Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Author Topic: Auto-update on Cisco 897 (might work on 887, 877, 867?)  (Read 3344 times)


  • Newbie
  • *
  • Posts: 1
Auto-update on Cisco 897 (might work on 887, 877, 867?)
« on: January 27, 2017, 06:00:26 AM »

Since I have been using Hurricane IPv6 tunnel on four different Cisco platform (877, 887, 867VAE and 897) for few years, I have seen certain problems with auto-update and certificate installation is sometimes major PITA.

However, my current router 897 and IOS (15.2.(4)M4) seems to update endpoint correctly, without need to manually install certificate. Here is software information from show hard-command:
Cisco897VA#sh hard
Cisco IOS Software, C800 Software (C800-UNIVERSALK9_NPE-M), Version 15.2(4)M4, RELEASE SOFTWARE

Solution for keeping certificate current is really simple, issue the following commands in config mode (conf term):
crypto pki trustpoint tunnelbroker
 enrollment url
 revocation-check crl

These commands fetch tunnelbroker-certificate automatically and checks validity. I found this purely accidentally, when I tried to find easier way to manage site-certificate.