CCNA 23

SDM stands for Security Device Manager. Its initial purpose is to allow users to go through a Wizard to set up router security. The SDM now provides a GUI that you can use to configure and manage your router and it's web-based. It works on all mainline Cisco routers and it is designed for use with no extensive knowledge. The SDM is introduced in 2007 into CCNA.
SDM typically ships with the flash by default. However, if you don't have it in your router, you'll need to download it from the Cisco website here. You would actually require a CCO login.

The steps to use SDM are:
1) Generate encryption keys (for use in SSH and HTTPS)
2) Turn on HTTP/HTTPS servers for the router
3) Create a privilege level 15 user account
4) Configure VTY ports and HTTP access for Privilege Level 15 and to use the local database
5) Install SDM on the PC and use it

First we'll generate the keys. If you remember this from the previous articles, it is achieved by setting the domain name then generating the keys:
ip domain name syraxius.ath.cx
crypto key generate rsa

To turn on the HTTPS server, use:
ip http authentication local
ip http secure-server

To create a privilege level 15 user account, use:
user kelvin priv 15 secret cisco

Now we'll set the VTY lines to use SSH:
line vty 0 4
logging synchronous
login local
transport input ssh

If SDM is installed on the router, use https:// followed by the router's IP. If it's installed on the computer, start it from the Start Menu. Note that HTTPS would require you to accept a certificate before you can use it.

At the end, you'll end up in a page like this:


Note that you'll have to keep this window open! Do not close it:


If you actually change something, it would automatically send the commands to the router. To see the actual commands being sent, go to Edit > Preferences, and tick the preview checkbox: