Cisco Firepower 4100 Series, Command Reference Manual

Page 1: ...S Command Reference First Published 2017 08 28 Last Modified 2019 01 15 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ...RSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Any Internet Protocol IP addresses and pho...

Page 3: ...effort to document the many CLI commands in FXOS and as such should be viewed as a work in progress The guide will be republished periodically as new command descriptions are added and existing descriptions updated or corrected Cisco Firepower 4100 9300 FXOS Command Reference 1 ...

Page 4: ...Cisco Firepower 4100 9300 FXOS Command Reference 2 About the FXOS CLI Command Reference Guide ...

Page 5: ... page 5 Object Commands on page 7 Complete a Command on page 8 Command History on page 9 Commit Discard and View Pending Commands on page 10 Inline Help for the CLI on page 11 CLI Session Limits on page 12 Cisco Firepower 4100 9300 FXOS Command Reference 3 ...

Page 6: ...aged For example chassis security modules network modules ports and processors are physical entities represented as managed objects and licenses user roles and platform policies are logical entities represented as managed objects Managed objects may have one or more associated properties that can be configured Cisco Firepower 4100 9300 FXOS Command Reference 4 CLI Overview Managed Objects ...

Page 7: ...to the associated managed object The CLI prompt for each mode shows the full path down the mode hierarchy to the current mode This helps you to determine where you are in the command mode hierarchy and it can be an invaluable tool when you need to navigate through the hierarchy The following table lists the main command modes the commands used to access each mode and the CLI prompt associated with...

Page 8: ...ommand from EXEC mode Packet capture security scope security command from EXEC mode Security server scope server command from EXEC mode Server service profile scope service profile command from EXEC mode Do not alter or configure service profiles that is do not use the create set or delete subcommand sets Note Service profile ssa scope ssa command from EXEC mode SSA system scope system command fro...

Page 9: ...s described in the following tables Table 2 Command Behavior If The Object Does Not Exist Behavior Command The object is created and its configuration mode if applicable is entered create object An error message is generated delete object The object is created and its configuration mode if applicable is entered enter object An error message is generated scope object Table 3 Command Behavior If The...

Page 10: ...lete a command Partially typing a command name and pressing Tab causes the command to be displayed in full or to the point where you must enter another keyword or an argument value Cisco Firepower 4100 9300 FXOS Command Reference 8 CLI Overview Complete a Command ...

Page 11: ... moves to the next command in the history When you get to the end of the history pressing the down arrow key does nothing You can enter any command in the history again by stepping through the history to recall that command and then pressing Enter The command is entered as if you had manually typed it You can also recall a command and change it before you press Enter Cisco Firepower 4100 9300 FXOS...

Page 12: ...if any queued command fails during commit the remaining commands are applied failed commands are reported in an error message Note While any commands are pending an asterisk appears before the command prompt The asterisk disappears when you enter the commit buffer command The following example shows how the prompts change during the command entry process Firepower scope system Firepower system sco...

Page 13: ...yntax If you have not entered anything at the prompt entering lists all available commands for the mode you are in With a partially entered command entering lists all keywords and arguments available at your current position in the command syntax Cisco Firepower 4100 9300 FXOS Command Reference 11 CLI Overview Inline Help for the CLI ...

Page 14: ... Limits FXOS limits the number of CLI sessions that can be active at one time to 32 total sessions This value is not configurable Cisco Firepower 4100 9300 FXOS Command Reference 12 CLI Overview CLI Session Limits ...

Page 15: ...Filter and Save Show Output Save and Filter Show Command Output on page 14 Cisco Firepower 4100 9300 FXOS Command Reference 13 ...

Page 16: ...no more sort expression tr expression uniq expression wc Filtering Options These are the filtering subcommands begin Finds the first line that includes the specified pattern and display that line and all subsequent lines count Counts the number of lines cut Removes cut portions of each line egrep Displays only those lines that match the extended type pattern end Ends with the line that matches the...

Page 17: ...es from the system event log that include the string error FP9300 A show sel 1 1 include error 968 05 15 2016 16 46 25 CIMC System Event DDR4_P2_H2_EC C 0x99 Upper critical going high Asserted Reading 20 000 Threshold 20000 error FP9300 A Related Topics Save Show Command Output on page 15 Save Show Command Output You can save the output of show commands by redirecting the output to a text file sho...

Page 18: ... exists overwrite y n n n Reissue command with if you want to append to existing file FP9300 A Related Topics Filter Show Command Output on page 14 Cisco Firepower 4100 9300 FXOS Command Reference 16 Filter and Save Show Output Save Show Command Output ...

Page 19: ...Unsupported and Restricted Commands Unsupported Commands on page 18 Restricted Commands on page 22 Cisco Firepower 4100 9300 FXOS Command Reference 17 ...

Page 20: ...ubcommands Chassis Mode Commands chassis scope iom chassis show iom chassis show post Fabric Interconnect Mode Commands fabric interconnect scope fan fabric interconnect scope fan module fabric interconnect scope psu fabric interconnect scope sw uplink fabric interconnect show fan fabric interconnect show fan module fabric interconnect show lan neighbors fabric interconnect show psu fabric interco...

Page 21: ...policy org scope wwn pool org show fc policy org show fc zone org show iqn pool org show rackserver disc policy org show rackserver mgmt policy org show san connectivity policy org show udld link policy org show udld system settings org show uuid suffix pool org show vhba beh policy org show vhba templ org show vmq conn policy org show wwn pool Packet Capture Mode Commands packet capture show nh t...

Page 22: ... profile set kvm mgmt policy service profile set san connectivity policy name service profile set src templ name service profile show dynamic vnic conn service profile show dynamic vnic conn policy service profile show ext pooled ip service profile show ext static ip service profile show fc zone service profile show initiator group service profile show iscsi boot service profile show iscsi identit...

Page 23: ... system scope vm mgmt system set virtual ip system show control ep Cisco Firepower 4100 9300 FXOS Command Reference 21 Unsupported and Restricted Commands Unsupported Commands ...

Page 24: ...e Cisco Technical Assistance Center TAC Service Profile Mode Commands Do not change any service profile configurations specifically do not use any of the service profile create service profile delete or service profile set subcommands Cisco Firepower 4100 9300 FXOS Command Reference 22 Unsupported and Restricted Commands Restricted Commands ...

Page 25: ...P A R T I A R Commands A C Commands on page 25 D R Commands on page 81 ...

Page 26: ......

Page 27: ...local mgmt on page 46 connect module on page 48 connect vdp on page 50 create app instance on page 52 create bootstrap key FIREWALL_MODE on page 53 create bootstrap key PERMIT_EXPERT_MODE on page 54 create certreq on page 55 create connection on page 57 create destination on page 58 create ip block on page 60 create ipv6 block on page 62 create keyring on page 64 create local user on page 65 creat...

Page 28: ... create subinterface on page 76 create trustpoint on page 79 cycle on page 80 Cisco Firepower 4100 9300 FXOS Command Reference 26 A R Commands ...

Page 29: ...age Guidelines Use the acknowledge fault command to acknowledge the existence of a fault Example The following example shows how to acknowledge a fault firepower acknowledge fault 11347599 firepower commit buffer firepower Related Commands Description Command Acknowledges a server on the device acknowledge server Acknowledges the existence of a slot in the device acknowledge slot Shows fault polic...

Page 30: ...stence of a server in your network For example you can acknowledge a server that was recently commissioned to ensure that it exists In chassis mode you can use only the id variable to identify the server to be acknowledged Example The following example shows how to acknowledge a server in module 2 while in chassis mode firepower scope chassis 1 firepower chassis acknowledge server 2 firepower chas...

Page 31: ...ssioned to ensure that it exists In fabric interconnect mode you must use this command when an existing module is replaced with one with a different product ID PID In chassis and fabric interconnect mode you can use only the id variable to identify the slot to be acknowledged In EXEC mode you can use only the chassis and blade identification chassis blade_id numbers to identify the slot to be ackn...

Page 32: ...tion process all CLI sessions will be terminated Example This example shows how to activate a firmware package firepower scope system firepower system activate firmware 2 4 1 52 As part of activation all cli sessions will be terminated Continue with activation yes no Related Commands Description Command Shows system firmware versions and status information show firmware Shows server firmware versi...

Page 33: ...and History Modification Release Command added 1 1 1 Usage Guidelines Use this command to back up the system event log SEL for a server In the command mode of a specific server chassis server you can run this command without any options Example This example shows how to back up the SEL for server 2 in chassis 1 firepower backup sel 1 2 firepower commit buffer firepower Related Commands Description...

Page 34: ...hows how to cancel a reservation request firepower scope license firepower license scope reservation firepower license reservation cancel Warning If you have already generated the authorization code from CSSM please abort the cancellation by issuing discard buffer and then install the authorization code firepower license reservation Related Commands Description Command Enables permanent license re...

Page 35: ...r s locked out status Example This example shows how to enter local user mode and specify the amount of time that must pass before a locked out user can log in FP9300 A scope security FP9300 A scope local user test_user1 FP9300 A security local user clear lock status FP9300 A security local user commit buffer FP9300 A security local user Related Commands Description Command Specifies the maximum n...

Page 36: ...n or AAA privileges to use this command Example This example shows how to enter local user mode and clear the password history for the user FP9300 A scope security FP9300 A security scope local user test_user FP9300 A security local user clear password history FP9300 A security local user commit buffer FP9300 A security local user Description Command Creates a new local user account create local u...

Page 37: ...ion Release Command added 1 4 1 Usage Guidelines Use this command to clear the system event log SEL for a server In the command mode for a specific server chassis server you can run this command without specifying a server Example This example shows how to clear system event logs for server 1 in chassis 1 while in organization mode FP9300 A scope org Test FP9300 A org clear sel 1 1 FP9300 A org co...

Page 38: ...tion changes While any configuration changes are pending an asterisk appears before the command prompt When you enter the commit buffer command the pending commands are committed and the asterisk disappears Example This example shows how to save configuration changes FP9300 A create org 3 FP9300 A org commit buffer FP9300 A org Related Commands Description Command Cancels and discards all uncommit...

Page 39: ...command to view information about an individual command Refer to connect adapter Command List on page 392 for additional information To exit the adapter mode enter exit Example The following example shows how to connect to the adapter command shell and view available commands firepower connect adapter 1 1 1 adapter 1 1 1 help Available commands connect Connect to remote debug shell exit Exit from ...

Page 40: ...nds available from the CLI To exit the ASA console enter Ctrl a d Return to the supervisor level of the FXOS CLI Exit the console Enter then quit to exit the Telnet application Example asa Ctrl a d Firepower module1 telnet quit firepower Exit the Telnet session Enter Ctrl Example asa Ctrl a d Firepower module1 Ctrl firepower Example This example shows how to connect to the ASA CLI on module 1 fire...

Page 41: ...to Exit Firepower module1 connect asa asa Related Commands Description Command Connects to the FTD CLI connect ftd Connects to the module CLI connect module Connects to the vDP CLI connect vdp Cisco Firepower 4100 9300 FXOS Command Reference 39 A R Commands connect asa ...

Page 42: ...al command Enter exit to terminate the utility Do not use this utility unless instructed to do so by Cisco TAC Refer to connect cimc Command List on page 394 for additional information Example The following example shows how to connect to cimc mode and then list the available commands firepower connect cimc 1 1 Trying 127 5 1 1 Connected to 127 5 1 1 Escape character is CIMC Debug Firmware Utility...

Page 43: ...tes enter Key will execute last command COMMAND will execute help for that command __________________________________________ help exit Connection closed by foreign host firepower Related Commands Description Command Returns you to the previous CLI mode exit Cisco Firepower 4100 9300 FXOS Command Reference 41 A R Commands connect cimc ...

Page 44: ...ease Added the name argument The escape character was changed to exit from Ctrl a d 2 4 1 Command added 1 1 4 Usage Guidelines See the FTD documentation for commands available from the CLI To exit the FTD console enter exit For pre 2 4 1 versions enter Ctrl a d Return to the supervisor level of the FXOS CLI Exit the console Enter then quit to exit the Telnet application Example exit Firepower modu...

Page 45: ...er is CISCO Serial Over LAN Close Network Connection to Exit Firepower module1 connect ftd Related Commands Description Command Connects to the ASA CLI connect asa Connects to the module CLI connect module Connects to the vDP CLI connect vdp Cisco Firepower 4100 9300 FXOS Command Reference 43 A R Commands connect ftd ...

Page 46: ...ctions debug filter Enable filtering for debugging functions ethanalyzer Configure cisco packet analyzer no Negate a command or set its defaults ntp NTP configuration show Show running system information system System management commands terminal Set terminal line parameters test Test command undebug Disable Debugging functions See also debug end Go to exec mode exit Exit from command interpreter ...

Page 47: ...Description Command Returns you to the previous CLI mode exit Cisco Firepower 4100 9300 FXOS Command Reference 45 A R Commands connect fxos ...

Page 48: ...epower connect local mgmt firepower local mgmt cd Change current directory clear Clear managed objects cluster Cluster mode connect Connect to Another CLI copy Copy a file cp Copy a file delete Delete managed objects dir Show content of dir enable Enable end Go to exec mode erase Erase erase log config Erase the mgmt logging config file exit Exit from command interpreter fips FIPS compliance ls Sh...

Page 49: ...top Go to the top mode traceroute Traceroute to destination traceroute6 Traceroute to IPv6 destination verify Verify Application Image firepower local mgmt exit firepower Related Commands Description Command Connects to the FXOS command shell connect fxos Returns you to the previous CLI mode exit Cisco Firepower 4100 9300 FXOS Command Reference 47 A R Commands connect local mgmt ...

Page 50: ...r to connect module Command List on page 414 for additional information Example The following example shows how to connect to the module 1 console and view available commands firepower connect module 1 console Telnet escape character is Trying 127 5 1 1 Connected to 127 5 1 1 Escape character is CISCO Serial Over LAN Close Network Connection to Exit Firepower module1 secure login Enable blade secu...

Page 51: ...inal settings Enter terminal for options ping Ping a host to check reachability nslookup Look up an IP address or host name with the DNS servers traceroute Trace the route to a remote host connect Connect to specific csp console asa etc support System file operations testcrashinfo Test crashinfo support exit Exit the session help Get help on command syntax Firepower module1 Ctrl firepower Related ...

Page 52: ...nes See the vDP documentation for commands available from the CLI To exit the vDP console enter Ctrl Return to the supervisor level of the FXOS CLI Exit the console Enter then quit to exit the Telnet application Example Ctrl Firepower module1 telnet quit firepower Exit the Telnet session Enter Ctrl Example Ctrl Firepower module1 Ctrl firepower Example This example shows how to connect to the vDP C...

Page 53: ...n to Exit Firepower module1 connect vdp Related Commands Description Command Connects to the ASA CLI connect asa Connects to the FTD CLI connect ftd Connects to the module CLI connect module Cisco Firepower 4100 9300 FXOS Command Reference 51 A R Commands connect vdp ...

Page 54: ... this application instance including the the image version deployment type resource profile and mode You can also enable disable and restart the application Example The following example shows how to set the image version for an FTD application instance firepower scope ssa firepower ssa scope slot 1 firepower ssa slot create app instance ftd MyDevice1 firepower ssa slot app instance set deploy typ...

Page 55: ...tion CLI configuration Example The following example shows how to set the mode to routed mode firepower scope ssa firepower ssa create logical device FTD1 ftd 1 standalone Firepower ssa logical device create mgmt bootstrap ftd firepower ssa logical device mgmt bootstrap create bootstrap key FIREWALL_MODE firepower ssa logical device mgmt bootstrap bootstrap key set value routed firepower ssa logic...

Page 56: ...s required or if the Cisco Technical Assistance Center asks you to use it To enter this mode use the expert command in the FTD CLI Example The following example shows how to enable Expert Mode from SSH firepower scope ssa firepower ssa create logical device FTD1 ftd 1 standalone Firepower ssa logical device create mgmt bootstrap ftd firepower ssa logical device mgmt bootstrap create bootstrap key ...

Page 57: ...ntifier for this request for example the appliance host name You will be asked to enter and confirm a password for the request This parameter applies only to the create certreq form of the command subject name name Command Modes scope security scope keyring Command History Modification Release Command added 1 1 1 Usage Guidelines When you create a new keyring certificate request you are automatica...

Page 58: ...ss fi b ip Certificate request FI B ip address fi b ipv6 Certificate request FI B ipv6 address ip Certificate request ip address ipv6 Certificate request ipv6 address locality Locality name eg city org name Organisation name eg company org unit name Organisational Unit Name eg section password Certificate request password state State province or county full name subject name Certificate request su...

