All Cisco-Network Study Notes: Managing Configurations

Managing Configurations

Just as with any arrangement device, the best important assignment accompanying to your PIX is

ongoing management. It is important that you be adequate not aloof manipulating

the agreement with agreement approach but additionally blame configurations

out to accumulator and in from advancement systems. Key commands actuality are write, which

allows you to abundance a command; copy, which allows you to administer the underlying

PIX apparatus software, and configure, which allows you to amend the

configuration.

The abode Command

The abode command allows you to abode the agreement to assorted types of

media. Allowed variants are abode net, abode memory, abode standby, abode terminal,

write erase, and abode floppy.

80 Chapter 2 • Introduction to PIX Firewalls

write net [[server_ip] : [filename] ]

This command writes the agreement to a TFTP server.The IP abode of

the server can be defined on the command band or preset with the TFTP server

command, tftp-server [if_name] ip_address path. Specifying a amount on this line

supercedes the amount on the TFTP server line, but if the TFTP-server information

is set, you can accommodate aloof a colon (or no ambit at all).

The abutting command allows you to abundance the agreement to flash.The

uncompressed constant specifies autumn the agreement as an uncompressed

string and is about not necessary.

write anamnesis [uncompressed]

If you appetite to book the agreement to the terminal (screen), use this

command:

write terminal

Note that this command prints out the active configuration. In adaptation 6.2,

two new appearance commands were added: appearance running-config, which gives the same

output as abode terminal, and appearance startup-config, which shows the configuration

that is accounting to flash. If the pager capricious is set, the awning will abeyance afterwards a

fixed cardinal of lines.To abundance the agreement via an ASCII capture, set the

pager to 0, again blazon abode terminal.

Similarly to the abode anamnesis command, on accessories that accept a diskette drive,

the abode billowing command food the agreement in a proprietary format.This

allows the PIX to readily apprehend the configuration. If you abode the configuration

to a PIX cossack disk, the apparatus will appear up with the adapted configuration.

Unfortunately, it is not calmly bright on added devices.

write billowing [uncompressed]

There is one added abode command: abode erase.This command clears the flash

configuration to a accepted acceptable accompaniment and allows you to reconfigure.

The archetype Command

The archetype command is a agnate way of managing images.The best accepted use

of the command is in the archetype tftp command—for example:

copy tftp[:[[//location] [/tftp_pathname]]] flash[:[image | pdm]]

The aboriginal brace of ambit are straightforward:They accord with specifying

the area and filename of the TFTP server and, as ahead mentioned, can

Introduction to PIX Firewalls • Chapter 2 81

be set with the TFTP-server command.The keyword beam indicates that the information

is actuality stored to flash.The files can be accepted images, in which

case they are accessible on the abutting reload, or PDM images, in which case they are

available immediately.

Images can additionally be downloaded from a Web server via accepted HTTP or

over SSL.This is defined by the afterward command:

copy http[s]://[user:password@] area [:port ] / http_pathname flash

[: [image | pdm] ]

You can apparently amount out the parameters.The aboriginal allotment is the standard

URI notation: http for clear-text Web use or https for SSL service.The

user:password@location allocation allows you to encode user information; if you

are alive via a Web browser, this allocation triggers a popup window asking

you to ample in your username and password. Since the PIX does not accept a popup,

you can specify it on the command band by inserting it afore the @ sign. If the

Web server is active on a abnormal port, you can additionally specify it actuality by

putting the anchorage afterwards a colon, agnate to this:

copy http://fwadmin:cisco@10.10.10.1:99/pix_image flash

This band-aid is acceptable if you do not accept a TFTP server accessible and can

safely abundance the angel files on a Web server.

The configure Command

You can administer configurations via the configure command.This is about the dual

to the abode commands. For example, aloof as abode terminal depression the configuration

to the terminal, configure terminal allows you to change the configuration

from the terminal.

These commands about absorb the agreement from the media with the

existing configuration.You will about appetite to bright configure to clean out the

existing agreement so you can cull a complete stored config.The other

choices are:

configure [terminal|floppy|memory]

You’ve acclimated this one already, in the conf t command. It allows you to add

commands from the terminal, from a diskette (if the PIX has a diskette drive), or

from beam (memory).

Analogous to the archetype command, this command:

configure http[s]://[:@][:]/

82 Chapter 2 • Introduction to PIX Firewalls

merges a agreement that is stored on a Web server with the running

configuration.

configure net []:[]

configure factory-default [ []]