Guest

Cisco Router and Security Device Manager

Cisco Router and Security Device Manager Quick Start Guide

  • Viewing Options

  • PDF (1.1 MB)
  • Feedback
Cisco Router and Security Device Manager Quick Start Guide

Table Of Contents

Cisco Router and Security Device Manager Quick Start Guide

Translated Versions of This Document

Task 1: Install Interface Cards, and Cable the Router

Task 2: Configure Your PC, and Connect It to the Router

These Routers Are Configured as DHCP Servers

These Routers Are Not Configured as DHCP Servers

Task 3: Log on to the Router

I Received the Cisco SDM CD

I Did Not Receive the SDM CD

Task 4: Complete Cisco SDM Express

Task 5: Reconnect to the Router Using the New IP Address

Task 6: Install SDM from the CD

Using Cisco SDM

You're Done! Where to Go from Here

For More Information About Cisco SDM and About Your Router

Obtaining the Latest Version of Cisco SDM

Updating SDM from the CD

I Use the Cisco IOS Startup Sequence

I Want to Enable Cisco SDM on a Router I Configured Using the Cisco IOS Startup Sequence

Configuring the Router to Support Web-Based Applications, a User with Priv 15, and Telnet/SSH

Starting Cisco SDM on a Manually Configured Router

Cisco.com


Cisco Router and Security Device Manager Quick Start Guide


Cisco Router and Security Device Manager (Cisco SDM) is an easy-to-use device management tool that allows you to configure Cisco IOS security features and network connections through an intuitive web-based graphical user interface. This quick start guide shows you how to connect your PC to your router and begin using Cisco SDM.

Use this document if you are setting up a router that came with either of these applications. If you already have a router and you want to install Cisco SDM Express and Cisco SDM, go to the Support section of www.cisco.com/go/sdm and click Download Software. The download page has links to the software, and documents to use for installing Cisco SDM Express and Cisco SDM on a router already in use.

Refer to the Release Notes for Cisco Router and Security Device Manager for information about supported web browsers and plug-ins. To link to this document, go to www.cisco.com/go/sdm and follow the links in the Support section.

If you do not want to use Cisco SDM to configure the router, see the "I Use the Cisco IOS Startup Sequence" section.

Translated Versions of This Document

Translated versions of this document are available in Chinese, French, German, Italian, Japanese, and Spanish. Go to the following link.

http://www.cisco.com/go/sdm.

Click Translated Documents in the Support box.

Task 1: Install Interface Cards, and Cable the Router

Before Cisco SDM can be used to configure the router, you must install all the necessary hardware accessories that are applicable to your router, such as WAN interface cards (WICs), network modules (NMs), or advanced interface module (AIM) cards that you will use to connect to the network. Refer to the quick start guide for your router for instructions on installing these interface cards, cabling the router, and verifying that all the connections are working properly.

Task 2: Configure Your PC, and Connect It to the Router

You have to set up the PC to communicate with Cisco SDM. Cisco SDM is shipped with a default configuration file that assigns an IP address to a LAN interface on the router, and you must configure the PC to be on the same subnet as the router LAN interface.

First determine whether your router is configured as a Dynamic Host Configuration Protocol (DHCP) server or not. Look for your router in These Routers Are Configured as DHCP Servers. If your router is listed in that section, configure your PC to obtain an IP address automatically, as shown in Figure 1. If your router is not listed in that section, look for it in These Routers Are Not Configured as DHCP Servers, and configure the PC as shown in Figure 2.

These Routers Are Configured as DHCP Servers

If you have one of the routers listed in Table 1, the router is configured as a DHCP server. Configure the PC to obtain an IP address and a Domain Name System (DNS) server IP address automatically, as shown in Figure 1. Connect the Ethernet port on the PC with the router port shown in Table 1.

If you do not find your router model in Table 1, look for the router model you are setting up in Table 2 in the section "These Routers Are Not Configured as DHCP Servers."

