I have a new 2901 router on the bench and configured it for secure operation. Technical support has verified the configuration is correct. The symptom when I do create cnf command on a single file I get the error message:
“Error: Required feature is not enabled”
and the "sgn" files are not created.
Has anyone seen this message or problem?
running-config:
version 15.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
service sequence-numbers
!
hostname VOIP
!
boot-start-marker
boot-end-marker
!
!
logging queue-limit 10000
logging buffered 10000000
logging rate-limit 10000
no logging console
no logging monitor
!
no aaa new-model
clock timezone PST -8 0
clock summer-time PDT recurring
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 172.23.1.1 172.23.1.10
ip dhcp excluded-address 172.23.0.1 172.23.1.10
ip dhcp excluded-address 172.23.1.100 172.23.255.255
!
ip dhcp pool PHONES
network 172.23.0.0 255.255.0.0
default-router 172.23.1.1
option 150 ip 172.23.1.1
!
!
!
no ip domain lookup
ip domain name voip.com
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
capf-server
cert-enroll-trustpoint ca_company_system password 1 050513032D015D1D0B0C1915
trustpoint-label cucme_capf_tftp_sast1
source-addr 172.23.1.1
!
ctl-client
server capf 172.23.1.1 trustpoint cucme_capf_tftp_sast1
server cme 172.23.1.1 trustpoint cucme_capf_tftp_sast1
server tftp 172.23.1.1 trustpoint cucme_capf_tftp_sast1
sast1 trustpoint cucme_capf_tftp_sast1
sast2 trustpoint sast2
!
cts logging verbose
!
crypto pki server ca_company_system
database level complete
no database archive
grant auto
database url flash:
!
crypto pki trustpoint TP-self-signed-978007948
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-978007948
revocation-check none
rsakeypair TP-self-signed-978007948
!
crypto pki trustpoint ca_company_system
revocation-check none
rsakeypair ca_company_system
!
crypto pki trustpoint cucme_capf_tftp_sast1
serial-number
revocation-check none
rsakeypair cucme_capf_tftp_sast1 1024 1024
!
crypto pki trustpoint sast2
serial-number
revocation-check none
rsakeypair sast2 1024 1024
!
!
crypto pki certificate chain TP-self-signed-978007948
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39373830 30373934 38301E17 0D313431 31323831 34353131
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3937 38303037
39343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B99072E6 CC350A76 D6FDCF93 AC0685CE CAC164F2 F25A64A0 D7D7343E B318CC97
1BE4F372 3496AEBA 99E01AAA F393D326 86FD7927 FAED9568 298B4F48 A8688AA9
847E817E CD9625E4 402B969F DDBBC22C 6B7A6F30 4C15ED9F 61EE4849 A882EEA7
C25637B8 EB85E3CB 58EDD1A7 659AF9D3 49ACEDB4 D442CDAF DCCDA891 246C115F
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680146D 0A529869 C16A71AB 95FF7859 DD7860D6 54975030 1D060355
1D0E0416 04146D0A 529869C1 6A71AB95 FF7859DD 7860D654 9750300D 06092A86
4886F70D 01010505 00038181 0047A54A 15C5FFF7 0FA64677 B37B76B6 378F2106
7567F1AD 4CFEC208 3B271F82 9B0B95CA B7F7FFC9 B088B23F A79B2AB1 13F0FE64
42807C7A 0DC4D859 85E4A3D2 7AAC717B 4CDEB78E DC95D151 77B06620 CF09F154
EB4D9D69 5D3D1F2B B9CF9EC7 2D83D2C8 19D529DC 5B309C71 9D1C76D9 BBC086BE