Page 59: ...e Syntax Description The connection name can be up to 16 alphanumeric characters name Command Modes scope security scope ipsec Command History Modification Release Command added 1 1 1 Usage Guidelines When you create a new IPSec connection you are automatically entered into security ipsec connection mode with an asterisk indicating the new connection is not yet committed You can configure the conn...

Page 60: ...on Release Command added 1 4 1 Usage Guidelines When you create a new Smart Call Home destination you are automatically entered into callhome profile mode monitoring callhome profile with an asterisk indicating the new destination is not yet committed You can set the destination parameters transport protocol and an email address and then commit the new destination information An email address is t...

Page 61: ...destination Enters a Smart Call Home destination enter destination Sets an email address for a Smart Call Home destination set address Sets the transport protocol for a Smart Call Home destination set protocol Cisco Firepower 4100 9300 FXOS Command Reference 59 A R Commands create destination ...

Page 62: ...vice HTTPS SNMP or SSH to which the address block is assigned https snmp ssh Command Modes scope system scope services Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to assign a block of IPv4 addresses to provide access to a specified service HTTPS SNMP or SSH When you create a new IP block you are automatically entered into ip block mode system services...

Page 63: ... 200 101 24 ssh firepower system services Related Commands Description Command Creates an IPv6 address block create ipv6 block Deletes an existing IPv4 block delete ip block Cisco Firepower 4100 9300 FXOS Command Reference 61 A R Commands create ip block ...

Page 64: ...ice HTTPS SNMP or SSH to which the address block is assigned https snmp ssh Command Modes scope system scope services Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to assign a block of IPv6 addresses to provide access to a specified service HTTPS SNMP or SSH When you create a new IPv6 block you are automatically entered into ipv6 block mode system servi...

Page 65: ...4 ssh firepower system services Related Commands Description Command Creates an IPv4 block create ip block Deletes an existing IPv6 block delete ipv6 block Cisco Firepower 4100 9300 FXOS Command Reference 63 A R Commands create ipv6 block ...

Page 66: ...1 1 1 Usage Guidelines When you create a new keyring you are automatically entered into keyring mode security keyring with an asterisk indicating the new keyring is not yet committed You can create a keyring certificate request and set keyring parameters such as RSA key modulus and certificate authority trustpoint and then commit the new keyring information Example This example shows how to create...

Page 67: ...be used when logging into this local user account Note the following guidelines and restrictions when entering a user name The name can contain between 1 and 32 characters including the following Any alphabetic character Any numeral _ underscore dash dot The name must be unique The name must start with an alphabetic character It cannot start with a number or a special character such as an undersco...

Page 68: ... mode enter a local user account simultaneously creating the new account since it does not exist and then assigning first and last names to the account firepower scope security firepower security enter local user test_user firepower security local user set firstname test firepower security local user set lastname user firepower security local user commit buffer firepower security local user Relate...

Page 69: ... callhome Command History Modification Release Command added 1 1 1 Usage Guidelines When you create a new Smart Call Home policy you are automatically entered into callhome policy mode monitoring callhome policy with an asterisk indicating the new policy is not yet committed You can set property values and enable disable services and then commit the new policy After you create a Smart Call Home po...

Page 70: ...led power problem psu insufficient psu mixed mode thermal problem version incompatible vif ids mismatch voltage problem Example This example shows how to create enter and enable a Call Home policy instance for link down events firepower scope monitoring firepower monitoring scope callhome firepower monitoring callhome enter policy link down firepower monitoring callhome policy set admin state enab...

Page 71: ... Description Command Deletes an existing Smart Call Home policy delete policy Enables or disables the administrative state for a Smart Call Home policy set admin state Cisco Firepower 4100 9300 FXOS Command Reference 69 A R Commands create policy callhome ...

Page 72: ...Guidelines When you create a new flow control policy you are automatically entered into flow control policy mode eth uplink flow control policy with an asterisk indicating the new policy is not yet committed You can set policy property values and then commit the new policy After you create a flow control policy the policy name cannot be changed You must delete the policy and create a new one Examp...

Page 73: ...ication Release Command added 1 1 1 Usage Guidelines When you create a new Smart Call Home profile you are automatically entered into callhome profile mode monitoring callhome profile with an asterisk indicating the new profile is not yet committed You can define the profile and then commit the new profile information After you create a Smart Call Home destination profile the profile name cannot b...

Page 74: ...on Command Lists currently defined Smart Call Home and Smart Licensing profiles available in monitoring callhome mode show profile Cisco Firepower 4100 9300 FXOS Command Reference 72 A R Commands create profile ...

Page 75: ...source profile called Default Small which includes the minimum number of cores You can change the definition of this profile and even delete it if it is not in use Note that this profile is created when the chassis reloads and no other profile exists on the system If you change the settings for a resource profile then any instances that use the resource profile will reload which can take approxima...

Page 76: ... of CPUs for the resource profile set cpu count Assigned the resource profile to the application instance set resource profile name Shows resource usage for the security module engine slot show monitor detail Shows resource allocation for the application instance show resource detail Shows resource profile assignments show resource profile user defined Cisco Firepower 4100 9300 FXOS Command Refere...

Page 77: ...one Examples This example shows how to generate a new SSH host key firepower scope system firepower system scope services firepower system services create ssh server host key firepower system services commit buffer firepower system services This example shows how to delete the existing SSH host key and confirm its deletion firepower scope system firepower system scope services firepower system ser...

Page 78: ...y are assigned to different container instances However each subinterface still counts towards the limit even though it uses the same ID For native instances you can create VLAN subinterfaces within the application only For container instances you can also create VLAN subinterfaces inside the application on interfaces that do not have FXOS VLAN subinterfaces defined and these subinterfaces are not...

Page 79: ...u can add a new subinterface as long as the parent interface itself is not allocated Subinterfaces are supported on data or data sharing type interfaces only Example The following example creates 3 subinterfaces on Ethernet 1 1 and sets them to be data sharing interfaces Cisco Firepower 4100 9300 FXOS Command Reference 77 A R Commands create subinterface ...

Page 80: ...rface subinterface set port type data sharing firepower eth uplink fabric interface subinterface exit firepower eth uplink fabric interface create subinterface 12 firepower eth uplink fabric interface subinterface set vlan 12 firepower eth uplink fabric interface subinterface set port type data sharing firepower eth uplink fabric interface subinterface commit buffer firepower eth uplink fabric int...

Page 81: ...alphanumeric characters name Command Modes scope security Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to identify trustpoints that will be used to validate certificates during Internet Key Exchange IKE authentication When you create a new trustpoint you are automatically entered into security trustpoint mode with an asterisk indicating the new trustpo...

Page 82: ...Service Profile service profile mode Command History Modification Release This command was introduced 1 1 1 Example This example shows how to power cycle a module after its running application is shut down FP9300 A scope service profile server 1 1 FP9300 A org service profile cycle cycle wait FP9300 A org service profile commit buffer FP9300 A org service profile Related Commands Description Comma...

Page 83: ...e 95 enable fips mode on page 96 enable reservation on page 97 end on page 98 enter on page 99 exit on page 101 install on page 102 install firmware on page 103 install platform on page 105 ping connect local mgmt on page 106 ping6 connect local mgmt on page 108 power on page 110 reboot on page 111 recommission on page 113 register on page 114 reinitialize on page 115 remove server on page 116 ren...

Page 84: ...ify it using its module ID 4100 series or the chassis number and module number 9300 devices Command Modes Any command mode Command History Modification Release Command added 1 4 1 Example This example shows how to decommission a server FP9300 A decommission server 1 1 FP9300 A commit buffer FP9300 A Related Commands Description Command Deletes a decommissioned server delete decommissioned Recommis...

Page 85: ...oles and platform policies are logical entities represented as managed objects FXOS provides four general commands for managing objects create delete enter and scope For example you can create a local user account you can delete a local user account and you can enter a local user account to assign or change properties for that account you also can scope into the local user account to assign or cha...

Page 86: ...r edits a local user account enter local user Deletes an existing local user account delete local user Enters a existing local user account scope local user Cisco Firepower 4100 9300 FXOS Command Reference 84 A R Commands delete ...

Page 87: ...del The module s serial number can be no more than 510 characters serial_number Command Modes Any command mode Command History Modification Release Command added 1 4 1 Example This example shows how to delete a decommissioned server FP9300 A delete decommissioned server Cisco Systems Inc Cisco Firepower 9000 Series Security Module FLM1949C6J1 FP9300 A commit buffer Related Commands Description Com...

Page 88: ... your account and all license entitlements and certificates on the device are removed You can use this to free up a license for a new Firepower 4100 9300 or you can remove the device from the Smart Software Manager Example This example shows how to deregister this device FP9300 A scope license FP9300 A license deregister FP9300 A license Related Commands Description Command Registers a Smart Softw...

Page 89: ...nce App Name Identifier Admin State Oper State Running Version Startup Version Deploy Type Profile Name Cluster State Cluster Role ftd1 IFT 63 Enabled Online 6 3 0 12 6 3 0 12 Native In Cluster Slave Application Instance App Name Identifier Admin State Oper State Running Version Startup Version Deploy Type Profile Name Cluster State Cluster Role ftd2 FTD 2 Enabled Online 6 3 0 12 6 3 0 12 Containe...

Page 90: ...nd is committed Example This example shows how to enter security mode and disable Common Criteria mode FP9300 A scope security FP9300 A security disable cc mode Warning A reboot of the system is required in order for the system to be operating in a non CC approved mode FP9300 A security Related Commands Description Command Enables Common Criteria mode enable cc mode Shows current Common Criteria m...

Page 91: ... be required after this command is committed Example This example shows how to enter security mode and disable FIPS mode FP9300 A scope security FP9300 A security disable fips mode Warning A reboot of the system is required in order for the system to be operating in a non FIPS approved mode FP9300 A security Related Commands Description Command Enables FIPS mode enable fips mode Shows current FIPS...

Page 92: ...00 chassis Example This example shows how to enter license mode and disable reservation mode FP9300 A scope license FP9300 A license disable reservation Warning If you have already generated the authorization code from CSSM and have not installed it on the device please abort this command by issuing discard buffer and complete the installation FP9300 A license Related Commands Description Command ...

Page 93: ...he command prompt When you enter the discard buffer command the commands are discarded and the asterisk disappears Example This example shows how to discard pending configuration changes FP9300 1 scope chassis 1 FP9300 1 chassis enable locator led FP9300 1 chassis show configuration pending scope chassis 1 enable locator led exit FP9300 1 chassis discard buffer FP9300 1 chassis Related Commands De...

Page 94: ...ownloads Note tftp username server ip addr port num path Optional Specifies the path to an image file to be imported from a connected USB Type A device usbA path Optional Specifies the path to an image file to be imported from a connected USB Type B device usbB path Command Modes Firmware firmware mode Application software ssa app software mode Command History Modification Release Command added 1 ...

Page 95: ...load Local This example shows how to download a software image file using the SCP protocol and monitor the download progress FP9300 A scope ssa FP9300 A ssa scope app software FP9300 A ssa app software download image scp user 192 168 1 1 images cisco asa 9 4 1 65 csp FP9300 A ssa app software show download task Downloads for Application Software File Name Protocol Server Userid State cisco asa 9 4...

Page 96: ...pp Name Identifier Admin State Oper State Running Version Startup Version Deploy Type Profile Name Cluster State Cluster Role ftd1 IFT 63 Enabled Online 6 3 0 12 6 3 0 12 Native In Cluster Slave Application Instance App Name Identifier Admin State Oper State Running Version Startup Version Deploy Type Profile Name Cluster State Cluster Role ftd2 FTD 2 Disabled Online 6 3 0 12 6 3 0 12 Container br...

Page 97: ... you do not perform these additional steps you will not be able to connect to the Supervisor using SSH after the device has rebooted with Common Criteria mode enabled If you performed initial setup using FXOS 2 0 1 or later you do not have to generate a new host key Important Example This example shows how to enter security mode and enable Common Criteria mode FP9300 A scope security FP9300 A secu...

Page 98: ...nd deleting SSH host keys If you do not perform these additional steps you will not be able to connect to the Supervisor using SSH after the device has rebooted with Common Criteria mode enabled If you performed initial setup using FXOS 2 0 1 or later you do not have to generate a new host key Important Example This example shows how to enter security mode and enable FIPS mode FP9300 A scope secur...

Page 99: ...e license reservation before attempting to assign a permanent license to your Firepower 4100 9300 chassis Example This example shows how to enter license mode and enable reservation mode FP9300 A scope license FP9300 A license enable reservation FP9300 A license Related Commands Description Command Disables permanent license reservation disable reservation Shows current license information show li...

Page 100: ...cation Release Command added 1 1 1 Example This example shows how to return to the highest level mode of the CLI from service profile mode FP9300 A scope org Test FP9300 A org scope service profile Sample FP9300 A org service profile end FP9300 A Related Commands Description Command Enters top level mode from any mode top Cisco Firepower 4100 9300 FXOS Command Reference 98 A R Commands end ...

Page 101: ...hile licenses user roles and platform policies are logical entities represented as managed objects FXOS provides four general commands for managing objects create delete enter and scope For example you can create a local user account you can delete a local user account and you can enter a local user account to assign or change properties for that account you also can scope into the local user acco...

Page 102: ...al user Related Commands Description Command Creates a new local user account create local user Adds or edits a local user account enter local user Deletes an existing local user account delete local user Enters a existing local user account scope local user Cisco Firepower 4100 9300 FXOS Command Reference 100 A R Commands enter ...

Page 103: ...on Release Command added 1 1 1 Example This example shows how to exit the current top level CLI session and disconnect from this device FP9300 A exit This example shows how to enter and exit a local management connection FP9300 A connect local mgmt FP9300 A local mgmt exit FP9300 A Related Commands Description Command Connects to another managed object connect Returns to the highest level mode of ...

Page 104: ...e Guidelines If you have already generated the authorization code you must install it Example This example shows how to install a reservation authorization code FP9300 A scope license FP9300 A license scope reservation FP9300 A license reservation install code FP9300 A license reservation Related Commands Description Command Generates a reservation request code request universal Shows current lice...

Page 105: ...f you want to proceed If you enter no at either prompt the process is terminated You can use the show detail command to monitor the installation process Example This example shows how to install a previously downloaded firmware upgrade package FP9300 A scope firmware FP9300 A firmware scope firmware install FP9300 A firmware firmware install install firmware pack version 1 0 16 Verifying FXOS firm...

Page 106: ...mode scope firmware install Shows information about firmware package downloads show download task In firmware installation mode shows firmware package information show firmware install Cisco Firepower 4100 9300 FXOS Command Reference 104 A R Commands install firmware ...

Page 107: ... process you must acknowledge the pending reboot of the primary fabric interconnect Example This example shows how to install a platform upgrade package FP9300 A scope firmware FP9300 A firmware scope auto install FP9300 A firmware auto install install platform platform vers 2 3 1 51 The currently installed FXOS platform software package is 2 2 2 19 INFO There is no service impact to install this ...

Page 108: ...CMP header packet size bytes Command Modes connect local mgmt Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to test basic IP connectivity from the chassis management interface to an external network by sending ICMP echo request packets to a specified host Example This example shows how to connect to the local management shell and then ping another devic...

Page 109: ...ts transmitted 12 received 0 packet loss time 11104ms rtt min avg max mdev 51 005 51 062 51 164 0 064 ms firepower local mgmt Related Commands Description Command Tests basic network connectivity by pinging another device on the network with its IPv6 address ping6 Traces the route to a specified destination IPv4 address traceroute Cisco Firepower 4100 9300 FXOS Command Reference 107 A R Commands p...

Page 110: ...very strategy hint may be do Prohibits fragmentation even for local packets sets a do not fragment DF flag dont Prohibits fragmentation however does not set DF flag want Performs PMTU discovery fragments locally when packet size is large mtu hint do dont want Optional The number of data bytes to be added to the ping packet The range is 1 to 65468 bytes The default is 56 bytes which results in a 64...

Page 111: ...CD 1 icmp_seq 8 ttl 61 time 0 221 ms 64 bytes from 2001 DB8 0 ABCD 1 icmp_seq 9 ttl 61 time 0 227 ms 64 bytes from 2001 DB8 0 ABCD 1 icmp_seq 10 ttl 61 time 0 224 ms 64 bytes from 2001 DB8 0 ABCD 1 icmp_seq 11 ttl 61 time 0 261 ms 64 bytes from 2001 DB8 0 ABCD 1 icmp_seq 12 ttl 61 time 0 261 ms 2001 DB8 0 ABCD 1 ping statistics 12 packets transmitted 12 received 0 packet loss time 11104ms rtt min ...

Page 112: ...shut down Command Modes Service profile mode Command History Modification Release Command added 1 1 1 Usage Guidelines If you do not include one of the optional keywords with the power down command the module is powered down immediately without gracefully shutting down the moduleʼs operating system We recommend backing up the module configuration before powering down Example This example shows how...

