Page 1 Cisco Firepower 4100/9300 FXOS Command Reference First Published: 2017-08-28 Last Modified: 2019-01-15 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com...
Page 3 This guide represents an on-going effort to document the many CLI commands in FXOS, and as such, should be viewed as a work-in-progress. The guide will be republished periodically as new command descriptions are added and existing descriptions updated or corrected. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 4 About the FXOS CLI Command Reference Guide Cisco Firepower 4100/9300 FXOS Command Reference...
Page 5 Complete a Command, on page 8 • Command History, on page 9 • Commit, Discard, and View Pending Commands, on page 10 • Inline Help for the CLI, on page 11 • CLI Session Limits, on page 12 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 6 Managed objects may have one or more associated properties that can be configured. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 7 Ethernet uplink scope eth-uplink command from EXEC /eth-uplink # mode Fabric interconnect scope fabric-interconnect command from /fabric-interconnect # EXEC mode Firmware scope firmware command from EXEC /firmware # mode Cisco Firepower 4100/9300 FXOS Command Reference...
Page 8 EXEC mode /system # Virtual HBA scope vhba command from EXEC mode /vhba # This command and all Note subcommands are currently not supported. Virtual NIC scope vnic command from EXEC mode /vnic # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 9 An error message is generated. delete object The object is deleted. enter object The configuration mode, if applicable, of the object is entered. scope object The configuration mode of the object is entered. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 10 You can use the Tab key in any mode to complete a command. Partially typing a command name and pressing Tab causes the command to be displayed in full or to the point where you must enter another keyword or an argument value. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 11 You can enter any command in the history again by stepping through the history to recall that command and then pressing Enter. The command is entered as if you had manually typed it. You can also recall a command and change it before you press Enter. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 12 The following example shows how the prompts change during the command entry process: Firepower# scope system Firepower /system # scope services Firepower /system/services # create ntp-server 192.168.200.101 Firepower /system/services* # show configuration pending scope services create ntp-server 192.168.200.101 exit Firepower /system/services* # commit-buffer Firepower /system/services # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 13 If you have not entered anything at the prompt, entering ? lists all available commands for the mode you are in. With a partially entered command, entering ? lists all keywords and arguments available at your current position in the command syntax. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 14 CLI Overview CLI Session Limits CLI Session Limits FXOS limits the number of CLI sessions that can be active at one time to 32 total sessions. This value is not configurable. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 15 Filter and Save Show Output • Save and Filter Show Command Output, on page 14 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 16 • no-more—Turns off pagination for command output. • sort—Sorts the lines (stream sorter). • tr—Translates, squeezes, and/or deletes characters. • uniq—Discards all but one of successive identical lines. • wc—Displays a count of lines, words, and characters. expression Cisco Firepower 4100/9300 FXOS Command Reference...
Page 17 Appends the show command output to the appropriate text file, which must already exist. Example The following example attempts to save the current configuration to the system workspace; a configuration file already exists, which you can choose to overwrite or not. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 18 Save Show Command Output FP9300-A# show configuration > workspace File already exists, overwrite (y/n)?[n]n Reissue command with >> if you want to append to existing file FP9300-A# Related Topics Filter Show Command Output, on page 14 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 19 Unsupported and Restricted Commands • Unsupported Commands, on page 18 • Restricted Commands, on page 22 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 20 /fabric-interconnect # show fan /fabric-interconnect # show fan-module /fabric-interconnect # show lan-neighbors /fabric-interconnect # show psu /fabric-interconnect # show san-neighbors /fabric-interconnect # show sw-uplink /fabric-interconnect # Organization Mode Commands scope auth-profile /org # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 21 /org # show vhba-templ /org # show vmq-conn-policy /org # show wwn-pool /org # Packet Capture Mode Commands show nh-test /packet-capture # Security Mode Commands create role /security # delete role /security # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 22 /service-profile # show iscsi-identity /service-profile # show mgmt-iface /service-profile # show vhba /service-profile # show vnic-iscsi /service-profile # System Mode Commands scope control-ep /system # scope environment-features /system # scope storage-features /system # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 23 Unsupported and Restricted Commands Unsupported Commands scope vm-mgmt /system # set virtual-ip /system # show control-ep /system # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 24 Restricted Commands Use of the following commands is restricted. Do not use any of these commands unless instructed to do so by a member of the Cisco Technical Assistance Center (TAC). Service Profile Mode Commands Do not change any service profile configurations; specifically do not use any of the...
Page 25 P A R T A R Commands • A – C Commands, on page 25 • D – R Commands, on page 81...
Page 27 65 • create policy (callhome), on page 67 • create policy (flow control), on page 70 • create profile, on page 71 • create resource-profile, on page 73 • create ssh-server, on page 75 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 28 A R Commands • create subinterface, on page 76 • create trustpoint, on page 79 • cycle, on page 80 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 29 # commit-buffer firepower # Related Commands Command Description Acknowledges a server on the device. acknowledge server acknowledge slot Acknowledges the existence of a slot in the device. show fault Shows fault policy information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 30 Related Commands Command Description acknowledge fault Acknowledges a system fault. acknowledge slot Verifies the existence of a slot that was recently commissioned. show server The show server commands display a variety of server-related configuration information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 31 /chassis # acknowledge slot 2 firepower /chassis* # commit-buffer firepower /chassis # Related Commands Command Description Acknowledges a system fault. acknowledge fault Acknowledges the existence of a server in your network. acknowledge server Cisco Firepower 4100/9300 FXOS Command Reference...
Page 32 As part of activation, all cli sessions will be terminated. Continue with activation? (yes/no) Related Commands Command Description Shows system firmware versions and status information. show firmware show server firmware Shows server firmware versions and status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 33 This example shows how to back up the SEL for server 2 in chassis 1: firepower# backup sel 1/2 firepower* # commit-buffer firepower# Related Commands Command Description clear sel Clears the system event log (SEL) for a server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 34 Warning : If you have already generated the authorization code from CSSM, please abort the cancellation by issuing discard-buffer and then install the authorization code. firepower /license/reservation* # Related Commands Command Description enable reservation Enables permanent license reservation. show license Shows current license information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 35 Specifies the maximum number of failed login attempts before the user is set max-login-attempts locked out of the system. Specifies the amount of time a user remains locked out of the system after user-account-unlock-time reaching the maximum number of login attempts. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 36 FP9300-A /security # scope local-user test_user FP9300-A /security/local-user # clear password history FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Command Description Creates a new local user account. create local-user Specifies the password for a user account. set password Cisco Firepower 4100/9300 FXOS Command Reference...
Page 37 This example shows how to clear system event logs for server 1 in chassis 1 while in organization mode. FP9300-A # scope org Test FP9300-A /org # clear sel 1/1 FP9300-A /org* # commit-buffer FP9300-A /org # Related Commands Command Description backup sel Backs up the system event log (SEL). Cisco Firepower 4100/9300 FXOS Command Reference...
Page 38 This example shows how to save configuration changes: FP9300-A# create org 3 FP9300-A /org* # commit-buffer FP9300-A /org # Related Commands Command Description discard-buffer Cancels and discards all uncommitted configuration changes. show configuration Shows all pending configuration changes. pending Cisco Firepower 4100/9300 FXOS Command Reference...
Page 39 - Show firmware versions on the adapter show-identity - Show adapter identity show-phyinfo - Show adapter phy info show-systemstatus - Show adapter status adapter 1/1/1 # exit firepower# Related Commands Command Description exit Returns you to the previous CLI mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 40 Ctrl-a, d Firepower-module1> Ctrl-], . firepower# Example This example shows how to connect to the ASA CLI on module 1: firepower# connect module 1 console Telnet escape character is '~'. Trying 127.5.1.1... Connected to 127.5.1.1. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 41 Close Network Connection to Exit Firepower-module1> connect asa asa> Related Commands Command Description connect ftd Connects to the FTD CLI. connect module Connects to the module CLI. Connects to the vDP CLI. connect vdp Cisco Firepower 4100/9300 FXOS Command Reference...
Page 42 A R Commands connect cimc connect cimc To connect to the Cisco Integrated Management Controller (CIMC) command shell, use the connect cimc command. connect cimc {chassis_id/blade_id | rack_id} Syntax Description chassis_id/blade_id Specifies the chassis and module numbers (entered in n/n format).
Page 43 "enter Key" will execute last command "COMMAND ?" will execute help for that command __________________________________________ [ help ]# exit Connection closed by foreign host. firepower# Related Commands Command Description exit Returns you to the previous CLI mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 44 > exit Firepower-module1> ~ telnet> quit firepower# Exit the Telnet session: Enter Ctrl-], . Example: > exit Firepower-module1> Ctrl-], . firepower# Example This example shows how to connect to the FTD CLI on module 1: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 45 Close Network Connection to Exit Firepower-module1> connect ftd > Related Commands Command Description Connects to the ASA CLI. connect asa connect module Connects to the module CLI. connect vdp Connects to the vDP CLI. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 46 Push current mode to stack or save it under name where Shows the cli context you are in firepower(fxos)# exit firepower# Related Commands Command Description connect local-mgmt Connects to a remote debug shell while connected to a specific adapter. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 47 A R Commands connect fxos Command Description exit Returns you to the previous CLI mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 48 Move a file Move a file ping Test network reachability ping6 Test IPv6 network reachability Print current directory reboot Reboots Fabric Interconnect restore-check Check if in restore mode Remove a file rmdir Remove a directory Cisco Firepower 4100/9300 FXOS Command Reference...
Page 49 Traceroute to destination traceroute6 Traceroute to IPv6 destination verify Verify Application Image firepower(local-mgmt)# exit firepower# Related Commands Command Description Connects to the FXOS command shell. connect fxos Returns you to the previous CLI mode. exit Cisco Firepower 4100/9300 FXOS Command Reference...
Page 50 => Trace the route to a remote host connect => Connect to specific csp console (asa, etc) support => System file operations testcrashinfo => Test crashinfo support help => Get help on command syntax Cisco Firepower 4100/9300 FXOS Command Reference...
Page 51 => Get help on command syntax Firepower-module1> <Ctrl-], .> firepower# Related Commands Command Description connect asa Connects to the ASA CLI. connect ftd Connects to the FTD CLI. connect vdp Connects to the vDP CLI. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 52 > Ctrl-], . Firepower-module1> Ctrl-], . firepower# Example This example shows how to connect to the vDP CLI on module 1: firepower# connect module 1 console Telnet escape character is '~'. Trying 127.5.1.1... Connected to 127.5.1.1. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 53 CISCO Serial Over LAN: Close Network Connection to Exit Firepower-module1> connect vdp Related Commands Command Description connect asa Connects to the ASA CLI. connect ftd Connects to the FTD CLI. connect module Connects to the module CLI. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 54 /ssa/slot # create app-instance ftd MyDevice1 firepower /ssa/slot/app-instance* # set deploy-type container firepower /ssa/slot/app-instance* # set resource-profile-name silver 1 firepower /ssa/slot/app-instance* # set startup-version 6.3.0 firepower /ssa/slot/app-instance* # Related Commands Command Description show app-attri Shows current application attributes. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 55 /ssa/logical-device/mgmt-bootstrap/bootstrap-key* # exit firepower /ssa/logical-device/mgmt-bootstrap* # Related Commands Command Description create logical-device Creates the logical device. create mgmt-bootstrap Creates the bootstrap configuration for the application. set value Sets the value for this command. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 56 Use Expert Mode only if a documented procedure tells you it is required, or if the Cisco Technical Assistance Center asks you to use it. To enter this mode, use the expert command in the FTD CLI.
Page 57 Before you create or commit a new certificate request, you must set the RSA key modulus (SSL key length) using set modulus, on page 202. Example This example shows how to create a new keyring and its certificate request: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 58 State, province or county (full name) subject-name Certificate request subject name firepower /security/keyring/certreq* # set Related Commands Command Description delete certreq Deletes an existing keyring certificate request. set (certreq) Sets keyring certificate request-related information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 59 /security # scope ipsec firepower /security/ipsec # enter connection ipsec_conn2 firepower /security/ipsec/connection* # Related Commands Command Description set adminstate Sets the IPSec connection administrative state to disabled or enabled. show connection Shows current IPSec connection information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 60 /monitoring # scope callhome firepower /monitoring/callhome # scope profile SLProfile firepower /monitoring/callhome/profile # enter destination TestDest firepower /monitoring/callhome/profile/destination* # set address user1@test.com firepower /monitoring/callhome/profile/destination* # set protocol email firepower /monitoring/callhome/profile/destination* # commit-buffer firepower /monitoring/callhome/profile/destination # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 61 Enters a Smart Call Home destination. enter destination set address Sets an email address for a Smart Call Home destination. set protocol Sets the transport protocol for a Smart Call Home destination. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 62 /system # scope services firepower /system/services # enter ip-block 192.168.200.101 24 ssh firepower /system/services/ip-block* # commit-buffer firepower /system/services/ip-block # up firepower /system/services # show ip-block Permitted IP Block: IP Address Prefix Length Protocol Cisco Firepower 4100/9300 FXOS Command Reference...
Page 63 --------------- ------------- -------- 0.0.0.0 0 https 0.0.0.0 0 snmp 0.0.0.0 0 ssh 192.168.200.101 24 ssh firepower /system/services # Related Commands Command Description create ipv6-block Creates an IPv6 address block. delete ip-block Deletes an existing IPv4 block. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 64 /system # scope services firepower /system/services # create ipv6-block 2001:DB8:1::1 64 ssh firepower /system/services/ipv6-block* # commit-buffer firepower /system/services/ipv6-block # up firepower /system/services # show ipv6-block Permitted IPv6 Block: IPv6 Address Prefix Length Protocol Cisco Firepower 4100/9300 FXOS Command Reference...
Page 65 ------------ ------------- -------- 0 https 0 snmp 0 ssh 2001:DB8:1::1 64 ssh firepower /system/services # Related Commands Command Description create ip-block Creates an IPv4 block. delete ipv6-block Deletes an existing IPv6 block. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 66 /security # enter keyring test_keyring firepower /security/keyring* # set ? cert Keyring certificate modulus RSA key modulus regenerate Regenerate keyring trustpoint Trustpoint CA firepower /security/keyring* # set Related Commands Command Description Deletes an existing RSA keyring. delete keyring Cisco Firepower 4100/9300 FXOS Command Reference...
Page 67 Command Modes Command History Release Modification 1.1(1) Command added. You can configure up to 48 local user accounts. Each account must have a unique user name and password. Usage Guidelines Cisco Firepower 4100/9300 FXOS Command Reference...
