CLI Administrative Access Modes

The CLI has several administrative access modes that are similar to other Cisco equipment. Similarly, the commands you're allowed to execute are defined by the current access mode. Unprivileged , privileged, configuration, and monitor are the access modes covered in this section.

Unprivileged Mode

Unprivileged mode, also known as user EXEC mode, contains a > symbol at the prompt. This is the first access mode you come to when entering the CLI, and it allows only a very small subset of the available commands. The question mark command displays the available commands in unprivileged mode:

 pixfirewall> ? enable     Turn on privileged commands help      Help list login      Log in as a particular user logout     Exit from current user profile, and to unprivileged mode pager      Control page length for pagination quit      Quit from the current mode, end configuration or logout pixfirewall> 

The commands in unprivileged mode can't actually change any configuration settings, but they do allow you to move to the next level ”privileged EXEC mode.

Privileged Mode

Privileged mode, also known as privileged EXEC mode, is symbolized by a pound sign ( # ) at the prompt. Privileged EXEC mode gives you the full set of available commands that enable you to configure your PIX firewall. To enter this mode, you need to type the word enable and enter the password at the user EXEC prompt. To move back to user EXEC mode, you must type the command disable . Listing 4.1 shows how to use the enable and disable commands to enter and exit privileged EXEC mode.

Listing 4.1 The enable and disable Commands
 pixfirewall> enable Password: pixfirewall# disable pixfirewall> 

Configuration Mode

Configuration mode is represented by a (config)# prompt. This mode allows access to interfaces, virtual private networks (VPNs), DCHP servers, hostname settings, and so on. You can enter this mode by entering the command config terminal at the privileged EXEC prompt. To return to privileged EXEC mode, you must type exit (or disable to return even further back to unprivileged user EXEC mode). Listing 4.2 demonstrates the config terminal command.

Listing 4.2 The config terminal Command
 pixfirewall> enable Password: pixfirewall# config terminal pixfirewall(config)# exit pixfirewall# config terminal pixfirewall(config)# disable pixfirewall> 

Monitor Mode

Monitor mode is symbolized by the monitor> prompt. This special mode enables you to perform maintenance features that are sometimes unavailable during normal operation. New binary images and password breaking procedure files can be downloaded in this mode. To enter monitor mode, reload your PIX. During the bootup phase, you will be prompted with this message: Use BREAK or ESC to interrupt flash boot. . Press either Break or ESC to enter monitor mode the 10-second timeout. Listing 4.3 is an example of the output displayed when entering monitor mode.

Listing 4.3 Monitor Mode
 Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001 Platform PIX-501 Flash=E28F640J3 @ 0x3000000 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot interrupted. 0: i8255X @ PCI(bus:0 dev:17 irq:9 ) 1: i8255X @ PCI(bus:0 dev:18 irq:10) Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 000c.3085.5641 Use ? for help. monitor> 

Most CLI commands can be abbreviated, making your configuration tasks a little faster. For example, the command enable can be abbreviated to just en and the config terminal command can be just con t .


Be sure know your administrative access modes, which are as follows :

  • Unprivileged mode pixfirewall>

  • Privileged mode pixfirewall#

  • Configuration mode pixfirewall(config)#

  • Monitor mode monitor>

CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218 © 2008-2017.
If you may any questions please contact us: