Cisco Router and Security Device Manager Quick Start Guide

Cisco Router and Security Device Manager (SDM) is an easy-to-use device management tool that allows you to configure Cisco IOS security features and network connections through an intuitive web-based graphical user interface. This quick start guide shows you how to connect your PC to your router and begin using SDM.

SDM runs under Firefox 1.0.3, Internet Explorer version 5.5 or later, and under Netscape 7.1 on a PC that is running Microsoft Windows XP, Windows 2000, Windows 2003, Windows ME, or Windows NT 4.0 (with Service Pack 4). SDM supports Java plug-in version 1.4.2_05 and later.

Translated Versions of This Document

Translated versions of this document are available in the following languages: German, Dutch, French, Spanish, and Italian.

•

Die Deutsche Version dieses Dokuments finden Sie unter http://www.cisco.com/go/sdm. Klicken Sie im linken Rahmen auf Technical Documentation.

•

Une version française de ce document est disponible à partir du lien suivant: http://www.cisco.com/go/sdm

•

Este documento está disponible en español a través de http://www.cisco.com/go/sdm. Haga clic en Technical Documentation en el margen izquierdo.

•

Una versione italiana di questo documento è disponibile a http://www.cisco.com/go/sdm. Fare clic su Technical Documentation nel riquadro di sinistra.

Task 1: Install Interface Cards, and Cable the Router

Before SDM can be used to configure the router, you must install all the necessary hardware accessories that are applicable to your router, such as WAN interface cards (WICs), network modules (NMs), or advanced interface module (AIM) cards that you will use to connect to the network. Refer to the quick start guide for your router for instructions on installing these interface cards, cabling the router, and verifying that all the connections are working properly.

Task 2: Configure Your PC, and Connect It to the Router

You have to set up the PC to communicate with SDM. SDM is shipped with a default configuration file that assigns an IP address to a LAN interface on the router, and you must configure the PC to be on the same subnet as the router LAN interface.

First determine whether your router is configured as a Dynamic Host Configuration Protocol (DHCP) server or not.

Is Your Router Configured as a DHCP Server?

If you have one of the routers listed in Table 1, the router is configured as a DHCP server. Configure the PC to obtain an IP address and a Domain Name System (DNS) server IP address automatically, as shown in Figure 1. Connect the Ethernet port on the PC with the router port shown in Table 1.

Table 1 Routers Configured as DHCP Servers
Router Model	Cable Type	Connect the Ethernet Cable to the Port Shown
SB101 SB106 SB107 Cisco 831 Cisco 836 Cisco 837	Straight-through (packed with router)
SB101 SB106 SB107 Cisco 831 Cisco 836 Cisco 837	Straight-through (packed with router)
		Connect to any ETHERNET 10BASE T port.
Cisco 850 series Cisco 870 series	Straight-through (packed with router)
Cisco 850 series Cisco 870 series	Straight-through (packed with router)
		Connect to any LAN port.
Cisco 1701 Cisco 1710	Crossover, or straight-through with Ethernet switch
Cisco 1701 Cisco 1710	Crossover, or straight-through with Ethernet switch
		Connect to 10/100 Ethernet.
Cisco 1711 Cisco 1712	Straight-through (packed with router)
Cisco 1711 Cisco 1712	Straight-through (packed with router)
		Connect to any ACT Lnk port.
Cisco 1801 Cisco 1802 Cisco 1803 Cisco 1811 Cisco 1812	Straight-through (packed with router)
		Connect to any SWITCH port.

These Routers Are Not Configured as DHCP Servers

If you did not find your router in Table 1, your router is not configured as a DHCP server, and you must assign a static IP address to the PC. Click Use the following IP address, and assign an IP address between 10.10.10.2 and 10.10.10.6 to the Ethernet port of the PC, and use the subnet mask 255.255.255.248, as shown in Figure 2. You can leave the Default gateway and DNS server fields blank. Find your router model in Table 2 and connect the Ethernet port on the PC to the router port shown in the table.

