![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-41.png\")
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2023\/11\/2.TFTP-Server-option.jpg\")
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2023\/11\/3.Advanced-TFTP-Options.jpg\")
I tested this procedure on 1702 and 2702, but i’m pretty sure that, it works well for 1700, 2700 also, with the same image file. For 1600 model line you need firmware starting with ap1g2<\/strong>.<\/p>\n\n\n\n Establish the serial connection between AP and your PC, if you power AP on, some text should appear in the console.<\/p>\n\n\n\n Power AP off, press and hold<\/strong> MODE button, power AP on and wait for message: “button is pressed, wait for button to be released…<\/strong>“<\/p>\n\n\n\n Release button and now router is in image recovery mode:<\/p>\n\n\n\n Press ENTER and type ap commands: Now we erase file system by command format flash:<\/strong> to have enough space for new image and for clearing old configuration. It takes about minute, wait for ap:<\/strong> to be displayed show. Next step is downloading and extracting image file shared on your TFTP server. You have to know IP address of your, computer (in my case its’s 10.40.1.130) where TFTP server is running (dont forget enable it in firewall or disable firewall). It takes about 10 minutes.<\/p>\n\n\n\n Now you can lok at flash:<\/em> file system using dir flash:<\/strong> command, set new boot image and finally reboot the device.<\/p>\n\n\n\n After reboot and some time, you can see respone with current name of AP like this: NameOfAP><\/strong><\/p>\n\n\n\n Now is possible to run commands to configure. You can always pres ? <\/strong>to see available commands:<\/p>\n\n\n You can check your configuration by command show ip interface brief<\/strong><\/p>\n\n\n\n <\/p>\n\n\n Now you should be able to ping the AP and run web GUI at http:\/\/10.40.1.133 (your adress off course). The web GUI sometimes acting strange, if you are not sure whatt exactly is happening, refresh the page. Username and password is Cisco <\/strong>and Cisco<\/strong><\/p>\n\n\n As first step, from the top menu choose Network<\/strong> -> (on the left panel) Network interface -> IP Address <\/strong>and set the Defult gateway<\/strong>:<\/p>\n\n\n You can also configure or disable IPv6 protocol at the same place.<\/p>\n\n\n\n Now follow these steps to configure and enable radios with WPA encryption<\/p>\n\n\n\n Security <\/strong>-> Encryption Manager<\/strong> -> Encryption Modes<\/strong> part: Now the APs’ SSID should be visible.<\/p>\n\n\n\n Xou can also store your configuration to a text file via Software -> System Configuration<\/strong><\/p>\n\n\n\n Here is video<\/strong><\/a> I followed for converting to autonomous mode<\/p>\n\n\n\n Here is the video<\/a><\/strong> I followed when I was configuring AP via GUI. <\/p>\n\n\n\n Cisco help<\/a> page and other<\/a> help page<\/p>\n\n\n\n Videoo with configuring IP – setting IP<\/a><\/p>\n\n\n\n Configure WPA2 via command line<\/a> (video)<\/p>\n\n\n\n Another cisco help page<\/a><\/p>\n\n\n\n Configure WPA2 via command line<\/a> (video)<\/p>\n\n\n\n Some APs have broken web GUI – all Save\/Aply actions are unsuccessfull, followed by 404 not found<\/strong> error. So it’s need to be configured via CLI.<\/p>\n\n\n\n Following comads set manualy SSID, enable WPA authentication and enable both 2.4Ghz and 5GHz radios. Type only parts after #<\/strong> sign.