Manuals / Enterasys Networks / Power Tools / Router

Enterasys Networks XSR-Series manual XSR-18051config#crypto ca identity Enterasys-Networks-CA

Models: XSR-Series

1 55

Download 55 pages 33.75 Kb

Page 34

Issue Certificate via SCEP protocol to XSR from Windows 2000 CA:

1.

XSR-1805_1(config)#crypto ca identity Enterasys-Networks-CA

XSR-1805_1(ca-identity)#enrollment url http://192.168.224.22/certsrv/mscep/mscep.dll

XSR-1805_1(ca-identity)#exit

2.

XSR-1805_1(config)#crypto ca authenticate Enterasys-Networks-CA

Certificate has the following attributes:

Fingerprint: 6AEBAF4C 51B85B4C 297F12F0 D3442FF6

Do you accept this certificate (y/n) ? y

3.

XSR-1805_1(config)#crypto ca enroll Enterasys-Networks-CA

%

% Start certificate enrollment

Create a challenge password. You will need to verbally provide this password to the CA Administrator in order to revoke your certificate. For security reasons your password will not be saved in the configuration.

Please make a note of it.

Password:****************

Re-enter password:****************

Include the router serial number in the subject name (y/n) ? y The serial number in the certificate will be: 361902300157320D

Request certificate from CA (y/n) ? y

You may experience a short delay while RSA keys are generated. Once key generation is complete, the certificate request will be sent to the Certificate Authority.

Use 'show crypto ca certificate' to show the fingerprint. XSR-1805_1(config)#

<186> 192.168.224.132 PKI: A certificate was successfully received from the CA.

XSR-1805_1(config)#

4.

XSR-1805_1(config)#crypto ca crl request Enterasys-Networks-CA

<186>Jul	30	11:33:28	192.168.200.1 PKI: A crl has		been	requested	for En-
terasys-Networks-CA,			this may take	a while, a message		will be displayed
when the	crl has been
<191>Jul	30	11:33:28	192.168.200.1	VPN: [PKI] The	certificate is		VALID

XSR-1805_1(config)#

Configuration Guide

Page 34 of 55

Image 34

Enterasys Networks XSR-Series manual XSR-18051config#crypto ca identity Enterasys-Networks-CA, Password Re-enter password

Contents

Configuration Guide Table of Contents Helpful commands for using the XSR platform AppendixIP-Address and Secondary Addresses configuration IP-Static-routing IP-Loopback InterfaceIP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol Duplex full System login bannerDuplex half Configuration Guide Access control list moving online editing XSR-1805config#access-list 110 move 1Router-1-Master Router-2-BackupVirtual Router Redundancy Protocol RFC Hostname XSR-18051Vrrp monitor interface function, interface tracking Vrrp 1 priority Vrrp 1 master-respond-ping no shutdownNAT dynamic with PAT Port Address Translation Access-list 10 permit 10.10.10.0NAT static bindings Ip address 10.10.10.1 255.255.255.0 no shutdownDialer Interface Dialer Backup interface function Controller e1 0/2/0 clock source internal no shutdownPAP for authentication PPP Username remote privilege 0 password is not displayedUsername remote privilege 0 cleartext iamRemote Chap for authentication PPPInterface Dialer0 dialer pool VPN via Dialer Interface rtr1 XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSRDialer-list 1 protocol ip list VPN via Dialer Interface rtr2 Ppp pap sent-username central password xsr ppp multilink Dialer Int. PRI to BRI with D-channel-callbackcentral-sitePpp pap sent-username remote1 password xsr1 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote1-sitePpp pap sent-username remote2 password xsr2 ppp multilink Dialer Int. PRI to BRI with D-channel-callbackremote2-siteIsdn config for BRIx/x Isdn switch type changing Dialer caller 112233 callback dialer remote-name XSR-Remote Isdn callbackDialer-group Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius Syslog function, Server local-buffer Ip ssh server disable Ip telnet server disableSSH / Telnet Logging Snmp MediumSnmp configuration /contact/location/parameter Snmp v1/v2/v3Router-1 XSR-18051config#aaa user XSR-18051config-aaa#password XSR0r1 VPN Ipsec site-to-site tunnel via pre-shared key Ip route 80.80.80.0 255.255.255.0Router-2 XSR-18052config#aaa user XSR-18052config-aaa#password XSR0r2 VPN Ipsec site-to-site tunnel via pre-shared key Ip route 10.10.10.0 255.255.255.0VPN Ipsec site-to-site tunnel certification PKI XSR-18051config#crypto ca crl request Enterasys-Networks-CA XSR-18051config#crypto ca identity Enterasys-Networks-CAPassword Re-enter password Request certificate from CA y/n ? yCertification control / certificates / Crls / CA identity ENTITY-ACTIVEVPN Pptp User termination Pptp encrypt mppe autoXSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR 5r1 GRE native site-to-site tunnel Version 6.0.0.0, Built Sep 14 20035r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Description InteralnetworkPrivate ip address 10.10.10.1 Firewall configurationDescription internalloopbackPrivate ip address 13.13.13.1 Ip address 20.20.20.1 Vlan configuration 802.1q tagged routingIp address 30.30.30.1 Version 4.0.0.0, Built Mar 26 2003 A1.2 ping & tracerouteVersion 2.02, Built Feb 24 2003 XSR-1805 uptime is 0 days, 2 hours, 23 minutesPhysical link is currently up Current operational duplex mode is negotiated to fullA1.4 telnet to other routers Current operational speed is negotiated to 100 Mb/sA1.5 flash/ cflash/ dir, rename, copy commands A1.6 verify the flash file checksumB1.0 show ip route B1.1 show ip arpC1.2 show crypto ipsec sa C1.0 show tunnelsC1.1 show crypto isakmp sa C1.3 show crypto mapC1.6 show crypto ipsec sa / GRE via Ipsec C1.4 show tunnels / GRE via IpsecC1.5 show interface vpn / GRE via Ipsec C1.7 show ip route / GRE via IpsecD1.2 show controllers atm 1/0 D1.1 show ip interface atm 1/0.1MTU is 1492 bytes D1.3 show controllers atm 1/0.1 VPI/VCI 1/32D1.4 show interface atm 1/0 ATM 1/0 is Admin Up / Oper UpAdministrative State is Enabled Operational State is UP IfLastChange 001609State Opened ATM 1/0.1 is Admin Up / Oper UpD1.5 show interface atm 1/0.1 PPPoE is Oper UpD1.6 show ppp interface atm 1/0.1 ATM 1/0.1 PPP is Admin Up / Oper UpChap authentication success with Current StateGetting Help