Page 68 /security/local-user # Related Commands Command Description delete local-user Deletes an existing local user account. set expiration Specifies the date on which the user account expires. set password Sets a password for the user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 69 Use this command to create an instance of a policy for an existing type of fault or system event. The available keywords for Call Home policy event types are: • adaptor-mismatch • arp-targets-config-error • association-failed • configuration-failure • connectivity-problem • election-failure • equipment-degraded • equipment-disabled • equipment-inaccessible • equipment-inoperable Cisco Firepower 4100/9300 FXOS Command Reference...
Page 70 This example shows how to create, enter and enable a Call Home policy instance for link-down events: firepower # scope monitoring firepower /monitoring # scope callhome firepower /monitoring/callhome # enter policy link-down firepower /monitoring/callhome/policy* # set admin-state enabled firepower /monitoring/callhome/policy* # commit-buffer Cisco Firepower 4100/9300 FXOS Command Reference...
Page 71 A R Commands create policy (callhome) firepower /monitoring/callhome/policy # Related Commands Command Description delete policy Deletes an existing Smart Call Home policy. Enables or disables the administrative state for a Smart Call Home policy. set admin-state Cisco Firepower 4100/9300 FXOS Command Reference...
Page 72 /eth-uplink/flow-control/policy* # commit-buffer firepower /eth-uplink/flow-control/policy # Related Commands Command Description delete policy Deletes an existing flow control policy. In flow-control/policy mode, sets flow control policy properties. Shows property values for a flow control policy. show policy Cisco Firepower 4100/9300 FXOS Command Reference...
Page 73 /monitoring # scope callhome firepower /monitoring/callhome # enter profile TestProfile firepower /monitoring/callhome/profile* # commit-buffer firepower /monitoring/callhome/profile # Related Commands Command Description delete profile Deletes an existing Smart Call Home destination profile. In monitoring/callhome mode, sets profile properties. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 74 A R Commands create profile Command Description show profile Lists currently defined Smart Call Home and Smart Licensing profiles; available in monitoring/callhome mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 75 /ssa/resource-profile* # set cpu-core-count 6 firepower /ssa/resource-profile* # exit firepower /ssa # enter resource-profile standard firepower /ssa/resource-profile* # set description "middle level" firepower /ssa/resource-profile* # set cpu-core-count 10 firepower /ssa/resource-profile* # exit firepower /ssa # enter resource-profile advanced Cisco Firepower 4100/9300 FXOS Command Reference...
Page 76 Assigned the resource profile to the application instance. show monitor detail Shows resource usage for the security module/engine slot. show resource detail Shows resource allocation for the application instance. show resource-profile Shows resource profile assignments. user-defined Cisco Firepower 4100/9300 FXOS Command Reference...
Page 77 /system/services # show ssh-server host-key Host Key Size: 2048 Deleted: Yes firepower /system/services # Related Commands Command Description set ssh-server Sets the SSH server host key size. show ssh-server Shows the SSH server properties. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 78 VLAN 22-31 on instance C. If you create these subinterfaces within the application, then you would have to share the parent interface in FXOS, which may not be desirable. See the following illustration that shows the three ways you can accomplish this scenario: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 79 Subinterfaces are supported on data or data-sharing type interfaces only. Example The following example creates 3 subinterfaces on Ethernet 1/1, and sets them to be data-sharing interfaces. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 80 /eth-uplink/fabric/interface/subinterface # Related Commands Command Description create port-channel Creates an EtherChannel (port channel). scope interface Enters the physical interface object. set port-type Sets the interface type. set vlan Sets the VLAN ID for a subinterface. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 81 This example shows how to create and enter a trustpoint: firepower # scope security firepower /security # enter trustpoint tPoint4 firepower /security/trustpoint* # Related Commands Command Description set certchain Sets certificate information for a trustpoint. Shows current trustpoint information. show trustpoint Cisco Firepower 4100/9300 FXOS Command Reference...
Page 82 This example shows how to power-cycle a module after its running application is shut down: FP9300-A # scope service-profile server 1/1 FP9300-A /org/service-profile # cycle cycle-wait FP9300-A /org/service-profile* # commit-buffer FP9300-A /org/service-profile # Related Commands Command Description Takes a network module offline or online. set adminstate Cisco Firepower 4100/9300 FXOS Command Reference...
Page 83 113 • register, on page 114 • reinitialize, on page 115 • remove server, on page 116 • renew, on page 117 • request universal, on page 118 • return, on page 119 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 84 This example shows how to decommission a server: FP9300-A# decommission server 1/1 FP9300-A* # commit-buffer FP9300-A # Related Commands Command Description delete decommissioned Deletes a decommissioned server. recommission Recommissions a decommissioned server. show server Shows any decommissioned servers. decommissioned Cisco Firepower 4100/9300 FXOS Command Reference...
Page 85 This example shows how to enter security mode and then delete a local user account: firepower # scope security firepower /security # delete local-user test_user firepower /security/local-user* # commit-buffer firepower /security/local-user # Related Commands Command Description create local-user Creates a new local user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 86 A R Commands delete Command Description enter local-user Adds or edits a local user account. delete local-user Deletes an existing local user account. scope local-user Enters a existing local user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 87 Command History Release Modification 1.4(1) Command added. Example This example shows how to delete a decommissioned server. FP9300-A # delete decommissioned server Cisco Systems, Inc. Cisco Firepower 9000 Series Security Module FLM1949C6J1 FP9300-A* # commit-buffer Related Commands Command Description decommission server Decommissions a server.
Page 88 Deregistration removes the device from your account, and all license entitlements and certificates on the Usage Guidelines device are removed. You can use this to free up a license for a new Firepower 4100/9300, or you can remove the device from the Smart Software Manager.
Page 89 FP9300-A /ssa/slot # scope app-instance ftd2 FTD-2 FP9300-A /ssa/slot/app-instance # disable FP9300-A /ssa/slot/app-instance* # commit-buffer FP9300-A /ssa/slot/app-instance # Related Commands Command Description enable Enables an existing application instance. scope app-instance Enters application mode for a specific application instance. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 90 Warning: A reboot of the system is required in order for the system to be operating in a non-CC approved mode. FP9300-A /security* # Related Commands Command Description enable cc-mode Enables Common Criteria mode. show cc-mode Shows current Common Criteria mode admin and operational states. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 91 Warning: A reboot of the system is required in order for the system to be operating in a non-FIPS approved mode. FP9300-A /security* # Related Commands Command Description enable fips-mode Enables FIPS mode. show fips-mode Shows current FIPS mode admin and operational states. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 92 Command History Release Modification 1.1(1) Command added. Enable license reservation before attempting to assign a permanent license to your Firepower 4100/9300 Usage Guidelines chassis. Example This example shows how to enter license mode and disable reservation mode: FP9300-A # scope license...
Page 93 FP9300-1 /chassis* # show configuration pending scope chassis 1 enable locator-led exit FP9300-1 /chassis* # discard-buffer FP9300-1 /chassis # Related Commands Command Description commit-buffer Saves or verifies configuration changes. show configuration Shows uncommitted configuration changes. pending Cisco Firepower 4100/9300 FXOS Command Reference...
Page 94 A R Commands download image download image To copy an FXOS firmware image to the Firepower 4100/9300 chassis, use the download image command in firmware mode. To copy a logical device software image to the Firepower 4100/9300 chassis, use the download image command in application software (/ssa/app-software) mode.
Page 95 192.168.1.1 user Downloaded Related Commands Command Description show download-task Shows progress of the image file download. show package Shows progress of the firmware file download. verify platform-pack Verifies a specified FXOS platform image. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 96 FP9300-A /ssa/slot # scope app-instance ftd2 FTD-2 FP9300-A /ssa/slot/app-instance # enable FP9300-A /ssa/slot/app-instance* # commit-buffer FP9300-A /ssa/slot/app-instance # Related Commands Command Description disable Disables an existing application instance. scope app-instance Enters application mode for a specific application instance. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 97 WARNING: A reboot of the system is required in order for the system to be operating in a CC approved mode. FP9300-A /security* # Related Commands Command Description disable cc-mode Disables Common Criteria mode. show cc-mode Shows current Common Criteria mode administrative and operational states. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 98 WARNING: A reboot of the system is required in order for the system to be operating in a FIPS approved mode. FP9300-A /security* # Related Commands Command Description disable fips-mode Disables FIPS mode. show fips-mode Shows current FIPS mode administrative and operational states. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 99 Command History Release Modification 1.1(1) Command added. Enable license reservation before attempting to assign a permanent license to your Firepower 4100/9300 Usage Guidelines chassis. Example This example shows how to enter license mode and enable reservation mode: FP9300-A # scope license...
Page 100 This example shows how to return to the highest-level mode of the CLI from service profile mode. FP9300-A # scope org Test FP9300-A /org # scope service-profile Sample FP9300-A /org/service-profile # end FP9300-A # Related Commands Command Description Enters top level mode from any mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 101 This example shows how to enter security mode, enter a local user account and display account details: firepower # scope security firepower /security # enter local-user test_user firepower /security/local-user # show detail Local User test_user: First Name: test Last Name: user Email: test_user@testuser.com Phone: Expiration: Never Password: **** Cisco Firepower 4100/9300 FXOS Command Reference...
Page 102 Description create local-user Creates a new local user account. enter local-user Adds or edits a local user account. Deletes an existing local user account. delete local-user Enters a existing local user account. scope local-user Cisco Firepower 4100/9300 FXOS Command Reference...
Page 103 This example shows how to enter and exit a local management connection. FP9300-A # connect local-mgmt FP9300-A(local-mgmt) # exit FP9300-A # Related Commands Command Description connect Connects to another managed object. Returns to the highest level mode of the CLI. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 104 This example shows how to install a reservation authorization code: FP9300-A# scope license FP9300-A /license # scope reservation FP9300-A /license/reservation # install <code> FP9300-A /license/reservation* # Related Commands Command Description request universal Generates a reservation request code. show license Shows current license information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 105 The system will be reboot to upgrade the SUP firmware. The upgrade operation will take several minutes to complete. PLEASE DO NOT POWER RECYCLE DURING THE UPGRADE. Do you want to proceed? (yes/no):yes Upgrading FXOS SUP firmware software package version 1.0.10 command executed Cisco Firepower 4100/9300 FXOS Command Reference...
Page 106 A R Commands install firmware Related Commands Command Description scope firmware-install Enters firmware-installation mode. show download-task Shows information about firmware-package downloads. show (firmware-install) In firmware-installation mode, shows firmware package information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 107 (2) Initiate a configuration backup Do you want to proceed? (yes/no): Related Commands Command Description download image Downloads an FXOS software image to the Firepower 4100/9300 chassis. show validate-task Displays the status of the image verification process. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 108 64 bytes from 198.51.100.10: icmp_seq=5 ttl=61 time=0.216 ms 64 bytes from 198.51.100.10: icmp_seq=6 ttl=61 time=0.251 ms 64 bytes from 198.51.100.10: icmp_seq=7 ttl=61 time=0.223 ms 64 bytes from 198.51.100.10: icmp_seq=8 ttl=61 time=0.221 ms 64 bytes from 198.51.100.10: icmp_seq=9 ttl=61 time=0.227 ms Cisco Firepower 4100/9300 FXOS Command Reference...
Page 109 = 51.005/51.062/51.164/0.064 ms firepower(local-mgmt)# Related Commands Command Description ping6 Tests basic network connectivity by pinging another device on the network with its IPv6 address. Traces the route to a specified destination (IPv4 address). traceroute Cisco Firepower 4100/9300 FXOS Command Reference...
Page 110 ICMP echo request packets to a specified host. Example This example shows how to connect to the local management shell and then ping another device on the network twelve times: firepower# connect local-mgmt firepower(local-mgmt)# ping6 2001:DB8:0:ABCD::1 count 12 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 111 = 51.005/51.062/51.164/0.064 ms firepower(local-mgmt)# Related Commands Command Description Tests basic network connectivity by pinging another device on the network ping with its IPv4 address. traceroute6 Traces the route to a specified destination (IPv6 address). Cisco Firepower 4100/9300 FXOS Command Reference...
Page 112 This example shows how to enter service profile mode and then power down the module with a soft shut-down: FP9300-A # scope service-profile server 1/1 FP9300-A /org/service-profile # power down soft-shut-down FP9300-A /org/service-profile* # commit-buffer FP9300-A /org/service-profile # Related Commands Command Description Shuts down the device. shutdown Cisco Firepower 4100/9300 FXOS Command Reference...
Page 113 All shells being terminated due to system /sbin/reboot This example shows how to enter chassis mode and reboot the system: FP9300-A # scope chassis 1 FP9300-A /chassis # reboot This command will reboot the chassis when committed FP9300-A /chassis* # commit-buffer Cisco Firepower 4100/9300 FXOS Command Reference...
Page 114 System is safe to power off after "System halted." message is seen FP9300-A /chassis # Broadcast message from root@DOC-FP9300-A (Fri Apr 13 16:27:04 2018): All shells being terminated due to system /sbin/shutdown Related Commands Command Description shutdown Shuts down the device. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 115 Example This example shows how to enter organization mode and then recommission a previously decommissioned server. FP9300-A # scope org FP9300-A /org # recommission server Cisco Systems, Inc. Cisco Firepower 9000 Series Security Module FLM1949C6J1 FP9300-A /org* # commit-buffer Related Commands...
Page 116 A R Commands register register To register a Smart Software Manager account on this Firepower 4100/9300 device, use the register command. register idtoken id_token Syntax Description id_token The registration token acquired from the Smart Software Manager Satellite. License (/license) mode...
Page 117 Warning: Reinitializing blade takes a few minutes. All the application data on blade will get lost. Please backup application running config files before commit-buffer. FP9300-A /ssa/slot* # Related Commands Command Description decommission Decommissions a server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 118 Usage Guidelines Example This example shows how to remove a decommissioned server: FP9300-A# remove server 1/1 FP9300-A* # commit-buffer FP9300-A# Related Commands Command Description decommission server Decommissions a server. Shows decommissioned server(s). show server decommissioned Cisco Firepower 4100/9300 FXOS Command Reference...
Page 119 ID certificate and license entitlement. FP9300-A # scope license FP9300-A /license # scope licdebug FP9300-A /license/licdebug # renew FP9300-A /license/licdebug # Related Commands Command Description register Registers a Smart Software Manager account on this Firepower 4100/9300 device. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 120 Before you begin, you must purchase the permanent licenses so they are available in Smart Software Manager. Usage Guidelines Not all accounts are approved for permanent license reservation. Make sure you have approval from Cisco for this feature before you attempt to configure it.
Page 121 Usage Guidelines you do not, the license stays in an in-use state and cannot be used elsewhere. When you enter this command, the Firepower 4100/9300 chassis immediately becomes unlicensed and moves to the Evaluation state. To complete the return, go to https://software.cisco.com/#SmartLicensing-Inventory, locate your Firepower 4100/9300 chassis using its universal device identifier (UDI), and then remove the product instance.
Page 122 A R Commands return Cisco Firepower 4100/9300 FXOS Command Reference...
Page 123 P A R T S Commands • scope Commands, on page 123 • set Commands, on page 157 • sh Commands, on page 235...
Page 125 151 • scope service-profile, on page 152 • scope slot, on page 153 • scope ssa, on page 154 • scope system, on page 155 • scope vnic, on page 156 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 126 This example shows how to enter security mode, scope into a local user account and display account details: firepower # scope security firepower /security # scope local-user test_user firepower /security/local-user # show detail Local User test_user: First Name: test Last Name: user Email: test_user@testuser.com Phone: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 127 User SSH public key: firepower /security/local-user # Related Commands Command Description create local-user Creates a new local user account. enter local-user Adds or edits a local user account. delete local-user Deletes an existing local user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 128 This example shows how to enter adapter mode using the chassis, server and adapter IDs: FP9300-A# scope adapter 1/1/1 FP9300-A /chassis/server/adapter # Related Commands Command Description connect adapter Connects to the command shell for a specific adapter. scope chassis Enters chassis mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 129 This example shows how to enter firmware mode and then auto-install mode: FP9300-A# scope firmware FP9300-A /firmware # scope auto-install FP9300-A /firmware/auto-install # Related Commands Command Description install platform Upgrades UCS Infra components (UCSM, FI and IOM) to infra version specified. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 130 77, then the chassis converts 77 into the hexadecimal value 004D (yyxx). When used in the MAC address, the prefix is reversed (xxyy) to match the chassis native form: A24D.00zz.zzzz For a prefix of 1009 (03F1), the MAC address is: A2F1.03zz.zzzz Cisco Firepower 4100/9300 FXOS Command Reference...
Page 131 /ssa # scope auto-macpool firepower /ssa/auto-macpool # Related Commands Command Description scope ssa Enters ssa mode. Sets the MAC address prefix. set prefix Shows the assigned MAC addresses. show mac-address Cisco Firepower 4100/9300 FXOS Command Reference...
Page 132 You can access fabric mode from cabling mode, where you can view and manage port breakouts. Usage Guidelines Example This example shows how to enter cabling mode: FP9300-A # scope cabling FP9300-A /cabling # Related Commands Command Description scope fabric-interconnect Enter fabric interconnect mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 133 This example shows how to enter callhome mode from monitoring mode: FP9300-A#scope monitoring FP9300-A /monitoring # scope callhome FP9300-A /monitoring/callhome # Related Commands Command Description show callhome Shows Call Home configuration and status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 134 Command Modes Command History Release Modification 1.1(1) Command added. Example This example shows how to enter chassis mode: FP9300-A# scope chassis 1 FP9300-A /chassis # Related Commands Command Description show chassis Shows chassis information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 135 Command History Release Modification 1.1(1) Command added. Example This example shows how to enter cloud connector mode: FP9300-A # scope cloud-connector FP9300-A /cloud-connector # Related Commands Command Description Shows cloud connector configuration information. show cloud-connector Cisco Firepower 4100/9300 FXOS Command Reference...
Page 136 This example shows how to enter security mode and then default authentication mode: FP9300-A# scope security FP9300-A /security # scope default-auth FP9300-A /security/default-auth # Related Commands Command Description set realm Sets the default authentication service. show Shows default authentication settings. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 137 You do not have to enter this mode with a managed object. Usage Guidelines Example This example shows how to enter Ethernet uplink mode: FP9300-A#scope eth-uplink FP9300-A /eth-uplink # Related Commands Command Description show eth-uplink Shows Ethernet uplink information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 138 Command History Release Modification 1.1(1) Command added. Example This example shows how to enter fabric interconnect mode: FP9300-A# scope fabric-interconnect a FP9300-B /fabric-interconnect # Related Commands Command Description show fabric-interconnect Shows fabric interconnect information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 139 Example This example shows how to scope into fan-module mode: firepower# scope chassis firepower /chassis # scope fan-module 1 2 firepower /chassis/fan-module # Related Commands Command Description Scopes into a specific fan. scope fan Cisco Firepower 4100/9300 FXOS Command Reference...
Page 140 Usage Guidelines Example This example shows how to enter firmware mode: FP9300-A# scope firmware FP9300-A /firmware # Related Commands Command Description show server firmware Shows server firmware information. show server version Shows server firmware version. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 141 This example shows how to enter firmware-installation mode: FP9300-A# scope firmware FP9300-A /firmware # scope firmware-install FP9300-A /firmware-install # Related Commands Command Description download image Downloads a firmware package. install firmware Installs a firmware package. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 142 Usage Guidelines Example This example shows how to enter IPSec mode: FP9300-A# scope security FP9300-A /security # scope ipsec FP9300-A /security/ipsec # Related Commands Command Description show connection Shows information about the IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 143 Usage Guidelines Example This example shows how to enter IPv6 configuration mode: FP9300-A# scope fabric-interconnect a FP9300-A /fabric-interconnect # scope ipv6-config FP9300-A /fabric-interconnect/ipv6-config # Related Commands Command Description Shows IPv6 management-interface information. show ipv6-if Cisco Firepower 4100/9300 FXOS Command Reference...
Page 144 Example This example shows how to enter license debug mode from license mode: FP9300-A # scope license FP9300-A /license # scope licdebug FP9300-A /license/licdebug # Related Commands Command Description Enters license mode. scope license Cisco Firepower 4100/9300 FXOS Command Reference...
Page 145 Command added. Example This example shows how to enter license mode from EXEC level: FP9300-A# scope license FP9300-A /license # Related Commands Command Description show license Shows the usage of some or all license packages. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 146 You do not have to enter this mode with a managed object. Usage Guidelines Example This example shows how to enter monitoring mode: FP9300-A#scope monitoring FP9300-A /monitoring # Related Commands Command Description show server status Shows information about the status of a server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 147 Command Modes Command History Release Modification 1.1(1) Command added. Example This example shows how to enter organization mode: FP9300-A# scope org org100 FP9300-A /org # Related Commands Command Description show org Lists currently defined organizations. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 148 You do not have to enter this mode with a managed object. Usage Guidelines Example This example shows how to enter packet capture mode: FP9300-A#scope packet-capture FP9300-A /monitoring # Related Commands Command Description traceroute Traces the route to another device on the network. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 149 Command added. Example This example shows how to enter password profile security mode: FP9300-A # scope security FP9300-A /security # scope password-profile FP9300-A /security/password-profile # Related Commands Command Description Shows password-profile information. show password-profile Cisco Firepower 4100/9300 FXOS Command Reference...
Page 150 Transport Protocol Email or HTTP/HTTPS URL Address ---------- ------------------ ------------------------------- SLDest Https https://tools.cisco.com/its/service/oddce/services/DDCEService FP9300-A /monitoring/callhome/profile # Related Commands Command Description show profile Lists currently defined Smart Call Home and Smart Licensing profiles; available in monitoring/callhome mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 151 This example shows how to enter reservation mode from license mode: FP9300-A# scope license FP9300-A /license # scope reservation FP9300-A /license/reservation # Related Commands Command Description Generates a reservation request code. request universal show license Shows the usage of some or all license packages. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 152 You do not have to enter this mode with a managed object. Usage Guidelines Example This example shows how to enter security mode: FP9300-A# scope security FP9300-A /security # Related Commands Command Description show security Shows information about the security policies. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 153 This example shows how to enter server mode: FP9300-A# scope server 1/1 FP9300-A /chassis/server # Related Commands Command Description Shows information about the network adapters in a server. show server adapter Shows identity information about a server. show server identity Cisco Firepower 4100/9300 FXOS Command Reference...
Page 154 ID (n/n format). The chassis ID is always 1. Example This example shows how to enter service profile mode: FP9300-A # scope service-profile server 1/1 FP9300-A /org/service-profile # Related Commands Command Description show service-profile Shows service-profile information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 155 In slot mode, you can update the application image on the logical device. Usage Guidelines Example This example shows how to enter slot mode: FP9300-A# scope ssa FP9300-A /ssa # scope slot 2 FP9300-A /ssa/slot # Related Commands Command Description Shows security information. show security Cisco Firepower 4100/9300 FXOS Command Reference...
Page 156 You do not have to enter this mode with a managed object. Usage Guidelines Example This example shows how to enter ssa mode: FP9300-A# scope ssa FP9300-A /ssa # Related Commands Command Description show security Shows security information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 157 You do not have to enter this mode with a managed object. Usage Guidelines Example This example shows how to enter system mode: FP9300-A# scope system FP9300-A /system # Related Commands Command Description Shows information about the systems configured on this device. show system Cisco Firepower 4100/9300 FXOS Command Reference...
Page 158 FP9300-A # scope org org10 FP9300-A /org # scope service-profile sp10 FP9300-A /org/service-profile # scope vnic vNIC10 FP9300-A /org/service-profile/vnic # Related Commands Command Description show server adapter Shows information about the available network adapters. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 159 195 • set lastname, on page 196 • set local-address, on page 197 • set log-level, on page 198 • set max-login-attempts, on page 199 • set min-password-length, on page 200 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 160 228 • set user-account-unlock-time, on page 229 • set value (create bootstrap-key FIREWALL_MODE), on page 230 • set value (create bootstrap-key PERMIT_EXPERT_MODE), on page 231 • set vlan, on page 232 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 161 , (comma), . (period), @ (at sign), ^ (carat), ( (open parenthesis), ) (close parenthesis), - (dash), _ (underscore), + (plus sign), : (colon), / (forward slash). password (Optional) You are asked to enter and then confirm a password for the request. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 162 Command Description create certreq Creates a new keyring certificate request. delete certreq Deletes an existing keyring certificate request. Enters a keyring certificate request. enter certreq set (keyring) Sets keyring-related information, inluding modulus and trustpoint. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 163 FP9300-A /security/default-auth # set absolute-session-timeout 240 FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set refresh-period Sets the Web session refresh period. Displays the current session and absolute session timeout settings. show detail Cisco Firepower 4100/9300 FXOS Command Reference...
Page 164 FP9300-A /security # scope local-user test_user FP9300-A /security/local-user # set account-status inactive FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Related Commands Command Description set expiration Specifies the date on which the user account expires. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 165 Modification 1.4(1) Command added. Each Firepower 4100/9300 chassis must be registered with the Smart Call Home License Authority or Smart Usage Guidelines License satellite server. Use this command to set an email or HTTP/HTTPS URL address as the licensing destination.
Page 166 FP9300-A /monitoring/callhome/policy* # commit-buffer FP9300-A /monitoring/callhome/policy # Related Commands Command Description Enters a Smart Call Home policy. enter policy delete policy Deletes an existing Smart Call Home policy. show Displays Call Home configuration or policy information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 167 Related Commands Command Description aknowledge slot Verifies the existence of a slot that was recently commissioned. In fabric interconnect mode, confirms that an existing module was replaced with one with a different product ID (PID). Cisco Firepower 4100/9300 FXOS Command Reference...
Page 168 This example shows how to specify the default authentication server group: FP9300-A# scope security FP9300-A /security # scope default-auth FP9300-A /security/default-auth # set auth-server-group admin_server FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set realm Specifies the default authentication service. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 169 >-----BEGIN CERTIFICATE----- MIIFqDCCA5CgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEL MAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NKQzEOMAwGA1UECgwFQ2lzY28xDTALBgNV BAsMBFNUQlUxCzAJBgNVBAMMAkNBMRowGAYJKoZIhvcNAQkBFgtzc3BAc3NwLm5l dDAeFw0xNjEyMTUyMTM0NTRaFw>0yNjEyMTMyMTM0NTRaMHwxCzAJBgNVBAYTAlVT MQswCQYDVQQIDAJDQTEPMA0GA1UECgwGbmV3c3RnMRAwDgYDVQQLDAduZXdzdGJ1 MRMwEQYDVQQDDAppbnRlcm0xLWNhMSgwJgYJKoZIhvcNAQkBFhlpbnRlcm0xLWNh QGludGVybTEtY2EubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA wLpNnyEx5I4P8uDoW>KWF3IZsegjhLANsodxuAUmhmwKekd0OpZZxHMw1wSO4IBX5 4itJS0xyXFzPmeptG3OXvNqCcsT+4BXl3DoGgPMULccc4NesHeg2z8+q3SPA6uZh iseWNvKfnUjixbQEBtcrWBiSKnZuOz1cpuBn34gtgeFFoCEXN+EZVpPESiancDVh 8pCPlipc/08ZJ3o9GW2j0eHJN84sguIEDL812ROejQvpmfqGUq11stkIIuh+wB+V VRhUBVG7p>V57I6DHeeRp6cDMLXaM3iMTelhdShyo5YUaRJMak/t8kCqhtGXfuLlI E2AkxKXeeveR9n6cpQd5JiNzCT/t9IQL/T/CCqMICRXLFpLCS9o5S5O2B6QFgcTZ yKR6hsmwe22wpK8QI7/5oWNXlolb96hHJ7RPbG7RXYqmcLiXY/d2j9/RuNoPJawI hLkfhoIdPA28xlnfIB1azCmMmdPcBO6cbUQfCj5hSmk3StVQKgJCjaujz55TGGd1 G>jnxDMX9twwz7Ee51895Xmtr24qqaCXJoW/dPhcIIXRdJPMsTJ4yPG0BieuRwd0p i8w/rFwbHzv4C9Fthw1JrRxH1yeHJHrLlZgJ5txSaVUIgrgVCJaf6/jrRRWoRJwt AzvnzYql2dZPCcEAYgP7JcaQpvdpuDgq++NgBtygiqECAwEAAaNBMD8wDAYDVR0T BAUwAwEB/zAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vMTkyLjE2OC40LjI5>L2lu dGVybS5jcmwwDQYJKoZIhvcNAQELBQADggIBAG/XujJh5G5UWo+cwTSitAezWbJA h1dAiXZ/OYWZSxkFRliErKdupLqL0ThjnX/wRFfEXbrBQwm5kWAUUDr97D1Uz+2A 8LC5I8SWKXmyf0jUtsnEQbDZb33oVL7yXJk/A0SF0jihpPheMA+YRazalT9xj9KH PE7nHCJMbb2ptrHUyvBrKSYrSeEqOpQU2+otnFyV3rS9aelgV>juaWyaWOc3lZ1Oi CC2tJvY3NnM56j5iesxUCeY/SZ2/ECXN7RRBViLHmA3gFKmWf3xeNiKkxmJCxOaa UWPC1x2V66I8DG9uUzlWyd79O2dy52aAphAHC6hqlzb6v+gw1Tld7UxaqVd8CD5W ATjNs+ifkJS1h5ERxHjgcurZXOpR+NWpwF+UDzbMXxx+KAAXCI6ltCd8Pb3wOUC3 PKvwEXaIcCcxGx71eRLpWPZFyEoi4N2NGE9OXRjz0>K/KERZgNhsIW3bQMjcw3aX6 OXskEuKgsayctnWyxVqNnqvpuz06kqyubh4+ZgGKZ5LNEXYmGNz3oED1rUN636Tw SjGAPHgeROzyTFDixCei6aROlGdP/Hwvb0/+uThIe89g8WZ0djTKFUM8uBO3f+II /cbuyBO1+JrDMq8NkAjxKlJlp1c3WbfCue/qcwtcfUBYZ4i53a56UNF5Ef0rpy/8 B/+07Me/p2y9Luqa -----END CERTIFICATE----- Cisco Firepower 4100/9300 FXOS Command Reference...
