dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
84193
share rss forum feed


Rob_Needs_Help

@qwest.net

Cisco SDM doesn't launch SDM GUI from popup window

Hello,

I'm having trouble getting the SDM application to run. Specifically, when I put the IP address of my router into my IE7 browser, I'm presented with an initial screen stating my browser version and that Java is enabled. I'm then asked if I would like to use HTTPS instead of HTTP, I choose HTTPS. Another, smaller, browser window pops up and an authentication window pops up. I authenticate with rob/cisco, and the second browser window states "Loading Cisco SDM Express. Please wait..." with an hour glass. After about 5-10 seconds, the hour glass and status statement disappear and nothing else happens. I'm expecting to see a window with the SDM interface at some point but after several minutes, there's still no activity and no error messages.

My environment consists of the following: Windows XP Pro fully patched running IE7 (192.168.0.4/24). I have Java Version 6 Update 12 installed. I've added the Cisco's certificate to my browser and enabled "Allow active content to run in files on My Computer". The Cisco information follows below.

I'm studying for the CCNA Security certification in an effort to renew my CCNA (which expires soon). While reading through the Cisco Press CCNA Security Official Exam Certification Guide, ISBN 9781587202209, I've noticed that SDM is mentioned in almost, if not every, chapter. So, I purchased a Cisco 2620XM router to load up and play with the SDM software.

I've been trying various installation methods to get this to work. When I initially used the GUI setup tool to try and install SDM on the router, the setup application complains about something with an error message that wasn't very helpful. During this try, I had a stock configuration on the router except I set its IP to the local subnet of my XP system.

After some googling, I found a suggestion to load the sdmconfig-26xx.cfg file onto the router before attempting the setup GUI tool. My modified version of that config is listed below. I changed the stock interface IP (of course) and removed all the access class stuff (the router is in a home network). After these modifications, the setup GUI install worked. As you can see below, I now have the SDM files in the flash.

Looking at the system requirements page for SDM v2.5 here:

»www.cisco.com/en/US/docs/routers···#wp16934

I should be good to go. Any thoughts on why I can't launch the SDM Express GUI? It seems like there's very little on the web for my problem.

yourname#show hardware
Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M), Version 12.4(23), RELEASE SOFTWARE (fc1)
Technical Support: »www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Sat 08-Nov-08 20:53 by prod_rel_team

ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)

yourname uptime is 9 minutes
System returned to ROM by reload
System image file is "flash:c2600-advsecurityk9-mz.124-23.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
»www.cisco.com/wwl/export/crypto/···qrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2620XM (MPC860P) processor (revision 4.0) with 127627K/3445K bytes of memory.
Processor board ID
M860 processor: part number 5, mask 2
1 FastEthernet interface
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2142

yourname#show run
Building configuration...

Current configuration : 4379 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name yourdomain.com
!
!
!
crypto pki trustpoint TP-self-signed-1657434361
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1657434361
revocation-check none
rsakeypair TP-self-signed-1657434361
!
!
crypto pki certificate chain TP-self-signed-1657434361
certificate self-signed 01

...keys, lots and lots of keys..

quit
username cisco privilege 15 one-time secret 5 $1$I6w8$u4iPVPt29JePLCdpFbBlr/
username rob privilege 15 secret 5 $1$S/5F$40fSH8f0RH5E2TImf/mHY1
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FastEthernet0/0$
ip address 192.168.0.150 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
control-plane
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username privilege 15 secret 0
no username cisco

Replace and with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to »www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
!
end

yourname#show flash all
Partition Size Used Free Bank-Size State Copy Mode
1 32255K 25526K 6729K 16384K Read/Write Direct

System flash directory:
File Length Name/status
addr fcksum ccksum
1 16662436 c2600-advsecurityk9-mz.124-23.bin
0x40 0xC3C9 0xC3C9
2 4483 running-config.cfg [deleted]
0xFE4024 0x811B 0x811B
3 1038 home.shtml
0xFE51E8 0xDDD8 0xDDD8
4 2754 sdmconfig-26xx.cfg
0xFE5638 0xA8BA 0xA8BA
5 112640 home.tar
0xFE613C 0x33D 0x33D
6 527849 128MB.sdf
0x100197C 0x4E91 0x4E91
7 1505280 common.tar
0x10827A8 0xB464 0xB464
8 6389760 sdm.tar
0x11F1FE8 0x67CB 0x67CB
9 931840 es.tar
0x180A028 0xF979 0xF979
[26138664 bytes used, 6891476 available, 33030140 total]
32768K bytes of processor board System flash (Read/Write)