523B2E47 80C1AD1C F9B8F982 3A
quit
crypto pki certificate chain ca_company_system
certificate ca 01
3082020D 30820176 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3634305A 170D3138 30393238 31393136 34305A30 1A311830
16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 819F300D 06092A86
4886F70D 01010105 0003818D 00308189 02818100 A100D2E7 F6D514C3 36BE02CE
B259655C 4593F6B0 59C0B98C 48151FAE A0B8DC60 873C3EB0 8F6BF68E 72592068
A103A03F 818DDB3E BB9BDA81 16734C08 BB774670 816CF00D B15274C1 91928D66
C8D5621C BC86A1A1 62A43D15 2CF9CB26 172DFB5E BFD6661A 8311CD97 5C9B4045
C48BF049 60F422CE A3A7B052 D5A33CB6 EEA0A46D 02030100 01A36330 61300F06
03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F
0603551D 23041830 16801446 128424A4 C3FE9E98 F82A11A3 368EFEE9 BFBFC830
1D060355 1D0E0416 04144612 8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8300D
06092A86 4886F70D 01010405 00038181 00779F65 A57DE157 A24FD303 55DCAA4B
58E90E52 2C4BD4AA 53B26D82 2DEFD90C 9B2FB66F 349B4FF0 EC474EE8 A927D025
37D3AA3D 38F6FADD 2B829D30 F08B2842 BAFE0384 9ED99D2B 3431DC87 31219291
5EDF3226 19F1EFCB 4698DB9C 899650E2 181440A3 A7C2394A D8D1D7BB F8036AFB
F9798DEC 94A76B8E D41ACE8A 72794F51 76
quit
crypto pki certificate chain cucme_capf_tftp_sast1
certificate 03
30820220 30820189 A0030201 02020103 300D0609 2A864886 F70D0101 05050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3830335A 170D3136 30393238 31393138 30335A30 41313F30
12060355 0405130B 464A4331 38343841 31364E30 2906092A 864886F7 0D010902
161C4553 5445524C 494E455F 564F4950 2E657374 65726C69 6E652E63 6F6D3081
9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 818100BA BD9A1DB8
BEC7EF84 C4035778 354214B4 F51E4D2D B55F1FA1 11F089FF 487F4626 59E79BA4
521BAEE9 C99295EB 6C843A44 4FBB36D1 C8067243 F2E35464 A9A31584 40562D43
4E45C910 B0202FA7 94F144EF A8B8EE58 6E9B3268 BB8C144A 2FD6E21C EA194725
B7927546 9A891952 A3564DBE C7FC71C5 ABB2A18E 38125AE9 A0704702 03010001
A34F304D 300B0603 551D0F04 04030205 20301F06 03551D23 04183016 80144612
8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8301D 0603551D 0E041604 142EA085
A916F716 EAE22F75 C26C866E 87040050 47300D06 092A8648 86F70D01 01050500
03818100 0EE1A054 86D50A12 D6F1A588 6925DFC8 37212D8C 22A35229 0D3AE30B
79D34218 30FAB519 7FDFD0B9 E1BBBA49 1902C50E 6266ECF9 F8B84EB2 3CA650D1
8AEA9F28 420A7E69 DA826514 DA008AA1 9A0963D7 F60C98E6 0C613257 77987929
53296E5A 1A011F9D 1BE79301 CC0A675F 0616281C E02BEB88 ABA00A3E 36330C7C EAB55949
quit
certificate 02
30820220 30820189 A0030201 02020102 300D0609 2A864886 F70D0101 05050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3735315A 170D3136 30393238 31393137 35315A30 41313F30
12060355 0405130B 464A4331 38343841 31364E30 2906092A 864886F7 0D010902
161C4553 5445524C 494E455F 564F4950 2E657374 65726C69 6E652E63 6F6D3081
9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 818100A7 99E39BFE
7A1C5E33 3F67A3C9 8276A693 B6B62DA8 1565EC9D 6E3C361E 690F751D 4D28BB81
F4663487 449D2CA8 35749D6C 3503CCB7 637307EF 45820DE0 C2566228 CA7B2B53
E603CDAE 623360A0 FB4B0DA6 E34F720A 76212245 0A078388 02715C00 DD3BA9D6