Page 113: ... before rebooting In local management mode this command has no keywords or options We recommend using this command in chassis mode as it performs a graceful system shut down and restart Note Examples This example shows how to enter a local management shell and reboot the system FP9300 A connect local mgmt FP9300 A local mgmt reboot Before rebooting please take a configuration backup Do you still w...

Page 114: ... System halted message is seen FP9300 A chassis Broadcast message from root DOC FP9300 A Fri Apr 13 16 27 04 2018 All shells being terminated due to system sbin shutdown Related Commands Description Command Shuts down the device shutdown Cisco Firepower 4100 9300 FXOS Command Reference 112 A R Commands reboot ...

Page 115: ...o more than 255 characters optional for 4100 series devices server Command Modes Any command mode Command History Modification Release Command added 1 4 1 Example This example shows how to enter organization mode and then recommission a previously decommissioned server FP9300 A scope org FP9300 A org recommission server Cisco Systems Inc Cisco Firepower 9000 Series Security Module FLM1949C6J1 2 FP...

Page 116: ...e Manager or the Smart Software Manager Satellite See the Cisco Smart Software Manager Satellite User Guide for more information Example This example shows how to register this device FP9300 A scope license FP9300 A license register idtoken ZGFmNWM5NjgtYmNjYS00ZWI3L WE3NGItMWJkOGExZjIxNGQ0LTE0NjI2NDYx 0AMDIzNT V8N3R0dXM1Z0NjWkdpR214eFZhMldBOS9CVnNEYnVKM1 FP9300 A license Related Commands Descripti...

Page 117: ...ng configuration files before issuing the commit buffer command Example This example shows how to reinitialize the module in slot 2 FP9300 A scope ssa FP9300 A ssa scope slot 2 FP9300 A ssa slot reinitialize Warning Reinitializing blade takes a few minutes All the application data on blade will get lost Please backup application running config files before commit buffer FP9300 A ssa slot Related C...

Page 118: ..._id Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines When using this command in chassis mode you need to specify only the slot ID number Example This example shows how to remove a decommissioned server FP9300 A remove server 1 1 FP9300 A commit buffer FP9300 A Related Commands Description Command Decommissions a server decommission server Sho...

Page 119: ...30 days You might manually renew the registration for either of these items if you have a limited window for Internet access for example or if you make any licensing changes in the Smart Software Manager Example This example shows how to enter license licdebug mode and manually renew the Smart Software ID certificate and license entitlement FP9300 A scope license FP9300 A license scope licdebug FP...

Page 120: ...100 9300 chassis After issuing this command use show license resvcode to view the generated reservation request authorization and return codes Example This example shows how to generate a reservation request code and view the generated codes FP9300 A scope license FP9300 A license scope reservation FP9300 A license reservation request universal FP9300 A license reservation show license resvcode Wa...

Page 121: ... Firepower 4100 9300 chassis immediately becomes unlicensed and moves to the Evaluation state To complete the return go to https software cisco com SmartLicensing Inventory locate your Firepower 4100 9300 chassis using its universal device identifier UDI and then remove the product instance Example This example shows how to return a permanent license FP9300 A scope license FP9300 A license scope r...

Page 122: ...Cisco Firepower 4100 9300 FXOS Command Reference 120 A R Commands return ...

Page 123: ...P A R T II S Commands scope Commands on page 123 set Commands on page 157 sh Commands on page 235 ...

Page 124: ......

Page 125: ...firmware on page 138 scope firmware install on page 139 scope ipsec on page 140 scope ipv6 config on page 141 scope licdebug on page 142 scope license on page 143 scope monitoring on page 144 scope org on page 145 scope packet capture on page 146 scope password profile on page 147 scope profile on page 148 scope reservation on page 149 scope security on page 150 scope server on page 151 scope serv...

Page 126: ...sented as managed objects while licenses user roles and platform policies are logical entities represented as managed objects FXOS provides four general commands for managing objects create delete enter and scope For example you can create a local user account you can delete a local user account and you can enter a local user account to assign or change properties for that account you also can sco...

Page 127: ...ser SSH public key firepower security local user Related Commands Description Command Creates a new local user account create local user Adds or edits a local user account enter local user Deletes an existing local user account delete local user Cisco Firepower 4100 9300 FXOS Command Reference 125 S Commands scope ...

Page 128: ...ode Command History Modification Release Command added 1 1 1 Usage Guidelines In adapter mode you can activate or update a firmware version view a variety of adapter specific data and scope into host and external Ethernet interfaces Example This example shows how to enter adapter mode using the chassis server and adapter IDs FP9300 A scope adapter 1 1 1 FP9300 A chassis server adapter Related Comm...

Page 129: ...ory Modification Release Command added 1 4 1 Usage Guidelines None Example This example shows how to enter firmware mode and then auto install mode FP9300 A scope firmware FP9300 A firmware scope auto install FP9300 A firmware auto install Related Commands Description Command Upgrades UCS Infra components UCSM FI and IOM to infra version specified install platform Cisco Firepower 4100 9300 FXOS Co...

Page 130: ...if you are not sharing a subinterface if you manually configure MAC addresses make sure you use unique MAC addresses for all subinterfaces on the same parent interface to ensure proper classification Note The FXOS chassis generates the MAC address using the following format A2xx yyzz zzzz Where xx yy is a user defined prefix or a system defined prefix and zz zzzz is an internal counter generated b...

Page 131: ... ssa scope auto macpool firepower ssa auto macpool Related Commands Description Command Enters ssa mode scope ssa Sets the MAC address prefix set prefix Shows the assigned MAC addresses show mac address Cisco Firepower 4100 9300 FXOS Command Reference 129 S Commands scope auto macpool ...

Page 132: ...lease Command added 1 1 1 Usage Guidelines You can access fabric mode from cabling mode where you can view and manage port breakouts Example This example shows how to enter cabling mode FP9300 A scope cabling FP9300 A cabling Related Commands Description Command Enter fabric interconnect mode scope fabric interconnect Cisco Firepower 4100 9300 FXOS Command Reference 130 S Commands scope cabling ...

Page 133: ...1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter callhome mode from monitoring mode FP9300 A scope monitoring FP9300 A monitoring scope callhome FP9300 A monitoring callhome Related Commands Description Command Shows Call Home configuration and status information show callhome Cisco Firepower 4100 9300 FXOS Command Reference 13...

Page 134: ...is always 1 chassis_id Command Modes EXEC mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter chassis mode FP9300 A scope chassis 1 FP9300 A chassis Related Commands Description Command Shows chassis information show chassis Cisco Firepower 4100 9300 FXOS Command Reference 132 S Commands scope chassis ...

Page 135: ... Modes EXEC mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter cloud connector mode FP9300 A scope cloud connector FP9300 A cloud connector Related Commands Description Command Shows cloud connector configuration information show cloud connector Cisco Firepower 4100 9300 FXOS Command Reference 133 S Commands scope cloud connector ...

Page 136: ...parameters such as authentication service and session timeout values An authentication domain must be created prior to using this command to enter the default authentication mode for a domain Example This example shows how to enter security mode and then default authentication mode FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth Related Commands Descript...

Page 137: ...tory Modification Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter Ethernet uplink mode FP9300 A scope eth uplink FP9300 A eth uplink Related Commands Description Command Shows Ethernet uplink information show eth uplink Cisco Firepower 4100 9300 FXOS Command Reference 135 S Commands scope eth uplink ...

Page 138: ...vices a Command Modes EXEC mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter fabric interconnect mode FP9300 A scope fabric interconnect a FP9300 B fabric interconnect Related Commands Description Command Shows fabric interconnect information show fabric interconnect Cisco Firepower 4100 9300 FXOS Command Reference 136 S Commands scope fabric int...

Page 139: ...lue can be 1 through 8 module_id Command Modes scope chassis Command History Modification Release Command added 1 1 1 Example This example shows how to scope into fan module mode firepower scope chassis firepower chassis scope fan module 1 2 firepower chassis fan module Related Commands Description Command Scopes into a specific fan scope fan Cisco Firepower 4100 9300 FXOS Command Reference 137 S ...

Page 140: ...ommand added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter firmware mode FP9300 A scope firmware FP9300 A firmware Related Commands Description Command Shows server firmware information show server firmware Shows server firmware version show server version Cisco Firepower 4100 9300 FXOS Command Reference 138 S Commands scope...

Page 141: ...ge Guidelines Use this scope to update system firmware with a previously downloaded firmware package Example This example shows how to enter firmware installation mode FP9300 A scope firmware FP9300 A firmware scope firmware install FP9300 A firmware install Related Commands Description Command Downloads a firmware package download image Installs a firmware package install firmware Cisco Firepower...

Page 142: ...e Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter IPSec mode FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec Related Commands Description Command Shows information about the IPSec connection show connection Cisco Firepower 4100 9300 FXOS Command Reference 140 S Commands scope ipsec ...

Page 143: ...Command History Modification Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter IPv6 configuration mode FP9300 A scope fabric interconnect a FP9300 A fabric interconnect scope ipv6 config FP9300 A fabric interconnect ipv6 config Related Commands Description Command Shows IPv6 management interface information...

Page 144: ...es License mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter license debug mode from license mode FP9300 A scope license FP9300 A license scope licdebug FP9300 A license licdebug Related Commands Description Command Enters license mode scope license Cisco Firepower 4100 9300 FXOS Command Reference 142 S Commands scope licdebug ...

Page 145: ...ny command mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter license mode from EXEC level FP9300 A scope license FP9300 A license Related Commands Description Command Shows the usage of some or all license packages show license Cisco Firepower 4100 9300 FXOS Command Reference 143 S Commands scope license ...

Page 146: ...ory Modification Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter monitoring mode FP9300 A scope monitoring FP9300 A monitoring Related Commands Description Command Shows information about the status of a server show server status Cisco Firepower 4100 9300 FXOS Command Reference 144 S Commands scope monito...

Page 147: ...Command Modes Any command mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter organization mode FP9300 A scope org org100 FP9300 A org Related Commands Description Command Lists currently defined organizations show org Cisco Firepower 4100 9300 FXOS Command Reference 145 S Commands scope org ...

Page 148: ...tory Modification Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter packet capture mode FP9300 A scope packet capture FP9300 A monitoring Related Commands Description Command Traces the route to another device on the network traceroute Cisco Firepower 4100 9300 FXOS Command Reference 146 S Commands scope pa...

Page 149: ...ommand History Modification Release Command added 1 1 1 Example This example shows how to enter password profile security mode FP9300 A scope security FP9300 A security scope password profile FP9300 A security password profile Related Commands Description Command Shows password profile information show password profile Cisco Firepower 4100 9300 FXOS Command Reference 147 S Commands scope password ...

Page 150: ...le mode and then display the destination configured for the profile FP9300 A monitoring callhome scope profile SLProfile FP9300 A monitoring callhome profile show destination Destination Name Transport Protocol Email or HTTP HTTPS URL Address SLDest Https https tools cisco com its service oddce services DDCEService FP9300 A monitoring callhome profile Related Commands Description Command Lists cur...

Page 151: ...elease Command added 1 1 1 Example This example shows how to enter reservation mode from license mode FP9300 A scope license FP9300 A license scope reservation FP9300 A license reservation Related Commands Description Command Generates a reservation request code request universal Shows the usage of some or all license packages show license Cisco Firepower 4100 9300 FXOS Command Reference 149 S Com...

Page 152: ...ory Modification Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter security mode FP9300 A scope security FP9300 A security Related Commands Description Command Shows information about the security policies show security Cisco Firepower 4100 9300 FXOS Command Reference 150 S Commands scope security ...

Page 153: ... in n n format The chassis ID is always 1 Note chassis_id blade_id Command Modes EXEC mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter server mode FP9300 A scope server 1 1 FP9300 A chassis server Related Commands Description Command Shows information about the network adapters in a server show server adapter Shows identity information about a s...

Page 154: ...n Release Command added 1 1 1 Usage Guidelines To use this command with the org option an organization and a service profile for that organization must already exist To use this command with the server option the server can be specified with its server ID or the chassis ID and blade ID n n format The chassis ID is always 1 Example This example shows how to enter service profile mode FP9300 A scope...

Page 155: ...des Security services ssa mode Command History Modification Release Command added 1 1 1 Usage Guidelines In slot mode you can update the application image on the logical device Example This example shows how to enter slot mode FP9300 A scope ssa FP9300 A ssa scope slot 2 FP9300 A ssa slot Related Commands Description Command Shows security information show security Cisco Firepower 4100 9300 FXOS C...

Page 156: ...de Command History Modification Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter ssa mode FP9300 A scope ssa FP9300 A ssa Related Commands Description Command Shows security information show security Cisco Firepower 4100 9300 FXOS Command Reference 154 S Commands scope ssa ...

Page 157: ...ation Release Command added 1 1 1 Usage Guidelines You do not have to enter this mode with a managed object Example This example shows how to enter system mode FP9300 A scope system FP9300 A system Related Commands Description Command Shows information about the systems configured on this device show system Cisco Firepower 4100 9300 FXOS Command Reference 155 S Commands scope system ...

Page 158: ...e Command added 1 1 1 Example This example shows how to enter virtual NIC mode while in organization mode FP9300 A scope org org10 FP9300 A org scope service profile sp10 FP9300 A org service profile scope vnic vNIC10 FP9300 A org service profile vnic Related Commands Description Command Shows information about the available network adapters show server adapter Cisco Firepower 4100 9300 FXOS Comma...

Page 159: ...olute session timeout on page 177 set con session timeout on page 178 set cpu core count on page 179 set deploy type on page 181 set email on page 183 set enforce strong password on page 184 set expiration on page 186 set firstname on page 187 set history count on page 188 set http proxy server enable on page 189 set http proxy server port on page 190 set http proxy server url on page 191 set http...

Page 160: ...address on page 218 set remote ike ident on page 219 set remote subnet on page 220 set remote user on page 221 set resource profile name on page 222 set session timeout on page 224 set ssh server on page 225 set sshkey on page 226 set trustpoint on page 227 set use 2 factor on page 228 set user account unlock time on page 229 set value create bootstrap key FIREWALL_MODE on page 230 set value creat...

Page 161: ...ional Specify the IPv6 address of the device domain ipv6 Optional Specify the city or town in which the company requesting the certificate is headquartered Enter up to 64 characters You can use any letters numbers or spaces as well as the following special characters comma period at sign carat open parenthesis close parenthesis dash _ underscore plus sign colon forward slash locality Optional Spec...

Page 162: ... entering a certificate request use these options to specify information about the request Example This example shows how to specify information about a certificate request firepower security keyring enter certreq firepower security keyring certreq set ip 198 51 100 5 firepower security keyring certreq set password Certificate request password Confirm certificate request password firepower securit...

Page 163: ...s passed regardless of session use This absolute timeout is global across all forms of access including serial console SSH and HTTPS Example This example shows how to enter default authentication mode and then set the absolute timeout for all sessions to four minutes FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set absolute session timeout 240 FP9300 ...

Page 164: ...You must be a user with admin or AAA privileges to use this command The admin account is always set to active It cannot be modified Example This example shows how to enter local user mode and deactivate a local user account FP9300 A scope security FP9300 A security scope local user test_user FP9300 A security local user set account status inactive FP9300 A security local user commit buffer FP9300 ...

Page 165: ...ce Satellite server example https ip_address Transportgateway services DeviceRequestHandler Example This example shows how to create and enter a Smart Call Home destination firepower scope monitoring firepower monitoring scope callhome firepower monitoring callhome scope profile SLProfile firepower monitoring callhome profile scope destination SLDest firepower monitoring callhome profile destinati...

Page 166: ...Home policy when a fault or system event matching the associated cause is encountered Example This example shows how to enter and enable a Call Home policy instance for link down events FP9300 A monitoring callhome enter policy link down FP9300 A monitoring callhome policy set admin state enabled FP9300 A monitoring callhome policy commit buffer FP9300 A monitoring callhome policy Related Commands...

Page 167: ...onnect scope card 2 FP9300 A fabric interconnect card show detail Fabric Card Id 2 Description Firepower 4x40G QSFP NM Number of Ports 16 State Online Vendor Cisco Systems Inc Model FPR NM 4X40G HW Revision 0 Serial SN JAD191601DE Perf N A Admin State Online Power State Online Presence Equipped Thermal Status N A Voltage Status N A FP9300 A fabric interconnect card set adminstate offline FP9300 A ...

Page 168: ...e Command added 1 1 1 Example This example shows how to specify the default authentication server group FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set auth server group admin_server FP9300 A security default auth commit buffer FP9300 A security default auth Related Commands Description Command Specifies the default authentication service set realm C...

