[cisco-voip] CTL/Security Token question

Ed Leatherman ealeatherman at gmail.com
Mon Apr 4 13:03:19 EDT 2011


Good to know, thanks Wes - the book i was reading didn't mention the
token password but I see it now in the CM docs.

Assuming you forgot or lost the password for one of the tokens, could
you use one of your other tokens (assuming you know ITS password) to
change the CTL and remove the one you forgot?

On Mon, Apr 4, 2011 at 11:45 AM, Wes Sisk <wsisk at cisco.com> wrote:
> We do this in our labs.  Just be careful to keep track of password changes.
>  Using the tokens requires a password.  Guess the wrong password too many
> times and they do self destruct.  This would effectively lock you out of all
> clusters that use that key.
>
> Regards,
> Wes
>
> On 4/4/2011 10:27 AM, Ed Leatherman wrote:
>>
>> Hello,
>>
>> I'm doing some studying on control/media encryption for call manager,
>> and was wondering if someone could answer a (hopefully simple)
>> question about signing CTL's. Does the act of signing a CTL actually
>> affect the security token(s) in any way? Can I buy a set of security
>> tokens, use them to configure everything on lab CM, and then re-use
>> the same tokens in production?
>>
>> The documentation seems to infer this (along with a best practice of
>> building in test first), but it doesn't come right out and say you can
>> reuse the same tokens. Would be kind of goofy if it locked them to a
>> particular cluster some how and I don't think that's the case. I was
>> hoping for a bit of confirmation though.
>>
>> Thanks!
>>
>



-- 
Ed Leatherman



More information about the cisco-voip mailing list