Downloading and Installing Cisco Router and Security Device Manager (SDM)

6/14/04 This document contains instructions on downloading Cisco Router and Security Device Manager (SDM) from the Cisco.com web site and installing it onto your router. This document is updated as needed. This document contains the following sections:

About SDM, page 1 Installing and Running SDM, page 4 Updating SDM on a Router With an Earlier Version of SDM, page 12 Related Documentation, page 13

About SDM
SDM is an easy-to-use, java-based device management tool, designed for configuring LAN, WAN, and security features on a router. SDM is designed for resellers and network administrators of small- to medium-sized businesses who are proficient in basic network design. For fast and efficient configuration of Ethernet networks, WAN connectivity, firewalls and Virtual Private Networks (VPNs), Cisco SDM prompts you through the setup process with wizards. Cisco SDM requires no previous experience with Cisco devices or the Cisco command-line interface (CLI). SDM resides in your routers Flash memory, but when invoked, it is downloaded and run from a your PC using a web browser.

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Copyright 2003 Cisco Systems, Inc. All rights reserved.

About SDM

Cisco Routers and Cisco IOS Versions Supported

Table 1 lists the routers and Cisco IOS versions currently supported by SDM.
Table 1 SDM-Supported Routers and Cisco IOS Versions

SDM-Supported Routers Cisco 831and 837

SDM-Supported Cisco IOS Versions

12.2(13)ZH or later 12.3(2)XA or later 12.3(2)T or later 12.2(13)ZH or later 12.3(2)XA or later 12.3(4)T or later 12.2(13)ZH or later 12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) 12.3(4)T or later 12.2(15)ZL or later 12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) 12.2(13)ZH or later 12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF) 12.2(13)T3 or later 12.3(2)T or later 12.3(1)M or later 12.2(15)ZJ3 (not available for the 1710 or 1721) 12.2(11)T6 or later 12.3(2)T or later 12.3(1)M or later 12.3(4)XD 12.2(15)ZJ3 12.2(11)T6 or later 12.3(2)T or later 12.3(1)M or later 12.3(4)XD 12.2(15)ZJ3 12.2(11)T6 or later 12.3(1)M or later

Cisco 836

1701

1711 and 1712

1710, 1721, 1751, 1751-v, 1760, and 1760-v

Cisco 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, and 2691

Cisco 3640, 3661, and 3662

Cisco 3620

Downloading and Installing Cisco Router and Security Device Manager (SDM)

OL-4332-08

About SDM

Table 1

SDM-Supported Routers and Cisco IOS Versions

SDM-Supported Routers Cisco 3640A

SDM-Supported Cisco IOS Versions

12.2(13)T3 or later 12.3(2)T or later 12.3(1)M or later 12.3(4)XD 12.2(15)ZJ3 12.2(11)T6 or later 12.3(2)T or later 12.3(1)M or later 12.3(4)XD 12.2(15)ZJ3 12.3(2)T or later 12.3(1)M or later

Cisco 3725 and 3745

Cisco 7204VXR and 7206VXR

SDM does not support B, E, or S train releases on the Cisco 7000 routers. Cisco 7301

12.3(2)T or later 12.3(3)M or later

SDM does not support B, E, or S train releases on the Cisco 7000 routers.

Note

For information about supported network modules and WAN interface cards (WICs), refer to the Cisco Router and Security Device Manager Release Notes document for the version of SDM that you have.

PC System Requirements
SDM is designed to run on a personal computer that has a Pentium III or higher processor and that is running any of the following operating systems:

Windows XP Windows 2000 Windows ME Windows 98 (second edition) Windows NT 4.0 Workstation with Service Pack 4.

Downloading and Installing Cisco Router and Security Device Manager (SDM) OL-4332-08

Installing and Running SDM

Web Browser Versions and Java Runtime Environment Versions

SDM can be used with the following browsers:

Netscape version 4.79 on all supported operating systems except Windows 98. Internet Explorer version 5.5 and later on all operating systems.

SDM can be used with SUN Java Runtime Environment (JRE) version 1.4.1 or later integrated into the web browser that you use.

Installing and Running SDM

If you have a router that does not have SDM installed, and would like to use SDM, you must download it from the Cisco.com website and install SDM on your router.

