Downloading and Installing Cisco Security Device Manager (SDM) Version 1.

0
8/9/03 This document contains instructions on downloading Cisco Security Device Manager (SDM) version 1.0 from the Cisco.com web site and installing it onto your router. This document is updated as needed. This document contains the following sections:

About SDM Installing SDM Upgrading SDM on a Router With an Earlier Version of SDM Launching SDM Related Documentation

About SDM
SDM is an easy-to-use, java-based device management tool, designed for configuring LAN, WAN, and security features on a router. SDM is designed for resellers and network administrators of small- to medium-sized businesses who are proficient in basic network design. For fast and efficient configuration of Ethernet networks, WAN connectivity, firewalls and Virtual Private Networks (VPNs), Cisco SDM prompts you through the setup process with wizards. Cisco SDM requires no previous experience with Cisco devices or the Cisco command-line interface (CLI). SDM resides in your routers Flash memory, but when invoked, it is downloaded and run from a your PC using a web browser. To determine whether or not your router hardware, Cisco IOS version, PC hardware, and web browser are supported by SDM, refer to the following sections:

Cisco Routers and Cisco IOS Versions Supported PC System Requirements Browser Requirements

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Copyright 2003 Cisco Systems, Inc. All rights reserved.

About SDM

Cisco Routers and Cisco IOS Versions Supported

Table 1 lists the routers and Cisco IOS versions supported by SDM version 1.0.
Table 1 SDM-Supported Routers and Cisco IOS Versions

SDM-Supported Routers Cisco 831, 836, and 837 Cisco 1701, 1710, 1721, 1751, 1751-v ,1760, and 1760-v

SDM-Supported Cisco IOS Versions 12.2(13)ZH or later.

12.2(13)ZH, or later 12.2(13)T3 or later 12.3(1)M or later 12.2(11)T6 not supported 12.2(15)ZL 12.2(11)T6 or later 12.3(1)M or later 12.2(13)T3 not supported1 12.2(13)ZJ 12.2(11)T6 or later 12.3(1)M or later 12.2(13)T3 not supported1 12.2(11)T6 or later 12.3(1)M or later 12.2(13)T3 not supported1

Cisco 1711 and 1712 Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, and 2691

Cisco 3620, 3640, 3640A, 3661, and 3662

Cisco 3725 and 3745

1. 12.2(13)T3 will be supported in the next release of SDM, which will be available in July 2003.

Note

For information about supported network modules and WAN interface cards (WICs), refer to the Security Device Manager Version 1.0 Release Notes.

PC System Requirements
SDM is designed to run on a personal computer that has a Pentium III or higher processor and that is running any of the following operating systems:

Windows NT 4.0 workstation with Service Pack 4 Windows 98 (second edition) Windows 2000 Windows ME Windows XP

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0

OL-4332-03

Installing SDM

Browser Requirements
SDM supports the following browsers:

Netscape version 4.79 with Java support or with Java plug-in JRE version 1.3.1 or later Internet Explorer version 5.5 or later with Java support or with Java plug-in JRE version 1.3.1 or later

Installing SDM
SDM comes preinstalled on all supported routers manufactured in June 2003 or later that were purchased with the VPN bundle. SDM is also available as a separate option on all supported routers manufactured in June 2003 or later. If you have a router that does not have SDM installed, and would like to use SDM, you must download it from the Cisco.com website and install SDM on your router.

Note

If you purchased a router on which SDM came pre-installed, you do not need to download and install SDM. For instructions on starting SDM, see the Launching SDM section.

Note

For information on how to determine whether or not SDM is installed on your router, refer to the FAQ document, available at http://www.cisco.com/go/sdm This section contains instructions for the following:

Configuring Your Router to Support SDM Downloading the SDM Files and a Cisco IOS Image to a TFTP Server Downloading the Cisco IOS Image to Your Router Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router

Configuring Your Router to Support SDM

Before SDM can run on your router, a few configuration options must be present in the router configuration file. There are several default router configuration files included in the SDM download file. You can either use one of these default configuration files, or modify your existing configuration file using the router CLI to ensure that your router configuration supports SDM.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0 OL-4332-03

Installing SDM

Modifying Your Existing Configuration File

Before installing SDM onto your router, access the CLI using Telnet or the console connection to modify the existing configuration file on your router. SDM requires that the following commands are present in your router configuration file:

The router HTTP/HTTPS server must be enabled, using the following Cisco IOS commands:
ip http server ip http secure-server ip http authentication local

SDM requires a user account defined with privilege level 15 (enable privileges):
username sdm privilege 15 password 0 sdm

Note

For security purposes, the user account defined should be different than the default one used in the example above.

SSH/Telnet must be configured for local login and privilege level 15:
line vty 0 4 privilege level 15 login local transport input telnet transport input telnet ssh

Local logging should (optionally) be enabled to support the log monitoring function:
logging buffered 51200 warning

If you use your existing configuration file, SDM will not display the Startup Wizard the first time you run SDM. It is assumed that you have already done basic network configuration.