Figure 2 Configuring Your PC with a Static IP Address Between 10.10.10.2 and 10.10.10.6

Table 2 Routers Not Configured as DHCP Servers
Router Model	Cable Type	Connect the Ethernet Cable to the Port Shown
Cisco 1721 Cisco 1751 Cisco 1760	Crossover, or straight-through with Ethernet switch
		Connect to 10/100 Ethernet.
Cisco 1841	Crossover, or straight-through with Ethernet switch
		Connect to FE 0/0.
Cisco 2600XM Cisco 2691	Crossover, or straight-through with Ethernet switch
		Connect to FE 0.	Connect to FastEthernet 0/0.
Cisco 2800	Crossover, or straight-through with Ethernet switch
		Connect to FE 0/0.	Connect to GE 0/0.
Cisco 3600	Crossover, or straight-through with Ethernet switch
		Connect to FE 0/0.	Connect to FE 0/0.
Cisco 3700	Crossover, or straight-through with Ethernet switch
		Connect to FastEthernet 0/0.	Connect to FastEthernet 0/0.
Cisco 3800	Crossover, or straight-through with Ethernet switch
		Connect to GE 0/0.	Connect to GE 0/0.

Task 3: Log on to the Router

If you received the SDM CD with your router, use the CD to connect to the router by following the next procedure. If you did not receive the SDM CD, use the procedure in the "I Did Not Receive the SDM CD" section.

I Received the SDM CD

Step 2

Place the SDM CD in your PC CD drive. If the CD does not launch, navigate to the drive and double-click the setup.exe file.

Step 3

When the CD screen is displayed ( Figure 3), click First-time Router Setup.

Step 4

Ensure the PC is connected to the router as described in the First-Time Router Setup window ( Figure 4), and then click Launch Cisco SDM Express.

Step 5

Enter the username cisco, and the password cisco in the login windows that appear during the startup process. If the login window does not appear, click Why did Cisco SDM Express fail? and follow the recommendations.

I Did Not Receive the SDM CD

Step 1

Open a web browser on the PC, disable any active popup blockers, and enter the following URL:

Step 2

Enter the username cisco, and the password cisco in the login window. If other login windows appear during the startup process, enter the same credentials (cisco/cisco). See the Tip section if the login window does not appear.

Tip

If the launch page does not appear when you enter the URL http://10.10.10.1, test the connection between the PC and the router by doing the following:

•

Check that the Power LED on the router is on, and that the LED for the port to which you connected the PC is on, indicating an active Ethernet connection between the router and the PC. If this LED is not lit, verify that you are using a crossover cable to connect the PC to the router, or that you are using a straight-through cable between the router and the switch.

•

Verify that the web browser "work offline" option is disabled. In Internet Explorer, click the File menu, and verify that the "work offline" option is unchecked. In Netscape, the default selection in the File menu is set to "work online."

•

Verify that the es.tar, home.tar, home.shtml, and common.tar files are loaded into flash memory. Open a Telnet session to 10.10.10.1, entering the username cisco and the password cisco. Enter the show flash command to verify that these files are loaded in flash memory.

•

Verify that the PC IP address is properly configured. Some routers require that the PC obtain an IP address automatically and some require that it be configured with a static IP address. Find your router in either Table 1 or Table 2 to determine how the PC should be configured.

Task 4: Complete Cisco SDM Express

Cisco SDM Express is an SDM program that lets you quickly configure the router LAN and Internet connections.

Step 1

When you connect to the router, the SDM Express Launch page ( Figure 5) appears, followed by one or more certificate windows. Click Yes, or click Grant to accept the certificates.

Step 2

The SDM Express Overview page appears and then the SDM Express Wizard page is also displayed ( Figure 6). Click Next to begin configuring the router.

Tip

The SDM Express wizard will ask you to enter an enable secret password to control access to Cisco IOS software. Be sure to write down or remember the enable secret password that you enter. It is not shown in the Enable Password field or in the Summary window, and it cannot be reset without erasing the router configuration. You are also asked to change the router's LAN IP address from its default value.

Step 3

When the Summary window appears, write down the LAN IP address, the username and the user password that you entered, and click Finish. You will need this information to reconnect to the router to perform additional configuration.

Task 5: Reconnect to the Router Using the New IP Address

If you changed the IP address of the router LAN interface as recommended in the SDM Express wizard, you lost your connection to the router. Follow these steps to reconnect to your router:

Step 1

Reconfigure your PC if necessary. If you configured a DHCP server on the router in Task 4, configure the PC to obtain an IP address automatically, as shown in Figure 1. If the router was already configured as a DHCP server but the address pool has changed, open a command window on the PC and enter ipconfig /release, followed by ipconfig /renew to obtain a new IP address from the router.

