Cisco PIX príkazy
|
Cisco PIX príkazy |
|
|
Zoznam niektorých základných PIX príkazov
| User mode commands pixfirewall> : | ||||
| arp | Change or view arp table, set arp timeout value, view statistics | |||
| capture | Capture inbound and outbound packets on one or more interfaces | |||
| configure | Configure from terminal | |||
| aaa | Enable, disable, or view TACACS+, RADIUS or LOCAL user authentication, authorization and accounting | |||
| aaa-server | Define AAA Server group | |||
| access-group | Bind an access-list to an interface to filter inbound traffic | |||
| access-list | Add an access list | |||
| activation-key | Modify activation-key | |||
| age | This command is deprecated. See ipsec, isakmp, map, ca commands | |||
| alias | Administer overlapping addresses with dual NAT. | |||
| apply | Apply outbound lists to source or destination IP addresses | |||
| arp | Change or view arp table, set arp timeout value, view statistics | |||
| auth-prompt | Customize authentication challenge, reject or acceptance prompt | |||
| auto-update | Configure auto update support | |||
| banner | Configure login/session banners | |||
| blocks | Show system buffer utilization | |||
| ca | CEP (Certificate Enrollment Protocol) Create and enroll RSA key pairs into a PKI (Public Key Infrastructure). | |||
| capture | Capture inbound and outbound packets on one or more interfaces | |||
| checksum | View configuration information cryptochecksum | |||
| chunkstat | Display chunk stats | |||
| clock | Show and set the date and time of PIX | |||
| conduit | Add conduit access to higher security level network or ICMP | |||
| configure | Configure from terminal, floppy, memory, network, or factory-default. The configuration will be merged with the active configuration except for factory-default in which case the active configuration is cleared first. | |||
| copy | Copy image or PDM file from TFTP server into flash. | |||
| console | Set idle timeout for the serial console of the PIX | |||
| Crashinfo | Read, write and configure crash write to flash. Force a crash. | |||
| crypto | Configure IPsec, IKE, and CA | |||
| crypto ipsec transform-set <trans-name> [
ah-md5-hmac|ah-sha-hmac ] [
esp-aes|esp-aes-192|esp-aes-256|esp-des|esp-3des|esp-null ]
[ esp-md5-hmac|esp-sha-hmac ] crypto ipsec transform-set <trans-name> mode transport show crypto ipsec { sa [map <map-name>|address|detail|identity] clear crypto [ipsec] sa { peer <addr> |map <map-name> | counters | entry <addr> <prot> <spi> |
||||
| debug | Debug packets or ICMP tracings through the PIX Firewall. dhcpd Configure DHCP Server | |||
| dhcpd | Configure DHCP Server | |||
| dhcprelay | Configure DHCP Relay Agent | |||
| disable | Exit from privileged mode | |||
| domain-name | Change domain name | |||
| dynamic-map | Specify a dynamic crypto map template | |||
| eeprom | show or reprogram the 525 onboard i82559 devices | |||
| enable | Configure enable passwords | |||
| established | Allow inbound connections based on established connections | |||
| failover | Enable/disable PIX failover feature to a standby PIX | |||
| filter | Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering | |||
| fixup | Add or delete PIX service and feature defaults | |||
| flashfs | Show, destroy, or preserve filesystem information | |||
| fragment | Configure the IP fragment database | |||
| global | Specify, delete or view global address pools, or designate a PAT(Port Address Translated) address | |||
| help | Help list | |||
| hostname | Change host name | |||
| http | Configure HTTP server | |||
| icmp | Configure access for ICMP traffic that terminates at an interface | |||
| interface | Set network interface paremeters and configure VLANs | |||
| ip | Set the ip address and mask for an
interface Define a local address pool Configure Unicast RPF on an interface Configure the Intrusion Detection System |
|||
| ipsec | Configure IPSEC policy | |||
| isakmp | Configure ISAKMP policy | |||
| kill | Terminate a telnet session | |||
| logout | Exit from current user profile, and to unprivileged mode | |||
| logging | Enable logging facility | |||
| mac-list | Add a list of mac addresses using first match search | |||
| map | Configure IPsec crypto map | |||
| memory | System memory utilization | |||
| mgcp | Configure the Media Gateway Control Protocol fixup | |||
| management-access | Enable access to internal management interface | |||
| mroute | Configure a multicast route | |||
| mtu | Specify MTU(Maximum Transmission Unit) for an interface | |||
| multicast | Configure multicast on an interface | |||
| name | Associate a name with an IP address | |||
| nameif | Assign a name to an interface | |||
| names | Enable, disable or display IP address to name conversion | |||
| nat | Associate a network with a pool of global IP addresses | |||
| ntp | Configure Network Time Protocol | |||
| object-group | Create an object group for use in 'access-list', 'conduit', etc | |||
| outbound | Create an outbound access list | |||
| pager | Control page length for pagination | |||
| passwd | Change Telnet console access password | |||
| pdm | Configure PIX Device Manager | |||
| ping | Test connectivity from specified interface to <ip> | |||
| prefix-list | Configure a prefix-list | |||
| privilege | Configure/Display privilege levels for commands | |||
