• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Auto-update on Cisco 897 (might work on 887, 877, 867?)

Started by postipuuntie, January 27, 2017, 06:00:26 AM

Previous topic - Next topic


Since I have been using Hurricane IPv6 tunnel on four different Cisco platform (877, 887, 867VAE and 897) for few years, I have seen certain problems with auto-update and certificate installation is sometimes major PITA.

However, my current router 897 and IOS (15.2.(4)M4) seems to update endpoint correctly, without need to manually install certificate. Here is software information from show hard-command:
Cisco897VA#sh hard
Cisco IOS Software, C800 Software (C800-UNIVERSALK9_NPE-M), Version 15.2(4)M4, RELEASE SOFTWARE

Solution for keeping certificate current is really simple, issue the following commands in config mode (conf term):
crypto pki trustpoint tunnelbroker
enrollment url http://www.tunnelbroker.net:80
revocation-check crl

These commands fetch tunnelbroker-certificate automatically and checks validity. I found this purely accidentally, when I tried to find easier way to manage site-certificate.