Using a Default Configuration File

Included in the SDM download file are several default configuration files. See the table below to determine which configuration file should be used for your router:
Table 2 Supplied Default Conguration Files

Router Cisco 831, 836, or 837 Cisco 1701, 1710, or 1721 Cisco 1711 or 1712 Cisco 1751 or 1760

Use This Configuration File sdmconfig-83x.cfg sdmconfig-1701-1710-1721.cfg sdmconfig-1711-1712.cfg sdmconfig-1751-1760.cfg

Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, sdmconfig-26xx.cfg or 2691 Cisco 3620, 3640, 3640A, 3661, 3662, 3725, or 3745 sdmconfig-36xx-37xx.cfg

When following the instructions to download the SDM files to your router, use the default configuration file that is listed for your router.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0

OL-4332-03

Installing SDM

If you use a default configuration file, SDM will display the Startup Wizard, letting you enter basic network configuration information, the first time you run SDM.

Downloading the SDM Files and a Cisco IOS Image to a TFTP Server
If you have a router manufactured before June 2003, you may need to upgrade your Cisco IOS software to a version that supports SDM. To determine whether or not your version of Cisco IOS supports SDM, see the Cisco Routers and Cisco IOS Versions Supported section on page 2. This section contains instructions for downloading both SDM and an upgraded version of Cisco IOS from the Cisco.com web site. If you do not need to upgrade your Cisco IOS software, follow only the instructions for downloading SDM.

Note

SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by following the link http://www.winzip.com. On your PC, open a web browser. Enter the following URL into your web browser:
http://www.cisco.com/cgi-bin/tablebuild.pl/sdm

Step 1

Step 2

Log in using your Cisco.com login user identification and password, and follow the instructions on the SDM Software page to download the SDM .zip file (sdm-vnn.zip).

Note

It is recommended that you also download and read the SDM version 1.0 Release Notes. That document is also available at the following URL: http://www.cisco.com/go/sdm.

Step 3

Double-click the sdm-vnn.zip file and extract the files sdm.tar, sdm.shtml, and several sdmconfig-xxxx.cfg files to the root directory of a TFTP server. The TFTP server can be a PC with a TFTP server utility. If you need assistance extracting the files to the directory you want to place them in, refer to the WinZip online help. If you do not need to upgrade your Cisco IOS version, you are now ready to download the SDM files to your router. Skip to the Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router section on page 6, or to the Downloading the SDM Files to a Cisco 831, 836, or 837 Router section on page 7, depending on the type of router that you have.

Step 4

If you need to upgrade your Cisco IOS version, enter the following URL into your web browser to access the Cisco IOS software center:
http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml

Step 5

Follow the links on the page to download an upgraded version of Cisco IOS software. See the Cisco Routers and Cisco IOS Versions Supported section on page 2 to ensure that you are downloading an SDM-supported Cisco IOS image. Save the Cisco IOS image file to a TFTP server.

Step 6

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0 OL-4332-03

Installing SDM

SDM and the upgraded Cisco IOS image are now downloaded to the TFTP server. To download the Cisco IOS image to your router, proceed to the Downloading the Cisco IOS Image to Your Router section.

Downloading the Cisco IOS Image to Your Router

To download the Cisco IOS image to your router.

Note

This section describes one way to upgrade your Cisco IOS software. You may also want to view the document Software Installation and Upgrade Procedure to view alternative procedures, particularly if you have a router using PCMCIA Flash cards.

Note

If you did not download an upgraded version of the Cisco IOS software, do not follow the instructions in this section. Skip to the Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router section on page 6 to continue the installation procedure. Access the router CLI using a Telnet connection or the console port. Delete your old Cisco IOS image from Flash memory, using the following CLI commands, and responding to the prompts as shown:
Router# delete <old IOS image name> Delete filename [<old IOS image name>]? y Delete flash:y? [confirm] n Delete flash:y aborted! Router# squeeze flash:

Step 1 Step 2

Step 3

Copy the Cisco IOS image to the router Flash memory, using the following CLI command:
Router# copy tftp://<tftp server IP address>/<new IOS image name> flash:

When prompted do NOT erase the Flash memory.

Step 4

Reboot the router to use the new Cisco IOS image using the following CLI command:
Router# reload

The new Cisco IOS image is now installed on your router. To install the SDM files, proceed to the Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router section on page 6 or the Downloading the SDM Files to a Cisco 831, 836, or 837 Router section on page 7, depending on your type of router.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0

OL-4332-03

Installing SDM

Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router
To download the SDM files to a Cisco 1700, 2600, 3600, or 3700 series router.

Note

SDM requires approximately 2.3 MB of free Flash memory. If your Flash memory has multiple partitions, you must copy the SDM files to partition number 1. Download the SDM files to a TFTP server by following the procedure in the Downloading the SDM Files and a Cisco IOS Image to a TFTP Server section on page 5. Access the router CLI using a Telnet connection or the console port. Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/sdm.tar flash: Router# copy tftp://<tftp server IP address>/sdm.shtml flash:

Step 1 Step 2 Step 3

When prompted do NOT erase the Flash memory.

Step 4

If you want to use one of the default configuration files included with sdm-vnn.zip, copy the configuration file listed for your router to the router Flash memory and make it active, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/<configuration file name> flash: Router# copy <configuration file name> start

When prompted do NOT erase the Flash memory.

