Cisco Security Device Manager Overview

This section of the chapter excerpt introduces Security Device Manager (SDM) and how to configure, launch and navigate it.

By: Michael Watkins, Kevin Wallace

Solution provider takeaway: The CCNA Security Official Exam Ceritifcation Guide is a Cisco exam study guide that focuses specifically on the objectives of the CCNA Security IINS exam. This chapter of the book introduces some of the features of Cisco Security Device Manager.

Download the .pdf of the chapter here.

Cisco IOS routers support many features (including security features) that require complex configurations. To aid in a number of these configuration tasks, Cisco introduced the Cisco Security Device Manager (SDM) interface. This section introduces SDM, discusses how to configure and launch SDM, and how to navigate the SDM wizards.

Introducing SDM

Cisco SDM provides a graphical user interface (GUI) for configuring a wide variety of features on an IOS router, as shown in Figure 3-3. Not only does SDM offer multiple "smart wizards," but configuration tutorials also are provided. Even though SDM stands for Security Device Manager, several nonsecurity features also can be configured via SDM, such as routing and quality-of-service (QoS) features.

Some newer Cisco routers come with SDM preinstalled, but SDM needs to be installed on other supported platforms. Go to http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm to download the current version of SDM and its release notes. Cisco SDM offers the following benefits:

  • SDM's smart wizards use Cisco TAAC best-practice recommendations for a variety of configuration scenarios.
  • SDM intelligently determines an appropriate security configuration based on what it learns about a router's configuration (for example, a router's interfaces, NAT configuration and existing security configuration).
  • SDM supports multiple security features such as wizard-based VPN configuration, router security auditing, and One-Step Lockdown configuration.
  • SDM, which is supported in Cisco IOS 12.2(11)T6 and later, does not impact a router's DRAM or CPU.

Preparing to Launch Cisco SDM

If you plan to run SDM on a router that does not already have SDM installed, you need to install SDM either from a CD accompanying the router or from a download from the Cisco IOS Software Center. The installation is wizard-based. You are prompted to install SDM either on an administrator's PC, in the router's flash, or both.

SDM can connect to the managed router using secure HTTP (that is, HTTPS). The commands shown in Table 3-10 can be used to configure the router for HTTP support. Example 3-20 illustrates the use of these commands.

Command Function
Router(config)# ip http server Enables an HTTP server on a router
Router(config)# ip http secureserver Enables a secure HTTP (HTTPS) server on a
router
Router(config)# ip http
authentication local
Configures a local authentication method for
accessing the HTTPS server
Router(config)# username
name privilege 15 secret 0
password
Configures a username and password to be used for
authentication local to the router

Example 3-20 HTTPS Server Configuration for R1
R1(config)# ip http server
R1(config)# ip http secure-server
R1(config)# ip http authentication local
R1(config)# username kevin privilege 15 secret 0 cisco

To verify that the required SDM files are installed on a router, you can issue the show flash command. The output of this command should show, at a minimum, the following SDM files:

  • Sdmconfig-router_platform.cfg
  • Sdm.tar
  • Es.tar
  • Common.tar
  • Home.shtml
  • Home.tar

If you run SDM from a router's flash, as opposed to running SDM from a PC, the first time you connect to the router via a browser, you are taken to the Cisco SDM Express interface. Specifically, on a new router that has SDM installed, you point your browser to http:// 10.10.10.1. Alternatively, on an existing router, you point your browser to an active IP address on the router. Cisco SDM Express guides you through the initial SDM configuration on a router. Subsequent connections to your router via a browser take you directly to SDM, as opposed to Cisco SDM Express. However, if you run SDM from a PC, you can launch Cisco SDM by choosing Start > Programs > Cisco Systems > Cisco SDM.

Exploring the Cisco SDM Interface

Notice the toolbar across the top of the SDM page, as highlighted in Figure 3-4. You can use this toolbar to navigate between the Home, Configure, and Monitor views.

The Home view provides summary information about the router platform. For example, this summary information shows you the router model, memory capacity, flash capacity, IOS version, and an interface summary.

After clicking the Configure button, you see a screen similar to the one shown in Figure 3-5. Notice the wizards available in the Tasks bar. Available configuration wizards are described in Table 3-11.

Cisco SDM Wizard Description
Interfaces and Connections Helps you configure LAN and WAN interfaces
Firewall and ACL Supports the configuration of basic and advanced IOSbased
firewalls
VPN Helps you configure a secure site-to-site VPN, Cisco
Easy VPN Server, Cisco Easy VPN Remote, and
DMVPN
Security Audit Identifies potential security vulnerabilities in a router's
current configuration and tweaks the router's
configuration to eliminate those weaknesses
Routing Allows an administrator to modify and view routing
configurations for the RIP, OSPF, or EIGRP routing
protocols
NAT Helps you configure Network Address Translation
(NAT)
Intrusion Prevention Walks an administrator through the process of
configuring an IOS-based IPS
Quality of Service Provides wizards for configuring Network Admission
Control (NAC) features such as Extensible
Authentication Protocols (EAP)
NAC Helps you configure NAC

In addition to the configuration wizards, notice the Additional Tasks button, as shown in Figure 3-6.

Advanced administrators can use graphical interfaces to configure these additional tasks.
Examples of these tasks are DHCP configuration, DNS configuration, and AAA configuration.

After clicking the Monitor button, you see a screen similar to the one shown in Figure 3 7. Clicking the various buttons in the Tasks bar allows you to monitor the status of various router features. Examples are firewall status, VPN status, and IPS status.

This chapter has introduced SDM. Subsequent chapters will detail how you can leverage SDM to configure a variety of security options. For exam purposes, you should be comfortable with navigating the various SDM screens and performing basic configuration tasks.


CCNA Security Official Exam Ceritifcation Guide
  Defending the perimeter
  Password-protecting a router
  Configuring privilege levels
  Cisco Security Device Manager overview

About the book

CCNA Security Official Exam Ceritifcation Guide is an exam prep book that focuses on the objectives for the CCNA Security IINS exam. Purchase the book from Prentice Hall.

Copyright 2008, Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.

This was first published in October 2008

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close