The CLI has several administrative access modes that are similar to other Cisco equipment. Similarly, the commands you're allowed to execute are defined by the current access mode. Unprivileged , privileged, configuration, and monitor are the access modes covered in this section.
Unprivileged mode, also known as user EXEC mode, contains a > symbol at the prompt. This is the first access mode you come to when entering the CLI, and it allows only a very small subset of the available commands. The question mark command displays the available commands in unprivileged mode:
pixfirewall> ? enable Turn on privileged commands help Help list login Log in as a particular user logout Exit from current user profile, and to unprivileged mode pager Control page length for pagination quit Quit from the current mode, end configuration or logout pixfirewall>
The commands in unprivileged mode can't actually change any configuration settings, but they do allow you to move to the next level ”privileged EXEC mode.
Privileged mode, also known as privileged EXEC mode, is symbolized by a pound sign ( # ) at the prompt. Privileged EXEC mode gives you the full set of available commands that enable you to configure your PIX firewall. To enter this mode, you need to type the word enable and enter the password at the user EXEC prompt. To move back to user EXEC mode, you must type the command disable . Listing 4.1 shows how to use the enable and disable commands to enter and exit privileged EXEC mode.
Listing 4.1 The enable and disable Commands
pixfirewall> enable Password: pixfirewall# disable pixfirewall>
Configuration mode is represented by a (config)# prompt. This mode allows access to interfaces, virtual private networks (VPNs), DCHP servers, hostname settings, and so on. You can enter this mode by entering the command config terminal at the privileged EXEC prompt. To return to privileged EXEC mode, you must type exit (or disable to return even further back to unprivileged user EXEC mode). Listing 4.2 demonstrates the config terminal command.
Listing 4.2 The config terminal Command
pixfirewall> enable Password: pixfirewall# config terminal pixfirewall(config)# exit pixfirewall# config terminal pixfirewall(config)# disable pixfirewall>
Monitor mode is symbolized by the monitor> prompt. This special mode enables you to perform maintenance features that are sometimes unavailable during normal operation. New binary images and password breaking procedure files can be downloaded in this mode. To enter monitor mode, reload your PIX. During the bootup phase, you will be prompted with this message: Use BREAK or ESC to interrupt flash boot. . Press either Break or ESC to enter monitor mode the 10-second timeout. Listing 4.3 is an example of the output displayed when entering monitor mode.
Listing 4.3 Monitor Mode
Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001 Platform PIX-501 Flash=E28F640J3 @ 0x3000000 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot interrupted. 0: i8255X @ PCI(bus:0 dev:17 irq:9 ) 1: i8255X @ PCI(bus:0 dev:18 irq:10) Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 000c.3085.5641 Use ? for help. monitor>