CCENT 6 S01 E23 – Routing: SDM and DHCP Server Configuration Pt.1

  CCENT, Networking, Routers

What is SDM?

  • Security Device Manager
  • A Graphic User Interface (GUI) that you can use to configure and manage your router
  • Web Based (Java Required)
  • Works on all mainline Cisco routers
  • Designed to allow IOS Config without extensive knowledge
  • Download from http://www.cisco.com/go/sdm
    • Can be installed on your PC (Faster, works on all Cisco routers)
    • Can be installed on your Router (Slower, works on on installed router)

 

Configuring the Router to support SDM

Generate the Encryption Keys (Used with SSH and HTTPS)

Define the domain name to be used for encryption

Rt1(config)#ip domain-name DOMAIN.COM

Create the security certificate

Rt1(config)#crypto key generate rsa
The name of the keys will be: HOSTNAME.DOMAIN.COM
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys.  Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus (512): 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Set Correct SSH Version

Rt1(config)#ip ssh version 2

Set Telnet to use SSH

Rt1(config)#line vty 0 4
Rt1(config-line)#transport input ssh

Enable HTTP and HTTPS

Rt1(config)#ip http server
Rt1(config)#ip http secure-server

Create a user with Privilege level 15 (Highest you can go)

Rt1(config)#username USERNAME privilege 15 secret PASSWORD

Configure VTY and HTTP ports for Privilege Level 15, and to use the Local User Database

  • ip http authentication enable: Upon accessing the HTTP port, the user must know the enable password
  • ip http authentication local: Use the Local User Database requiring both Username and Password
Rt1(config)#ip http authentication local
Rt1(config)#line vty 0 4
Rt1(config-line)#login local

 

Support

Accessing the SDM

https://IP.ADD.RE.SS

Application blocked by Java Security

For security, applications must now meet the requirements for the High or Very High security settings, or be part of the Execption Site List, to be allowed to run.

Reason: Your security settings have been blocked an application signed with an expired or not-yet-valid certificate from running.

Solution: Add the ‘site’ to Java’s Security Exceptions list

Open Java’s control panel

<pre>ControlPanel</pre>

Click the “Security” tab then click “Edit Site List”.  Add the base url (https://IP.ADD.RE.SS or http://IP.ADD.RE.SS) and save the new config.

 

 

 

LEAVE A COMMENT