Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Router and Security Device Manager

Release Notes for Cisco Router and Security Device Manager Version 2.1.2

Downloads

Table Of Contents

Release Notes for Cisco Router and Security Device Manager Version 2.1.2

Contents

Introduction

System Requirements

Memory Requirements

Hardware Supported

Supported Network Modules, WICs, Port Adapters, and Service Adapters

PC System Requirements

Software Supported

Cisco IOS Images

Web Browser Versions and Java Runtime Environment Versions

PC Operating System Versions

New and Changed Information

New Features Supported in SDM Version 2.1.2

SDM Files

IPS-Supplied Signature Definition Files

Determine Which SDF File is in Memory

Configuring IPS to Use an SDF

Installation Notes

Cisco 1700 Routers Running ITS/CCME and Cisco IOS Release 12.2(13)T

Downloading SDM from Cisco.com and Installing It on the Router

Upgrading to a New SDM Release

Uninstalling SDM Files

Restrictions and Limitations

SDM Minimum Screen Resolution

Restrictions for Cisco 7204VXR, 7206VXR, and 7301 Routers

Important Notes

Popup Blockers Disable SDM IPS and SDM Online Help

Disable Proxy Settings

Routers Shipped with SDM Do Not Execute the Standard Cisco IOS Startup Sequence

Unable to Perform "squeeze flash:" Operation

Security Alert Dialog May Remain After SDM Launches

Caveats

Open Caveats—Release 2.1.2

Related Documentation

Platform-Specific Documents

Software Documents

Obtaining Documentation

Cisco.com

Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for Cisco Router and Security Device Manager Version 2.1.2

September 14, 2005

These release notes support Cisco Router and Security Device Manager version 2.1.2. They should be used with the documents listed in the "Related Documentation" section. These release notes are updated as needed.

Contents

This document contains the following sections:

Introduction

System Requirements

New and Changed Information

Restrictions and Limitations

Important Notes

Caveats

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

Cisco Router and Security Device Manager (SDM) is a web-based configuration tool that allows you to configure LAN and WAN interfaces, routing, Network Address Translation (NAT), firewalls, Intrusion Prevention System (IPS), Virtual Private Networks (VPNs), and other features on the router. SDM version 2.1 and later can be installed on a PC, or in router memory. Earlier versions of SDM cannot be installed on PCs, but can be installed in router flash, disk, or slot memory. If you have a router listed in the "Hardware Supported" section, SDM may be preinstalled in router memory, or may be shipped on a CD with the router.

System Requirements

This section contains SDM system requirements.

Memory Requirements

A minimum of 5.1 MB of free router memory is required to support Cisco SDM files. 2 MB of router memory is required to support Cisco SDM Express files. The Wireless Management application requires an additional 2 MB. The Intrusion Prevention System (IPS) application requires 1.25 MB of memory.

Cisco SDM installed on a PC requires 5.1 MB of memory.

Table 2 lists the files that are included with Cisco SDM, Cisco SDM Express, and the Wireless Management application. Table 3 lists the sizes of each of these files.

Hardware Supported

This section lists the hardware that SDM supports.

Note SDM does not support Telco/CO router models.

SDM is supported on the following Cisco SB100 series routers.

Cisco SB101

Cisco SB106

Cisco SB107

SDM is supported on the following Cisco 800 series routers:

Cisco 831

Cisco 836

Cisco 837

Cisco 851

Cisco 857

Cisco 871

Cisco 876

Cisco 877

Cisco 878

SDM is supported on the following Cisco 1700 series routers:

Cisco 1701

Cisco 1710

Cisco 1711

Cisco 1712

Cisco 1721

Cisco 1751

Cisco 1751-v

Cisco 1760

Cisco 1760-v

SDM is supported on the following Cisco 1800 series routers:

Cisco 1801

Cisco 1802

Cisco 1803

Cisco 1811

Cisco 1812

Cisco 1841

SDM is supported on the following Cisco 2600 series routers:

Cisco 2610XM

Cisco 2611XM

Cisco 2620XM

Cisco 2621XM

Cisco 2650XM

Cisco 2651XM

Cisco 2691

SDM is supported on the following 2800 series routers:

Cisco 2801

Cisco 2811

Cisco 2821

Cisco 2851

SDM is supported on the following Cisco 3600 series routers:

Cisco 3620

Cisco 3640

Cisco 3640A

Cisco 3661

Cisco 3662

SDM is supported on the following Cisco 3700 series routers:

