{"id":241,"date":"2015-09-10T23:40:40","date_gmt":"2015-09-10T23:40:40","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=241"},"modified":"2017-01-02T02:29:21","modified_gmt":"2017-01-02T02:29:21","slug":"ccent-6-s01-e23-routing-sdm-and-dhcp-server-configuration-pt-1","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=241","title":{"rendered":"CCENT 6 S01 E23 \u2013 Routing: SDM and DHCP Server Configuration Pt.1"},"content":{"rendered":"<h3>What is SDM?<\/h3>\n<ul>\n<li>Security Device Manager<\/li>\n<li>A Graphic User Interface (GUI) that you can use to configure and manage your router<\/li>\n<li>Web Based (Java Required)<\/li>\n<li>Works on all mainline Cisco routers<\/li>\n<li>Designed to allow IOS Config without extensive knowledge<\/li>\n<li>Download from http:\/\/www.cisco.com\/go\/sdm\n<ul>\n<li>Can be installed on your PC (Faster, works on all Cisco routers)<\/li>\n<li>Can be installed on your Router (Slower, works on on installed router)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3>Configuring the Router to support SDM<\/h3>\n<h4>Generate the Encryption Keys (Used with SSH and HTTPS)<\/h4>\n<p>Define the domain name to be used for encryption<\/p>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">ip domain-name DOMAIN.COM<\/span><\/pre>\n<p>Create the security certificate<\/p>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">crypto key generate rsa<\/span>\r\nThe name of the keys will be: HOSTNAME.DOMAIN.COM\r\nChoose the size of the key modulus in the range of 360 to 2048 for your\r\n  General Purpose Keys.  Choosing a key modulus greater than 512 may take\r\n  a few minutes.\r\n\r\nHow many bits in the modulus (512): <span style=\"color: #00ffff;\">1024<\/span>\r\n% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]\r\n<\/pre>\n<p>Set Correct SSH Version<\/p>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">ip ssh version 2<\/span><\/pre>\n<p>Set Telnet to use SSH<\/p>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">line vty 0 4<\/span>\r\nRt1(config-line)#<span style=\"color: #00ffff;\">transport input ssh\r\n<\/span><\/pre>\n<p>Enable HTTP and HTTPS<\/p>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">ip http server<\/span>\r\nRt1(config)#<span style=\"color: #00ffff;\">ip http secure-server<\/span>\r\n<\/pre>\n<p>Create a user with Privilege level 15 (Highest you can go)<\/p>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">username USERNAME privilege 15 secret PASSWORD<\/span><\/pre>\n<p>Configure VTY and HTTP ports for Privilege Level 15, and to use the Local User Database<\/p>\n<ul>\n<li>ip http authentication enable: Upon accessing the HTTP port, the user must know the enable password<\/li>\n<li>ip http authentication local: Use the Local User Database requiring both Username and Password<\/li>\n<\/ul>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">ip http authentication local<\/span><\/pre>\n<pre>Rt1(config)#<span style=\"color: #00ffff;\">line vty 0 4<\/span>\r\nRt1(config-line)#<span style=\"color: #00ffff;\">login local<\/span><\/pre>\n<p>&nbsp;<\/p>\n<h2>Support<\/h2>\n<p>Accessing the SDM<\/p>\n<p>https:\/\/IP.ADD.RE.SS<\/p>\n<h3>Application blocked by Java Security<\/h3>\n<p>For security, applications must now meet the requirements for the High or Very High security settings, or be part of the Execption Site List, to be allowed to run.<\/p>\n<p>Reason: Your security settings have been blocked an application signed with an expired or not-yet-valid certificate from running.<\/p>\n<p>Solution: Add the &#8216;site&#8217; to Java&#8217;s Security Exceptions list<\/p>\n<p>Open Java&#8217;s control panel<\/p>\n<p>&lt;pre&gt;ControlPanel&lt;\/pre&gt;<\/p>\n<p>Click the &#8220;Security&#8221; tab then click &#8220;Edit Site List&#8221;.\u00a0 Add the base url (https:\/\/IP.ADD.RE.SS or http:\/\/IP.ADD.RE.SS) and save the new config.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is SDM? Security Device Manager A Graphic User Interface (GUI) that you can use to configure and manage your router Web Based (Java Required) Works on all mainline Cisco routers Designed to allow IOS Config without extensive knowledge Download from http:\/\/www.cisco.com\/go\/sdm Can be installed on your PC (Faster, works on all Cisco routers) Can ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=241\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,2,12],"tags":[],"class_list":["post-241","post","type-post","status-publish","format-standard","hentry","category-ccent","category-networking","category-routers"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=241"}],"version-history":[{"count":6,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/241\/revisions"}],"predecessor-version":[{"id":342,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/241\/revisions\/342"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}