Note

For information on how to determine whether or not SDM is installed on your router, refer to the FAQ document, available at http://www.cisco.com/go/sdm In the left panel, click Product Literature, and then click Q&A. This section contains instructions for the following:

Task 1: Download the SDM Files and a Cisco IOS Image to a TFTP Server Task 2: Configure Your Router to Support SDM Task 3: If Necessary, Download a New Cisco IOS Image to Your Router Task 4: Copy the SDM Files to the Router Task 5: Start SDM Task 6: Youre Done!

Task 1: Download the SDM Files and a Cisco IOS Image to a TFTP Server
This section contains instructions for downloading both SDM and an upgraded version of Cisco IOS from the Cisco.com web site. If you do not need to upgrade your Cisco IOS software, follow only the instructions for downloading SDM.

Note

SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by following the link http://www.winzip.com. On your PC, open a web browser. Enter the following URL into your web browser:
http://www.cisco.com/cgi-bin/tablebuild.pl/sdm

Step 1

Step 2

Log in using your Cisco.com login user identification and password, and follow the instructions on the SDM Software page to download the SDM .zip file (sdm-vnn.zip).

Downloading and Installing Cisco Router and Security Device Manager (SDM)

OL-4332-08

Installing and Running SDM

Note

It is recommended that you also download and read the SDM Release Notes for the version of SDM that you have. That document is also available at the following URL: http://www.cisco.com/go/sdm.

Step 3

Double-click the sdm-vnn.zip file and extract the files to the root directory of a TFTP server. The TFTP server can be a PC with a TFTP server utility. If you need assistance extracting the files to the directory you want to place them in, refer to the WinZip online help. If you do not need to upgrade your Cisco IOS version, you are now ready to download the SDM files to your router. Skip to the appropriate section below:

Copying SDM Files to Cisco 830, 1700, 2600, 3600, or 3700 Series Routers, page 8 Copying SDM Files to a Cisco 7204VXR, 7206VXR, or 7301 Router, page 9

Step 4

If you need to upgrade your Cisco IOS version, enter the following URL into your web browser to access the Cisco IOS Software Center:
http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml

Step 5

Follow the links on the Software Center web page to download an upgraded version of Cisco IOS software to your PC. See the Cisco Routers and Cisco IOS Versions Supported section on page 2 to ensure that you are downloading an SDM-supported Cisco IOS image. Save the Cisco IOS image file to a TFTP server.

Step 6

SDM and the upgraded Cisco IOS image are now downloaded to the TFTP server. To download the Cisco IOS image to your router, proceed to the Task 3: If Necessary, Download a New Cisco IOS Image to Your Router section.

Task 2: Configure Your Router to Support SDM

You can install and run SDM on a router that is already in use without disrupting network traffic, but you must ensure that a few configuration settings are present in the router configuration file. Access the CLI using Telnet or the console connection to modify the existing configuration before installing SDM on your router.
Step 1

Enable the HTTP and HTTPS servers on your router by entering the following global configuration mode commands:
Router#ip http server Router#ip http secure-server Router#ip http authentication local

If the router supports HTTPS, the HTTPS server will be enabled. If not, the HTTP server will be enabled. HTTPS is supported in all images that support the Crypto/IPSec feature set starting from release 12.25(T).
Step 2

Create a user account defined with privilege level 15 (enable privileges). Enter the following global configuration mode command:
Router#username username privilege 15 password 0 password

You will use this username and password to log on to SDM.

Downloading and Installing Cisco Router and Security Device Manager (SDM) OL-4332-08

Installing and Running SDM

Step 3

Configure SSH and Telnet for local login and privilege level 15. Use the following commands:
Router#line vty 0 4 Router(line)# privilege level 15 Router(line)# login local Router(line)# transport input telnet ssh Router(line)#exit

If your router supports 16 vty lines, you can add the following lines to the configuration file:
Router#line vty 5 15 Router(line)# privilege level 15 Router(line)# login local Router(line)# transport input telnet ssh Router(line)#exit

Step 4

Optionally enable local logging to support the log monitoring function. Enter the following global configuration mode command:
Router#logging buffered 51200 warning

Step 5

Leave configuration mode by typing end at the router prompt:

Router#end

Now that you have completed the necessary configuration changes, go to Task 1: Download the SDM Files and a Cisco IOS Image to a TFTP Server.

Task 3: If Necessary, Download a New Cisco IOS Image to Your Router

This section describes one way to upgrade your Cisco IOS software. You may also want to view the document Software Installation and Upgrade Procedure to view alternative procedures, particularly if you have a router using PCMCIA Flash cards.

