bigsy
join:2001-07-18
UK
| reply to spamalam
Re: [HELP] Second hand 877W - complete n00b, setup?
"I Want to Enable Cisco SDM on a Router I Configured Using the Cisco IOS Startup Sequence"
Taken from »www.cisco.com/en/US/docs/routers···#wp44788
Step 1 Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands:
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
If the router uses an IPSec Cisco IOS image, the HTTPS server is enabled. Otherwise only the HTTP server is enabled.
Step 2 Create a user account with privilege level 15 (enable privileges).
Router(config)# username username privilege 15 password 0 password
Replace username and password with the username and password that you want to configure.
Step 3 Configure SSH and Telnet for local login and privilege level 15:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Step 4 (Optional) Enable local logging to support the log monitoring function:
Router(config)# logging buffered 51200 warning
|
|
pfalk
join:2008-07-01
Sunnyvale, CA
 ·Etheric Networks
| I'm pretty sure that your router has the CRWS (web based setup tool).
To launch it, just make sure that your LAN interface has been properly setup (if not, do a "show webflash:"
you should see a bunch of files there, one of which has a name similar to: config.??? (I don't remember exactly what the extension is).
Anyway, copy that file to running (copy webflash:config.* running), and then you should be able to get an ip address from the router to your PC (assuming that you have DHCP configured on your PC).
then point your browser to 10.10.10.1 (or whatever IP address you end up having on the LAN interface of the router.
The rest is done very simply.
P. |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to bigsy
Some comments on following
said by bigsy  :Step 1 Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands: Router(config)# ip http serverRouter(config)# ip http secure-serverRouter(config)# ip http authentication local If you really have to have Web or Secure Web access, then you should lock down the source IP subnet using ACL. In addition, you may want to consider using either TACACS+ or RADIUS to store account instead relying solely on local account.
said by bigsy :If the router uses an IPSec Cisco IOS image, the HTTPS server is enabled. Otherwise only the HTTP server is enabled. From the show version above, it looks like the IOS image support Security feature, hence it supports the HTTPS. Therefore, you may want to only enable the secure server instead both secure and non-secure server.
said by bigsy :Step 2 Create a user account with privilege level 15 (enable privileges). Router(config)# username username privilege 15 password 0 password You may want to use secret parameter instead of password since the secret uses more secure method to encrypt password.
said by bigsy :Router(config)# line vty 0 4Router(config-line)# privilege level 15Router(config-line)# login local You may not want to let everybody remote access in automatically having privilege level 15. You may want to let the router (or external TACACS+ or RADIUS if there is one) decides if the credential has privilege level 15 or lower.
said by bigsy :Router(config-line)# transport input telnetRouter(config-line)# transport input telnet sshRouter(config-line)# exit When you need to enable both telnet and ssh as the remote access method to use, then you don't need the transport input telnet since the transport input telnet ssh covers both telnet and ssh.
Note that ssh requires key to work. The simplest way to have key is to generate one (if there is none yet) and store locally. |
|
