5
Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers
OL-5131-07
Configuring Your Router to Support SDM
Configuring Your Router to Support SDMYou can install and run SDM on a router that is already in u se without disrupt ing network tr aff ic, b ut you
must ensure that a few configuration settings are present in the router configuration file.
Access the CLI using Telnet or the console connection to modify the existing configuration before
installing SDM on your router.
Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global
configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000
If the router supports HTTPS, the HTTPS server will be enabled. If not, the HTTP server will be enabled.
HTTPS is supported in all images that support the Crypto/IPSec feature set, starting from Cisco IOS
release 12.25(T).
Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the following command
in global configuration mode, replacing username and password with the strings that you want to use:
Router(config)# username username privilege 15 secret 0 password
For example, if you chose the username tomato and the password vegetable, you would enter:
Router(config)# username tomato privilege 15 secret 0 vegetable
You will use this username and password to log in to SDM.
Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
If your router supports 16 vty lines, you can add the following lines to the configuration file:
Router(config)# line vty 5 15
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh