Commands Not Included In The Text Configuration; Passwords; Multiple Security Context Files - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Appendix C
Using the Command-Line Interface
Automatic Text Entries
When you download a configuration to the security appliance, the security appliance inserts some lines
automatically. For example, the security appliance inserts lines for default settings or for the time the
configuration was modified. You do not need to enter these automatic entries when you create your text
file.
Line Order
For the most part, commands can be in any order in the file. However, some lines, such as ACEs, are
processed in the order they appear, and the order can affect the function of the access list. Other
commands might also have order requirements. For example, you must enter the nameif command for
an interface first because many subsequent commands use the name of the interface. Also, commands in
a command-specific configuration mode must directly follow the main command.
Commands Not Included in the Text Configuration
Some commands do not insert lines in the configuration. For example, a runtime command such as
show running-config does not have a corresponding line in the text file.
Passwords
The login, enable, and user passwords are automatically encrypted before they are stored in the
configuration. For example, the encrypted form of the password "cisco" might look like
jMorNbK0514fadBh. You can copy the configuration passwords to another security appliance in their
encrypted form, but you cannot unencrypt the passwords yourself.
If you enter an unencrypted password in a text file, the security appliance does not automatically encrypt
them when you copy the configuration to the security appliance. The security appliance only encrypts
them when you save the running configuration from the command line using the copy running-config
startup-config or write memory command.
Multiple Security Context Files
For multiple security contexts, the entire configuration consists of multiple parts:
•
•
•
Each context is similar to a single context mode configuration. The system configuration differs from a
context configuration in that the system configuration includes system-only commands (such as a list of
all contexts) while other typical commands are not present (such as many interface parameters).
OL-12172-03
The security context configurations
The system configuration, which identifies basic settings for the security appliance, including a list
of contexts
The admin context, which provides network interfaces for the system configuration
The system configuration does not include any interfaces or network settings for itself. Rather, when
the system needs to access network resources (such as downloading the contexts from the server), it
uses a context that is designated as the admin context.
Cisco Security Appliance Command Line Configuration Guide
Text Configuration Files
C-7
Advertisement
Table of Contents
Troubleshooting
