Using the Command-Line Interface
This chapter describes how to access and use the product’s command-line interface (CLI).
Connecting to the CLI
This section assumes you have already performed the initial setup of the appliance using the configuration wizard. For detailed information, see the installation guide for the system.
To connect to the CLI
1. You can connect to the CLI using a computer with an SSH client connected to the primary port.
2. At the system prompt, enter ssh admin@<host>.<domain> if the appliance resolves to your local DNS; otherwise, enter ssh admin@<ip-address>.
3. When prompted, enter the administrator password. This is the password you set during the initial configuration process.
You can also log in as a monitor user. Monitor users cannot make configuration changes to the system. Monitor users can view statistics and system logs.
Overview of the CLI
The CLI has the following modes:
• User—When you start a CLI session, you begin in user mode. From user mode you can run common network tests such as ping and view network configuration settings and statistics. You do not enter a command to enter user mode. To exit this mode, enter the exit command at the system prompt.
• Enable—To access system monitoring commands, you must enter enable mode. From enable mode, you can enter any enable mode command or enter configuration mode. You must be an administrator user to enter enable mode. In enable mode you can perform basic system administration tasks, such as restarting and rebooting the system. To exit this mode, enter the disable command at the command line.
You cannot enter enable mode if you are a monitor user.
• Configuration—To make changes to the running configuration, you must enter configuration mode. To save configuration changes to memory, you must enter the write memory command. To enter configuration mode, you must first be in enable mode. To exit this mode, enter the exit command at the system prompt.
The commands available to you depend on which mode you are in. Entering a question mark (?) at the system prompt provides a list of commands for each command mode.
Mode | Access Method | System Prompt | Exit Method | Description |
|---|
user | Each CLI session begins in user mode. | host > | exit | • Perform common network tests, such as ping. • Display system settings and statistics. |
enable | Enter the enable command at the system prompt while in user mode. | host # | disable | • Perform basic system administration tasks, such as restarting and rebooting the system. • Display system data and statistics. • Perform all user mode commands. |
configuration | Enter the configure terminal command at the system prompt while in enable mode. | host (config) # | exit | • Configure system parameters. • Perform all user and enable mode commands. |
Entering commands
The CLI accepts abbreviations for commands. The following example is the abbreviation for the configure terminal command:
amnesiac # config t
You can press the tab key to complete a CLI command automatically.
Accessing online help
At the system prompt, type the full or partial command string followed by a question mark (?). The CLI displays the command keywords or variables for the command and a short description. You can display help information for each keyword by typing the command, followed by the keyword, followed by a question mark.
To access online help
At the system prompt enter the following command:
amnesiac (config) # show ?
To display help for additional parameters, enter the command and keyword:
amnesiac (config) # access ?
enable Enable secure network access
inbound Secure access inbound configuration
amnesiac (config) # access inbound ?
rule Secure access inbound rule configuration
amnesiac (config) # access inbound rule ?
add Add a secure network access rule
edit Edit a secure network access rule
move Move a secure network access rule
Error messages
If at any time the system does not recognize the command or parameter, it displays the following message:
amnesiac (config) # logging files enable
% Unrecognized command “enable”.
Type “logging files?” for help.
If a command is incomplete, the following message is displayed:
amnesiac (config) # logging
% Incomplete command.
Type “logging?” for help.
Command negation
You can type no before many of the commands to negate the syntax. Depending on the command or the parameters, command negation disables the feature or returns the parameter to the default value.
Running the configuration wizard
You can restart the configuration wizard so that you can change your initial configuration parameters.
To restart the configuration wizard
Enter the following set of commands at the system prompt:
enable
configure terminal
configuration jump-start
Saving configuration changes
The show configuration running command displays the current configuration of the system. When you make a configuration change to the system, the change becomes part of the running configuration.
The change does not automatically become part of the configuration file in memory until you write the file to memory. If you do not save your changes to memory, they are lost when the system restarts.
To save all configuration changes to memory, you must enter the write memory command while in configuration mode.