Cisco Security Device Manager on the Mac

Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool that enables you to deploy and manage the services on a Cisco IOS router. Even if you decide to do your initial configuration with the CLI, the Monitoring mode of SDM is a great way to display a graphical real-time pulse of the state of your router.

The SDM application can run either as an application installed on your Windows PC or from the router’s flash thru the web browser. This post will show you how to run the SDM application on Mac OS X. This should go without saying, but don’t expect official support from Cisco regarding this configuration.

This method allows me to use Cisco SDM natively on Mac OS X for CCNA Security lab exercises with GNS3 . This post is applicable to Cisco SDM on Linux as Wine works excellent on both platforms.

Get and Install the Software

We will obtain the software in this section. It’s very important to download the exact versions of Mozilla Firefox and the Java Runtime Environment. If you do a search around the web, you will notice a pattern of issues with SDM when you don’t use compatible versions. I had to do quite a bit of trial and error to find a stable combination.

XQuartz

The XQuartz project is an open-source effort to develop a version of the X.org X Window System for Mac OS X. Download and install the latest disk image from the XQuartz site.

MacPorts

MacPorts opens the Mac OS X operating system to over 8000 ports (open-source software). The X server and Wine installations will require the MacPorts infrastructure to be installed and configured correctly. If you don’t have MacPorts already installed, visit MacPorts for full details of the installation process.

If MacPorts is already installed, synchronize your installation with the MacPorts rsync server. Open Terminal.app and run this command:

sudo port -d selfupdate

Wine

Wine is a compatibility layer that allows you to run Windows software on your Mac without the requirement of a virtualization hypervisor. Wine will enable us to use the Windows version of Firefox, Java Runtime Environment (JRE), and the Cisco SDM software. Run this command from Terminal.app to install the latest version of Wine thru MacPorts:

sudo port -v install wine

We can verify a successful installation by running this command from Terminal.app:

wine notepad &

You should see the Wine Notepad application launch.

Mozilla Firefox for Windows

Download Mozilla Firefox 3.0.19 for Windows. A simple Google query for windows firefox 3.0.19 download should return a list of sites still hosting this older version. I saved the file to my /Users/marc/Downloads/Windows directory.

We will now install the Firefox application with Wine. Run this command from Terminal.app:

wine "$HOME/Downloads/Windows/Firefox Setup 3.0.19.exe" &

Select the defaults for the Mozilla Firefox Setup Wizard. Uncheck Launch Firefox now at the end of the setup and click Finish.

Java Runtime Environment for Windows

The Cisco SDM leverages the JRE. Download Java Platform Standard Edition (Java SE) 6 Update 6 from Oracle. I found the version in the archive section of their site. I saved the file to my /Users/marc/Downloads/Windows directory.

Install the Java Runtime Environment (JRE) with Wine. Run this command from Terminal.app:

wine $HOME/Downloads/Windows/jre-6u6-windows-i586-p.exe &

1. Click the Accept button to install the JRE
2. Click the Finish button to end the setup wizard

Cisco Security Device Manager

We’ve finally come to the installation of Cisco SDM with the prerequisites complete. You will need to download Cisco SDM 2.5 from Cisco . I’ve unpacked the SDM package to my /Users/marc/Downloads/Windows/SDMv25 directory.

Launch the SDM setup with following command in Terminal.app:

wine $HOME/Downloads/Windows/SDMv25/setup.exe &

1. Click the Next button to start the wizard
2. Select I accept the terms of the license agreement and click the Next button
3. Select This Computer on the Install Options screen and click the Next button

4. Click the Next button to accept the default install location
5. Click the Install button on the following screen
6. Click the Finish button to close the Installation Wizard Complete screen

Configuration

We still have a few configuration steps left for Firefox and Cisco IOS.

Firefox

We will force Firefox to be the default browser when launching SDM. Run this command from Terminal.app:

wine "$HOME/.wine/drive_c/Program Files/Mozilla Firefox/firefox.exe" -silent -setDefaultBrowser

We also need to disable the pop-up blocker in Firefox. This conflicts with the operation of SDM. Run this command from Terminal.app to open Firefox:

wine "$HOME/.wine/drive_c/Program Files/Mozilla Firefox/firefox.exe" &

1. Click Tools → Options from the top toolbar menu
2. Click the Content tab
3. Uncheck Block pop-up windows and click the OK button

4. Close the Firefox application

Configure IOS for SDM

Best practice dictates you enable the secure web server in a production environment, but I will be using the basic HTTP web server for testing purposes in our example.

Create a user and enable the HTTP server.

enable
conf t
username marc privilege 15 secret cisco
ip http server
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 1000
exit

Set the IP address for the management network interface.

int fa0/0
 ip address 10.11.1.1 255.255.255.0
 no shut
 exit
end
copy run start

Launch Security Device Manager

We’re almost there. Open the SDM Launcher by running this command from Terminal.app:

wine "$HOME/.wine/drive_c/Program Files/Cisco Systems/Cisco SDM/SDMLauncher.exe" &

1. Enter your router IP address/Hostname into the Device IP Address or Hostname field
2. Enable the This device has HTTPS enabled and I want to use it. checkbox only if you have configured the ip http secure-server option in the router IOS configuration
3. Click the Launch button to open the SDM Java applet

A Firefox window should now appear with a login dialog box in the foreground.

4. Enter your credentials in the Authentication Required dialog box
5. Click the OK button to log in

Alas, we should now be presented with the Cisco Router and Security Device Manager (SDM) screen.

Troubleshooting

This section provides a workaround if you’re encountering graphical issues with SDM. Wine does a pretty good job translating Windows DirectX, but it can sometimes be a little rough around the edges. We can disable DirectX acceleration for Java with a registry setting. This will allow you to launch the SDM in software rendering mode.

1. Open the Wine Configuration Editor. Run this command from Terminal.app:

winecfg &

2. On the Graphics tab, enable the Emulate a virtual desktop checkbox and create a desktop size of 1024 x 768
3. Click the OK button to save the settings

4. Open the Wine Control Panel. Run this command from Terminal.app:

wine control &

5. Double-click the Java icon

The Java configuration panel may not launch, and you may also notice a Java exception access violation error in the output. The step is still necessary because the event creates the proper Java registry data.

6. Open the Registry Editor. Run this command from Terminal.app:

regedit &

7. Navigate thru the registry with the path of \HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.6.0_3
8. Double-click the DXAcceleration key
9. Enter 0 for the hexadecimal value
10. Click the OK button to save the setting

11. Close the Registry Editor

You should be able to run the Java applet without graphical glitches the next time you launch Cisco SDM.