Embed Size (px)
Citation preview
Cisco SDM v 2.4Installation and User's Guide
Table of ContentsIntroduction................................................................................................................................................1Hardware Requirements for SDM.............................................................................................................1Memory Requirements...............................................................................................................................2PC System Requirements...........................................................................................................................2Downloading SDM....................................................................................................................................2Installation of SDM on a router and/or Windows-Based PC.....................................................................3
SDM Installation on a Windows-based PC...........................................................................................5SDM Installation on a Router................................................................................................................6
Steps to setup the router for SDM Installation.................................................................................6SDM Installation on both Router and Windows-based PC......................................................................10Running SDM from a PC.........................................................................................................................10Running SDM from a Router...................................................................................................................11SDM Express............................................................................................................................................11Further Reading........................................................................................................................................14
IntroductionCisco Security Device Manager (SDM) is a web-based device management tool support the newer Cisco routers and a wide range of IOS images. The process of configuring network and security settings on a router could be simplified by using the smart wizards and advanced configuration support for LAN and WAN configurations, NAT, stateful firewall policy, intrusion prevention, IPSec virtual private network (VPN), easy VPN client and server configurations.
Another feature in SDM is SDM Express. SDM Express can assist the user with the initial router configuration. Once the router is configured, SDM can be used for the normal maintenance of the router.
Hardware Requirements for SDM
Table 1: SDM Supported Cisco Routers and IOS VersionsSDM-Supported Routers SDM-Supported Cisco IOS Versions
Cisco 831 and 837 • 12.2(13)ZH or later • 12.3(2)XA or later • 12.3(2)T or later
Cisco 836 • 12.2(13)ZH or later • 12.3(2)XA or later • 12.3(4)T or later
Cisco 1701 • 12.2(13)ZH or later • 12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) • 12.3(4)T or later
Cisco 1711 and 1712 • 12.2(15)ZL or later • 12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF)
Cisco 1710, 1721, 1751, 1751-v, 1760, and 1760-v • 12.2(13)ZH or later • 12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) • 12.2(13)T3 or later • 12.3(2)T or later • 12.3(1)M or later • 12.2(15)ZJ3 (not available for the 1710 or 1721)
Cisco 1841 • 12.3(8)T4 or later
Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, and 2691
• 12.2(11)T6 or later • 12.3(2)T or later • 12.3(1)M or later • 12.3(4)XD • 12.2(15)ZJ3
Cisco 2801, 2811, 2821 and ,2851 • 12.3(8)T4 or later
Cisco 3640, 3661, and 3662 • 12.2(11)T6 or later • 12.3(2)T or later • 12.3(1)M or later • 12.3(4)XD • 12.2(15)ZJ3
Cisco 3620 • 12.2(11)T6 or later • 12.3(1)M or later
Cisco 3640A • 12.2(13)T3 or later • 12.3(2)T or later • 12.3(1)M or later • 12.3(4)XD
SDM v 2.4 Page 1 Revised on September 8, 2008
• 12.2(15)ZJ3
Cisco 3725 and 3745 • 12.2(11)T6 or later • 12.3(2)T or later • 12.3(1)M or later • 12.3(4)XD • 12.2(15)ZJ3
Cisco 3825 and 3845 • 12.3(11)T or later
Cisco 7204VXR and 7206VXR • 12.3(2)T or later • 12.3(1)M or later SDM does not support B, E, or S train releases on the Cisco 7000 routers.
Cisco 7301 • 12.3(2)T or later • 12.3(3)M or later SDM does not support B, E, or S train releases on the Cisco 7000 routers.
Memory RequirementsA minimum of 6 MB of free memory is required to support all SDM files. 2 MB of router memory is required to support SDM Express when SDM is installed on the PC, and the SDM files on the PC require 5.5 MB.
PC System RequirementsSDM is designed to run on a personal computer that has a Pentium III or faster processor. SDM can be run on a PC running any of the following operating systems:
•Microsoft Windows XP Professional •Microsoft Windows 2003 Server (Standard Edition) •Microsoft Windows 2000 Professional with Service Pack 4 (Windows 2000 Advanced Server is not supported) •Microsoft Windows ME •Microsoft Windows 98 (second edition) •Microsoft Windows NT 4.0 Workstation with Service Pack 4
Japanese, Simplified Chinese, French, German, Spanish, and Italian language support is available on these operating systems:
•Microsoft Windows XP Professional with Service Pack 2 or later •Microsoft Windows 2000 Professional with Service Pack 4 or later
Note: A Windows-based PC is necessary to install SDM. After SDM has been installed on the router, a PC running non-Windows based OS with network connections to the router could access SDM from a web browser.