Page 169: ...cDVh 8pCPlipc 08ZJ3o9GW2j0eHJN84sguIEDL812ROejQvpmfqGUq11stkIIuh wB V VRhUBVG7p V57I6DHeeRp6cDMLXaM3iMTelhdShyo5YUaRJMak t8kCqhtGXfuLlI E2AkxKXeeveR9n6cpQd5JiNzCT t9IQL T CCqMICRXLFpLCS9o5S5O2B6QFgcTZ yKR6hsmwe22wpK8QI7 5oWNXlolb96hHJ7RPbG7RXYqmcLiXY d2j9 RuNoPJawI hLkfhoIdPA28xlnfIB1azCmMmdPcBO6cbUQfCj5hSmk3StVQKgJCjaujz55TGGd1 G jnxDMX9twwz7Ee51895Xmtr24qqaCXJoW dPhcIIXRdJPMsTJ4yPG0BieuRwd0p i8w...

Page 170: ...pecifies the RSA key modulus SSL key length in bits set modulus Regenerates the RSA keys in the default keyring set regenerate Specifies whether the keyring certificate can be regenerated set trustpoint Cisco Firepower 4100 9300 FXOS Command Reference 168 S Commands set cert ...

Page 171: ...nter lines one at a time Enter ENDOFBUF to finish Press C to abort Trustpoint Certificate Chain BEGIN CERTIFICATE MIIDMDCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJVUzEL BxMMU2FuIEpvc2UsIENBMRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xEzARBgNVBAsT ClRlc3QgR3JvdXAxGTAXBgNVBAMTEHRlc3QuZXhhbXBsZS5jb20xHzAdBgkqhkiG 9w0BCQEWEHVzZXJAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMZw4nTepNIDhVzb0j7Z2J...

Page 172: ...stpoint commit buffer FP9300 A security trustpoint Related Commands Description Command Enters a trustpoint enter trustpoint Shows current trustpoint information show trustpoint Cisco Firepower 4100 9300 FXOS Command Reference 170 S Commands set certchain ...

Page 173: ...how to enter password profile mode enable password change restrictions and then specify that a user can change his or her password only twice in any 24 hour period FP9300 A scope security FP9300 A security scope password profile FP9300 A security password profile set change during interval enable FP9300 A security password profile set change count 2 FP9300 A security password profile set change in...

Page 174: ... be made Example This example shows how to enter password profile mode enable password change restrictions and then specify that a user can change his or her password only twice in any 24 hour period FP9300 A scope security FP9300 A security scope password profile FP9300 A security password profile set change during interval enable FP9300 A security password profile set change count 2 FP9300 A sec...

Page 175: ...word profile mode enable password change restrictions and then specify that a user can change his or her password only twice in any 24 hour period FP9300 A scope security FP9300 A security scope password profile FP9300 A security password profile set change during interval enable FP9300 A security password profile set change count 2 FP9300 A security password profile set change interval 24 FP9300 ...

Page 176: ...d Spaces are used to separate fields in command output tables Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to specify whether command output lines wrap or truncate to fit the width of the terminal window whether table headers are displayed and whether commas or spaces are used to separate fields in command output tables E...

Page 177: ...Condition F77960 2010 01 21T18 32 31 255 1089623 FSM STAGE REMOTE ERROR R FP9300 A Related Commands Description Command Shows current CLI settings show cli Sets the number of lines and the width of the lines displayed in the terminal window terminal Cisco Firepower 4100 9300 FXOS Command Reference 175 S Commands set cli ...

Page 178: ...k interface IP address for each unit based on the chassis ID and slot ID a b chassis_id slot_id Bootstrap settings are meant for initial deployment only or for disaster recovery For normal operation you can change most values in the application CLI configuration Example The following example shows how to set the mode to routed mode firepower scope ssa firepower ssa create logical device FTD1 ftd 1...

Page 179: ... disable the serial console absolute session timeout for debugging while maintaining the absolute timeout for other forms of access Example This example shows how to enter default authentication mode and then set the serial console absolute timeout to four minutes FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set con absolute session timeout 240 FP9300...

Page 180: ...dle session timeout for serial console sessions Example This example shows how to enter default authentication mode and then set the serial console idle timeout to four minutes FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set con session timeout 240 FP9300 A security default auth commit buffer FP9300 A security default auth Related Commands Descriptio...

Page 181: ...hassis model The chassis includes a default resource profile called Default Small which includes the minimum number of cores You can change the definition of this profile and even delete it if it is not in use Note that this profile is created when the chassis reloads and no other profile exists on the system If you change the settings for a resource profile then any instances that use the resourc...

Page 182: ...d Adds a resource profile for use with container instances create resource profile Assigned the resource profile to the application instance set resource profile name Shows resource usage for the security module engine slot show monitor detail Shows resource allocation for the application instance show resource detail Shows resource profile assignments show resource profile user defined Cisco Fire...

Page 183: ... Multi instance capability is only supported for the FTD it is not supported for the ASA Multi instance capability is similar to ASA multiple context mode although the implementation is different Multiple context mode partitions a single application instance while multi instance capability allows independent container instances Container instances allow hard resource separation separate configurat...

Page 184: ...repower ssa slot app instance exit Firepower ssa slot exit Firepower ssa Related Commands Description Command Shows current application attributes show app attri Creates a resource profile for use with constainer instances create resource profile Shows available resource profiles show resource profile name Cisco Firepower 4100 9300 FXOS Command Reference 182 S Commands set deploy type ...

Page 185: ...rsand the email server may not be able to deliver email messages to that address Cisco recommends using email addresses which comply with RFC2821 and RFC2822 and include only 7 bit ASCII characters In callhome mode you can use a maximum of 2083 characters for the email address In local user mode you can use a maximum of 510 characters for the email address Example This example shows how to specify...

Page 186: ...The set min password length on page 200 command can be used to specify the minimum number of characters required Must include at least one uppercase alphabetic character Must include at least one lowercase alphabetic character Must include at least one non alphanumeric special character Must not contain a character that is repeated more than three times consecutively such as aaabbb Must not contai...

Page 187: ...9300 A security Related Commands Description Command Specifies a minimum password length set min password length Cisco Firepower 4100 9300 FXOS Command Reference 185 S Commands set enforce strong password ...

Page 188: ...delines After you configure a user account with an expiration date you cannot reconfigure the account to not expire You can however reconfigure the account with a different expiration date Example This example shows how to enter security mode create a new local user account and specify an expiration date for that account FP9300 A scope security FP9300 A security create local user test_user FP9300 ...

Page 189: ...te a new local user account and specify a first name and a last name for that user FP9300 A scope security FP9300 A security create local user test_user FP9300 A security local user set firstname john FP9300 A security local user set lastname doe FP9300 A security local user commit buffer FP9300 A security local user Description Command Creates a new local user account create local user Specifies ...

Page 190: ...count allowing users to re use previously used passwords at any time Example This example shows how to enter security mode and then password profile mode and specify that a user must make five unique password changes before being allowed to re use a previously used password FP9300 A scope security FP9300 A security scope password profile FP9300 A security password profile set history count 5 FP930...

Page 191: ... proxy for Internet access you must enable the proxy and configure its address for Smart Software Licensing This proxy is also used for Smart Call Home in general Example This example shows how to enable an HTTP proxy FP9300 A scope monitoring FP9300 A monitoring scope callhome FP9300 A monitoring callhome set http proxy server enable on FP9300 A monitoring callhome Related Commands Description Co...

Page 192: ...xy for Internet access you must enable the proxy and configure its address for Smart Software Licensing This proxy is also used for Smart Call Home in general Example This example shows how to enter an HTTP HTTPS proxy server port number FP9300 A scope monitoring FP9300 A monitoring scope callhome FP9300 A monitoring callhome set http proxy server port 443 FP9300 A monitoring callhome Related Comm...

Page 193: ...rnet access you must enable the proxy and configure its address for Smart Software Licensing This proxy is also used for Smart Call Home in general Example This example shows how to enter an HTTPS proxy server address FP9300 A scope monitoring FP9300 A monitoring scope callhome FP9300 A monitoring callhome set http proxy server url https 209 165 201 10 FP9300 A monitoring callhome Related Commands...

Page 194: ...ttp httpd apache org docs 2 0 mod mod_ssl html sslciphersuite for additional information This string is ignored if cipher suite mode is set to anything other than custom Note cipher suite cipher_string Optional Sets the level of Cipher Suite security used custom Lets you define a custom Cipher Suite security specification string using the cipher suite option high strength ALL EDH RSA DES CBC3 SHA ...

Page 195: ... is medium strength Command Modes Services mode Command History Modification Release Command added 1 1 1 Usage Guidelines If certificate authentication is enabled that is the only form of authentication permitted for HTTPS The following requirements must be met by the client certificate to use this feature The user name must be included in the X509 attribute Subject Alternative Name email The clie...

Page 196: ...Related Commands Description Command Enables the HTTPS service enable https Shows current HTTPS service configuration show https Cisco Firepower 4100 9300 FXOS Command Reference 194 S Commands set https ...

Page 197: ...g to an IPSec connection Example This example shows how to add a keyring to the current IPSec connection FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec enter connection testconn FP9300 A security ipsec connection set keyring name kr22 FP9300 A security ipsec connection commit buffer FP9300 A security ipsec connection Description Command Creates a new IPSec connection...

Page 198: ...local user account and then specify a first name and a last name for that user FP9300 A scope security FP9300 A security create local user test_user FP9300 A security local user set firstname john FP9300 A security local user set lastname doe FP9300 A security local user commit buffer FP9300 A security local user Description Command Creates a new local user account create local user Specifies the ...

Page 199: ...ss command to define the endpoints of an IPSec connection Example This example shows how to set the local address for an IPSec connection FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec enter connection testconn FP9300 A security ipsec connection set local address 209 165 201 12 FP9300 A security ipsec connection commit buffer FP9300 A security ipsec connection Descri...

Page 200: ... 4 Includes sensitive information in the data dumps for example SA keys log_level Command Modes IPSec mode Command History Modification Release Command added 1 1 1 Usage Guidelines Use the show ipsec log command to view the logs Example This example shows how to set the IPSec logging level to 2 FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec set log level 2 FP9300 A s...

Page 201: ... user is locked out of the system and must wait a specified amount of time before being allowed to log in again No notification appears indicating that the user is locked out Example This example shows how to enter security mode and specify a maximum number of login attempts FP9300 A scope security FP9300 A security set max login attempts 4 FP9300 A security commit buffer FP9300 A security Related...

Page 202: ...create passwords with the specified minimum number of characters or more For example if num_chars is set to 15 passwords must consist of at least 15 characters Example This example shows how to enter security mode and specify a minimum password length of 15 characters FP9300 A scope security FP9300 A security set min password length 15 FP9300 A security commit buffer FP9300 A security Related Comm...

Page 203: ...s and tunnel mode is used for all other types of connections for example between gateways Example This example shows how to set the IPSec connection mode to tunnel FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec enter connection testconn FP9300 A security ipsec connection set mode tunnel FP9300 A security ipsec connection commit buffer FP9300 A security ipsec connecti...

Page 204: ... Release Command added 1 1 1 Usage Guidelines Use this command to specify the key length for a keyring Example This example shows how to specify a key length of 2048 bits for a keyring FP9300 A scope security FP9300 A security scope keyring test ring FP9300 A security keyring set modulus 2048 FP9300 A security keyring commit buffer switch A security keyring Related Commands Description Command Ent...

Page 205: ... enter password profile mode disable password change restrictions and then specify that a user cannot change his or her password for the next 48 hours FP9300 A scope security FP9300 A security scope password profile FP9300 A security password profile set change during interval disable FP9300 A security password profile set no change interval 48 FP9300 A security password profile commit buffer FP93...

Page 206: ...fix ipv6_prefix Command Modes IPv4 address fabric interconnect mode IPv6 address IPv6 configuration fabric interconnect ipv6 config mode Command History Modification Release Command added 1 1 1 Usage Guidelines After changing the management IP address you will need to re establish any existing connections using the new address You can enter the three keywords and variables for either IP address ty...

Page 207: ...scope fabric interconnect a FP9300 A fabric interconnect scope ipv6 config FP9300 A fabric interconnect ipv6 config show ipv6 if Management IPv6 Interface IPv6 Address Prefix IPv6 Gateway 2001 8998 64 2001 1 FP9300 A fabric interconnect ipv6 config set out of band ipv6 2001 8999 ipv6 prefix 64 ipv6 gw 2001 1 FP9300 A fabric interconnect ipv6 config commit buffer FP9300 A fabric interconnect ipv6 c...

Page 208: ...imum of eight characters and a maximum of 80 characters Use set min password length on page 200 to define a specific minimum number of characters Use set enforce strong password on page 184 to require use of strong passwords Example This example shows how to enter security mode create a new local user account and specify a password for that user FP9300 A scope security FP9300 A security create loc...

Page 209: ...Command added 1 1 1 Example This example shows how to specify an telephone number for the current local user FP9300 A security local user set phone 1 408 555 1212 FP9300 A security local user commit buffer FP9300 A security local user Related Commands Description Command Creates a new local user account create local user Specifies a contact telephone number for a Smart Call Home account set phone ...

Page 210: ...l can only establish a connection with another on EtherChannel Non data interfaces only support active mode Example The following example adds Port Channel 1 with 4 member interfaces sets the type to data and sets the EtherChannel to On mode firepower scope eth uplink firepower eth uplink scope fabric a firepower eth uplink fabric create port channel 1 firepower eth uplink fabric port channel crea...

Page 211: ...and Adds an EtherChannel interface create port channel Assigns a member to the EtherChannel create member port Sets the interface type set port type Cisco Firepower 4100 9300 FXOS Command Reference 209 S Commands set port channel mode ...

Page 212: ... device mgmt This interface is a secondary management interface for FTD devices To use this interface you must configure its IP address and other parameters at the FTD CLI For example you can separate management traffic from events such as web events See the Management Interfaces section in the Firepower Management Center configuration guide System Configuration chapter Firepower eventing interfac...

Page 213: ...other deployment decisions you can create up to 500 VLAN subinterfaces See the following limits for shared interface allocation Maximum 14 instances per shared interface For example you can allocate Ethernet1 1 to Instance1 through Instance14 Maximum 10 shared interfaces per instance For example you can allocate Ethernet1 1 1 through Ethernet1 1 10 to Instance1 Example The following example adds P...

Page 214: ...ower eth uplink fabric interface enter subinterface 12 Firepower eth uplink fabric interface subinterface set vlan 12 Firepower eth uplink fabric interface subinterface set port type data sharing Firepower eth uplink fabric interface subinterface commit buffer Firepower eth uplink fabric interface subinterface Related Commands Description Command Adds an EtherChannel interface create port channel ...

Page 215: ...art manual MAC addresses with A2 due to the risk of overlapping addresses Even if you are not sharing a subinterface if you manually configure MAC addresses make sure you use unique MAC addresses for all subinterfaces on the same parent interface to ensure proper classification Note The FXOS chassis generates the MAC address using the following format A2xx yyzz zzzz Where xx yy is a user defined p...

Page 216: ...auto macpool set prefix 33 firepower ssa auto macpool commit buffer firepower ssa auto macpool Related Commands Description Command Enters ssa mode scope ssa Enter auto macpool mode scope auto macpool Shows the assigned MAC addresses show mac address Cisco Firepower 4100 9300 FXOS Command Reference 214 S Commands set prefix ...

Page 217: ... Release Command added 1 1 1 Example This example shows how to enter security default auth mode and set the default authentication service to Radius FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set realm radius FP9300 A security default auth commit buffer FP9300 A security default auth Related Commands Description Command Specifies an associated authe...

Page 218: ...eeded FXOS considers the Web session to be inactive but it does not terminate the session Example This example shows how to enter default authentication mode and set the session refresh interval FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set refresh period 800 FP9300 A security default auth commit buffer FP9300 A security default auth Related Comman...

Page 219: ...ly in the default keyring Example This example shows how to regenerate the keys in the default keyring FP9300 A scope security FP9300 A security scope keyring default FP9300 A security keyring set regenerate yes FP9300 A security keyring commit buffer switch A security keyring Related Commands Description Command Enters an RSA certificate for a keyring set cert Specifies the RSA key modulus SSL ke...

Page 220: ...et local address command to define the endpoints of an IPSec connection Example This example shows how to set the remote address for an IPSec connection FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec enter connection testconn FP9300 A security ipsec connection set local address 209 165 202 129 FP9300 A security ipsec connection commit buffer FP9300 A security ipsec c...

Page 221: ...PSec connection This identification is used for peer validation during IKE negotiations Example This example shows how to specify the remote IKE ID for an IPSec connection FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec enter connection testconn FP9300 A security ipsec connection set remote ike ident 203 0 113 12 FP9300 A security ipsec connection commit buffer FP9300...

