SDM is a web-based application, implemented with Java that manages the basic administration and security features on a Cisco

router. SDM is installed in the routers flash memory and is remotely accessed from an administrators desktop using a web browser with Java and Secure Sockets Layer (SSL) (HTTPS). Originally, Cisco developed SDM for small office/home office (SOHO) networks, where the administrator performing the configuration is probably not familiar with Cisco's CLI. SDM was designed by Cisco to allow you to perform basic administration functions and to manage the security featuresof your router. SDM cannot perform all functions that can be performed from the CLI, such as the configuration of complex QoS policies or the Border Gateway Protocol (BGP) routing protocol, to name a couple. Nor are all interface types supported within SDM, such as ISDN and dialup. However, for the features and interface types not supported, you can still configure these from the CLI of the router.Likewise, most troubleshooting tasks are still done from the CLI with show and debug commands. PC Requirements

Operating System Xp, Vista, Server 2000, ( not Advance server), Server2003 Internet browser Internet Explorer higher then 5.6, Mozilla firefox Java installed. Minimally you'll need version 1.4.2(08) of Sun's Java Runtime Environment (JRE). Minimum screen resolution of 1024x768. (a resolution lower than this will not allow you to view the entire Java-based screen). On your router, you'll minimally need IOS version 12.2 for SDM to function; and depending on the version of SDM, you will need between 5MB and 8MB of available flash on your router.

The default user account and passwords in the sdmconfig-xxxx.cfg file included with SDM are sdm and sdmdon't use these! Change them before copying and pasting the configuration from the sdmconfig file into the router. Everyone knows these passwords, and these are the first passwords an attacker will guess to break into the router.

SDM Security Device Manager File Descriptions

Filename
common.tar securedesktop-iosxxxx-k9.pkg sslclient-winxxxx.pkg es.tar home.shtml home.tar sdmconfig-xxxx.cfg wlanui.tar sdm.tar

Description Support file for SDM Cisco Secure Desktop (CSD) client software for the SSL VPN client, where xxxx represents the version number of CSD SSL VPN Client (SVC) tunneling software, where xxxx represents the version of SVC Application file for SDM Support HTML file for SDM Support file for SDM Default router configuration with commands necessary to access SDM, where xxxx represents the model number of the router Wireless application setup program for a radio module installed in the router SDM application file

xxxx.sdf

IPS signature files (some common names are attack-drop.sdf, 128MB.sdf, 256MB.sdf, and sdmips.sdf)

Necessary Router Configuration

Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global configuration mode: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip http server Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000 Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the following command in global configuration mode, replacing username and password with the strings that you want to use: Router(config)# username username privilege 15 secret 0 password For example, if you chose the username admin and the password vinita, you would enter the following:
Router(config)# username admin privilege 15 secret 0 vinita

You will use this username and password to log in to Cisco SDM. Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands: Router(config)# line vty 0 4 Router(config-line)# privilege level 15 Router(config-line)# login local Router(config-line)# transport input telnet ssh Router(config-line)# exit Step 4 Assign ip address to Fast Ethernet port. This will be used to access this router Router(config)#interface fastethernet 0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown

Accessing SDM

Cisco SDM is stored in the router flash memory. It is invoked by executing an HTML file in the router archive, which then loads the signed Cisco SDM Java file. To launch Cisco SDM, complete the following steps: Step 1 From your browser, enter the following URL: https://<router IP address> In our example it would be https://192.168.1.1 The https:// designation specifies that SSL protocol http:// designation can be used if SSL is not available. be used for a secure connection. The

Step 2 The Cisco SDM home page will appear in the browser window. The username and password dialog box will appear. The type and shape of the dialog box will depend on the type of browser that you are using. Enter the username and password for the privileged (privilege level 15) account on your router. The Cisco SDM Java applet will begin loading to your PC's web browser.

Step 3 Cisco SDM is a signed Java applet. This can cause your browser to display a security warning. Accept the certificate. Cisco SDM displays the Launch page.

Search ComputerNetworkingNotes.com
Top of Form

Search

Bottom of Form