Downloading and Installing Cisco Security

Device Manager (SDM) Version 1.0

8/9/03
This document contains instructions on downloading Cisco Security Device Manager (SDM) version 1.0
from the Cisco.com web site and installing it onto your router. This document is updated as needed.
This document contains the following sections:
• About SDM
• Installing SDM
• Upgrading SDM on a Router With an Earlier Version of SDM
• Launching SDM
• Related Documentation

About SDM
SDM is an easy-to-use, java-based device management tool, designed for configuring LAN, WAN, and
security features on a router. SDM is designed for resellers and network administrators of small- to
medium-sized businesses who are proficient in basic network design.
For fast and efficient configuration of Ethernet networks, WAN connectivity, firewalls and Virtual
Private Networks (VPNs), Cisco SDM prompts you through the setup process with wizards. Cisco SDM
requires no previous experience with Cisco devices or the Cisco command-line interface (CLI).
SDM resides in your router’s Flash memory, but when invoked, it is downloaded and run from a your PC
using a web browser. To determine whether or not your router hardware, Cisco IOS version, PC
hardware, and web browser are supported by SDM, refer to the following sections:
• Cisco Routers and Cisco IOS Versions Supported
• PC System Requirements
• Browser Requirements

Corporate Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Copyright © 2003 Cisco Systems, Inc. All rights reserved.

 About SDM

Cisco Routers and Cisco IOS Versions Supported

Table 1 lists the routers and Cisco IOS versions supported by SDM version 1.0.

Table 1 SDM-Supported Routers and Cisco IOS Versions

SDM-Supported Routers SDM-Supported Cisco IOS Versions

Cisco 831, 836, and 837 12.2(13)ZH or later.
Cisco 1701, 1710, 1721, 1751, 1751-v ,1760, and • 12.2(13)ZH, or later
1760-v • 12.2(13)T3 or later
• 12.3(1)M or later
• 12.2(11)T6 not supported
Cisco 1711 and 1712 • 12.2(15)ZL
Cisco 2610XM, 2611XM, 2620XM, 2621XM, • 12.2(11)T6 or later
2650XM, 2651XM, and 2691 • 12.3(1)M or later
• 12.2(13)T3 not supported1
• 12.2(13)ZJ
Cisco 3620, 3640, 3640A, 3661, and 3662 • 12.2(11)T6 or later
• 12.3(1)M or later
• 12.2(13)T3 not supported1
Cisco 3725 and 3745 • 12.2(11)T6 or later
• 12.3(1)M or later
• 12.2(13)T3 not supported1
1. 12.2(13)T3 will be supported in the next release of SDM, which will be available in July 2003.

Note For information about supported network modules and WAN interface cards (WICs), refer to the
“Security Device Manager Version 1.0 Release Notes.”

PC System Requirements
SDM is designed to run on a personal computer that has a Pentium III or higher processor and that is
running any of the following operating systems:
• Windows NT 4.0 workstation with Service Pack 4
• Windows 98 (second edition)
• Windows 2000
• Windows ME
• Windows XP

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
2 OL-4332-03
 Installing SDM

Browser Requirements
SDM supports the following browsers:
• Netscape version 4.79 with Java support or with Java plug-in JRE version 1.3.1 or later
• Internet Explorer version 5.5 or later with Java support or with Java plug-in JRE version 1.3.1 or
later

Installing SDM
SDM comes preinstalled on all supported routers manufactured in June 2003 or later that were purchased
with the VPN bundle. SDM is also available as a separate option on all supported routers manufactured
in June 2003 or later. If you have a router that does not have SDM installed, and would like to use SDM,
you must download it from the Cisco.com website and install SDM on your router.

Note If you purchased a router on which SDM came pre-installed, you do not need to download and install
SDM. For instructions on starting SDM, see the “Launching SDM” section.