Page 170 Command Description set modulus Specifies the RSA key modulus (SSL key length) in bits. set regenerate Regenerates the RSA keys in the default keyring. set trustpoint Specifies whether the keyring certificate can be regenerated. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 171 ENDOFBUF entry. See “Certificates, Key Rings, and Trusted Points” in the Cisco FXOS CLI Configuration Guide for information about obtaining a trust certificate. Example This example shows how to create and enter a new trustpoint, and then paste a certificate chain into...
Page 172 S Commands set certchain > 4YL5Jg== > -----END CERTIFICATE----- > ENDOFBUF FP9300-A /security/trustpoint* # commit-buffer FP9300-A /security/trustpoint # Related Commands Command Description enter trustpoint Enters a trustpoint. show trustpoint Shows current trustpoint information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 173 Enables or disables restrictions on the number of password changes a locally authenticated user can make. set change-interval Specifies the number of hours over which a specified number of password changes can be made. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 174 Specifies the maximum number of times a locally authenticated user can change his or her password. set change-interval Specifies the number of hours over which a specified number of password changes can be made. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 175 Specifies the maximum number of times a locally authenticated user can change his or her password. set change-during-interval Enables or disables restrictions on the number of password changes a locally authenticated user can make. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 176 --------- -------- ------------------------ -------- ----------- Warning F16520 2010-01-21T18:33:22.065 5785755 [FSM:STAGE:RETRY:]: detect mezz cards in 1/6(FSM-STAGE:sam:dme:ComputeBladeDiscover:NicPresence) Condition F77960 2010-01-21T18:32:31.255 1089623 [FSM:STAGE:REMOTE-ERROR]: R esult: end-point-unavailable Code: unspecified Message: sendSamDmeAdapterInfo: i dentify failed FP9300-A# set cli suppress-field-spillover off FP9300-A# show fault Cisco Firepower 4100/9300 FXOS Command Reference...
Page 177 Condition F77960 2010-01-21T18:32:31.255 1089623 [FSM:STAGE:REMOTE-ERROR]: R FP9300-A# Related Commands Command Description show cli Shows current CLI settings. terminal Sets the number of lines, and the width of the lines, displayed in the terminal window. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 178 Firepower /ssa/logical-device* # create cluster-bootstrap firepower /ssa/logical-device/cluster-bootstrap* # set cluster-control-link network 10.10.0.0 firepower /ssa/logical-device/cluster-bootstrap* # Related Commands Command Description Creates the logical device. create logical-device create cluster-bootstrap Creates the cluster bootstrap configuration for the application. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 179 FP9300-A /security/default-auth # set con-absolute-session-timeout 240 FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set refresh-period Sets the Web session refresh period. Displays the current session and absolute session timeout settings. show detail Cisco Firepower 4100/9300 FXOS Command Reference...
Page 180 FP9300-A /security/default-auth # set con-session-timeout 240 FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set refresh-period Sets the Web session refresh period. show detail Displays the current session and absolute session timeout settings. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 181 /ssa/resource-profile* # set description "lowest level" firepower /ssa/resource-profile* # set cpu-core-count 6 firepower /ssa/resource-profile* # exit firepower /ssa # enter resource-profile standard firepower /ssa/resource-profile* # set description "middle level" firepower /ssa/resource-profile* # set cpu-core-count 10 firepower /ssa/resource-profile* # exit Cisco Firepower 4100/9300 FXOS Command Reference...
Page 182 Assigned the resource profile to the application instance. Shows resource usage for the security module/engine slot. show monitor detail Shows resource allocation for the application instance. show resource detail show resource-profile Shows resource profile assignments. user-defined Cisco Firepower 4100/9300 FXOS Command Reference...
Page 183 For the Firepower 9300, you can use a native instance on some modules, and container instances on the other module(s). Example The following example adds an FTD application instance, and sets it to the container type: Firepower# scope ssa Firepower /ssa # scope slot 1 Firepower /ssa/slot # enter app-instance ftd MyDevice1 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 184 Firepower /ssa/slot* # exit Firepower /ssa* # Related Commands Command Description show app-attri Shows current application attributes. create resource-profile Creates a resource profile for use with constainer instances. show Shows available resource profiles. resource-profile-name Cisco Firepower 4100/9300 FXOS Command Reference...
Page 185 If the email address includes special characters, such as # (hash), spaces, or & (ampersand), the email server Usage Guidelines may not be able to deliver email messages to that address. Cisco recommends using email addresses which comply with RFC2821 and RFC2822, and include only 7-bit ASCII characters.
Page 186 • Must not be blank for local user and admin accounts. Example This example shows how to enter security mode and enable strong password enforcement: FP9300-A# scope security FP9300-A /security # set enforce-strong-password yes FP9300-A /security* # commit-buffer Cisco Firepower 4100/9300 FXOS Command Reference...
Page 187 S Commands set enforce-strong-password FP9300-A /security # Related Commands Command Description set min-password-length Specifies a minimum password length. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 188 FP9300-A /security/local-user* # set expiration dec 31 2019 FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Related Commands Command Description Creates a new local user account. create local-user Specifies a password for a user account. set password Cisco Firepower 4100/9300 FXOS Command Reference...
Page 189 FP9300-A /security/local-user* # set firstname john FP9300-A /security/local-user* # set lastname doe FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Command Description create local-user Creates a new local user account. set lastname Specifies the surname for a local user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 190 FP9300-A /security/password-profile # set history-count 5 FP9300-A /security/password-profile* # commit-buffer FP9300-A /security/password-profile # Related Commands Command Description set change-count Specifies the maximum number of times a locally authenticated user can change his or her password. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 191 FP9300-A /monitoring/callhome # set http-proxy-server-enable on FP9300-A /monitoring/callhome # Related Commands Command Description Sets the HTTP or HTTPS address of the proxy server. set http-proxy-server-url set http-proxy-server-port Sets the communications port for the proxy server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 192 FP9300-A /monitoring/callhome # set http-proxy-server-port 443 FP9300-A /monitoring/callhome # Related Commands Command Description Enables or disables the HTTP/HTTPS proxy for Smart Software Licensing http-proxy-server-enable and Smart Call Home. set http-proxy-server-url Sets the HTTP/HTTPS address for the proxy server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 193 FP9300-A /monitoring/callhome # set http-proxy-server-url https://209.165.201.10 FP9300-A /monitoring/callhome # Related Commands Command Description Enables or disables the HTTP/HTTPS proxy for Smart Software Licensing http-proxy-server-enable and Smart Call Home. set http-proxy-server-port Sets the communications port for the proxy server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 194 Generally, cipher strength is roughly based on the bits of security (or symmetric key size), with ‟low” meaning less than 128 bits of security, ‟medium” meaning equal to 128 bits, and ‟high” meaning greater than 128 bits of security. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 195 (Optional) Specifies the port to be used for HTTPS connections; can be 1 to 65535. Default is 443. The default HTTPS authentication configuration on the Firepower 4100/9300 chassis is credential-based. Command Default The default Cipher Suite security level is medium strength.
Page 196 S Commands set https Related Commands Command Description enable https Enables the HTTPS service. show https Shows current HTTPS service configuration. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 197 FP9300-A /security/ipsec/connection # set keyring-name kr22 FP9300-A /security/ipsec/connection* # commit-buffer FP9300-A /security/ipsec/connection # Command Description create connection Creates a new IPSec connection. set keyring-passwd Specifies the passphrase for a keyring assigned to an IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 198 FP9300-A /security/local-user* # set firstname john FP9300-A /security/local-user* # set lastname doe FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Command Description create local-user Creates a new local-user account. set firstname Specifies the first name for a local user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 199 FP9300-A /security/ipsec # enter connection testconn FP9300-A /security/ipsec/connection # set local-address 209.165.201.12 FP9300-A /security/ipsec/connection* # commit-buffer FP9300-A /security/ipsec/connection # Command Description create connection Creates a new IPSec connection. set remote-addr Sets the remote IP address for an IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 200 This example shows how to set the IPSec logging level to 2: FP9300-A # scope security FP9300-A /security # scope ipsec FP9300-A /security/ipsec # set log-level 2 FP9300-A /security/ipsec* # commit-buffer FP9300-A /security/ipsec # Related Commands Command Description show ipsec-log Shows the IPSec log file. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 201 FP9300-A /security # Related Commands Command Description clear lock-status Clears a user’s locked-out status. Specifies the amount of time a user remains locked out of the system after reaching the maximum number of login attempts. user-account-unlock-time Cisco Firepower 4100/9300 FXOS Command Reference...
Page 202 This example shows how to enter security mode and specify a minimum password length of 15 characters: FP9300-A# scope security FP9300-A /security # set min-password-length 15 FP9300-A /security* # commit-buffer FP9300-A /security # Related Commands Command Description Enables and disables strong password enforcement. enforce-strong-password Cisco Firepower 4100/9300 FXOS Command Reference...
Page 203 FP9300-A /security/ipsec/connection # Command Description create connection Creates a new IPSec connection. set local-addr Sets the local IP address for an IPSec connection. set remote-addr Sets the remote IP address for an IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 204 /security/keyring # Related Commands Command Description set cert Enters an RSA certificate for a keyring. set regenerate Regenerates the RSA keys in the default keyring. set trustpoint Specifies whether the keyring certificate can be regenerated. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 205 Enables or disables restrictions on the number of password changes a locally authenticated user can make. set change-interval Specifies the number of hours over which a specified number of password changes can be made. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 206 FP9300-A # scope fabric-interconnect a FP9300-A /fabric-interconnect # show Fabric Interconnect: OOB IP Addr OOB Gateway OOB Netmask OOB IPv6 Address OOB IPv6 Gateway Prefix Operability ---- --------------- --------------- --------------- ---------------- ---------------- ------ ----------- Cisco Firepower 4100/9300 FXOS Command Reference...
Page 207 FP9300-A /fabric-interconnect/ipv6-config # set out-of-band ipv6 2001::8999 ipv6-prefix 64 ipv6-gw 2001::1 FP9300-A /fabric-interconnect/ipv6-config* # commit-buffer FP9300-A /fabric-interconnect/ipv6-config # Command Description show Shows the current device management IP addresses. show ipv6-if Shows the current device management IPv6 address. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 208 FP9300-A /security/local-user* # set password Enter a password: Confirm the password: FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Command Description Creates a new local-user account. create local-user Specifies the date on which the user account expires. set expiration Cisco Firepower 4100/9300 FXOS Command Reference...
Page 209 FP9300-A /security/local-user # set phone +1-408-555-1212 FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Related Commands Command Description create local-user Creates a new local user account. set phone-contact Specifies a contact telephone number for a Smart Call Home account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 210 /eth-uplink/fabric/port-channel/member-port* # exit firepower /eth-uplink/fabric/port-channel* # create member-port Ethernet1/3 firepower /eth-uplink/fabric/port-channel/member-port* # exit firepower /eth-uplink/fabric/port-channel* # create member-port Ethernet1/4 firepower /eth-uplink/fabric/port-channel/member-port* # exit firepower /eth-uplink/fabric/port-channel* # set port-type data firepower /eth-uplink/fabric/port-channel* # set port-channel-mode on Cisco Firepower 4100/9300 FXOS Command Reference...
Page 211 S Commands set port-channel-mode Related Commands Command Description create port-channel Adds an EtherChannel interface. create member-port Assigns a member to the EtherChannel. set port-type Sets the interface type. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 212 The default type is data. Command Default scope eth-uplink/scope fabric a/scope interface/ Command Modes scope eth-uplink/scope fabric a/create port-channel/ Command History Release Modification 2.4(1) We added the data-sharing type. 1.1(4) We added the firepower-eventing type. 1.1(1) Command added. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 213 The following example adds three subinterfaces and sets the port type to data-sharing. Firepower# scope eth-uplink Firepower /eth-uplink # scope fabric a Firepower /eth-uplink/fabric # enter interface Ethernet1/1 Firepower /eth-uplink/fabric/interface # enter subinterface 10 Firepower /eth-uplink/fabric/interface/subinterface* # set vlan 10 Firepower /eth-uplink/fabric/interface/subinterface* # set port-type data-sharing Cisco Firepower 4100/9300 FXOS Command Reference...
Page 214 Firepower /eth-uplink/fabric/interface/subinterface* # set vlan 12 Firepower /eth-uplink/fabric/interface/subinterface* # set port-type data-sharing Firepower /eth-uplink/fabric/interface/subinterface* # commit-buffer Firepower /eth-uplink/fabric/interface/subinterface # Related Commands Command Description Adds an EtherChannel interface. create port-channel scope interface Edits a physical interface. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 215 77, then the chassis converts 77 into the hexadecimal value 004D (yyxx). When used in the MAC address, the prefix is reversed (xxyy) to match the chassis native form: A24D.00zz.zzzz For a prefix of 1009 (03F1), the MAC address is: A2F1.03zz.zzzz Cisco Firepower 4100/9300 FXOS Command Reference...
Page 216 /ssa # scope auto-macpool firepower /ssa/auto-macpool # set prefix 33 firepower /ssa/auto-macpool* # commit-buffer firepower /ssa/auto-macpool Related Commands Command Description scope ssa Enters ssa mode. scope auto-macpool Enter auto-macpool mode. Shows the assigned MAC addresses. show mac-address Cisco Firepower 4100/9300 FXOS Command Reference...
