Access the Console for the Command-Line Interface
For initial configuration, access the CLI directly from the console port. Later, you can configure remote access using Telnet or SSH according to Management Access. If your system is already in multiple context mode, then accessing the console port places you in the system execution space.
Note |
For ASAv console access, see the ASAv quick start guide. |
Access the ISA 3000 Console
Follow these steps to access the appliance console.
Procedure
Step 1 |
Connect a computer to the console port using the provided console cable, and connect to the console using a terminal emulator set for 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. See the hardware guide for your ASA for more information about the console cable. |
Step 2 |
Press the Enter key to see the following prompt:
This prompt indicates that you are in user EXEC mode. Only basic commands are available from user EXEC mode. |
Step 3 |
Access privileged EXEC mode. enable You are prompted to change the password the first time you enter the enable command: Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 4 |
Access global configuration mode. configure terminal Example:
You can begin to configure the ASA from global configuration mode. To exit global configuration mode, enter the exit, quit, or end command. |
Access the Firepower 2100 Platform Mode Console
The Firepower 2100 console port connects you to the Firepower eXtensible Operating System (FXOS CLI). From the FXOS CLI, you can then connect to the ASA console, and back again. If you SSH to FXOS, you can also connect to the ASA CLI; a connection from SSH is not a console connection, so you can have multiple ASA connections from an FXOS SSH connection. Similarly, if you SSH to the ASA, you can connect to the FXOS CLI.
Before you begin
Procedure
Step 1 |
Connect your management computer to the console port. The Firepower 2100 ships with a DB-9 to RJ-45 serial cable, so you will need a third party serial-to-USB cable to make the connection. Be sure to install any necessary USB serial drivers for your operating system. Use the following serial settings:
You connect to the FXOS CLI. Enter the user credentials; by default, you can log in with the admin user and the default password, Admin123. |
Step 2 |
Connect to the ASA: connect asa Example:
|
Step 3 |
Access privileged EXEC mode. enable You are prompted to change the password the first time you enter the enable command. Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 4 |
Access global configuration mode. configure terminal Example:
You can begin to configure the ASA from global configuration mode. To exit global configuration mode, enter the exit, quit, or end command. |
Step 5 |
To return to the FXOS console, enter Ctrl+a, d. |
Step 6 |
If you SSH to the ASA (after you configure SSH access in the ASA), connect to the FXOS CLI. connect fxos You are prompted to authenticate for FXOS; use the default username: admin and password: Admin123. To return to the ASA CLI, enter exit or type Ctrl-Shift-6, x. Example:
|
Access the Firepower 1000, 2100 Appliance Mode, and Secure Firewall 3100 Console
The Firepower 1000, 2100 Appliance mode, and Secure Firewall 3100 console port connects you to the ASA CLI (unlike the Firepower 2100 Platform mode console, which connects you to the FXOS CLI). From the ASA CLI, you can then connect to the FXOS CLI using Telnet for troubleshooting purposes.
Procedure
Step 1 |
Connect your management computer to the console port. The Firepower 1000 ships with a USB A-to-B serial cable. The Firepower 2100 ships with a DB-9 to RJ-45 serial cable, so you will need a third party serial-to-USB cable to make the connection. The Secure Firewall 3100 ships with a DB-9 to RJ-45 serial cable, so you will need a third party serial-to-USB cable to make the connection. Be sure to install any necessary USB serial drivers for your operating system (see the Firepower 1010 hardware guide or Firepower 1100 hardware guide)Secure Firewall 3100 hardware guide. Use the following serial settings:
You connect to the ASA CLI. There are no user credentials required for console access by default. |
Step 2 |
Access privileged EXEC mode. enable You are prompted to change the password the first time you enter the enable command. Example:
The enable password that you set on the ASA is also the FXOS admin user password if the ASA fails to boot up, and you enter FXOS failsafe mode. All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged EXEC mode, enter the disable , exit , or quit command. |
Step 3 |
Access global configuration mode. configure terminal Example:
You can begin to configure the ASA from global configuration mode. To exit global configuration mode, enter the exit , quit , or end command. |
Step 4 |
(Optional) Connect to the FXOS CLI. connect fxos [admin]
You are not prompted for user credentials. The current ASA username is passed through to FXOS, and no additional login is required. To return to the ASA CLI, enter exit or type Ctrl-Shift-6, x. Within FXOS, you can view user activity using the scope security/show audit-logs command. Example:
|
Access the ASA Console on the Firepower 4100/9300 Chassis
For initial configuration, access the command-line interface by connecting to the Firepower 4100/9300 chassis supervisor (either to the console port or remotely using Telnet or SSH) and then connecting to the ASA security module.
Procedure
Step 1 |
Connect to the Firepower 4100/9300 chassis supervisor CLI (console or SSH), and then session to the ASA: connect module slot { console | telnet} The benefits of using a Telnet connection is that you can have multiple sessions to the module at the same time, and the connection speed is faster. The first time you access the module, you access the FXOS module CLI. You must then connect to the ASA application. connect asa Example:
|
Step 2 |
Access privileged EXEC mode, which is the highest privilege level. enable You are prompted to change the password the first time you enter the enable command. Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 3 |
Enter global configuration mode. configure terminal Example:
To exit global configuration mode, enter the disable , exit , or quit command. |
Step 4 |
Exit the application console to the FXOS module CLI by entering Ctrl-a, d You might want to use the FXOS module CLI for troubleshooting purposes. |
Step 5 |
Return to the supervisor level of the FXOS CLI. Exit the console: Exit the Telnet session:
|