Access the Console for the Command-Line Interface
For initial configuration, access the CLI directly from the console port. Later, you can configure remote access using Telnet or SSH according to . If your system is already in multiple context mode, then accessing the console port places you in the system execution space.
Note |
For ASAv console access, see the ASAv quick start guide. |
Access the Appliance Console
Follow these steps to access the appliance console.
Procedure
Step 1 |
Connect a computer to the console port using the provided console cable, and connect to the console using a terminal emulator set for 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. See the hardware guide for your ASA for more information about the console cable. |
Step 2 |
Press the Enter key to see the following prompt:
This prompt indicates that you are in user EXEC mode. Only basic commands are available from user EXEC mode. |
Step 3 |
Access privileged EXEC mode. enable You are prompted for the password. By default, the password is blank, and you can press the Enter key to continue. See Set the Hostname, Domain Name, and the Enable and Telnet Passwords to change the enable password. Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 4 |
Access global configuration mode. configure terminal Example:
You can begin to configure the ASA from global configuration mode. To exit global configuration mode, enter the exit, quit, or end command. |
Access the Firepower 2100 Console
The Firepower 2100 console port connects you to the FXOS CLI. From the FXOS CLI, you can then connect to the ASA console, and back again. If you SSH to FXOS, you can also connect to the ASA CLI; a connection from SSH is not a console connection, so you can have multiple ASA connections from an FXOS SSH connection. Similarly, if you SSH to the ASA, you can connect to the FXOS CLI.
Before you begin
Procedure
Step 1 |
Connect your management computer to the console port. The Firepower 2100 ships with a DB-9 to RJ-45 serial cable, so you will need a third party serial-to-USB cable to make the connection. Be sure to install any necessary USB serial drivers for your operating system. Use the following serial settings:
You connect to the FXOS CLI. Enter the user credentials; by default, you can log in with the admin user and the default password, Admin123. |
Step 2 |
Connect to the ASA: connect asa Example:
|
Step 3 |
Access privileged EXEC mode. enable You are prompted for the password. By default, the password is blank, and you can press the Enter key to continue. See Set the Hostname, Domain Name, and the Enable and Telnet Passwords to change the enable password. Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 4 |
Access global configuration mode. configure terminal Example:
You can begin to configure the ASA from global configuration mode. To exit global configuration mode, enter the exit, quit, or end command. |
Step 5 |
To return to the FXOS console, enter Ctrl+a, d. |
Step 6 |
If you SSH to the ASA (after you configure SSH access in the ASA), connect to the FXOS CLI. connect fxos You are prompted to authenticate for FXOS; use the default username: admin and password: Admin123. To return to the ASA CLI, enter exit or type Ctrl-Shift-6, x. Example:
|
Access the ASA Console on the Firepower 4100/9300 Chassis
For initial configuration, access the command-line interface by connecting to the Firepower 4100/9300 chassis supervisor (either to the console port or remotely using Telnet or SSH) and then connecting to the ASA security module.
Procedure
Step 1 |
Connect to the Firepower 4100/9300 chassis supervisor CLI (console or SSH), and then session to the ASA: connect module slot console The first time you access the module, you access the FXOS module CLI. You must then connect to the ASA application. connect asa Example:
|
Step 2 |
Access privileged EXEC mode, which is the highest privilege level. enable You are prompted for the password. By default, the password is blank, and you can press the Enter key to continue. See Set the Hostname, Domain Name, and the Enable and Telnet Passwords to change the enable password. Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 3 |
Enter global configuration mode. configure terminal Example:
To exit global configuration mode, enter the disable , exit , or quit command. |
Step 4 |
Exit the application console to the FXOS module CLI by entering Ctrl-a, d You might want to use the FXOS module CLI for troubleshooting purposes. |
Step 5 |
Return to the supervisor level of the FXOS CLI. |
Access the ASA Services Module Console
For initial configuration, access the command-line interface by connecting to the switch (either to the console port or remotely using Telnet or SSH) and then connecting to the ASASM. This section describes how to access the ASASM CLI.
About Connection Methods
From the switch CLI, you can use two methods to connect to the ASASM:
-
Virtual console connection—Using the service-module session command, you create a virtual console connection to the ASASM, with all the benefits and limitations of an actual console connection.