Downloading SDMThe zip file for SDM can be downloaded from this website:http://www.cisco.com/pcgi-bin/Software/Tablebuild/doftp.pl?ftpfile=pub/web/sdm/SDM-V24.zip&swtype=FCS
SDM v 2.4 Page 2 Revised on September 8, 2008
This zip file contains the SDM client for installation on Windows-based PC and SDM for installation on a compatible router/IOS image.
Installation of SDM on a router and/or Windows-Based PCWhen the file is unzipped, the folder SDM-V24 will be created. The executable file setup could be found in the sdm-v24 folder and the setup process could be started by double-clicking on the setup.exe icon. The Cisco SDM-InstallShield wizard appears after all permission issues are taken care of. The installation process can begin after accepting the license agreement.
SDM v 2.4 Page 3 Revised on September 8, 2008
Step 1: In the sdm-v24 folder, open (double-click) the setup.exe file to start the SDM installation process.
Step 2: Click next on the Welcome Screen to continue.
After accept the license agreement, the user has three choices on how SDM is installed: Windows-based PC, compatible router, or both locations. The first option “This Computer” gives the user the
SDM v 2.4 Page 4 Revised on September 8, 2008
Step 3: To continue with the installation, the user must accept the license agreement by clicking next.
Step 4: Choose an installation option and click next.
ability to use SDM without installing SDM on the router as long as the IOS image/router can support SDM. With this option, SDM is run from a Windows-based PC that meets the memory and hardware requirements. The second option “Cisco Router” allows users to access SDM from any computer using a web browser providing that the user has the right credentials. The third option “Both (computer and router) provides flexibility with how SDM is launched.
SDM Installation on a Windows-based PCInstalling SDM on a Windows-based PC is similar to installing other applications on a PC. The installation wizard will guide the users through all the steps. The user need to decide in which folder to install SDM.
Once the user click install, the installation will start. When the installation is finished, “Cisco Systems” will be listed under Programs in the Start Menu or a short cut to “Cisco SDM” will appear on the
desktop. SDM can be started by double-clicking the desktop icon (if it was installed) or choose “Cisco SDM” under the submenus for “Cisco Systems” in the Start Menu.
SDM v 2.4 Page 5 Revised on September 8, 2008
PC_Installation_Step 1: Choose where to install SDM
SDM Installation on a RouterWith SDM installation on a router, the router has to be configured to communicate with a Windows-based PC.
Steps to setup the router for SDM Installation
Step 1) Set the router Fa0/0 IP address (This is the interface that a PC will connect to using a browser to bring up SDM. The PC IP address should be set to 10.10.10.2 255.255.255.248) NOTE: An SDM router other than the 1841 may require connection to different port in order to access SDM. The IP address in this example is for reference only. Any network addresses will work as long as there is network connection between the router and PC.
Router(config)# interface Fa0/0 Router(config-if)# ip address 10.10.10.1 255.255.255.248 Router(config-if)# no shutdown
2) Enable the HTTP/HTTPS server of the router, using the following Cisco IOS commands: Router(config)#ip http server Router(config)#ip http secure-server Router(config)#ip http authentication local
3)Create a user account with privilege level 15 (enable privileges). Router(config)# username <username> privilege 15 password 0 <password>
SDM v 2.4 Page 6 Revised on September 8, 2008
PC_Installation_Step 2: Click Start to commence the installation process of a Windows-based PC.
Replace <username> and <password> with the username and password that was chosen by the user.
4) Configure SSH and Telnet for local login and privilege level 15: Router(config)# line vty 0 4 Router(config-line)# privilege level 15 Router(config-line)# login local optional: Router(config-line)#logging synchonousRouter(config-line)# transport input telnet Router(config-line)# transport input telnet ssh
Once the router and PC are setup, SDM can be started by executing the setup.exe file in the sdm-v24 folder. The installation wizard will be started and all the security and licensing issues need to be addressed.
In the Install Option dialog box, choose Cisco Router to install SDM on the router's flash memory. In the Router Authentication dialog box, input the address of the router, the username and password that were configured in the router. Click next to start the SDM installation on the router.
SDM v 2.4 Page 7 Revised on September 8, 2008
Router_Installation_Step 1: Choose Cisco Router and click Next
After the wizard had connected to the router, it will prompt the user for the type of SDM installation: typical or custom.
SDM v 2.4 Page 8 Revised on September 8, 2008
Router_Installation_Step 2: Input the IP address of FastEthernet 0/0, privilege level 15 username and password
Router_Installation_Step 3: Most likely, choosing the typical option is appropriate. Then click next.
The Installation Wizard prompts the user to choose the SDM components for installation. The user should verify that there is space available on flash: to install all the components. If more space is needed, Cisco SDM Express is not critical in the general function of SDM. Cisco SDM Express is only used for restoring the router to the default factory settings. Once the components are selected, the Installation Wizard is ready to install SDM on the router.