Cisco 3725

Cisco 3745

SDM is supported on the following Cisco 3800 series routers:

Cisco 3825

Cisco 3845

SDM is supported on the following Cisco 7000 series routers:

Cisco 7204VXR

Cisco 7206VXR

Cisco 7301

Supported Network Modules, WICs, Port Adapters, and Service Adapters

SDM supports configuration on the following network modules:

NM-1E

NM-4E

NM-4T

NM-2W

NM-1E2W

NM-1FE2W

NM-2E2W

NM-2FE2W

NM-2FE2W-V2

NM-1FE-FX

NM-1FE-TX

NM-4A/S (synchronous only)

NM-8A/S (synchronous only)

NM-CIDS-K9

NM-16ESW

NM-36ESW

SDM supports only Ethernet configuration on the following network modules:

NM-1E1R2W

NM-1FE1R2W

NM-1FE1CE1U

NM-1FE2CE1B

NM-1FE1CE1B

NM-1FE2CE1U

NM-1FE1CT1

NM-1FE2CT1

NM-1FE1CT1-CSU

NM-1FE2CT1-CSU

SDM supports the following WAN interface cards:

WIC-1T

WIC-2T

WIC-2A/S (Frame Relay, PPP, HDLC, no asynchronous)

WIC-1DSU-T1

WIC-1ADSL

WIC-1ENET

WIC-1SHDSL

WIC-1DSU-T1-V2

WIC-1B-S/T

WIC-1B-S/T-V3

WIC-1AM

WIC-2AM

WIC-4ESW

WIC-1SHDSL-V2

SDM supports the following high-speed wan interface cards (HWICs):

HWIC-4T

HWIC-4A/S

HWIC-8A/S-232

HWIC-4ESW

HWICD-9ESW

HWIC-AP-G-X

HWIC-AP-AG-X

SDM supports the following advanced integration modules (AIMs):

AIM-VPN/BP

AIM-VPN/BP II

AIM-VPN/BPII-PLUS

AIM-VPN/HP

AIM-VPN/HP II

AIM-VPN/HPII-PLUS

AIM-VPN/EP

AIM-VPN/EP II

AIM-VPN/EPII-PLUS

SDM supports the following port adapters on Cisco 7000 routers:

PA-2FE-TX

PA-2FE-FX

PA-8E

PA-4E

SDM supports the following service adapters on Cisco 7000 routers:

SA-VAM

SA-VAM2

SA-VAM2+

SDM also supports the MOD-1700VPN.

PC System Requirements

SDM is designed to run on a personal computer that has a Pentium III or faster processor.

Software Supported

This section describes SDM software requirements.

Cisco IOS Images

SDM is compatible with the Cisco IOS images listed in Table 1.

Note SDM supports the IOS Intrusion Prevention System (IPS). In order to be able to use SDM to configure IOS-IPS, the router must run an IOS image of Release 12.3(8)T4 or later.

Table 1 SDM-Supported Routers and Cisco IOS Releases 

SDM-Supported Routers
SDM-Supported Cisco IOS Releases

Cisco SB101
Cisco SB106
Cisco SB107

12.3(8)YG

12.4(2)T

Cisco 831
Cisco 837

12.2(13)ZH or later

12.3(2)XA or later

12.3(2)T or later

12.4(2)T

Cisco 836

12.2(13)ZH or later

12.3(2)XA or later

12.3(4)T or later

12.4(2)T

Cisco 851
Cisco 857

12.3(8)YI

12.4(2)T

Cisco 871
Cisco 876
Cisco 877
Cisco 878

12.3(8)YI

12.4(2)T

Cisco 1701

12.2(13)ZH or later

12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF.)

12.3(4)T or later

12.4(2)T

Cisco 1711
Cisco 1712

12.2(15)ZL or later

12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF.)

12.4(2)T

Cisco 1710
Cisco 1721
Cisco 1751
Cisco 1751-v
Cisco 1760
Cisco 1760-v

12.2(13)ZH or later

12.3(2)XA or later (SDM does not support Cisco IOS release 12.3(2)XF.)