<\/p>\n\n\n\n Here is the source (for note only):<\/p>\n\n\n\n 404 discussion<\/a> 404 certificate workaround<\/a><\/p>\n\n\n\n This is how to configure Cisco AIR-CAP1702, AIR-CAP2702 as autonomous (standalone) access point. This have to be done by using another firmware image which offers web-based GUI. What we need is: I tested this procedure on 1702 and 2702, but … Continued<\/a><\/p>\n","protected":false},"author":1,"featured_media":1991,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"kt_blocks_editor_width":"","pgc_sgb_lightbox_settings":"","footnotes":""},"categories":[8],"tags":[],"class_list":["post-1837","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nezarazene"],"_links":{"self":[{"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/posts\/1837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1837"}],"version-history":[{"count":47,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/posts\/1837\/revisions"}],"predecessor-version":[{"id":2144,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/posts\/1837\/revisions\/2144"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=\/wp\/v2\/media\/1991"}],"wp:attachment":[{"href":"https:\/\/www.klokocka.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.klokocka.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The procedure<\/h3>\n\n\n\n
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-29.png\")
<\/figure>\n\n\n\n
(lines marked with \/\/<\/strong> are my comments, do not type them)<\/p>\n\n\n\n\/\/Set ip address of acces point\nset IP_ADDR 10.40.1.133\nset NETMASK 255.255.255.0\nset DEFAULT_ROUTER 10.40.1.1\n\/\/Don't worry if you cannot ping it from PC\n\n\/\/Enable necessary functions\ntftp_init\nether_init\nflash_init<\/pre>\n\n\n\n
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-30.png\")
<\/figure>\n\n\n\n
(Before that, you can look at file system by command dir flash:<\/strong>)<\/p>\n\n\n\n\/\/Format file system\nformat flash:<\/pre>\n\n\n\n
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-31.png\")
<\/figure>\n\n\n\ntar -xtract tftp:\/\/10.40.1.130\/ap3g2-k9w7-tar.153-3.JH.tar flash:<\/pre>\n\n\n\n
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-32.png\")
\/\/Let's look at the file system\ndir flash:\n\/\/Set boot image\nset boot flash:\/ap3g2-k9w7-mx.153-3.JH\n\/\/View set parameters\nset\n\/\/reboot\nboot\n\n\/\/some models need boot setting command in this form:\n\/\/set boot flash:\/ap3g2-k9w7-mx.153-3.JH\/ap3g2-k9w7-mx.153-3.JH<\/pre>\n\n\n
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-33.png\")
<\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-34.png\")
Set IP Address and Hostname<\/h3>\n\n\n\n
\/\/Unlock configuration commands (password is Cisco)\nenable\n\n\/\/Enter configuration mode and selecting network interface to configure\nconfigure terminal\n\/\/select interface\ninterface bvi1\n\/\/setting ip address of AP\nip address 10.40.1.133 255.255.255.0\nip default-gateway 10.40.1.1\n\/\/after this, it escapes from interface, so again...\ninterface bvi1\nno shutdown\n\/\/exit from interface\nexit\n\/\/setting new hostname (name of AP)\nhostname MyNewCiscoAP\n\/\/exit from configure mode\nexit\nwrite mmemory<\/pre>\n\n\n
![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-37.png\")
<\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-38.png\")
<\/figure>\n<\/div>\n\n\nSet system time<\/h3>\n\n\n\n
\/\/set the right clock and NTP servers\nshow clock\n\/\/clock set 12:32:00 21 december 2022 (optional manual setting of clock)\n\nconfigure terminal\nsntp server 195.113.144.201 \/\/tik.cesnet.cz\nsntp server 195.113.144.238 \/\/tak.cesnet.cz\nsntp server 217.197.91.176 \/\/0.pool.ntp.org\nsntp server 37.221.199.157 \/\/2.pool.ntp.org\nsntp broadcast client\nclock timezone Prague 1 \/\/ 1 means UTC+1\nexit\nshow clock\nshow sntp\n\/\/save settings\nwrite memory<\/pre>\n\n\n\n
Configuration GUI<\/h3>\n\n\n\n
Sometimes you have to wait <\/strong> until forms are filled with data.
