This article describes the user interface and access modes and commands associated with the operation of Cisco ASA 5500 firewall appliances. We assume that you know how to connect to the appliance using a console cable (the blue flat cable with RJ-45 on one end, and DB-9 Serial on the other end) and a Terminal Emulation software (e.g HyperTerminal), and how to use basic Command Line Interface.
SECURITY APPLIANCE ACCESS MODES
A Cisco ASA security appliance has four main administrative access modes:
• Monitor Mode: Displays the monitor> prompt. A special mode that enables you to update the image over the network or to perform password recovery. While in the monitor mode, you can enter commands to specify the location of a TFTP server and the location of the software image or password recovery binary image file to download. You access this mode by pressing the “Break” or “ESC” keys immediately after powering up the appliance.
• Unprivileged Mode: Displays the > prompt. Available when you first access the appliance. If the appliance is a Cisco PIX 500 series, the prompt for unprivileged mode is pixfirewall> and if the appliance is the new Cisco ASA 5500 Series, the prompt is ciscoasa>
This mode provides restricted view of the security appliance. You cannot configure anything from this mode. To get started with configuration, the first command you need to know is the enable command. Type enable and hit Enter. The initial password is empty, so hit Enter again to move on the next access mode (Privileged Mode).
ciscoasa> enable | <–Unprivileged Mode |
password: | <– Enter a password here (initially its blank) |
ciscoasa# | <– Privileged Mode |
• Privileged Mode: Displays the # prompt. Enables you to change the current settings. Any unprivileged command also works in this mode. From this mode you can see the current configuration by using “show running-config”. Still, you cannot configure anything yet until you go to Configuration Mode. You access the Configuration Mode using the configure terminal command from the Privileged Mode.
• Configuration Mode: This mode displays the (config)# prompt. Enables you to change all system configuration settings. Use exit from each mode to return to the previous mode.
ciscoasa> enable | <– Unprivileged Mode |
password: | <– Enter a password here (initially its blank) |
ciscoasa# configure terminal | <– Privileged Mode |
ciscoasa(config)# | <– Configuration Mode |
ciscoasa(config)# exit | |
ciscoasa# exit | <– Back to Privileged Mode |
ciscoasa> | <– Back to Unprivileged Mode |
The (config)# mode is sometimes called Global Configuration Mode. Some configuration commands from this mode enter a command-specific mode and the prompt changes accordingly. For example the interface command enters interface configuration mode as shown below:
ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# <– Configure Interface specific parameters
Related Posts
- Prevent Spoofing Attacks on Cisco ASA using RPF
- Configuring Connection Limits on Cisco ASA Firewalls – Protect from DoS
- Configuring AAA Authentication-Authorization-Accounting on Cisco ASA Firewall (TACACS+, RADIUS)
- Cisco ASA Firewall Management Interface Configuration (with Example)
- How to Configure Access Control Lists on a Cisco ASA 5500/5500-X Firewall (with Examples)