Báo cáo quản trị hệ thống mạng với công cụ Security Device Manager (SDM)

Choose Configure > Additional Tasks > Router Properties and click Edit if you want to change the Hostname, Domain Name, Banner and Enable Secret Password properties for a router... Choos

Nhóm:  Nguy n Xuân Hàm – 07520103 ễ

Lê Cao Trí – 07520370 Nguy n Minh Huy – 07520154 ễ

 SDM – Security Device Manager: là công c  c u  ụ ấ hình Router d a trên n n web ự ề

 C u hình: interface LAN & WAN, routing, NAC,  ấ NAT, firewall, IPS, VPNs…

 H  tr : Cisco 830 – 7301 ỗ ợ

• C u hình ấ

• Ki m tra k t n i ể ế ố

 Ping

 SDM là công c  c u hình Router (NAT, VPNs,  ụ ấ ACL…)

 Ch c năng giám sát (Interface, NAT,  ứ

Bandwith…)

 Test connection (Interface, Tunnel)

 Đi m m nh: công c  m nh v  c u hình ể ạ ụ ạ ề ấ

 Đi m y u:  ể ế

 Ch  s  d ng cho Router Cisco ỉ ử ụ

 Ch  qu n tr  Router ỉ ả ị

 Release Notes for Cisco Router and Security 

Device Manager 2.5 (June 16, 2009)

 Cisco Router and Security Device Manager 

http://www.cisco.com/en/US/products/sw/secur sw/ps5318/tsd_products_support_series_home.h tml

 Sybex CCNA_640­802 6th Ed. Todd Lammle

Choose Configure > Additional Tasks > Router Properties and click Edit

if you want to change the Hostname, Domain Name, Banner and

Enable Secret Password properties for a router

Choose Configure > Additional Tasks > Router Access > User Accounts/View

in order to add/edit/delete the User Accounts to the router

Choose File > Save Running Config to PC in order to save the configuration

to the NVRAM of the router as well as the PC and to reset the current

configuration to default (factory) settings

Choose Configure > Interfaces and Connections > Create Connection

in order to configure the WAN connection for the interface

Click Next in order to proceed once this interface appears

Select Serial interface 2/0 (desired) from the Available Interfaces option and click Next

Choose the encapsulation type for the serial interface and click Next

Specify the static IP address with the corresponding subnet mask for the interface

and click Next

Configure the default routing with optional parameters such as the next hop

IP address (192.168.1.2 as per network diagram) supplied by the ISP and click Next.

This window appears and shows the configuration summary configured by the user

Click Finish.

This window appears and shows the command delivery status to the router Otherwise, it displays errors if the command delivery fails due to incompatiblecommands or unsupported features

Choose Configure > Interfaces and Connections > Edit Interfaces/Connections

in order to add/edit/delete the various interfaces

Highlight the interface withwhich you want to make

changes and click Edit if you

want to edit or change theinterface configuration

Here you can change theexisting static IP address

Choose Configure > Routing > Static Routing and click Add in order to configure static routing

Enter the Destination Network address with mask

and select either outgoing interface or next hop IP address

This window shows the static route configured for the 10.1.1.0 network with 192.168.1.2 as the next hop IP address

Complete these steps in order to configure the dynamic routing in a Cisco router.

Choose Configure > Routing > Dynamic Routing

Select the RIP and click Edit

Check Enable RIP, select the RIP version, and click Add

Next, click on the Edit Firewall Policy/ACL tab

I’ve already configured the list that’s denying telnet (23) to Wireless Host C (WHC)from any host coming in the s0/0/0 interface, and I’ve also chosen to log matches.I’m going to click OK and then create a permit statement so I don’t shut my router’sinterface down.

A very cool thing about creating lists through the SDM is that the +Add menu

asks if you want to create a new test statement and place it before or after the line you’ve already got in the list This is great because by using the SDM, you canquickly and efficiently edit your ACLs!

Next, I’m going to create a simple permit ip any statement

Choose Configure > NAT > Basic NAT and click Launch the selected task

in order to configure basic NATing

Click Next

Choose the interface that connects to the Internet or your ISP and choose the IP address range to which Internet access is to be shared.

This window appears and shows the configuration summary configured by the user

Click Finish.

The Edit NAT Configuration window shows the configured dynamic NAT configuration with the translated IP address overloaded (PATing)

If you want to configure the dynamic NATing with address pool,

click Address Pool

Click Add

Click Add

Click Edit

Choose Address Pool in the Type field,

provide the name to the Address Pool as pool1 and click OK

This window shows the configuration for dynamic NATing with the address pool

Click Designate NAT Interfaces

Select Configure > VPN > Easy VPN Server from the Home window and click Launch Easy VPN Server Wizard

AAA must be enabled on the router before the Easy VPN Server configuration starts.

Click Yes to continue with the configuration

The 'AAA has been successfully enabled on the router' message displays on the window

Click OK to start the Easy VPN Server configuration

Click Next to start the Easy VPN Server Wizard

Select the interface on which the client connections terminate and the authentication type

Click Next to configure the Internet Key Exchange (IKE) policies and use the Add button to create the new policy

to specify the encryption and authentication algorithm. 

In this case, the default transform set is used

Click Next to create a new Authentication, Authorization,

and Accounting (AAA) authorization network method list

for group policy lookup or to choose an existing network method list used for group authorization

Configure user authentication on the Easy VPN Server

This window allows you to add, edit, clone,

or delete user group policies on the local database

Enter a name for the Tunnel Group Name

Supply the pre-shared key used for authentication information

Create a new pool or select an existing pool used to allocate the IP addresses to the VPN Clients

This window shows a summary of the actions that you have taken

Click Finish if you are satisfied with your configuration.

The SDM sends the configuration to the router to update the running configuration

Click OK to complete

if needed.