Setting Up Basic Router Authentication for SDM Installation

By Alex Hervas, on September 21st, 2009

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

As part of my CCNA Security certification studies, I’m trying to become thoroughly familiar with Cisco Security Device Manager (SDM). I’ll admit I have never used this management interface in the real world but Cisco emphasizes it on the IINS exam. The lab that I’m using is setup using GNS3 (http://www.gns3.net/). This is the best network simulator you can use if you have easy access to Cisco IOS images. GNS3 is free, the IOS images are not, you need to download them from Cisco.com. So if the company you work for doesn’t have a Smartnet contract, you’re out of luck. There are of course other ways to get them but I will let the reader figure that out on his own.

GNS3 uses is basically a hypervisor for Cisco routers and firewalls. It’s possible to setup very complex networks on it. I have even read other bloggers claim that it’s possible to get enough hands on experience to pass a CCIE lab test with GNS3. I’m not sure how true that is for everyone but it definitely works for associate level certs. For more information on GNS3 and some sample labs, visit http://www.blindhog.net/.

For this post I am setting up a router for the initial install of Cisco SDM. It can be tricky because to install the software on the router, there has to be a local username and password setup. I originally setup ACS authentication going back to a Cisco Secure ACS server that had been configured earlier. SDM would not authenticate with the ACS server and I had to go back to a local username. Here are the commands to do that:

Router(config)# ip http server
Router(config)# ip http authentication local
Router(config)# username <username> privilege 15 password 0 <password>
Router(config)# line vty 0 4

Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet

What you need to do is get the HTTP Server up and running and the key is to set the IP HTTP authentication to local. After SDM is installed you can use an ACS server for authentication but the initial setup doesn’t acknowledge any other authentication but a local account. The next post will detail install SDM on a router.

Rating: 10.0/10 (1 vote cast)

Popularity: 71% [?]