AD720B0B 71DC2E55 50D008C0 853438BB 812A4F38 14E11BCE 0950B702 03010001
A34F304D 300B0603 551D0F04 04030207 80301F06 03551D23 04183016 80144612
8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8301D 0603551D 0E041604 14464AB9
A6CD1822 6401CB01 AD7234D3 C5DD5693 99300D06 092A8648 86F70D01 01050500
03818100 40F5B19D 8DEF540A 228BE50A 556CC74C C34BE80E 1FA164C3 8AADD6FA
F02F7843 B55B4FB5 E6B8A292 803455B7 013C3459 1F274B5E 17EBE894 DA2F7EE7
F1FC8B99 32197B00 2B460550 1C682874 52376C41 8AAB53EC 2F850B3F 93DB94C8
E27993CB 04B4A1FF B1FD8DDF BE9E8443 0E322CBC 18FAA8B3 BFA4A595 5FF352CF C13B78E0
quit
certificate ca 01
3082020D 30820176 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3634305A 170D3138 30393238 31393136 34305A30 1A311830
16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 819F300D 06092A86
4886F70D 01010105 0003818D 00308189 02818100 A100D2E7 F6D514C3 36BE02CE
B259655C 4593F6B0 59C0B98C 48151FAE A0B8DC60 873C3EB0 8F6BF68E 72592068
A103A03F 818DDB3E BB9BDA81 16734C08 BB774670 816CF00D B15274C1 91928D66
C8D5621C BC86A1A1 62A43D15 2CF9CB26 172DFB5E BFD6661A 8311CD97 5C9B4045
C48BF049 60F422CE A3A7B052 D5A33CB6 EEA0A46D 02030100 01A36330 61300F06
03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F
0603551D 23041830 16801446 128424A4 C3FE9E98 F82A11A3 368EFEE9 BFBFC830
1D060355 1D0E0416 04144612 8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8300D
06092A86 4886F70D 01010405 00038181 00779F65 A57DE157 A24FD303 55DCAA4B
58E90E52 2C4BD4AA 53B26D82 2DEFD90C 9B2FB66F 349B4FF0 EC474EE8 A927D025
37D3AA3D 38F6FADD 2B829D30 F08B2842 BAFE0384 9ED99D2B 3431DC87 31219291
5EDF3226 19F1EFCB 4698DB9C 899650E2 181440A3 A7C2394A D8D1D7BB F8036AFB
F9798DEC 94A76B8E D41ACE8A 72794F51 76
quit
crypto pki certificate chain sast2
certificate 05
30820220 30820189 A0030201 02020105 300D0609 2A864886 F70D0101 05050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3934365A 170D3136 30393238 31393139 34365A30 41313F30
12060355 0405130B 464A4331 38343841 31364E30 2906092A 864886F7 0D010902
161C4553 5445524C 494E455F 564F4950 2E657374 65726C69 6E652E63 6F6D3081
9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 8181009C 70C00A04
DA4ED32B 924BF977 B9688556 B3108F8B CEA69060 28E43393 BD2CA45C 3B1BA39B
A0713BDE 31F5EC6E 2A2F92CB E6A2B6B0 AD8C78FA AE81F530 12BF1BF7 462F0FB9
889E54DC F19BA261 A499920F D334A525 B31AB265 CB0E4600 833E16A2 8050CC6E
7C5C1F15 74C10DB8 F56A70D5 1E720A1D CFD33B4B 144B9004 10FC2D02 03010001
A34F304D 300B0603 551D0F04 04030205 20301F06 03551D23 04183016 80144612
8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8301D 0603551D 0E041604 142AF8DB
5AF2206E 4E819C02 3A6EF581 83E9B946 D3300D06 092A8648 86F70D01 01050500
03818100 89FEC10E 2951CD7B 131888F0 9381BBBA 4C056609 DF700F39 0D6097EA
1D83EA5E 06609464 7F3AE59C AB5FC1CA 1F8D86EA EC97B26B DF439E8C B9888ADF
A92E8F7B 3E54BFB2 0B5D7304 026B2F7C 0EE33181 CAF1368C D9E01D9D 1316AE7D
62B45214 8D86B9B3 C633ED42 1ED07FC4 80285D0C 99A5F2D9 DC14F1C7 E5643BA7 29C4E0ED
quit
certificate 04
30820220 30820189 A0030201 02020104 300D0609 2A864886 F70D0101 05050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3933345A 170D3136 30393238 31393139 33345A30 41313F30
