Cisco ASA Basic Notes – Configuration Modes

by Shabeeribm
A Cisco ASA security appliance has four main administrative access modes:

Monitor Mode:
Displays the monitor> prompt. This mode enables to update the image over the network or to perform password recovery. While in the monitor mode, you can enter commands to specify the location of a TFTP server and the location of the software image or password recovery binary image file to download. You access this mode by pressing the “Break” or “ESC” keys immediately after powering up the appliance.

Unprivileged Mode:
Displays the > prompt. This prompt will be available when you first access the appliance.In new Cisco ASA 5500 Series, the prompt is ciscoasa>
This mode provides restricted view of the security appliance. On this menu, you cannot configure anything from this mode. To get started with configuration, the first command you need to know is the enable command. Type enable and hit Enter. The initial password is empty, so hit Enter again to move on the next access mode (Privileged Mode).

ciscoasa> enable <–this is to enter to  Unprivileged Mode
password:               <– Enter a password here (initially its blank)
ciscoasa#                <– Privileged Mode

Privileged Mode:
Displays the # prompt. Enables you to change the current settings. Any unprivileged command also works in this mode. From this mode you can see the current configuration by using show running-config. Still, you cannot configure anything yet until you go to Configuration Mode.You access the Configuration Mode using the “configure terminal” command from the Privileged Mode.

Configuration Mode:
This mode displays the (config)# prompt. Enables you to change all system configuration settings. Use exit from each mode to return to the previous mode.

ciscoasa> enable <– Unprivileged Mode
password:            <– Enter a password here (initially its blank)
ciscoasa# configure terminal <– Privileged Mode
ciscoasa(config)# <– Configuration Mode
ciscoasa(config)# exit
ciscoasa# exit   <– Back to Privileged Mode
ciscoasa>  <– Back to Unprivileged Mode

The (config)# mode is usually called Global Configuration Mode. Some configuration commands from this mode enter a command-specific mode and the prompt changes accordingly. For example the interface command enters interface configuration mode as shown below:

ciscoasa(config)# interface GigabitEthernet 0/1
ciscoasa(config-if)#  <– Configure Interface specific parameters

0 comments:

Post a Comment