Page 217 FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set auth-server-group Specifies an associated authentication provider group. set use-2-factor Sets the authentication method to two-factor authentication for a Radius or TACACS+ realm. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 218 FP9300-A /security/default-auth # set refresh-period 800 FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set timeout values The set absolute-session-timeout, set con-absolute-session-timeout, set con-session-timeout, and set session-timeout commands are used to set various timeout values. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 219 Related Commands Command Description Enters an RSA certificate for a keyring. set cert set modulus Specifies the RSA key modulus (SSL key length) in bits. set trustpoint Specifies whether the keyring certificate can be regenerated. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 220 FP9300-A /security/ipsec # enter connection testconn FP9300-A /security/ipsec/connection # set local-address 209.165.202.129 FP9300-A /security/ipsec/connection* # commit-buffer FP9300-A /security/ipsec/connection # Command Description create connection Creates a new IPSec connection. set local-addr Sets the local IP address for an IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 221 FP9300-A /security/ipsec # enter connection testconn FP9300-A /security/ipsec/connection # set remote-ike-ident 203.0.113.12 FP9300-A /security/ipsec/connection* # commit-buffer FP9300-A /security/ipsec/connection # Command Description create connection Creates a new IPSec connection. set remote-addr Sets the remote IP address for an IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 222 FP9300-A /security/ipsec # enter connection testconn FP9300-A /security/ipsec/connection # set remote-subnet 209.165.202.128/27 FP9300-A /security/ipsec/connection* # commit-buffer FP9300-A /security/ipsec/connection # Command Description create connection Creates a new IPSec connection. set remote-addr Sets the remote IP address for an IPSec connection. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 223 This example shows how to enter security mode and deny access to users without a user role: FP9300-A# scope security FP9300-A /security # set remote-user default-role no-login FP9300-A /security* # commit-buffer FP9300-A /security # Related Commands Command Description Specifies the default authentication service. set authentication Cisco Firepower 4100/9300 FXOS Command Reference...
Page 224 FPR4K-SM-36, FPR4K-SM-24 24576 Yes VDP-10-CORES FPR9K-SM-56, FPR9K-SM-44, FPR9K-SM-36, FPR9K-SM-24, FPR4K-SM-44, FPR4K-SM-36, FPR4K-SM-24 40960 No VDP-2-CORES 8192 No VDP-4-CORES 16384 No VDP-8-CORES FPR9K-SM-56, FPR9K-SM-44, FPR9K-SM-36, FPR9K-SM-24, FPR4K-SM-44, FPR4K-SM-36, FPR4K-SM-24 32768 No firepower /ssa/app # exit Cisco Firepower 4100/9300 FXOS Command Reference...
Page 225 /ssa/slot/app-instance* # set resource-profile-name silver firepower /ssa/slot/app-instance* # Related Commands Command Description show app-attri Shows current application attributes. create resource-profile Creates a resource profile for use with constainer instances. show Shows available resource profiles. resource-profile-name Cisco Firepower 4100/9300 FXOS Command Reference...
Page 226 FP9300-A /security/default-auth # set session-timeout 240 FP9300-A /security/default-auth* # commit-buffer FP9300-A /security/default-auth # Related Commands Command Description set refresh-period Sets the Web session refresh period. show detail Displays the current session and absolute session timeout settings. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 227 FP9300-A /system/services* # commit-buffer FP9300-A /system/services # Related Commands Command Description create ssh-server Creates a new SSH server host key. delete ssh-server Deletes the existing SSH host key. show ssh-server Shows the host key size. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 228 FP9300-A /security/local-user # set sshkey "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuo9VQ2CmWBI9/S1f30klCWjnV3lgdXMzO0WUl5iPw85lkdQqap+NFuNmHcb4K iaQB8X/PDdmtlxQQcawclj+k8f4VcOelBxlsGk5luq5ls1ob1VOIEwcKEL/h5lrdbNlI8y3SS9I/gGiBZ9ARlop9LDpD m8HPh2LOgyH7Ei1MI8=" FP9300-A /security/local-user* # commit-buffer FP9300-A /security/local-user # Related Commands Command Description Creates a new local-user account. create local-user set password Specifies a password for a user account. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 229 /security/keyring # Command Description set cert Enters an RSA certificate for a keyring. set modulus Specifies the RSA key modulus (SSL key length) in bits. set regenerate Regenerates the RSA keys in the default keyring. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 230 FP9300-A /security/default-auth # Related Commands Command Description set authentication Specifies the default authentication service. set timeout values The set absolute-session-timeout, set con-absolute-session-timeout, set con-session-timeout, and set session-timeout commands are used to set various timeout values. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 231 FP9300-A /security* # commit-buffer FP9300-A /security # Related Commands Command Description clear lock-status Clears a user’s locked-out status. set max-login-attempts Specifies the maximum number of failed login attempts before the user is locked out of the system. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 232 /ssa/logical-device/mgmt-bootstrap/bootstrap-key* # exit firepower /ssa/logical-device/mgmt-bootstrap* # Related Commands Command Description create bootstrap-key Sets the firewall mode for the application. FIREWALL_MODE create logical-device Creates the logical device. create mgmt-bootstrap Creates the bootstrap configuration for the application. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 233 Use Expert Mode only if a documented procedure tells you it is required, or if the Cisco Technical Assistance Center asks you to use it. To enter this mode, use the expert command in the FTD CLI.
Page 234 /eth-uplink/fabric/interface/subinterface* # set vlan 12 firepower /eth-uplink/fabric/interface/subinterface* # set port-type data-sharing firepower /eth-uplink/fabric/interface/subinterface* # commit-buffer firepower /eth-uplink/fabric/interface/subinterface # Related Commands Command Description create port-channel Creates an EtherChannel (port channel). create subinterface Adds a subinterface. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 235 S Commands set vlan Command Description scope interface Enters the physical interface object. set port-type Sets the interface type. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 236 S Commands set vlan Cisco Firepower 4100/9300 FXOS Command Reference...
Page 237 277 • show interface brief (connect fxos), on page 280 • show inventory, on page 292 • show ip-block, on page 296 • show ipsec-log, on page 298 • show ipv6-block, on page 300 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 238 365 • show timezone, on page 368 • show trustpoint, on page 369 • show validate-task, on page 371 • show version, on page 373 • shutdown, on page 376 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 239 (Optional) Displays information about current resource allocations. Application instance (/ssa/slot/app-instance) mode Command Modes Cisco Firepower 4100/9300 FXOS Command Reference...
Page 240 Enabled Online 201.2.1.125 201.2.1.125 Native In Cluster Slave Related Commands Command Description scope app-instance Enters application instance mode for a specific application. show slot Shows general configuration information for a specific SSP module. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 241 Serial Console Absolute Session timeout(in secs): 3600 Default Realm: Local Authentication server group: Use of 2nd factor: No firepower /security # Command Description Creates a new authentication domain. create auth-domain Enters auth-domain mode for a specific authentication domain. scope auth-domain Cisco Firepower 4100/9300 FXOS Command Reference...
Page 242 Upgrade Status: Upgrade Complete Successful Current Task: FP9300-A /firmware-install # Related Commands Command Description install firmware Installs a firmware package. show download-task Shows information about firmware-package download operations Shows system firmware information. show firmware Cisco Firepower 4100/9300 FXOS Command Reference...
Page 243 ---- --------------- --------------- --------------- ---------------- ---------------- ------ ----------- 192.0.2.112 192.0.2.1 255.255.255.0 Operable firepower /fabric-interconnect # Related Commands Command Description scope fabric-interconnect Enters fabric interconnect mode. show ipv6-if Shows the current device management IPv6 address. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 244 (Optional) Displays information about the current heartbeat configuration for heartbeat-config the SSP. The detail and expand keywords are available with this option. monitor (Optional) Displays monitoring information for the SSP. The detail and expand keywords are available with this option. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 245 /ssa/slot # show Slot: Slot ID Log Level Admin State Oper State ---------- --------- ------------ ---------- Info Online firepower /ssa/slot # Related Commands Command Description scope slot Enters module configuration mode for a specific slot. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 246 /cabling/fabric # show breakout port breakout: Slot ID Port ID breakout type ---------- ---------- ------------- 1 10g 4x 2 10g 4x firepower /cabling/fabric # Related Commands Command Description create breakout Creates a new interface breakout. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 247 Enable/Disable HTTP/HTTPS Proxy: Off HTTP/HTTPS Proxy Server Address: HTTP/HTTPS Proxy Server Port: 80 SMTP Server Address: SMTP Server Port: 25 DOC-FP9300-A /monitoring # Related Commands Command Description scope callhome Enters Call Home configuration mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 248 Release Modification 1.1(1) Command added. Enabling certification compliance on a Firepower 4100/9300 chassis does not automatically propagate Usage Guidelines compliance to any of its attached logical devices. Example This example shows how to enter security mode and display current Common Criteria mode status...
Page 249 Organisational Unit Name (eg, section): Sec DNS name (subject alternative name): Request: -----BEGIN CERTIFICATE REQUEST----- MIIDEzCCAbsCAQAwEDEOMAwGA1UEAwwFdGVzdDEwggFiMA0GCSqGSIb3DQEBAQUA A4IBTwAwggFKAoIBQQCDnam/ZTgX8SYXeaYIMeVPeMLvOO7EemP7kEAHPpAqX9d6 3V5NIOLNnCfr7SL8gmLDFORanzZIYb9uxD7/z98xlrS3LdIB3GWCYw+IN1Hz5do/ uClI56thmN5nWgjEWGDwTnu+CD0tFn3qPg8wOpynutE+f43B4fyhWRpU5VO6I3Ma SRrR4Cp9CKju6U9lttqiNkt5VH3+peM+3AgF6suFF96tN2G+caIlwwf3h6EpFJ1e NE6CHUIQAdrKPtJVcmMYIYEmEogMYD1O0RXY+ionucK7id4JFAKLVFXPrzHGA3g7 n+xInFC84/2kM1TtapWHrMAOYcTiQ5UR6BJOpLT1V6yXTJrv/FrknJkZJUFKvOBX 9fvZ82UH9o+gWMD8rRBvsz94zGbjBm3SpKh1MLvXjR9af3koaiWMR45BSob0XwID AQABoD4wEwYJKoZIhvcNAQkHMQYMBHRlc3QwJwYJKoZIhvcNAQkOMRowGDAWBgNV HREEDzANggV0ZXN0MYcEAQEBATANBgkqhkiG9w0BAQsFAAOCAUEAClVpnjwB8KjD Okw6k9PaBde07a1eSWwmMd99rR3F9SmnWQMvFXj07m3dEgNRoTCMyxZXH3diDd6/ 0e9Ss91/FxORTI3ux+lXhKAOKjOJ5Urz1YLLjomHGrhGNpITQCm71r/fXIjPfUHx fwaN5lbgImiLI6copKMPY+XMPSFNvIuM4dTAZLHhn5PG0jRAztMNBogw+Fb659BH vad0QYrz2SHAiH7xETZXp3CTBX4jGhoCad8ffS4YdGQd73/jpu8Zy1nnd1jv7mEj H9GkSm8sQQfTwQX8RgbzegZGHu3/LxLO6XQDIRj9bTo1aa6zTuhwPyPs4MtdYbpv mGdEB8QAMHUChdPZdPC44XRPhjPyseig91j+Q1HUmFCMvzNGXksbY1rWj3T4G8gn z/g7x+OXX/31dLJA2yLx9osUsshmqjs= -----END CERTIFICATE REQUEST----- Cisco Firepower 4100/9300 FXOS Command Reference...
Page 250 Related Commands Command Description create certreq Creates a new keyring certificate request. create keyring Creates a new RSA keyring. delete certreq Deletes an existing keyring certificate request. Enters a keyring certificate request. enter certreq Cisco Firepower 4100/9300 FXOS Command Reference...
Page 251 (Optional) Displays power-supply unit status. The keyword detail is also available. version (Optional) Displays the version numbers of all the devices in the chassis. The keyword detail is also available. Any command mode Command Modes Cisco Firepower 4100/9300 FXOS Command Reference...
Page 252 This example shows how to display basic chassis information: FP9300-A# show chassis 1 Chassis: Chassis Overall Status Admin State ---------- ------------------------ ----------- 1 Accessibility Problem Acknowledged FP9300-A# Related Commands Command Description show server environment Shows server hardware information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 253 Specifies whether command output lines will wrap or truncate to fit the width of the terminal window, whether table headers are displayed, and whether commas or spaces will be used to separate fields in command output tables. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 254 This example shows how to display the current system date and time: FP9300-A# show clock Tue Apr 20 13:24:33 PDT 2010 FP9300-A# Related Commands Command Description set clock Sets the date and time manually. Shows currently set time zone. show timezone Cisco Firepower 4100/9300 FXOS Command Reference...
Page 255 Remote Result: Not Applicable Remote Error Code: None Remote Error Description: Status: Nop Previous Status: Nop Timestamp: Never Try: 0 Progress (%): 100 Current Task: FP9300-A # Related Commands Command Description Enters cloud connector mode. scope cloud-connector Cisco Firepower 4100/9300 FXOS Command Reference...
Page 256 Example This example shows how to display information about pending (uncommitted) configuration commands: FP9300-A# show configuration pending scope services create ntp-server 192.168.200.101 exit FP9300-A# Related Commands Command Description show cli Shows CLI-related status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 257 Admin State Local Address Remote Address ESP Mode Keyring Name ---------- ----------- ------------- -------------- --------- ------------ TEST Disabled Transport FP9300-A /security/ipsec # Related Commands Command Description show ipsec-log Shows IPSec connection logs. show stats Shows IPSec statistics. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 258 Protocol: Scp Server: 172.23.32.21 Port: 0 Userid: admin2 Path: /auto/sspdev/bios/MIO_Firmware/release_images/fpr9k/1.0.16 Downloaded Image Size (KB): 2118 Time stamp: 2018-05-14T09:30:01.047 State: Downloaded Status: Successful unpack the image Transfer Rate (KB/s): 192.545456 Current Task: FP9300-A /firmware # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 259 S Commands show download-task Related Commands Command Description install firmware Installs a firmware package. show firmware Shows system firmware information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 260 Example This example shows how to view a summary of the chassis environment: firepower# scope chassis firepower /chassis # show environment summary Chassis INFO : Total Power Consumption: 726.000000 Inlet Temperature (C): 35.000000 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 261 BLADE 1: Total Power Consumption: 258.000000 Processor Temperature (C): 61.000000 BLADE 2: Total Power Consumption: 270.000000 Processor Temperature (C): 65.500000 firepower /chassis # Related Commands Command Description Shows server hardware information. show server environment Cisco Firepower 4100/9300 FXOS Command Reference...
Page 262 Port Type: Mgmt Admin State: Enabled Oper State: Link Down State Reason: Link failure or not-connected <--- intevening lines removed for brevity ---> Port Name: Ethernet2/6 Port Type: Data Admin State: Disabled Oper State: Admin Down Cisco Firepower 4100/9300 FXOS Command Reference...
