univercd
Since I get many questions about finding documents, I think it does worth a post.
So what’s the story here? This is the official explanation:
Beginning May 14, 2007, Cisco will begin migrating product documentation from the Cisco Connection
Online (CCO) Documentation site to the Cisco Technical Support and Documentation site on Cisco.com.
As documents are migrated, they are replaced with redirects to the new locations. Please update your
bookmarks to reflect new document URLs. Additionally, new product documentation will begin to appear
only on the Technical Support and Documentation site.
Search by hardware type to the left OR software type to the right (Routers->Modular Access Routers in my case for the 2800 series) then choose the specific series – Cisco 2800 Series Integrated Services Routers was my choice and you get all the main documentation topics right away:
I was a click away from the item I was looking for: Connecting a USB Module to the Router USB Port and it all took about 10 seconds (and I include the site redirection wait time). I admit, sometimes it take a bit longer to find what you’re looking for but even then, it would most likely be faster than any other search option when you need an official document.
Oh, you ask about the USB eToken? That would have to wait for the next post ;)
With comprehensive Labs and great video series this website offer a much-needed FREE CCNA resource. Matthew George, the founder did an amazing work for the good of all the CCNA candidates out there so spread the word :)
This is thea part of the intro:
Our mission is to provide quality CCNA lab training materials to assist you as an individual in pursuit of the Cisco Certified Network Associate Certification. The CCNA certification is a globally recognized certification awarded by Cisco Systems to display associate level knowledge of network engineering skills; skills which include a basic understanding and ability to design, implement and maintain networks that utilize technologies such as Frame Relay, Virtual LAN’s, STP, VTP, ISL, Dot1q, Port Security, Static Routes, RIP, EIGRP, OSPF, Access Control List and much much more.
If you missed it (god knows how its possible), today is the first day where ROUTE, SWITCH and TSHOOT exams are the only valid CCNP track exams. When I started this blog seven month back I looked at this date as a scary monster and now that it’s here, it feels great to know that I beat the deadline by couple of month ;)
If you didn’t complete your CCNP track by yesterday, your choices are limited to the exams listed above. Say goodbye to the old books, training videos and notes. For some part you’ll be able to use the old materials as some of the topics are either unchanged or expanded but big portions are outdated and should not be used anymore.
Personally I liked ISCW and ONT and learned a lot from each (mostly from ONT) but new times, new technologies and let’s face it – new business strategy for Cisco bring those changes. If you missed the deadline and stuck with a useless ISCW\ONT it kind of sucks but looking at the big picture I believe it is a good step for all of us as its updating the validity of our certification and make it harder to get (which for any certificate is a good thing).
Are you one of those who didn’t make it on time? Did you make it in the last week\day? Tell us your story