Page 222: ...ommand to specify the IP address mask of an IPSec connectionʼs remote subnet Example This example shows how to set the remote subnet for an IPSec connection FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec enter connection testconn FP9300 A security ipsec connection set remote subnet 209 165 202 128 27 FP9300 A security ipsec connection commit buffer FP9300 A security ...

Page 223: ...ation provider does not supply a user role with the user s authentication information access is denied no login Command Modes Security mode Command History Modification Release Command added 1 1 1 Usage Guidelines assign default role is the default behavior Example This example shows how to enter security mode and deny access to users without a user role FP9300 A scope security FP9300 A security s...

Page 224: ...application instance firepower scope ssa firepower ssa show app Name Version Author Supported Deploy Types CSP Type Is Default App asa 9 10 1 cisco Native Application Yes ftd 6 2 3 cisco Native Application Yes vdp 8 13 01 09 2 radware Vm Application Yes firepower ssa scope app vdp 8 13 01 09 2 firepower ssa app show app resource profile Profile Name Security Model CPU Logical Core Count RAM Size M...

Page 225: ...ult Profile Profile Type Description bronze N A N A No all 6 N A No Custom low end device silver N A N A No all 8 N A No Custom mid level firepower ssa scope slot 1 firepower ssa slot create app instance ftd FTD1 firepower ssa slot app instance set resource profile name silver firepower ssa slot app instance Related Commands Description Command Shows current application attributes show app attri C...

Page 226: ...ession timeout for Web SSH and Telnet sessions Example This example shows how to enter default authentication mode and then set the idle session timeout to four minutes FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set session timeout 240 FP9300 A security default auth commit buffer FP9300 A security default auth Related Commands Description Command Se...

Page 227: ...e SSH host key size Example This example shows how to set the SSH host key size to 2048 bits FP9300 A scope system FP9300 A system scope services FP9300 A system services set ssh server host key rsa 2048 FP9300 A system services commit buffer FP9300 A system services Related Commands Description Command Creates a new SSH server host key create ssh server Deletes the existing SSH host key delete ss...

Page 228: ...at a time Enter ENDOFBUF to finish Press Ctrl C to abort Example This example shows how to specify a public SSH key for the current local user FP9300 A security local user set sshkey ssh rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuo9VQ2CmWBI9 S1f30klCWjnV3lgdXMzO0WUl5iPw85lkdQqap NFuNmHcb4K iaQB8X PDdmtlxQQcawclj k8f4VcOelBxlsGk5luq5ls1ob1VOIEwcKEL h5lrdbNlI8y3SS9I gGiBZ9ARlop9LDpD m8HPh2LOgyH7Ei1MI8 FP9300 ...

Page 229: ...on Release Command added 1 1 1 Usage Guidelines Use this command to specify the trusted point that signed this keyringʼs certificate Example This example shows how to regenerate the keys in the default keyring firepower scope security firepower security scope keyring test ring firepower security keyring set trustpoint CiscoCA5 firepower security keyring commit buffer firepower security keyring Des...

Page 230: ... refresh and session timeout periods so that remote users do not have to re authenticate too frequently Example This example shows how to enter default authentication mode and enable two factor authentication FP9300 A scope security FP9300 A security scope default auth FP9300 A security default auth set use 2 factor yes FP9300 A security default auth commit buffer FP9300 A security default auth Re...

Page 231: ... maximum number of login attempts the user is locked out of the system and must wait this amount of time before being allowed to log in again No notification appears indicating that the user is locked out Example This example shows how to enter security mode and specify the amount of time that must pass before a locked out user can log in again FP9300 A scope security FP9300 A security set user ac...

Page 232: ...operation you can change most values in the application CLI configuration Example The following example shows how to set the mode to routed mode firepower scope ssa firepower ssa create logical device FTD1 ftd 1 standalone Firepower ssa logical device create mgmt bootstrap ftd firepower ssa logical device mgmt bootstrap create bootstrap key FIREWALL_MODE firepower ssa logical device mgmt bootstrap...

Page 233: ...y if a documented procedure tells you it is required or if the Cisco Technical Assistance Center asks you to use it To enter this mode use the expert command in the FTD CLI Example The following example shows how to enable Expert Mode from SSH firepower scope ssa firepower ssa create logical device FTD1 ftd 1 standalone Firepower ssa logical device create mgmt bootstrap ftd firepower ssa logical d...

Page 234: ...r scope eth uplink firepower eth uplink scope fabric a firepower eth uplink fabric scope interface Ethernet1 1 firepower eth uplink fabric interface create subinterface 10 firepower eth uplink fabric interface subinterface set vlan 10 firepower eth uplink fabric interface subinterface set port type data sharing firepower eth uplink fabric interface subinterface exit firepower eth uplink fabric int...

Page 235: ...Description Command Enters the physical interface object scope interface Sets the interface type set port type Cisco Firepower 4100 9300 FXOS Command Reference 233 S Commands set vlan ...

Page 236: ...Cisco Firepower 4100 9300 FXOS Command Reference 234 S Commands set vlan ...

Page 237: ...age 254 show connection on page 255 show download task on page 256 show environment on page 258 show eth uplink on page 260 show event on page 262 show fabric on page 263 show fabric interconnect on page 264 show fan module on page 266 show fault on page 268 show fips mode on page 270 show firmware on page 271 show https on page 273 show identity on page 274 show interface on page 277 show interfa...

Page 238: ... server bios on page 330 show server boot order on page 332 show server cpu on page 334 show server decommissioned on page 335 show server environment on page 336 show server firmware on page 338 show server identity on page 340 show server inventory on page 342 show server memory on page 344 show server status on page 346 show server storage on page 347 show server version on page 349 show servic...

Page 239: ...g options are also available fault_ID Shows information for the specified fault cause Shows information for only the specified cause type detail Shows detailed fault information severity Shows information for only the specified severity level suppressed Lists suppressed faults The cause detail and severity keywords are available with this option fault Optional Displays finite state machine informa...

Page 240: ...er1 FP9300 A ssa slot app instance show Application Instance App Name Identifier Admin State Oper State Running Version Startup Version Deploy Type Profile Name Cluster State Cluster Role asa cluster1 Enabled Online 201 2 1 125 201 2 1 125 Native In Cluster Slave Related Commands Description Command Enters application instance mode for a specific application scope app instance Shows general config...

Page 241: ...w to display detailed authentication domain information for a specific domain firepower scope security firepower security show auth domain test_domain detail Authentication domain Authentication domain name test_domain Web session refresh period in secs 600 Idle Session timeout in secs for web ssh telnet sessions 600 Absolute Session timeout in secs for web ssh telnet sessions 3600 Serial Console ...

Page 242: ...ommand History Modification Release Command added 1 1 1 Usage Guidelines By default this command shows information about the most recently installed firmware package Example This example shows how to display detailed information about the installed firmware package FP9300 A scope firmware FP9300 A firmware scope firmware install FP9300 A firmware install show detail Firmware Pack Install Upgrade P...

Page 243: ...on Appending the detail keyword displays this interface information along with some additional fabric specific information Example This example shows how to display management interface information firepower scope fabric interconnect firepower fabric interconnect show Fabric Interconnect ID OOB IP Addr OOB Gateway OOB Netmask OOB IPv6 Address OOB IPv6 Gateway Prefix Operability A 192 0 2 112 192 0...

Page 244: ...the module application instance The detail keyword is available with this option expand Optional Displays information about faults that have occurred on the SSP The following options are also available with this keyword fault_ID Shows information for the specified fault cause Shows information for only the specified cause type detail Shows detailed fault information severity Shows information for ...

Page 245: ...le This example shows how to display general slot information firepower scope ssa firepower ssa scope slot 2 firepower ssa slot show Slot Slot ID Log Level Admin State Oper State 2 Info Ok Online firepower ssa slot Related Commands Description Command Enters module configuration mode for a specific slot scope slot Cisco Firepower 4100 9300 FXOS Command Reference 243 S Commands show slot ...

Page 246: ...or port breakouts The detail keyword is available with this option expand Command Modes scope cabling scope fabric a Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command displays breakout information for all ports Example This example shows how to display expanded cabling information firepower scope cabling firepower cabling scope fabric a firepower cab...

Page 247: ...This example shows how to display Call Home information FP9300 A monitoring show callhome Callhome Admin State Off Throttling State On Contact Information admin Customer Contact Email From Email Reply To Email Phone Contact e g 1 011 408 555 1212 Street Address Contract Id Customer Id Site Id Switch Priority Debugging Enable Disable HTTP HTTPS Proxy Off HTTP HTTPS Proxy Server Address HTTP HTTPS P...

Page 248: ...automatically propagate compliance to any of its attached logical devices Example This example shows how to enter security mode and display current Common Criteria mode status information FP9300 A scope security FP9300 A security show cc mode Common Criteria Mode Admin State Disabled Common Criteria Mode Operational State Disabled FP9300 A security Related Commands Description Command Disables Com...

Page 249: ...l Unit Name eg section Sec DNS name subject alternative name Request BEGIN CERTIFICATE REQUEST MIIDEzCCAbsCAQAwEDEOMAwGA1UEAwwFdGVzdDEwggFiMA0GCSqGSIb3DQEBAQUA A4IBTwAwggFKAoIBQQCDnam ZTgX8SYXeaYIMeVPeMLvOO7EemP7kEAHPpAqX9d6 3V5NIOLNnCfr7SL8gmLDFORanzZIYb9uxD7 z98xlrS3LdIB3GWCYw IN1Hz5do uClI56thmN5nWgjEWGDwTnu CD0tFn3qPg8wOpynutE f43B4fyhWRpU5VO6I3Ma SRrR4Cp9CKju6U9lttqiNkt5VH3 peM 3AgF6suFF96tN2...

Page 250: ...w keyring certificate request create certreq Creates a new RSA keyring create keyring Deletes an existing keyring certificate request delete certreq Enters a keyring certificate request enter certreq Cisco Firepower 4100 9300 FXOS Command Reference 248 S Commands show certreq ...

Page 251: ...erconnect I O module information The keyword detail is also available fi iom Optional Displays information about the firmware The keyword detail is also available firmware Optional Displays information about the finite state machine The keyword expand is also available fsm status Optional Displays vendor and identification information about the chassis The keywords detail expand fabric fan fi iom ...

Page 252: ...sis information Example This example shows how to display basic chassis information FP9300 A show chassis 1 Chassis Chassis Overall Status Admin State 1 Accessibility Problem Acknowledged FP9300 A Related Commands Description Command Shows server hardware information show server environment Cisco Firepower 4100 9300 FXOS Command Reference 250 S Commands show chassis ...

Page 253: ...l type shell type Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines This command does not require a license Example This example shows how to display information about the current session configuration FP9300 A show cli session config Suppress Headers off Suppress Field Spillover off Table Field Delimiter none Terminal Width 61 Terminal Length...

Page 254: ...ommand mode Command History Modification Release Command added 1 1 1 Example This example shows how to display the current system date and time FP9300 A show clock Tue Apr 20 13 24 33 PDT 2010 FP9300 A Related Commands Description Command Sets the date and time manually set clock Shows currently set time zone show timezone Cisco Firepower 4100 9300 FXOS Command Reference 252 S Commands show clock ...

Page 255: ... status Command Modes Any command mode Command History Modification Release Command added 2 2 2 Example This example shows how to display status information for the cloud connector FSM FP9300 A show cloud connector fsm status FSM 1 Remote Result Not Applicable Remote Error Code None Remote Error Description Status Nop Previous Status Nop Timestamp Never Try 0 Progress 100 Current Task FP9300 A Rel...

Page 256: ... uncommitted configuration commands no pending Optional Shows all pending configuration commands only pending Command Modes Any command mode Command History Modification Release Command added 1 1 1 Example This example shows how to display information about pending uncommitted configuration commands FP9300 A show configuration pending scope services create ntp server 192 168 200 101 exit FP9300 A ...

Page 257: ... Command added 1 1 1 Usage Guidelines Use this command to display current IPSec connection information Example This example shows how to display IPSec connection information FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec show connection IPSec Connection Name Admin State Local Address Remote Address ESP Mode Keyring Name TEST Disabled Transport FP9300 A security ipsec...

Page 258: ...firmware package download provide the name of that package package_name Command Modes Firmware mode Command History Modification Release Command added 1 1 1 Usage Guidelines If you do not provide a specific package_name all firmware package downloads are listed Example This example shows how to show detailed firmware download task information for a specific package FP9300 A scope firmware FP9300 A...

Page 259: ...ed Commands Description Command Installs a firmware package install firmware Shows system firmware information show firmware Cisco Firepower 4100 9300 FXOS Command Reference 257 S Commands show download task ...

Page 260: ...tional Displays power supply unit status The keywords detail fan iom and server are also available psu Optional Lists extension status information for each hardware component of each server The keywords detail fan iom and psu are also available server Optional Displays a status summary of each hardware component The keyword detail is also available summary Command Modes scope chassis Command Histo...

Page 261: ...Speed Status Ok Overall Status Operable FAN 3 Fan Speed RPM RPM 4180 Speed Status Ok Overall Status Operable FAN 4 Fan Speed RPM RPM 4092 Speed Status Ok Overall Status Operable BLADE 1 Total Power Consumption 258 000000 Processor Temperature C 61 000000 BLADE 2 Total Power Consumption 270 000000 Processor Temperature C 65 500000 firepower chassis Related Commands Description Command Shows server ...

Page 262: ...ernet Uplink Mode MAC Table Aging Time dd hh mm ss VLAN Port Count Optimization Security Node 00 04 01 40 Disabled firepower show eth uplink expand Ethernet Uplink Mode Security Node MAC Table Aging Time dd hh mm ss 00 04 01 40 VLAN Port Count Optimization Disabled Ethernet Link Profile Name UDLD link policy name Oper UDLD link policy name default default fabric lan udld link pol default Fabric Fa...

Page 263: ... Failed State Reason No operational members Member Port Port Name Membership Oper State State Reason Ethernet1 5 Down Link Down Link failure or not connected Ethernet1 6 Down Link Down Link failure or not connected Stats Threshold Policy Name default Full Name fabric lan thr policy default Policy Owner Local UDLD link policy Name Admin State UDLD mode default Disabled Normal firepower Related Comm...

Page 264: ...M STAGE SKIP post processing after keyring configration on primary FSM STAGE sam dme PkiEpUpdateEp PostSetKeyRingLocal 2025 12 23T04 17 00 678 176147 E4197130 FSM STAGE END post processing after keyring configration on primary FSM STAGE sam dme PkiEpUpdateEp PostSetKeyRingLocal 2025 12 23T04 17 00 678 176148 E4197131 FSM STAGE SKIP post processing after keyring configuration on secondary FSM STAGE...

Page 265: ...l keyword is available with this option expand Command Modes scope cabling Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command displays general fabric cabling information Example This example shows how to display expanded cabling information firepower scope cabling firepower cabling show fabric expand cabling on switch Id A port breakout Slot ID Port I...

Page 266: ...ly one fabric b Do not use there is no Fabric B detail Displays detailed environment information expand Displays expanded environment information The detail keyword is available with this option fan Displays fan specific information The keywords detail and psuavailable with this option psu Displays power supply unit specific information The keywords detail and fanavailable with this option environ...

Page 267: ... FP9300 A show fabric interconnect Fabric Interconnect ID OOB IP Addr OOB Gateway OOB Netmask OOB IPv6 Address OOB IPv6 Gateway Prefix Operability A 10 201 153 14 10 201 153 1 255 255 255 0 64 Operable FP9300 A Related Commands Description Command Enters fabric interconnect mode scope fabric interconnect Cisco Firepower 4100 9300 FXOS Command Reference 265 S Commands show fabric interconnect ...

Page 268: ...ssis Command History Modification Release Command added 1 1 1 Usage Guidelines You can use this command without any arguments or keywords to display basic fan module information Example This example shows how to show detailed information for a specific fan module firepower scope chassis firepower chassis show fan module 1 2 detail Fan Module Tray 1 Module 2 Overall Status Operable Operability Oper...

Page 269: ...Related Commands Description Command Scopes into a specific fan scope fan Cisco Firepower 4100 9300 FXOS Command Reference 267 S Commands show fan module ...

Page 270: ...mand Modes Any command mode Command History Modification Release This command was introduced 1 0 1 Example This example shows how to display the fault list FP9300 A show fault Severity Code Last Transition Time ID Description Major F0276 2025 12 16T07 08 08 542 52605 ether port 1 1 on fabric interconnect A oper state link down reason Link failure or not connected Major F0276 2025 12 16T07 08 08 54...