Note

If you did not download an upgraded version of the Cisco IOS software, do not follow the instructions in this section. Skip to the appropriate Downloading the SDM Files... section to continue the installation procedure. To download the Cisco IOS image to your router.

Step 1 Step 2 Step 3

Obtain the IOS image from Cisco.com Access the router CLI using a Telnet connection or the console port. Delete your old Cisco IOS image from Flash, or to a Flash Disk, using the following CLI commands, and responding to the prompts as shown:
Router# delete <old IOS image name> Delete filename [<old IOS image name>]? y

When prompted do NOT erase flash memory

Delete flash:y? [confirm] n Delete flash:y aborted! Router# squeeze flash:

If your router has a DOS file system, you do not need to use the squeeze flash: command.

Downloading and Installing Cisco Router and Security Device Manager (SDM)

OL-4332-08

Installing and Running SDM

If you are deleting the image from a Cisco 7000 router, you must specify the disk or slot from which you are deleting the file. Use the following CLI commands, and respond the prompts as shown:
Router# delete diskN:<old IOS image name> Delete filename [<old IOS image name>]? Delete diskN:<old IOS image name>?[confirm] Router#

If you are deleting the file from a slot, replace the keyword disk with the keyword slot. Replace N with the number of the disk or slot.
Step 4

Copy the Cisco IOS image to the router Flash memory, or to a Flash disk. If you are copying to Flash memory, use the following CLI command:
Router# copy tftp://<tftp server IP address>/<new IOS image name> flash:

When prompted do NOT erase Flash memory.

Delete flash:y? [confirm] n Delete flash:y aborted!

If you are copying to a Flash disk, you must specify which disk you are copying to. Use the following CLI command:
Router# copy tftp://<tftp server IP address>/<new IOS image name> diskN:

If you are copying the file to a slot, use the slot keyword instead. Replace N with the number of the disk or slot.
Step 5

Enter the show flash: command to verify that the checksum is correct. The following output shows an image with a valid checksum.
Router# show flash: System flash directory: File Length Name/status 1 5148536 c831-k9o3y6-mz.122-13.ZH1.bin [5148536 bytes used, 17434224 available, 24903680 total] 24576K bytes of processor board System flash (Read/Write)

If the checksum were invalid, the file would be listed as shown below:
File 1 Length 5148536 Name/status c831-k9o3y6-mz.122-13.ZH1.bin [invalid checksum]

You can also view the checksum by entering the verify /ios imagename command. If the checksum is invalid, you must repeat Step 4.
Step 6

Reboot the router to use the new Cisco IOS image using the following CLI command:
Router# reload

The new Cisco IOS image is now installed and running on your router.

Downloading and Installing Cisco Router and Security Device Manager (SDM) OL-4332-08

Installing and Running SDM

Task 4: Copy the SDM Files to the Router

See the appropriate section below to copy the SDM files to your router.

Copying SDM Files to Cisco 830, 1700, 2600, 3600, or 3700 Series Routers, page 8 Copying SDM Files to a Cisco 7204VXR, 7206VXR, or 7301 Router, page 9

Copying SDM Files to Cisco 830, 1700, 2600, 3600, or 3700 Series Routers
To download the SDM files to a Cisco 1700, 2600, 3600, or 3700 series router, follow the instructions in this section. If your router already has SDM version 1.0.1 or higher installed and running, you can use the SDM automatic update feature to copy the contents of the sdm-vnn.zip file to the router. This procedure is described in the Updating SDM Version 1.0.1 or Later section on page 12.

Note

SDM requires approximately 3.3 MB of free Flash memory. If your Flash memory has multiple partitions, you must copy the SDM files to partition number 1. You can use the show flash: summary command to determine if partition 1 has sufficient memory. Download the SDM files to a TFTP server by following the procedure in the Task 1: Download the SDM Files and a Cisco IOS Image to a TFTP Server section on page 4. Access the router CLI using a Telnet connection or the console port. Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# Router# Router# Router# copy copy copy copy tftp://<tftp tftp://<tftp tftp://<tftp tftp://<tftp

Step 1 Step 2 Step 3

server server server server

IP IP IP IP

address>/sdm.tar flash: address>/sdm.shtml flash: address>/home.tar flash: address>/home.html flash:

When prompted do NOT erase Flash memory.

Delete flash:y? [confirm] n Delete flash:y aborted!

