Professional Documents
Culture Documents
Introduction To SDM
Introduction To SDM
An Introduction To SDM
Overview
What Is SDM?
Preinstallation Requirements
Installing SDM
Even if you've used SDM before, don't skip this introduction. I've
got a very important tip for you regarding SDM that guarantees
success with it in both the exam room and the real world.
The SDM install generally goes smoothly, but there are some
prerequisite configurations you must be aware of for both the
CCNA Security exam and the real world.
Some routers come from the factory with the SDM files already
installed. The files numbered 2 - 6 in the following output of
show flash are SDM-specific files. If you have these files
already on your router, you do not need to install SDM from a
CD.
SDM_1#show flash
If you don't have those files, you do need the install CD. Not all
Cisco routers can run SDM; be sure to check Cisco's website for
the latest list of SDM-compliant routers.
When you run the CD, you'll have these two choices:
I won't insult you by telling you that you need to run First-Time
Router Setup.... well, the first time you run the CD! That option
will show you exactly how to cable your particular router, and
once you're done there, SDM Express runs. After this initial
config, the full SDM version will run.
... and then we're going to see a series of windows and prompts.
I know there's documentation out there that makes it seem as
though you go straight to the main SDM window after clicking
that icon, but that's not exactly the case. Here's the first window:
Note the option for HTTPS. I'll check that box and in the
dropdown window, I'll select 10.10.10.1, the neighboring
interface on the router. After clicking Launch, we're launched to
the next window!
... and this is the one you can't close until you're done! Actually,
you can close it, but SDM will close along with it.
Note that we were not told what the problem was. There's no
"username does not have the required level of access" message
or anything like that, so unauthorized users do not get a clue as
to why they can't log in.
We do have a clue in that opening line of the prompt, though -
"Enter login details to access level_15_or_view_access". The
user we log in as must have a privilege level of 15 (the highest
level possible) in order to successfully log in to SDM. After
entering the cbryant/universe combination that does have the
required privilege level, we're almost at the SDM Home window.
... and once that's completed, we'll see the SDM Home screen.
You'll also see if there are any services that are unavailable.
Note the message "IPS not supported" in the lower right-hand
section under Intrusion Prevention. I wanted to show you that
you cannot necessarily run every SDM service on every router,
so this install was performed on a router that does not quite
have enough memory to run IPS. No worries, we'll use a
different router in future labs, and run plenty of IPS labs as well.
There are some SDM display and operational defaults you may
wish to change before getting started. To see these options,
select Edit > Preferences.
Did you notice the How Do I: option at the bottom of the Create
screen?
Each SDM section has a specialized set of How Do I questions -
and more importantly, answers! This really is a fantastic series
of tutorials. To see the entire list, just click the drop-down box
next to the Go button (not shown in the previous illustration, but
this is shown in the illustration of the full Configure window), and
make your choice!
The How Do I option will appear on the screen once you make a
VPN selection from the choices on the left-hand side of the
screen.
Here's the Security Audit section. Note that security audits are
not the only feature available here - we can also perform a one-
step lockdown. We'll perform both of those later in the course.
We will not be using the Routing section in this course, but here's
what it looks like:
Next, we'll look at the NAT screen. Those of you who aren't
fond of configuring NAT will really enjoy using SDM to do so!
We'll look at the Intrusion Prevention screen later in the course.
Believe me, if you need to perform a task in SDM and it's not in
one of the other sections, it's definitely here! You can configure
DHCP, DNS, URL filtering, AAA, dot1x, Class and Policy maps,
and just about everything in between!
When you click on the appropriate subject in the left pane, you'll
see subject-appropriate information appear on the right. In the
previous screen, I highlighted AAA, and you can see that AAA is
disabled. Just for fun, I clicked on the Enable AAA button in the
upper-right hand corner ...
Note the option to save the running config to the startup config is
not selected by default. I'll select that option, click Deliver, and
the following window appears:
While the configuration is being written to the router, the blue
squares will move back and forth across the white bar. When
the config is finished, you'll see the following.
The Monitor section also has a row of Task buttons, and they're
similar to the buttons in the Configure section in that each has a
specific area of router operations to monitor.
We will not look at each of these screens now, but we'll check in
on a few of them during the course. The main emphasis is on
the Configure screen, but it never hurts to Monitor your work!
All the information you need to pass the CCNA Security exam
and prosper with SDM in production networks is right in front of
you. You just have to find it - and most of it is clearly labeled.
And if you don't see a Task button relating to what you need to
do - anything from DNS to DHCP to class maps - always look in
Additional Tasks! :)