USB eToken

August 23, 2010 Leave a comment

As I mentioned, I was checking for USB eToken implementation details as I was helping a friend to think through his token testing process. My friend was looking to utilize his existing eTokens and I was happy to play with this cool technology with him.

So what is it?
USB eToken is a feature that supports the eToken Pro key by SafeNet Inc. (previously owned by Aladdin Knowledge Systems).

This feature provides primary secure means to store and deploy information separate from the router chassis, usually a bootstrap configuration or VPN credentials. This feature enables secure and portable loading of router credentials and configuration data supported by low-touch and enterprise level provisioning systems.

Using USB eToken you can also store passwords, IOS images and IPSec VPN credentials. This is called ‘Removable Credentials’ in the Cisco language.

Starting IOS 12.3(14)T Cisco support a USB Flash Module,  hardware device sold by Cisco that expand the router capabilities on the 2800 series that I was looking at. The USB module come in 64, 128 or 256MB USB 2.0 versions, the eToken is also USB 2.0 device. USB Flash module can be used with any Cisco IOS feature set, IP Base and above.

I’ll show some basic commands, use this white paper for more details:

router(config)#crypto pki token default user-pin 0 1234567890

That would be an auto login command using the default PIN.
Another command change the user PIN from 1234 to 9753:

crypto pki token usbtoken0 admin login 1234
crypto pki token usbtoken0 change-pin 9753

Check this crypto pki command reference for much more.
The following is an output after the router recognize the eToken:

*Aug 22 10:34:44.060: %CRYPTO-6-TOKENLOGIN: Cryptographic Token eToken Login Successful
*Aug 22 10:34:47.711: %USB_TOKEN_FILESYS-6-REGISTERED_WITH_IFS: USB Token File System usbtoken0 is registered…
This post is just a glimpse to the world of Cisco USB and eTokens, if you’re interested in this world you might find this page a good start.

univercd – Cisco documentation resource locator

August 22, 2010 Leave a comment

I was looking for some details on a 2800 router and as always, started with Google. I found all kind of results, some good and close (but general, I had to find a 2800 specific document) and some far far away. Then I remembered that there is one place I didn’t check: Cisco’s main Documentation site: univercd

Since I get many questions about finding documents, I think it does worth a post.

So what’s the story here? This is the official explanation:

Beginning May 14, 2007, Cisco will begin migrating product documentation from the Cisco Connection
Online (CCO) Documentation site to the Cisco Technical Support and Documentation site on Cisco.com.
As documents are migrated, they are replaced with redirects to the new locations. Please update your
bookmarks to reflect new document URLs. Additionally, new product documentation will begin to appear
only on the Technical Support and Documentation site.

Simple right?
Search by hardware type to the left OR software type to the right (Routers->Modular Access Routers in my case for the 2800 series) then choose the specific series – Cisco 2800 Series Integrated Services Routers was my choice and you get all the main documentation topics right away:

I was a click away from the item I was looking for: Connecting a USB Module to the Router USB Port and it all took about 10 seconds (and I include the site redirection wait time). I admit, sometimes it take a bit longer to find what you’re looking for but even then, it would most likely be faster than any other search option when you need an official document.

Oh, you ask about the USB eToken? That would have to wait for the next post 😉

Free CCNA Workbook

August 19, 2010 Leave a comment

With comprehensive Labs and great video series this website offer a much-needed FREE CCNA resource. Matthew George, the founder did an amazing work for the good of all the CCNA candidates out there so spread the word 🙂

This is thea part of the intro:

Our mission is to provide quality CCNA lab training materials to assist you as an individual in pursuit of the Cisco Certified Network Associate Certification. The CCNA certification is a globally recognized certification awarded by Cisco Systems to display associate level knowledge of network engineering skills; skills which include a basic understanding and ability to design, implement and maintain networks that utilize technologies such as Frame Relay, Virtual LAN’s, STP, VTP, ISL, Dot1q, Port Security, Static Routes, RIP, EIGRP, OSPF, Access Control List and much much more.