If you did not configure a DHCP server on the router, your network uses static IP addresses, and you must assign a new IP address to the PC Ethernet interface. Place it on the same subnet as the router's Ethernet port, which you configured in Task 4. Figure 7 shows an example PC configuration when the router LAN IP address is 20.20.20.1 (as indicated by the Default gateway field) and the subnet mask is 255.255.255.0. The PC is configured with an IP address of 20.20.20.2, an address on the same subnet as the router.

Figure 7 If you did not configure the router as a DHCP server, configure the PC with a static IP address (Example)

Step 2

Open a web browser and enter the new IP address that you gave the router LAN interface.

For example, if you gave the LAN interface the IP address 20.20.20.1, you would enter the following command in the browser.

Step 3

Enter the username and password that you specified in Task 4. If SDM is installed on your router, the SDM home page appears, as shown in Figure 8.

Step 4

Test the Internet (WAN) connection that you configured by opening another web browser window and connecting to a website. If you can connect to a website, such as www.cisco.com, your WAN connection works properly. If you cannot, you can use SDM Express or SDM to correct your WAN settings.

If you did not receive the SDM CD, SDM is already installed on your router. You can proceed to the "Using SDM" section to learn about SDM.

Task 6: Install SDM from the CD

If you have the SDM CD, you can install SDM on the PC and on the router. If SDM launched when you reconnected to the router in Task 5: Reconnect to the Router Using the New IP Address, SDM is already installed on the router and you do not need to complete this procedure.

The installation wizard on the CD guides you through installing SDM and its components on your PC and your router. Installing SDM on your PC allows you to use SDM to configure and manage other routers on your network.

Step 2

When the Install Options window appears ( Figure 11), select where you want to install SDM. Selecting This Computer installs SDM on the PC and enables you to configure and monitor other routers on the network besides the router you have just set up.

You can also install SDM and its other applications on your router, or you can install them on both the PC and the router.

Using SDM

If SDM is installed on the PC, start it by selecting it from the program menu (Start > Programs >
Cisco Systems > SDM 2.1. Then, provide the IP address of the router in the SDM Launcher window ( Figure 12).

Tip

If you are using Internet Explorer on a PC running Windows XP with Service Pack 2, and Internet Explorer displays a message telling you that it has restricted this file from showing active content that could access your computer, select Tools > Internet Options > Advanced from the Internet Explorer Tools menu, and check Allow active content to run in files on my computer. Then click Apply, and relaunch SDM.

Cisco SDM provides a series of easy-to-use wizards that quickly take you step by step through configuring your router, without requiring knowledge of the Cisco IOS software CLI. You can use SDM wizards to:

•

Configure VPN, Easy VPN, and DMVPN connections, and create and manage digital certificates.

After you have used wizards to create basic configurations, SDM enables you to edit the configurations you created. You can edit firewalls to create a firewall policy for your network. You can also configure and manage the Intrusion Prevention System (IPS) on the router to protect your network from attacks, and perform additional tasks, such as creating user accounts and creating router management policies.

To start a wizard, simply click the Configure button at the top of the SDM home page shown in Figure 8, and then click the appropriate button in the left frame of the SDM Configuration window, Figure 13.

Click the Help button in any SDM window for more information on the task you are performing.

SDM automatically saves changes to the router's running configuration, and you can direct it to save the running configuration to the startup configuration.

You're Done! Where to Go from Here

Now that you have used SDM to give your router an initial configuration, you can continue to use SDM to configure additional features or modify existing feature configurations.You can use the SDM URL to start SDM and then add to or modify your router configuration at any time.

For More Information About SDM and About Your Router

For additional information about SDM features, refer to the SDM online help. Additional information about SDM is also available on the SDM website at http://www.cisco.com/go/sdm. This website provides access to detailed information about SDM, including an SDM FAQ, data sheet, customer presentation, Flash demo, and links to technical documentation and product updates. If you are configuring a Cisco 83x router, you should obtain the document Switching From Cisco Router Web Setup to Cisco Router and Security Device Manager on Cisco 83x Series Routers.

Refer to the quick start guide for your router for other procedures, such as connecting a PC to the router console port so that you can use the CLI when you need to, and using the router LEDs to verify installation. The quick start guide may also contain important warranty information.