12.2(13)T3 or later

12.3(2)T or later

12.3(1)M or later

12.2(15)ZJ3 (not available for the Cisco 1710 or Cisco 1721)

12.4(2)T

Cisco 1801
Cisco 1802
Cisco 1803
Cisco 1811

12.3(8)YI

12.4(2)T

Cisco 1812

12.3(8)YH or later

12.4(2)T

Cisco 1841

12.3(8)T4 or later

12.4(2)T

Cisco 2610XM
Cisco 2611XM
Cisco 2620XM
Cisco 2621XM
Cisco 2650XM
Cisco 2651XM
Cisco 2691

12.2(11)T6 or later

12.3(2)T or later

12.3(1)M or later

12.3(4)XD

12.2(15)ZJ3

12.4(2)T

Cisco 2801
Cisco 2811
Cisco 2821
Cisco 2851

12.3(8)T4 or later

12.4(2)T

Cisco 3640
Cisco 3661
Cisco 3662

12.2(11)T6 or later

12.3(2)T or later

12.3(1)M or later

12.3(4)XD

12.2(15)ZJ3

12.4(2)T

Cisco 3620

12.2(11)T6 or later

12.3(1)M or later

12.4(2)T

Cisco 3640A

12.2(13)T3 or later

12.3(2)T or later

12.3(1)M or later

12.3(4)XD

12.2(15)ZJ3

12.4(2)T

Cisco 3725
Cisco 3745

12.2(11)T6 or later

12.3(2)T or later

12.3(1)M or later

12.3(4)XD

12.2(15)ZJ3

12.4(2)T

Cisco 3825
Cisco 3845

12.3(11)T or later

12.4(2)T

Cisco 7204VXR
Cisco 7206VXR

12.3(2)T or later

12.3(1)M or later

12.4(2)T

SDM does not support B, E, or S train releases on the Cisco 7000 routers.

Cisco 7301

12.3(2)T or later

12.3(3)M or later

12.4(2)T

SDM does not support B, E, or S train releases on the Cisco 7000 routers.


Determining the Cisco IOS Software Version

To determine the Release of Cisco IOS software currently running on your Cisco router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the version number on the second output line: 

router> show version 

Cisco Internetwork Operating System Software 

IOS (tm) C1700 Software (c1700-k8sv3y7-mz) Version 12.2(13)ZH

Web Browser Versions and Java Runtime Environment Versions

SDM can be used with the following browsers:

Firefox version 1.0.6

Internet Explorer version 5.5 and later

Netscape version 7.1 and version 7.2

SDM requires Sun Java Runtime Environment (JRE) version 1_5_0_4 or later, or Java Virtual Machine (JVM) 5.0.0.3810.

PC Operating System Versions

SDM can be run on a PC running any of the following operating systems:

Microsoft Windows XP Professional

Microsoft Windows 2003 Server (Standard Edition)

Microsoft Windows 2000 Professional with Service Pack 4

Microsoft Windows ME

Microsoft Windows NT 4.0 Workstation with Service Pack 4

Note Windows 2000 Advanced Server is not supported.

Japanese, Simplified Chinese, French, German, Spanish and Italian language support is available on these operating systems:

Microsoft Windows XP Professional with Service Pack 2 or later

Microsoft Windows 2000 Professional with Service Pack 4 or later

New and Changed Information

This section contains information that is new or that has changed since the previous release.

New Features Supported in SDM Version 2.1.2

Before release 2.1.2, SDM was available only in English. SDM version 2.1.2 is available in the following language editions:

Chinese (simplified) edition—available in the file SDM-V212-zh.zip

English edition—available in the file SDM-V212.zip

French edition—available in the file SDM-V212-fr.zip

German edition—available in the file SDM-V212-de.zip

Italian edition—available in the file SDM-V212-it.zip

Japanese edition—available in the file SDM-V212-ja.zip

Spanish edition—available in the file SDM-V212-es.zip

All editions of SDM are available on Cisco.com by going to the following link:

http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm

In order to run an SDM edition other than English, the PC that you are using must run a supported Microsoft Windows operating system of the same language as the SDM edition that you want to run, or, if the PC is running an English-language Microsoft Windows operating system, the regional settings on the PC must specify a locale that is compatible with the edition of SDM that you want to run. The English edition of SDM version 2.1.2 is able to run on all supported Microsoft Windows operating systems.

For more information on running a non-English edition of SDM on a PC running an English-language operating system, refer to the document Running Non English Editions of SDM on English-Language Operating Systems available at the same link.

SDM Files

This section describes the files used in SDM version 2.1.2.

Table 2 describes the files that SDM and its applications use.