Page 271: ...med out Check for IP port password disk space or network access related issues sam dme MgmtBackupBackup upload remaining lines removed for brevity FP9300 A Related Commands Description Command Shows information on the status of a server show server status Cisco Firepower 4100 9300 FXOS Command Reference 269 S Commands show fault ...

Page 272: ...n a Firepower 4100 9300 chassis does not automatically propagate compliance to any of its attached logical devices Example This example shows how to enter security mode and display current FIPS mode status information FP9300 A scope security FP9300 A security show fips mode FIPS Mode Admin State Disabled FIPS Mode Operational State Disabled FP9300 A security Related Commands Description Command Di...

Page 273: ...t and chassis server s monitor Optional Use this keyword to display current package version for the device manager package version Command Modes System mode Command History Modification Release Command added 1 1 1 Usage Guidelines You can use show firmware monitor repeatedly to monitor the status of a firmware upgrade download and activation Example This example shows how to monitor firmware versi...

Page 274: ...Description Command Activates a firmware package activate firmware Shows server firmware versions and status information show server firmware Cisco Firepower 4100 9300 FXOS Command Reference 272 S Commands show firmware ...

Page 275: ...m scope services FP9300 A system services show https Name https Admin State Enabled Port 443 Operational port 443 Key Ring default Cipher suite mode Medium Strength Cipher suite ALL EDH RSA DES CBC3 SHA EDH DSS DES CBC3 SHA DES CBC3 SHA ADH 3DES EXPORT40 EXPORT56 LOW RC4 MD5 IDEA HIGH MEDIUM EXP eNULL Https authentication type Cred Auth Crl mode Relaxed FP9300 A system services Related Commands De...

Page 276: ...etail keyword is also available profile info Displays IPv4 address information for the profile The detail keyword is also available ip addr Optional Lists information for all available IPv6 addresses The following optional keywords are available detail Displays detailed IPv6 address identity information pool info Displays IPv6 address information for the pool The detail keyword is also available p...

Page 277: ...ays details about the identity information in list format pool info Displays MAC address identity information for the pool The detail keyword is also available profile info Displays MAC address identity information for the profile The detail keyword is also available mac addr Optional Displays the universally unique identifier UUID identity information for a system The following optional keywords ...

Page 278: ...ed 1 1 1 Usage Guidelines IQN pools and prefixes must be configured in order to use the show identity iqn command Example This example shows how to display detailed identity information for the device s IPv4 addresses FP9300 A show identity ip addr detail IP Address 192 0 2 9 Assigned No Assigned Service Profile Owner Pool IP Address 192 0 2 10 Assigned No Assigned Service Profile Owner Pool IP Ad...

Page 279: ...e the show subinterface command Example The following is sample output from the show interface command firepower scope eth uplink firepower eth uplink scope fabric a firepower eth uplink fabric show interface Interface Port Name Port Type Admin State Oper State Allowed Vlan State Reason Ethernet1 2 Data Enabled Up All Ethernet1 4 Mgmt Enabled Up All Ethernet1 5 Data Enabled Up Untagged Ethernet1 7...

Page 280: ...r Peer Port Name Allowed Vlan All Network Control Policy default Current Task Port Name Ethernet1 4 User Label Port Type Mgmt Admin State Enabled Oper State Up State Reason flow control policy default Auto negotiation No Admin Speed 1 Gbps Oper Speed 1 Gbps Admin Duplex Full Duplex Oper Duplex Full Duplex Ethernet Link Profile name default Oper Ethernet Link Profile name fabric lan eth link prof d...

Page 281: ...thernet1 5 Port Type Data Admin State Enabled Oper State Up Allowed Vlan Untagged State Reason Sub Interface Sub If Id Sub Interface Name VLAN Port Type 100 Ethernet1 5 100 500 Data Sharing Related Commands Description Command Shows EtherChannel status show port channel Shows subinterface status show subinterface Cisco Firepower 4100 9300 FXOS Command Reference 279 S Commands show interface ...

Page 282: ...000 D Eth1 6 1 eth 1qtunl up none 1000 D 2 Eth1 7 1 eth 1qtunl up none 1000 D Eth1 8 1 eth 1qtunl down SFP not inserted 10G D Eth1 9 1 eth vntag up none 40G D Eth1 10 1 eth vntag up none 40G D Eth1 11 1 eth vntag up none 40G D Eth1 12 1 eth vntag up none 40G D Eth1 13 1 eth access down Administratively down 40G D Eth1 14 1 eth access down Administratively down 40G D Eth1 15 1 eth access down Admin...

Page 283: ...runk up none auto Veth764 4047 virt trunk up none auto Veth772 1 virt trunk down Administratively down auto Veth773 1 virt trunk down Administratively down auto Veth774 1 virt trunk down Administratively down auto Veth775 4047 virt trunk up none auto Veth776 4047 virt trunk up none auto Veth777 4047 virt trunk up none auto Veth792 1 virt trunk up none auto Veth793 1 virt trunk up none auto Veth794...

Page 284: ...type eth dedicated Ethernet interface virt virtual interface Type Operational port mode layer3 Layer 3 interface access access port trunk trunk port pvlan private VLAN fabric fabric port F_port 1qtunl 1q tunnel 802 1Q tunnel port f path fabric path Mode Interface state up port is operationally up down port is operationally down testing interface is in test mode no operational packets can be passed...

Page 285: ...Description Field Reason Cisco Firepower 4100 9300 FXOS Command Reference 283 S Commands show interface brief connect fxos ...

Page 286: ...ELP failure Isolation due to ESC failure Isolation due to domain overlap Isolation due to domain id assignment failure Isolation due to domain other side eport isolated Isolation due to invalid fabric reconfiguration Isolation due to domain manager disabled Isolation due to zone merge failure Isolation due to vsan not configured on peer Parent Interface Admin Down Tunnel port src interface unbound...

Page 287: ...on due to remote zone server not responding Error disabled due to first interface in this group is E Error disabled due to other interfaces in this group are not shut TCP connection closed by peer TCP connection rest by peer TCP max retransmission reached TCP keep alive timer expired TCP persist timer expired Parent ethernet link down Parent ethernet down Admin config change Tunnel src port remove...

Page 288: ...tion due to ELP failure invalid payload size Error Disabled due to portchannel misconfiguration Link failure Port unusable Link failure loss of signal Link failure loss of sync Link failure NOS received Link failure OLS received Link failure renegotiation failed Link failure Link Reset failed nonempty recv queue Link failure Excessive credit loss indications Link failure receive queue overflow Err...

Page 289: ...ponse from peer Suspended due to dynamic vsan suspension Suspended due to dynamic vsan not found All tracked ports down Suspended as extended credit mode not allowed for loop ports Isolation due to portchannel misconfiguration Peer device does not support portchannels Isolation during port bringup Isolation due to domain not allowed Isolation due to virtual IVR domain overlap Out of service Authen...

Page 290: ...link reset Link failure port initialization failed ELP failure all zero peer WWN received Isolation due to preferred path FC redirect isolation Port activity license not available SDM isolation FCID allocation failed Externally disabled Authorization pending Hot standby in bundle Channel error disabled Port capabilities not known Mismatch in source and transport VRF Forward referencing transport V...

Page 291: ...link Interface is error disabled becasue of STP set port state failure port channel is down because it was suspended by vpc vpc configuration is in progress vpc peer link is down vpc down because failed to receive response from peer vpc down because compatibility check failed Not enough free entries in TCAM bank tunnel interface is down because tunnel source interface is down Error disabled due to...

Page 292: ...nfig does not match type of transceiver Suspended due to no LACP PDUs received from peer Interface speed Auto auto negotiated 10 10 Mbps 100 100 Mbps Auto110 auto negotiated between 10 and 100 Mbps 1000 1 Gbps 10G 10 Gbps a 10 auto negotiated 16 Mbps a 100 auto negotiated 106 Mbps a 1000 auto negotiated 1006 Mbps a 10G auto negotiated 10006 Mbps 40G 40000 Mbps 100G 100000 Mbps a 40G auto negotiate...

Page 293: ...ng VRF instance to which port is assigned if any VRF Port IP address IP Address Port MTU maximum transmission unit size MTU Related Commands Description Command In connect fxos mode shows port information show port In connect fxos mode shows VLAN information show vlan Cisco Firepower 4100 9300 FXOS Command Reference 291 S Commands show interface brief connect fxos ...

Page 294: ...n about fabric interconnect switch I O modules The keyword detail is also available fi iom Optional Displays information about chassis input output modules The keyword detail is also available iom Optional Displays information about installed power supply units The keyword detail is also available psu Optional Lists information for each server component The keyword detail is also available server ...

Page 295: ... Product Name Cisco Firepower 9000 Series Security Module Acknowledged PID FPR9K SM 24 Acknowledged VID V01 Acknowledged Serial SN FCH19057RTY Acknowledged Memory MB 262144 Acknowledged Effective Memory MB 262144 Acknowledged Cores 24 Acknowledged Adapters 2 Server 1 3 Equipped Product Name Equipped PID Equipped VID Equipped Serial SN Slot Status Empty Acknowledged Product Name Acknowledged PID Ac...

Page 296: ...pped ID PID Vendor Serial SN HW Revision 1 FPR9K FAN Cisco Systems I NWG190200L8 0 2 FPR9K FAN Cisco Systems I NWG190200L8 0 Switch IOCard 1 Side Left Fabric ID A Product Name Cisco FPR9K SUP PID FPR9K SUP VID V01 Vendor Cisco Systems Inc Serial SN JAD190800VU HW Revision 0 Fabric Card 1 Description Firepower 9300 Supervisor Number of Ports 8 State Online Vendor Cisco Systems Inc Model FPR9K SUP H...

Page 297: ...16 State Online Vendor Cisco Systems Inc Model FPR9K NM 4X40G HW Revision 0 Serial SN JAD191601DK Perf N A Power State Online Presence Equipped Thermal Status N A Voltage Status N A firepower chassis Related Commands Description Command Shows chassis hardware status information show environment Cisco Firepower 4100 9300 FXOS Command Reference 295 S Commands show inventory ...

Page 298: ...he address prefix and service for each IPv4 block as separate lines detail Command Modes Services mode Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to list the currently permitted blocks of IPv4 addresses Up to 25 different blocks can be configured for each service Example This example shows how to display detailed IPv4 address block information FP9300...

Page 299: ...Related Commands Description Command Creates an IPv4 block create ip block Deletes an existing IPv4 block delete ip block Cisco Firepower 4100 9300 FXOS Command Reference 297 S Commands show ip block ...

Page 300: ... E ssp ssp net Feb 10 23 40 02 15 CFG test connection 69 checking certificate status of C US ST CA O CA1 OU ca1 CN InterCA1 E ca1 ca net Feb 10 23 40 02 15 CFG test connection 69 fetching crl from file opt certstore ssp2 tp crl Feb 10 23 40 02 15 CFG test connection 69 issuer of fetched CRL C US ST CA O CA1 OU ca1 CN InterCA1 E ca1 ca net does not match CRL issuer 56 71 f1 d9 b1 62 fd c3 2b 4d cb ...

Page 301: ...FP9300 A security ipsec Related Commands Description Command Sets the IPSec log verbosity set log level Cisco Firepower 4100 9300 FXOS Command Reference 299 S Commands show ipsec log ...

Page 302: ...he address prefix and service for each IPv6 block as separate lines detail Command Modes Services mode Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to list the currently permitted blocks of IPv6 addresses Up to 25 different blocks can be configured for each service Example This example shows how to display detailed IPv4 address block information FP9300...

Page 303: ...lated Commands Description Command Creates an IPv6 block create ipv6 block Deletes an existing IPv6 block delete ipv6 block Cisco Firepower 4100 9300 FXOS Command Reference 301 S Commands show ipv6 block ...

Page 304: ...ines By default this command displays only IPv6 management interface information Example This example shows how to display IPv6 management interface information FP9300 A scope fabric interconnect FP9300 A scope ipv6 config FP9300 A fabric interconnect ipv6 config show ipv6 if Management IPv6 Interface IPv6 Address Prefix IPv6 Gateway 2001 8998 64 2001 1 FP9300 A fabric interconnect ipv6 config Rel...

Page 305: ...ded 1 1 1 Usage Guidelines You must purchase permanent licenses so they are available in Smart Software Manager Not all accounts are approved for permanent license reservation Example This example shows how to display current status and usage of all license packages FP9300 A show license all Smart Licensing Status Smart Licensing is ENABLED Registration Status REGISTERED Smart Account Cisco SVS te...

Page 306: ...Attempt Aug 08 14 50 41 2017 CDT remaining lines removed for brevity FP9300 A Related Commands Description Command Enters license mode scope license Cisco Firepower 4100 9300 FXOS Command Reference 304 S Commands show license ...

Page 307: ...se the show command to display information for the connected user Example This example shows how to display detailed user information for a specific local user FP9300 A security show local user test_user detail Local User test_user First Name test Last Name user Email test_user testuser com Phone Expiration Never Password User lock status Not Locked Account status Active User Roles Name admin Name...

Page 308: ...ss Owner Profile Owner Name A2 46 C4 00 00 1E ftd13 Port channel14 A2 46 C4 00 00 20 ftd14 Port channel15 A2 46 C4 00 01 7B ftd1 Ethernet1 3 A2 46 C4 00 01 7C ftd12 Port channel11 A2 46 C4 00 01 7D ftd13 Port channel14 A2 46 C4 00 01 7E ftd14 Port channel15 A2 46 C4 00 01 7F ftd1 Ethernet1 2 A2 46 C4 00 01 80 ftd12 Ethernet1 2 A2 46 C4 00 01 81 ftd13 Ethernet1 2 A2 46 C4 00 01 82 ftd14 Ethernet1 2...

Page 309: ...e ftd1 Owner Name Ethernet1 4 Mac Address A2 F0 B0 00 00 19 Owner Profile ftd1 Owner Name Ethernet1 4 Related Commands Description Command Creates an EtherChannel port channel create port channel Adds a subinterface create subinterface Enters the physical interface object scope interface Sets the interface type set port type Cisco Firepower 4100 9300 FXOS Command Reference 307 S Commands show mac ...

Page 310: ...mation firepower connect local mgmt firepower local mgmt show mgmt port eth0 Link encap Ethernet HWaddr b0 aa 77 2f f0 a9 inet addr 10 89 5 14 Bcast 10 89 5 63 Mask 255 255 255 192 inet6 addr fe80 b2aa 77ff fe2f f0a9 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 174151 errors 0 dropped 0 overruns 0 frame 0 TX packets 101268 errors 0 dropped 0 overruns 0 carrier 0 collis...

Page 311: ... to track resource availability Example The following is sample output from the show monitor command firepower scope ssa firepower ssa scope slot 1 firepower ssa slot show monitor Monitor OS Version Memory Total MB Memory Free MB Memory Used MB CPU Cores Available Blade Uptime Last Updated Timestamp 2 4 1 101 251844 222089 29755 22 up 19 days 2 06 2018 11 27T18 11 34 155 The following is sample ou...

Page 312: ...ower ssa slot show monitor expand Monitor OS Version 2 4 1 101 Memory Total MB 251844 Memory Free MB 222089 Memory Used MB 29755 CPU Cores Available 22 Blade Uptime up 19 days 2 06 Last Updated Timestamp 2018 11 27T18 11 34 155 Disk File System File System Mount Point Disk Total MB Disk Free MB Disk Used MB dev sda1 mnt boot 7614 7451 163 dev sda2 opt cisco config 1846 1707 43 dev sda3 opt cisco p...

Page 313: ...d mode Command History Modification Release Command added 1 1 1 Example This example shows how to display current clock synchronization status for chassis and any logical devices installed on the chassis FP9300 A show ntp overall status NTP Overall Time Sync Status Time Synchronized FP9300 A Related Commands Description Command Displays the system clock show clock Cisco Firepower 4100 9300 FXOS Co...

Page 314: ...ecified organization maximum of 16 characters for this identifier name Command Modes Any command mode Command History Modification Release Command added 1 1 1 Example This example shows how to display current organization information FP9300 A show org Organizations Name root FP9300 A Related Commands Description Command Enters organization org mode scope org Cisco Firepower 4100 9300 FXOS Command ...

Page 315: ...fpr4k bundle Lists information for any available FP4100 series firmware bundles firmware fpr9k bundle Lists information for any available FP9300 firmware bundles image Lists available firmware images full bundle Lists information for any downloaded full bundles infrastructure bundle Lists information for any downloaded infrastructure bundles platform bundle Lists information for any downloaded pla...

Page 316: ...SPA Version 2 3 1 51 Type Platform Bundle State Active Time Stamp 2017 10 25T16 53 30 000 Build Date 2017 10 21 09 10 36 UTC FP9300 A firmware show package fxos k9 2 3 1 51 SPA expand Package fxos k9 2 3 1 51 SPA Images fxos k9 bundle infra 2 3 1 51 SPA fxos k9 bundle server 2 3 1 51 SPA FP9300 A firmware Related Commands Description Command Shows server firmware versions and status information sh...

