|
Table Of Contents
Downloading and Installing
Cisco Router and Security Device ManagerCisco Routers and Cisco IOS Versions Supported
Web Browser Versions and Java Runtime Environment Versions
Task 1: Determine Which Software Is Installed on the Router
If the Router is a Cisco 83x, Determine if CRWS Is Installed
Determine If SDM Is Already Installed on the Router
Task 2: Install a Supported Cisco IOS Image
Task 3: Configure Your Router to Support SDM
Downloading and Installing
Cisco Router and Security Device Manager
December 14, 2005
This document contains instructions on downloading Cisco Router and Security Device Manager (SDM) from the Cisco.com website and installing it on your router. This document is updated as needed.
This document contains the following sections:
• Task 1: Determine Which Software Is Installed on the Router
• Task 2: Install a Supported Cisco IOS Image
• Task 3: Configure Your Router to Support SDM
• Task 4: Install the SDM Files
About SDM
SDM is an easy-to-use, Java-based device management tool, designed for configuring LAN, WAN, and security features on a router. SDM is designed for resellers and network administrators of small- to medium-sized businesses who are proficient in basic network design.
For fast and efficient configuration of Ethernet networks, WAN connectivity, firewalls and Virtual Private Networks (VPNs), Cisco SDM prompts you through the setup process with wizards. Cisco SDM requires no previous experience with Cisco devices or the Cisco command-line interface (CLI).
SDM can reside in router memory or on your PC.
Cisco Routers and Cisco IOS Versions Supported
Table 1 lists the routers and Cisco IOS versions currently supported by SDM.
Note For information about supported network modules and WAN interface cards (WICs), see the Release Notes for Cisco Router and Security Device Manager document for the version of SDM that you have.
Memory Requirements
A minimum of 6 MB of free memory is required to support all SDM files. 2 MB of router memory is required to support SDM Express when SDM is installed on the PC, and the SDM files on the PC require 5.5 MB.
PC System Requirements
SDM is designed to run on a personal computer that has a Pentium III or faster processor. SDM can be run on a PC running any of the following operating systems:
•Microsoft Windows XP Professional
•Microsoft Windows 2003 Server (Standard Edition)
•Microsoft Windows 2000 Professional with Service Pack 4 (Windows 2000 Advanced Server is not supported)
•Microsoft Windows ME
•Microsoft Windows 98 (second edition)
•Microsoft Windows NT 4.0 Workstation with Service Pack 4
Japanese, Simplified Chinese, French, German, Spanish, and Italian language support is available on these operating systems:
•Microsoft Windows XP Professional with Service Pack 2 or later
•Microsoft Windows 2000 Professional with Service Pack 4 or later
Web Browser Versions and Java Runtime Environment Versions
SDM can be used with the following browsers:
•Internet Explorer version 5.5 and later
•Netscape version 7.1 and version 7.2 (not supported on Windows 98)
SDM requires Sun Java Runtime Environment (JRE) version 1.4.2_05 or later, or Java Virtual Machine (JVM) 5.0.0.3810.
Task 1: Determine Which Software Is Installed on the Router
A version of SDM may already be installed on the router. Additionally, if the router is a Cisco 831, 836, or 837 router, Cisco Router Web Setup (CRWS) may also be installed. If the router that you want to install SDM on is a Cisco 83x, complete both the following sections to determine which software is installed on the router. If the router is not a Cisco 83x router, skip the first section, but complete the "Determine If SDM Is Already Installed on the Router" section
If the Router is a Cisco 83x, Determine if CRWS Is Installed
If CRWS is installed on the router and is set as the default application, it will start even if you install SDM. Complete the following procedure to determine if CRWS is installed on the router, and if so, to delete these files so that you can use SDM.
Step 1 Enter the show webflash command as shown in the following example:
Router# show webflash:
If CRWS is installed, you will see output resembling the following:
webflash directory:
File Length Name/status
1 986 ConfigExp.cfg
2 725005 CRWS_1.jar
3 341151 CRWS_2.jar
4 45924 GUI.html
5 4572 home.html
6 8082 loading.gif
7 3463 VPNLogin.html
8 61400 CRWS_VPNLogin.jar
9 285708 CRWSbHlp.html
[1476876 bytes used, 358132 available, 1835008 total]
2048K bytes of processor board Web flash (Read/Write)
Note On Cisco 836 and 837 routers, the file IPCPSubnet.cfg will also appear in the show webflash: output if CRWS is installed on the router.