Table 2 SDM File List 

File Name
Description

sdm.tar

SDM application file.

ips.tar

Intrusion Prevention System (IPS) application file.

es.tar

SDM Express application file.

wlanui.tar

Wireless Application

home.tar

SDM and SDM Express support file.

common.tar

SDM and SDM Express support file.

home.shtml

SDM and SDM Express support file.

attack-drop.sdf

Signature Definition File (SDF) used by IPS.

128MB.sdf

Signature Definition File (SDF) used by IPS.

256MB.sdf

Signature Definition File (SDF) used by IPS.

sdmconfig-modelnum.cfg

For example:

sdmconfig-180x.cfg

Default configuration file.


The sizes of the SDM files are listed by SDM language edition in Table 3.

Table 3 SDM File Sizes by Language Edition

File Name
Chinese (S)
English
French
German
Italian
Japanese
Spanish

attack-drop.sdf

91 KB

91 KB

91 KB

91 KB

91 KB

91 KB

91 KB

common.tar

808 KB

807 KB

808 KB

808 KB

808 KB

808 KB

808 KB

es.tar

863 KB

768 KB

873 KB

903 KB

903 KB

890 KB

910 KB

home.shtml

2 KB

2 KB

2 KB

2 KB

2 KB

2 KB

2 KB

home.tar

96 KB

96 KB

97 KB

97 KB

97 KB

97 KB

97 KB

ips.tar

1.25 MB

1.21 MB

1.25 MB

1.25 MB

1.25 MB

1.25 MB

1.25 MB

sdmconfig-modelnum.cfg

For example:

sdmconfig-180x.cfg

2 KB

2 KB

2 KB

2 KB

2 KB

2 KB

2 KB

sdm.tar

3.3 MB

3.1 MB

3.2 MB

3.3 MB

3.2 MB

3.32 MB

3.2 MB

wlanui.tar

1.9 MB

1.9 MB

1.9 MB

1.9 MB

1.9 MB

1.9 MB

1.9 MB

128MB.sdf

493 KB

493 KB

493 KB

493 KB

493 KB

493 KB

493 KB

256MB.sdf

732 KB

732 KB

732 KB

732 KB

732 KB

732 KB

732 KB


IPS-Supplied Signature Definition Files

To ensure that the router has available as many signatures as its memory can accommodate, IPS is shipped with one of the following signature definition files (SDFs):

256MB.sdf—If the amount of RAM available is greater than 256 MB. 256MB.sdf contains 500 signatures.

128MB.sdf—If the amount of RAM available is between 128 MB and 256 MB. 128MB.sdf contains 300 signatures.

attack-drop.sdf—If the amount of available RAM is 127 MB or less. attack-drop.sdf contains 82 signatures.

Note The router must be running a Cisco IOS image of release 12.3(14)T or later to be able to use all the available signature engines in 256MB.sdf and 128MB.sdf. If the router runs a Cisco IOS image of an earlier release, not all signature engines will be available.

To use an SDF in router memory, determine which SDF has been installed, and then configure IPS to use it. The procedures that follow show you how to do this.

Determine Which SDF File is in Memory

To determine which SDF file is in router memory, open a Telnet session to the router, and enter the show flash command. The output will be similar to the following: 

System flash directory:

File  Length   Name/status

  1   10895320  c1710-k9o3sy-mz.123-8.T.bin

  2   1187840  ips.tar

  3   252103   attack-drop.sdf

  4   1038     home.shtml

  5   1814     sdmconfig-1710.cfg

  6   113152   home.tar

  7   758272   es.tar

  8   818176   common.tar

[14028232 bytes used, 2486836 available, 16515068 total]

16384K bytes of processor board System flash (Read/Write)

In this example the file attack-drop.sdf is in router memory. On some routers, such as routers with a disk file system, you use the dir command to display the contents of router memory.

Configuring IPS to Use an SDF

To have IPS use the SDF in router memory, do the following:

Step 1 Click Global Settings.

Step 2 In the Configured SDF locations list, click Add.

Step 3 In the dialog box displayed, click Specify SDF on flash, and enter the name of the SDF file.

Step 4 Click OK to close the dialog box.

Installation Notes

This section contains important information regarding installation and upgrades to SDM.

Cisco 1700 Routers Running ITS/CCME and Cisco IOS Release 12.2(13)T

If you are installing SDM on a router that already has the Internet Telephony Service (ITS) or Cisco Call Manager Express (CCME) application installed in flash memory, you may exceed the number of files allowed in flash memory by installing SDM. Cisco 1700 routers using a Cisco IOS Release 12.2(13)T image cannot have more than 32 files in flash memory.

Before installing SDM, you must delete any unneeded files from flash memory. If no files can be deleted, do not install SDM on the router.

Downloading SDM from Cisco.com and Installing It on the Router

If SDM is not currently installed on the router, the document Downloading and Installing Cisco Router and Security Device Manager (SDM) explains how to download SDM from Cisco.com and install it on the router. To obtain this document, go to the following URL:

http://www.cisco.com/go/sdm

Upgrading to a New SDM Release

If a version of SDM later than version 1.0 is already installed on the router, you should use the SDM automatic update feature to install the latest files on the router. SDM automatically checks Cisco.com for more recent versions of SDM, downloads them to your PC, removes the old SDM files from memory, runs the squeeze flash: command if necessary, and copies the latest files to the router. The update feature is available from the Tools menu. Choose Tools > Update SDM > Update from CCO.

If you are currently using SDM version 1.0, you must download the file SDM-Vnn.zip at the following URL:

http://www.cisco.com/cgi-bin/tablebuild.pl/sdm

The document Downloading and Installing Cisco Router and Security Device Manager (SDM) explains how to install SDM and all related files on the router. This document is available at the following URL:

http://www.cisco.com/go/sdm

Uninstalling SDM Files

If you want to remove SDM from flash memory or from a router disk file system, you can do so by logging onto the router and completing the following steps in EXEC mode:

Step 1 Change to the directory in which the SDM files are located.

If the router has a flash file system, use the following command: 

router# cd flash:

If the router has a disk file system, use the following command: 

router# cd diskN

Replace N with the actual number of the disk. Use the slot keyword instead of the disk keyword if necessary.

Step 2 Use the delete command to remove the SDM files. The example below deletes the file sdm.tar: 

router# delete sdm.tar

Delete filename [sdm.tar]?

Delete flash:sdm.tar? [confirm]

Press Return to confirm the deletion.

Step 3 Use the delete command to remove the remaining SDM files. The "SDM Files" section lists the files used by SDM.

Step 4 Reclaim memory space by using the squeeze flash: command: 

router# squeeze flash:

It is not necessary to use the squeeze flash: command on DOS-based file systems.

SDM version 2.1 or later can be installed on your PC. To remove SDM from your PC, complete the following steps:

Step 1 Click Start > Program> Cisco Systems > Cisco SDM > Uninstall to launch the Uninstall program.

Step 2 When the message "Do you want to remove the selected applications and all of its features?" appears, click Yes.

Step 3 When the Uninstallation Complete screen is displayed, click Finish.

Restrictions and Limitations

This section describes restrictions and limitations that may apply to SDM.

SDM Minimum Screen Resolution

SDM requires a screen resolution of at least 1024 x 768.

Restrictions for Cisco 7204VXR, 7206VXR, and 7301 Routers

The following restrictions apply to SDM running on Cisco 7204VXR, 7206VXR, and 7301 Routers:

The SDM Express application is not supported.

WAN configuration is not supported. SDM supports configuration of Ethernet and Fast Ethernet interfaces.

The SDM Reset feature is not available.

No SDM-default configuration file is supplied.

Important Notes

This section contains important information for SDM.

Popup Blockers Disable SDM IPS and SDM Online Help

If you have enabled popup blockers in the browser you use to run SDM or SDM IPS, SDM IPS will not launch, and SDM online help will not appear when you click the help button. To prevent this from happening, you must disable the popup blocker when you run SDM or SDMIPS. Popup blockers may be enabled in search engine toolbars, or may be standalone applications integrated with the web browser.

Microsoft Windows XP with Service Pack 2 blocks popups by default. In order to turn off popup blocking in Internet Explorer, go to Tools > Pop-up Blocker > Turn Off Pop-up Blocker.

If you have not installed and enabled pop up blockers, go to Tools >Internet Options > Privacy, and uncheck the Block popups checkbox.

Disable Proxy Settings

SDM will not start when run under Internet Explorer using JRE plug-in versions 1.4.2_05 and proxy settings are enabled. To correct this problem, choose Internet Options from the Tools menu, click the Connections tab, and then click the LAN settings button. In the LAN Settings window, disable the proxy settings.

Routers Shipped with SDM Do Not Execute the Standard Cisco IOS Startup Sequence

Because a default configuration file is provided on a router shipped with SDM, the router will not execute the standard Cisco IOS startup sequence. If you are expecting to use the Cisco IOS setup utility, a TFTP/BOOTP configuration download, or other features available through the standard Cisco IOS startup, you will need to erase the configuration file.