Step 4

Optional. If you want to use the SDM Reset to Factory Defaults feature, you need to copy the default SDM configuration file for your router from the TFTP server to router flash. The configuration files in the sdm-vnn.zip file are: sdmconfig-83x.cfg, sdmconfig-1701.cfg, sdmconfig-1710-1721.cfg, sdmconfig-1711-1712.cfg, sdmconfig-1751-1760.cfg, sdmconfig-26xx.cfg, sdmconfig-36xx-37xx.cfg. Enter the following CLI command
Router# copy tftp://<tftp server IP address>/sdmconfig-modelnum.cfg flash:

When prompted do NOT erase Flash memory.

Delete flash:y? [confirm] n Delete flash:y aborted!

This step enables the SDM Reset to Factory Defaults feature, which allows you to use SDM to reset the router configuration to the SDM default values. It does not replace your routers running configuration or startup configuration.

SDM is now installed on your router. To launch SDM, proceed to the Task 5: Start SDM section.

Downloading and Installing Cisco Router and Security Device Manager (SDM)

OL-4332-08

Installing and Running SDM

Copying SDM Files to a Cisco 7204VXR, 7206VXR, or 7301 Router

To download the SDM files to a Cisco 7204VXR, 7206VXR, or 7301 Router, complete the tasks below. If your router already has SDM version 1.0.1 or higher installed and running, you can use the SDM automatic update feature to copy the contents of the sdm-vnn.zip file to the router. This procedure is described in the Updating SDM Version 1.0.1 or Later section on page 12.

Note

SDM requires approximately 3.3 MB of free Flash Disk memory. Be sure to copy the SDM files to a Flash Disk with sufficient free memory. You can use the show diskN or the show slotN command to determine if the location has sufficient free memory. Download the SDM files to a TFTP server by following the procedure in the Task 1: Download the SDM Files and a Cisco IOS Image to a TFTP Server section on page 4. Access the router CLI using a Telnet connection or the console port. Copy the SDM files on the TFTP server to the router Flash Disk, or slot. Do not copy the files to Bootflash. Use the following CLI commands:
Router# Router# Router# Router# copy copy copy copy tftp://<tftp tftp://<tftp tftp://<tftp tftp://<tftp

Step 1 Step 2 Step 3

server server server server

IP IP IP IP

address>/sdm.tar diskN: address>/sdm.shtml diskN address>/home.tar diskN: address>/home.shtml diskN:

If you are copying to a slot, replace the disk key word with the slot keyword. Replace N with the actual number of the disk or slot.

Warning

Be sure to copy home.shtml. The IOS home page will not display if you use home.html. There is no need to copy home.html to the router.

Note

If SDM files are copied to a slot, the SDM automatic update feature will not work.

SDM is now installed on your router. To launch SDM, proceed to the Task 5: Start SDM section.

Task 5: Start SDM

SDM is stored in the router Flash memory. It is invoked by executing an HTML file in the router archive, which then loads the signed SDM Java file. To launch SDM:
Step 1

From your browser, type in the following universal resource locator (URL): https://<router IP address> https://... specifies that the Secure Socket Layer (SSL) protocol be used for a secure connection. http://... can be used if SSL is not available. The IOS home page will appear in the browser window. Click Cisco Router and Security Device Manager in the left panel. The username/password challenge will appear in a separate dialog box.

Downloading and Installing Cisco Router and Security Device Manager (SDM) OL-4332-08

Installing and Running SDM

Step 2

If you used your existing router configuration file, enter the username and password for the privileged (privilege level 15) account on your router. See the section Task 2: Configure Your Router to Support SDM, page 5 for more information. The SDM Java applet will begin loading to your PC. SDM is a signed Java applet. This may cause your browser to display a security warning. Accept the certificate. SDM displays the Launch Page (Figure 1).
Figure 1 SDM Launch Page

Step 3 Step 4

Step 5

When the Launch page has loaded, SDM displays the System Overview page, from which you can begin using SDM. The overview page is shown in Figure 2. SDM starts in Wizard mode in which you can perform configuration tasks using a sequence of windows that break down the configuration task into manageable steps.

Downloading and Installing Cisco Router and Security Device Manager (SDM)

10

OL-4332-08

Installing and Running SDM

Figure 2

System Overview Page

Step 6

You can begin using SDM by clicking the wizard buttons on the left panel. After you have completed a wizard for a LAN or WAN interface, a Firewall, or a VPN, you can edit the configuration if necessary by clicking Advanced Mode and select the configuration task you want to perform. In Advanced Mode, you have more control over configuration settings than you do in Wizard mode.

