So far, this chapter has discussed the tools for CLI-based device configurations. Cisco also offers an array of GUI-based configuration tools specific to these devices. Table 1-5 provides a partial list of these GUI tools.
The following sections discuss the first three tools in detail. Note Cisco has recently introduced a PC-based tool called Cisco Network Assistant (CNA) for configuring routers, switches, and access-points. CNA enables users to perform common tasks such as configuration management, inventory reports, password synchronization, and Drag and Drop IOS Upgrade for switches, routers, and access points. HTTP Interface for IOS-Based DevicesCisco IOS Releases 11.3 and later include a built-in HTTP server. This creates a browser-based GUI through which most of the Cisco IOS commands can be issued to the router. To use the Cisco web-based GUI, the client computer must have a web browser application and should have network reachability to the router. The tasks involved for using the web-based GUI are as follows:
Enabling IOS for HTTPThe IOS HTTP server on Cisco IOS devices is disabled by default. To use the feature, you must configure an HTTP server on the IOS devices. Table 1-6 shows the IOS commands required to configure the built-in HTTP server.
Example 1-6 shows the relevant router configuration snippet for enabling the HTTP server. Example 1-6. Enabling the IOS HTTP Serverusername stevepope password cisco123 username stevepope privilege 15 ip http server ip http authentication local Connecting to the Router Home PageTo connect to the router home page, enter the IP address of the router in the address field of the web browser on the client computer, as illustrated in Figure 1-21. Note that the client computer should have network reachability to the router. Figure 1-21. IOS HTTP Home PageBased on the privilege levels defined for a user, the IOS HTTP-based router home page can be customized for restricted access to particular commands. This feature can effectively provide system administrators at remote offices with easy and limited access to router-monitoring commands. The router home page can also be added as an embedded link inside customized web pages. For more information on customizing the IOS HTTP interface, refer to the Using the Cisco Web Browser User Interface page at Cisco.com:
PIX Device ManagerThe Cisco PIX Device Manager (PDM) provides a browser-based graphical tool for simplified configuration, operation, and monitoring of Cisco PIX Firewalls. PDM is built in with Cisco PIX Firewall version 6 and later. For example, PDM version 3.0 comes pre-installed with Cisco PIX Software 6.3. Follow these steps to use the PDM:
Enabling PDM Access on the Cisco PIX FirewallTable 1-7 lists the commands that enable PDM access on the Cisco PIX Firewall.
The following is a sample configuration for the Cisco PIX Firewall to enable PDM access. This configuration assumes that the client computer accessing the PDM is in the same subnet as the Inside interface of the Cisco PIX Firewall and has network reachability to the Inside interface of the Cisco PIX Firewall. The code is as follows: pix(config)# http server enable pix(config)# http 192.168.0.0 255.255.255.0 inside Connecting to the PDM Through the BrowserThe URL to connect to the PDM from a client computer is as follows:
Note Please note the S in https. The PDM can only be accessed through HTTPS (HTTP over SSL). HTTPS provides a secure connection. Figure 1-22 shows a Netadmin trying to access the Inside interface of the Cisco PIX Firewall from a PC with IP address 192.168.0.109. Figure 1-22. Cisco PIX Firewall Access Through the PDMFigure 1-23 shows the PDM window for configuring and monitoring a Cisco PIX Firewall. Figure 1-23. PDM WindowSecurity Device ManagerThe Cisco Router and Security Device Manager (SDM) is a web-based tool for auditing and securing Cisco routers. The SDM, which is similar to the PDM, is discussed in greater detail in Chapter 8, "Router and Switch Security." Note For Cisco IOS based switches, the PDM and SDM require Java-enabled web browsers. While enabling Java on MS-Windows platforms for Netscape or Internet Explorer is comparatively easy, it can be difficult to install Java on Linux platforms. The Knoppix CD-ROM mentioned in Chapter 7 provides preinstalled Java-enabled web browsers for Linux. Other GUI Tools for Configuring Cisco DevicesCisco also offers PC-based and web-based tools for device configuration. These are often specialized tools for a specific task. One tool worth mentioning is the Cisco Configmaker, which can be downloaded from the following URL:
The Cisco Configmaker is a Windows-based application for older models of routers (800, 1000, 1600, 1700, 2500, 2600, 3600, and 4000 Series), switches, hubs, and other network devices. The Cisco Configmaker enables network administrators to configure various IOS features without an extensive command-line knowledge of Cisco IOS Software. Configmaker is no longer being developed; Cisco is offering the SDM and CNA as a replacement, instead. |