To erase the existing configuration and take advantage of the Cisco IOS startup sequence, perform the following steps. This will leave SDM on the router if you later decide you want to use it, but you will need to configure the router manually before you can begin using SDM. Please refer to the router quick start guide and to the SDM FAQ (available at http://www.cisco.com/go/sdm) for information about the minimum configuration required for using SDM.

Step 1 Connect the light blue console cable, included with the router, from the blue console port on the router to a serial port on your PC. See the router hardware installation guide for instructions.

Step 2 Connect the power supply to the router, plug the power supply into a power outlet, and turn on the router. See the router quick start guide for instructions.

Step 3 Use a terminal emulation program on your PC, with the terminal emulation settings 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to the router.

Step 4 At the prompt, enter the enable command, and enter the password cisco. 

yourname> enable


Password: cisco

yourname#

Step 5 Enter the erase startup-config command. 

yourname# erase startup-config

Step 6 Confirm the command by pressing Enter.

Step 7 Enter the reload command. 

yourname# reload

Step 8 Confirm the command by pressing Enter.

After the router completes the reload operation, it enters into the standard Cisco IOS startup sequence. You can use the startup sequence to give the router a configuration manually, or to copy a configuration file from the network. If you later decide you want to use SDM to change an existing configuration, refer to the instructions on starting SDM included in the quick start guide for the router.

Unable to Perform "squeeze flash:" Operation

If the router is using a Cisco IOS image earlier than release 12.3T, or release 12.2(13)ZH, it may be necessary to use the squeeze flash: command to reclaim flash memory after repeated use of SDM. If this becomes necessary, SDM will inform you that the squeeze flash: command must be used, and will execute the command upon your confirmation.

However, the squeeze flash: command will not work if an erase flash: command has never been executed on the router. If this is the case you will receive an "Unable to perform `squeeze flash'" warning message, and you will need to run the erase flash: command to enable the use of the squeeze flash: command.

Executing the erase flash: command removes SDM and the Cisco IOS image from the router flash memory, and you will lose your connection to the router. Complete the following steps to save files in flash memory, execute erase flash:, and copy the files back so you can reconnect to SDM.

Step 1 Ensure that the router will not lose power. If the router loses power after an erase flash: operation, there will be no Cisco IOS image in memory.

Step 2 Prepare a TFTP server to which you can save files and copy them over to the router. You must have write access to the TFTP server. Your PC can be used for this purpose if it has a TFTP server program.

Step 3 Open up a Telnet session on the router so that you can use the CLI.

Step 4 Save the router's running configuration to the startup configuration by entering the command copy running-config startup-config.

Step 5 Use the copy tftp command to copy the Cisco IOS image, and the SDM files from flash memory to a TFTP server:

copy flash: filename tftp://tftp-server-address/filename

For example: 

Router# copy flash: sdm.tar tftp://10.10.10.3/sdm.tar

Table 2 lists the files SDM uses.

Tip If you prefer to download a Cisco IOS image, and the SDM-Vnn.zip file, follow these instructions to use an Internet connection to download an SDM-supported Cisco IOS image, and the SDM-Vnn.zip file.

a. Click the following link to obtain a Cisco IOS image from the Cisco Software Center:

http://www.cisco.com/kobayashi/sw-center

b. Obtain an image that supports the features you want on the Cisco 12.2(11)T release or later. Save the file to the TFTP server that is accessible from the router.

c. Use the following link to obtain the latest SDM-Vnn.zip file.

http://www.cisco.com/cgi-bin/tablebuild.pl/sdm

d. Extract the SDM files from SDM-Vnn.zip.

e. Click the setup.exe file to start the SDM installation wizard.

Step 6 From the PC, log in to the router using Telnet, and enter Enable mode. 

Router> enable

Password: 

Router#

Step 7 Enter the command erase flash:, and confirm. The router's IOS image, configuration file, and the SDM files are removed from flash memory.

Step 8 Use the copy tftp command to copy the IOS image and the SDM files from the TFTP server to the router:

copy tftp://tftp-server-address/filename flash:

Example: 

Router# copy tftp://10.10.10.3/SDM.tar flash:

Note Copy the Cisco IOS image first, followed by the SDM files.

Step 9 Start your web browser, and reconnect to SDM, using the same IP address you used when you started the SDM session.

