In April 2004, I wrote a TechProGuild article that introduced
Cisco’s Java-based Security Device Manager (“Use the free
Cisco Security Device Manager to work with routers”—membership is
required to access this article). I discussed how to install the Security
Device Manager (SDM), detailed what you can expect from SDM, and examined its features.

When I wrote the article, the current edition of SDM was
version 1.0. Today, the current version is SDM 2.2, and Cisco has made
significant features changes to the product. Let’s take a look at the latest
incarnation of Cisco’s SDM and discuss what it can do for your organization.

SDM is a free Web-based utility that helps manage your
routers, and it comes preinstalled on new Cisco routers. As you can tell by its
name, one of SDM’s primary offerings is security management.

However, this helpful utility does a lot more than just
security. In fact, you can use the SDM graphical interface to pretty much accomplish
anything you would with a few commands in the CLI interface.

If you aren’t necessarily adept at the command line, this
utility could be a lifesaver. But those of you out there who are command-line
junkies might be saying “so what?” Actually, SDM has something to
offer you as well—graphical utilization charts. Figure A offers an example.

Figure A

Because SDM is a graphical management tool for routers,
there is little it can’t do. Therefore, the comprehensive list of what it can do is quite long. Instead of going
through a long laundry list of features, let’s look at what SDM can do that
makes it unique.

SDM acts as a graphical
access control list (ACL) editor
This functionality allows you to view your ACL, as well as edit, remove, and
insert lines without ever removing the ACL.

It offers context-sensitive
help
When you’re creating and configuring interfaces, SDM features a How Do I? section
that offers a list of help topics. Figure
B offers an example.

Figure B

SDM sports a Security
Audit feature and offers one-step lockdown
The Security Audit feature looks at your router and its interfaces, and it audits
security settings using a predefined checklist. Using the one-step lockdown
essentially enables the list of predefined security settings. (I recommend
testing this feature before using it.) Figure
C offers an example.

Figure C

It includes a Quality
of Service (QoS) Wizard
Based on your answers to specific questions, the QoS Wizard can configure your QoS
settings. It also includes a visual QoS policy editor. Figure D offers an example.

Figure D

SDM features visual
representation of CPU and memory utilization
The monitoring overview of the router shows a graphical representation of
current CPU and memory utilization, as well as the status of interfaces. Figure E offers an example.

Figure E

I’ve listed the features of Cisco’s Security Device Manager
that I feel are the most valuable, but this utility offers many other benefits.
For information, including what IOS version SDM requires, which routers can run
SDM, which modules it supports, and how much RAM/Flash is necessary, I
recommend reading Cisco’s Release
Notes for Cisco Router and Security Device Manager Version 2.2.

Are you familiar with SDM? Share how you use this utility in
this article’s discussion.

Miss a column?

Check out the Cisco Routers and Switches
Archive, and catch up on David Davis’ most recent columns.

Want to learn more
about router and switch management? Automatically
sign up for our free Cisco Routers and Switches newsletter, delivered each
Friday!

David Davis has worked
in the IT industry for 12 years and holds several certifications, including
CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of
systems/network administrators for a privately owned retail company and
performs networking/systems consulting on a part-time basis.