As I mentioned, I was checking for USB eToken implementation details as I was helping a friend to think through his token testing process. My friend was looking to utilize his existing eTokens and I was happy to play with this cool technology with him.
This feature provides primary secure means to store and deploy information separate from the router chassis, usually a bootstrap configuration or VPN credentials. This feature enables secure and portable loading of router credentials and configuration data supported by low-touch and enterprise level provisioning systems.
Using USB eToken you can also store passwords, IOS images and IPSec VPN credentials. This is called ‘Removable Credentials’ in the Cisco language.
Starting IOS 12.3(14)T Cisco support a USB Flash Module, hardware device sold by Cisco that expand the router capabilities on the 2800 series that I was looking at. The USB module come in 64, 128 or 256MB USB 2.0 versions, the eToken is also USB 2.0 device. USB Flash module can be used with any Cisco IOS feature set, IP Base and above.
I’ll show some basic commands, use this white paper for more details:
router(config)#crypto pki token default user-pin 0 1234567890
That would be an auto login command using the default PIN.
Another command change the user PIN from 1234 to 9753:
crypto pki token usbtoken0 admin login 1234
crypto pki token usbtoken0 change-pin 9753
Check this crypto pki command reference for much more.
The following is an output after the router recognize the eToken:
*Aug 22 10:34:44.060: %CRYPTO-6-TOKENLOGIN: Cryptographic Token eToken Login Successful*Aug 22 10:34:47.711: %USB_TOKEN_FILESYS-6-REGISTERED_WITH_IFS: USB Token File System usbtoken0 is registered…