System>Configuration>REST API Preferences>Enable REST API
Regular Firepower Threat Defense CLI:
>
To enter Diagnostic Mode, type system support diagnostic-cli
user exec:
firepower>
privileged exec:
firepower#
To enter Expert Mode, type expert
admin@firepower:$
# get CAs for a trustpoint
show crypto ca certificates [trustpointname]
# show CA trustpoints
show crypto ca trustpoints [trustpointname]
Get inventory of pluggables:
show inventory
Get details of installed SFP/SFP+'s:
show interface transceiver details
Mode | Description |
---|---|
User | generally no breaking changes allowed |
Enable | Allows privileged access to the equipment |
Configuration | Allows privileged access to the equipment |
Command | Description |
---|---|
[command] ? | help mode |
enable | enter Enable (privileged) mode |
configure terminal | Move to global configuration mode |
reload | reboot IOS |
show running-config | Get current config |
show startup-config | Get startup config |
copy running-config startup-config | Save running config as startup config |
erase startup-config | erase startup-config file |
show mac address-table [dynamic] | show the MAC address table |
show mac address-table count | get MAC address space available |
Command | Description |
---|---|
show ip ssh | show SSH configuration |
show ssh | show active SSH sessions |
show ip bgp summary | get quick info on BGP sessions |
! Set an enable mode secret
enable secret <PASSWORD>
! Only use version 2
ip ssh version 2
! Ask for a password with console login
line console 0
login
password <PASSWORD>
! Ask for a username on a network connection (good god don't use telnet)
line vty 0 15
login local
username bob password burger
transport input ssh
! Enable SSH
hostname foo
ip domain-name example.com
crypto key generate rsa
! Remove a key
ip ssh pubkey-chain
username NAME
key-hash ssh-rsa HASH KEYNAME
Get DOM
show hw-module subslot 0/1 transceiver 0 status
Note - check flash:
for any residual crap
erase nvram:
delete flash:vlan.dat
reload
also write erase
in config mode:
default interface FastEthernet 1/0/1
- dir
- copy
- show file information
- show file systems
- more
- delete
- pwd
- cd
- mkdir
- rmdir
A higher security-level can always talk to a lower security-level, but not vice-versa. If you have an internet-facing ASA, the inside port is 100, a DMZ is 50, internet-facing is 0.
- 9600 baud
- no parity
- 8 data bits
- 1 stop bit
- no flow control