Viewing and Saving the Configuration


The ability to view and save the PIX firewall configuration is a vital part of setup and troubleshooting. The following section covers several of the most common commands. Here's a preview of them:

show configure

show version

show interface

write memory

show ip address

write standby

show startup

write terminal

The show startup Command

The show startup and show configure commands both display configurations saved in flash memory. These configurations are loaded into RAM during bootup . The following displays only the first eight lines of the output from the show startup command:

 pixfirewall# show startup : Saved : Written by enable_15 at 04:55:12.917 UTC Wed Apr 2 2003 PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password W5TSthJO5zEtPi9F encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall 

The write terminal Command

You use the write terminal command to display the configuration currently running in RAM to the console. This configuration is also known as the running config and can be displayed using the show running-config command, as in other Cisco devices. This code displays the command's output:

 pixfirewall# write terminal : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password W5TSthJO5zEtPi9F encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall 

The show interface Command

The show interface command displays information such as the IP address, line status, protocol status, and interface counter information. To display only one interface, add the hardware ID to the end of the command. Listing 4.4 displays the show interface output for interface Ethernet 1.

Listing 4.4 The show interface Output
 pixfirewall(config)# show int e1 interface ethernet1 "inside" is up, line protocol is up  Hardware is i82559 ethernet, address is 000c.3085.5641  IP address 192.168.1.1, subnet mask 255.255.255.0  MTU 1500 bytes, BW 10000 Kbit full duplex     261 packets input, 32294 bytes, 0 no buffer     Received 249 broadcasts, 0 runts, 0 giants     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort     27 packets output, 3802 bytes, 0 underruns     0 output errors, 0 collisions, 0 interface resets     0 babbles, 0 late collisions, 0 deferred     0 lost carrier, 0 no carrier     input queue (curr/max blocks): hardware (128/128) software (0/1)     output queue (curr/max blocks): hardware (0/2) software (0/1) pixfirewall(config)# 

The show IP address Command

You use the show IP address to display the address information assigned to each of the device's interfaces. The following command displays all the IP addresses assigned to the PIX firewall:

 pixfirewall# show IP address System IP Addresses:     IP address outside 169.254.8.1 255.255.255.0     IP address inside 192.168.1.1 255.255.255.0 Current IP Addresses:     IP address outside 169.254.8.1 255.255.255.0     IP address inside 192.168.1.1 255.255.255.0 pixfirewall# 

The show version Command

The show version command enables you to view the firewall's software version, processor type, operating time since last reboot, flash memory type, interface boards , serial number, and activation keys. Listing 4.5 displays the output from the show version command.

Listing 4.5 The show version Command
 pixfirewall# show version Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.1(1) Compiled on Fri 07-Jun-02 17:49 by morlee pixfirewall up 8 hours 31 mins Hardware:  PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x3000000, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB 0: ethernet0: address is 000c.3085.5640, irq 9 1: ethernet1: address is 000c.3085.5641, irq 10 Licensed Features: Failover:      Disabled VPN-DES:      Enabled VPN-3DES:      Disabled Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards:       Enabled URL-filtering:   Enabled Inside Hosts:    10 Throughput:     Limited IKE peers:     5 Serial Number: 807082785 (0x301b1b21) Running Activation Key: 0x2d284af1 0xd032aa26 0x38b7db1f 0x70cfa8ee Configuration last modified by enable_15 at 10:45:05.183 UTC Tue Apr 1 2003 pixfirewall# 

The write memory Command

The write memory command saves the current running configuration to flash memory. When the system is reloaded, this configuration is loaded into RAM and executed as the running configuration. The following displays the command's syntax:

 pixfirewall# write memory Building configuration... Cryptochecksum: 827c289b 6a6d8181 829b5b98 d3f1c82a [OK] pixfirewall# 

Similarly, the write standby command saves the running configuration from the active PIX firewall to the standby PIX firewall when you are working with failover configurations. You can also think of this as writing from active RAM to standby RAM. Following is an example of the write standby command:

 pixfirewall# write standby 


CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net