Page 263 Stats Threshold Policy: Name: default Full Name: fabric/lan/thr-policy-default Policy Owner: Local UDLD link policy: Name Admin State UDLD mode ---------- ----------- --------- default Disabled Normal firepower# Related Commands Command Description scope eth-uplink Enters Ethernet uplink mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 264 2025-12-23T04:17:00.677 176142 E4195252 [FSM:STAGE:STALE-SUCCESS]: keyring configuration on primary(FSM-STAGE:sam:dme:PkiEpUpdateEp:SetKeyRingLocal) <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description show sel Shows the contents of the system event log (SEL) of a server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 265 Id: A port breakout: Slot ID Port ID breakout type ---------- ---------- ------------- 1 10g 4x 2 10g 4x firepower /cabling # Related Commands Command Description create breakout Creates a new interface breakout. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 266 (Optional) Displays basic hardware information about the fabric. The keywords detail, expand and idavailable with this option. mac-aging (Optional) Displays MAC table aging time. mode (Optional) Displays fabric interconnect mode information. (Optional) Displays firmware version information. version Any command mode Command Modes Cisco Firepower 4100/9300 FXOS Command Reference...
Page 267 OOB Gateway OOB Netmask OOB IPv6 Address OOB IPv6 Gateway Prefix Operability ---- --------------- --------------- --------------- ---------------- ---------------- ------ ----------- 10.201.153.14 10.201.153.1 255.255.255.0 Operable FP9300-A# Related Commands Command Description scope fabric-interconnect Enters fabric interconnect mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 268 Overall Status: Operable Operability: Operable Threshold Status: OK Power State: On Presence: Equipped Thermal Status: OK Product Name: Cisco Firepower 9000 Series Fan PID: FPR9K-FAN VID: 01 Part Number: 73-17509-01 Vendor: Cisco Systems Inc Serial (SN): NWG194500D8 HW Revision: 0 Mfg Date: 2015-11-07T00:00:00.000...
Page 269 S Commands show fan-module Related Commands Command Description scope fan Scopes into a specific fan. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 270 A oper state: link-down, reason: Link failure or not-connected Major F0276 2025-12-16T07:08:08.542 78301 ether port 1/6 on fabric interconnect A oper state: link-down, reason: Link failure or not-connected Warning F16683 2025-12-16T07:08:00.670 78430 [FSM:STAGE:FAILED]: internal system backup(FSM-STAGE:sam:dme:MgmtBackupBackup:upload) Cisco Firepower 4100/9300 FXOS Command Reference...
Page 271 Message: End point timed out. Check for IP, port, password, disk space or network access related issues.#(sam:dme:MgmtBackupBackup:upload) <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description show server status Shows information on the status of a server. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 272 Release Modification 1.1(1) Command added. Enabling certification compliance on a Firepower 4100/9300 chassis does not automatically propagate Usage Guidelines compliance to any of its attached logical devices. Example This example shows how to enter security mode and display current FIPS mode status information:...
Page 273 FP9300-A /system # show firmware monitor FPRM: Package-Vers: 2.4(1.52) Upgrade-Status: Ready Fabric Interconnect A: Package-Vers: 2.4(1.52) Upgrade-Status: Ready Chassis 1: Server 1: Package-Vers: 2.4(1.52) Upgrade-Status: Ready Server 2: Package-Vers: 2.4(1.52) Upgrade-Status: Ready FP9300-A /system # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 274 S Commands show firmware Related Commands Command Description activate firmware Activates a firmware package. show server firmware Shows server firmware versions and status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 275 Cipher suite mode: Medium Strength Cipher suite: ALL:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DES-CBC3-SHA: !ADH:!3DES:!EXPORT40:!EXPORT56:!LOW:!RC4:!MD5:!IDEA:+HIGH:+MEDIUM:+EXP:+eNULL Https authentication type: Cred Auth Crl mode: Relaxed FP9300-A /system/services # Related Commands Command Description set https auth-type Specifies the type of authentication for HTTPS access. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 276 • pool-info —Displays IPv6-address information for the pool. The detail keyword is also available. • profile-info —Displays IPv6-address information for the profile. The detail keyword is also available. • IPv6_address—Displays identity information for the specified IPv6 address. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 277 • uuid —Displays identity information for the specified UUID; entered in the form FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF • pool-info —Displays UUID identity information for the pool. The detail keyword is also available. • profile-info —Displays UUID identity information for the profile. The detail keyword is also available. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 278 IP Address: 192.0.2.12 Assigned: No Assigned Service Profile: Owner: Pool <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description show server identity Shows identity information for a servers, adapters and interfaces. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 279 Data Disabled Sfp Not Present Unknown Ethernet2/4 Data Disabled Sfp Not Present Unknown Ethernet2/5 Data Disabled Sfp Not Present Unknown Ethernet2/6 Data Disabled Sfp Not Present Unknown Ethernet2/7 Data Disabled Sfp Not Present Unknown Cisco Firepower 4100/9300 FXOS Command Reference...
Page 280 Network Control Policy: default Current Task: [...] The following is sample output from the show interface expand command. firepower# scope eth-uplink firepower /eth-uplink # scope fabric a firepower /eth-uplink/fabric # show interface expand Interface: Port Name: Ethernet1/2 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 281 Allowed Vlan: Untagged State Reason: Sub Interface: Sub-If Id Sub-Interface Name VLAN Port Type ---------- ------------------ ----------- --------- 100 Ethernet1/5.100 Data Sharing Related Commands Command Description show port-channel Shows EtherChannel status. Shows subinterface status. show subinterface Cisco Firepower 4100/9300 FXOS Command Reference...
Page 282 10G(D) -- Eth2/6 1qtunl down SFP not inserted 10G(D) -- Eth2/7 1qtunl down SFP not inserted 10G(D) -- Eth2/8 1qtunl down SFP not inserted 10G(D) -- -------------------------------------------------------------------------------- Port-channel VLAN Type Mode Status Reason Speed Protocol Cisco Firepower 4100/9300 FXOS Command Reference...
Page 283 Veth2636 virt trunk none auto Veth2637 virt trunk none auto Veth2638 virt trunk down nonParticipating auto Veth2639 virt trunk none auto Veth2640 virt trunk none auto Veth2660 virt trunk none auto Cisco Firepower 4100/9300 FXOS Command Reference...
Page 284 – interface is in test mode; no operational packets can be passed testing – trunking is enabled trunking – link is up, but port is not yet fully operational for traffic to the data plane, link up although it is operational for control protocols Cisco Firepower 4100/9300 FXOS Command Reference...
Page 285 S Commands show interface brief (connect fxos) Field Description Reason Cisco Firepower 4100/9300 FXOS Command Reference...
Page 286 Isolation due to zone merge failure Isolation due to vsan not configured on peer Parent Interface Admin Down Tunnel port src interface unbound Interface is removed SFP not present Error disabled due to SFP vendor not supported Cisco Firepower 4100/9300 FXOS Command Reference...
Page 287 Isolation due to port security failure Isolation due to fabric bind failure Isolation due to no common vsans with peer on trunk Ficon vsan down Invalid attachment Ficon not configured on peer Port blocked due to Ficon Cisco Firepower 4100/9300 FXOS Command Reference...
Page 288 Link failure OPNy timeout while receive queue not empty Link failure OPNy returned while receive queue not empty Link failure Link reset failed queue not empty Link failure or notconnected Isolation due to FCSP failure SFP checksum error Cisco Firepower 4100/9300 FXOS Command Reference...
Page 289 UDLD Tx Rx loop UDLD neighbor mismatch UDLD empty echo UDLD detected link failure in aggressive mode Port connector type error Error disabled due to reinit limit reached Duplicate port num in VSAN Internal RCF in progress Cisco Firepower 4100/9300 FXOS Command Reference...
Page 290 Port capabilities not known Mismatch in source and transport VRF Forward referencing transport VRF two tunnel interface with same configuration is not allowed Too many link flaps in a short interval Primary vlan is down. VRF Unusable Cisco Firepower 4100/9300 FXOS Command Reference...
Page 291 FEX ID not configured on fabric port Error disabled due to IP QoS policy application failure Router mac allocation failed VLAN/BD does not exist VLAN/BD is down VLAN type is invalid DCX Multiple MSAP IDs recieved for the port Cisco Firepower 4100/9300 FXOS Command Reference...
Page 292 – auto-negotiated, 100006 Mbps a-100G appended to a speed entry indicates a dedicated interface, while Note indicates it is shared. Port channel # ID number of the port channel to which interface is assigned, if any. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 293 IP Address Port IP address Port MTU (maximum transmission unit) size Related Commands Command Description In connect fxos mode, shows port information. show port In connect fxos mode, shows VLAN information. show vlan Cisco Firepower 4100/9300 FXOS Command Reference...
Page 294 Command History Release Modification 1.1(1) Command added. You can use this command without any arguments or keywords to display basic chassis information. Usage Guidelines Example This example shows how to view expanded chassis inventory information: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 295 /chassis # show inventory expand Chassis 1: Servers: Server 1/1: Equipped Product Name: Cisco Firepower 9000 Series Security Module Equipped PID: FPR9K-SM-24 Equipped VID: V01 Equipped Serial (SN): FCH19057S0L Slot Status: Equipped Acknowledged Product Name: Cisco Firepower 9000 Series Security Module...
Page 296 Power State: Online Presence: Equipped Thermal Status: N/A Voltage Status: N/A Fabric Card 2: Description: Firepower 4x100G QSFP28 NM Number of Ports: 4 State: Online Vendor: Cisco Systems, Inc. Model: FPR-NM-4X100G HW Revision: 0 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 297 Model: FPR9K-NM-4X40G HW Revision: 0 Serial (SN): JAD191601DK Perf: N/A Power State: Online Presence: Equipped Thermal Status: N/A Voltage Status: N/A firepower /chassis # Related Commands Command Description show environment Shows chassis hardware status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 298 FP9300-A /system/services # show ip-block detail IP Address: 209.165.201.1 Prefix Length: 24 Protocol: https Permitted IP Block: IP Address: 0.0.0.0 Prefix Length: 0 Protocol: snmp IP Address: 209.165.202.129 Prefix Length: 24 Protocol: ssh FP9300-A /system/services # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 299 S Commands show ip-block Related Commands Command Description create ip-block Creates an IPv4 block. delete ip-block Deletes an existing IPv4 block. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 300 Feb 10 23:40:02 15[CFG] <test-connection|69> reached self-signed root ca with a path length of 1 Feb 10 23:40:02 15[IKE] <test-connection|69> authentication of 'C=US, ST=CA, O=Cisco, OU=STBU, CN=SSP, E=ssp@ssp.net' with RSA signature successful Feb 10 23:40:02 15[IKE] <test-connection|69> IKE_SA test-connection[69] established between 192.168.0.174[C=US, ST=CA, O=Cisco, OU=STBU, CN=SSP]...
Page 301 S Commands show ipsec-log FP9300-A /security/ipsec # Related Commands Command Description set log-level Sets the IPSec log verbosity. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 302 FP9300-A /system/services # show ip-block detail IP Address: 2001:DB8:1::1 Prefix Length: 64 Protocol: https Permitted IP Block: IP Address: 0:0:0:0:0:0:0:0 Prefix Length: 0 Protocol: snmp IP Address: 2001:DB8:0:ABCD::1 Prefix Length: 64 Protocol: ssh FP9300-A /system/services # Cisco Firepower 4100/9300 FXOS Command Reference...
Page 303 S Commands show ipv6-block Related Commands Command Description create ipv6-block Creates an IPv6 block. delete ipv6-block Deletes an existing IPv6 block. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 304 FP9300-A /fabric-interconnect/ipv6-config # show ipv6-if Management IPv6 Interface: IPv6 Address Prefix IPv6 Gateway ----------------------------------- ---------- ------------ 2001::8998 2001::1 FP9300-A /fabric-interconnect/ipv6-config # Related Commands Command Description scope fabric-interconnect Enters fabric interconnect mode. scope ipv6-config Enters IPv6 configuration mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 305 Next Renewal Attempt: Jul 28 03:02:49 2017 CDT Registration Expires: Jun 27 06:05:09 2018 CDT License Authorization: Status: AUTHORIZED on Jul 05 18:19:38 2017 CDT Last Communication Attempt: SUCCESS on Jul 05 18:19:38 2017 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 306 S Commands show license Next Communication Attempt: Aug 08 14:50:41 2017 CDT <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description scope license Enters license mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 307 User SSH public key: FP9300-A /security # Related Commands Command Description create local-user Creates a new local user account. delete local-user Deletes an existing local user account. Enters an existing local user account. enter local-user Cisco Firepower 4100/9300 FXOS Command Reference...
Page 308 A2:46:C4:00:01:87 ftd2 Ethernet1/2 A2:46:C4:00:01:88 ftd1 Port-channel21 A2:46:C4:00:01:89 ftd1 Ethernet1/8 The following is sample output from the show mac-address detail command. firepower# scope ssa firepower /ssa # scope auto-macpool firepower /ssa/auto-macpool # show mac-address detail Cisco Firepower 4100/9300 FXOS Command Reference...
Page 309 Owner Profile: ftd1 Owner Name: Ethernet1/4 Related Commands Command Description Creates an EtherChannel (port channel). create port-channel Adds a subinterface. create subinterface scope interface Enters the physical interface object. set port-type Sets the interface type. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 310 RX packets:174151 errors:0 dropped:0 overruns:0 frame:0 TX packets:101268 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15273492 (14.5 MiB) TX bytes:80246582 (76.5 MiB) firepower(local-mgmt)# Related Commands Command Description show open-network-ports Shows all open network ports. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 311 /ssa/slot # show monitor detail Monitor: OS Version: 2.4(1.101) CPU Total Load 1 min Avg: 4.790000 CPU Total Load 5 min Avg: 4.790000 CPU Total Load 15 min Avg: 4.780000 Memory Total (MB): 251844 Memory Free (MB): 222084 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 312 ----------- ----------- --------------- -------------- -------------- /dev/sda1 /mnt/boot 7614 7451 /dev/sda2 /opt/cisco/config 1846 1707 /dev/sda3 /opt/cisco/platform/logs 4565 4278 /dev/sda5 /var/data/cores 46807 44368 /dev/sda6 /opt/cisco/csp 699651 653295 46356 Related Commands Command Description show resource Shows resource usage. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 313 This example shows how to display current clock-synchronization status for chassis and any logical devices installed on the chassis: FP9300-A# show ntp-overall-status NTP Overall Time-Sync Status: Time Synchronized FP9300-A# Related Commands Command Description show clock Displays the system clock. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 314 Command History Release Modification 1.1(1) Command added. Example This example shows how to display current organization information: FP9300-A# show org Organizations: Name: / (root) FP9300-A# Related Commands Command Description scope org Enters organization (/org) mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 315 The detail and expand keywords are also available with this option. name (Optional) Displays information for the specified package. The detail, expand and type keywords are also available with this option. Firmware mode Command Modes Command History Release Modification 1.1(1) Command added. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 316 FP9300-A /firmware # show package fxos-k9.2.3.1.51.SPA expand Package fxos-k9.2.3.1.51.SPA: Images: fxos-k9-bundle-infra.2.3.1.51.SPA fxos-k9-bundle-server.2.3.1.51.SPA FP9300-A /firmware # Related Commands Command Description show server firmware Shows server firmware versions and status information. verify platform-pack Verifies a specified FXOS platform image. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 317 Password history count: 5 No password changes allowed (in Hours): 24 Password change during interval: Enable Password change interval (in Hours): 48 Password change count: 2 FP9300-A# Related Commands Command Description scope password-profile Enters password profile mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 318 FP9300-A /chassis/server # show post POST: Global ID Code Severity Affected Object Description --------- -------- --------- ---------------------- ------------ Post 608 Info sys/chassis-1/blade-1 Invalid DIMM Configuration Related Commands Command Description show server bios Shows server BIOS firmware information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 319 Vendor: Cisco Systems Inc Serial (SN): DTM190705G3 HW Revision: 0 Firmware Version: N/A Type: DV Wattage (W): 0 Input Source: Unknown PSU: 2 Overall Status: Operable Operability: Operable Threshold Status: OK Power State: On Presence: Equipped Cisco Firepower 4100/9300 FXOS Command Reference...
