SDM Security Device Manager
SDM is a web-based application, implemented with Java that manages the basic administration and security features on a Cisco router. SDM is installed in the router’s flash memory and is remotely accessed from an administrator’s desktop using a web browser with Java and Secure Sockets Layer (SSL) (HTTPS). Originally, Cisco developed SDM for small office/home office (SOHO) networks, where the administrator performing the configuration is probably not familiar with Cisco's CLI.
SDM was designed by Cisco to allow you to perform basic administration functions and to manage the security features of your router. SDM cannot perform all functions that can be performed from the CLI, such as the configuration of complex QoS policies or the Border Gateway Protocol (BGP) routing protocol, to name a couple. Nor are all interface types supported within SDM, such as ISDN and dialup. However, for the features and interface types not supported, you can still configure these from the CLI of the router.Likewise, most troubleshooting tasks are still done from the CLI with show and debug commands.
PC Requirements
- Operating System Xp, Vista, Server 2000, ( not Advance server), Server2003
- Internet browser Internet Explorer higher then 5.6, Mozilla firefox
- Java installed. Minimally you'll need version 1.4.2(08) of Sun's Java Runtime Environment (JRE).
- Minimum screen resolution of 1024x768.
- (a resolution lower than this will not allow you to view the entire Java-based screen).
- On your router, you'll minimally need IOS version 12.2 for SDM to function; and depending
- on the version of SDM, you will need between 5MB and 8MB of available flash on your router.
SDM Security Device Manager File Descriptions
| Filename | Description |
| common.tar | Support file for SDM |
| securedesktop-ios-xxxx-k9.pkg | Cisco Secure Desktop (CSD) client software for the SSL VPN client, where xxxx represents the version number of CSD |
| sslclient-win-xxxx.pkg | SSL VPN Client (SVC) tunneling software, where xxxx represents the version of SVC |
| es.tar | Application file for SDM |
| home.shtml | Support HTML file for SDM |
| home.tar | Support file for SDM |
| sdmconfig-xxxx.cfg | Default router configuration with commands necessary to access SDM, where xxxx represents the model number of the router |
| wlanui.tar | Wireless application setup program for a radio module installed in the router |
| sdm.tar | SDM application file |
| xxxx.sdf | IPS signature files (some common names are attack-drop.sdf, 128MB.sdf, 256MB.sdf, and sdmips.sdf) |
Necessary Router Configuration
Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global configuration mode:Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip http server Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000
Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the following command in global configuration mode, replacing username and password with the strings that you want to use:
Router(config)# username username privilege 15 secret 0 password
For example, if you chose the username admin and the password vinita, you would enter the following:
Router(config)# username admin privilege 15 secret 0 vinita
You will use this username and password to log in to Cisco SDM.
Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands:
Router(config)# line vty 0 4 Router(config-line)# privilege level 15 Router(config-line)# login local Router(config-line)# transport input telnet ssh Router(config-line)# exit
Step 4 Assign ip address to Fast Ethernet port. This will be used to access this router
Router(config)#interface fastethernet 0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown
Accessing SDM
Cisco SDM is stored in the router flash memory. It is invoked by executing an HTML file in the router archive, which then loads the signed Cisco SDM Java file. To launch Cisco SDM, complete the following steps:Step 1 From your browser, enter the following URL:
https://The https:// designation specifies that SSL protocol be used for a secure connection. The http:// designation can be used if SSL is not available.In our example it would be https://192.168.1.1
Step 2 The Cisco SDM home page will appear in the browser window. The username and password dialog box will appear. The type and shape of the dialog box will depend on the type of browser that you are using. Enter the username and password for the privileged (privilege level 15) account on your router. The Cisco SDM Java applet will begin loading to your PC's web browser.
Step 3 Cisco SDM is a signed Java applet. This can cause your browser to display a security warning. Accept the certificate. Cisco SDM displays the Launch page.
No comments:
Post a Comment