Sunday, April 25, 2010

CCNA Security 05

SDM is an integral part of the CCNA Security examination. If you were following the CCNA articles, SDM stands for Security Device Manager. SDM is a GUI-based configuration tool for Cisco routers. The GUI is accessed through a web-browser.
SDM allows the use of various wizards such as a One-Step Lockdown or a Security Audit. SDM is a tremendous learning tool and contains a lot of "How Do I..." help topics to aid in your tasks. SDM allows preview of commands before they are sent to the router.

The three commands required to activate SDM are:
ip http server
ip http secure-server
ip http authentication local

You would also need to have a privilege level 15 account for SDM:
user cisco privilege 15 pass cisco

SDM can be installed on the computer or the router. For a router installation, the files required in the flash are:

In the SDM CD, the First-Time Router Setup guide steps you through the cabling and setting-up of the router. When SDM is first started, you would have a "SDM Launcher" window as shown:

You can connect through HTTPS or HTTP depending on your requirements. After connecting to the router, you would have to login with the privilege 15 account. Logging in to a non-privileged account would not work.

When you are logged in, you would have two windows that must be up for SDM to work. The "Launch Page" should not be closed as it actually spawns the main SDM window. At the main window, we would see information like Model Type, Memory, Flash, IOS version and an overview of the configuration (Interfaces, VPN, Routing, IPS, etc.).

IPS can be configured through SDM, but not all routers support it. If that's the case, you would see "IPS Not Supported" in the IPS tab at the main window. IPS requires a minimum of 128MB of RAM.

In the User Preferences screen, you can enable the option to preview commands before delivering to router. This allows you to learn the commands.

The configure window is where we do most of our tasks. In most tabs, you would encounter a use-case scenario which represents what you are about to do. The use-case scenario changes depending on the option selected.

The SDM QoS configuration also requires an image that supports MQC (Modular QoS CLI). Otherwise, you would have to manually configure QoS the old way.

NAC stands for Network Access Control. NAC allows you to specify certain requirements for clients to connect. For example, a client must have an antivirus and firewall installed before being allowed in.

There is an "Additional Tasks" tab that allows setup of various management configurations (Telnet, SNMP, Logging, etc). You can also set up things like DHCP, DNS and AAA.

It is best practice to do saving manually. To do this, leave "save running-config to startup config" unchecked in the User Preferences.

Finally, there is a Monitor tab in SDM. Monitoring is not very important in the CCNA Security, but is very useful in real-life.

No comments :

Post a Comment