| quit | Quit from the current mode, end configuration or logout | |||
| reload | Halt and reload system | |||
| rip | Broadcast default route or passive RIP | |||
| route | Enter a static route for an interface | |||
| route-map | Create a route-map. | |||
| router | Create/configure OSPF routing process | |||
| routing | Configure interface specific unicast routing parameters. | |||
| service | Enable system services | |||
| setup | Pre-configure PIX | |||
| shun | Manages the filtering of packets from undesired hosts | |||
| snmp-server | Provide SNMP and event information | |||
| ssh | Add SSH access to PIX console, set idle timeout, display list of active SSH sessions & terminate a SSH session | |||
| static | Configure one-to-one address translation rule sysopt Set system functional option | |||
| sysopt | Set system functional option | |||
| telnet | Add telnet access to PIX console and set idle timeout terminal Set terminal line parameters | |||
| terminal | Set terminal line parameters | |||
| tftp-server | Specify default TFTP server address and directory | |||
| timeout | Set the maximum idle times | |||
| url-cache | Enable URL caching | |||
| url-block | Enable URL pending block buffer and long URL support | |||
| url-server | Specify a URL filter server | |||
| username | Configure user authentication local database | |||
| virtual | Set address for authentication virtual servers | |||
| vpdn | Configure VPDN (PPTP, L2TP, PPPoE) Policy | |||
| vpnclient | Configure Easy VPN Remote | |||
| vpngroup | Configure group settings for Cisco VPN Clients and Cisco Easy VPN Remote products | |||
| who | Show active administration sessions on PIX | |||
| write | Write config to net, flash, floppy, or terminal, or erase flash | |||
| copy | Copy image or PDM file from TFTP server into flash. | |||
| copy capture:<capture-name>
tftp://<location>/<pathname> [pcap] copy http[s]://[<user>:<password>@]<location>[:<port>]/<pathname> flash[:[image | pdm]] copy tftp[:[[//location][/pathname]]] flash[:[image | pdm]] |
||||
| debug | Debug packets or ICMP tracings through the PIX Firewall. | |||
| disable | Exit from privileged mode | |||
| eeprom | show or reprogram the 525 onboard i82559 devices | |||
| flashfs | Show, destroy, or preserve filesystem information | |||
| help | Help list | |||
| kill | Terminate a telnet session | |||
| logout | Exit from current user profile, and to unprivileged mode | |||
| logging | Clear syslog entries from the internal buffer | |||
| memory | System memory utilization | |||
| pager | Control page length for pagination | |||
| passwd | Change Telnet console access password | |||
| ping | Test connectivity from specified interface to <ip> | |||
| quit | Quit from the current mode, end configuration or logout | |||
| reload | Halt and reload system | |||
| shun | Manages the filtering of packets from undesired hosts | |||
| who | Show active administration sessions on PIX | |||
| write | Write config to net, flash, floppy, or terminal, or erase flash | |||
| SuperUser mode commands pixfirewall# : | ||||
| show | At the end of show <command>, use the pipe character '|' followed by: begin | include | exclude | grep [-v] <regular_exp>, to filter show output. | |||
| aaa | Enable, disable, or view TACACS+, RADIUS or LOCAL user authentication, authorization and accounting | |||
| aaa-server | Define AAA Server group | |||
| access-group | Bind an access-list to an interface to filter inbound traffic | |||
| access-list | Add an access list | |||
| activation-key | Modify activation-key | |||
| age | This command is deprecated. See ipsec, isakmp, map, ca commands | |||
| alias | Administer overlapping addresses with dual NAT. | |||
| apply | Apply outbound lists to source or destination IP addresses | |||
| arp | Change or view arp table, set arp timeout value, view statistics | |||
| auth-prompt | Customize authentication challenge, reject or acceptance prompt | |||
| auto-update | Configure auto update support | |||
| banner | Configure login/session banners | |||
| blocks | Show system buffer utilization | |||
| ca | CEP (Certificate Enrollment Protocol) Create and enroll RSA key pairs into a PKI (Public Key Infrastructure). | |||
| capture | Capture inbound and outbound packets on one or more interfaces | |||
| checksum | View configuration information cryptochecksum | |||
| chunkstat | Display chunk stats | |||
| clock | Show and set the date and time of PIX | |||
| conduit | Add conduit access to higher security level network or ICMP | |||
| configure | Configure from terminal, floppy, memory, network, or factory-default. The configuration will be merged with the active configuration except for factory-default in which case the active configuration is cleared first. | |||
| conn | Display connection information | |||
| console | Set idle timeout for the serial console of the PIX | |||
| cpu | Display cpu usage | |||
| pixfirewall# show cpu usage | ||||
| CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0% | ||||
| Crashinfo | Read, write and configure crash write to flash. Force a crash. | |||
| crypto | Configure IPsec, IKE, and CA | |||
| ctiqbe | Show the current data stored for each CTIQBE session. | |||
| curpriv | Display current privilege level | |||