Page 320 HW Revision: 0 Firmware Version: N/A Type: DV Wattage (W): 2500 Input Source: 210AC 50 380DC firepower /chassis # Related Commands Command Description show inventory Shows information about the chassis and its installed modules. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 321 This example shows how to view service registry information: FP9300-A# show registry-repository Service Registry: Name: ID: 1000 IP: 0.0.0.0 Type: Service Reg Version: Capability: Unspecified FP9300-A# Related Commands Command Description show service-profile Shows service profile information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 322 Resource: Allocated Core NR: 6 Allocated RAM (MB): 29593 Allocated Data Disk (MB): 40960 Allocated Binary Disk (MB): 3907 Allocated Secondary Disk (MB): 0 Related Commands Command Description show monitor detail Shows resource usage. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 323 S Commands show resource Command Description show resource-profile Shows resource profile information. show resource-profile Views resource profile assignments. user-defined Cisco Firepower 4100/9300 FXOS Command Reference...
Page 324 ------------------ ---------- ------------ ---------- --------------- ---------------------- -------------- --------------- ------------ ----------- bronze 0 No User Defined low end device DEFAULT-4110-RESOURCE 8.13.01.09-2 No FPR4K-SM-12 16384 Yes System DEFAULT-RESOURCE 8.13.01.09-2 No FPR9K-SM-56, FPR9K-SM-44, FPR9K-SM-36, FPR9K-SM-24, FPR4K-SM-44, FPR4K-SM-36, FPR4K-SM-24 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 325 Sets the number of CPUs for the resource profile. Assigned the resource profile to the application instance. set resource-profile-name Shows resource usage for the security module/engine slot. show monitor detail show resource detail Shows resource allocation for the application instance. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 326 This example shows how to display expanded information for security mode: FP9300-A# show security detail security mode: Password Strength Check: No Minimum Password Length: 8 Current Task: FP9300-A# Related Commands Command Description scope security Enters security mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 327 9 | 12/16/2015 23:10:03 | CIMC | Processor DDR4_P2_H2_TMP #0x 72 | Limit Not Exceeded | Asserted --More-- <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description Enters server mode. scope server Cisco Firepower 4100/9300 FXOS Command Reference...
Page 328 Server 1/2: Last Update: 2017-07-19T17:43:14.980 LocalStorageAny (1) Not found. Please verify presence of device and p resence of UEFI loader on device firepower# Related Commands Command Description show server boot-order Shows server boot order. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 329 This example shows how to display identity information about the installed network adapters: firepower# show server adapter identity Server 1/1: Burned-In UUID: 84928111-2710-4e7c-b664-91bce5b5dfbd Dynamic UUID: 84928111-2710-4e7c-b664-91bce5b5dfbd Adapter 1: Product Name: Cisco Firepower 9000 series MLOM Adapter PID: FPR-C9300-MP VID: V01 Vendor: Cisco Systems Inc Serial: JAD190702J1 Revision: 0...
Page 330 15 00:15:A5:00:00:3F Ext Interface: Adapter Interface Mac ------- --------- --- 1 BA:DB:AD:BA:D6:08 5 BA:DB:AD:BA:D6:09 Adapter 2: Product Name: Cisco Firepower 9000 series MEZZ Adapter <--- remaining lines removed for brevity ---> firepower# Related Commands Command Description scope adapter Enters adapter mode.
Page 331 This example shows how to display service profiles associated with the system servers: FP9300-A# show server assoc Server Association Service Profile ------- ------------ --------------- Associated ssp-sprof-1 Associated ssp-sprof-2 FP9300-A# Related Commands Command Description Shows service profile information. show service-profile Cisco Firepower 4100/9300 FXOS Command Reference...
Page 332 Running-Vers: FXOSSM1.1.2.1.3.031420161207 Package-Vers: 2.0(1.135) Init Sequence: 0x0a:0x0a:0x0d:0x0d:0x0b:0x0b:0x01:0x01:0x 00:0x00:0x03:0x03:0x00:0x00:0x02:0x02:0x83:0x83:0xae:0xad Init Time: 2015-11-23T19:24:13.159 Server 1/2: Model: FPR9K-SM-24 Revision: 0 Serial: Vendor: Cisco Systems, Inc. Running-Vers: FXOSSM1.1.2.1.3.031420161207 Package-Vers: 2.0(1.135) Init Sequence: 0x0a:0x0a:0x0d:0x0d:0x0b:0x0b:0x01:0x01:0x 00:0x00:0x03:0x03:0x00:0x00:0x02:0x02:0x83:0x83:0xae:0xad Init Time: 2015-11-23T18:56:23.148 FP9300-A# Cisco Firepower 4100/9300 FXOS Command Reference...
Page 333 S Commands show server bios Related Commands Command Description show server version Shows current server software versions and status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 334 Boot Storage: Order: 1 Local Storage: Name: local-storage Boot Any Local Device: Order: 1 Type: Local Any Full Name: sys/chassis-1/blade-2/boot-policy Reboot on Update: No Boot Mode: Uefi Boot Storage: Order: 1 Local Storage: Name: local-storage Cisco Firepower 4100/9300 FXOS Command Reference...
Page 335 S Commands show server boot-order Boot Any Local Device: Order: 1 Type: Local Any <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description show server Shows actual server boot order. actual-boot-order Cisco Firepower 4100/9300 FXOS Command Reference...
Page 336 --- -------------------- ----------------- ------ ------- ---- ----------- 1 Equipped Xeon CPU1 2.200000 2 Equipped Xeon CPU2 2.200000 FP9300-A# Related Commands Command Description show server inventory Displays information about the servers installed in this device. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 337 FP9300-A# show server decommissioned Vendor Model Serial (SN) Server ----------------- ---------- ----------- ------ Cisco Systems Inc R210-2121605W QCI1442AHFX 2 FP9300-A # Related Commands Command Description Displays information about the servers installed in this device. show server inventory Cisco Firepower 4100/9300 FXOS Command Reference...
Page 338 Usage Guidelines Example This example shows how to display detailed status information for installed network adapters on all servers: FP9300-A# show server environment adapter detail Server 1/1: Overall Status: Ok Operability: Operable Oper Power: On Cisco Firepower 4100/9300 FXOS Command Reference...
Page 339 Oper Power: On Adapter 1: Threshold Status: N/A Overall Status: Operable Operability: Operable <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description show system Shows information about the systems configured on this device. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 340 (Optional) Displays management-controller versions and status. The keyword boardcontroller detail is also available. cimc (Optional) Displays Cisco Integrated Management Controller versions and status. The keyword detail is also available. detail (Optional) Displays detailed firmware and status information in list form.
Page 341 Local Disk 2: Running-Vers: EM14 Package-Vers: Activate-Status: Ready Local Disk 1: Running-Vers: EM14 Package-Vers: Activate-Status: Ready Local Disk 2: Running-Vers: EM14 Package-Vers: Activate-Status: Ready FP9300-A# Related Commands Command Description scope firmware Enters firmware mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 342 5 B0:AA:77:2F:F0:DD 6 00:15:A5:00:00:9D 7 00:15:A5:00:00:BE 8 00:15:A5:00:00:FE 9 00:15:A5:00:00:8D 10 00:15:A5:00:00:5D 11 00:15:A5:00:00:6D 12 00:15:A5:00:00:CE 13 00:15:A5:00:00:DE 14 00:15:A5:00:01:1E 15 00:15:A5:00:00:1E 1 B0:AA:77:2F:F0:FD 2 B0:AA:77:2F:F0:CE 3 B0:AA:77:2F:F0:EE 4 00:15:A5:00:01:0E 5 00:15:A5:00:00:0E 6 00:15:A5:00:00:3E Cisco Firepower 4100/9300 FXOS Command Reference...
Page 343 10 00:15:A5:00:00:2E 11 00:15:A5:00:00:5E 12 00:15:A5:00:00:4E 13 00:15:A5:00:00:7E Ext Interface: Adapter Interface Mac ------- --------- --- 1 B0:AA:77:21:19:1E 5 B0:AA:77:21:19:1F 1 B0:AA:77:21:19:42 5 B0:AA:77:21:19:43 FP9300-A# Related Commands Command Description Enters server mode. scope server Cisco Firepower 4100/9300 FXOS Command Reference...
Page 344 (Optional) Displays firmware and status information for a particular server, specified with its dynamic universally unique identifier (UUID), entered in the form NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN Any command mode Command Modes Cisco Firepower 4100/9300 FXOS Command Reference...
Page 345 Ackd Memory (MB) Ackd Cores ------- ------------ ------------ -------------------- ------ ---------- ---------------- ---------- FPR9K-SM-24 FLM1949C6J5 Equipp 262144 FPR9K-SM-24 FLM1949C6J1 Equipp 262144 Empty FP9300-A# Related Commands Command Description show server environment Shows current server status information. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 346 Location: A1 Presence: Equipped Overall Status: Operable Visibility: Yes Vendor: 0xAD00 Vendor Part Number: HMA42GR7MFR4N-TF Vendor Serial (SN): 244BC0A6 HW Revision: 0 Form Factor: DIMM Type: Undisc Capacity (MB): 16384 Clock: 2133 Latency: 0.500000 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 347 Type: Undisc Capacity (MB): Unknown Clock: Unknown Latency: Unknown Width: Unknown <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description Shows identity information for a servers, adapters and interfaces. show server identity Cisco Firepower 4100/9300 FXOS Command Reference...
Page 348 FP9300-A# show server status 1/1 Server Slot Status Overall Status Discovery ------ ----------- -------------- --------- Equipped Complete Equipped Complete Empty FP9300-A# Related Commands Command Description Shows information about the servers installed in this device. show server inventory Cisco Firepower 4100/9300 FXOS Command Reference...
Page 349 Controller Status: Optimal Local Disk 1: Vendor: SAMSUNG Model: MZIES800HMHP/003 Serial: S1N2NYAG800062 HW Rev: 0 Operability: Operable Presence: Equipped Size (MB): 761985 Drive State: Online Power State: Active Link Speed: 12 Gbps Device Type: SSD Cisco Firepower 4100/9300 FXOS Command Reference...
Page 350 Local Disk 2: Vendor: SAMSUNG Model: MZIES800HMHP/003 Serial: S1N2NYAG800100 HW Rev: 0 <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description show server inventory Shows information about the servers installed in this device. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 351 (Optional) Displays management-controller versions and status. The keyword boardcontroller detail is also available. cimc (Optional) Displays Cisco Integrated Management Controller versions and status. The keyword detail is also available. detail (Optional) Displays detailed firmware and status information in list form.
Page 352 Running-Vers: EM14 Package-Vers: Activate-Status: Ready Local Disk 1: Running-Vers: EM14 Package-Vers: Activate-Status: Ready Local Disk 2: Running-Vers: EM14 Package-Vers: Activate-Status: Ready FP9300-A# Related Commands Command Description show server firmware Shows server firmware versions and status. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 353 • server {id|server_id}—Displays service-profile circuit information for the specified server; id is a value between 1 and 255; server_id is specified as chassis-number/blade-number. • uuid {derived|dynamic_uuid}—Displays service-profile circuit information for the specified UUID, entered in the form NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN Cisco Firepower 4100/9300 FXOS Command Reference...
Page 354 • server {id|server_id}—Displays service-profile identity information for the specified server; id is a value between 1 and 255; server_id is specified as chassis-number/blade-number. • uuid {derived|dynamic_uuid}—Displays service-profile identity information for the specified UUID, entered in the form NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN Cisco Firepower 4100/9300 FXOS Command Reference...
Page 355 1 and 255; server_id is specified as chassis-number/blade-number. • storage—Displays server, local disk and RAID information associated with the service profiles. • uuid {derived|dynamic_uuid}—Displays service-profile inventory information for the specified UUID, entered in the form NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN Cisco Firepower 4100/9300 FXOS Command Reference...
Page 356 UUID, entered in the form NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN • voltage —Displays server status, power and voltage information for the service profiles. Any command mode Command Modes Command History Release Modification 1.1(1) Command added. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 357 Voltage Status: OK CMOS Battery Voltage Status: Ok Mother Board Power Usage Status: Ok Motherboard Temperature Statistics: Motherboard Front Temperature (C): 42.000000 Motherboard Rear Temperature (C): 57.000000 <--- remaining lines removed for brevity ---> FP9300-A# Cisco Firepower 4100/9300 FXOS Command Reference...
Page 358 S Commands show service-profile Related Commands Command Description scope service-profile Enters service profile mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 359 Rekey Limit Volume: None Time: None FP9300-A /system/services # Command Description create ssh-server Creates a new SSH server host key. delete ssh-server Deletes the existing SSH server host key. set ssh-server Sets the SSH host key size. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 360 Listening IP addresses: 10.122.150.220 192.15.1.250 192.15.1.251 192.3.0.254 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 361 Connections: Security Associations (0 up, 0 connecting): none Time Stamp: 2018-07-11T17:20:17.542 FP9300-A /security/ipsec # Related Commands Command Description show connection Shows configuration information for the current IPSec connections. show ipsec-log Shows IPSec connection logs. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 362 /eth-uplink/fabric/interface # show subinterface detail Sub Interface: Sub-If Id: 100 Sub-Interface Name: Ethernet1/5.100 VLAN: 100 Port Type: Data Related Commands Command Description create port-channel Creates an EtherChannel (port channel). create subinterface Adds a subinterface. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 363 S Commands show subinterface Command Description scope interface Enters the physical interface object. set port-type Sets the interface type. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 364 Activate-Status: Ready Upgrade Status: SUCCESS FPGA: Running-Vers: 1.05 Package-Vers: 1.0.11 Activate-Status: Ready FP9300-A /chassis # Related Commands Command Description show version Shows current software versions and status information for each server on the chassis. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 365 Running-Vers: 4.2(1.62)T Package-Vers: 2.2(1.63) Activate-Status: Ready Management Extension: Running-Vers: 2.2(1.8) Package-Vers: 2.2(1.63) Activate-Status: Ready Fabric Interconnect A: Running-Kern-Vers: 5.0(3)N2(4.21.62) Running-Sys-Vers: 5.0(3)N2(4.21.62) Package-Vers: 2.2(1.63) Startup-Kern-Vers: 5.0(3)N2(4.21.62) Startup-Sys-Vers: 5.0(3)N2(4.21.62) Act-Kern-Status: Ready Act-Sys-Status: Ready Bootloader-Vers: Chassis 1: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 366 Update-Status: Ready Activate-Status: Ready Adapter 1: Running-Vers: 4.0(1.57) Package-Vers: 2.2(1.63) Update-Status: Ready Activate-Status: Ready Adapter 2: Running-Vers: 4.0(1.57) <--- remaining lines removed for brevity ---> FP9300-A# Related Commands Command Description Enters system mode. scope system Cisco Firepower 4100/9300 FXOS Command Reference...