SDM is now installed on your router. To launch SDM, proceed to the Launching SDM section.

Downloading the SDM Files to a Cisco 831, 836, or 837 Router

To download the SDM files to a Cisco 831, 836, or 837 Router.

Note

SDM is configured to be the default device manager on all routers except the Cisco 831, 836, and 837 routers. The Cisco Router Web Setup Tool (CRWS) is the default device manager on these routers. If you have one of these routers, please refer to the document Switching Between Cisco Security Device Manager (SDM) and Cisco Router Web Setup Tool (CRWS) on Cisco 83x Series Routers for instructions on how to switch between SDM and CRWS. Download the SDM files to a TFTP server by following the procedure in the Downloading the SDM Files and a Cisco IOS Image to a TFTP Server section on page 5. Access the router CLI using a Telnet connection or the console port. Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# Router# Router# Router# Router# Router# copy tftp://<tftp server IP address>/sdm.tar flash: copy tftp://<tftp server IP address>/sdm.shtml flash: copy flash:sdm.shtml nvram:sdm.shtml copy nvram:sdm.shtml flash:home.html copy nvram:sdm.shtml flash:sdm.shtml.hide delete nvram:sdm.shtml

Step 1 Step 2 Step 3

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0 OL-4332-03

Upgrading SDM on a Router With an Earlier Version of SDM

When prompted do NOT erase the Flash memory.

Step 4

If you want to use one of the default configuration files included with sdm-vnn.zip, copy the configuration file listed for your router to the router Flash memory and make it active, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/sdmconfig-83x.cfg flash: Router# copy flash:sdmconfig-83x.cfg start

When prompted do NOT erase the Flash memory.

SDM is now installed on your router. To launch SDM, proceed to the Launching SDM section.

Upgrading SDM on a Router With an Earlier Version of SDM

To upgrade SDM on a router that has an earlier version of SDM installed, you must delete the file sdm.tar and the SDM configuration file from Flash memory and replace them with the new versions.

Note

SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by following the link http://www.winzip.com. Use the following procedure to upgrade SDM on a router that has an earlier version of SDM installed.

Step 1

Obtain the SDM zip file (sdm-vnn.zip) from Cisco.com by following the instructions in the Downloading the SDM Files and a Cisco IOS Image to a TFTP Server section of this document. The SDM zip file contains the latest version of SDM, and the router configuration files that SDM uses. Double-click the sdm-vnn.zip file and extract the files sdm.tar, sdm.shtml, and several sdmconfig-xxxx.cfg files to the root directory of a TFTP server. The TFTP server can be a PC with a TFTP server utility. If you need assistance extracting the files to the directory you want to place them in, refer to the WinZip online help. Telnet to the router, and remove the file sdm.tar, and the router configuration file from Flash memory by entering the following commands:
router#delete sdm.tar Delete filename [sdm.tar]? Delete flash:sdm.tar? [confirm] router#squeeze flash:

Step 2

Step 3

Step 4

Copy the new sdm.tar file to Flash memory by following the instructions in Downloading the SDM Files to a Cisco 1700, 2600, 3600, or 3700 Series Router or Downloading the SDM Files to a Cisco 831, 836, or 837 Router.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0

OL-4332-03

Launching SDM

Launching SDM
SDM is stored in the router Flash memory. It is invoked by executing an HTML file in the router archive, which then loads the signed SDM Java file. To launch SDM:
Step 1 Step 2

From your browser, access the router using the following URL: Type in the following universal resource locator (URL): https://<router IP address>/flash/sdm.shtml https://... specifies that the Secure Socket Layer (SSL) protocol be used for a secure connection. http://... can be used if SSL is not available. The SDM launch screen will appear in the browser window. The username/password challenge will appear in a separate dialog box.

Step 3

If you used your existing router configuration file, enter the username and password for the privileged (privilege level 15) account on your router. See the section Modifying Your Existing Configuration File for more information. If you used one of the default configuration files included with the SDM .zip file, enter the user account sdm and password sdm. The SDM Java applet will begin loading to your PC. SDM is a signed Java applet. This may cause your browser to display a security warning. Accept the certificate. If you have loaded one the default configuration files included in the SDM zip file, then the first time that you run SDM, the SDM startup wizard will appear, requiring you to enter basic network configuration information. This information needs to be entered only once. After this initial configuration, or if you used your existing router configuration file, SDM will display the SDM Overview page.

Step 4

Related Documentation
The following documents are available at the URL http://www.cisco.com/go/sdm.

Cisco Security Device Manager Users Guide Cisco Security Device Manager Version 1.0 Release Notes Cisco Security Device Manager FAQ Switching Between Cisco Security Device Manager (SDM) and Cisco Router Web Setup Tool (CRWS) on Cisco 83x Series Routers

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0 OL-4332-03

Related Documentation

This document is to be used in conjunction with the documents listed in the Related Documentation section.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0304R)

Copyright 2003 Cisco Systems, Inc. All rights reserved.

Downloading and Installing Cisco Security Device Manager (SDM) Version 1.0

10

OL-4332-03