Note For information on how to determine whether or not SDM is installed on your router, refer to the FAQ
document, available at
http://www.cisco.com/go/sdm

This section contains instructions for the following:

• Configuring Your Router to Support SDM
• Downloading the SDM Files and a Cisco IOS Image to a TFTP Server
• Downloading the Cisco IOS Image to Your Router
• Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router

Configuring Your Router to Support SDM

Before SDM can run on your router, a few configuration options must be present in the router
configuration file. There are several default router configuration files included in the SDM download file.
You can either use one of these default configuration files, or modify your existing configuration file
using the router CLI to ensure that your router configuration supports SDM.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
OL-4332-03 3
 Installing SDM

Modifying Your Existing Configuration File

Before installing SDM onto your router, access the CLI using Telnet or the console connection to modify
the existing configuration file on your router. SDM requires that the following commands are present in
your router configuration file:
• The router HTTP/HTTPS server must be enabled, using the following Cisco IOS commands:
ip http server
ip http secure-server
ip http authentication local

• SDM requires a user account defined with privilege level 15 (enable privileges):
username sdm privilege 15 password 0 sdm

Note For security purposes, the user account defined should be different than the default one used
in the example above.

• SSH/Telnet must be configured for local login and privilege level 15:
line vty 0 4
privilege level 15
login local
transport input telnet
transport input telnet ssh

• Local logging should (optionally) be enabled to support the log monitoring function:
logging buffered 51200 warning

If you use your existing configuration file, SDM will not display the Startup Wizard the first time you
run SDM. It is assumed that you have already done basic network configuration.

Using a Default Configuration File

Included in the SDM download file are several default configuration files. See the table below to
determine which configuration file should be used for your router:

Table 2 Supplied Default Configuration Files

Router Use This Configuration File

Cisco 831, 836, or 837 sdmconfig-83x.cfg
Cisco 1701, 1710, or 1721 sdmconfig-1701-1710-1721.cfg
Cisco 1711 or 1712 sdmconfig-1711-1712.cfg
Cisco 1751 or 1760 sdmconfig-1751-1760.cfg
Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, sdmconfig-26xx.cfg
or 2691
Cisco 3620, 3640, 3640A, 3661, 3662, 3725, or 3745 sdmconfig-36xx-37xx.cfg

When following the instructions to download the SDM files to your router, use the default configuration
file that is listed for your router.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
4 OL-4332-03
 Installing SDM

If you use a default configuration file, SDM will display the Startup Wizard, letting you enter basic
network configuration information, the first time you run SDM.

Downloading the SDM Files and a Cisco IOS Image to a TFTP Server
If you have a router manufactured before June 2003, you may need to upgrade your Cisco IOS software
to a version that supports SDM. To determine whether or not your version of Cisco IOS supports SDM,
see the “Cisco Routers and Cisco IOS Versions Supported” section on page 2.
This section contains instructions for downloading both SDM and an upgraded version of Cisco IOS
from the Cisco.com web site. If you do not need to upgrade your Cisco IOS software, follow only the
instructions for downloading SDM.

Note SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and
extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by
following the link http://www.winzip.com.

Step 1 On your PC, open a web browser.

Enter the following URL into your web browser:
http://www.cisco.com/cgi-bin/tablebuild.pl/sdm

Step 2 Log in using your Cisco.com login user identification and password, and follow the instructions on the
SDM Software page to download the SDM .zip file (sdm-vnn.zip).

Note It is recommended that you also download and read the SDM version 1.0 Release Notes. That
document is also available at the following URL:
http://www.cisco.com/go/sdm.

Step 3 Double-click the sdm-vnn.zip file and extract the files sdm.tar, sdm.shtml, and several
sdmconfig-xxxx.cfg files to the root directory of a TFTP server. The TFTP server can be a PC with a
TFTP server utility. If you need assistance extracting the files to the directory you want to place them
in, refer to the WinZip online help.
If you do not need to upgrade your Cisco IOS version, you are now ready to download the SDM files to
your router. Skip to the “Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series
Router” section on page 6, or to the “Downloading the SDM Files to a Cisco 831, 836, or 837 Router”
section on page 7, depending on the type of router that you have.
Step 4 If you need to upgrade your Cisco IOS version, enter the following URL into your web browser to access
the Cisco IOS software center:
http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml

Step 5 Follow the links on the page to download an upgraded version of Cisco IOS software. See the “Cisco
Routers and Cisco IOS Versions Supported” section on page 2 to ensure that you are downloading an
SDM-supported Cisco IOS image.
Step 6 Save the Cisco IOS image file to a TFTP server.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
OL-4332-03 5
 Installing SDM

SDM and the upgraded Cisco IOS image are now downloaded to the TFTP server. To download the Cisco
IOS image to your router, proceed to the “Downloading the Cisco IOS Image to Your Router” section.