Benefits include:
-
The connection is persistent across reloads and does not time out.
-
You can stay connected through ASASM reloads and view startup messages.
-
You can access ROMMON if the ASASM cannot load the image.
-
No initial password configuration is required.
Limitations include:
-
The connection is slow (9600 baud).
-
You can only have one console connection active at a time.
-
You cannot use this command in conjunction with a terminal server where Ctrl-Shift-6, x is the escape sequence to return to the terminal server prompt. Ctrl-Shift-6, x is also the sequence to escape the ASASM console and return to the switch prompt. Therefore, if you try to exit the ASASM console in this situation, you instead exit all the way to the terminal server prompt. If you reconnect the terminal server to the switch, the ASASM console session is still active; you can never exit to the switch prompt. You must use a direct serial connection to return the console to the switch prompt. In this case, either change the terminal server or switch escape character in Cisco IOS software, or use the Telnet session command instead.
Note
Because of the persistence of the console connection, if you do not properly log out of the ASASM, the connection may exist longer than intended. If someone else wants to log in, they will need to kill the existing connection.
-
-
Telnet connection—Using the session command, you create a Telnet connection to the ASASM.
Note
You cannot connect using this method for a new ASASM; this method requires you to configure a Telnet login password on the ASASM (there is no default password). After you set a password using the passwd command, you can use this method.
Benefits include:
-
You can have multiple sessions to the ASASM at the same time.
-
The Telnet session is a fast connection.
Limitations include:
-
The Telnet session is terminated when the ASASM reloads, and can time out.
-
You cannot access the ASASM until it completely loads; you cannot access ROMMON.
-
You must first set a Telnet login password; there is no default password.
-
Log Into the ASA Services Module
For initial configuration, access the command-line interface by connecting to the switch (either to the switch console port or remotely using Telnet or SSH) and then connecting to the ASASM.
If your system is already in multiple context mode, then accessing the ASASM from the switch places you in the system execution space.
Later, you can configure remote access directly to the ASASM using Telnet or SSH.
Procedure
Step 1 |
From the switch, perform one of the following:
|
Step 2 |
Access privileged EXEC mode, which is the highest privilege level. enable You are prompted for the password. By default, the password is blank, and you can press the Enter key to continue. See Set the Hostname, Domain Name, and the Enable and Telnet Passwords to change the enable password. Example:
All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. |
Step 3 |
Access global configuration mode: configure terminal To exit global configuration mode, enter the disable, exit, or quit command. |
Log Out of a Console Session
If you do not log out of the ASASM, the console connection persists; there is no timeout. To end the ASASM console session and access the switch CLI, perform the following steps.
To kill another user’s active connection, which may have been unintentionally left open, see Kill an Active Console Connection.
Procedure
To return to the switch CLI, type the following: Ctrl-Shift-6, x You return to the switch prompt:
|
Kill an Active Console Connection
Because of the persistence of a console connection, if you do not properly log out of the ASASM, the connection may exist longer than intended. If someone else wants to log in, they will need to kill the existing connection.
Procedure
Step 1 |
From the switch CLI, show the connected users using the show users command. A console user is called “con”. The Host address shown is 127.0.0.slot0, where slot is the slot number of the module. show users For example, the following command output shows a user “con” on line 0 on a module in slot 2:
|
Step 2 |
To clear the line with the console connection, enter the following command: clear line number For example:
|
Log Out of a Telnet Session
To end the Telnet session and access the switch CLI, perform the following steps.
Procedure
To return to the switch CLI, type exit from the ASASM privileged or user EXEC mode. If you are in a configuration mode, enter exit repeatedly until you exit the Telnet session. You return to the switch prompt:
|
Access the Software Module Console
If you have a software module installed, such as the ASA FirePOWER module on the ASA 5506-X, you can session to the module console.
Note |
You cannot access the hardware module CLI over the ASA backplane using the session command. |
Procedure
From the ASA CLI, session to the module: session {sfr | cxsc | ips} console Example:
|
Access the ASA 5506W-X Wireless Access Point Console
To access the wireless access point console, perform the following steps.
Procedure
Step 1 |
From the ASA CLI, session to the access point: session wlan console Example:
|
Step 2 |
See the Cisco IOS Configuration Guide for Autonomous Aironet Access Points for information about the access point CLI. |