<\/p>\n\n\n\n![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-36.png\")
<\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.klokocka.info\/wp-content\/uploads\/2022\/12\/image-39.png\")
<\/figure>\n<\/div>\n\n\n
-> choose Cipher<\/strong>
-> select AES CCMP<\/strong>
-> click Aply All<\/strong> button
Security<\/strong> -> SSID Manager<\/strong> -> SSID Properties<\/strong> part:
-> write SSID:<\/strong> (i.e. TestAP)
-> check desired radios (Radio0-802.11N 2.4GHz<\/strong> or Radio0-802.11AC GHz<\/strong> or both)
-> click Apply<\/strong> buttown (down)
Security<\/strong> -> SSID Manager<\/strong>:
SSID Properties<\/strong> part:
-> Current SSID List<\/strong> -> select your SSID (i.e. TestAP)
Client Authenticated Key Management<\/strong> part:
-> Key Management <\/strong>-> select Mandatory<\/strong>
-> check Enable WPA<\/strong> (or WPAv2 – sometimes it is not allowed)
-> WPA Pre-shared Key:<\/strong> -> write your password for SSID
-> click Apply<\/strong> buton within the curent part of page (there is another one down there)
Network<\/strong> -> Network Interface<\/strong> ->
-> Radio0-802.11N 2.4GHz<\/strong> -> Settings<\/strong> (on top) -> Enable Radio:<\/strong> -> choose Enable<\/strong> -> click Apply<\/strong>
(and the same for Radio0-802.11AC 5GHZ<\/strong> radio)
Security<\/strong> -> SSID Manager<\/strong> -> Guest Mode\/Infrastructure SSID Settings<\/strong> part:
-> choose Single BSSID<\/strong> option
-> Set Single Guest Mode SSID:<\/strong> -> select yout AP name (i.e. TestAP)
(and the same for second radio)
And finaly click Save Configuration<\/strong> on the top right corner of the page<\/p>\n\n\n\nLinks<\/h3>\n\n\n\n
Web GUI “404 not found” error workaround (not solved – just use command line configuration instead)<\/h3>\n\n\n\n
\/\/Setting SSID\nMyNewCiscoAP#configure terminal\nMyNewCiscoAP(config)#dot11 ssid YOUR_NEW_SSID\nMyNewCiscoAP(config-ssid)#authentication open\nMyNewCiscoAP(config-ssid)#authentication key-management wpa\nMyNewCiscoAP(config-ssid)#guest-mode\nMyNewCiscoAP(config-ssid)#wpa-psk ascii YOUR_WIFI_PASSWORD\n\n\/\/Enable 2G radio\nMyNewCiscoAP(config-ssid)#interface Dot11Radio0\nMyNewCiscoAP(config-if)#encryption mode ciphers aes-ccm\nMyNewCiscoAP(config-if)#ssid YOUR_NEW_SSID\nMyNewCiscoAP(config-if-ssid)#no shut\n\n\/\/Enable 5G radio\nMyNewCiscoAP(config-ssid)#interface Dot11Radio1\nMyNewCiscoAP(config-if)#encryption mode ciphers aes-ccm\nMyNewCiscoAP(config-if)#ssid YOUR_NEW_SSID\nMyNewCiscoAP(config-if-ssid)#no shut\n\n\/\/Save config\nMyNewCiscoAP(config-if-ssid)#exit\nMyNewCiscoAP(config-if)exit\nMyNewCiscoAP#write memory\n\n\/\/reboot\nMyNewCiscoAP#reload\n<\/pre>\n\n\n\n
\/\/here is the source\n\/\/https:\/\/www.hjgode.de\/wp\/2015\/11\/10\/how-to-enable-wpa2-psk-aes-on-cisco-ap1231g\/\n---------------------------------\nThe normal documented way to enable WPA2-PSK is:\n\nconfigure terminal\ndot11 ssid <SSID_NAME>\nauthentication open\nauthentication key-management wpa version 2\nguest-mode\nwpa-psk ascii <SSID_PASSWORD>\n!\ninterface Dot11Radio0\nencryption mode ciphers aes-ccm\nssid <SSID_NAME>\nno shutdown\n!\nEvery time I got an error entering this line:\n\nAP1(config-ssid)#authentication key-management wpa version 2\n ^ \n% Invalid input detected at '^' marker.\nThe trick is to ignore the \u201cversion 2\u201d. The software will automatically use WPA2 when you enter \u201caes-ccm\u201d as the encryption mode cipher. So instead of the above use the following config commands:\n\nconfigure terminal\ndot11 ssid <SSID_NAME>\nauthentication open\nauthentication key-management wpa\nguest-mode\nwpa-psk ascii <SSID_PASSWORD>\n!\ninterface Dot11Radio0\nencryption mode ciphers aes-ccm\nssid <SSID_NAME>\nno shutdown\n!\nThanks to Cisco not mentioning that in there standard documenation and thanks for one or two guys pointing that out in internet.<\/pre>\n\n\n\n
<\/p>\n\n\n\ncrypto key generate rsa general-keys\n\nAP# configure terminal\nAP(config)# hostname ap3600\nAP(config)# ip domain name company.com\nAP(config)# ip name-server 10.91.107.18\nAP(config)# ip http secure-server\nAP(config)# end\n<\/pre>\n\n\n\n