Obtaining the Latest Version of SDM

SDM is regularly enhanced to provide new features. If you are already running SDM on the router, you can update SDM automatically by clicking on the Tools menu and selecting Update SDM. SDM will determine if there is a more recent version available and enable you to download it and install it on the router.

If you have a supported router that does not have SDM installed, you can download the latest version of SDM free of charge and instructions for installing it on your router from the following location:

You should consult the SDM release notes to determine if it is supported for the router on which you want to install it.

Updating SDM from the CD

You can use the SDM CD to update the SDM software on other routers. Follow the procedure in the "Task 6: Install SDM from the CD" section, selecting Cisco Router in the Install Options screen in Figure 11. Provide the router's IP address, a username with privilege level 15 and the password. When asked if you want to overwrite the SDM software, click Yes. The Installation wizard will update SDM software on your router.

I Use the Cisco IOS Startup Sequence

This section explains how to use the Cisco IOS startup sequence to configure your router instead of using SDM.

Note If you have already configured the router using SDM, you do not need to read this section.

Because SDM uses a default configuration file, your router will not execute the standard Cisco IOS startup sequence. You can use this section to run the Cisco IOS setup utility and take advantage of a TFTP or BOOTP configuration download, or use other features available through the standard Cisco IOS startup sequence. It also tells you what to do if you want to use SDM in the future.

•

Provides an IP address for your Fast Ethernet interface, enabling an interface to your LAN

•

Creates a default username (cisco) and password (cisco) with privilege level 15

If you want to erase the existing configuration and take advantage of the Cisco IOS startup sequence, perform the following steps. SDM will remain on the router.

Step 1

Connect the light blue console cable, included with your router, from the blue console port on your router to a serial port on your PC. Refer to your router's hardware installation guide for instructions.

Step 2

Connect the power supply to your router, plug the power supply into a power outlet, and turn on your router. Refer to your router's quick start guide for instructions.

Step 3

Use HyperTerminal or a similar terminal emulation program on your PC, with the terminal emulation settings of 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to your router.

Step 4

At the prompt, enter the enable command. The default configuration file does not configure an enable password.

After you press Enter, the router will begin executing the standard startup sequence. If you want to use SDM to perform subsequent configurations for the router, you must manually configure the router to support web-based applications, and the Telnet and Secure Shell (SSH) protocols. You must also create a user account with a privilege level of 15. See the "I Want to Enable SDM on a Router I Configured Using the Cisco IOS Startup Sequence" section for this information.

I Want to Enable SDM on a Router I Configured Using the Cisco IOS Startup Sequence

This section provides information on enabling SDM on a router that has been configured using the Cisco IOS startup sequence or the CLI. If you erased the factory startup configuration in order to use the Cisco IOS startup sequence, you can still use SDM. In order to do so, you must configure the router to support web-based applications, configure it with a user account defined with privilege level 15, and then configure it to support the Telnet and SSH protocols. These changes can be made using a telnet session or using a console connection.

Configuring the Router to Support Web-Based Applications, a User with Priv 15, and Telnet/SSH

Step 1

Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands:

If the router uses an IPSec Cisco IOS image, the HTTPS server is enabled. Otherwise only the HTTP server is enabled.

Replace <username> and <password> with the username and password that you want to configure.

Step 4

(Optional) Enable local logging to support the log monitoring function:

To begin using SDM on a router that has received a manual configuration, read the next section.

Starting SDM on a Manually Configured Router

SDM is a web-based application that must be run from a PC that is connected to the router over a LAN. See Table 1 or Table 2 to determine which router port to connect the PC to. If the router is configured as a DHCP server, the PC must be configured to receive an IP address automatically. If the router is not configured as a DHCP server, you must configure the PC with a static IP address on the same subnet as the router interface to which you are connecting the PC. For example, if the router interface has the IP address 172.16.30.1, and the subnet mask is 255.255.255.248, you must configure the PC IP address in the range 172.16.30.2 through 172.16.30.6.

Step 1

Open a web browser on the PC, and enter the IP address that you gave the router LAN interface.

The SDM Overview window appears, as shown in Figure 8. To continue configuring your router, see the "Using SDM" section.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

See the quick start guide for the router you have just configured for information on obtaining other documentation, providing documentation feedback, and obtaining technical assistance.

Table Of Contents