Saturday, May 21, 2011

sdm part 3 search help

This is the last SDM interface(pages) explaining post because after this post you don't need anyone to explain to you what this interface do anymore cisco offer to you a great help system
let's start with Search SDM features :
this interface explain itself
enter any feature in cisco sdm dhcp ,dns, vpn ,....
in this example I entered interface and click search this is the result
show you any related to interface features in cisco sdm and how you can reach it in a simple and easy way just click it
this is the result after clicking the Search SDM feature
now lets move to the biggest and the most important part SDM help:
this is the Cisco SDM Help cisco document every tiny bit in their Help to provide you a complete help system

in any interface you don't understand it you need any more help or explain to you what this interface do just help help
in this example i click help at security audit
at the left side of cisco help system window you can arrange index (from A to Z ) or related contents
this is the index look like
this is the contents look like
if you want search for any specific thing just click search
click Using Help to get the most form cisco help system

This is cisco glossary cisco explain every acronym they use in this glossary
need more help at bottom for each ( interface or Page ) you found How do I ?
just click select the related question you need and click go

now you are familiar with CISCO SDM and interfaces (pages)
CISCO SDM is a best piratical way if you want learn how to do things in CLI

Tuesday, May 17, 2011

SDM part 2 menu

File Menu
save Ruining config to pc: save the current running config to file
write to start up config
write the configuration to start up config
Edit Menu
click it and this window will pop up

Preview commands before delivering to router
Choose this option if you want Cisco SDM to display a list of the Cisco IOS configuration commands generated before the commands are sent to the router.
Save signature file to Flash
Choose this option if you want the signature definition file (SDF) that you are working on to be saved to router flash when you click Apply Changes.
Confirm before exiting Cisco SDM
This is Cisco SDM default behavior. Select this option if you would like Cisco SDM to display a dialog box asking for confirmation when you exit Cisco SDM.
Continue monitoring interface status when switching mode/task
This is Cisco SDM default behavior. Cisco SDM begins monitoring interface status when you click Monitor and select Interface status. To have Cisco SDM continue monitoring the interface even if you leave Monitor mode and perform other tasks in Cisco SDM, select this check box and specify the maximum number of interfaces you want Cisco SDM to monitor. The default maximum number of interfaces to monitor is 4.

View Menu:

Home: open Home interface
Configure : open Configure interface
Monitor: open Monitor interface

Running conifg
show you the running configuration
show commands:
click any show command and click show
click save to file button if you want save the show output
SDM default rule
refresh :
reload the SDM
open the search interface
we will explain this interface later
ping any ip address
telnet to the router
security audit
open security audit
configuration management :
open configuration management interface

update SDM sub menu
Update from if you have cco account
update from local PC
update from CD
Help Topics:
open help window
prompt you an interface that ask you to enter your cisco cco username and password
update in this release:
open web window that show you what's new in this release
about this router
prompt you this interface

this is the software details:
hardware software matrix
open cisco web site to get more details

about SDM:

Monday, May 16, 2011

Cisco Secure Access Control Server (ACS)

Cisco Secure Access Control Server (ACS) is an access policy control platform that helps you comply with growing regulatory and corporate requirements. By integrating with your other access control systems, it helps improve productivity and contain costs. It supports multiple scenarios simultaneously, including:

  • Device administration: Authenticates administrators, authorizes commands, and provides an audit trail
  • Remote Access: Works with VPN and other remote network access devices to enforce access policies
  • Wireless: Authenticates and authorizes wireless users and hosts and enforces wireless-specific policies
  • Network admission control: Communicates with posture and audit servers to enforce admission control policiec
first the installation

now configure the ACS server
configue a client that will be our Router

give the router IP address and the shared secret cisco we will configure that in our server with the shared secret cisco too

create a user name:

give a password and select the user group
now configuring the user group :
scroll down to tacacs server part and enable shell for exec mode and the privilege

now we finish configuration with ACS server : just simple configuration for login ACS has a lot configuration (^_*)
we move to configure our router to authenticate users using our ACS server
1: enable the aaa with the command aaa new-model
2:create a method that tells the router we need to authenticate our users using tacacs+ server if you don't find tacacs+ server use our local user database
aaa authentication login mylogin group tacacs+ local
3:now we give the router the tacacs server ip address
and configure the shared key
tacacs-server host
tacacs-server key cisco

so now we done but we don't enable the mylogin method yet
we will put our method mylogin under the telnet interface to authenticate users using telent to configure our router
line vty 0 4
login authentication mylogin

congratulation we finish configuring our server to authenticate users come by telent to use ACS tacacs server
now time to test ?!
1- you can use telnet to comunicate with our server
i'm using tera term :

enter the user name and password :