Page 317: ...or the current security password profile Example This example shows how to display detailed password profile information FP9300 A scope security FP9300 A security show password profile detail Password profile Password history count 5 No password changes allowed in Hours 24 Password change during interval Enable Password change interval in Hours 48 Password change count 2 FP9300 A Related Commands ...

Page 318: ...s no errors Command Modes Any command mode most relevant in server chassis server mode Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command in server mode Example This example shows how to display POST information FP9300 A scope server 1 1 FP9300 A chassis server show post POST Global ID Code Severity Affected Object Description 608 Post 608 Info sys chassis 1...

Page 319: ...out any arguments or keywords to display basic power supply unit information Example This example shows how to view detailed power supply unit information firepower scope chassis firepower chassis show psu detail PSU PSU 1 Overall Status N A Operability N A Threshold Status N A Power State Off Presence Equipped Thermal Status OK Voltage Status N A Product Name Cisco Firepower 9000 Series AC Power ...

Page 320: ...01 Vendor Cisco Systems Inc Serial SN DTM190705J8 HW Revision 0 Firmware Version N A Type DV Wattage W 2500 Input Source 210AC 50 380DC firepower chassis Related Commands Description Command Shows information about the chassis and its installed modules show inventory Cisco Firepower 4100 9300 FXOS Command Reference 318 S Commands show psu ...

Page 321: ...d History Modification Release Command added 1 1 1 Example This example shows how to view service registry information FP9300 A show registry repository Service Registry Name ID 1000 IP 0 0 0 0 Type Service Reg Version Capability Unspecified FP9300 A Related Commands Description Command Shows service profile information show service profile Cisco Firepower 4100 9300 FXOS Command Reference 319 S Co...

Page 322: ...1 firepower ssa slot scope app instance ftd LD1 firepower ssa slot app instance show resource Resource Allocated Core NR Allocated RAM MB Allocated Data Disk MB Allocated Binary Disk MB 6 29593 40960 3907 The following is sample output from the show resource detail command firepower scope ssa firepower ssa scope slot 1 firepower ssa slot scope app instance ftd LD1 firepower ssa slot app instance s...

Page 323: ... Command Shows resource profile information show resource profile Views resource profile assignments show resource profile user defined Cisco Firepower 4100 9300 FXOS Command Reference 321 S Commands show resource ...

Page 324: ...an add resource profiles for container instances using the create resource profile command vDP resource profiles are created automatically by the system The chassis includes a default container instance resource profile called Default Small which includes the minimum number of cores You can change the definition of this profile and even delete it if it is not in use Note that this profile is creat...

Page 325: ... The following is sample output from the show resource profile user defined command firepower ssa show resource profile user defined Profile Name Is In Use CPU Logical Core Count Description bronze No 6 low end device gold No 14 highest silver No 10 mid level Related Commands Description Command Adds a container instance resource profile create resource profile Sets the number of CPUs for the reso...

Page 326: ...tion The status keyword is required fsm status Command Modes Any command mode Command History Modification Release Command added 1 1 1 Example This example shows how to display expanded information for security mode FP9300 A show security detail security mode Password Strength Check No Minimum Password Length 8 Current Task FP9300 A Related Commands Description Command Enters security mode scope s...

Page 327: ... 7a Limit Not Exceeded Asserted 3 12 16 2015 23 09 57 CIMC Processor P1_THERMTRIP_N 0x 79 Limit Not Exceeded Asserted 4 12 16 2015 23 10 00 CIMC Platform alert LED_SYS_ACT 0xa4 LED is on Asserted 5 12 16 2015 23 10 00 CIMC Platform alert LED_SYS_ACT 0xa4 LED color is green Asserted 6 12 16 2015 23 10 01 CIMC Processor DDR4_P2_H3_TMP 0x 73 Limit Not Exceeded Asserted 7 12 16 2015 23 10 01 CIMC Plat...

Page 328: ...mand Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command displays actual boot order information for all servers Example This example shows how to display the actual boot order of all servers firepower show server actual boot order Server 1 1 Last Update 2017 07 19T17 43 14 982 LocalStorageAny 1 Not found Please verify presence of...

Page 329: ...rver_id are available with this option status Optional Displays information about network adapters in a particular server specified using its dynamic universally unique identifier UUID entered in the form NNNNNNNN NNNN NNNN NNNN NNNNNNNNNNNN The keyword detail is available with this option uuid dynamic_uuid Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usa...

Page 330: ... 1 11 00 15 A5 00 01 0C 1 12 00 15 A5 00 00 EF 1 13 00 15 A5 00 01 1F 1 14 00 15 A5 00 00 1F 1 15 00 15 A5 00 00 3F Ext Interface Adapter Interface Mac 1 1 BA DB AD BA D6 08 1 5 BA DB AD BA D6 09 Adapter 2 Product Name Cisco Firepower 9000 series MEZZ Adapter remaining lines removed for brevity firepower Related Commands Description Command Enters adapter mode scope adapter Cisco Firepower 4100 93...

Page 331: ...he form NNNNNNNN NNNN NNNN NNNN NNNNNNNNNNNN uuid dynamic_uuid Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default this commands lists the service profile associations on each server Example This example shows how to display service profiles associated with the system servers FP9300 A show server assoc Server Association Service Profi...

Page 332: ... Release Command added 1 1 1 Usage Guidelines By default this commands lists the BIOS information for each server Example This example shows how to display detailed BIOS firmware information for all servers FP9300 A show server bios detail Server 1 1 Model FPR9K SM 24 Revision 0 Serial Vendor Cisco Systems Inc Running Vers FXOSSM1 1 2 1 3 031420161207 Package Vers 2 0 1 135 Init Sequence 0x0a 0x0a...

Page 333: ...Related Commands Description Command Shows current server software versions and status information show server version Cisco Firepower 4100 9300 FXOS Command Reference 331 S Commands show server bios ...

Page 334: ...NNNN NNNNNNNNNNNN The keyword detail is available with this option uuid dynamic_uuid Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command displays boot order information for all servers Example This example shows how to display the boot order of all servers FP9300 A show server boot order Boot Definition Full Name sys chas...

Page 335: ...ocal Any remaining lines removed for brevity FP9300 A Related Commands Description Command Shows actual server boot order show server actual boot order Cisco Firepower 4100 9300 FXOS Command Reference 333 S Commands show server boot order ...

Page 336: ...ed in the form NNNNNNNN NNNN NNNN NNNN NNNNNNNNNNNN The keyword detail is available with this option uuid dynamic_uuid Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command displays CPU information for all servers Example This example shows how to display information about the CPUs in server 1 in chassis 1 FP9300 A show ser...

Page 337: ...Modification Release Command added 1 1 1 Example This example shows how to display a list of decommissioned servers FP9300 A show server decommissioned Vendor Model Serial SN Server Cisco Systems Inc R210 2121605W QCI1442AHFX 2 FP9300 A Related Commands Description Command Displays information about the servers installed in this device show server inventory Cisco Firepower 4100 9300 FXOS Command R...

Page 338: ...us information in list form detail Optional Displays expanded status information including adapter motherboard memory array DIMM and CPU information The detail keyword is also available expand Optional Lists status information for servers motherboards memory arrays and DIMMs The keywords adapter board cpu and detail are also available memory Optional Displays status information for a particular se...

Page 339: ...Thermal Status N A Voltage Status N A Server 1 2 Overall Status Ok Operability Operable Oper Power On Adapter 1 Threshold Status N A Overall Status Operable Operability Operable remaining lines removed for brevity FP9300 A Related Commands Description Command Shows information about the systems configured on this device show system Cisco Firepower 4100 9300 FXOS Command Reference 337 S Commands sh...

Page 340: ...able cimc Optional Displays detailed firmware and status information in list form detail Optional Displays version and status information for installed Security Services Processors SSPs operating systems The keyword detail is also available fxos Optional Lists version and status information for local disk and RAID controllers The keyword detail is also available storage Optional Displays firmware ...

Page 341: ...ers Activate Status Ready Local Disk 2 Running Vers EM14 Package Vers Activate Status Ready Local Disk 1 Running Vers EM14 Package Vers Activate Status Ready Local Disk 2 Running Vers EM14 Package Vers Activate Status Ready FP9300 A Related Commands Description Command Enters firmware mode scope firmware Cisco Firepower 4100 9300 FXOS Command Reference 339 S Commands show server firmware ...

Page 342: ... identifying information for each server Example This example shows how to display identity information about server 2 in chassis 1 FP9300 A show server identity 1 2 Server 1 2 Burned In UUID b3fd461c b1c7 437b ab08 c5cb28a84132 Dynamic UUID b3fd461c b1c7 437b ab08 c5cb28a84132 Eth Interface Adapter Interface Dynamic MAC Address 1 1 00 15 A5 01 02 00 1 2 00 15 A5 00 00 7D 1 3 B0 AA 77 2F F0 CD 1 4...

Page 343: ...5 A5 00 00 4E 2 13 00 15 A5 00 00 7E Ext Interface Adapter Interface Mac 1 1 B0 AA 77 21 19 1E 1 5 B0 AA 77 21 19 1F 2 1 B0 AA 77 21 19 42 2 5 B0 AA 77 21 19 43 FP9300 A Related Commands Description Command Enters server mode scope server Cisco Firepower 4100 9300 FXOS Command Reference 341 S Commands show server identity ...

Page 344: ... keyword board Optional Displays server information along with CPU information The keywords adapter bios board detail memory mgmt and storage are also available with this keyword cpu Optional Displays detailed inventory information for each server detail Optional Displays expanded system information for each server The keyword detail is also available expand Optional Displays server information al...

Page 345: ...show server inventory Server Equipped PID Equipped VID Equipped Serial SN Slot S tatus Ackd Memory MB Ackd Cores 1 1 FPR9K SM 24 V01 FLM1949C6J5 Equipp ed 262144 24 1 2 FPR9K SM 24 V01 FLM1949C6J1 Equipp ed 262144 24 1 3 Empty FP9300 A Related Commands Description Command Shows current server status information show server environment Cisco Firepower 4100 9300 FXOS Command Reference 343 S Commands...

Page 346: ...NNNNN NNNN NNNN NNNN NNNNNNNNNNNN uuid dynamic_uuid Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command lists memory information for each server Example This example shows how to display detailed memory information FP9300 A show server memory detail Server 1 1 Array 1 CPU ID 1 Current Capacity MB 262144 Error Correction U...

Page 347: ...cation A3 Presence Missing Overall Status Removed Visibility No Vendor Vendor Part Number Vendor Serial SN HW Revision 0 Form Factor Undisc Type Undisc Capacity MB Unknown Clock Unknown Latency Unknown Width Unknown remaining lines removed for brevity FP9300 A Related Commands Description Command Shows identity information for a servers adapters and interfaces show server identity Cisco Firepower ...

Page 348: ...amic universally unique identifier UUID entered in the form NNNNNNNN NNNN NNNN NNNN NNNNNNNNNNNN uuid dynamic_uuid Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default the command lists status information for all servers Example This example shows how to display status information for a specific server using the chassis and blade IDs F...

Page 349: ...Command Modes Any command mode Command History Modification Release Command added 1 1 1 Usage Guidelines By default this command lists storage information for each server Example This example shows how to display basic storage information FP9300 A show server storage Server 1 1 RAID Controller 1 Type SAS Vendor Cisco Systems Inc Model UCSB MRAID12G Serial LSV194501YW HW Revision C0 PCI Addr 01 00 ...

Page 350: ...AG800100 HW Rev 0 remaining lines removed for brevity FP9300 A Related Commands Description Command Shows information about the servers installed in this device show server inventory Cisco Firepower 4100 9300 FXOS Command Reference 348 S Commands show server storage ...

Page 351: ...Optional Displays detailed firmware and status information in list form detail Optional Displays version and status information for installed Security Services Processors SSPs operating systems The keyword detail is also available fxos Optional Lists version and status information for local disk and RAID controllers The keyword detail is also available storage Optional Displays firmware and status...

Page 352: ...Status Ready Local Disk 2 Running Vers EM14 Package Vers Activate Status Ready Local Disk 1 Running Vers EM14 Package Vers Activate Status Ready Local Disk 2 Running Vers EM14 Package Vers Activate Status Ready FP9300 A Related Commands Description Command Shows server firmware versions and status show server firmware Cisco Firepower 4100 9300 FXOS Command Reference 350 S Commands show server vers...

Page 353: ...ciation information for the specified UUID assoc Displays network circuit information for the service profiles The following optional keywords are available detail Displays detailed network circuit information for the service profiles name name Displays network circuit information for the specified service profile org org_name Displays service profile circuit information for the specified organiza...

Page 354: ...ified organization server id server_id Displays service profile identity information for the specified server id is a value between 1 and 255 server_id is specified as chassis number blade number uuid derived dynamic_uuid Displays service profile identity information for the specified UUID entered in the form NNNNNNNN NNNN NNNN NNNN NNNNNNNNNNNN identity Cisco Firepower 4100 9300 FXOS Command Refe...

Page 355: ...isplays server and DIMM information associated with the service profiles mgmt Displays server configuration information associated with the service profiles name name Displays inventory information for the specified service profile org org_name Displays service profile inventory information for the specified organization server id server_id Displays service profile inventory information for the sp...

Page 356: ...le detail Displays detailed status information for the service profiles expand Displays expanded status information for the service profiles name name Displays status information for the specified service profile org org_name Displays service profile status information for the specified organization power Displays server power and status information for the service profiles server id server_id Dis...

Page 357: ...nt Assigned Association Associated Power State On Op State Ok Oper Qualifier N A Conf State Applied Config Qual Deprecated N A Server Config Issues N A Network Config Issues N A Storage Config Issues N A vNIC Config Issues N A iSCSI Config Issues N A Current Task Server 1 1 Overall Status Ok Operability Operable Oper Power On Motherboard Threshold Status OK Overall Status N A Operability N A Oper ...

Page 358: ...Related Commands Description Command Enters service profile mode scope service profile Cisco Firepower 4100 9300 FXOS Command Reference 356 S Commands show service profile ...

Page 359: ... scope system FP9300 A system scope services FP9300 A system services show ssh server Name ssh Admin State Enabled Port 22 Kex algorithm diffie hellman group14 sha1 Mac algorithm hmac sha1 hmac sha2 256 hmac sha2 512 Encrypt algorithm aes128 ctr aes192 ctr aes256 ctr 3des cbc aes128 cbc aes192 cbc aes256 cbc Authentication algorithm Rsa Host Key Size 2048 Rekey Limit Volume None Time None FP9300 A...

Page 360: ...y Modification Release Command added 1 1 1 Usage Guidelines Use this command to display IPSec statistics Example This example shows how to display IPSec connection information for a specified connection FP9300 A scope security FP9300 A security scope ipsec FP9300 A security ipsec show stats Ipsec Stats Stats Type Status Stats Data Status of IKE charon daemon strongSwan 5 3 5 Linux 3 14 39ltsi i686...

Page 361: ...s 0 up 0 connecting none Time Stamp 2018 07 11T17 20 17 542 FP9300 A security ipsec Related Commands Description Command Shows configuration information for the current IPSec connections show connection Shows IPSec connection logs show ipsec log Cisco Firepower 4100 9300 FXOS Command Reference 359 S Commands show stats ...

Page 362: ...nk scope fabric a firepower eth uplink fabric enter interface ethernet1 8 firepower eth uplink fabric interface show subinterface Sub Interface Sub If Id Sub Interface Name VLAN Port Type 100 Ethernet1 5 100 100 Data The following is sample output from the show subinterface detail command firepower scope eth uplink firepower eth uplink scope fabric a firepower eth uplink fabric enter interface eth...

Page 363: ...Description Command Enters the physical interface object scope interface Sets the interface type set port type Cisco Firepower 4100 9300 FXOS Command Reference 361 S Commands show subinterface ...

Page 364: ...GA version information Example This example shows how to display detailed supervisor firmware information for all servers FP9300 A chassis show sup version detail SUP FIRMWARE ROMMON Running Vers 1 0 11 Package Vers 1 0 11 Activate Status Ready Upgrade Status SUCCESS FPGA Running Vers 1 05 Package Vers 1 0 11 Activate Status Ready FP9300 A chassis Related Commands Description Command Shows current...

Page 365: ...idelines By default this command displays name mode and IP addresses for each configured system Example This example shows how to display expanded system version information FP9300 A show system version expand FPRM Running Vers 4 2 1 62 Package Vers 2 2 1 63 Activate Status Ready Catalog Running Vers 4 2 1 62 T Package Vers 2 2 1 63 Activate Status Ready Management Extension Running Vers 2 2 1 8 P...

