This document is exclusive property of Cisco Systems Inc

This Document Is Exclusive Property Of Cisco Systems Inc-PDF Download

  • Date:30 Nov 2019
  • Views:56
  • Downloads:0
  • Pages:478
  • Size:8.20 MB

Share Pdf : This Document Is Exclusive Property Of Cisco Systems Inc

Download and Preview : This Document Is Exclusive Property Of Cisco Systems Inc


Report CopyRight/DMCA Form For : This Document Is Exclusive Property Of Cisco Systems Inc


Transcription:

Lab 3 1 Configuring SDM on a Router,Learning Objectives. Prepare a router for access with Cisco Security Device Manager. Install SDM onto a PC,Install SDM onto a router through a Windows host. Topology Diagram, In this lab you will prepare a router for access via the Cisco Security Device. Manager SDM using some basic commands to allow connectivity from the. SDM to the router You will then install the SDM application locally on a host. computer Finally you will install SDM onto the flash memory of a router. Step 1 Lab Preparation, Start this lab by erasing any previous configurations and reloading your. devices Once your devices are reloaded set the appropriate hostnames. Ensure that the switch is set up so that both the router and host are in the same. VLAN By default all ports on the switch are assigned to VLAN 1. Ensure that your PC meets the minimum requirements to support SDM SDM. can be run on a PC running any of the following operating systems. Microsoft Windows ME, Microsoft Windows NT 4 0 Workstation with Service Pack 4.
Microsoft Windows XP Professional,Microsoft Windows 2003 Server Standard Edition. Microsoft Windows 2000 Professional with Service Pack 4. Note Windows 2000 Advanced Server is not supported. In addition a web browser with SUN JRE 1 4 or later or an ActiveX controlled. browser must be enabled, 1 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Step 2 Prepare the Router for SDM, The Cisco SDM application uses the virtual terminal lines and HTTP server to. manipulate the configuration of the device Since a user must log in to access. or change the configuration some basic commands must be issued to allow. remote access, These are basic IOS commands and are not SDM specific However without. these commands SDM will not be able to access the router and will not work. First create a username and password on the router for SDM to use This login. will need to have a privilege level of 15 so that SDM can change configuration. settings on the router Make the password argument of this command the last. argument on the line since everything after the password argument will. become part of the password The username and password combination will be. used later when accessing the router, R1 config username ciscosdm privilege 15 password 0 ciscosdm.
HTTP access to the router must be configured for SDM to work If your image. supports it you will need to have an IOS image that supports crypto. functionality you should also enable secure HTTPS access using the ip http. secure server command Enabling HTTPS generates some output about RSA. encryption keys This is normal Also make sure the HTTP server uses the. local database for authentication purposes,R1 config ip http server. R1 config ip http secure server, Generating 1024 bit RSA keys keys will be non exportable OK. Jan 14 20 19 45 310 SSH 5 ENABLED SSH 1 99 has been enabled. Jan 14 20 19 46 406 PKI 4 NOAUTOSAVE Configuration was modified Issue. write memory to save new certificate,R1 config ip http authentication local. Finally configure the virtual terminal lines of the router to authenticate using the. local authentication database Allow virtual terminal input through both telnet. R1 config line vty 0 4,R1 config line login local,R1 config line transport input telnet ssh. Based on your knowledge of SDM why do you think that the router needs to. have these non SDM specific commands entered in, SDM accesses the router using a username and password specified in the.
program Since SDM can potentially change router settings it needs privileged. access to the router You enable HTTP so that the router can act as an HTTP. 2 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. server if it is hosting the SDM HTTPS and SSH are added for extra security if. Step 3 Configure Addressing, Now that the router has all of the commands necessary for remote access. connectivity will need to be established between the PC and the router The first. thing we will need to do is configure the Fast Ethernet interface on the router. with the IP address shown in the diagram If you have already configured the. correct IP address skip this step,R1 config interface fastethernet0 0. R1 config if ip address 192 168 10 1 255 255 255 0. R1 config if no shutdown, Next assign an IP address to the PC If the PC already has an IP address in. the same subnet as the router you may skip this step These steps may vary. depending on your Windows version and theme, First access the PC Control Panel window and open the Network Connections. management interface, 3 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc.
Figure 3 1 Microsoft Windows Control Panel, Right click the LAN interface that connects to the Catalyst switch and click. Properties Choose Internet Protocol TCP IP and then click the Properties. 4 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 3 2 Network Connection Properties, Finally configure the IP address shown in the diagram on the interface. 5 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 3 3 IP Properties, Click OK once to apply the TCP IP settings and again to exit the configuration. dialog box for the LAN interface Open the Start Menu and then click Run. Issue the cmd command and press the Return key At the Windows. command line prompt ping the R1 Ethernet interface You should receive. responses If you do not receive a response troubleshoot by verifying the VLAN. of the switchports and the IP address and subnet mask on each of the devices. attached to the switch, C Documents and Settings Administrator ping 192 168 10 1. Pinging 192 168 10 1 with 32 bytes of data,Reply from 192 168 10 1 bytes 32 time 1ms TTL 255.
Reply from 192 168 10 1 bytes 32 time 1ms TTL 255,Reply from 192 168 10 1 bytes 32 time 1ms TTL 255. Reply from 192 168 10 1 bytes 32 time 1ms TTL 255,Ping statistics for 192 168 10 1. Packets Sent 4 Received 4 Lost 0 0 loss,Approximate round trip times in milli seconds. Minimum 0ms Maximum 1ms Average 0ms, 6 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Step 4 Extract SDM on the Host, Now that the router is ready to be accessed from SDM and there is connectivity.
between the router and the PC you can use SDM to configure the router. You should start by extracting the SDM zip file to a directory on your hard drive. In this example the directory used is C sdm although you can use any path. you want If your version of Windows has a built in zip utility you can use that to. extract it or if you don t have it built in you can use a third party tool such as. WinZip To get to the built in Windows Extraction Wizard right click the SDM. zip file and click Extract All If you decide to use a third party tool extract the. file to the directory of your choice and skip to the next step. Figure 4 1 Zip File Menu, Once the extraction wizard has opened click Next to get to the destination. selection screen, 7 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 4 2 Windows Extraction Wizard, Select the folder you want to use as the destination directory and then click. 8 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 4 3 Destination Selection Dialog, The files are extracted It may take a few seconds for the extraction to finish. 9 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 4 4 Windows Extraction Wizard, Afterwards you are prompted to decide if you want to show the extracted files.
Check this option if it is not already checked and then click Finish. 10 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 4 5 Final Extraction Wizard Dialog, After you have extracted the file open the directory to which the file was. extracted The files in this directory may look different depending on the version. of SDM you have, 11 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 4 6 Directory of SDM Extraction, You are almost ready to use SDM to configure the router The last step is. installing the SDM application on the PC,Step 5 Install SDM on the PC. Double click the setup exe executable program to open the installation wizard. Once the installation wizard screen opens click Next. 12 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 5 1 Welcome Screen for SDM Installation Wizard. Accept the terms of the license agreement and then click Next. 13 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. Figure 5 2 SDM License Agreement, The next screen prompts you to choose from three options where you want to.
install SDM, 14 34 CCNP Implementing Secure Converged Wide area Networks v5 0 Lab 3 1 Copyright 2007 Cisco Systems Inc. This document is exclusive property of Cisco Systems Inc Permission is granted to print and copy this document for non commercial distribution and exclusive use by instructors in the CCNP Implementing Secure Converged Wide area Networks v5 0 course as part of an official Cisco Networking Academy Program

Related Books