Step 4: Configure Your Router with Security Device Manager

Step 1:   SMB Support Assistant Site Survey     Step 2:   Set Up Your 800 or SB 100 Router Hardware                   Set Up Your 1700 Series Router Hardware                   Set Up Your 1800 Series Router Hardware                   Set Up Your 2600 Series Router Hardware                   Set Up Your 2800 Series Router Hardware                   Set Up Your 3800 Series Router Hardware     Step 3:   Download and Install Security Device Manager     Step 4:  Configure Your Router with Security Device Manager                       Introduction                       Requirements                       Launch SDM                       Reset the Router to the Default Configuration                       Record Interfaces                       Complete the Startup Wizard                       Perform Additional Configurations                            Configure a Time Server                       Next Step                       Troubleshoot the Procedure                       Related Information     Step 5:   Configure Wireless Security on an Integrated Services Router (ISR Only)     Step 6:   Add or Remove a Wireless User on an Integrated Services Router (ISR Only)     Step 7:   Set Up an ADSL Internet Connection                   Set Up an Ethernet Internet Connection                   Set Up an ISDN Internet Connection                   Set Up a T1, E1, or Serial Internet Connection     Step 8:   Set Up Internet Security on a Cisco Router

Download PDF   Step 4: Configure Your Router with Security Device Manager    Set Up Your Cisco Router

Introduction

This document explains how to configure and manage your router with Cisco Security Device Manager (SDM).

Note: If you have an ASA Security Appliance in your network, refer to Configure Your Router with Security Device Manager for ASA.

Back to Top

Requirements

To perform the steps described in this document, you need to have these items:

• A router with Cisco Security Device Manager (SDM) installed. If your router does not come with SDM installed, refer to Download and Install Security Device Manager.

• A crossover Ethernet cable

• A console cable

• A PC with a Pentium III or higher processor

• Windows 2000 or XP

  Note: Windows 2000 Advanced Server is not supported.

• One of these web browsers:

  • Netscape version 7.1 or later.

  • Internet Explorer version 5.5 or later.

    Note: If you are using the Java plugin, you need to use SUN Java Runtime Environment (JRE) version 1.4.2_05. For information about how to update your version of JRE, refer to Sun Microsystems .

• Completed worksheets from the Site Survey:

  • LAN Addressing Worksheet

  • Internet Worksheet

  • ISR Router Worksheet

Back to Top

Launch SDM

To start SDM, follow these steps:

1. Open a web browser and type http://router IP address in the Address field. The router's IP address is the IP address that you entered in the LAN Addressing Worksheet (L6A).

2. At the login prompt, enter the username and password for the privileged (privilege level 15) account on your router. If your router has the default configuration, use the username "cisco" and password "cisco".

   Note: If you are unable to log in, see Troubleshoot the Procedure for assistance.

3. If you see a screen similar to the example, click Security Device Manager (SDM) to launch SDM. If you see a screen labeled Home: Summary Status, continue to the next step.

   

   Note: If you do not see an option for SDM, see Troubleshoot the Procedure for assistance.

4. If the router's home page appears, click Cisco Router and Security Device Manager in the left column.

   

   Note: If you see an option A more secure connection (HTTPS) to this device is available, click Yes.

5. SDM displays a launch page and opens the main interface in a separate window.

   

6. The SDM Java applet loads on your PC. If your browser displays a security warning, click Yes to accept the SDM download.

7. When the application has loaded completely, SDM displays the SDM Home page. If your router has a default configuration, SDM launches a the SDM Express Wizard Wizard.

   

8. If your router loads SDM Express Setup, see Complete the Startup Wizard. Otherwise, proceed to Reset the Router to the Default Configuration.

   Note: If you want to modify an existing configuration on the router, refer to Modify Your Router Configuration with Security Device Manager.

Back to Top

Reset the Router to the Default Configuration

If you have an existing configuration and want to reconfigure your router, reset your router to a default configuration. To reset your router to a default configuration, follow these steps:

Note: This procedure will delete your current configuration and replace it with a factory default configuration.

1. Click Configure.

   

2. Click Additional Tasks.

   

3. Click Reset to Factory Default.

   

4. Under Step 1 enter the location on your computer where you want to store a backup copy of the current router configuration.

5. Click Reset Router.

   Note: The router requires 1-2 minutes to reset.

6. Change your PC IP address to 10.10.10.2 with a subnet mask of 255.255.255.248. For further information about how to configure an IP address on your PC, refer to the document.

