Administrative Admission Modes
An authoritative admission approach is a accompaniment in which the ambassador is able to issue
commands, potentially to change the agreement of the PIX. Monitor mode,
described earlier, is an authoritative admission mode, but it is independent in ROM
rather than in the bifold image, and hopefully you will never accept to use it.
When you aboriginal log in, you are in an unprivileged mode.You can identify
the approach you are in from the prompt: If the alert looks like the hostname
followed by a right-angle bracket (>), you are in unprivileged mode. Few commands
are available:
PIX1> ?
enable Turn on advantaged commands
help Advice list
login Log in as a accurate user
logout Exit from accepted user profile, and to unprivileged mode
pager Control folio breadth for pagination
quit Quit from the accepted mode, end agreement or logout
This is not a complete account of the accessible commands. For example, back you
are in unprivileged mode:
www.syngress.com
Introduction to PIX Firewalls • Chapter 2 73
PIX1> appearance ?
checksum Appearance agreement advice cryptochecksum
curpriv Display accepted advantage level
history Display the affair command history
pager Control folio breadth for pagination
version Display PIX arrangement software version
PIX1> appearance version
Cisco PIX Firewall Version 6.2(1)
Cisco PIX Device Manager Version 1.0(1)
Compiled on Wed 17-Apr-02 21:18 by morlee
pix1 up 160 canicule 23 hours
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
…
The best important of these is accredit mode, which turns on the privileged
commands. At this point, your alert will change; now it ends in a batter sign.
To appearance your new privilege:
PIX1# ?
arp Change or appearance the arp table, and set the arp abeyance value
capture Capture entering and outbound packets on one or added interfaces
configure Configure from terminal
copy Copy angel or PDM book from TFTP server into flash.
debug Debug packets or ICMP tracings through the PIX Firewall.
disable Exit from advantaged mode
eeprom Appearance or reprogram the 525 onboard i82559 devices
flashfs Show, destroy, or bottle filesystem information
help Advice list
kill Terminate a telnet session
logout Exit from accepted user profile, and to unprivileged mode
logging Clear syslog entries from the centralized buffer
pager Control folio breadth for pagination
passwd Change Telnet animate admission password
ping Test connectivity from defined interface to
quit Quit from the accepted mode, end agreement or logout
www.syngress.com
74 Chapter 2 • Introduction to PIX Firewalls
reload Halt and reload system
session Admission an centralized AccessPro router console
shun Manages the clarification of packets from causeless hosts
terminal Set terminal band parameters
who Appearance alive administering sessions on PIX
write Write config to net, flash, floppy, or terminal, or abolish flash
At this point, you are added or beneath adequate from accidentally harming the
system:You can abolish the agreement in total, but it will not accomplish baby changes
until you access agreement mode. Use the configure terminal command to get
into agreement mode. Again, your alert will change to appearance privilege:
PIX1(config)#
There are about 100 curve of commands, so it is not adapted to
show them all here. Unlike a Cisco router, for which there are added modes,
these are all the modes that occur: you accept no rights, you are somewhat protected,
or you are alteration the configuration. However, agenda that if you are in
configuration mode, your appearance commands are still available.
The PIX additionally food antecedent commands you’ve executed. Use the appearance history
command to see what you’ve executed.This affection is accessible in two ways: One,
if you are borderline what you accept accomplished so far, is to attending at the appearance history
command to see what you’ve done to date.A added accepted use is back you
have lots of agnate commands.You can use the Up Arrow key to see the previous
line in your history and again use the basal commands (covered in the following
section) to adapt the band and resubmit it.
NOTE
The PIX firewall provides advice functionality congenital into the command-line
interface. Use the catechism mark key (?)—it is your friend. At any point,
pressing ? will advice you complete your commands. In addition, a “man
page” functionality is congenital in. For example, if you appetite to ping something
and forgot the syntax, try ping ?. If you don’t bethink what the
ping command does, try advice ping. This provides not alone acceptance but
description and syntax issues.