Downloading the Cisco IOS Image to Your Router

To download the Cisco IOS image to your router.

Note This section describes one way to upgrade your Cisco IOS software. You may also want to view the
document “Software Installation and Upgrade Procedure” to view alternative procedures, particularly if
you have a router using PCMCIA Flash cards.

Note If you did not download an upgraded version of the Cisco IOS software, do not follow the instructions
in this section. Skip to the “Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series
Router” section on page 6 to continue the installation procedure.

Step 1 Access the router CLI using a Telnet connection or the console port.
Step 2 Delete your old Cisco IOS image from Flash memory, using the following CLI commands, and
responding to the prompts as shown:
Router# delete <old IOS image name>
Delete filename [<old IOS image name>]? y
Delete flash:y? [confirm] n
Delete flash:y aborted!
Router# squeeze flash:

Step 3 Copy the Cisco IOS image to the router Flash memory, using the following CLI command:
Router# copy tftp://<tftp server IP address>/<new IOS image name> flash:

When prompted do NOT erase the Flash memory.

Step 4 Reboot the router to use the new Cisco IOS image using the following CLI command:
Router# reload

The new Cisco IOS image is now installed on your router. To install the SDM files, proceed to the
“Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router” section on page 6”
or the “Downloading the SDM Files to a Cisco 831, 836, or 837 Router” section on page 7, depending
on your type of router.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
6 OL-4332-03
 Installing SDM

Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router
To download the SDM files to a Cisco 1700, 2600, 3600, or 3700 series router.

Note SDM requires approximately 2.3 MB of free Flash memory. If your Flash memory has multiple
partitions, you must copy the SDM files to partition number 1.

Step 1 Download the SDM files to a TFTP server by following the procedure in the “Downloading the SDM
Files and a Cisco IOS Image to a TFTP Server” section on page 5.
Step 2 Access the router CLI using a Telnet connection or the console port.
Step 3 Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/sdm.tar flash:
Router# copy tftp://<tftp server IP address>/sdm.shtml flash:

When prompted do NOT erase the Flash memory.

Step 4 If you want to use one of the default configuration files included with sdm-vnn.zip, copy the
configuration file listed for your router to the router Flash memory and make it active, using the
following CLI commands:
Router# copy tftp://<tftp server IP address>/<configuration file name> flash:
Router# copy <configuration file name> start

When prompted do NOT erase the Flash memory.

SDM is now installed on your router. To launch SDM, proceed to the “Launching SDM” section.

Downloading the SDM Files to a Cisco 831, 836, or 837 Router

To download the SDM files to a Cisco 831, 836, or 837 Router.

Note SDM is configured to be the default device manager on all routers except the Cisco 831, 836, and 837
routers. The Cisco Router Web Setup Tool (CRWS) is the default device manager on these routers. If
you have one of these routers, please refer to the document “Switching Between Cisco Security Device
Manager (SDM) and Cisco Router Web Setup Tool (CRWS) on Cisco 83x Series Routers” for
instructions on how to switch between SDM and CRWS.

Step 1 Download the SDM files to a TFTP server by following the procedure in the “Downloading the SDM
Files and a Cisco IOS Image to a TFTP Server” section on page 5.
Step 2 Access the router CLI using a Telnet connection or the console port.
Step 3 Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/sdm.tar flash:
Router# copy tftp://<tftp server IP address>/sdm.shtml flash:
Router# copy flash:sdm.shtml nvram:sdm.shtml
Router# copy nvram:sdm.shtml flash:home.html
Router# copy nvram:sdm.shtml flash:sdm.shtml.hide
Router# delete nvram:sdm.shtml

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
OL-4332-03 7
 Upgrading SDM on a Router With an Earlier Version of SDM

When prompted do NOT erase the Flash memory.