Figure 1 Configuring the PC to Obtain an IP Address Automatically

Table 1 Routers Configured as DHCP Servers 

Router Model
Cable Type
Connect the Ethernet Cable to the Port Shown

SB101
SB106
SB107
Cisco 831
Cisco 836
Cisco 837

Straight-through
(packed with router)

   

Connect to any ETHERNET 10BASE T port.

Cisco 850 series
Cisco 870 series

Straight-through
(packed with router)

   

Connect to any LAN port.

Cisco 1701
Cisco 1710

Crossover, or straight-through with Ethernet switch

   

Connect to 10/100 Ethernet.

Cisco 1711
Cisco 1712

Straight-through
(packed with router)

   

Connect to any ACT Lnk port.

Cisco 1801
Cisco 1802
Cisco 1803
Cisco 1811
Cisco 1812

Straight-through
(packed with router)

   

Connect to any SWITCH port.


When you have configured your PC and connected it to the router, go to Task 3: Log on to the Router.

These Routers Are Not Configured as DHCP Servers

If you did not find your router in Table 1, your router is not configured as a DHCP server, and you must assign a static IP address to the PC. Click Use the following IP address, and assign an IP address between 10.10.10.2 and 10.10.10.6 to the Ethernet port of the PC, and use the subnet mask 255.255.255.248, as shown in Figure 2. You can leave the Default gateway and DNS server fields blank. Find your router model in Table 2 and connect the Ethernet port on the PC to the router port shown in the table.

Figure 2 Configuring the PC with a Static IP Address Between 10.10.10.2 and 10.10.10.6

Table 2 lists the routers that are not configured as DHCP servers.

Table 2 Routers Not Configured as DHCP Servers 

Router Model
Cable Type
Connect the Ethernet Cable to the Port Shown

Cisco 1721
Cisco 1751
Cisco 1760

Crossover, or straight-through with Ethernet switch

 
   

Connect to 10/100 Ethernet.

 

Cisco 1841

Crossover, or straight-through with Ethernet switch

 
   

Connect to FE 0/0.

 

Cisco 2600XM
Cisco 2691

Crossover, or straight-through with Ethernet switch

   

Connect to FE 0.

Connect to FastEthernet 0/0.

Cisco 2800

Crossover, or straight-through with Ethernet switch

   

Connect to FE 0/0.

Connect to GE 0/0.

Cisco 3600

Crossover, or straight-through with Ethernet switch

   

Connect to FE 0/0.

Connect to FE 0/0.

Cisco 3700

Crossover, or straight-through with Ethernet switch

   

Connect to FastEthernet 0/0.

Connect to FastEthernet 0/0.

Cisco 3800

Crossover, or straight-through with Ethernet switch

   

Connect to GE 0/0.

Connect to GE 0/0.


When you have configured your PC and connected it to the router, go to Task 3: Log on to the Router.

Task 3: Log on to the Router

If you received the Cisco SDM CD with your router, use the CD to connect to the router by following the next procedure. If you did not receive the Cisco SDM CD, use the procedure in the "I Did Not Receive the SDM CD" section.

I Received the Cisco SDM CD

If you received the Cisco SDM CD, complete the following procedure.


Step 1 Disable any popup blockers active in your web browser.

Step 2 Place the Cisco SDM CD in your PC CD drive. If the CD does not launch, navigate to the drive and double-click the setup.exe file.

Step 3 When the CD SDM Install screen is displayed (Figure 3), click First-time Router Setup.

Figure 3 SDM Install Screen

Step 4 Ensure the PC is connected to the router as described in the First-Time Router Setup window (Figure 4), and then click Launch Cisco SDM Express.

Figure 4 First-Time Router Setup Window

Step 5 Enter the username cisco, and the password cisco in the login windows that appear during the startup process. If the login window does not appear, click Why did Cisco SDM Express fail? and follow the recommendations.

Step 6 Go to the "Task 4: Complete Cisco SDM Express" section.


I Did Not Receive the SDM CD

If you did not receive the Cisco SDM CD, use this procedure to connect to the router.