First day of new CCNP track

August 1, 2010 Leave a comment

If you missed it (god knows how its possible), today is the first day where ROUTE, SWITCH and TSHOOT exams are the only valid CCNP track exams. When I started this blog seven month back I looked at this date as a scary monster and now that it’s here, it feels great to know that I beat the deadline by couple of month 😉

If you didn’t complete your CCNP track by yesterday, your choices are limited to the exams listed above. Say goodbye to the old books, training videos and notes. For some part you’ll be able to use the old materials as some of the topics are either unchanged or expanded but big portions are outdated and should not be used anymore.

Personally I liked ISCW and ONT and learned a lot from each (mostly from ONT) but new times, new technologies and let’s face it – new business strategy for Cisco bring those changes. If you missed the deadline and stuck with a useless ISCW\ONT it kind of sucks but looking at the big picture I believe it is a good step for all of us as its updating the validity of our certification and make it harder to get (which for any certificate is a good thing).

Are you one of those who didn’t make it on time? Did you make it in the last week\day? Tell us your story

show interface history command

July 31, 2010 2 comments

Today I want to show a command that was introduced with IOS 15.1T. Using this command will upgrade your troubleshooting capabilities as you can (finally) look back and have some decent historical data on the interface level.

My home lab uses old equipment that is not supported by this IOS version but fortunately enough I had access to a lab router (2800 series) that was loaded with this latest and greatest version.

So here are few notes on the show interface history command:
To begin with, this command allow you to collect utilization history and show it in a (Cisco kind of) graphical representation. If you’re familiar with the show processes cpu history command you know what I’m talking about. Another similarity to the cpu command is the options: last 60 seconds, last 60 minutes and last 72 hours but since it’s an interface command, you get 2 graphs per time frame: Input and Output
The data that you get can be packets per second (pps) or bit per second (bps), both are useful when you try to get some better understanding of what’s going on with your interface.

Check this example (followed by explanation):

Lab65R2# show interface gigabitethernet 1/1 history 60min

3689548755356314774665664876546

10
9    *
8   **  *                  *
7   *#  #*        **       #*
6  *##  ##    #   ## #* ** ##*  *
5  #### #### *#   ## ##### ###* *
4  ######### ##  *#############**
3 ############## ###############*
2 ############## ################
1 ###############################
0….5….1….1….2….2….3….3….4….4….5….5….6
.          0    5   0   5    0    5   0    5   0   5    0

3333333333333333333333333333331
Mlcst 556555555565555555555565535555700000000000000000000000000000
22322111111     121221211211
57149774766867 133175814422022
iDrop 425727636317619265454496840996600000000000000000000000000000
GigabitEthernet1/1 input rate(mbits/sec)  (last 60 minutes)
* = maximum   # = average

As you can see, it’s not so pretty but it does offer some useful troubleshooting information.
I show here one example of Input history for 60 minutes time frame. You can see the number of multicast (Mlcst) packets and drops, both show per minute data. To get the total number you’ll have to work a bit and add up all the numbers, one by one. You can also see the rate per minute in the graph with average (#) and max (*)  points marked.

To summarize, this is not one of those commands that you’ll use on a daily basis but when time comes and you have a problem, it will come handy and might shed some light on traditionally dark corners.

Invitation: My new Exchange blog

July 28, 2010 Leave a comment

I started a new ‘study from scratch’ Exchange blog.
Read all about it here: http://itdualismex.wordpress.com and bring your friends 😉

Linux – a post about nothing

July 27, 2010 2 comments

Warning: This post is not healthy for penguins

As I told you I have to learn few new things at my new job, one of them is Linux.
Today I took the first step, installing Red Hat 5.1 Server. After a simple installation I wanted to configure the network settings:
IP address, subnet mask, default gateway and DNS server – the basic network interface parameters.

Using the local console (SSH will only be available with a valid IP) and some help from nixCraft and UnixGuide I found it easier than expected and very Windows like 🙂

So, the first thing I did is a typo error, after all it is a Windows world:

Fixing the typo, it looked better:

Even the output is Cisco like – both in the format and content 🙂
Next, I had to change the IP, look how simple it is:

At this point I had the correct settings, I could ping out but I couldn’t SSH in or connect with my application. Like in Windows servers, the firewall was the reason and had to be disabled. Once again a Windows driven typo:

Everything was working at this point but I wanted to check how close it is to the commands I know. This is just one example of a similar command:

So similar to Windows, so what is the big fuss out there???