Chip Bank Code Size Name
1 1 8917 8192KB INTEL 28F640J3
2 1 8917 8192KB INTEL 28F640J3
1 2 8917 8192KB INTEL 28F640J3
2 2 8917 8192KB INTEL 28F640J3
yourname#

Phillip
I Need A Nap

join:2004-12-21
Hatboro, PA
This is from anther post I made.....

said by Phillip:

Did you buy the router new? Also, did it come with a CD?

Whats on the CD if it came with one?

The reason I ask, is SDM has been replaced with Cisco Configuration Professional. If the CD has the full version, it my not be on the router.

Now, if SDM did come on the CD with the router, you will need to set a few things in IE. Also, you will need sun's java for the SDM light and full to work.

IE:
Set "Allow programs to run active content off my Computer" This is under the advanced settings tab.

Set all pop up blockers off.

Now for the startup tips:
Set your PC to get its IP Address from a DHCP server and shut it off.

Then turn the router on fist and let it boot up before you start your PC. After its up, start your PC and then check your IP config in your command prompt. If it lists any thing other then a 10.10.10.x address, you will have to do a release and renew to have it get the right IP. "This is a big issue with Vista"

Now you should be able to start SDM express in IE by typing there routers IP address.
The other thing, is tell it no on the HTTPS. If the date on the certificate is way out of date, IE will block it.

ryanlin2002

join:2009-02-01
00000

2 edits
reply to Rob_Needs_Help
Are you using the latest Java runtime to run sdm?

If yes, you might want to downgrade your java runtime to 1.4.2_05 to get it to work.

At least that's the only Java version that i have the most success with.

Why don't you give Cisco configuration professional a try? someone on this forum has said that's going to be the replacement for SDM. I am sure it won't be that different when compares to Cisco SDM.


Rob_Needs_Help

@qwest.net
reply to Phillip
I bought the Cisco 2620XM used. It didn't come with any software.

I haven't seen anything in the Cisco Press CCNA Security Official Exam Certification Guide book regarding the Cisco Configuration Professional software. Do you know if I should expect to see questions on that software on the certification exam?

During the testing stated in my initial post, my environment was, and still is, configured with the following: Windows XP Pro system with Sun's Java version 6 release 12 installed. I'm using IE7 with popup blocking off and I've checked "Allow programs to run active content off my Computer". Both the router and my PC are on the same subnet with static IPs (192.168.0.4/24 for the PC and 192.168.0.150/24 for the router).

I've tried to access the SDM Express GUI using HTTP and HTTPS with the same results. Since I just created the config and keys listed in my initial post and added the certificate to IE, I don't have any certificate problems (that I know of).


Rob_Needs_Help

@northropgrumman.com
reply to Rob_Needs_Help
Hello,

Through a newsgroup, I received a suggestion to uninstall my current version of Java, version 6 update 12, with an older version, version 6 update 6. I did this, and it resolved my issue. SDM Express will now launch.

You'd think there would be something on Cisco's website about this issue. It seems unlikely that I'd be the only person to have the most current version of Java installed.

Thanks for your help,

Rob


Bluemarlin

@bvhd.dk
reply to ryanlin2002
Hi ryanlin2002
the downgrade solved my problem
»cds.sun.com/is-bin/INTERSHOP.enf···eveloper


rickjames

@rr.com
reply to Rob_Needs_Help
Definitely sounds like a Java issue. Cisco apps tend to only work well with specific versions of Java. I have found this to be true with CiscoWorks and SDM. I know from experience that the newer versions do not work well or work at all with SDM. Definitely try downgrading to a lower version.