The webflash directory is empty if CRWS is not installed.
Step 2 If CRWS files are present, you must remove them in order to allow SDM to launch. Enter the following command to remove the CRWS files:
Router# erase webflash
You will no longer be able to run CRWS on the router. If you decide that you need to reintstall CRWS, you can go to www.cisco.com/go/CRWS to obtain the latest version.
Step 3 Proceed to the next section.
Determine If SDM Is Already Installed on the Router
Complete the following procedure to determine if SDM is already installed on the router:
Step 1 To verify that SDM files are present, issue the following CLI command:
Router# show flash:
If SDM software is present, you see output resembling the following:
System flash directory:
File Length Name/status
1 5148536 c831-k9o3y6-mz.122-13.ZH1.bin
2 14617 sdm.shtml
3 669 sdmconfig-83x.cfg
4 2290688 sdm.tar
5 14617 sdm.shtml.hide
6 1446 home.html
7 214016 home.tar
8 1446 home.html.hide
[7686035 bytes used, 17434224 available, 24903680 total]
24576K bytes of processor board System flash (Read/Write)
Note The files that you see when you enter the show flash: command may differ slightly from the list shown.
If the show flash command output does not produce a listing similar to the example, SDM is not installed on the router. Proceed to the next section of this docume nt.
Step 2 If SDM files are present, try starting SDM. Open a web browser and enter the IP address of the router in the browser's address field, as shown below:
http://router_IP_address
For example, if the router's IP address is 10.20.55.1, you would enter the following command:
http://10.20.55.1
Step 3 If the username/password dialog is displayed, enter a level 15 username and password to launch SDM. After SDM launches go to Help > About SDM and check the SDM version number. If you have SDM version 1.1 or later, you can let SDM help you update to the latest files by clicking Tools > Update SDM > From Cisco.com. Follow the instructions in the displayed screens to update the SDM files on your router.
Step 4 If the version of SDM on the router is earlier than version 1.1 or if SDM does not launch, complete the remaining tasks in this document to upgrade SDM. If the router is a Cisco 83x model and there are any files named with a .hide extension, they should be removed to conserve router memory before proceeding. Do this by entering the following commands:
Router# del home.html.hide
Remove other files with the .hide extension using the same command.
Reclaim router memory by entering the squeeze flash: command, as shown below:
Router# squeeze flash:
Task 2: Install a Supported Cisco IOS Image
If your router is running a Cisco IOS image with an earlier version than Table 1 lists for your router, you must download and install a Cisco IOS image that SDM supports.
This section contains instructions for downloading SDM and an upgraded version of Cisco IOS from the Cisco.com website.
Note•If you do not need to upgrade your Cisco IOS software, you can skip this section.
•You must have a valid Cisco.com account to download a Cisco IOS image. If you do not have one, click Register at the top of the web page, and complete the form to obtain an account. Then, use your account login and password when required.
To download a Cisco IOS image, follow these steps:
Step 1 Go to the Software Center by entering the following URL in your web browser:
If you need help determining which Cisco IOS image supports the IOS features that you want, use the Feature Navigator tool. This tool is available at the following link:
Step 2 Click Search by feature to choose the features you need, and find the Cisco IOS image that has those features. Feature Navigator provides a web-based form you use to assemble the list of features that you want. Then specify the platform. Feature Navigator returns a list of image names for that platform that support the features that you specified. Click the name of the Cisco IOS image to go to the download page for that image.
Step 3 Download the Cisco IOS image to your PC and then transfer it to the root directory of a TFTP server. The TFTP server can be a PC with a TFTP server utility.
Step 4 Access the router CLI using a Telnet connection or the console port.
Step 5 Delete your old Cisco IOS image from flash memory, or from FlashDisk, using the following CLI commands, and responding to the prompts as shown:
Router# delete old IOS image name
Delete filename [old IOS image name]?
Delete flash: old IOS image name [confirm]
Router#
If you are deleting the image from a Cisco 7000 router, you must specify the disk or slot from which you are deleting the file. Use the following CLI commands, and respond to the prompts as shown:
Router# delete diskN: old IOS image name
Delete filename [old IOS image name]?
Delete diskN: old IOS image name?[confirm]
Router#
If you are deleting the file from a slot, replace the keyword disk with the keyword slot. Replace N with the number of the disk or slot.
Step 6 Enter the squeeze flash: command to reclaim flash memory space:
Router# squeeze flash:
Squeeze operation may take a while. Continue? [confirm]
squeeze in progress... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Rebuild file system directory...