Page 366: ...1 Running Vers 4 0 1 57 Package Vers 2 2 1 63 Update Status Ready Activate Status Ready Adapter 2 Running Vers 4 0 1 57 remaining lines removed for brevity FP9300 A Related Commands Description Command Enters system mode scope system Cisco Firepower 4100 9300 FXOS Command Reference 364 S Commands show system ...

Page 367: ...keyword to save detailed troubleshooting information to a file in the techsupport directory on the device If you do not enter either keyword the brief output is displayed on your terminal screen chassis chassis_ID brief detail Collects Firepower Platform Management troubleshooting data the following options are available brief Use this keyword to list a condensed set of troubleshooting information...

Page 368: ...and command output for transmission to Cisco Technical Assistance this data is used to determine the status of the device hardware and software Use the copy command in local management mode to transfer a troubleshooting file to another device or location In module mode this command simply lists the collected troubleshooting information for the specified module on your terminal Note Examples This e...

Page 369: ...repower local mgmt This example shows how to save a file of troubleshooting information for the Firepower Platform Management system and confirm its location on the device firepower connect local mgmt firepower local mgmt show tech support fprm detail Initiating tech support information task on FABRIC A Completed initiating tech support subsystem tasks Total 1 All tech support subsystem tasks are ...

Page 370: ...mmand Modes Any command mode Command History Modification Release Command added 1 1 1 Example This example shows how to display the current time zone FP9300 A show timezone Timezone America Chicago FP9300 A Related Commands Description Command Sets the time zone for the device set timezone Cisco Firepower 4100 9300 FXOS Command Reference 368 S Commands show timezone ...

Page 371: ...ult BEGIN CERTIFICATE MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1O...

Page 372: ...gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK WE9gyn6CagsCqiUXObXbf eEZSqVir2G3l6BFoMtEMze aiCKm0oHw0LxOXnGiYZ 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N hnacRHr2lVz2XTIIM6RUthg aFzyQkqFOFSDX9HoLPKsEdao7WNq END CERTIFICATE Valid FP9300 A security Description Command Enters a list or chain of certificates for a trustpoint set certchain Sets the certificate trustpoint for a keyring set ...

Page 373: ...on the show validate task command lists information for every firmware image on the appliance You can use this command or the show validation package command to determine the desired package version number Example This example shows how to show validation history for a specific firmware package FP9300 A scope firmware FP9300 A firmware show validate task 2 3 1 51 Validate task Pack Name fxos k9 bu...

Page 374: ...mand Downloads an FXOS software image to the Firepower 4100 9300 chassis download image Verifies the integrity of a downloaded FXOS platform bundle verify platform pack Cisco Firepower 4100 9300 FXOS Command Reference 372 S Commands show validate task ...

Page 375: ...rver mode boardcontroller Optional Show CIMC version and status information for the connected server This keyword is available only in server mode cimc Optional Show additional verison information detail Optional Show SSP operating system version information for the connected server This keyword is available only in server mode fxos Optional Show only package verison information This keyword is av...

Page 376: ...3 N2 4 31 60 Startup Sys Vers 5 0 3 N2 4 31 60 Act Kern Status Ready Act Sys Status Ready Bootloader Vers FP9300 A fabric interconnect This example shows how to display chassis component version information FP9300 A scope chassis 1 FP9300 A chassis show version detail Chassis 1 Server 1 CIMC Running Vers 3 1 23a Package Vers 2 3 1 51 Update Status Ready Activate Status Ready Adapter 1 Running Vers...

Page 377: ...k 1 Running Vers EM14 Package Vers Activate Status Ready Local Disk 2 Running Vers EM14 Package Vers Activate Status Ready Server 2 CIMC Running Vers 3 1 23a Package Vers 2 3 1 51 Update Status Ready Activate Status Ready remaining lines removed for brevity FP9300 A chassis Related Commands Description Command Shows current server software versions and status information show server version Cisco ...

Page 378: ...s command is obsolete in local management mode use shutdown in chassis mode Example This example shows how to enter chassis mode and shut the system down FP9300 A scope chassis 1 FP9300 A chassis shutdown This command will shutdown the chassis when committed FP9300 A chassis commit buffer Starting chassis shutdown Monitor progress with the command show fsm status System is safe to power off after ...

Page 379: ...P A R T III T W Commands T W Commands on page 379 ...

Page 380: ......

Page 381: ...age 380 top on page 381 traceroute connect local mgmt on page 382 traceroute6 connect local mgmt on page 383 up on page 384 verify platform pack on page 385 where on page 387 Cisco Firepower 4100 9300 FXOS Command Reference 379 ...

Page 382: ...y command mode Command History Modification Release Command added 1 1 1 Usage Guidelines Use this command to set the number of lines and the number of characters per line to be displayed in the terminal window Example This example shows how to set the number of lines displayed in the terminal window to 12 FP9300 A terminal length 12 FP9300 A commit buffer FP9300 A Related Commands Description Comm...

Page 383: ...words Command Modes Any command mode Command History Modification Release Command added 1 1 1 Example This example shows how to enter root from any mode FP9300 A system services top FP9300 A Related Commands Description Command Moves up one mode up Cisco Firepower 4100 9300 FXOS Command Reference 381 T W Commands top ...

Page 384: ...you do not specify the source IP address to be included in the packet headers the management port address is used Example This example shows how to connect to the local management CLI and then trace the route to another device on the network firepower connect local mgmt firepower local mgmt traceroute 198 51 100 10 traceroute to 198 51 100 10 198 51 100 10 30 hops max 40 byte packets 1 198 51 100 ...

Page 385: ...ost If you do not specify the source IP address to be included in the packet headers the management port address is used Example This example shows how to connect to the local management CLI and then trace the route to another device on the network firepower connect local mgmt firepower local mgmt traceroute 2001 DB8 1 1 traceroute to 2001 DB8 1 1 2001 DB8 1 1 30 hops max 40 byte packets 1 2001 DB...

Page 386: ...ease Command added 1 1 1 Example This example shows how to move up one mode FP9300 A org service profile up FP9300 A org Related Commands Description Command Exits the current CLI session and disconnects from the device or exits from a connected object mode and returns to the root EXEC level exit Enters root EXEC from any mode top Cisco Firepower 4100 9300 FXOS Command Reference 384 T W Commands u...

Page 387: ... the command multiple times Example This example shows how to verify a specific platform package FP9300 A scope firmware FP9300 A firmware show validation package Firmware Package 2 2 2 19 Validation Time Stamp 2017 10 26T14 34 24 925 Pack Name fxos k9 2 2 2 19 SPA Validation State None Overall Status Code Ok Firmware Package 2 3 1 51 Validation Time Stamp 2017 10 25T16 53 30 914 Pack Name fxos k9...

Page 388: ...wnloads an FXOS software image to the Firepower 4100 9300 chassis download image Displays the status of the image verification process show validate task Cisco Firepower 4100 9300 FXOS Command Reference 386 T W Commands verify platform pack ...

Page 389: ...Command added 1 1 1 Example This example shows how to determine where you are in the CLI FP9300 A org service profile where Mode org service profile Mode Data scope org enter org org10 enter service profile sp10 instance FP9300 A org service profile Related Commands Description Command Moves to top EXEC level from any mode top Moves up one mode up Cisco Firepower 4100 9300 FXOS Command Reference 3...

Page 390: ...Cisco Firepower 4100 9300 FXOS Command Reference 388 T W Commands where ...

Page 391: ...P A R T IV connect shell Commands connect shell Commands on page 391 ...

Page 392: ......

Page 393: ...r Command List on page 392 connect cimc Command List on page 394 connect fxos Command List on page 396 connect local mgmt Command List on page 409 connect module Command List on page 414 Cisco Firepower 4100 9300 FXOS Command Reference 391 ...

Page 394: ...his shell history Shows firmware versions on the adapter show fwlist Show adapter identity show identity Show adapter phy info show phyinfo Show adapter status show systemstatus The following commands are available in the debug subshell accessed by entering the connect command in the adapterʼs primary command shell Table 6 Commands Available in the Adapter Debug Subshell Additional Information Com...

Page 395: ...e FLS Subshell Additional Information Command Dumps the contents of the last firmware request d Exits from the FLS subshell exit Retrieves active fcpu exchanges fwactive Retrieves fcpu cq information fwcqs Retrieves fcpu exchange data fwexch Retrieves fcpu lif data fwlif Retrieves fcpu vnic data fwvnic Lists available commands help Shows command history history Shows lif information lif Shows logi...

Page 396: ...Mild Fault AMBER ON 4 Severe Fault AMBER BLINK alarms Lists the Core Dump Directory cores Exits from the CIMC subshell exit Lists all field replaceable unit FRU device information fru Entering just the command help lists all available commands Entering help cmd_name or cmd_name shows help information for the specfied command help COMMAND Displays I2 C controller register information driver counter...

Page 397: ...emp fault pres led all Dump all Sensors default power Dump only Power Sensors temp Dump only Temprature Sensors fault Dump only Fault Sensors pres Dump only Presence Sensors led Dump only LED Sensors sensors Show the Blade SEL Information system event log sel Cisco CIMC Interactive Debug This command performs interactive debug authentication with the aid of the user and Cisco support personnel sld...

Page 398: ...nformation mac MAC clear CLI commands var Define a variable cli Debugging functions see following table debug Enable filtering for debugging functions ip IP events ipv6 IPv6 events pktmgr Pm debug filter routing Routing events debug filter Configure Cisco packet analyzer local Start local capture of frames to Sup ethanalyzer Negate a command or set its defaults debug Debugging functions debug filt...

Page 399: ...Disable all debugging icmpv6 ICMPv6 debug commands ip IP events ipv6 IPv6 events l2 Layer2 l3vm Debug L3VM information pktmgr Packet manager debug tunnel information rpm Route Policy Manager RPM sockets Sockets system Enable debugging of system components undebug Go to exec mode end Exit from command interpreter exit Pop mode from stack or restore from name name Name optional pop Push current mode...

Page 400: ...0 Debug Show and Terminal Commands Available in the FXOS Command Shell Additional Information Command debug Cisco Firepower 4100 9300 FXOS Command Reference 398 connect shell Commands connect fxos Command List ...

Page 401: ... clk_mgr Configure clk_mgr debug copp Configure copp debug core Configure core daemon debugging csm Enable csm debugs device alias Configure debugs for Device Alias Distribution Service dstats Configure delta statistics debugging eltm Configure eltm debug ethpc Configure ethpc debug ethpm Configure ethpm debug evmc Event manager client debugs fc mac Debug fcp information fc2 Configure FC2 debuggin...

Page 402: ...bug ipqos Configure IP QoS Manager debug ipv6 IPv6 events klm Debug kernel loadable module parameters l2 Layer2 l3vm Debug L3VM information lacp Configure lacp debug ldap Configure debugging for ldap ledmgr Configure LED manager debugging license Enable debugging for Licensing lldp Configure lldp debug logfile Direct debug output to logfile logging Configure logging or syslogd debug m2rib Configur...

Page 403: ...ing port channel Configure port channel debug port profile Enable port profile manager debugs port resources Configure prm debug port security Port security related command private vlan Configure debug flags for private VLAN process sap SAP of the process to be debugged provision Configure provision debug psshelper Psshelper debug psshelper_gsvc Psshelper debug ptplc Configure ptplc debug qd Show ...

Page 404: ...tem Debug system tacacs Configure debugging for TACACS track Configure track debug transceiver FC transceiver debug commands tunnel Configure tunnel debug udld Configure udld debug ufdm Configure ufdm debug vim Configure vim debug vlan Configure debug flags for vlan manager vmm Configure vmm debug vms Configure vms debug vsan Enable VSAN manager debugging willesden Configure willesden debugging ww...

Page 405: ...Additional Information Command show Cisco Firepower 4100 9300 FXOS Command Reference 403 connect shell Commands connect fxos Command List ...

Page 406: ...ug flags device alias Show information about Device Alias Distribution Service diagnostic Diagnostic commands ecmp groups Display all ECMP groups environment System environment information fc2 Show fc2 tables and statistics fc2d Show information about fc2d fcalias Fcalias show commands fcdomain Show fcdomain information fcdroplatency Show switch or network latency fcflow Show fcflow information fc...

Page 407: ...on l2 class id L2 class ID allocation l2 table Display all L2 entries lacp Show LACP information ldap server Show LDAP configuration information line Show the line configuration lldp Show information about lldp loadbalancing Show unicast loadbalancing of a certain flow or exchange locator led Display locator led status on the device logging Show logging configuration and contents of logfile mac MA...

Page 408: ...ng configuration san port channel Show port channel information scsi target Show discovered scsi target information snmp Show snmp information sprom SPROM contents ssh Show SSH information startup config Current startup configuration svs Show svs information switchname Show the system s hostname system System related show commands tacacs server Show TACACS configuration information tech support Ga...

Page 409: ... version vifs Virtual interfaces vlan Vlan commands vms Vms commands vmware Vmware related vrf Display VRF information vsan Show vsan information wwn Show wwn information xml XML agent zone Zone show commands zoneset Zoneset show commands Cisco Firepower 4100 9300 FXOS Command Reference 407 connect shell Commands connect fxos Command List ...

Page 410: ...y properties length Set number of lines on a screen monitor Copy Syslog output to the current terminal line no Negate a command or set its defaults output How output of show commands should be formated prompt Configure how the prompt should look like redirection mode Set the redirection mode session timeout Set session timeout sticky mode Search for the command match in current mode only terminal ...

Page 411: ...nformation Command Change current directory usbdrive File URI volatile File URI workspace File URI clear Clear managed objects sshkey Host public SSH key cd Cluster mode force Force local fabric interconnect to become primary lead Make subordinate fabric interconnect primary cluster Connect to Another CLI adapter Mezzanine Adapter cimc Cisco Integrated Management Controller fxos Connect to FXOS CL...

Page 412: ...rder files by time usbdrive Optional File URI volatile Optional File URI workspace Optional File URI dir Enable cluster mode a b c d Cluster IpV4 address ipv6 IPv6 Cluster mode enable cluster Go to exec mode end Erase configuration System configuration erase Erase the mgmt logging config file erase log config Exit from command interpreter exit FIPS compliance fault test Execute FIPS fault tests se...

Page 413: ... Optional File URI workspace Optional File URI move Move a file usbdrive Optional File URI volatile Optional File URI workspace Optional File URI mv remote_host Hostname or IP addr Min size 0 Max size 510 ping Test network reachability Test IPv6 network reachability remote_host Hostname or IP addr Min size 0 Max size 510 ping6 Print current directory pwd Reboots Fabric Interconnect reboot Check if...

Page 414: ...s Processes sel System Event Log software Software sshkey Sshkey tech support Tech Support show Shutdown shutdown SSH to another system remote_system Enter hostname or user hostname Min size 0 Max size 510 ssh tail mgmt log file module Module Name Min size 0 Max size 510 tail mgmt log Telnet to another system remote_host Hostname or IP addr Min size 0 Max size 510 telnet Set terminal line paramete...

Page 415: ...o IPv6destination remote_host Hostname or IP addr Min size 0 Max size 510 traceroute6 Verify Application Image bootflash Image File Name usbdrive Image File Name volatile Image File Name workspace Image File Name verify signature Cisco Firepower 4100 9300 FXOS Command Reference 413 connect shell Commands connect local mgmt Command List ...

Page 416: ...on about the connect module command In this shell you can perform operations on the fabric interconnect including copying files rebooting the fabric interconnect and running ping and traceroute commands Table 12 Commands Available on a Module Console Additional Information Command Enable blade secure log in secure login Cisco Firepower 4100 9300 FXOS Command Reference 414 connect shell Commands co...

Page 417: ...tes interfaces Show currently configured interfaces version Display product version netstat Show network connections vnicmap Display VNICs with Ethernet interfaces platform None memory Display the memory monitor configuration disk Display the disk monitor configuration cpu Display the CPU monitor configuration ntp Show NTP time sync information coredump Show coredump configuration maxRestart Show ...

Page 418: ... in this interval Default 1200 restartCounters To reset the restart_count coredump config coredump turboBoost config turboBoost config Terminal settings Enter terminal for options enable terminal length enable disable terminal length disable terminalLength Ping a host to check reachability host ping Look up an IP address or host name with the DNS servers host nslookup Trace the route to a remote h...

Page 419: ...g server verify verify image generate support generate command tunnel support tunnel command dplug access Enable dplug access send_diag_archiv Uploads a Default Archive to MIO send_logs Uploads select files to MIO support Test crashinfo support singleprocess Test crashinfo support with single process multiprocess Test crashinfo support with multiple processes multithread Test crashinfo support wit...

Page 420: ...Cisco Firepower 4100 9300 FXOS Command Reference 418 connect shell Commands connect module Command List ...