| debug | Debug packets or ICMP tracings through the PIX Firewall. dhcpd Configure DHCP Server | |||
| dhcpd | Configure DHCP Server | |||
| dhcprelay | Configure DHCP Relay Agent | |||
| domain-name | Change domain name | |||
| dynamic-map | Specify a dynamic crypto map template | |||
| eeprom | show or reprogram the 525 onboard i82559 devices | |||
| enable | Configure enable passwords | |||
| established | Allow inbound connections based on established connections | |||
| failover | Enable/disable PIX failover feature to a standby PIX | |||
| filter | Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering | |||
| fixup | Add or delete PIX service and feature defaults | |||
| flashfs | Show, destroy, or preserve filesystem information | |||
| fragment | Configure the IP fragment database | |||
| global | Specify, delete or view global address pools, or designate a PAT(Port Address Translated) address | |||
| h225 | Show the current h225 data stored for each connection. | |||
| h245 | List the h245 connections. | |||
| h323-ras | Show the current h323 ras data stored for each connection. | |||
| history | Display the session command history | |||
| http | Configure HTTP server | |||
| icmp | Configure access for ICMP traffic that terminates at an interface | |||
| interface | Set network interface paremeters and configure VLANs | |||
| igmp | Clear or display IGMP groups | |||
| ip | Set the ip address and mask for an
interface Define a local address pool Configure Unicast RPF on an interface Configure the Intrusion Detection System |
|||
| ipsec | Configure IPSEC policy | |||
| isakmp | Configure ISAKMP policy | |||
| sh isakmp policy Protection suite of priority 20 encryption algorithm: Three key triple DES hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #1 (768 bit) lifetime: 3600 seconds, no volume limit Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit Diffie-Hellman group: #1 (768 bit) Diffie-Hellman group: #3 (1024 bit) |
||||
| local-host | Display or clear the local host network information | |||
| logging | Enable logging facility | |||
| mac-list | Add a list of mac addresses using first match search | |||
| map | Configure IPsec crypto map | |||
| memory | System memory utilization | |||
| mgcp | Configure the Media Gateway Control Protocol fixup | |||
| management-access | Enable access to internal management interface | |||
| mroute | Configure a multicast route | |||
| mtu | Specify MTU(Maximum Transmission Unit) for an interface | |||
| multicast | Configure multicast on an interface | |||
| name | Associate a name with an IP address | |||
| nameif | Assign a name to an interface | |||
| names | Enable, disable or display IP address to name conversion | |||
| nat | Associate a network with a pool of global IP addresses | |||
| ntp | Configure Network Time Protocol | |||
| object-group | Create an object group for use in 'access-list', 'conduit', etc | |||
| ospf | Show OSPF information or clear ospf items. | |||
| outbound | Create an outbound access list | |||
| pager | Control page length for pagination | |||
| passwd | Change Telnet console access password | |||
| pdm | Configure PIX Device Manager | |||
| prefix-list | Configure a prefix-list | |||
| privilege | Configure/Display privilege levels for commands | |||
| processes | Display processes | |||
| rip | Broadcast default route or passive RIP | |||
| route | Enter a static route for an interface | |||
| route-map | Create a route-map. | |||
| router | Create/configure OSPF routing process | |||
| routing | Configure interface specific unicast routing parameters. | |||
| running-config | Display the current running configuration | |||
| service | Enable system services | |||
| shun | Manages the filtering of packets from undesired hosts | |||
| sip | Show the current data stored for each SIP session. | |||
| skinny | Show the current data stored for each Skinny session. | |||
| snmp-server | Provide SNMP and event information | |||
| ssh | Add SSH access to PIX console, set idle timeout, display list of active SSH sessions & terminate a SSH session | |||
| startup-config | Display the startup configuration | |||
| static | Configure one-to-one address translation rule sysopt Set system functional option | |||
| tcpstat | Display status of tcp stack and tcp connections | |||
| tech-support | Tech support | |||
| telnet | Add telnet access to PIX console and set idle timeout terminal Set terminal line parameters | |||
| tftp-server | Specify default TFTP server address and directory | |||
| timeout | Set the maximum idle times | |||
| traffic | Counters for traffic statistics | |||
| uauth | Display or clear current user authorization information | |||
| url-cache | Enable URL caching | |||
| url-block | Enable URL pending block buffer and long URL support | |||
| url-server | Specify a URL filter server | |||
| username | Configure user authentication local database | |||
| version | Display PIX system software version | |||
| virtual | Set address for authentication virtual servers | |||
| vpdn | Configure VPDN (PPTP, L2TP, PPPoE) Policy | |||
| vpnclient | Configure Easy VPN Remote | |||
| vpngroup | Configure group settings for Cisco VPN Clients and Cisco Easy VPN Remote products | |||
| who | Show active administration sessions on PIX | |||
| xlate | Display current translation | |||