Once SDM is installed on the router, a user can access the router by using web browser providing that the user has the right credentials.
SDM v 2.4 Page 9 Revised on September 8, 2008
Router_Installation_Step 4: Make sure there is enough memory on the flash and click Next to continue.
Router_Installation_Step 5: Click Install to start the SDM installation.
SDM Installation on both Router and Windows-based PCThe installation option that installs SDM on both router and Windows-based PC has a similar process as installing them separately. Refer to the previous sections for more details.
Running SDM from a PCAfter the SDM installation is completed, SDM can be launched from the short cut on the Desktop or in the Start menu, Program, Cisco Systems.
Note: If the command “ip http secure-server” was configured in the router, the user can choose to click on the check box next to “This device has HTTPS enabled and I want to use it”. With the selection of this check box, SDM may not open.
SDM v 2.4 Page 10 Revised on September 8, 2008
Router_Installation_Step 6: Click Finish to exit the installation.
SDM_PC 1: Input IP Address or Hostname to launch SDM
Once the SDM is launched, a dialog box will prompt for the IP address or the hostname of the desired router. After the IP address or hostname is supplied, the default web browser will open up and another dialog box will ask for the username and password to access the router. For SDM to launch, all the security issues have to be addressed and the popup blocker in the web browser disabled for the router's IP address or hostname.
Running SDM from a RouterTo run SDM from a router, a computer with network connections to the router could access SDM from a web browser with with popup blocker disabled for the router's IP address. Once SDM starts, SDM
will prompt the user for username and password. When logging in for the first time, use the username and password that were configured in the router when setting up the router for SDM installation. The user has to address all the security issues and Cisco Router and Security Device Manager (SDM ) window will start.
Note: If the command “ip http secure-server” was configured in the router, the user can choose OK to continue with SDM with HTTPS when prompted. With choosing HTTPS, SDM may not open. Or the user can click Cancel to continue SDM without using HTTPS.
SDM ExpressSDM Express is used when the router is in the default factory setting. Once the router has been configured, SDM Express will not run until the router is return to the original setting.
SDM can return the router to the default factory setting. After SDM is launched, under the File menu, choose “Return to SDM Express can only be run from the router installed version of SDM. When
SDM v 2.4 Page 11 Revised on September 8, 2008
SDM_Router 1: To run SDM from a web browser, the popup blocker has to be disabled for the router's IP address.
SDM_PC 2: Input Username and Password
SDM is running, under the File menu, choose “Reset to factory default”. Another way to reset the router is to click on the Configure button and then choose Additional Tasks. Then choose Reset to factory default, and it will be listed under Configuration Management.
It is important to note the instruction in the dialog box because the PC will disconnect from the router and the running configurations on the router will be erased unless the configurations are saved on the PC or other storage devices.
When ready, click on the Reset Router. A Warning dialog box will appear and click Yes to continue to reset the router. SDM will need to be closed while the router is resetting. Once the router is reset, SDM can be opened again using the default factory settings.
After the router has been reset, the IP address on the PC has to be changed to 10.10.10.2 with a subnet
mask of 255.255.255.248 to reconnect to the router. To access SDM again on the router, open a web browser that points to https://10.10.10.1 and log on with the username cisco and password cisco. When the credentials are verified, SDM Express will now open for configurations. Once the router is configured, SDM Express will not launched again unless the router has been reset to default factory settings. SDM will launched in place of SDM Express for normal maintenance.
SDM v 2.4 Page 12 Revised on September 8, 2008
SDM_Express 1: Resetting the router to factory settings
SDM v 2.4 Page 13 Revised on September 8, 2008
SDM_Express 2: Another way to reset to Factory Setting under the Additional Task menu. Also note in step 2, an explanation of what will happen when the router is reset to default factory settings. Click Reset Router when ready.
SDM_Express 3: Waring message before resetting the router and click Yes to continue with resetting
Further ReadingQuick Overview:http://www.cisco.com/go/sdm
Product Information:http://www.cisco.com/en/US/prod/collateral/routers/ps5318/product_data_sheet0900aecd800fd118.htmlhttp://www.cisco.com/en/US/docs/routers/7200/maintain_and_operate/security_device_mgr_guide.7200.7301/sdm7k2_3.ht
mlhttp://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr
24.html#wp36442http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr
241.html#wp35444
To download the last SDM version 2.4.1 go to the following URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm
To download the last SDM version 2.4 go to the following URL: http://www.cisco.com/pcgi-bin/Software/Tablebuild/doftp.pl?ftpfile=pub/web/sdm/SDM-V24.zip&swtype=FCS
System Requirements:http://www.cisco.com/univercd/cc/td/doc/product/software/sdm/sdmi21.htm
SDM v 2.4 Page 14 Revised on September 8, 2008
