Knowing the General Commands

Several commands are covered in this section. These commands will help you monitor, display, and save your configurations, and they are all within the privileged or configuration mode. Therefore, use the enable and config terminal commands to enter the necessary access mode.

Here's a preview of the commands:

clear arp


clear xlate

show arp


show conn

enable password

show history


show xlate





The enable Command

enable allows you to enter the privileged EXEC mode. Although this mode requires a password, the password is blank by default and simply pressing Enter when you see the password prompt lets you enter privileged EXEC mode.

The enable password command sets a privilege EXEC mode password. These passwords are case sensitive, so be careful. You can use the show enable command to display the encrypted version of the password stored in the configuration, like so:

 pixfirewall(config)# enable password oregon pixfirewall(config)# show enable enable password W5TSthJO5zEtPi9F encrypted pixfirewall(config)# 

The passwd Command

The passwd command is used to set the password for Telnet access to the PIX. By default, this password is cisco ; it must be in all lowercase because it's case sensitive. The following command sets the password to cisco :

 pixfirewall(config)# passwd cisco pixfirewall(config)# 

The telnet Command

The telnet command specifies which hosts can connect to the PIX inside interface using Telnet. Telnet users can access the PIX on all interfaces except the outside interface. If users need access via the outside interface, an IPSec established connection is required before Telnet will connect. The Telnet syntax is as follows :

 telnet <local_ip> [<mask>] [<if_name>] 
Table 4.3. The telnet Command Options




This is the IP address of the host you want to allow Telnet access.


This is optional and can be used to define a whole subnet if necessary.


This is optional and is required only when you are using IPSec to connect to the outside interface.

The following example shows how to allow host to Telnet into the PIX firewall on the inside interface:

 pixfirewall(config)# telnet pixfirewall(config)# show telnet inside pixfirewall(config)# 

The hostname Command

The hostname command is used to change the command-line prompt as well as the fully qualified domain name used to generate RSA keys. The default hostname is pixfirewall . The following command sets the hostname to firewall2 :

 pixfirewall(config)# hostname firewall2 firewall2(config)# 

The show history Command

The show history command displays a list of previously entered commands. The following command displays the history:

 pixtraincenter# show history   show history   show interface   enable 

The show conn Command

The show conn command displays connection table information about TCP traffic traveling through the PIX. In this example, host with port 11969 is going to port 80:

 pixfirewall# show conn 1 in use, 5 most used TCP out in idle 0:00:03 Bytes 334 pixfirewall# 

The show xlate Command

Use the show xlate command to view the current translation slots made in the translation table (recall that a PIX uses a connection table and a translation table to track the flow of traffic through its interfaces). Translation slots is the term used to describe the translation mapping from an internal address to a global external address. In this example, a local user using IP address with port 1969 has been translated to a global outside interface address of port 1237:

 pixfirewall# show xlate 1 in use, 53 most used PAT Global Local PAT Global Local pixfirewall# 

The clear xlate Command

The clear xlate command clears the current translation slot entries. This should be done every time you add, modify, or delete something using the following commands: aaa-server , access-lists , alias , conduits , global , nat , and routes type . This helps to reset the xlate table and make the previous command operate as expected. The following shows the command being executed from the privileged EXEC mode:

 pixfirewall# clear xlate 

The ping Command

The ping command enables you to test whether the PIX firewall can reach another IP address, and it results in a new mapping in the Address Resolution Protocol (ARP) table. The following example shows a ping command and a response:

 pixfirewall# ping response received  0ms response received  0ms response received  0ms 

The ping command can be used to show that an IP address is reachable , but it doesn't test whether traffic can flow through the PIX firewall.

The show arp Command

The show arp command displays the ARP table, which maps an IP address to a physical MAC address. The following command displays the ARP cache:

 pixfirewall# show arp     inside 0002.a599.aa96     inside 0002.a599.aa96 

The clear arp Command

The clear arp command flushes all the entries in the ARP cache from RAM. The following command clears the ARP cache:

 pixfirewall# show arp     inside 0002.a599.aa96     inside 0002.a599.aa96 pixfirewall# clear arp pixfirewall# show arp pixfirewall# 

The reload Command

The reload command reboots the PIX firewall and loads the flash memory configuration into RAM. Please note that there is no such thing as a reboot command. The reload command displays the reload command and the resulting output from the command:

 pixfirewall# reload Proceed with reload? [confirm] y Rebooting.... CISCO SYSTEMS PIX-501 Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08 

CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218 © 2008-2017.
If you may any questions please contact us: