CSR1000v - crypto pki server
Hi Guys,
Long time no post. I am working on the CCIE security lab now.
Does anyone know if the csr1000v supports "crypto ca server"
The version from the software version I have does not seen to have it no mater what lic I boot to.
(advanced, premium or standard)
I can't find a doc that says it is not on it though.
If it is not supported what VM does have it ?
The closest I found was a ref to this bug for an ASR which is interesting nonetheless.
https://supportforums.cisco.com/discussion/12226201/asr1002-x-crypto-pki-server-command-not-available
R2(config)#crypto pki ?
authenticate Get the CA certificate
certificate Actions on certificates
crl Actions on certificate revocation lists
enroll Request a certificate from a CA
export Export certificate or PKCS12 file
import Import certificate or PKCS12 file
profile Define a certificate profile
token Configure cryptographic token
trustpoint Define a CA trustpoint
trustpool Define CA trustpool
R2#sh ver
Cisco IOS XE Software, Version 03.11.04.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(1)S4, RELEASE SOFTWARE (fc2)
Technical Support: Support and Documentation - Cisco Systems
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 23:15 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
R2 uptime is 1 hour, 58 minutes
Uptime for this control processor is 1 hour, 59 minutes
System returned to ROM by reload
System image file is "bootflash:packages.conf"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
Export Compliance Product Report Application
If you require further assistance please contact us by sending email to
export@cisco.com.
License Level: premium
License Type: Evaluation License
Next reload license Level: premium
cisco CSR1000V (VXE) processor with 814486K/6147K bytes of memory.
Processor board ID <removed>
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3145728K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.
Configuration register is 0x2102
R2#sh lic
Index 1 Feature: premium
Index 2 Feature: advanced
Index 3 Feature: standard
Index 4 Feature: limited
Index 5 Feature: adv_10M
Index 6 Feature: adv_25M
Index 7 Feature: adv_50M
Index 8 Feature: adv_100M
Index 9 Feature: adv_250M
Index 10 Feature: adv_500M
Index 11 Feature: adv_1G
Index 12 Feature: csr1kv_internal_test
Index 13 Feature: hseck9
Index 14 Feature: internal_service
Index 15 Feature: prem_10M
Index 16 Feature: prem_25M
Index 17 Feature: prem_50M
Index 18 Feature: prem_100M
Index 19 Feature: prem_250M
Index 20 Feature: prem_500M
Index 21 Feature: prem_500M_8G
Index 22 Feature: prem_1G
Index 23 Feature: prem_1G_16G
Index 24 Feature: prem_eval
Period left: 8 weeks 3 days
Period Used: 2 hours 6 minutes
License Type: Evaluation
License State: Active, In Use
License Count: Non-Counted
License Priority: Low
Index 25 Feature: std_10M
Index 26 Feature: std_25M
Index 27 Feature: std_50M
Index 28 Feature: std_100M
Index 29 Feature: std_250M
Index 30 Feature: std_500M
Index 31 Feature: std_1G
R2#
thanks
Long time no post. I am working on the CCIE security lab now.
Does anyone know if the csr1000v supports "crypto ca server"
The version from the software version I have does not seen to have it no mater what lic I boot to.
(advanced, premium or standard)
I can't find a doc that says it is not on it though.
If it is not supported what VM does have it ?
The closest I found was a ref to this bug for an ASR which is interesting nonetheless.
https://supportforums.cisco.com/discussion/12226201/asr1002-x-crypto-pki-server-command-not-available
R2(config)#crypto pki ?
authenticate Get the CA certificate
certificate Actions on certificates
crl Actions on certificate revocation lists
enroll Request a certificate from a CA
export Export certificate or PKCS12 file
import Import certificate or PKCS12 file
profile Define a certificate profile
token Configure cryptographic token
trustpoint Define a CA trustpoint
trustpool Define CA trustpool
R2#sh ver
Cisco IOS XE Software, Version 03.11.04.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(1)S4, RELEASE SOFTWARE (fc2)
Technical Support: Support and Documentation - Cisco Systems
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 23:15 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
R2 uptime is 1 hour, 58 minutes
Uptime for this control processor is 1 hour, 59 minutes
System returned to ROM by reload
System image file is "bootflash:packages.conf"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
Export Compliance Product Report Application
If you require further assistance please contact us by sending email to
export@cisco.com.
License Level: premium
License Type: Evaluation License
Next reload license Level: premium
cisco CSR1000V (VXE) processor with 814486K/6147K bytes of memory.
Processor board ID <removed>
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3145728K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.