Squeeze of flash complete
Router#
If your router has a DOS file system, you do not need to use the squeeze flash: command.
Step 7 Copy the Cisco IOS image to the router flash memory, or to FlashDisk memory.
•If you are copying the image to flash memory, use the following CLI command:
Router# copy tftp://tftp server IP address/new IOS image name flash:
Confirm the destination filename by pressing Return.
Destination filename [new IOS image name]?
When you see the prompt
Erase flash: before copying?
, enter n so that you do not erase flash memory.Erase flash: before copying? [confirm]n
The router displays a message similar to the following:
Loading //tftp-root/<ios_image_name> from 171.69.17.19 (via FastEthernet0): !!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Router#
•If you are copying the image to FlashDisk memory, you must specify which disk you are copying to. Use the following CLI command:
Router# copy tftp://tftp server IP address/new IOS image name diskN:
If you are copying the file to a slot, use the slot keyword instead. Replace N with the number of the disk or slot.
Step 8 Enter the show flash: command to verify that the checksum is correct. The following output shows an image with a valid checksum.
Router# show flash:
System flash directory:
File Length Name/status
1 5148536 c831-k9o3y6-mz.122-13.ZH1.bin
[5148536 bytes used, 17434224 available, 24903680 total]
24576K bytes of processor board System flash (Read/Write)
If the checksum were invalid, the output would appear as shown below:
File Length Name/status
1 5148536 c831-k9o3y6-mz.122-13.ZH1.bin [invalid checksum]
You can also view the checksum by entering the verify /ios imagename command. If the checksum is invalid, you must repeat Step 4.
If you loaded the image to a disk or a slot, use the show diskN command or the show slotN command.
Step 9 Verify that the IOS image that you want to use is the first file listed in the show flash listing. If it is not, you must enter the boot system command to direct the router to load the image that you want to use when it boots. Do this as follows:
a. Enter configuration mode using the configure terminal command:
Router# configure terminal
Router(config)#
b. Enter the boot system command followed by the name of the image you downloaded.
Router (config)# boot system flash ios_image_name
For example:
Router(config)# boot system flash c831-k9o3y6-mz.122-13.ZH1.bin
c. Exit configuration mode.
Router(config)# exit
Router#
Step 10 Enter the copy running-config startup-config command. This causes the boot system command to be saved to the startup configuration and be executed when the router reboots.
Step 11 Enter the copy running-config tftp command and specify the address or name of a TFTP server on the network to save the configuration to a remote system.
Step 12 Reboot the router to use the new Cisco IOS image using the following CLI command:
Router# reload
The new Cisco IOS image is now installed and running on your router.
Task 3: Configure Your Router to Support SDM
You can install and run SDM on a router that is already in use without disrupting network traffic, but you must ensure that a few configuration settings are present in the router configuration file.
Access the CLI using Telnet or the console connection to modify the existing configuration before installing SDM on your router.
Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000
If the router supports HTTPS, the HTTPS server will be enabled. If not, the HTTP server will be enabled. HTTPS is supported in all images that support the Crypto/IPSec feature set, starting from Cisco IOS release 12.25(T).
Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the following command in global configuration mode, replacing username and password with the strings that you want to use:
Router(config)# username username privilege 15 secret 0 password
For example, if you chose the username tomato and the password vegetable, you would enter:
Router(config)# username tomato privilege 15 secret 0 vegetable
You will use this username and password to log in to SDM.
Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
If your router supports 16 vty lines, you can add the following lines to the configuration file:
Router(config)# line vty 5 15
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Router(config)#
Step 4 (Optional) Enable local logging to support the log monitoring function. Enter the following command in global configuration mode:
Router(config)# logging buffered 51200 warning
Step 5 Enter the end command to leave configuration mode:
Router(config)# end
Router#
Task 4: Install the SDM Files
This section contains instructions for downloading SDM and installing it on your PC or router.
Note SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by following the link http://www.winzip.com.
Step 1 Enter the following URL into your web browser:
Step 2 Log in using your Cisco.com login user ID and password, and follow the instructions on the SDM Software page to download the SDM .zip file (SDM-Vnn.zip) and the SDM release notes.
Step 3 Double-click the sdm-vnn.zip file and extract the files to a directory on your PC.
Step 4 In the directory to which you extracted the contents of the sdm-vnn.zip file, double-click the setup.exe file. The Welcome screen ( Figure 1) appears.
Figure 1 Welcome Screen
Step 5 Click Next to display the License screen, accept the license agreement terms, and click Next to continue.