12060355 0405130B 464A4331 38343841 31364E30 2906092A 864886F7 0D010902
161C4553 5445524C 494E455F 564F4950 2E657374 65726C69 6E652E63 6F6D3081
9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 818100E8 1C8765C5
CC287F4D 38663F2B 93B090B7 CB08682C 31E36DD3 B31D8C0A 602B4025 5630F059
B3A0510B 7CE8B389 B6FFFCAD C4A2AD2C 82795B4A B9282354 0F589F5D BAD842B6
AC4FE2EE A6E5F182 1BB6CFC5 9FC7C5CA E90EABCD 131F7562 23000583 D37BFEC9
DB3ADA19 268C6EC4 28E899A2 41E5E708 4E1879E1 60B13AE0 48921B02 03010001
A34F304D 300B0603 551D0F04 04030207 80301F06 03551D23 04183016 80144612
8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8301D 0603551D 0E041604 14644785
A0D4AB40 370B02DB 76891BE0 F6BA53C4 31300D06 092A8648 86F70D01 01050500
03818100 401E39D8 949E88AF 5FB68F63 E85D1B54 1DF0A585 77A26363 CE1A447B
0CEDC28E AE25780C 2A1D7446 C8FAF2E1 AA1E8977 2189785E 7685A7BE 683CD7EC
3F8A8787 1B1EA9CE 4B851711 C365A57A 11792F1E D14D6716 9B774285 7BFFFC73
D735B757 517E523D 9D3B82A9 E8FAEBE4 D522FD58 A5CFB3AF 2C78DAE5 38912D1E 10E2D114
quit
certificate ca 01
3082020D 30820176 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
1A311830 16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 1E170D31
35303932 39313931 3634305A 170D3138 30393238 31393136 34305A30 1A311830
16060355 04030C0F 63615F70 616C6F6D 61725F63 64637330 819F300D 06092A86
4886F70D 01010105 0003818D 00308189 02818100 A100D2E7 F6D514C3 36BE02CE
B259655C 4593F6B0 59C0B98C 48151FAE A0B8DC60 873C3EB0 8F6BF68E 72592068
A103A03F 818DDB3E BB9BDA81 16734C08 BB774670 816CF00D B15274C1 91928D66
C8D5621C BC86A1A1 62A43D15 2CF9CB26 172DFB5E BFD6661A 8311CD97 5C9B4045
C48BF049 60F422CE A3A7B052 D5A33CB6 EEA0A46D 02030100 01A36330 61300F06
03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F
0603551D 23041830 16801446 128424A4 C3FE9E98 F82A11A3 368EFEE9 BFBFC830
1D060355 1D0E0416 04144612 8424A4C3 FE9E98F8 2A11A336 8EFEE9BF BFC8300D
06092A86 4886F70D 01010405 00038181 00779F65 A57DE157 A24FD303 55DCAA4B
58E90E52 2C4BD4AA 53B26D82 2DEFD90C 9B2FB66F 349B4FF0 EC474EE8 A927D025
37D3AA3D 38F6FADD 2B829D30 F08B2842 BAFE0384 9ED99D2B 3431DC87 31219291
5EDF3226 19F1EFCB 4698DB9C 899650E2 181440A3 A7C2394A D8D1D7BB F8036AFB
F9798DEC 94A76B8E D41ACE8A 72794F51 76
quit
voice-card 0
!
!
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
call start slow
sip
bind control source-interface GigabitEthernet0/0
bind media source-interface GigabitEthernet0/0
registrar server expires max 600 min 60
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
!
!
voice iec syslog
voice register global
mode cme
source-address 172.23.1.1 port 5060
max-dn 200
max-pool 42
load 7821 sip78xx.10-3-1-12
load 7841 sip78xx.10-3-1-12
authenticate register
authenticate realm voip.com
tftp-path flash:
create profile sync 0006443631505042
!
voice register dn 1
number 1001
pickup-call any-group
name Phone 1
label Phone 1 - 1001
!
voice register dn 2
number 1002
pickup-call any-group
name Phone 2
label Phone 2 - 1002
!
voice register dn 3
number 1003
pickup-call any-group
name Phone 3
label Phone 3 - 1003
!
