Major commands in ciso ASA
=========================
show firewall and show version- To see the actual software version, operational mode, HA, etc and the system time:
sh failover state
sh service-policy
sh cpu usage
sh memory
show failover history
show failover state
sh run all failover
show traffic
sh run ip address
show interface
show route
clear crypto isakmp sa --Shut down a vpn tunnel manually.
clear ipsec sa peer 2.2.2.2
clear cry ikev1 sa 2.2.2.2 --Only specific tunnel:
sh cry isakmp sa
show vpn-sessiondb l2l
show crypto ipsec sa
reload quick noconfirm ----- for restart asa
copy tftp:flash:192.168.43.157 asdm-647.bin ---Installing ASADM using GN3
For enabling HTTP
====================
ciscoasa(config)# sh run http
ciscoasa(config)# http ser
ciscoasa(config)# http server en
ciscoasa(config)# http server enable
ciscoasa(config)# http 192.168.43.0 255.255.255.0 inside
comand to give ip in VPCS in gn3
================================
PC1> ip 192.168.2.1 /24 192.168.2.2
Checking for duplicate address...
PC1 : 192.168.2.1 255.255.255.0 gateway 192.168.2.2
nameif outside
icmp permit any echo inside
icmp permit any echo-reply inside
show arp
arp -a
sh interface ip brief
copy startup-config running-config
write memory
show startup-config
=====================
Show IP nat transulation --to see all nat happend in computer
Show un -- Will get all details including nat configuration
Switch configuration and commands
================================
Hostname <host name>
no hostname
To set password for config mode
------------------------------
go to config t
enaable password <password here>
show run -- it will dispaly the password. So use secret for encrpted password
enable secret <password here> - it will encrypt the password and save
to delete password
-----------------
no enable password
using "do" command will help to run all commands in any modes
use "do" before the command
For set password for console mode
===============================
Log into swich, go to console mode
set password here and type login
line console 0 password <password here>
login
Show start-up config -- to see what are saved in NVARM
copy running-config startup-config
configuring vlan in switch
============================
config#interface vlan1
ip address 192.168.1.10 255.255.255.0
no shutdown
need to set default gateway
---------------------------
config:# ip default-gateway <ips address>
Telnet log in
---------------
Config#line vty 0 4
no log in
To set password for vty log in
==============================
config #line vty 0 1
password cisco
setting banner
==============
config#banner motd [
<message here>
[
show ip interface brief - command to see all intyerface confiuirations
terminal monitor - commmand will show detaails of the computer connected recently
config -if# switchport mode access - -- it will change the interface as access port
config-if# switchport port-security violation shutdown
config-if# switchport port-security mac address <enter mac addres of device>
config-if# switchport port-security mac address sticky --- it wil map the curret device mac address
config-if# do show mac address - it will dispay the mac adress of the device
config# show port security int f/02 -- it will dispay the port security violations
=========================
show firewall and show version- To see the actual software version, operational mode, HA, etc and the system time:
sh failover state
sh service-policy
sh cpu usage
sh memory
show failover history
show failover state
sh run all failover
show traffic
sh run ip address
show interface
show route
clear crypto isakmp sa --Shut down a vpn tunnel manually.
clear ipsec sa peer 2.2.2.2
clear cry ikev1 sa 2.2.2.2 --Only specific tunnel:
sh cry isakmp sa
show vpn-sessiondb l2l
show crypto ipsec sa
reload quick noconfirm ----- for restart asa
copy tftp:flash:192.168.43.157 asdm-647.bin ---Installing ASADM using GN3
For enabling HTTP
====================
ciscoasa(config)# sh run http
ciscoasa(config)# http ser
ciscoasa(config)# http server en
ciscoasa(config)# http server enable
ciscoasa(config)# http 192.168.43.0 255.255.255.0 inside
comand to give ip in VPCS in gn3
================================
PC1> ip 192.168.2.1 /24 192.168.2.2
Checking for duplicate address...
PC1 : 192.168.2.1 255.255.255.0 gateway 192.168.2.2
nameif outside
icmp permit any echo inside
icmp permit any echo-reply inside
show arp
arp -a
sh interface ip brief
copy startup-config running-config
write memory
show startup-config
=====================
Show IP nat transulation --to see all nat happend in computer
Show un -- Will get all details including nat configuration
Switch configuration and commands
================================
Hostname <host name>
no hostname
To set password for config mode
------------------------------
go to config t
enaable password <password here>
show run -- it will dispaly the password. So use secret for encrpted password
enable secret <password here> - it will encrypt the password and save
to delete password
-----------------
no enable password
using "do" command will help to run all commands in any modes
use "do" before the command
For set password for console mode
===============================
Log into swich, go to console mode
set password here and type login
line console 0 password <password here>
login
Show start-up config -- to see what are saved in NVARM
copy running-config startup-config
configuring vlan in switch
============================
config#interface vlan1
ip address 192.168.1.10 255.255.255.0
no shutdown
need to set default gateway
---------------------------
config:# ip default-gateway <ips address>
Telnet log in
---------------
Config#line vty 0 4
no log in
To set password for vty log in
==============================
config #line vty 0 1
password cisco
setting banner
==============
config#banner motd [
<message here>
[
show ip interface brief - command to see all intyerface confiuirations
terminal monitor - commmand will show detaails of the computer connected recently
config -if# switchport mode access - -- it will change the interface as access port
config-if# switchport port-security violation shutdown
config-if# switchport port-security mac address <enter mac addres of device>
config-if# switchport port-security mac address sticky --- it wil map the curret device mac address
config-if# do show mac address - it will dispay the mac adress of the device
config# show port security int f/02 -- it will dispay the port security violations