3PO_AP#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#ip http server\n3PO_AP(config)#crypto pki server IOS-CA\n3PO_AP(cs-server)#grant auto\n3PO_AP(cs-server)#database level complete\n3PO_AP(cs-server)#o shut\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP(cs-server)#no shut\n%Some server settings cannot be changed after CA certificate generation.\n% Please enter a passphrase to protect the private key\n% or type Return to exit\nPassword: \n\nRe-enter password: \n% Password do not match - Aborted\n\n3PO_AP(cs-server)#no shut \n%Some server settings cannot be changed after CA certificate generation.\n% Please enter a passphrase to protect the private key\n% or type Return to exit\nPassword: \n\nRe-enter password: \n% Generating 1024 bit RSA keys, keys will be non-exportable...\n[OK] (elapsed time was 1 seconds)\n\n% Certificate Server enabled.\n3PO_AP(cs-server)#show crypto pki server IOS-CA Certificates\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP(cs-server)#show crypto pki server IOS-CA Certificates\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP(cs-server)#exit\n3PO_AP(config)#exit\n3PO_AP#show crypto pki server IOS-CA Certificates\nSerial Issued date Expire date Subject Name\n1 12:55:22 UTC Dec 21 2022 12:55:22 UTC Dec 20 2025 cn=IOS-CA\n\n3PO_AP#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#ip domain name strabag.cz\n3PO_AP(config)#ip name server 8.8.8.8\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP(config)#ip name-server 8.8.8.8\n3PO_AP(config)#ip http secure-server\n3PO_AP(config)#end\n3PO_AP#show crypto pki server IOS-CA Certificates\nSerial Issued date Expire date Subject Name\n1 12:55:22 UTC Dec 21 2022 12:55:22 UTC Dec 20 2025 cn=IOS-CA\n\n3PO_AP#crypto pki authenticate \n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP#config term\nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#crypto pki authenticate \n% Incomplete command.\n\n3PO_AP(config)#crypto pki authenticate ?\n WORD CA Server Name\n\n3PO_AP(config)#crypto pki authenticate IOS-CA\n% Please delete your existing CA certificate first.\n% You must use 'no crypto pki trustpoint <trustpoint-name>' to delete the CA certificate.\n3PO_AP(config)#crypto pki trustpoint TEST\n3PO_AP(ca-trustpoint)#enrollment url http:\/\/192.168.100.5:80 \n3PO_AP(ca-trustpoint)#subject-name CN=TEST\n3PO_AP(ca-trustpoint)#revocation-check none\n3PO_AP(ca-trustpoint)#rsakeypair TEST\n3PO_AP(ca-trustpoint)#exit\n3PO_AP(config)#crypto pki auth TEST\n3PO_AP(config)#crypto pki auth TEST\nCertificate has the following attributes:\n Fingerprint MD5: 55E5D63C F583C887 78781D6A F9501CE7 \n Fingerprint SHA1: 4E6D9099 4D45FAC3 B3175939 30EA4508 574F1422 \n\n% Do you accept this certificate? [yes\/no]: y\nTrustpoint CA certificate accepted.\n3PO_AP(config)#crypto pki enroll TEST\n%\n% Start certificate enrollment .. \n% Create a challenge password. You will need to verbally provide this\n password to the CA Administrator in order to revoke your certificate.\n For security reasons your password will not be saved in the configuration.\n Please make a note of it.\n\nPassword: \nRe-enter password: \n\n% The subject name in the certificate will include: CN=TEST\n% The subject name in the certificate will include: 3PO_AP.strabag.cz\n% Include the router serial number in the subject name? [yes\/no]: yes\n% The serial number in the certificate will be: FCW1903N2B1\n% Include an IP address in the subject name? [no]: no\nRequest certificate from CA? [yes\/no]: yes\n% Certificate request sent to Certificate Authority\n% The 'show crypto pki certificate verbose TEST' commandwill show the fingerprint.