Configuration register is 0x2102
R2#sh lic
Index 1 Feature: premium
Index 2 Feature: advanced
Index 3 Feature: standard
Index 4 Feature: limited
Index 5 Feature: adv_10M
Index 6 Feature: adv_25M
Index 7 Feature: adv_50M
Index 8 Feature: adv_100M
Index 9 Feature: adv_250M
Index 10 Feature: adv_500M
Index 11 Feature: adv_1G
Index 12 Feature: csr1kv_internal_test
Index 13 Feature: hseck9
Index 14 Feature: internal_service
Index 15 Feature: prem_10M
Index 16 Feature: prem_25M
Index 17 Feature: prem_50M
Index 18 Feature: prem_100M
Index 19 Feature: prem_250M
Index 20 Feature: prem_500M
Index 21 Feature: prem_500M_8G
Index 22 Feature: prem_1G
Index 23 Feature: prem_1G_16G
Index 24 Feature: prem_eval
Period left: 8 weeks 3 days
Period Used: 2 hours 6 minutes
License Type: Evaluation
License State: Active, In Use
License Count: Non-Counted
License Priority: Low
Index 25 Feature: std_10M
Index 26 Feature: std_25M
Index 27 Feature: std_50M
Index 28 Feature: std_100M
Index 29 Feature: std_250M
Index 30 Feature: std_500M
Index 31 Feature: std_1G
R2#
thanks
Comments
-
tunerX
Member Posts: 447 ■■■□□□□□□□
I think you need at least 3.14. Denali (16.3) has it.
CSR-DENALI-01(config)#crypto pki ?
authenticate Get the CA certificate
certificate Actions on certificates
crl Actions on certificate revocation lists
enroll Request a certificate from a CA
export Export certificate or PKCS12 file
import Import certificate or PKCS12 file
profile Define a certificate profile
server Enable IOS Certificate server
token Configure cryptographic token
trustpoint Define a CA trustpoint
trustpool Define CA trustpool
CSR-DENALI-01(config)#do show ver
Cisco IOS XE Software, Version 16.03.01
Cisco IOS Software [Denali], CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.3.1, RELEASE SOFTWARE (fc3)
Technical Support: Support and Documentation - Cisco Systems
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 02-Aug-16 18:36 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
CSR-DENALI-01 uptime is 6 minutes
Uptime for this control processor is 7 minutes
System returned to ROM by reload
System image file is "bootflash:packages.conf"
Last reload reason: reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
Export Compliance Product Report Application
If you require further assistance please contact us by sending email to
export@cisco.com.
License Level: ax
License Type: Permanent
Next reload license Level: ax
cisco CSR1000V (VXE) processor (revision VXE) with 2046368K/3075K bytes of memory.
Processor board ID -
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3983736K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.
0K bytes of at webui:.
Configuration register is 0x2102
CSR-DENALI-01(config)#do show license
Index 1 Feature: advanced
Index 2 Feature: standard
Index 3 Feature: ax
Index 4 Feature: security
Index 5 Feature: lite
Index 6 Feature: vacs
Index 7 Feature: appx
Index 8 Feature: ipbase
Index 9 Feature: prem_10M
Index 10 Feature: prem_50M
Index 11 Feature: prem_100M
Index 12 Feature: prem_250M
Index 13 Feature: prem_500M
Index 14 Feature: prem_500M_8G
Index 15 Feature: prem_1G
Index 16 Feature: prem_1G_16G
Index 17 Feature: prem_2500M
Index 18 Feature: prem_5G
Index 19 Feature: prem_10G
Index 20 Feature: prem_200G
Index 21 Feature: ax_10M
Index 22 Feature: ax_50M
Index 23 Feature: ax_100M
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 24 Feature: ax_250M
Index 25 Feature: ax_500M
Index 26 Feature: ax_500M_8G
Index 27 Feature: ax_1G
Index 28 Feature: ax_2500M
Index 29 Feature: ax_5G
Index 30 Feature: ax_10G
Index 31 Feature: ax_200G
Index 32 Feature: adv_10M
Index 33 Feature: adv_50M
Index 34 Feature: adv_100M
Index 35 Feature: adv_250M
Index 36 Feature: adv_500M
Index 37 Feature: adv_1G
Index 38 Feature: adv_2500M
Index 39 Feature: adv_5G
Index 40 Feature: adv_10G
Index 41 Feature: sec_10M
Index 42 Feature: sec_50M
Index 43 Feature: sec_100M
Index 44 Feature: sec_250M
Index 45 Feature: sec_500M
Index 46 Feature: sec_1G
Index 47 Feature: sec_2500M
Index 48 Feature: sec_5G
Index 49 Feature: sec_10G