Step 1 Open a web browser on the PC, disable any active popup blockers, and enter the following URL:

http://10.10.10.1

Step 2 Enter the username cisco, and the password cisco in the login window. If other login windows appear during the startup process, enter the same credentials (cisco/cisco). See the Tip section if the login window does not appear.

Step 3 Go to the "Task 4: Complete Cisco SDM Express" section.


Tip If the launch page does not appear when you enter the URL http://10.10.10.1, test the connection between the PC and the router by doing the following:

Check that the Power LED on the router is on, and that the LED for the port to which you connected the PC is on, indicating an active Ethernet connection between the router and the PC. If this LED is not lit, verify that you are using a crossover cable to connect the PC to the router, or that you are using a straight-through cable between the router and the switch.

Verify that the web browser "work offline" option is disabled. In Internet Explorer, click the File menu, and verify that the "work offline" option is unchecked. In Netscape, the default selection in the File menu is set to "work online."

Verify that the es.tar, home.tar, home.shtml, and common.tar files are loaded into flash memory. Open a Telnet session to 10.10.10.1, entering the username cisco and the password cisco. Enter the show flash command to verify that these files are loaded in flash memory.


Note For security reasons, the username cisco and password cisco will expire the first time they are used. Before you log off the router, be sure to enter this Cisco IOS command:

username username privilege 15 secret 0 password

Replace username and password with the username and password that you want to use. This command creates a new user with privilege level 15 and a password for that user. If you do not do this, you will not be able to log into the router after you end the session. Use the new credentials that you create for future sessions, instead of using the username cisco and password cisco. For a more detailed procedure, see Step 5 through Step 6 under I Use the Cisco IOS Startup Sequence.


Verify that the PC IP address is properly configured. Some routers require that the PC obtain an IP address automatically and some require that it be configured with a static IP address. Find your router in either Table 1 or Table 2 to determine how the PC should be configured.



Task 4: Complete Cisco SDM Express

Cisco SDM Express is a Cisco SDM program that lets you quickly configure the router LAN and Internet connections. After you use Cisco SDM Express to give the router these basic connections, you can use Cisco SDM for more complex configurations. Use Cisco SDM Express by performing the following steps:


Step 1 When you connect to the router, the Cisco SDM Express Launch page (Figure 5) appears, followed by one or more certificate windows. Click Yes, or click Grant to accept the certificates.

Figure 5 Cisco SDM Express Launch Page

Step 2 The Cisco SDM Express Overview page appears and then the Cisco SDM Express Wizard page is also displayed (Figure 6). Click Next to begin configuring the router.

Figure 6 Cisco SDM Express Overview and Wizard Pages


Tip The Cisco SDM Express wizard will ask you to enter an enable secret password to control access to Cisco IOS software. Be sure to write down or remember the enable secret password that you enter. It is not shown in the Enable Password field or in the Summary window, and it cannot be reset without erasing the router configuration. You are also asked to change the router's LAN IP address from its default value.


Step 3 When the Summary window appears, write down the LAN IP address, the username and the user password that you entered, and click Finish. You will need this information to reconnect to the router to perform additional configuration.

Step 4 Exit Cisco SDM Express and complete "Task 5: Reconnect to the Router Using the New IP Address" to reconfigure the PC and reconnect to your router, using the new IP address that you gave to the LAN interface.


Task 5: Reconnect to the Router Using the New IP Address

If you changed the IP address of the router LAN interface as recommended in the Cisco SDM Express wizard, you lost your connection to the router. Follow these steps to reconnect to your router:


Step 1 Reconfigure your PC if necessary. If you configured a DHCP server on the router in Task 4, configure the PC to obtain an IP address automatically, as shown in Figure 1. If the router was already configured as a DHCP server but the address pool has changed, open a command window on the PC and enter ipconfig /release, followed by ipconfig /renew to obtain a new IP address from the router.

