SDM and Priv authorization

geezer

Hi

Playing around with GNS3 and having hit and miss success with some images. If I use for example an enterprise image (c3725-adventerprisek9-mz.124-15.T8 ) on a 3725 I am confronted with username/password box requesting level 15 credentials. I then tried a security ios (c3725-advsecurityk9-mz.124-19b) and that worked. Tried this with 3640 (c3640-ik9o3s-mz.124-25b) which also required authorization.

Anyone know what and why this is happening and a way to get around it as it is happening to a good few so far?

TIA

blackninja

You can checkout these forums:

GNS3 • Index page

or at:

7200emu.hacki.at :: Index

mikem2te

Might be wrong but from memory, seeing privilege 15 credentials problems in SDM is related to a router not being correctly configured for SDM rather than a GNS3 / image problem. It is not unknown for the SDM installer to misconfigure routers of certain models / IOS versions.

Have you compared the config on a working router and a non working router?

geezer

I thought that but the config looks ok. Tried "c7200-advsecurityk9-mz.150-1.M"

I am struggling to get much hands-on with the sim due to requirements unfortunately. Didn't think the Security cert would be as demanding for images etc (e.g. IPS)

Here it is:

upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password enable
!
no aaa new-model
!
!
!
no ipv6 cef
 --More--         ip source-route
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
username cisco password 0 router
!
redundancy
!
!
! 
!
 --More--         !
!
!
!
!
!
interface FastEthernet0/0
 description link to looback
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
ip forward-protocol nd
ip http server
no ip http secure-server
 --More--         !
!
!
!
!
!
!
!
!
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
 --More--         line aux 0
 stopbits 1
line vty 0 4
 login local
!
end

DPG

It looks like you are missing quite a bit.

Did you create a ssh key?


ip domain-name cisco.com

username cisco privilege 15 password router

ip http authentication local

line vty 0 4
transport input telnet ssh

geezer

Didn't configure those things as other images that worked didn't require it.

mikem2te

geezer wrote: »

Didn't configure those things as other images that worked didn't require it.

Can you describe the process you are using to use/install SDM? It might help as there are a couple of ways of using SDM-

1. From the router. The SDM installer will copy the SDM files to the router and should configure it ready for use but in my experience it doesn't always do a good job.

2. From the computer. Nothing needs to be installed on the router but the commands mentioned in the above post need to be entered manually allow SDM use.

geezer

Thanks DPG and mike in particular . Only had SDM on client side (not the router) so that did the trick but why did the other ioses only require http server to be enabled?

Just another thing whilst here, IPS requires "Xmx256m in the Java Applet Runtime settings" but anyone know what to do exactly?

Thanks again

mikem2te

geezer wrote: »

Thanks DPG and mike in particular . Only had SDM on client side (not the router) so that did the trick but why did the other ioses only require http server to be enabled?

Just another thing whilst here, IPS requires "Xmx256m in the Java Applet Runtime settings" but anyone know what to do exactly?

Thanks again

I think some routers / IOSs have different defaults.

Personally I prefer to run SDM from the PC rather than install it on the router, available flash memory can be a bit tight on the router after installing SDM on the router, also on some routers the SDM installer will install a light version of SDM with limited functionality.

Running from the PC avoids all this but the router config must be done manually (enable http, create a user etc). To use SDM to manage a router I simply open the following URL in internet explorer with the routers correct IP address-

file:///C:/Program%20Files/Cisco%20Systems/Cisco%20SDM/common/common/launcher.html?ROUTER=10.20.0.1

mikem2te

To put that setting in, open the Java control panal applet from "Control Panel".

Click the "Java" tab then click the 'View' in the the runtime settings section.

Add the parameter in the "Java Runtime Parameters" box.