Step 4 If you want to use one of the default configuration files included with sdm-vnn.zip, copy the
configuration file listed for your router to the router Flash memory and make it active, using the
following CLI commands:
Router# copy tftp://<tftp server IP address>/sdmconfig-83x.cfg flash:
Router# copy flash:sdmconfig-83x.cfg start

When prompted do NOT erase the Flash memory.

SDM is now installed on your router. To launch SDM, proceed to the “Launching SDM” section.

Upgrading SDM on a Router With an Earlier Version of SDM

To upgrade SDM on a router that has an earlier version of SDM installed, you must delete the file sdm.tar
and the SDM configuration file from Flash memory and replace them with the new versions.

Note SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and
extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by
following the link http://www.winzip.com.

Use the following procedure to upgrade SDM on a router that has an earlier version of SDM installed.

Step 1 Obtain the SDM zip file (sdm-vnn.zip) from Cisco.com by following the instructions in the Downloading
the SDM Files and a Cisco IOS Image to a TFTP Server section of this document. The SDM zip file
contains the latest version of SDM, and the router configuration files that SDM uses.
Step 2 Double-click the sdm-vnn.zip file and extract the files sdm.tar, sdm.shtml, and several
sdmconfig-xxxx.cfg files to the root directory of a TFTP server. The TFTP server can be a PC with a
TFTP server utility. If you need assistance extracting the files to the directory you want to place them
in, refer to the WinZip online help.
Step 3 Telnet to the router, and remove the file sdm.tar, and the router configuration file from Flash memory by
entering the following commands:
router#delete sdm.tar
Delete filename [sdm.tar]?
Delete flash:sdm.tar? [confirm]
router#squeeze flash:

Step 4 Copy the new sdm.tar file to Flash memory by following the instructions in Downloading the SDM Files
to a Cisco 1700, 2600, 3600, or 3700 Series Router or Downloading the SDM Files to a Cisco 831, 836,
or 837 Router.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
8 OL-4332-03
 Launching SDM

Launching SDM
SDM is stored in the router Flash memory. It is invoked by executing an HTML file in the router archive,
which then loads the signed SDM Java file. To launch SDM:

Step 1 From your browser, access the router using the following URL:
Step 2 Type in the following universal resource locator (URL):
https://<router IP address>/flash/sdm.shtml
https://... specifies that the Secure Socket Layer (SSL) protocol be used for a secure connection.
http://... can be used if SSL is not available.
The SDM launch screen will appear in the browser window.
The username/password challenge will appear in a separate dialog box.
Step 3 If you used your existing router configuration file, enter the username and password for the privileged
(privilege level 15) account on your router. See the section Modifying Your Existing Configuration File
for more information. If you used one of the default configuration files included with the SDM .zip file,
enter the user account sdm and password sdm.
The SDM Java applet will begin loading to your PC.
Step 4 SDM is a signed Java applet. This may cause your browser to display a security warning. Accept the
certificate.
If you have loaded one the default configuration files included in the SDM zip file, then the first time
that you run SDM, the SDM startup wizard will appear, requiring you to enter basic network
configuration information. This information needs to be entered only once.
After this initial configuration, or if you used your existing router configuration file, SDM will display
the SDM Overview page.

Related Documentation
The following documents are available at the URL http://www.cisco.com/go/sdm.
• “Cisco Security Device Manager User’s Guide”
• “Cisco Security Device Manager Version 1.0 Release Notes”
• “Cisco Security Device Manager FAQ”
• “Switching Between Cisco Security Device Manager (SDM) and Cisco Router Web Setup Tool
(CRWS) on Cisco 83x Series Routers”

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
OL-4332-03 9
Related Documentation

This document is to be used in conjunction with the documents listed in the “Related Documentation” section.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of
Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST,
BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch,
Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers
logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet,
StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of
Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0304R)

Copyright © 2003 Cisco Systems, Inc. All rights reserved.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0
10 OL-4332-03