Status: 2nd Oct 2021 - Retested and verified setup since Flash was disabled in January 2021
CISCO Configuration Professional (CPP) was the last of CISCO's small IOS Router GUI Configuration Tools. It was annouced as End-of-Life in August 2016 and unsupported in January 2020. If you do a google search for alternatives then the answer is "use IOS" (the CISCO command line interface configuration language), while CISCO's recommendation is to use CISCO Configuration Professional Express. The express version of CPP is downloaded to browser via the CISCO IOS device. CCP Express has a much more constrained configuration capability and enforces a configuration set structure that may not be applicable to your network.
So for a person managing a small number or single CISCO devices but with need for flexibility in configuration neither of these two options is satisfactory. So the work around is to get CCP up and running on a Windows VM. This tip provides practical guide on getting Windows 7 with CCP VM running on Ubuntu QEMU / KVM.
CISCO Configuration Professional Environment
CPP is available as download from Cisco web site. Version 2.8 was the last available version. To run it requires:
- Windows XP or greater
- Adobe Flash Version 10 or greater
- Java Runtime Version JRE 1.16.0_11 to 1.17.0_17.
Almost all of this software is end-of-life with Adobe Flash being the "last nail in the coffin". Adobe has stopped support for Flash and many of the later releases have a "time-bomb" in then which disables Flash post January 2021.
I currently have working VMWare VMs for Windows XP and Window 10 which continue to run CCP, but if I do an update of Windows 10 then it will completely remove and disable Flash. So given Adobe's determination to stop Flash use, there is little point in setting up a Windows 10 VM for use with CCP anymore.
My recommendation for setting up a "new" environment for CPP is:
- Windows 7 (SP1) - as this installs using SATA disk, has driver for QEMU USB Touch Tablet (absolute coordinate mouse) and assuming you have license key will activate. I have found Windows XP problematic as you cannot activate it any more and Windows 10 completely disables Flash. I have tested with: 32 bit (works) & 64 bit (works)
- Windows IE - CCP uses Window Internet Explorer and so you must have this install. My testing was using version: 11.0.9600.19100
- Adobe Flash - 220.127.116.111 is last version of Flash without the "time-bomb" in it and can be found via "Web Archive". The Windows Flash versions come in a number of flavours: win_sa == Standalone, winax == ActiveX Control (used by IE), win == NPAPI plugin for Windows, winpep == PPAPI plugin for Windows
- Java - I have tested with: jre-6u43 (works), jre-7u8 (fails), jre-8u301 (fails)
As I now use Ubuntu and QEMU / KVM for all my virtual machines the VM type choice is:
- Q35 with BIOS (Windows 7 does not support UEFI boot)
- Mouse - QEMU USB Tablet for Absolute Coordindate Cursor (ensure mouse works when connected to machine via VNC)
- SATA Disk - 20G should be sufficient
- CD-ROM - for Windows Install
- Network - e1000e PCI bus connected Intel 1G Ethernet
NOTE: Most recently I have tested with Ubuntu 20.04 with libvirt 6.0.0, QEMU 6.0.0 and hypervisor 4.2.1.
Installation and Testing
Using the above configuration I did straight forward CD-ROM (image) based VM boot and install and then installed: Java, Flash and CCP:
- Setup new VM using Virtual Machine Manager / libvirt
- Boot Machine from CD-ROM ISO image
- Install Windows 7 (choice Custom install using entire disk), install will reboot machine 3 times
- Install: Java, Flash and CCP
- Run CCP
In running CCP I have found the follow must be done to allow it it run correct:
- Allow all security request that pop up when starting CCP, to avoid blocking anything
- Right click on CCP and "Run as administrator" to ensure application can write to disk
- Router discovery may not work when you select recommended "Connect Securely" option, due to expiry of self-signed certifcate. See CISCO TechNote to address this. If you choice to connect unsecurely then make sure you have done other things to avoid exposing configuration network to potential eves dropping (ie configuration network has very limited access and is private)
- Do not allow any auto-updates of any of : Windows, Java or Flash! This has high chance of breaking working CCP and as the VM is dedicated to just running this keeping it up to date is lower priority.
NOTE: If you do find that that you get a little "X" graphic in the top hand left of browser, then this indicates that CCP has been blocked. Start IE and go into "Internet options" and then into "Security" tab. Select "Trusted sites" and set to "Low" security and then add local machine to trusted site: "http://127.0.0.1" & "https://127.0.0.1" and disable "Require server verification (https:) for all site in this zone":
So now you should able to continue to use CCP to manage your router:
As I mostly use CCP to verify Zone Based Firewall configurations and these take up the largest part of my IOS configuration and are also the most critical part of the configuration I still find CCP very helpful.
So while you can configure the router via IOS CLI, is is much easier to verify the firewall rules using CCP. So pending CISCO providing an alternate, I will likely continue to use this for sometime yet.
Adobe Flash - hits the end of the road in January 2021, so if you try to download you will get to here: Flash End-of-Life and Adobe have shutdown the archive of prior releases. This is still available from "Web Archive", get the ActiveX version for use with Internet Explorer
NPAPI - Netscape Plugin API, is used to older Firefox version
PPAPI - Pepper Plugin API, is an enhancement of NPAPI and is used by Chrome
Window ISO Downloader - you can get Windows ISO image using HeiDoc tool. This does download from official Microsoft site. Note that you still need an valid product key to activate the license.
CISCO TechNote - "Self-Signed Certificate Expiration on Jan. 1 2020" - provides how to address expiry of self-signed certificates in older IOS routes.
Picture: Why a "House of Cards"? - As that is what it feels like trying to keep CCP going, it is now old and high vulnerable to changes in OS environment, Java and most recently Flash.