If you did not configure a DHCP server on the router, your network uses static IP addresses, and you must assign a new IP address to the PC Ethernet interface. Place it on the same subnet as the router's Ethernet port, which you configured in Task 4. Figure 7 shows an example PC configuration when the router LAN IP address is 192.0.2.1 (as indicated by the Default gateway field) and the subnet mask is 255.255.255.0. The PC is configured with an IP address of 192.0.2.2, an address on the same subnet as the router.

Figure 7 Configuring the PC with a New Static IP address

Step 2 Open a web browser and enter the new IP address that you gave the router LAN interface.

http://new-IP-address

For example, if you gave the LAN interface the IP address 192.0.2.1, you would enter the following command in the browser.

http://192.0.2.1

Step 3 Enter the username and password that you specified in Task 4. If SDM is installed on your router, the Cisco SDM home page appears, as shown in Figure 8.

Figure 8 Cisco SDM Home Page

If you followed the procedure in the "I Received the Cisco SDM CD" procedure, the Cisco SDM Express Overview window appears, as shown in Figure 9.

Figure 9 Cisco SDM Express Overview Window

Step 4 Test the Internet (WAN) connection that you configured by opening another web browser window and connecting to a website. If you can connect to a website, such as www.cisco.com, your WAN connection works properly. If you cannot, you can use Cisco SDM Express or Cisco SDM to correct your WAN settings.

Step 5 If you received the Cisco SDM CD, go to "Task 6: Install SDM from the CD" to install SDM.

If you did not receive the Cisco SDM CD, SDM is already installed on your router. You can proceed to the "Using Cisco SDM" section to learn about SDM.


Note You can click the Cisco SDM link in the Cisco SDM Express Overview window to start Cisco SDM if it is already installed on your router. If you received the Cisco SDM CD, Cisco SDM is not installed on your router yet.



Task 6: Install SDM from the CD

If you have the Cisco SDM CD, you can install Cisco SDM on the PC and on the router. If Cisco SDM launched when you reconnected to the router in Task 5: Reconnect to the Router Using the New IP Address, Cisco SDM is already installed on the router and you do not need to complete this procedure.

The installation wizard on the CD guides you through installing Cisco SDM and its components on your PC and your router. Installing Cisco SDM on your PC allows you to use Cisco SDM to configure and manage other routers on your network.


Step 1 Return to the CD screen, and click Install SDM (Figure 10).

Figure 10 Click Install SDM

Step 2 When the Install Options window appears (Figure 11), choose where you want to install SDM. Choosing This Computer installs SDM on the PC and enables you to configure and monitor other routers on the network besides the router you have just set up.

Figure 11 Choose Where You Want to Install Cisco SDM

You can also install Cisco SDM and its other applications on your router, or you can install them on both the PC and the router.

Step 3 Complete the installation wizard.


Using Cisco SDM

If Cisco SDM is installed on the router, start it by opening a browser and entering the new IP address that you gave the LAN interface, just as you did in Task 5: Reconnect to the Router Using the New IP Address.

http://new-IP-address

For example, if the router LAN IP address is 192.0.2.1, enter the following command:

http://192.0.2.1

If Cisco SDM is installed on the PC, start it by selecting it from the program menu (Start > Programs > Cisco Systems > SDM 2.x. Then, provide the IP address of the router in the SDM Launcher window (Figure 12).

Figure 12 SDM Launcher


Tip If you are using Internet Explorer on a PC running Windows XP with Service Pack 2, and Internet Explorer displays a message telling you that it has restricted this file from showing active content that could access your computer, select Tools > Internet Options > Advanced from the Internet Explorer Tools menu, and check Allow active content to run in files on my computer. Then click Apply, and relaunch SDM.


Cisco SDM provides a series of easy-to-use wizards that quickly take you step by step through configuring your router, without requiring knowledge of the Cisco IOS software CLI. You can use Cisco SDM wizards to:

Configure additional LAN and WAN connections.

Create firewalls.

Configure VPN, Easy VPN, and DMVPN connections, and create and manage digital certificates.

Perform a security audit on the router and have SDM fix security problems.

