How it Works
Cisco Systems
Loading...
7301
User Manual
34 pgs1.27 Mb0
User Manual 2
18 pgs482.45 Kb0
User Manual 3
68 pgs3.8 Mb0
Table of contents
Loading...

Cisco Systems 7301, 7200 VXR User Manual 2

Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
October, 2006
Note This User Guide covers the Cisco 7204VXR, the Cisco 7206VXR, and the Cisco 7301 routers. For
Cisco Router and Security Device Manager (SDM) is an intuitive Java-based device-management tool that lets you configure LAN interfaces, routing, Network Address Translation (NAT), firewalls, Virtual Private Networks (VPNs), and other features without knowledge of the Cisco command-line interface (CLI).
Note SDM does not support the following features on th e Cisco 7200 VXR or Cisco 7301 routers: SDM Reset,
WAN conf iguration; therefore, you will need to use CLI commands to supp ort these functions. The SDM Express Wizard is not supported on the Cisco 7000 family.
SDM is preinstalled on your router Flash Disk or CompactFlash Disk when you order a security bundle comprising a Cisco 7204VXR, Cisco 7206VXR, or Cisco 7301 router.
SDM can also be purchased and installed on an existing Cisco 7204VXR, Cisco 7206VXR, or Cisco 7301 router. See “Installing SDM (Optional)” section on page 6 for instructions on downloading and installing SDM.
Because SDM uses a GUI interface, it requires that you access it from a PC using a supported web browser. For the supported browsers, see the “Cisco IOS Software Requirements” section on page 4.
This guide includes the following topics:
Overview, page 2
Features, page 2
System Requirements, page 2
Restrictions, page 4
Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2006 Cisco Systems, Inc. All rights reserved.

Overview

Overview
Determining if SDM Is Installed, page 4
Configuring Your Router to Support SDM, page 5
Installing SDM (Optional), page 6
Launching SDM, page 6
Upgrading SDM, page 12
Obtaining Documentation, page 12
Documentation Feedback, page 13
Cisco Product Security Overview, page 13
Product Alerts and Field Notices, page 14
Obtaining Technical Assistance, page 14
Obtaining Additional Publications and Information, page 16
You can configure secure network access on your Cisco 7204VXR, Cisco 7206VXR, or Cisco 7301 router using both the SDM management tool and CLI commands.
You launch SDM using a supported browser on a PC. SDM allows you to configure supported security features, such as VPNs, fi re w alls , and digit al cert if icates. Interf aces that SDM does not support, such as token ring, must be configured using CLI commands. SDM attempts to read any configurations added through CLI commands, but unsupported features are disp layed as read-only in the SDM user interface.
Although multiple users can concurrently use SDM to monitor a router, it is not recommended that multiple users concurrently modify the configuration; results may be inconsistent.

Features

For SDM feature information, see the Security Device Manager Release Notes Page at
http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_release_notes_list.html

System Requirements

Refer to the following sections to determine the requirements for SDM support:
Memory Requirements, page 3
Hardware Requirements, page 3
Browser and Java Requirements, page 3
PC Operating System Requirements, page 3
Cisco IOS Software Requirements, page 4
Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
2
OL-5131-07

Memory Requirements

SDM Version 2.3.1 requires at least 7 MB of free Flash Disk or CompactFlash Disk on the router. Note that the Cisco IOS software requires approximately 20 MB of Flash Disk space.
Note Flash Disks and CompactFlash Disks provide from 48 MB to 356 MB of storage space. Flash Disks and
CompactFlash Disks are supported on Cisco 7000 products that have PC card slots—formerly called Personal Computer Memory Card International Association (PCMCIA) slots.

Hardware Requirements

SDM requires a PC running a Pentium III processor or faster, with a supported browser, and one of the following supported Cisco 7000 routers (see Table 1):
Table 1 Supported Hardware
System Requirements
Supported Routers Supported Processors
Cisco 7204VXR NPE-225, NPE-400, NPE-G1,
NPE-G2, NSE-1
Cisco 7206VXR NPE-225, NPE-400, NPE-G1,
NPE-G2, NSE-1
Cisco 7301 VAM2
1. The Integrated Services Adapter (ISA) module is not supported with SDM.
2. The VAM and VAM2 products are no longer being sold.
Note SDM requires a PC with a Pentium III or higher processor.

