SDM in Cisco certs?

I specifically have a virtual machine set up so that I could practice with the SDM for the CCNA Security exam. Besides, CCNA Security, do any other certs cover material on the SDM or can I banish the evil SDM VM to oblivion forever (where it rightly belongs)?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

alan2308

phoeneous wrote: »

Why does everyone hate SDM so much?

You must not have sufficient experience in trying to use it.

And from a quick look over the Cisco Certs Page it looks like the madness ends with the CCNA Security.

networker050184

Everyone hates it because it tries to turn a Cisco CLI junkie into a point and click guy. You know we all enjoy being on the command line more.

Not to mention the ancient java requirement.

SteveO86

phoeneous wrote: »

Why does everyone hate SDM so much?

I've had bad experiences with it.. It takes too long to load, I found it too complicated to get going, since it requires a specific version of java, and I find it alot quicker to just use the CLI.

nhpr

phoeneous wrote: »

Why does everyone hate SDM so much?

For me, it's due to my engineer's mentality. I seek to minimize everything and leave only what's necessary (or Keep It Simple Stupid). Having to deal with the SDM is like marching off to war with a tuba strapped to my back; it might provide a little bit of entertainment, but it's only going to slow me down and probably isn't worth the effort.

I'm more than glad to be able to chuck this huge, heavy, shiny tuba off the nearest cliff I find... now that I know I can.

jibbajabba

I am a real beginner with Cisco in general and just bought myself a Cisco 877 (ADSL Router + Wireless) and thought SDM is what I need - but it turns out NOW its CCP

But .. if you don't have a clue what you're doing (like myself), then those tools are rather counter productive as they put SO MUCH stuff into the config which

a. is not necessarily needed
b. not working

So I rather start with google and a clean config

Or get a config generator lol : IFM - Cisco 850/870 Config Wizard for New Zealand

phantasm

SDM is the devil. I despise it's existence. I've known plenty of "network techs" who when confronted with a CLI on a Cisco box ask for the SDM or CCP. I let them flounder and walk away. Cisco != Linksys.

jibbajabba

phoeneous wrote: »

If you go to Preferences and enable the top checkbox that says "Preview commands before delivering to the router", it will show you what commands are about to be parsed. You can copy it to file, modify the commands, and then deliver them yourself via cli. To me, that in itself makes up for all of it's shortcomings. Very useful if you're learning zbf and vpn for the first time.

Yea saw something similar on the CCP ..

By the way - isn't the SDM dead now anyway ?

Panzer919

I loath SDM/ASDM for routers and switches, it does not serve enough of a purpose to be needed IMHO. The CLI (for me) is not difficult, its very logical, it does what I tell it to do (even when I'm wrong), and I do enough show commands to not want to have to move through windows. When I was in the netacad and we had to do it on the ISCW I threw a fit and refused to do it. I just went through the CLI unless I absolutely had to use it.

That being said I do use it for my ASA's. Reason being I'm not proficient with the code yet and it makes minor changes easier for me. Not saying I can't take my time and reverse engineer my way to whats needed, but when things need to be done now, it just makes it easier. I do plan on going back and learning it AFTER all my R&S studies though.

millworx

You will have to know it on the security track for ASA's. There are somethings that cannot be done from the CLI. For instance dynamic access policies. You can configure several DAP related things in the CLI, but it uses an .xml file which is only generated when you create the policies through the ASDM. Try configuring it all from the CLI and it will not work.

That being said, no for most of the exams you wont be using the GUI.

chrisone

I dont use SDM but i like ASDM for regular day to day ACL tasks on our ASA. Saves a lot of time, but yeah the Java compatibility needs a refresher.

ITdude

chrisone wrote: »

yeah the Java compatibility needs a refresher.

You think?:)

SteveO86

Gomjaba wrote: »

By the way - isn't the SDM dead now anyway ?

Yes, SDM is EoL. Replaced by CCP

Forsaken_GA

phoeneous wrote: »

Why does everyone hate SDM so much?

real network engineers use terminal windows

On a more serious note - mostly, it's because Cisco is absolutely crappy at making GUI software. SDM and CiscoWorks are some of my least favorite things.

Forsaken_GA

SteveO86 wrote: »

Yes, SDM is EoL. Replaced by CCP

Shows how much I use it, I wasn't even aware this had happened.

And dear god, they make you jump through some hoops now to download some software.

rsutton

I like the ASDM. Since I only touch Cisco equipment a few times a year using the CLI takes more time to get what I need done than does using the ASDM. I have not had any major problems with it.

ccnaomkar

cli is better than sdm

sdm sucks