FYI... from Cisco's site

Java Downloads for the SDM

Description
Platform(s)
Download Link(s)

Java 2 SE
- Java™ SE Runtime Environment 6, Update 6
-

JDK 5.0
- Supported Platforms

- Current Build Instructions
- Download(SCSL Source)

- Download (SCSL Binaries)

- Download (Mozilla Binaries)

Java 2 SDK 1.4.2
- Linux/x86

- Microsoft Windows 95-XP/NT

- Solaris Operating System, SPARC[r], x86
- Download(SCSL Source)

- Download (SCSL Binaries)

- Download (Mozilla Binaries)

Java 2 SDK 1.4.1
- Linux/x86

- Microsoft Windows 95-XP/NT

- Solaris Operating System, SPARC[r], x86
- Download

- Download (Mozilla Binaries)

Java 2 SDK 1.3.1
- Linux/x86

- Microsoft Windows 95-2000/NT

- Solaris Operating System, SPARC , x86
- Download

Java 2 SDK 1.2.2
- Linux/x86

- Microsoft Windows NT

- Solaris Operating System, SPARC, x86
- Download

- Download

tdoran
Premium
join:2003-09-27
Ridge, NY
Try CCP with version 9 of JAVA

Tim


cob_
1310nm Of Goodness
Premium
join:2003-07-08
Tulsa, OK
reply to Rob_Needs_Help
Just a silly anecdote...Cisco has a terrible history of causing a necessity for old JREs and it makes it almost impossible to manage several different pieces of equipment at different software versions. They really need to work on this.


MSN7

join:2004-05-15
Osgoode, ON
reply to tdoran
said by tdoran:

Try CCP with version 9 of JAVA

Tim
I second this advice and the advice in general about Java working with both the SDM and also CCP.

BTW, did you know there's an Exam Cram series book for the CCNA Security? It's a condensed reference and very useful for someone who wishes to master the essentials of the subject in a short amount of time. I should know, I wrote it!

»www.amazon.com/CCNA-Security-Exa···9&sr=8-2


Bigzizzzle
Premium
join:2005-01-27
Franklin, TN
kudos:1
reply to Rob_Needs_Help
Didn't know SDM 2.5 came out, is it less sluggish. Seems to add tons of better support in the WLAN and ZBF VPN stuff. but for now i stick to CLI, which is hard to code a good firewall or at least conceptualize.


Rob_Needs_Help

@qwest.net
reply to MSN7

CCNA Security Exam Cram

Hello,

I recently looked at the CCNA Security Exam Cram book. While thumbing through it, my impression is that it has the same material as the Cisco Press book but perhaps in a more readable format. I didn’t spend a whole lot of time looking at it though. Would you recommend it over the Cisco Press book?

Does the Exam Cram book make any suggestions on a lab setup? The Cisco Press book doesn't. Any thoughts on a lab setup to play with while studying for the CCNA Security cert?

I have a 3560 at my desk at work that I've played with for the AAA setup and a 2620XM at home I've used to play with SDM. I've only gotten to chapter 10 so far in the Cisco Press book so I'm not sure what else I'll run into that I can practice implementing.

Thanks,

Rob


MSN7

join:2004-05-15
Osgoode, ON
said by Rob_Needs_Help :

Hello,

I recently looked at the CCNA Security Exam Cram book. While thumbing through it, my impression is that it has the same material as the Cisco Press book but perhaps in a more readable format. I didn’t spend a whole lot of time looking at it though. Would you recommend it over the Cisco Press book?

Does the Exam Cram book make any suggestions on a lab setup? The Cisco Press book doesn't. Any thoughts on a lab setup to play with while studying for the CCNA Security cert?

I have a 3560 at my desk at work that I've played with for the AAA setup and a 2620XM at home I've used to play with SDM. I've only gotten to chapter 10 so far in the Cisco Press book so I'm not sure what else I'll run into that I can practice implementing.

Thanks,

Rob
My book doesn't make any specific suggestions for a CCNA lab setup. Would I recommend my book over the Cisco Press book? It depends. As an exam preparation guide it's hard to beat but even though it stands by itself pretty well as a good overall read, the Cisco Press book is better as a self-contained study of the topics. They're both published by the same publishing house (Pearson Ed) so the quality control is similar.

/Eric


H8Java

@comcast.net
reply to Rob_Needs_Help

Re: Cisco SDM doesn't launch SDM GUI from popup window

Had the same problem. Uninstalled JRE 6 update 12 and installed JRE 6 update 11 - download it from here:
»java.sun.com/products/archive/
I have 64 bit OS but their 64 bit version did not work. Strange that they say that they don't have a 64 bit version, but you can download one...
Anyway, hope that this helps.