voice register dn 4
number 1004
pickup-call any-group
name Phone 4
label Phone 4 - 1004
!
voice register dn 5
number 3001
pickup-call any-group
name MicroSIP 1
label MicroSIP 1 - 3001
!
voice register dn 6
number 3002
pickup-call any-group
name MicroSIP 2
label MicroSIP 2 - 3002
!
voice register pool 1
busy-trigger-per-button 1
id mac 204C.9EB3.BB6C
type 7821
number 1 dn 1
dtmf-relay rtp-nte
username phone1 password phone1
description Phone 1
codec g711ulaw
!
voice register pool 2
busy-trigger-per-button 1
id mac 204C.9EB3.BB26
type 7821
number 1 dn 2
dtmf-relay rtp-nte
username phone2 password phone2
description Phone 2
codec g711ulaw
!
voice register pool 3
busy-trigger-per-button 1
id mac 204C.9EB3.BB1A
type 7821
number 1 dn 3
dtmf-relay rtp-nte
username phone3 password phone3
description Phone 3
codec g711ulaw
!
voice register pool 4
busy-trigger-per-button 1
id mac 204C.9EB3.BF9B
type 7821
number 1 dn 4
dtmf-relay rtp-nte
username phone4 password phone4
description Phone 4
codec g711ulaw
!
voice register pool 5
busy-trigger-per-button 1
id mac CCCC.CCCC.CCCC
number 1 dn 5
dtmf-relay sip-notify
username microsip1 password microsip1
description MicroSIP 1
codec g711ulaw
!
voice register pool 6
busy-trigger-per-button 1
id mac DDDD.DDDD.DDDD
number 1 dn 6
dtmf-relay sip-notify
username microsip2 password microsip2
description MicroSIP 2
codec g711ulaw
!
!
!
!
!
license udi pid CISCO2901/K9 sn FJC1848A16N
license accept end user agreement
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!
username bcsadmin privilege 15 password 7 143C0706032609187D716265
username cisco privilege 15 password 7 1511021F07252A20253A3B
!
redundancy
notification-timer 60000
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description **ETH-LAN**
ip address 172.23.1.1 255.255.0.0
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
logging trap debugging
!
!
tftp-server flash:/78xx/kern78xx.10-3-1-12.sbn alias kern78xx.10-3-1-12.sbn
tftp-server flash:/78xx/kern2.78xx.10-3-1-12.sbn alias kern2.78xx.10-3-1-12.sbn
tftp-server flash:/78xx/rootfs2.78xx.10-3-1-12.sbn alias rootfs2.78xx.10-3-1-12.sbn
tftp-server flash:/78xx/sboot78xx.10-3-1-12.sbn alias sboot78xx.10-3-1-12.sbn
tftp-server flash:/78xx/sip78xx.10-3-1-12.loads alias sip78xx.10-3-1-12.loads
tftp-server flash:/78xx/sboot2.78xx.10-3-1-12.sbn alias sboot2.78xx.10-3-1-12.sbn
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
sccp local GigabitEthernet0/0
!
!
!
!
sip-ua
!
!
!
gatekeeper
shutdown
!
!
telephony-service
secure-signaling trustpoint ca_company_system
tftp-server-credentials trustpoint tftp
server-security-mode non-secure
device-security-mode encrypted
max-ephones 42
max-dn 200
ip source-address 172.23.1.1 port 2000
calling-number initiator
timeouts interdigit 3
system message Voip
cnf-file location flash:
cnf-file perphone
time-zone 5
max-conferences 8 gain -6
call-forward pattern .T
web admin system name ciscoadmin password cisco
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
secondary-dialtone 9
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn 1
number 2001 no-reg primary
label Cisco Softphone - 2001
name Cisco Softphone
!
!
ephone-dn 2
number 2002 no-reg primary
label Cisco Softphone - 2002
name Cisco Softphone
!
!
ephone 1
device-security-mode encrypted
mac-address AAAA.AAAA.AAAA
type CIPC
button 1:1
!
!
!
ephone 2
device-security-mode encrypted
mac-address BBBB.BBBB.BBBB
type CIPC
button 1:2
!
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end