Now that an erase flash: operation has been performed on the router, you will be able to execute the squeeze flash: command when necessary.

Security Alert Dialog May Remain After SDM Launches

When SDM is launched using HTTPS, a security alert dialog box that informs you of possible security problems and asks you if you want to proceed with program launch may appear. This can happen if the router does not have the following global configuration command in the running configuration: 

ip http timeout-policy idle 600 life 86400 requests 10000

Caveats

Caveats describe unexpected behavior in SDM. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Open Caveats—Release 2.1.2

This section lists caveats that are open in release 2.1.2.

CSCsb38890

When using SDM IPS, if you go to IPS Global Settings > Edit and change the size of the SDEE event store, and then refresh or reinvoke SDM IPS, SDM shows the default size of the SDEE event store (200) instead of the value that you configured.

Workaround: None

CSCsa40535

VPN status in the Monitor windows do not show IPSec security association (SA) parameters for DMVPN when CLI status commands report that the crypto tunnels are up and traffic is passing through. The DMVPN tunnel is shown as established in the IKE SA tab.

Workaround: Use the CLI to view DMVPN status.

CSCef50601

This problem is encountered on routers running Cisco IOS image c3825-advsecurityk9-mz.123-10.2. If an ATM interface is configured on routers running this image, WAN troubleshooting may display inconsistent results. PVC connections may be shown as UP when they are DOWN.

Workaround: None.

CSCef29588

When both SDM and IPS are open, an open dialog box requiring an OK or Cancel in one application will prevent the user from working in the other application.

Workaround: Complete the work in the dialog box and click OK, or click Cancel to close the dialog box before switching to the other application.

CSCef34056

If multiple instances of SDM are run under Netscape version 7.1 using the Java Virtual Machine (JVM) or the Java plug-in, and the user shuts down one instance of SDM, then all other open instances of SDM on that PC are shut down.

This problem occurs because Netscape version 7.1 uses only one instance of the JVM or the Java plug-in, even when multiple instances of Netscape are launched. As a result, when one instance of SDM is shut down, Netscape shuts down the JVM or the Java plug-in, and all other instances of SDM are also shut down.

Workaround: If SDM is run under Netscape version 7.1, open only one instance of SDM . Using Internet Explorer is advised when multiple instances of SDM must be opened, such as when the user must configure multiple routers at the same time.

CSCef43267

When the crypto identity ca command is used, the Loopback0 interface is shown as having no configured IP address in the Edit Interfaces and Connections window when an IP address has been configured.

Workaround: Disregard the IP address information in the Interfaces and Connections window. If you need to view the IP address, choose the interface and click the Edit button.

CSCef43429

This problem is caused by the Cisco IOS caveat CSCef46305. After an Easy VPN Remote connection has been brought up after a successful user authentication (Xauth), the remote peer may not be listed in the Easy VPN Remote Edit screen if SDM is refreshed or reinvoked. If this problem occurs, Easy VPN Remote troubleshooting might not behave as expected for this connection.

This problem will occur only when the Easy VPN server sends Xauth challenges to the Easy VPN remote at the same time that the Easy VPN remote is trying to establish a tunnel with the VPN server.

Workaround: None.

CSCef50389

When an Easy VPN Server is configured using Digital Certificates for authentication, and an Easy VPN Remote connection is configured on another router, the client statistics for the Easy VPN server are all shown as 0 in the VPN Status window.

Workaround: To view client statistics, choose Tools > Telnet. Log in to the router, and issue the show crypto session command.

CSCef57546

When adding a new signature to the ATOMIC.ICMP engine, you may see the error message "[Enum(xxx)-StorageKey-ATOMIC.ICMP] the value AaBb is not a valid value."

Workaround: In the Add Signature window, go to the parameter StorageKey, and click the green square to enable editing for this parameter. the green square icon will change to a red diamond icon. Choosing any value from the drop down box will fix this problem.

CSCef63016

This problem is caused by the Cisco IOS caveat CSCef64124. When the user unchecks the Save Xauth username and password on the router check box in the Edit Easy VPN Remote dialog box and clicks OK, the command is delivered to the router, but SDM shows the check box as checked, and the corresponding command is still shown in the running configuration if SDM is refreshed.

This occurs when the user wants to remove the saved Xauth username and password in Easy VPN Remote.

CSCef63313

If an Easy VPN Remote configuration has connections to more than one Easy VPN server configured, VPN troubleshooting deactivating may report troubleshooting results for only one VPN server or give incorrect recommendations. This issue is seen only in some Cisco IOS images.

