Configuring Cisco Devices Using GUI Tools


So far, this chapter has discussed the tools for CLI-based device configurations. Cisco also offers an array of GUI-based configuration tools specific to these devices. Table 1-5 provides a partial list of these GUI tools.

Table 1-5. Cisco GUI Tools

Device

Configuration Tool

IOS-based HTTP interface

Web-based configuration of Cisco IOS-based devices

PIX Device Manager

Web-based configuration of Cisco PIX Firewall

Router and Security Device Manager

Web-based configuration tool for IOS devices with security auditing and VPN

Cisco Configmaker

Windows-based configuration tool for Cisco routers and switches

IDS Device Manager

Web-based configuration tool for Cisco IDS Sensor

VPN Device Manager

Web-based configuration tool for Cisco VPN enabled servers

QoS Device Manager

Web-based configuration tool for QoS features in Cisco IOS


The following sections discuss the first three tools in detail.

Note

Cisco has recently introduced a PC-based tool called Cisco Network Assistant (CNA) for configuring routers, switches, and access-points. CNA enables users to perform common tasks such as configuration management, inventory reports, password synchronization, and Drag and Drop IOS Upgrade for switches, routers, and access points.


HTTP Interface for IOS-Based Devices

Cisco IOS Releases 11.3 and later include a built-in HTTP server. This creates a browser-based GUI through which most of the Cisco IOS commands can be issued to the router. To use the Cisco web-based GUI, the client computer must have a web browser application and should have network reachability to the router. The tasks involved for using the web-based GUI are as follows:

  1. Enable IOS for HTTP.

  2. Connect to the router home page.

Enabling IOS for HTTP

The IOS HTTP server on Cisco IOS devices is disabled by default. To use the feature, you must configure an HTTP server on the IOS devices. Table 1-6 shows the IOS commands required to configure the built-in HTTP server.

Table 1-6. IOS Commands for HTTP server

Command

Explanation

Router(config)#ip http server

Enables the HTTP server (web server) on the system.

Router(config)#ip http secure-server

(Optional) Enables a secure HTTP server on the system. Preferred because of the inherent security offered by HTTPS.

Router(config)#ip http authentication {aaa | enable | local | tacacs}

Specifies how the HTTP server users are authenticated.

Router(config)#username name [privilege level]

Assigns a username for HTTP access with a privilege level.

Router(config)#username name password secret

Assigns a password to the username.


Example 1-6 shows the relevant router configuration snippet for enabling the HTTP server.

Example 1-6. Enabling the IOS HTTP Server
 username stevepope password cisco123 username stevepope privilege 15 ip http server ip http authentication local 

Connecting to the Router Home Page

To connect to the router home page, enter the IP address of the router in the address field of the web browser on the client computer, as illustrated in Figure 1-21. Note that the client computer should have network reachability to the router.

Figure 1-21. IOS HTTP Home Page


Based on the privilege levels defined for a user, the IOS HTTP-based router home page can be customized for restricted access to particular commands. This feature can effectively provide system administrators at remote offices with easy and limited access to router-monitoring commands. The router home page can also be added as an embedded link inside customized web pages. For more information on customizing the IOS HTTP interface, refer to the Using the Cisco Web Browser User Interface page at Cisco.com:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca66a.html

PIX Device Manager

The Cisco PIX Device Manager (PDM) provides a browser-based graphical tool for simplified configuration, operation, and monitoring of Cisco PIX Firewalls. PDM is built in with Cisco PIX Firewall version 6 and later. For example, PDM version 3.0 comes pre-installed with Cisco PIX Software 6.3.

Follow these steps to use the PDM:

Step 1.

Enable PDM access on the Cisco PIX Firewall.

Step 2.

Connect to the PDM through your browser.

Enabling PDM Access on the Cisco PIX Firewall

Table 1-7 lists the commands that enable PDM access on the Cisco PIX Firewall.

Table 1-7. Enabling PDM Access on the Cisco PIX Firewall

Command

Explanation

http server enable

Enables the internal web server to start the PDM

http ip_address [netmask] [if_name]

Creates a list of hosts or networks that can access the PDM


The following is a sample configuration for the Cisco PIX Firewall to enable PDM access. This configuration assumes that the client computer accessing the PDM is in the same subnet as the Inside interface of the Cisco PIX Firewall and has network reachability to the Inside interface of the Cisco PIX Firewall. The code is as follows:

   pix(config)# http server enable   pix(config)# http 192.168.0.0 255.255.255.0 inside 

Connecting to the PDM Through the Browser

The URL to connect to the PDM from a client computer is as follows:

https://<ip address of Inside interface>

Note

Please note the S in https. The PDM can only be accessed through HTTPS (HTTP over SSL). HTTPS provides a secure connection.


Figure 1-22 shows a Netadmin trying to access the Inside interface of the Cisco PIX Firewall from a PC with IP address 192.168.0.109.

Figure 1-22. Cisco PIX Firewall Access Through the PDM


Figure 1-23 shows the PDM window for configuring and monitoring a Cisco PIX Firewall.

Figure 1-23. PDM Window


Security Device Manager

The Cisco Router and Security Device Manager (SDM) is a web-based tool for auditing and securing Cisco routers. The SDM, which is similar to the PDM, is discussed in greater detail in Chapter 8, "Router and Switch Security."

Note

For Cisco IOS based switches, the PDM and SDM require Java-enabled web browsers. While enabling Java on MS-Windows platforms for Netscape or Internet Explorer is comparatively easy, it can be difficult to install Java on Linux platforms. The Knoppix CD-ROM mentioned in Chapter 7 provides preinstalled Java-enabled web browsers for Linux.


Other GUI Tools for Configuring Cisco Devices

Cisco also offers PC-based and web-based tools for device configuration. These are often specialized tools for a specific task. One tool worth mentioning is the Cisco Configmaker, which can be downloaded from the following URL:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps754/index.html

The Cisco Configmaker is a Windows-based application for older models of routers (800, 1000, 1600, 1700, 2500, 2600, 3600, and 4000 Series), switches, hubs, and other network devices. The Cisco Configmaker enables network administrators to configure various IOS features without an extensive command-line knowledge of Cisco IOS Software. Configmaker is no longer being developed; Cisco is offering the SDM and CNA as a replacement, instead.



Network Administrators Survival Guide
Network Administrators Survival Guide
ISBN: 1587052113
EAN: 2147483647
Year: 2006
Pages: 106

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net