Page 367 • detail – Use this keyword to save detailed troubleshooting information to a file in the directory on the device. techsupport If you do not enter either keyword, the brief output is displayed on your terminal screen. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 368 Use this command to view or save a collection of log messages, configuration information, and command Usage Guidelines output for transmission to Cisco Technical Assistance; this data is used to determine the status of the device hardware and software. Use the copy command in local management mode to transfer a troubleshooting file to another device or location.
Page 369 81719296 bytes used 3712552960 bytes free firepower(local-mgmt)# Related Commands Command Description copy In local management mode, makes a copy of the specified file. In local management mode, lists the contents of the current directory. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 370 Modification 1.1(1) Command added. Example This example shows how to display the current time zone: FP9300-A# show timezone Timezone: America/Chicago FP9300-A# Related Commands Command Description set timezone Sets the time zone for the device. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 371 FP9300-A /security # show trustpoint CHdefault Trustpoint CA: Trustpoint Name Trustpoint certificate chain Cert Status --------------- ---------------------------- ----------- CHdefault -----BEGIN CERTIFICATE----- MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH Cisco Firepower 4100/9300 FXOS Command Reference...
Page 372 5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq -----END CERTIFICATE----- Valid FP9300-A /security # Command Description set certchain Enters a list (or chain) of certificates for a trustpoint. Sets the certificate trustpoint for a keyring. set trustpoint Cisco Firepower 4100/9300 FXOS Command Reference...
Page 373 Overall Status String: Pack Name: fxos-k9-bundle-server.2.3.1.51.SPA Pack Version: 2.3(1.51) Validation Time Stamp: Never Validation State: None Overall Status String: Pack Name: fxos-k9.2.3.1.51.SPA Pack Version: 2.3(1.51) Validation Time Stamp: 2017-10-25T16:53:30.914 Validation State: None Overall Status String: Ok Cisco Firepower 4100/9300 FXOS Command Reference...
Page 374 S Commands show validate-task FP9300-A /firmware # Related Commands Command Description download image Downloads an FXOS software image to the Firepower 4100/9300 chassis. Verifies the integrity of a downloaded FXOS platform bundle. verify platform-pack Cisco Firepower 4100/9300 FXOS Command Reference...
Page 375 Server mode – shows software-version and status information for the connected serverʼs components Command History Release Modification 1.1(1) Command added. The package-version keyword is available only in adapter, chassis, fabric-interconnect, server, and system Usage Guidelines modes. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 376 Adapter 1: Running-Vers: 4.0(1.67) Package-Vers: 2.3(1.51) Update-Status: Ready Activate-Status: Ready Bootloader-Update-Status: Ready Adapter 2: Running-Vers: 4.0(1.67) Package-Vers: 2.3(1.51) Update-Status: Ready Activate-Status: Ready Bootloader-Update-Status: Ready BIOS: Running-Vers: FXOSSM1.1.2.1.6.072020171212 Package-Vers: 2.3(1.51) Update-Status: Ready Activate-Status: Ready SSP OS: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 377 CIMC: Running-Vers: 3.1(23a) Package-Vers: 2.3(1.51) Update-Status: Ready Activate-Status: Ready <--- remaining lines removed for brevity ---> FP9300-A /chassis # Related Commands Command Description Shows current server software versions and status information. show server version Cisco Firepower 4100/9300 FXOS Command Reference...
Page 378 System is safe to power off after "System halted." message is seen FP9300-A /chassis # Broadcast message from root@DOC-FP9300-A (Fri Apr 13 16:27:04 2018): All shells being terminated due to system /sbin/shutdown Related Commands Command Description reboot Restarts the chassis or fabric-interconnect. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 379 P A R T T W Commands • T – W Commands, on page 379...
Page 381 381 • traceroute (connect local-mgmt), on page 382 • traceroute6 (connect local-mgmt), on page 383 • up, on page 384 • verify platform-pack, on page 385 • where, on page 387 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 382 FP9300-A# Related Commands Command Description set cli Specifies whether command output lines wrap or truncate, whether table headers are displayed, and whether commas or spaces are used to separate fields in command output tables. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 383 Any command mode Command Modes Command History Release Modification 1.1(1) Command added. Example This example shows how to enter root from any mode: FP9300-A /system/services # top FP9300-A# Related Commands Command Description Moves up one mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 384 2.038 ms 2.028 ms net1-sec-gw2.cisco.com (198.51.100.201) 0.540 ms 0.591 ms 0.577 ms net1-fp9300-19.cisco.com (198.51.100.108) 0.336 ms 0.267 ms 0.289 ms firepower(local-mgmt)# Related Commands Command Description ping Pings the device at a specified destination (IPv4 address). Cisco Firepower 4100/9300 FXOS Command Reference...
Page 385 2.038 ms 2.028 ms net1-sec-gw2.cisco.com (2001:DB8:1::8) 0.540 ms 0.591 ms 0.577 ms net1-fp9300-19.cisco.com (2001:DB8:1::7) 0.336 ms 0.267 ms 0.289 ms firepower(local-mgmt)# Related Commands Command Description ping6 Pings the device at a specified destination (IPv6 address). Cisco Firepower 4100/9300 FXOS Command Reference...
Page 386 Related Commands Command Description exit Exits the current CLI session and disconnects from the device, or exits from a connected object mode and returns to the root (EXEC) level. Enters root (EXEC) from any mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 387 Security Module FXOS 2.3(1.50) INFO: There is no service impact to install this FXOS platform software 2.3(1.51) Verifying FXOS platform software package 2.3(1.51). Verification could take several minutes. Do you want to proceed? (yes/no) [yes]: Cisco Firepower 4100/9300 FXOS Command Reference...
Page 388 T W Commands verify platform-pack Related Commands Command Description download image Downloads an FXOS software image to the Firepower 4100/9300 chassis. show validate-task Displays the status of the image verification process. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 389 FP9300-A /org/service-profile # where Mode: /org/service-profile Mode Data: scope org enter org org10 enter service-profile sp10 instance FP9300-A /org/service-profile # Related Commands Command Description Moves to top (EXEC) level from any mode. Moves up one mode. Cisco Firepower 4100/9300 FXOS Command Reference...
Page 390 T W Commands where Cisco Firepower 4100/9300 FXOS Command Reference...
Page 391 P A R T connect shell Commands • connect shell Commands, on page 391...
Page 393 Command List, on page 392 • connect cimc: Command List, on page 394 • connect fxos: Command List, on page 396 • connect local-mgmt: Command List, on page 409 • connect module: Command List, on page 414 Cisco Firepower 4100/9300 FXOS Command Reference...
Page 394 37 for information about the connect adapter command. Attention These commands should be used only when troubleshooting virtualized network adapters with Cisco TAC supervision. Table 5: Commands Available in the Adapter ʼ s Primary Command Shell Command...
Page 395 Shows command history Shows lif information login Shows login information pertaining to vnic Shows Nameserver and Report LUN's response information for vnic lunlist Shows lunmap information pertaining to vnic lunmap Shows vnic information vnic Cisco Firepower 4100/9300 FXOS Command Reference...
Page 396 Lists memory and load statistics. messages messages [dump|follow|tail] dump - Dump the /var/log/messages file follow - Tail and Follow /var/log/messages file tail - Dump the last 100 messages mezz1fru Show the mezz card 1 FRU information Cisco Firepower 4100/9300 FXOS Command Reference...
Page 397 This command performs interactive debug authentication with the aid of the user and Cisco support personnel. tasks Dump Running Task Information Run TOP Process Monitoring update Current Firmware Update Status users Dump IPMI Users Get the Version Information version Cisco Firepower 4100/9300 FXOS Command Reference...
Page 398 - Enable filtering for debugging functions ethanalyzer - Configure cisco packet analyzer terminal - Set terminal line parameters test - Test command NTP configuration sync-retry - Retry synchronization with configured servers Show running system information; see following table show Cisco Firepower 4100/9300 FXOS Command Reference...
Page 399 – Name (optional) push Push current mode to stack or save it under name name – Name (optional) Shows the cli context you are in where detail – Shows each entry on separate line (optional) Cisco Firepower 4100/9300 FXOS Command Reference...
Page 400 Commands connect fxos: Command List Table 10: Debug, Show and Terminal Commands Available in the FXOS Command Shell Command Additional Information debug Cisco Firepower 4100/9300 FXOS Command Reference...
Page 401 – Configure FC2 debugging fc2d – Configure fc2d debug fcdomain – Enable fcdomain debugging fcfwd – Enable fcfwd debugging fcns – Debug name server fcoe_klm – Configure FCOE_KLM debugging fcpc – Configure fcpc debug Cisco Firepower 4100/9300 FXOS Command Reference...
Page 402 – Configure m2rib debug mcec – Configure MCEC debugging mcm – Configure mcm debug mfdm – Configure mfdm debug monitor – Configure Ethernet SPAN sessions msp – Configure msp debug mvsh – MVSH server debugs Cisco Firepower 4100/9300 FXOS Command Reference...
Page 403 – Show information about qd radius – Configure debugging for radius daemon res_mgr – Configure res_mgr debug rib – Configure rib debugging rlir – Configure RLIR debugging rpm – Route Policy Manager (RPM) rscn – Configure RSCN debugging Cisco Firepower 4100/9300 FXOS Command Reference...
Page 404 – Configure vms debug vsan – Enable VSAN manager debugging willesden – Configure willesden debugging wwn – Configure WWN Manager Debugging xml – XML agent zone – Zone server debug commands zschk – Configure zschk debug Cisco Firepower 4100/9300 FXOS Command Reference...
Page 405 Commands connect fxos: Command List Command Additional Information show Cisco Firepower 4100/9300 FXOS Command Reference...
Page 406 – Show current motd banner message boot – Show Bootvar Variables callhome – Show callhome information cdp – Show Cisco Discovery Protocol information cfs – CFS Show Command handler class-map – Show class maps cli – Show CLI information clock –...
Page 407 – Msp commands nsm – Show Network Segment Manager information ntp – Show NTP information phy-bypass – Hardware Bypass platform – Shows list of events received by Platform Manager policy-map – Show policy maps Cisco Firepower 4100/9300 FXOS Command Reference...
Page 408 – Show telnet server configuration terminal – Display terminal configuration parameters topology – Show information of connected switches track – Tracking information trunk – Show trunk information udld – UDLD protocol user-account – Show user information Cisco Firepower 4100/9300 FXOS Command Reference...
Page 409 – Vms commands vmware – Vmware related vrf – Display VRF information vsan – Show vsan information wwn – Show wwn information xml – XML agent zone – Zone show commands zoneset – Zoneset show commands Cisco Firepower 4100/9300 FXOS Command Reference...
Page 410 – Set the terminal type time – Save the current time under a variable tree-update – Updates the main parse tree verify-only – Verify command and do not execute width – Set width of the display terminal Cisco Firepower 4100/9300 FXOS Command Reference...
Page 411 - Source File URI scp: - Source File URI sftp: - Source File URI tftp: - Source File URI usbdrive: - Source File URI volatile: - Source File URI workspace: - Source File URI Cisco Firepower 4100/9300 FXOS Command Reference...
Page 412 Erase erase configuration - System configuration Erase the mgmt logging config file erase-log-config exit Exit from command interpreter fips FIPS compliance fault-test - Execute FIPS fault tests self-test - Execute FIPS self-test on demand Cisco Firepower 4100/9300 FXOS Command Reference...
Page 413 - Hostname or IP addr (Min size 0, Max size 510) Print current directory reboot Reboots Fabric Interconnect Check if in restore mode Remove a file usbdrive: (Optional) - File URI volatile: (Optional) - File URI workspace: (Optional) - File URI Cisco Firepower 4100/9300 FXOS Command Reference...
Page 414 - Hostname or IP addr (Min size 0, Max size 510) terminal Set terminal line parameters length - Set number of lines on a screen width - Set width of the display terminal Go to the top mode Cisco Firepower 4100/9300 FXOS Command Reference...
Page 415 - Hostname or IP addr (Min size 0, Max size 510) verify signature Verify Application Image bootflash: - Image File Name usbdrive: - Image File Name volatile: - Image File Name workspace: - Image File Name Cisco Firepower 4100/9300 FXOS Command Reference...
Page 416 In this shell, you can perform operations on the fabric interconnect, including copying files, rebooting the fabric interconnect, and running ping and traceroute commands. Table 12: Commands Available on a Module Console Command Additional Information Enable blade secure log in secure-login Cisco Firepower 4100/9300 FXOS Command Reference...
Page 417 – Show maxRestart turboBoost – Show turboBoost configuration services – Display status of the services process – Show process details cgroups – Display the cgroups tech-support – Generate system information report for troubleshooting purposes Cisco Firepower 4100/9300 FXOS Command Reference...
Page 418 Look up an IP address or host name with the DNS servers host traceroute Trace the route to a remote host host connect Connect to specific csp console (asa, etc) appname apphost Cisco Firepower 4100/9300 FXOS Command Reference...
Page 419 Test crashinfo support singleprocess – Test crashinfo support with single process multiprocess – Test crashinfo support with multiple processes multithread – Test crashinfo support with multiple threads help Get help on command syntax Cisco Firepower 4100/9300 FXOS Command Reference...
Page 420 Commands connect module: Command List Cisco Firepower 4100/9300 FXOS Command Reference...

This manual is also suitable for:

Firepower 9300

Cisco Firepower 4100 Command Reference Manual

Quick Links

Related Manuals for Cisco Firepower 4100

Summary of Contents for Cisco Firepower 4100

This manual is also suitable for:

Table of Contents