Nov
28
2008

Security Device Manager aka SDM

Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues.

Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS.

Cisco SDM provides a series of easy-to-use wizards that quickly take you step by step through configuring your router, without requiring knowledge of the Cisco IOS software CLI.

You can use Cisco SDM wizards to:

  • Configure additional LAN and WAN connections
  • Create firewalls
  • Configure VPN, Easy VPN, and DMVPN connections, and create and manage digital certificates
  • Perform a security audit on the router and have SDM fix security problems
  • Configure basic routing
  • Create Network Address Translation (NAT) rules on the router
  • Create Quality of Service (QoS) policies

 

Supported Routers and Cisco IOS Versions

SDM-Supported Routers SDM-Supported Cisco IOS Versions
Cisco 831 and 837 •12.2(13)ZH or later •12.3(2)XA or later •12.3(2)T or later
Cisco 836 •12.2(13)ZH or later •12.3(2)XA or later •12.3(4)T or later
Cisco 1701 •12.2(13)ZH or later •12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) •12.3(4)T or later
Cisco 1711 and 1712 •12.2(15)ZL or later •12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF)
Cisco 1710, 1721, 1751, 1751-v, 1760, and 1760-v •12.2(13)ZH or later •12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) •12.2(13)T3 or later •12.3(2)T or later •12.3(1)M or later •12.2(15)ZJ3 (not available for the 1710 or 1721)
Cisco 1841 •12.3(8)T4 or later
Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, and 2691 •12.2(11)T6 or later •12.3(2)T or later •12.3(1)M or later •12.3(4)XD •12.2(15)ZJ3
Cisco 2801, 2811, 2821 and ,2851 •12.3(8)T4 or later
Cisco 3640, 3661, and 3662 •12.2(11)T6 or later •12.3(2)T or later •12.3(1)M or later •12.3(4)XD •12.2(15)ZJ3
Cisco 3620 •12.2(11)T6 or later •12.3(1)M or later
Cisco 3640A •12.2(13)T3 or later •12.3(2)T or later •12.3(1)M or later •12.3(4)XD •12.2(15)ZJ3
Cisco 3725 and 3745 •12.2(11)T6 or later •12.3(2)T or later •12.3(1)M or later •12.3(4)XD •12.2(15)ZJ3
Cisco 3825 and 3845 •12.3(11)T or later
Cisco 7204VXR and 7206VXR •12.3(2)T or later •12.3(1)M or later SDM does not support B, E, or S train releases on the Cisco 7000 routers.
Cisco 7301 •12.3(2)T or later •12.3(3)M or later SDM does not support B, E, or S train releases on the Cisco 7000 routers.

Memory Requirements
A minimum of 6 MB of free memory is required to support all SDM files. 2 MB of router memory is required to support SDM Express when SDM is installed on the PC, and the SDM files on the PC require 5.5 MB.

PC System Requirements
SDM is designed to run on a personal computer that has a Pentium III or faster processor. SDM can be run on a PC running any of the following operating systems:

  • Microsoft Windows XP Professional
  • Microsoft Windows 2003 Server (Standard Edition)
  • Microsoft Windows 2000 Professional with Service Pack 4 (Windows 2000 Advanced Server is not supported)
  • Microsoft Windows ME
  • Microsoft Windows 98 (second edition)
  • Microsoft Windows NT 4.0 Workstation with Service Pack 4
  • Microsoft Windows XP Professional with Service Pack 2 or later
  • Microsoft Windows 2000 Professional with Service Pack 4 or later

Web Browser Versions and Java Runtime Environment Versions
SDM can be used with the following browsers:

  • Internet Explorer version 5.5 and later
  • Netscape version 7.1 and version 7.2 (not supported on Windows 98)

SDM requires Sun Java Runtime Environment (JRE) version 1.4.2_05 or later, or Java Virtual Machine (JVM) 5.0.0.3810.

Install options
It is possible install SDM on your PC and/or on your router (using flash memory).

How to configure your router to support SDM
To use SDM it is required to enable the HTTP or/and HTTPS servers on your router using a local account:

Ciscozine# configure terminal
Ciscozine(config)# ip http server
Ciscozine(config)# ip http secure-server
Ciscozine(config)# ip http authentication local

(HTTPS is supported in all images that support the Crypto/IPSec feature set, starting from Cisco IOS release 12.25(T).)

Then create a user account defined with privilege level 15:

Ciscozine(config)# username ciscozine privilege 15 secret 0 C$5c00L

You will use this username and password to log in to SDM! Below there are some examples of SDM screenshot.

 

SDM – Home Page

 

SDM – Configure Page

 
SDM – Monitor Page

 

…but REMEMBER… SDM doesn’t replace Cisco CLI :-)

 

References: