SDM stands for security device manager. SDM can use HTTP (non-secure web surfing), but we
should use HTTPS (secure web surfing)
for security purpose. The information that the SDM need is
(1)
User name
and password of privilege Level 15
(also called enable mode, it is the highest privilege level on Cisco devices).
By doing this we actually create a user account on the switch or router.
(2)
Assign a Domain name. It’s like a web address www.cisco.com, it is used when we generate
encryption keys OR we say that it is used to generate encryption certificate.
3rd
# ip domain-name www.cisco.com
(3)
Generate keys for encryption
3rd #
crypto key generate rsa general-keys (after
the command, specify the size of the key)
Note: if we change the router name or ip-domain name
after creating the encryption keys then we need to regenerate the encryption
keys to match their name with the new router name OR new domain name.
(4)
Enable HTTP server and HTTPS server.
3rd
# ip http server (use port 80/tcp)
3rd # ip http secure-server (use
port 443/tcp)
(5)
Configure HTTP and HTTPS access, and configure
the use of local database.
3rd
# ip http authentication local
(6)
Configure the vty line to use the local database
3rd # line vty 0 4
3rd # login local
<cr> stands for carriage return/create, it will just
prompt me for whatever the information it needs.
No comments:
Post a Comment