Step 6 When the Install Options screen ( Figure 2) appears, specify where you want to install SDM. You can install the SDM files on your PC, on your router, or on both your PC and the router.
Figure 2 Install Options Screen
•If you choose This Computer the SDM files are installed in the directory that you specify, and installation ends.
Tip Installing SDM on the PC saves router memory, and allows you to use SDM to manage other routers on the network.
•If you choose Cisco Router, you are prompted to log in to the router, as shown in Figure 3.
Figure 3 Router Authentication Screen
Step 7 When the installation program contacts your router, the Flash Installation Options screen ( Figure 4) appears.
•Choosing Typical causes the installation program to check the router capabilities and install the appropriate SDM components for the router.
•Choosing Custom lets you choose the components that you want to install.
Figure 4 Flash Installation Options Screen
Step 8 On the Select Cisco SDM Components screen ( Figure 5), review the components to be installed. The Space Required on flash: field shows how much memory is required to be able to install the checked components. This field is updated dynamically when you change a selection. The Space Available on flash field displays the total amount of flash available on the router.
Figure 5 Select Cisco SDM Components Screen
Step 9 Make your choices and click Next. A message is displayed if the space required exceeds the space available on flash memory, and you must return to this screen and uncheck components.
Tip It is not necessary to install Cisco SDM Express unless you plan to discard the running configuration and reconfigure the router anew at some future time. This program is used for initial configurations and is not essential for a router that is already in use.
Step 10 Click Install to start the installation.
Figure 6 Ready to Install Screen
The components you chose are installed in router memory.
Step 11 When the components are installed, the Wizard Complete screen appears. See Figure 7.
Figure 7 Wizard Complete
Step 12 If you want to start SDM when you dismiss the wizard click Launch Cisco SDM. Click Finish to dismiss the wizard.
Task 5: Start SDM
Start SDM by following these instructions.
Step 1 Start SDM using one of these methods:
•If you installed SDM on the router, start it by opening a browser and entering the IP address of your router.
http://IP-address
For example:
http://10.20.20.2
If your router has been configured with a nonstandard port number for http or https, enter the port number that is configured on the router after the IP address, as shown in the following example:
http://10.20.20.2:2000
•If you installed SDM on the PC, start it by double-clicking the SDM shortcut, or by selecting it from the program menu (Start > Programs > Cisco Systems > Cisco SDM). When the SDM Launcher window appears ( Figure 8), enter the IP address of the router.
Figure 8 SDM Launcher
Tip If you are using Internet Explorer on a PC running Windows XP with Service Pack 2, and Internet Explorer displays a message telling you that it has restricted this file from showing active content that could access your computer, choose Internet Options > Advanced from the Tools menu, and check Allow active content to run in files on my computer. Then click Apply, and relaunch SDM.
Step 2 Enter the username and password of the level 15 user you configured in Task 3. When certificate windows appear, click Yes or click Grant to accept the certificates.
Figure 9 SDM Launch Page
When the Launch page ( Figure 9) has loaded, SDM displays the SDM Home page, shown in Figure 10. The SDM Home page gives you a snapshot of the router configuration and the features that the Cisco IOS image supports.
Figure 10 SDM Home Page
Step 3 To begin using SDM, click the Configure button on the toolbar. SDM displays a taskbar with buttons that launch wizards that will guide you through configuration steps. For example, Figure 11 shows the SDM Create Site to Site VPN window.
By choosing the task you want to complete and clicking Launch the selected task, you invoke a wizard that presents a series of configuration tasks, and lets you review the settings you made before delivering the configuration commands to the router. The wizard also simplifies the configuration tasks by supplying default values for some configuration parameters. If you need to change default settings, you can easily do so by clicking the Edit tab, choosing the configuration, and performing needed edits.
Figure 11 SDM Create Site to Site VPN Window
SDM online help provides instructions for entering data in each window, and provides links to background information that describes how a particular feature is used in a network.
Related Documentation
The following documents are available at http://www.cisco.com/go/sdm.
•Cisco Security Device Manager User's Guide
•Release Notes for Cisco Router and Security Device Manager
•Cisco Router and Security Device Manager Q&A
•Switching From Cisco Router Web Setup to Cisco Router and Security Device Manager and on Cisco 83x Series Routers
•Cisco Router and Security Device Manager (SDM), Version 2.1 User Guide for the Cisco 7000 Family
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Posted: Wed Dec 14 16:51:43 PST 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.