Configure basic routing.

Create Network Address Translation (NAT) rules on the router.

Create Quality of Service (QoS) policies.

After you have used wizards to create basic configurations, SDM enables you to edit the configurations you created. You can edit firewalls to create a firewall policy for your network. You can also configure and manage the Intrusion Prevention System (IPS) on the router to protect your network from attacks, and perform additional tasks, such as creating user accounts and creating router management policies.

To start a wizard, simply click the Configure button at the top of the SDM home page shown in Figure 8, and then click the appropriate button in the left frame of the SDM Configuration window, Figure 13.

Figure 13 A Cisco SDM Configuration Window

Click the Help button in any SDM window for more information on the task you are performing.

Cisco SDM automatically saves changes to the router's running configuration, and you can direct it to save the running configuration to the startup configuration.

You're Done! Where to Go from Here

Now that you have used Cisco SDM to give your router an initial configuration, you can continue to use Cisco SDM to configure additional features or modify existing feature configurations.You can use the Cisco SDM URL to start Cisco SDM and then add to or modify your router configuration at any time.

If you have other supported routers on which you would like to install Cisco SDM, see the "Obtaining the Latest Version of Cisco SDM" section.

For More Information About Cisco SDM and About Your Router

For additional information about Cisco SDM features, refer to the Cisco SDM online help. Additional information about Cisco SDM is also available on the Cisco SDM website at http://www.cisco.com/go/sdm. This website provides access to detailed information about Cisco SDM, including an Cisco SDM FAQ, data sheet, customer presentation, Flash demo, and links to technical documentation and product updates. If you are configuring a Cisco 83x router, you should obtain the following document:

Switching From Cisco Router Web Setup to Cisco Router and Security Device Manager on Cisco 83x Series Routers.

Refer to the quick start guide for your router for other procedures, such as connecting a PC to the router console port so that you can use the CLI when you need to, and using the router LEDs to verify installation. The quick start guide may also contain important warranty information.

Obtaining the Latest Version of Cisco SDM

Cisco SDM is regularly enhanced to provide new features. If you are already running Cisco SDM on the router, you can update Cisco SDM automatically by clicking on the Tools menu and selecting Update Cisco SDM. Cisco SDM will determine if there is a more recent version available and enable you to download it and install it on the router.

If you have a supported router that does not have Cisco SDM installed, you can download the latest version of Cisco SDM free of charge and instructions for installing it on your router from the following location:

http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm

You should consult the Cisco SDM release notes to determine if it is supported for the router on which you want to install it.

Updating SDM from the CD

You can use the SDM CD to update the SDM software on other routers. Follow the procedure in the "Task 6: Install SDM from the CD" section, choosing Cisco Router in the Install Options screen (Figure 11). Provide the router's IP address, a username with privilege level 15 and the password. When asked if you want to overwrite the SDM software, click Yes. The Installation wizard will update SDM software on your router.

I Use the Cisco IOS Startup Sequence

This section explains how to use the Cisco IOS startup sequence to configure your router instead of using Cisco SDM.


Note If you have already configured the router using Cisco SDM, you do not need to read this section.


Because Cisco SDM uses a default configuration file, your router will not execute the standard Cisco IOS startup sequence. You can use this section to run the Cisco IOS setup utility and take advantage of a TFTP or BOOTP configuration download, or use other features available through the standard Cisco IOS startup sequence. It also tells you what to do if you want to use Cisco SDM in the future.

The configuration file shipped with your router does the following:

Provides an IP address for your Fast Ethernet interface, enabling an interface to your LAN

Enables your router's HTTP/HTTPS server, allowing HTTP access from your LAN

Creates a default username (cisco) and password (cisco) with privilege level 15

Enables Telnet/SSH access to the router from your LAN

If you want to erase the existing configuration and take advantage of the Cisco IOS startup sequence, perform the following steps. Cisco SDM will remain on the router.


Step 1 Connect the light blue console cable, included with your router, from the blue console port on your router to a serial port on your PC. Refer to your router's hardware installation guide for instructions.

