[cisco-voip] CTL/Security Token question
Antonio Soares
amsoares at netcabo.pt
Thu May 5 13:00:58 EDT 2011
The pricing tool show me this:
Product Number KEY-CCM-ADMIN-K9=
Product Description CUCM Admin Security Token, 4.3, 6.0, or
Newer, CoO Israel
Price USD 300.00
I assume this is one Token and that in my case I just need to buy one.
But I also see the PN available in the RMA (SVO) Tool.
So if the RMA is an option, I will try it. I don’t like the idea and the
customer much less of spending 300$ just because he forgot the password. It
just doesn’t make sense.
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
<mailto:amsoares at netcabo.pt> amsoares at netcabo.pt
<http://www.ccie18473.net> http://www.ccie18473.net
From: Ryan Ratliff [mailto:rratliff at cisco.com]
Sent: quinta-feira, 5 de Maio de 2011 17:25
To: Antonio Soares
Cc: 'Joe Martini'; 'Jason Aarons (AM)'; 'Cisco VOIP'
Subject: Re: [cisco-voip] CTL/Security Token question
See Jason's email. You need to buy a new eToken and re-run the CTL client
to add it in.
If you find that the eTokens only come in pairs then that's a good thing.
Add both the new ones to your file and keep them safely tucked away.
-Ryan
On May 5, 2011, at 11:58 AM, Antonio Soares wrote:
Thanks Joe for the explanation.
In my case, the customer still has the other token with the known password.
My question is how do I replace the token that is locked ? RMA ? The
document you mentioned says to purchase a new one but that’s in case you
lost it:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_2_3/secutrbl.h
tml#wp1044526
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net <http://www.ccie18473.net/>
From: Joe Martini [mailto:joemar2 at cisco.com]
Sent: quinta-feira, 5 de Maio de 2011 14:44
To: Jason Aarons (AM)
Cc: Antonio Soares; 'Wes Sisk'; 'Ed Leatherman'; 'Cisco VOIP'
Subject: Re: [cisco-voip] CTL/Security Token question
If the password has been entered incorrectly too many times the token cannot
be recovered. Hopefully you still have one with a known password so that
you can get a new token to replace the locked one. Then update the CTL file
with the new token using the one remaining token that was originally used.
That's why it's a requirement to order two, in case one is lost or locked
out there is a backup. If you've lost both here's what you'll need to do:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_2_3/secutrbl.h
tml#wp1032731
Joe
On May 5, 2011, at 9:30 AM, Jason Aarons (AM) wrote:
I would call TAC, installing a new CTL would mean visiting each phone (or
use UnifiedFX) and resetting the CTL. Not something you want to have happen.
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Antonio Soares
Sent: Thursday, May 05, 2011 7:38 AM
To: 'Wes Sisk'; 'Ed Leatherman'
Cc: 'Cisco VOIP'
Subject: Re: [cisco-voip] CTL/Security Token question
I have a customer that failed the Security Token Password 3 times and now
the token is locked.
Anyone knows how to solve this problem ?
Do I need to replace the token via RMA ?
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net <http://www.ccie18473.net/>
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Wes Sisk
Sent: segunda-feira, 4 de Abril de 2011 16:45
To: Ed Leatherman
Cc: Cisco VOIP
Subject: Re: [cisco-voip] CTL/Security Token question
We do this in our labs. Just be careful to keep track of password changes.
Using the tokens requires a password. Guess the wrong password too many
times and they do self destruct. This would effectively lock you out of all
clusters that use that key.
Regards,
Wes
On 4/4/2011 10:27 AM, Ed Leatherman wrote:
> Hello,
>
> I'm doing some studying on control/media encryption for call manager,
> and was wondering if someone could answer a (hopefully simple)
> question about signing CTL's. Does the act of signing a CTL actually
> affect the security token(s) in any way? Can I buy a set of security
> tokens, use them to configure everything on lab CM, and then re-use
> the same tokens in production?
>
> The documentation seems to infer this (along with a best practice of
> building in test first), but it doesn't come right out and say you can
> reuse the same tokens. Would be kind of goofy if it locked them to a
> particular cluster some how and I don't think that's the case. I was
> hoping for a bit of confirmation though.
>
> Thanks!
>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_____
Disclaimer: This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the designated
addressee(s) named above only. If you are not the intended addressee, you
are hereby notified that you have received this communication in error and
that any use or reproduction of this email or its contents is strictly
prohibited and may be unlawful. If you have received this communication in
error, please notify us immediately by replying to this message and deleting
it from your computer. Thank you.
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110505/c6b4bfa0/attachment.html>
More information about the cisco-voip
mailing list