Cisco SDM (Security Device Manager) is a commonly used administrative tool for configuring Cisco Routers out of the box with limited command line knowledge. While many network engineers prefer configuring Cisco devices via command line, some users enjoy the simplicity of a web configuration GUI. In this lab you will configure the prerequisites for the Cisco SDM installation and then install Cisco SDM by the Windows SDM installation wizzard.
SDM is typically frowned upon by the majority of the network engineering community but SDM does have several benifits. Cisco SDM allows for individuals to deploy, configure and monitor in real time Cisco Devices with limited or no command line knowledge. This allows for users with limited or no Cisco experince to maintain a Cisco router via a web configuration GUI. SDM utilizes HTTPS for secure web management.
- This Lab requires the Cisco SDM setup files which are available for download at the Cisco Software Center. (Check Downloads for a link to the SDM Demo)
- An established telnet, ssh or console session to a supported Cisco device.
- A ethernet interface configured with an IP address and subnet to allow for remote SDM installation via the SDM setup wizzard. (You should be able to ping the device from a computer)
- Configure IP HTTP & HTTPS Server and use HTTP Local Authentication.
- Configure a username and password with level 15 privileges. (Username:cisco / Password:cisco)
- Configure the virtual terminal lines to authenticate locally and accept Telnet & SSH Sessions only.
- OPTIONAL: Enable local logging to support the log monitoring function.
- Install Cisco SDM (Security Device Manager) via the Windows Setup Wizzard.
Step 1: First you need to download the SDM zip file from the Cisco Software Center, extract the ZIP file to a folder on your desktop. (ftp://ftp.cisco.com/pub/web/sdm/)
Step 2: You need to configure the router prerequisites to accept the SDM configuration from the SDM Installation wizzard from within windows. Enable HTTP Server, HTTPS Server and configure HTTP authentication to authenticate to the local user database, this is done in global configuration mode.
Router(config)#ip http server
Router(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
*Apr 3 15:24:35.450: %SSH-5-ENABLED: SSH 1.99 has been enabled.
*Apr 3 15:24:40.675: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate
Router(config)#ip http authentication local
Step 3: Now create a username with level 15 privileges
Router(config)#username cisco privilege 15 secret cisco
Step 4: Configure the Virtual Terminal lines to authenticate locally and accept Telnet & SSH sessions.
Router(config)#line vty 0 4
Router(config-line)#transport input telnet ssh
Step 5: OPTIONAL: Enable local logging to support the log monitoring function.
Router(config)#logging buffered 52100 warning
Step 6: Click the SDM setup executable in the folder which you extracted the SDM zip file(s) to. Click next once the Cisco SDM Installation Wizzard appears.
Step 7: You must accept Cisco’s License agreement to use this software. Once you accept click next.
Step 8: Move the bullet down to the "Cisco Router" selection and click next.
Step 9: Input the IP address of the router as well as the username and password which you created that has level 15 privileges. In you have followed this lab then the username and password configured is cisco / cisco. After you click next, The SDM Installation Wizzard will attempt to connect to the router, if you receive an error then you may have incorrectly configured the SDM Installation prerequisites or have a firewall blocking the installation.
Step 10: Once the Installation wizzard has successfully connected to the route you will be given the option to install the typical or custom packages. Select the Custom Bullet and click next.
Step 11: Check mark the "SDM: Install Cisco Router and Security Device Manager." option and click next.
Step 12: Now you are ready to install Cisco SDM onto your Cisco Device. Clck "Install" to start the installation.
Step 13: Once the installation has finished you can check the "Launch Cisco SDM" if you wish to start the SDM immediately, if not then you can type the routers IP address into a web browser and launch SDM that way.