7. Open http://10.10.10.1 in a web browser.

8. Log into SDM with the username cisco and password cisco.

Back to Top

Record Interfaces

Follow these steps to record the available interfaces on your router:

1. Click Configure.

   

2. Click Interfaces and Connections.

3. Click Edit Interface/Connection.

   

4. Record the interfaces listed in fields B35-B38 of the ISR Router Worksheet.

Back to Top

Complete the Startup Wizard

If your router has a default configuration, SDM runs the Startup Wizard. To complete the wizard, follow these steps:

1. On the Welcome screen, click Next.

   

2. At the Basic Configuration screen, enter your new username and password. Use the administrative account and password that you entered in fields B10 and B11 of the ISR Router Worksheet. Next to Enable Secret Password, type the enable secret password that you entered in field B12 of the ISR Router Worksheet. Click Next.

   Note: For recommendations on how to implement strong passwords, refer to Password Security.

   

3. If you have a wireless router, follow these steps:

   Note: If you have a non-wireless router, proceed to the next step.

   1. SDM displays the Wireless Interface Configuration screen. Choose Yes and click Next to configure the wireless interface.

      

   2. On the LAN Interface Configuration screen, enter the IP address and subnet mask for the router (from fields L6A and L1A on the LAN Addressing Worksheet). Enter the Wireless Network Name that you entered in field W14 of the ISR Router Worksheet and click Next.

      

4. On the LAN Interface Configuration screen, enter the IP address and subnet mask for the router (from fields L6A and L1A on the LAN Addressing Worksheet). Click Next.

   Note: If you have a wireless router, proceed to the next step.

   

5. On the DHCP Configuration screen, check Enable DHCP server on the LAN interface and enter the IP address of the DHCP start range and the DHCP end range that you entered in the LAN Addressing Worksheet (L50 and L51).

   In the Domain Name Server Configuration section, enter the DNS information for your network.

   • If you have an internal DNS server, enter the IP addresses of your internal DNS servers that you completed in the LAN Addressing Worksheet (L4 and L5).

   • If you do not have an internal DNS server, copy the IP addresses you completed in the Internet Worksheet (B50 and B51).

   Click Next.

   

6. On the WAN Configuration screen, click Next, and click No to skip WAN Configuration.

   

7. On the Security Configuration screen, check all of the check boxes, and then click Next.

   

8. On the Wizard Summary screen, review your configuration to ensure that it is accurate, and then click Finish.

9. When the Reconnection Instructions screen appears, click OK to save the new configuration. To reconnect to SDM, open the new router IP address (from Step 5) in a web browser and log in with the new password (from Step 4).

   Note: Since the router IP address has changed, you will lose your connection to the router. To reconnect to the router with SDM, configure your PC with an IP address to match the IP address for your Ethernet interface. For example, if you configured your router Ethernet interface with the address 192.168.10.1 with a subnet mask of 255.255.255.0, your PC must have an IP address from 192.168.10.2-254 with the same subnet mask. For more information on how to configure an IP address on your PC, refer to Configure an IP Address on Your PC.

Back to Top

Perform Additional Configurations

When you have completed configuration with the wizard, you need to add these configurations to the router manually.

Configure a Time Server

A time server ensures that your router has the correct time. To configure a time server, follow these steps:

1. Click Configure.

   

2. Click Additional Tasks.

   

3. Double-click Router Properties, and then click NTP/SNTP.

   

4. Click Add.

5. Choose SNTP Server IP Address and enter 192.43.244.18.

   

   Note: You can also choose SNTP Server Hostname and enter time.nist.gov. Your router must have an active Internet connection to use a host name.

6. Click OK.

7. Click File > Write to Startup Config to save your configuration.

Back to Top

Next Step

You have now configured your router with SDM.

If you have an Integrated Services Router with a wireless antenna, proceed to Configure Wireless Security on an Integrated Service Router.

If you want to configure an Internet connection, refer to the appropriate document for your connection. If you are not sure what connection type you have, refer to your Internet Worksheet.

• Set Up an Ethernet Connection
• Set Up an ADSL Connection
• Set up a T1/E1/Serial Connection
• Set up an ISDN Connection

Note: If your router is already connected to the Internet, refer to Set Up Internet Security on a Cisco Router.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Related Information

• Download and Install Security Device Manager
• Cable Descriptions
• Configure an IP Address on Your PC