SDM in Cisco certs?

nhprnhpr Posts: 165Member
I specifically have a virtual machine set up so that I could practice with the SDM for the CCNA Security exam. Besides, CCNA Security, do any other certs cover material on the SDM or can I banish the evil SDM VM to oblivion forever (where it rightly belongs)?

Comments

  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    nhpr wrote: »
    banish the evil SDM VM to oblivion forever (where it rightly belongs)?

    Why does everyone hate SDM so much?
  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIPosts: 1,854Member ■■■■■■■■□□
    phoeneous wrote: »
    Why does everyone hate SDM so much?

    You must not have sufficient experience in trying to use it. :D


    And from a quick look over the Cisco Certs Page it looks like the madness ends with the CCNA Security.
  • networker050184networker050184 Posts: 11,962Mod Mod
    Everyone hates it because it tries to turn a Cisco CLI junkie into a point and click guy. You know we all enjoy being on the command line more.

    Not to mention the ancient java requirement.
    An expert is a man who has made all the mistakes which can be made.
  • SteveO86SteveO86 Posts: 1,423Member
    phoeneous wrote: »
    Why does everyone hate SDM so much?

    I've had bad experiences with it.. It takes too long to load, I found it too complicated to get going, since it requires a specific version of java, and I find it alot quicker to just use the CLI.
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    alan2308 wrote: »
    You must not have sufficient experience in trying to use it. :D


    And from a quick look over the Cisco Certs Page it looks like the madness ends with the CCNA Security.

    Countless hours, trust me. But aside from the Java bugs I don't really see anyting wrong with it. I'll always prefer cli over sdm but it isn't that bad. It's actually a great learning tool by delivering commands to the screen first. Have you ever used the Sonicwall gui, that thing blows.
  • nhprnhpr Posts: 165Member
    phoeneous wrote: »
    Why does everyone hate SDM so much?

    For me, it's due to my engineer's mentality. I seek to minimize everything and leave only what's necessary (or Keep It Simple Stupid). Having to deal with the SDM is like marching off to war with a tuba strapped to my back; it might provide a little bit of entertainment, but it's only going to slow me down and probably isn't worth the effort.

    I'm more than glad to be able to chuck this huge, heavy, shiny tuba off the nearest cliff I find... now that I know I can.
  • jibbajabbajibbajabba Posts: 4,317Member ■■■■■■■■□□
    I am a real beginner with Cisco in general and just bought myself a Cisco 877 (ADSL Router + Wireless) and thought SDM is what I need - but it turns out NOW its CCP :)

    But .. if you don't have a clue what you're doing (like myself), then those tools are rather counter productive as they put SO MUCH stuff into the config which

    a. is not necessarily needed
    b. not working

    So I rather start with google and a clean config :)

    Or get a config generator lol : IFM - Cisco 850/870 Config Wizard for New Zealand
    My own knowledge base made public: http://open902.com :p
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    Gomjaba wrote: »
    But .. if you don't have a clue what you're doing (like myself), then those tools are rather counter productive as they put SO MUCH stuff into the config which

    a. is not necessarily needed
    b. not working

    If you go to Preferences and enable the top checkbox that says "Preview commands before delivering to the router", it will show you what commands are about to be parsed. You can copy it to file, modify the commands, and then deliver them yourself via cli. To me, that in itself makes up for all of it's shortcomings. Very useful if you're learning zbf and vpn for the first time.

    preview_commandse.png

    IPS%2011%20Config%20To%20Be%20Delivered.jpg
  • phantasmphantasm Posts: 995Member
    SDM is the devil. I despise it's existence. I've known plenty of "network techs" who when confronted with a CLI on a Cisco box ask for the SDM or CCP. I let them flounder and walk away. Cisco != Linksys.
    "No man ever steps in the same river twice, for it's not the same river and he's not the same man." -Heraclitus
  • jibbajabbajibbajabba Posts: 4,317Member ■■■■■■■■□□
    phoeneous wrote: »
    If you go to Preferences and enable the top checkbox that says "Preview commands before delivering to the router", it will show you what commands are about to be parsed. You can copy it to file, modify the commands, and then deliver them yourself via cli. To me, that in itself makes up for all of it's shortcomings. Very useful if you're learning zbf and vpn for the first time.

    preview_commandse.png

    IPS%2011%20Config%20To%20Be%20Delivered.jpg

    Yea saw something similar on the CCP ..

    By the way - isn't the SDM dead now anyway ?
    My own knowledge base made public: http://open902.com :p
  • Panzer919Panzer919 Posts: 462Member
    I loath SDM/ASDM for routers and switches, it does not serve enough of a purpose to be needed IMHO. The CLI (for me) is not difficult, its very logical, it does what I tell it to do (even when I'm wrong), and I do enough show commands to not want to have to move through windows. When I was in the netacad and we had to do it on the ISCW I threw a fit and refused to do it. I just went through the CLI unless I absolutely had to use it.

    That being said I do use it for my ASA's. Reason being I'm not proficient with the code yet and it makes minor changes easier for me. Not saying I can't take my time and reverse engineer my way to whats needed, but when things need to be done now, it just makes it easier. I do plan on going back and learning it AFTER all my R&S studies though.
    Cisco Brat Blog

    I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.

    Luck is where opportunity and proper planning meet

    I have not failed. I've just found 10,000 ways that won't work.
    Thomas A. Edison
  • millworxmillworx Posts: 290Member
    You will have to know it on the security track for ASA's. There are somethings that cannot be done from the CLI. For instance dynamic access policies. You can configure several DAP related things in the CLI, but it uses an .xml file which is only generated when you create the policies through the ASDM. Try configuring it all from the CLI and it will not work.

    That being said, no for most of the exams you wont be using the GUI.
    Currently Reading:
    CCIE: Network Security Principals and Practices
    CCIE: Routing and Switching Exam Certification Guide
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,902Member ■■■■■■■■□□
    I dont use SDM but i like ASDM for regular day to day ACL tasks on our ASA. Saves a lot of time, but yeah the Java compatibility needs a refresher.
    2020 Goals:
    Courses: TBD
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • ITdudeITdude Posts: 1,183Member
    chrisone wrote: »
    yeah the Java compatibility needs a refresher.

    You think?:) icon_wink.gif
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
  • SteveO86SteveO86 Posts: 1,423Member
    Gomjaba wrote: »
    By the way - isn't the SDM dead now anyway ?

    Yes, SDM is EoL. Replaced by CCP
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • Forsaken_GAForsaken_GA Posts: 4,024Member
    phoeneous wrote: »
    Why does everyone hate SDM so much?

    real network engineers use terminal windows


    On a more serious note - mostly, it's because Cisco is absolutely crappy at making GUI software. SDM and CiscoWorks are some of my least favorite things.
  • Forsaken_GAForsaken_GA Posts: 4,024Member
    SteveO86 wrote: »
    Yes, SDM is EoL. Replaced by CCP

    Shows how much I use it, I wasn't even aware this had happened.

    And dear god, they make you jump through some hoops now to download some software.
  • rsuttonrsutton Posts: 1,029Member ■■■■■□□□□□
    I like the ASDM. Since I only touch Cisco equipment a few times a year using the CLI takes more time to get what I need done than does using the ASDM. I have not had any major problems with it.
  • ccnaomkarccnaomkar Senior Member Posts: 187Member ■■□□□□□□□□
    cli is better than sdm


    sdm sucks
Sign In or Register to comment.