Prueba
Páginas: 170 (42335 palabras)
Publicado: 16 de abril de 2011
This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNP: Implementing Secure Converged Wide-area Networks v5.0 course as part of an official Cisco Networking Academy Program.
Lab 3.1 Configuring SDM on a Router
Learning Objectives x x x Prepare a router foraccess with Cisco Security Device Manager Install SDM onto a PC Install SDM onto a router through a Windows host
Topology Diagram
Scenario In this lab, you will prepare a router for access via the Cisco Security Device Manager (SDM), using some basic commands, to allow connectivity from the SDM to the router. You will then install the SDM application locally on a host computer. Finally, youwill install SDM onto the flash memory of a router. Step 1: Lab Preparation Start this lab by erasing any previous configurations and reloading your devices. Once your devices are reloaded, set the appropriate hostnames. Ensure that the switch is set up so that both the router and host are in the same VLAN. By default, all ports on the switch are assigned to VLAN 1. Ensure that your PC meets theminimum requirements to support SDM. SDM can be run on a PC running any of the following operating systems: x x x x x Microsoft Windows ME Microsoft Windows NT 4.0 Workstation with Service Pack 4 Microsoft Windows XP Professional Microsoft Windows 2003 Server (Standard Edition) Microsoft Windows 2000 Professional with Service Pack 4
Note: Windows 2000 Advanced Server is not supported. In addition,a web browser with SUN JRE 1.4 or later or an ActiveX controlled browser must be enabled.
1 - 34
CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Lab 3-1
Copyright 2007, Cisco Systems, Inc
Step 2: Prepare the Router for SDM The Cisco SDM application uses the virtual terminal lines and HTTP server to manipulate the configuration of the device. Since a user must log into access or change the configuration, some basic commands must be issued to allow remote access. These are basic IOS commands and are not SDM-specific. However, without these commands, SDM will not be able to access the router, and will not work properly. First, create a username and password on the router for SDM to use. This login will need to have a privilege level of 15 so that SDM can changeconfiguration settings on the router. Make the password argument of this command the last argument on the line, since everything after the password argument will become part of the password. The username and password combination will be used later when accessing the router.
R1(config)# username ciscosdm privilege 15 password 0 ciscosdm
HTTP access to the router must be configured for SDM towork. If your image supports it (you will need to have an IOS image that supports crypto functionality), you should also enable secure HTTPS access using the ip http secure-server command. Enabling HTTPS generates some output about RSA encryption keys. This is normal. Also, make sure the HTTP server uses the local database for authentication purposes.
R1(config)# ip http server R1(config)# ip httpsecure-server % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Jan 14 20:19:45.310: %SSH-5-ENABLED: SSH 1.99 has been enabled *Jan 14 20:19:46.406: %PKI-4-NOAUTOSAVE: Configuration was modified. "write memory" to save new certificate R1(config)# ip http authentication local
Issue
Finally, configure the virtual terminal lines of the router to authenticate using the localauthentication database. Allow virtual terminal input through both telnet and SSH.
R1(config)# line vty 0 4 R1(config-line)# login local R1(config-line)# transport input telnet ssh
Based on your knowledge of SDM, why do you think that the router needs to have these non-SDM specific commands entered in? SDM accesses the router using a username and password specified in the program. Since SDM...
Lab 3.1 Configuring SDM on a Router
Learning Objectives x x x Prepare a router foraccess with Cisco Security Device Manager Install SDM onto a PC Install SDM onto a router through a Windows host
Topology Diagram
Scenario In this lab, you will prepare a router for access via the Cisco Security Device Manager (SDM), using some basic commands, to allow connectivity from the SDM to the router. You will then install the SDM application locally on a host computer. Finally, youwill install SDM onto the flash memory of a router. Step 1: Lab Preparation Start this lab by erasing any previous configurations and reloading your devices. Once your devices are reloaded, set the appropriate hostnames. Ensure that the switch is set up so that both the router and host are in the same VLAN. By default, all ports on the switch are assigned to VLAN 1. Ensure that your PC meets theminimum requirements to support SDM. SDM can be run on a PC running any of the following operating systems: x x x x x Microsoft Windows ME Microsoft Windows NT 4.0 Workstation with Service Pack 4 Microsoft Windows XP Professional Microsoft Windows 2003 Server (Standard Edition) Microsoft Windows 2000 Professional with Service Pack 4
Note: Windows 2000 Advanced Server is not supported. In addition,a web browser with SUN JRE 1.4 or later or an ActiveX controlled browser must be enabled.
1 - 34
CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Lab 3-1
Copyright 2007, Cisco Systems, Inc
Step 2: Prepare the Router for SDM The Cisco SDM application uses the virtual terminal lines and HTTP server to manipulate the configuration of the device. Since a user must log into access or change the configuration, some basic commands must be issued to allow remote access. These are basic IOS commands and are not SDM-specific. However, without these commands, SDM will not be able to access the router, and will not work properly. First, create a username and password on the router for SDM to use. This login will need to have a privilege level of 15 so that SDM can changeconfiguration settings on the router. Make the password argument of this command the last argument on the line, since everything after the password argument will become part of the password. The username and password combination will be used later when accessing the router.
R1(config)# username ciscosdm privilege 15 password 0 ciscosdm
HTTP access to the router must be configured for SDM towork. If your image supports it (you will need to have an IOS image that supports crypto functionality), you should also enable secure HTTPS access using the ip http secure-server command. Enabling HTTPS generates some output about RSA encryption keys. This is normal. Also, make sure the HTTP server uses the local database for authentication purposes.
R1(config)# ip http server R1(config)# ip httpsecure-server % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Jan 14 20:19:45.310: %SSH-5-ENABLED: SSH 1.99 has been enabled *Jan 14 20:19:46.406: %PKI-4-NOAUTOSAVE: Configuration was modified. "write memory" to save new certificate R1(config)# ip http authentication local
Issue
Finally, configure the virtual terminal lines of the router to authenticate using the localauthentication database. Allow virtual terminal input through both telnet and SSH.
R1(config)# line vty 0 4 R1(config-line)# login local R1(config-line)# transport input telnet ssh
Based on your knowledge of SDM, why do you think that the router needs to have these non-SDM specific commands entered in? SDM accesses the router using a username and password specified in the program. Since SDM...
Leer documento completo
Regístrate para leer el documento completo.