关闭

关闭

关闭

封号提示

内容

首页 asa_84_cmd_ref.pdf

asa_84_cmd_ref.pdf

asa_84_cmd_ref.pdf

上传者: kmomo 2011-09-19 评分 0 0 0 0 0 0 暂无简介 简介 举报

简介:本文档为《asa_84_cmd_refpdf》,可适用于IT/计算机领域,主题内容包含AmericasHeadquartersCiscoSystems,IncWestTasmanDriveSanJose,CAUSAhttp:wwwci符等。

AmericasHeadquartersCiscoSystems,IncWestTasmanDriveSanJose,CAUSAhttp:wwwciscocomTel:NETS()Fax:CiscoASASeriesCommandReferenceSoftwareVersionandfortheASA,ASA,ASA,ASA,ASA,ASA,ASAX,ASAServicesModuleTextPartNumber:NA,OnlineonlyTHESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICEALLSTATEMENTS,INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND,EXPRESSORIMPLIEDUSERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTSTHESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITHTHEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCEIFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY,CONTACTYOURCISCOREPRESENTATIVEFORACOPYTheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB’spublicdomainversionoftheUNIXoperatingsystemAllrightsreservedCopyright,RegentsoftheUniversityofCaliforniaNOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS”WITHALLFAULTSCISCOANDTHEABOVENAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICEINNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGESCiscoandtheCiscoLogoaretrademarksofCiscoSystems,IncandoritsaffiliatesintheUSandothercountriesAlistingofCisco'strademarkscanbefoundatwwwciscocomgotrademarksThirdpartytrademarksmentionedarethepropertyoftheirrespectiveownersTheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandanyothercompany(R)CiscoASASeriesCommandReferenceCiscoSystems,IncAllrightsreservedAboutThisGuideThisprefaceincludesthefollowingsections:•DocumentObjectives,pageiii•Audience,pageiii•DocumentOrganization,pageiv•DocumentConventions,pageiv•NoPayloadEncryptionforExport,pageiv•RelatedDocumentation,pagev•ObtainingDocumentationandSubmittingaServiceRequest,pagevDocumentObjectivesThisguidecontainsthecommandsavailableforusewiththeASAtoprotectyournetworkfromunauthorizeduseandtoestablishVirtualPrivateNetworkstoconnectremotesitesanduserstoyournetworkYoucanalsoconfigureandmonitortheASAbyusingASDM,awebbasedGUIapplicationASDMincludesconfigurationwizardstoguideyouthroughsomecommonconfigurationscenarios,andonlineHelpforlesscommonscenariosThisguideappliestotheCiscoASAseriesASAsThroughoutthisguide,theterm“ASA”appliesgenericallytoallsupportedmodels,unlessspecifiedotherwiseAudienceThisguideisfornetworkmanagerswhoperformanyofthefollowingtasks:•ManagenetworksecurityiiiCiscoASASeriesCommandReference•Installandconfigurefirewallsecurityappliances•ConfigureVPNs•ConfigureintrusiondetectionsoftwareUsethisguidewiththeCiscoASASeriesConfigurationGuideusingtheCLIAboutThisGuideDocumentOrganizationDocumentOrganization•Chapteri,“UsingtheCommandLineInterface,”introducesyoutotheASAcommandsandaccessmodes•ChaptersthroughlistallcommandsinalphabeticalorderDocumentConventionsTheASAcommandsyntaxdescriptionsusethefollowingconventions:Commanddescriptionsusetheseconventions:•Braces({})indicatearequiredchoice•Squarebrackets()indicateoptionalelements•Verticalbars(|)separatealternative,mutuallyexclusiveelements•Boldfaceindicatescommandsandkeywordsthatareenteredliterallyasshown•ItalicsindicateargumentsforwhichyousupplyvaluesExamplesusetheseconventions:•Examplesdepictscreendisplaysandthecommandlineinscreenfont•Informationyouneedtoenterinexamplesisshowninboldfacescreenfont•Variablesforwhichyoumustsupplyavalueareshowninitalicscreenfont•Examplesmightincludeoutputfromdifferentplatformsforexample,youmightnotrecognizeaninterfacetypeinanexamplebecauseitisnotavailableonyourplatformDifferencesshouldbeminorNoteMeansreadertakenoteNotescontainhelpfulsuggestionsorreferencestomaterialnotcoveredinthemanualForinformationonmodes,prompts,andsyntax,seeChapteri,“UsingtheCommandLineInterface”NoPayloadEncryptionforExportYoucanpurchasetheASAXwithNoPayloadEncryptionForexporttosomecountries,payloadencryptioncannotbeenabledontheCiscoASAseriesTheASAsoftwaresensesaNoPayloadEncryptionmodel,anddisablesthefollowingfeaturesandrelatedcommands:•UnifiedCommunications•VPNYoucanstillinstalltheStrongEncryption(DESAES)licenseforusewithmanagementconnectionsForexample,youcanuseASDMHTTPSSSL,SSHv,TelnetandSNMPvYoucanalsodownloadthedynamicdatabasefortheBotnetTrafficFiler(whichusesSSL)ivCiscoASASeriesCommandReferenceAboutThisGuideRelatedDocumentationRelatedDocumentationFormoreinformation,refertoNavigatingtheCiscoASASeriesDocumentationathttp:wwwciscocomenUSdocssecurityasaroadmapasaroadmaphtmlObtainingDocumentationandSubmittingaServiceRequestForinformationonobtainingdocumentation,submittingaservicerequest,andgatheringadditionalinformation,seethemonthlyWhat’sNewinCiscoProductDocumentation,whichalsolistsallnewandrevisedCiscotechnicaldocumentation,at:http:wwwciscocomenUSdocsgeneralwhatsnewwhatsnewhtmlSubscribetotheWhat’sNewinCiscoProductDocumentationasaReallySimpleSyndication(RSS)feedandsetcontenttobedelivereddirectlytoyourdesktopusingareaderapplicationTheRSSfeedsareafreeserviceandCiscocurrentlysupportsRSSVersionvCiscoASASeriesCommandReferenceAboutThisGuideRelatedDocumentationviCiscoASASeriesCommandReferenceUsingtheCommandLineInterfaceThisdescribeshowtousetheCLIontheASA,andincludesthefollowingtopics:•FirewallModeandSecurityContextMode,pagevii•CommandModesandPrompts,pageviii•SyntaxFormatting,pageix•AbbreviatingCommands,pageix•CommandLineEditing,pageix•CommandCompletion,pageix•CommandHelp,pagex•FilteringshowCommandOutput,pagex•CommandOutputPaging,pagexi•AddingComments,pagexi•TextConfigurationFiles,pagexiiNoteTheCLIusessimilarsyntaxandotherconventionstotheCiscoIOSCLI,buttheASAoperatingsystemisnotaversionofCiscoIOSsoftwareDonotassumethataCiscoIOSCLIcommandworkswithorhasthesamefunctionontheASAFirewallModeandSecurityContextModeTheASArunsinacombinationofthefollowingmodes:•TransparentfirewallorroutedfirewallmodeThefirewallmodedeterminesifthesecurityappliancerunsasaLayerorLayerfirewall•MultiplecontextorsinglecontextmodeviiCiscoASASeriesCommandReferenceThesecuritycontextmodedeterminesiftheASArunsasasingledeviceorasmultiplesecuritycontexts,whichactlikevirtualdevicesSomecommandsareonlyavailableincertainmodesUsingtheCommandLineInterfaceCommandModesandPromptsCommandModesandPromptsTheASACLIincludescommandmodesSomecommandscanonlybeenteredincertainmodesForexample,toentercommandsthatshowsensitiveinformation,youneedtoenterapasswordandenteramoreprivilegedmodeThen,toensurethatconfigurationchangesarenotenteredaccidentally,youhavetoenteraconfigurationmodeAlllowercommandscanbeenteredinhighermodes,forexample,youcanenteraprivilegedEXECcommandinglobalconfigurationmodeWhenyouareinthesystemconfigurationorinsinglecontextmode,thepromptbeginswiththehostname:hostnameWhenyouarewithinacontext,thepromptbeginswiththehostnamefollowedbythecontextname:hostnamecontextThepromptchangesdependingontheaccessmode:•UserEXECmodeUserEXECmodeletsyouseeminimumASAsettingsTheuserEXECmodepromptappearsasfollowswhenyoufirstaccesstheASA:hostname>hostnamecontext>•PrivilegedEXECmodePrivilegedEXECmodeletsyouseeallcurrentsettingsuptoyourprivilegelevelAnyuserEXECmodecommandwillworkinprivilegedEXECmodeEntertheenablecommandinuserEXECmode,whichrequiresapassword,tostartprivilegedEXECmodeThepromptincludesthenumbersign(#):hostname#hostnamecontext#•GlobalconfigurationmodeGlobalconfigurationmodeletsyouchangetheASAconfigurationAlluserEXEC,privilegedEXEC,andglobalconfigurationcommandsareavailableinthismodeEntertheconfigureterminalcommandinprivilegedEXECmodetostartglobalconfigurationmodeThepromptchangestothefollowing:hostname(config)#hostnamecontext(config)#•CommandspecificconfigurationmodesFromglobalconfigurationmode,somecommandsenteracommandspecificconfigurationmodeAlluserEXEC,privilegedEXEC,globalconfiguration,andcommandspecificconfigurationcommandsareavailableinthismodeForexample,theinterfacecommandentersinterfaceconfigurationmodeThepromptchangestothefollowing:hostname(configif)#hostnamecontext(configif)#viiiCiscoASASeriesCommandReferenceUsingtheCommandLineInterfaceSyntaxFormattingSyntaxFormattingCommandsyntaxdescriptionsusethefollowingconventions:AbbreviatingCommandsYoucanabbreviatemostcommandsdowntothefewestuniquecharactersforacommandforexample,youcanenterwrttoviewtheconfigurationinsteadofenteringthefullcommandwriteterminal,oryoucanenterentostartprivilegedmodeandconfttostartconfigurationmodeInaddition,youcanentertorepresentCommandLineEditingTheASAusesthesamecommandlineeditingconventionsasCiscoIOSsoftwareYoucanviewallpreviouslyenteredcommandswiththeshowhistorycommandorindividuallywiththeuparrowor^pcommandOnceyouhaveexaminedapreviouslyenteredcommand,youcanmoveforwardinthelistwiththedownarrowor^ncommandWhenyoureachacommandyouwishtoreuse,youcanedititorpresstheEnterkeytostartitYoucanalsodeletethewordtotheleftofthecursorwith^w,orerasethelinewith^uTheASApermitsuptocharactersinacommandadditionalcharactersareignoredCommandCompletionTocompleteacommandorkeywordafterenteringapartialstring,presstheTabkeyTheASAonlycompletesthecommandorkeywordifthepartialstringmatchesonlyonecommandorkeywordForexample,ifyouentersandpresstheTabkey,theASAdoesnotcompletethecommandbecauseitmatchesmorethanonecommandHowever,ifyouenterdis,theTabkeycompletesthecommanddisableTableSyntaxConventionsConventionDescriptionboldBoldtextindicatescommandsandkeywordsthatyouenterliterallyasshownitalicsItalictextindicatesargumentsforwhichyousupplyvaluesxSquarebracketsencloseanoptionalelement(keywordorargument)|Averticalbarindicatesachoicewithinanoptionalorrequiredsetofkeywordsorargumentsx|ySquarebracketsenclosingkeywordsorargumentsseparatedbyaverticalbarindicateanoptionalchoice{x|y}Bracesenclosingkeywordsorargumentsseparatedbyaverticalbarindicatearequiredchoicex{y|z}NestedsetsofsquarebracketsorbracesindicateoptionalorrequiredchoiceswithinoptionalorrequiredelementsBracesandaverticalbarwithinsquarebracketsindicatearequiredchoicewithinanoptionalelementixCiscoASASeriesCommandReferenceUsingtheCommandLineInterfaceCommandHelpCommandHelpHelpinformationisavailablefromthecommandlinebyenteringthefollowingcommands:•helpcommandnameShowshelpforthespecificcommand•helpShowscommandsforwhichthereishelp•commandnameShowsalistofargumentsavailable•string(nospace)Liststhepossiblecommandsthatstartwiththestring•andListsallcommandsavailableIfyouenter,theASAshowsonlycommandsavailableforthecurrentmodeToshowallcommandsavailable,includingthoseforlowermodes,enterNoteIfyouwanttoincludeaquestionmark()inacommandstring,youmustpressCtrlVbeforetypingthequestionmarksoyoudonotinadvertentlyinvokeCLIhelpFilteringshowCommandOutputYoucanusetheverticalbar(|)withanyshowcommandandincludeafilteroptionandfilteringexpressionThefilteringisperformedbymatchingeachoutputlinewitharegularexpression,similartoCiscoIOSsoftwareByselectingdifferentfilteroptionsyoucanincludeorexcludealloutputthatmatchestheexpressionYoucanalsodisplayalloutputbeginningwiththelinethatmatchestheexpressionThesyntaxforusingfilteringoptionswiththeshowcommandisasfollows:hostname#showcommand|{include|exclude|begin|grepv}regexpInthiscommandstring,thefirstverticalbar(|)istheoperatorandmustbeincludedinthecommandThisoperatordirectstheoutputoftheshowcommandtothefilterInthesyntaxdiagram,theotherverticalbars(|)indicatealternativeoptionsandarenotpartofthecommandTheincludeoptionincludesalloutputlinesthatmatchtheregularexpressionThegrepoptionwithoutvhasthesameeffectTheexcludeoptionexcludesalloutputlinesthatmatchtheregularexpressionThegrepoptionwithvhasthesameeffectThebeginoptionshowsalltheoutputlinesstartingwiththelinethatmatchestheregularexpressionReplaceregexpwithanyCiscoIOSregularexpressionSeeTheregularexpressionisnotenclosedinquotesordoublequotes,sobecarefulwithtrailingwhitespaces,whichwillbetakenaspartoftheregularexpressionWhencreatingregularexpressions,youcanuseanyletterornumberthatyouwanttomatchInaddition,certainkeyboardcharactershavespecialmeaningwhenusedinregularexpressionsTableliststhekeyboardcharactersthathavespecialmeaningxCiscoASASeriesCommandReferenceUsingtheCommandLineInterfaceCommandOutputPagingTousethesespecialcharactersassinglecharacterpatterns,removethespecialmeaningbyprecedingeachcharacterwithabackslash()CommandOutputPagingOncommandssuchashelpor,show,showxlate,orothercommandsthatprovidelonglistings,youcandetermineiftheinformationdisplaysascreenandpauses,orletsthecommandruntocompletionThepagercommandletsyouchoosethenumberoflinestodisplaybeforetheMorepromptappearsWhenpagingisenabled,thefollowingpromptappears:<More>TheMorepromptusessyntaxsimilartotheUNIXmorecommand:•Toviewanotherscreen,presstheSpacebar•Toviewthenextline,presstheEnterkey•Toreturntothecommandline,presstheqkeyAddingCommentsYoucanprecedealinewithacolon(:)tocreateacommentHowever,thecommentonlyappearsinthecommandhistorybufferandnotintheconfigurationTherefore,youcanviewthecommentwiththeshowhistorycommandorbypressinganarrowkeytoretrieveapreviouscommand,butbecausethecommentisnotintheconfiguration,thewriteterminalcommanddoesnotdisplayitTableUsingSpecialCharactersinRegularExpressionsCharacterTypeCharacterSpecialMeaningperiodMatchesanysinglecharacter,includingwhitespaceasterisk*MatchesormoresequencesofthepatternplussignMatchesormoresequencesofthepatternquestionmarkPrecedethequestionmarkwithCtrlVtopreventthequestionmarkfrombeinginterpretedasahelpcommandMatchesoroccurrencesofthepatterncaret^Matchesthebeginningoftheinputstringdollarsign$MatchestheendoftheinputstringunderscoreMatchesacomma(,),leftbrace({),rightbrace(}),leftparenthesis,rightparenthesis,thebeginningoftheinputstring,theendoftheinputstring,oraspacebracketsDesignatesarangeofsinglecharacterpatternshyphenSeparatestheendpointsofarangexiCiscoASASeriesCommandReferenceUsingtheCommandLineInterfaceTextConfigurationFilesTextConfigurationFilesThissectiondescribeshowtoformatatextconfigurationfilethatyoucandownloadtotheASA,andincludesthefollowingtopics:•HowCommandsCorrespondwithLinesintheTextFile,pagexii•CommandSpecificConfigurationModeCommands,pagexii•AutomaticTextEntries,pagexii•LineOrder,pagexiii•CommandsNotIncludedintheTextConfiguration,pagexiii•Passwords,pagexiii•MultipleSecurityContextFiles,pagexiiiHowCommandsCorrespondwithLinesintheTextFileThetextconfigurationfileincludeslinesthatcorrespondwiththecommandsdescribedinthisguideInexamples,commandsareprecededbyaCLIpromptThepromptinthefollowingexampleis“hostname(config)#”:hostname(config)#contextaInthetextconfigurationfileyouarenotpromptedtoentercommands,sothepromptisomitted:contextaCommandSpecificConfigurationModeCommandsCommandspecificconfigurationmodecommandsappearindentedunderthemaincommandwhenenteredatthecommandlineYourtextfilelinesdonotneedtobeindented,aslongasthecommandsappeardirectlyfollowingthemaincommandForexample,thefollowingunindentedtextisreadthesameasindentedtext:interfacegigabitethernetnameifinsideinterfacegigabitethernetnameifoutsideAutomaticTextEntriesWhenyoudownloadaconfigurationtotheASA,theASAinsertssomelinesautomaticallyForexample,theASAinsertslinesfordefaultsettingsorforthetimetheconfigurationwasmodifiedYoudonotneedtoentertheseautomaticentrieswhenyoucreateyourtextfilexiiCiscoASASeriesCommandReferenceUsingtheCommandLineInterfaceTextConfigurationFilesLineOrderForthemostpart,commandscanbeinanyorderinthefileHowever,somelines,suchasACEs,areprocessedintheordertheyappear,andtheordercanaffectthefunctionoftheaccesslistOthercommandsmightalsohaveorderrequirementsForexample,youmustenterthenameifcommandforaninterfacefirstbecausemanysubsequentcommandsusethenameoftheinterfaceAlso,commandsinacommandspecificconfigurationmodemustdirectlyfollowthemaincommandCommandsNotIncludedintheTextConfigurationSomecommandsdonotinsertlinesintheconfigurationForexample,aruntimecommandsuchasshowrunningconfigdoesnothaveacorrespondinglineinthetextfilePasswordsThelogin,enable,anduserpasswordsareautomaticallyencryptedbeforetheyarestoredintheconfigurationForexample,

用户评论(0)

0/200

精彩专题

上传我的资料

每篇奖励 +2积分

资料评价:

/49
仅支持在线阅读

意见
反馈

立即扫码关注

爱问共享资料微信公众号

返回
顶部