\n\n3PO_AP(config)#show crypto pki certificate verbose TEST\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP(config)#exit\n3PO_AP#show crypto pki certificate verbose TEST\nCertificate\n Status: Available\n Version: 3\n Certificate Serial Number (hex): 02\n Certificate Usage: General Purpose\n Issuer: \n cn=IOS-CA\n Subject:\n Name: 3PO_AP.strabag.cz\n Serial Number: FCW1903N2B1\n serialNumber=FCW1903N2B1+hostname=3PO_AP.strabag.cz\n cn=TEST\n Validity Date: \n start date: 13:07:48 UTC Dec 21 2022\n end date: 13:07:48 UTC Dec 21 2023\n Subject Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (512 bit)\n Signature Algorithm: SHA1 with RSA Encryption\n Fingerprint MD5: 75744E01 3CB87745 2B6B1EEE 3B910E56 \n Fingerprint SHA1: 2D2E158C 0D4E0D3C 06BED720 96012CF9 CB9D736A \n X509v3 extensions:\n X509v3 Key Usage: A0000000\n Digital Signature\n Key Encipherment\n X509v3 Subject Key ID: AD9F0B7F D975484D 8C57FD71 0EF14E31 F89D64BE \n\n X509v3 Authority Key ID: 0A3B4200 022FE4F4 011DFAE6 DA39E288 9ACB50D2 \n Authority Info Access:\n Associated Trustpoints: TEST \n Key Label: TEST\n\nCA Certificate\n Status: Available\n Version: 3\n Certificate Serial Number (hex): 01\n Certificate Usage: Signature\n Issuer: \n cn=IOS-CA\n Subject: \n cn=IOS-CA\n Validity Date: \n start date: 12:55:22 UTC Dec 21 2022\n end date: 12:55:22 UTC Dec 20 2025\n Subject Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (1024 bit)\n Signature Algorithm: MD5 with RSA Encryption\n Fingerprint MD5: 55E5D63C F583C887 78781D6A F9501CE7 \n Fingerprint SHA1: 4E6D9099 4D45FAC3 B3175939 30EA4508 574F1422 \n X509v3 extensions:\n X509v3 Key Usage: 86000000\n Digital Signature\n Key Cert Sign\n CRL Signature\n X509v3 Subject Key ID: 0A3B4200 022FE4F4 011DFAE6 DA39E288 9ACB50D2 \n X509v3 Basic Constraints:\n CA: TRUE\n\n X509v3 Authority Key ID: 0A3B4200 022FE4F4 011DFAE6 DA39E288 9ACB50D2 \n Authority Info Access:\n Associated Trustpoints: TEST IOS-CA \n\n\n3PO_AP#write memory\nBuilding configuration...\n[OK]\n3PO_AP#cofig term\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP#config term\nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#ip domain name 192.168.100.5\n% IP: Bad domain name format - Configuring anyway\n3PO_AP(config)#ip http secure-server\n3PO_AP(config)#no shut\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP(config)#exit\n3PO_AP#show clock\n13:11:29.207 UTC Wed Dec 21 2022\n3PO_AP#clock timezone ?\n% Unrecognized command\n3PO_AP#configure term \nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#clock ?\n initialize Initialize system clock on restart\n save backup of clock with NVRAM\n summer-time Configure summer (daylight savings) time\n timezone Configure time zone\n\n3PO_AP(config)#clock timezone ?\n WORD name of time zone\n\n3PO_AP(config)#clock timezone prague\n% Incomplete command.\n\n3PO_AP(config)#clock timezone prague ?\n <-23 - 23> Hours offset from UTC\n\n3PO_AP(config)#clock timezone prague 1\n3PO_AP(config)#clock timezone praguggg\n% Incomplete command.\n\n3PO_AP(config)#clock timezone praguggg 1\n%Time zone name is limited to 7 characters\n\n3PO_AP(config)#clock timezone sdg 1 \n3PO_AP(config)#clock timezone sdg 1\n3PO_AP#show clock \n14:17:52.144 sdg Wed Dec 21 2022\n3PO_AP#config term\nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#clock timezone Prague 1 \n3PO_AP(config)#exit\n3PO_AP#show clock\n14:18:24.639 Prague Wed Dec 21 2022\n3PO_AP#show clock ?\n detail Display detailed information\n | Output modifiers\n <cr>\n\n3PO_AP#show clock timezone\n ^\n% Invalid input detected at '^' marker.\n\n3PO_AP#show clock ? \n detail Display detailed information\n | Output modifiers\n <cr>\n\n3PO_AP#show clock detail\n14:18:49.382 Prague Wed Dec 21 2022\nTime source is SNTP\n3PO_AP#config term\nEnter configuration commands, one per line. End with CNTL\/Z.\n3PO_AP(config)#crypto key generate rsa general-keys\nThe name for the keys will be: 3PO_AP.192.168.100.5\nChoose the size of the key modulus in the range of 360 to 4096 for your\n General Purpose Keys. Choosing a key modulus greater than 512 may take\n a few minutes.\n\nHow many bits in the modulus [512]: 1024\n% Generating 1024 bit RSA keys, keys will be non-exportable...\n[OK] (elapsed time was 1 seconds)\n\n3PO_AP(config)#ca generate rsa key 1024\n<\/pre>\n","protected":false},"excerpt":{"rendered":"