SDM online help provides instructions for entering data in each window, and provides links to background information that describes how a particular feature is used in a network.

Task 6: Youre Done!

You have downloaded, installed and launched SDM on your router. You can use SDM to perform the most common basic and advanced configuration tasks. Click Help in any SDM window to learn more about how to complete the configuration task you are performing. The rest of this document explains how to update the version of SDM running on your router, and how to obtain other SDM documentation.

Downloading and Installing Cisco Router and Security Device Manager (SDM) OL-4332-08

11

Updating SDM on a Router With an Earlier Version of SDM

Updating SDM on a Router With an Earlier Version of SDM

You can upgrade the SDM software on the router when a new version of SDM becomes available. If you have SDM version 1.0.1 or later installed, you can use SDMs automatic upgrade feature. If your router is running SDM version 1.0, you can replace the SDM 1.0 files with the new files you downloaded to the TFTP server. To determine which version of SDM you are running, click the Overview button on the left-hand panel. The SDM version is shown in the Software area, under the IOS version.

Updating SDM Version 1.0.1 or Later

If your router is running SDM version 1.0.1 or later, you can update SDM directly from Cisco.com, or from files you have downloaded to your PC, by using the SDM Upgrade feature. Click the Tools menu, and select Update SDM>from Cisco.com if you do not have the sdm-vnn.zip file on your PC. SDM displays a window showing you the steps involved in updating from Cisco.com. If you have downloaded sdm-vnn.zip from Cisco.com to the PC on which you are running SDM, select Update SDM>from Local PC . SDM displays a window showing you the steps involved in updating from your PC.

Upgrading SDM 1.0 to a Later Version

To upgrade SDM on a router that has SDM version 1.0 installed, you must delete the SDM files from Flash memory and replace them with the new versions.

Note

SDM files are contained in a .zip file that is available on Cisco.com. In order to open this type of file and extract the SDM files, you must have the WinZip utility installed on your PC. You can obtain Winzip by following the link http://www.winzip.com. Use the following procedure to upgrade SDM on a router that has an earlier version of SDM installed.

Step 1

Obtain the SDM zip file (sdm-vnn.zip) from Cisco.com by following the instructions in the Task 1: Download the SDM Files and a Cisco IOS Image to a TFTP Server section of this document. The SDM zip file contains the latest version of SDM, and the router configuration files that SDM uses. Double-click the sdm-vnn.zip file and extract the files to the root directory of a TFTP server. The TFTP server can be a PC with a TFTP server utility. If you need assistance extracting the files to the directory you want to place them in, refer to the WinZip online help. Telnet to the router, and remove the files sdm.tar, sdm.shtml, home.tar, home.html, and the default configuration file from Flash memory by entering the delete command. The following example shows sdm.tar being deleted. Use the same command to delete the other files. Then, enter the squeeze flash: command to reclaim flash memory.
router#delete sdm.tar Delete filename [sdm.tar]? Delete flash:sdm.tar? [confirm] router#squeeze flash:

Step 2

Step 3

Downloading and Installing Cisco Router and Security Device Manager (SDM)

12

OL-4332-08

Related Documentation

If you have a Cisco 7000 router, remove the files sdm.tar, sdm.shtml, home.tar, and home.shtml from the Flash disk by entering the delete command and specifying the disk or slot that the files are stored on. Use the same command to delete the other files.
router#delete diskN:sdm.tar Delete filename [sdm.tar]? Delete diskN:sdm.tar?[confirm] router#

Step 4

Copy the new SDM files to Flash memory by following the instructions in one of the following sections:

Copying SDM Files to Cisco 830, 1700, 2600, 3600, or 3700 Series Routers Copying SDM Files to a Cisco 7204VXR, 7206VXR, or 7301 Router.

Related Documentation
The following documents are available at the URL http://www.cisco.com/go/sdm.

Cisco Security Device Manager Users Guide Cisco Router and Security Device Manager Release Notes Cisco Router and Security Device Manager Q&A Switching Between Cisco Router and Security Device Manager(SDM) and Cisco Router Web Setup Tool (CRWS) on Cisco 83x Series Routers

This document is to be used in conjunction with the documents listed in the Related Documentation section.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0403R) Copyright 2004 Cisco Systems, Inc. All rights reserved.

Downloading and Installing Cisco Router and Security Device Manager (SDM) OL-4332-08

13

Related Documentation

Downloading and Installing Cisco Router and Security Device Manager (SDM)

14

OL-4332-08