SDM is a web-based application, implemented with Java that
manages the basic administration and security features on a Cisco router. SDM
is installed in the router’s flash memory and is remotely accessed from an
administrator’s desktop using a web browser with Java and Secure Sockets Layer
(SSL) (HTTPS). Originally, Cisco developed SDM for small office/home office
(SOHO) networks, where the administrator performing the configuration is
probably not familiar with Cisco's CLI.
SDM was designed by Cisco to allow you to perform basic
administration functions and to manage the security features of your router.
SDM cannot perform all functions that can be performed from the CLI, such as
the configuration of complex QoS policies or the Border Gateway Protocol (BGP)
routing protocol, to name a couple. Nor are all interface types supported
within SDM, such as ISDN and dialup. However, for the features and interface
types not supported, you can still configure these from the CLI of the
router.Likewise, most troubleshooting tasks are still done from the CLI with
show and debug commands.
PC Requirements
·
Operating System Xp, Vista, Server 2000, ( not Advance server),
Server2003
·
Internet browser Internet Explorer higher then 5.6, Mozilla
firefox
·
Java installed. Minimally you'll need version 1.4.2(08) of Sun's
Java Runtime Environment (JRE).
·
Minimum screen resolution of 1024x768.
·
(a resolution lower than this will not allow you to view the
entire Java-based screen).
·
On your router, you'll minimally need IOS version 12.2 for SDM
to function; and depending
·
on the version of SDM, you will need between 5MB and 8MB of
available flash on your router.
The
default user account and passwords in the sdmconfig-xxxx.cfg file
included with SDM are sdm and sdm—don't use these! Change them before copying
and pasting the configuration from the sdmconfig file into the router. Everyone
knows these passwords, and these are the first passwords an attacker will guess
to break into the router.
SDM Security Device Manager File Descriptions
Filename
|
Description
|
common.tar
|
Support file for SDM
|
securedesktop-ios-xxxx-k9.pkg
|
Cisco Secure Desktop (CSD)
client software for the SSL VPN client, where xxxx represents the version
number of CSD
|
sslclient-win-xxxx.pkg
|
SSL VPN Client (SVC)
tunneling software, where xxxx represents the version of SVC
|
es.tar
|
Application file for SDM
|
home.shtml
|
Support HTML file for SDM
|
home.tar
|
Support file for SDM
|
sdmconfig-xxxx.cfg
|
Default router
configuration with commands necessary to access SDM, where xxxx represents
the model number of the router
|
wlanui.tar
|
Wireless application setup
program for a radio module installed in the router
|
sdm.tar
|
SDM application file
|
xxxx.sdf
|
IPS signature files (some
common names are attack-drop.sdf, 128MB.sdf, 256MB.sdf, and sdmips.sdf)
|
Necessary Router Configuration
Step
1 Enable the HTTP and HTTPS servers on
your router by entering the following commands in global configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000
Step
2 Create a user account defined with
privilege level 15 (enable privileges). Enter the following command in global
configuration mode, replacing username and password with the strings that you
want to use:
Router(config)# username username privilege 15 secret 0 password
For
example, if you chose the username admin and the password vinita, you would
enter the following:
Router(config)# username admin privilege 15 secret 0 vinita
You
will use this username and password to log in to Cisco SDM.
Step
3 Configure SSH and Telnet for local login
and privilege level 15. Use the following commands:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Step
4 Assign ip address to Fast Ethernet port.
This will be used to access this router
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Accessing SDM
Cisco
SDM is stored in the router flash memory. It is invoked by executing an HTML
file in the router archive, which then loads the signed Cisco SDM Java file. To
launch Cisco SDM, complete the following steps:
Step
1 From your browser, enter the following
URL:
https://<router IP address>
In our example it would be
https://192.168.1.1
The
https:// designation specifies that SSL protocol be used for a secure
connection. The http:// designation can be used if SSL is not available.
Step
2 The Cisco SDM home page will appear in
the browser window. The username and password dialog box will appear. The type
and shape of the dialog box will depend on the type of browser that you are
using. Enter the username and password for the privileged (privilege level 15)
account on your router. The Cisco SDM Java applet will begin loading to your
PC's web browser.
Step
3 Cisco SDM is a signed Java applet. This
can cause your browser to display a security warning. Accept the certificate.
Cisco SDM displays the Launch page.
No comments:
Post a Comment