Workaround: None.

CSCef72022

Invoking SDM with a user associated with SDM_Monitor view adds a PKI trust point and an Easy VPN profile. This behavior does not affect the running configuration.

Workaround: Invoke SDM with a user associated with a different CLI view, or with a user of privilege level 15.

CSCef53222

SDM filenames are case sensitive. If the SDM files are copied from the PC hard disk to a flash card, File Explorer changes the names to uppercase. When this happens, SDM cannot be invoked from this flash card.

Workaround: Before removing the flash card from the PC, restore the filenames to lowercase.

CSCef77689

When the router is running a Cisco IOS image that does not support the show pppoe session command, WAN troubleshooting may not report any reasons for failure or recommended actions for PPPoE connections that are found to be down.

Workaround: None.

CSCin54600

If a firewall is configured for an interface which already has a Management Access policy associated with it, choosing Replace in the Merge/Replace dialog box might prevent access to certain networks.

This occurs because choosing Replace causes the policy access control entries (ACEs) to be disassociated from the interface but not from the vty or HTTP line.

Workaround: When running Firewall wizard on an interface configured with Management Access policy, choose Merge option instead of Replace and proceed.

CSCef73879

VPN troubleshooting may report a possible Maximum Transmission Unit (MTU) problem in the passthrough network when the tunnel is up. If the VPN interface is a dialer interface configured on an asynchronous interface, this problem may not always exist, and the displayed recommended action will have no effect.

Workaround: Ignore this message and the corresponding recommendation.

CSCef73395

Due to a problem with Cisco IOS, if a custom protocol is mapped to a port and the same custom protocol is specified for matching under a classmap, and then the mapping of the custom protocol is deleted from the configuration , Cisco IOS does not give any warning message that the user should first delete the match protocol custom-01 commands that make use of the custom protocol mapping.

Workaround: Do the following:

Configure the custom protocol again.

Remove all the match protocol statements that reference the custom protocol that you configured.

Remove the custom protocol from the configuration.

CSCef52940

This problem is caused by Cisco IOS caveat CSCef52919. A user with privilege level 1 who is associated with a view may be able to log in to SDM with a privilege level of 15. This occurs when authentication authorization and accounting (AAA) is enabled, and a vty line is configured with privilege level 2 through 15.

Workaround: Do not configure privilege 1-level users. The problem does not occur when users of higher privilege levels are configured.

CSCec31789

When you update SDM, if any of the uploaded SDM files shows a size of zero bytes when show flash is invoked, no operations such as copy or delete can be performed on flash memory. This problem rarely occurs.

Workaround: Restart the router to be able to perform operations on flash memory. If files of zero bytes are shown in a show flash display, restart the router before starting SDM.

CSCea90231

Router does not reload with default configuration when a' user executes a Reset To Factory Defaults operation in SDM.

If the router is running Cisco IOS Release 12.2(11)T6, and the last 4 bits of the config-register value are set to 0, for example 0x2100 or 0x1100, the router does not reload when the user performs a Reset To Factory Defaults. SDM indicates that it has sent a reload command to the router and shuts down, and the default configuration is copied to the startup-config, but the reload command has not executed, and the router is still using the running configuration that was present before the Reset To Factory Defaults operation.

Workaround: Use the CLI config-register command to ensure that the last 4 bits of the config register are not set to 0 (zero).

CSCea89054

If you delete a WAN connection that you created, an ip nat inside command may still remain in a LAN interface configuration.

Workaround: To delete the ip nat inside command from the LAN interface configuration, go t o Edit Interfaces and Connections, choose the LAN interface, click Edit, and delete the association in the Association tab.

CSCin44264

Enabling AES encryption or IP compression in the Add/Edit IKE Policy or Add/Edit Transform Set windows might not work even though the Cisco IOS image running on the router supports AES encryption or IP Compression. This may happen in the following circumstances:

Hardware encryption is enabled.

The router has a VPN module that does not support AES encryption or IP compression.

Workaround: Do one of the following:

Disable hardware encryption by adding the no crypto engine accelerator command to the configuration file using the CLI interface. This command tells the router to use Cisco IOS software for encryption instead of using the encryption provided by the VPN module.

Upgrade your hardware VPN module to one that supports AES or IP compression.

For more info on VPN Modules, refer to the document at the following URL:

http://www.cisco.com/en/US/products/hw/routers/ps259/products_data_she