Step 2 Connect the power supply to your router, plug the power supply into a power outlet, and turn on your router. Refer to your router's quick start guide for instructions.

Step 3 Use HyperTerminal or a similar terminal emulation program on your PC, with the terminal emulation settings of 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to your router.

Step 4 Enter the username cisco and password cisco when prompted.


Note These credentials expire after being used once, and you must create a new username and password during this session to ensure that you are able to login to the router in the future. The user must be configured with privilege level 15.


Step 5 At the router prompt, enter the enable command. The default configuration file does not configure an enable password.

yourname> enable

yourname#

Step 6 Create a new username and password by entering the following command:

username username privilege 15 secret 0 password


Replace username and password with the username and password that you want to use. For future sessions, log into the router using the new username and password that you create instead of using the username cisco and password cisco.

Step 7 Enter the erase startup-config command.

yourname# erase startup-config

Step 8 Confirm the command by pressing Enter.

Step 9 Enter the reload command.

yourname# reload

Step 10 Confirm the command by pressing Enter.


After you press Enter, the router will begin executing the standard startup sequence. If you want to use Cisco SDM to perform subsequent configurations for the router, you must manually configure the router to support web-based applications, and the Telnet and Secure Shell (SSH) protocols. You must also create a user account with a privilege level of 15. See the "I Want to Enable Cisco SDM on a Router I Configured Using the Cisco IOS Startup Sequence" section for this information.

I Want to Enable Cisco SDM on a Router I Configured Using the Cisco IOS Startup Sequence

This section provides information on enabling Cisco SDM on a router that has been configured using the Cisco IOS startup sequence or the CLI. If you erased the factory startup configuration in order to use the Cisco IOS startup sequence, you can still use Cisco SDM. In order to do so, you must configure the router to support web-based applications, configure it with a user account defined with privilege level 15, and then configure it to support the Telnet and SSH protocols. These changes can be made using a telnet session or using a console connection.

Configuring the Router to Support Web-Based Applications, a User with Priv 15, and Telnet/SSH


Step 1 Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands:

Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local

If the router uses an IPSec Cisco IOS image, the HTTPS server is enabled. Otherwise only the HTTP server is enabled.

Step 2 Create a user account with privilege level 15 (enable privileges).

Router(config)# username <username> privilege 15 password 0 <password>

Replace <username> and <password> with the username and password that you want to configure.

Step 3 Configure SSH and Telnet for local login and privilege level 15:

Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit

Step 4 (Optional) Enable local logging to support the log monitoring function:

Router(config)# logging buffered 51200 warning


To begin using Cisco SDM on a router that has received a manual configuration, read the next section.

Starting Cisco SDM on a Manually Configured Router

Cisco SDM is a web-based application that must be run from a PC that is connected to the router over a LAN. See Table 1 or Table 2 to determine which router port to connect the PC to. If the router is configured as a DHCP server, the PC must be configured to receive an IP address automatically. If the router is not configured as a DHCP server, you must configure the PC with a static IP address on the same subnet as the router interface to which you are connecting the PC. For example, if the router interface has the IP address 192.0.2.1, and the subnet mask is 255.255.255.248, you must configure the PC IP address in the range 192.0.2.2 through 192.0.2.6.


Step 1 Open a web browser on the PC, and enter the IP address that you gave the router LAN interface.

https://LAN-IP-address

For example, if the router LAN IP address is 192.0.2.1, enter the following command:

http://192.0.2.1

Step 2 Enter the username and password that you specified in Step 2 of "Configuring the Router to Support Web-Based Applications, a User with Priv 15, and Telnet/SSH."

The Cisco SDM Overview window appears, as shown in Figure 8. To continue configuring your router, see the "Using Cisco SDM" section.


Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

See the quick start guide for the router you have just configured for information on obtaining other documentation, providing documentation feedback, and obtaining technical assistance.

Printed in the USA on recycled paper containing 10% postconsumer waste.