Browser and Java Requirements

For browser and Java requirements, see the Security Device Manager Release Notes at
http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_release_notes_list.html

PC Operating System Requirements

Supported Service Adapters
VAM VAM2 +
VAM VAM2 +
1
2
, VAM22,
2
, VAM22,
2
, VAM2+
Supported Port Adapters
PA-2FE-TX PA-2FE-FX PA-8E PA-4E
OL-5131-07
For PC operating system requirements, see the Security Device Manager Release Notes at
http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_release_notes_list.html
Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
3

Restrictions

Cisco IOS Software Requirements

Table 2 lists the SDM minimum supported Cisco IOS software for your router.
Table 2 Minimum Supported Cisco IOS Software for Use with SDM
Platform Minimum Cisco IOS Software
Cisco 7204VXR Cisco 7206VXR Cisco 7301
Cisco IOS Software Release 12.3(2)T or later, or 12.3(3)M or later; no support for B, E, and S trains

Connectivity Requirements

You can connect to SDM via a PC or server using any of the following methods: HTTP and HTTPS; Telnet, SSH, and SSHv2.
Note Cisco SDM has negligible impact on router DRAM or CPU.
Restrictions
The following restrictions apply to SDM running on Cisco 7204VXR, 7206VXR, and 7301 routers:
The SDM Express application is not supported.
WAN configuration is not supported. SDM supports configuration of Ethernet, Fast Ethernet, and
Gigabit Ethernet interfaces.
The SDM Reset feature is not available.
No SDM-default configuration file is supplied.

Determining if SDM Is Installed

Use the following method to determine if SDM is installed on your router: Using the CLI, enter the dir all-filesystems or the show flash command, and check to see if the SDM file
set is present: sdm.tar,attack-drop.sdf, 128MB.sdf, 256MB.sdf, home.shtml, home.tar, common.tar. If SDM ins not installed on your router, and you wish to download and install it, go to “Installing SDM
(Optional)” section on page 6.
This completes the procedure for determining if SDM is installed on your router. Go to “Configuring
Your Router to Support SDM” section on page 5.
Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
4
OL-5131-07

Configuring Your Router to Support SDM

You can install and run SDM on a router that is already in use without disrupting netw ork traf f ic, but y ou must ensure that a few configuration settings are present in the router configuration file.
Access the CLI using Telnet or the console connection to modify the existing configuration before installing SDM on your router.
Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global
configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000
Configuring Your Router to Support SDM
If the router supports HTTPS, the HTTPS server will be enabled. If not, the HTTP server will be enabled. HTTPS is supported in all images that support the Crypto/IPSec feature set, starting from Cisco IOS release 12.25(T).
Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the following command
in global configuration mode, replacing username and password with the strings that you want to use:
Router(config)# username username privilege 15 secret 0 password
For example, if you chose the username tomato and the password vegetable, you would enter:
Router(config)# username tomato privilege 15 secret 0 vegetable
You will use thi s username an d password to log in to SDM.
Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
If your router supports 16 vty lines, you can add the following lines to the configuration file:
OL-5131-07
Router(config)# line vty 5 15
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
5

Installing SDM (Optional)

Router(config-line)# exit
Router(config)#
Step 4 (Optional) Enable local logging to support the log monitorin g function. Enter the follo wing comman d in
global configuration mode:
Router(config)# logging buffered 51200 warning
Step 5 Enter the end command to leave configuration mode:
Router(config)# end
Router#
Installing SDM (Optional)
SDM comes preinstalled on the Flash Disk or CompactFlash Disk as part of your Cisco 7204VXR, Cisco 7206VXR, or Cisco 7301 router. You can also download/upgrade SDM free of charge from the Software Center on Cisco.com at: http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm.
For instructions on installing SDM, see Downloading and Installing Cisco Router and Security Device
Manager at http://www.cisco.com/en/US/products/sw/secursw/ps5318/tsd_products_support_series_home.html

Launching SDM

To start SDM on your router using a PC brow ser to access SDM, follow these steps:
Step 1 Open a web browser on a PC, and enter the following URL:
https://router_interface_IP_address
where router_interface_IP_address is the router IP address.
Note https://... specifies that the Secure Sockets Layer (SSL) protocol be used for a secure connection.
http://... can be used if SSL is not available.
If you do not enter https:// and you are using W indo ws IE, you will recei v e a message, warni ng you that you are not in secure mode. Click OK to configure in secure mode, or click Cancel to continue using http (see Figure 1).
Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
6
OL-5131-07
Loading...
+ 12 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use