This example shows
how you can configure the port number 5683 to support a maximum of 10
endpoints.
Device#coap proxy security none ipv4 2.2.2.2 255.255.255.0 port 5683 max-endpoints 10
------------------------------------------------------------------------------------------------
This example shows
how to configure COAP proxy on
ipv4 1.1.0.0
255.255.0.0 with
no security
settings.
Device(config-coap-proxy)# security ?
dtls dtls
none no security
Device(config-coap-proxy)#security none ?
ipv4 IP address range on which to learn lights
ipv6 IPv6 address range on which to learn lights
list IP address range on which to learn lights
Device(config-coap-proxy)#security none ipv4 ?
A.B.C.D {/nn || A.B.C.D} IP address range on which to learn lights
Device(config-coap-proxy)#security none ipv4 1.1.0.0 255.255.0.0
------------------------------------------------------------------------------------------------
This example shows
how to configure COAP proxy on
ipv4 1.1.0.0
255.255.0.0 with
dtls id
trustpoint security settings.
Device(config-coap-proxy)#security dtls ?
id-trustpoint DTLS RSA and X.509 Trustpoint Labels
ipv4 IP address range on which to learn lights
ipv6 IPv6 address range on which to learn lights
list IP address range on which to learn lights
Device(config-coap-proxy)#security dtls id-trustpoint ?
WORD Identity TrustPoint Label
Device(config-coap-proxy)#security dtls id-trustpoint RSA-TRUSTPOINT ?
verification-trustpoint Certificate Verification Label
<cr>
Device(config-coap-proxy)#security dtls id-trustpoint RSA-TRUSTPOINT
Device(config-coap-proxy)#security dtls ?
id-trustpoint DTLS RSA and X.509 Trustpoint Labels
ipv4 IP address range on which to learn lights
ipv6 IPv6 address range on which to learn lights
list IP address range on which to learn lights
Device(config-coap-proxy)# security dtls ipv4 1.1.0.0 255.255.0.0
Note |
For
configuring
ipv4 / ipv6 /
list , the
id-trustpoint
and (optional)
verification-trustpoint , should be pre-configured,
else the system shows an error.
|
------------------------------------------------------------------------------------------------
This example shows
how to configure a Trustpoint. This is a pre-requisite for COAP
security dtls
with
id trustpoint
configurations.
ip domain-name myDomain
crypto key generate rsa general-keys exportable label MyLabel modulus 2048
Device(config)#crypto pki trustpoint MY_TRUSTPOINT
Device(ca-trustpoint)#rsakeypair MyLabel 2048
Device(ca-trustpoint)#enrollment selfsigned
Device(ca-trustpoint)#exit
Device(config)#crypto pki enroll MY_TRUSTPOINT
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
------------------------------------------------------------------------------------------------
This example shows
how to configure COAP proxy on
ipv4 1.1.0.0
255.255.0.0 with
dtls
verification trustpoint (DTLS with certificates or verification
trustpoints)
Device(config-coap-proxy)#security dtls ?
id-trustpoint DTLS RSA and X.509 Trustpoint Labels
ipv4 IP address range on which to learn lights
ipv6 IPv6 address range on which to learn lights
list IP address range on which to learn lights
Device(config-coap-proxy)#security dtls id-trustpoint ?
WORD Identity TrustPoint Label
Device(config-coap-proxy)#security dtls id-trustpoint RSA-TRUSTPOINT ?
verification-trustpoint Certificate Verification Label
<cr>
Device(config-coap-proxy)#security dtls id-trustpoint RSA-TRUSTPOINT verification-trustpoint ?
WORD Identity TrustPoint Label
Device(config-coap-proxy)#security dtls id-trustpoint RSA-TRUSTPOINT verification-trustpoint CA-TRUSTPOINT ?
<cr>
------------------------------------------------------------------------------------------------
This example
shows how to configure Verification Trustpoint. This is a pre-requisite for
COAP
security dtls
with
verification
trustpoint configurations.
Device(config)#crypto pki import CA-TRUSTPOINT pkcs12 flash:hostA.p12 password cisco123
% Importing pkcs12...
Source filename [hostA.p12]?
Reading file from flash:hostA.p12
CRYPTO_PKI: Imported PKCS12 file successfully.
------------------------------------------------------------------------------------------------
This example shows
how to create a list named trial-list, to be used in the security [ none | dtls
] command options.
Device(config-coap-proxy)#list ipv4 trial_list
Device (config-coap-proxy-iplist)#1.1.0.0 255.255.255.0
Device (config-coap-proxy-iplist)#2.2.0.0 255.255.255.0
Device (config-coap-proxy-iplist)#3.3.0.0 255.255.255.0
Device (config-coap-proxy-iplist)#exit
Device (config-coap-proxy)#security none list trial_list
------------------------------------------------------------------------------------------------
This example shows
all the negation commands available in the coap-proxy sub mode.
Device(config-coap-proxy)#no ?
ip-list Configure IP-List
max-endpoints maximum number of endpoints supported
port-unsecure Specify a port number to use
port-dtls Specify a dtls-port number to use
resource-discovery Resource Discovery Server
security CoAP Security features
------------------------------------------------------------------------------------------------
This example shows
how you can configure multiple IPv4/IPv6 static-endpoints on the coap proxy.
Device (config)# coap endpoint ipv4 1.1.1.1
Device (config)# coap endpoint ipv4 2.1.1.1
Device (config)# coap endpoint ipv6 2001::1
------------------------------------------------------------------------------------------------
This example shows
how you can display the COAP protocol details.
Device#show coap version
CoAP version 1.0.0
RFC 7252
------------------------------------------------------------------------------------------------
Device#show coap resources
Link format data =
</>
</1.1.1.6/cisco/context>
</1.1.1.6/cisco/actuator>
</1.1.1.6/cisco/sensor>
</1.1.1.6/cisco/lldp>
</1.1.1.5/cisco/context>
</1.1.1.5/cisco/actuator>
</1.1.1.5/cisco/sensor>
</1.1.1.5/cisco/lldp>
</cisco/flood>
</cisco/context>
</cisco/showtech>
</cisco/lldp>
------------------------------------------------------------------------------------------------
Device#show coap globals
Coap System Timer Values :
Discovery : 120 sec
Cache Exp : 5 sec
Keep Alive : 120 sec
Client DB : 60 sec
Query Queue: 500 ms
Ack delay : 500 ms
Timeout : 5 sec
Max Endpoints : 10
Resource Disc Mode : POST
------------------------------------------------------------------------------------------------
Device#show coap stats
Coap Stats :
Endpoints : 2
Requests : 20
Ext Queries : 0
------------------------------------------------------------------------------------------------
Device#show coap endpoints
List of all endpoints :
Code : D - Discovered , N - New
# Status Age(s) LastWKC(s) IP
-------------------------------------------------------------------------
1 D 10 94 1.1.1.6
2 D 6 34 1.1.1.5
Endpoints - Total : 2 Discovered : 2 New : 0
------------------------------------------------------------------------------------------------
Device#show coap dtls-endpoints
# Index State String State Value Port IP
---------------------------------------------------------------
1 3 SSLOK 3 48969 20.1.1.30
2 2 SSLOK 3 53430 20.1.1.31
3 4 SSLOK 3 54133 20.1.1.32
4 7 SSLOK 3 48236 20.1.1.33
------------------------------------------------------------------------------------------------
This example shows
all options available to debug the COAP protocol.
Device#debug coap ?
all Debug CoAP all
database Debug CoAP Database
errors Debug CoAP errors
events Debug CoAP events
packet Debug CoAP packet
trace Debug CoAP Trace
warnings Debug CoAP warnings