-
Cisco Security Appliance Command Reference, Version 7.1
-
About this Guide
-
Using the Command Line Interface
-
aaa accounting through accounting-server-group
-
acl-netmask-convert through auto-update timeout Commands
-
backup-servers through browse networks Commands
-
cache through clear compression Commands
-
clear configure through clear configure vpn-load-balancing Commands
-
clear console-output through clear xlate Commands
-
client-access-rule through crl-configure Commands
-
crypto ca authenticate through customization Commands
-
debug aaa through debug xdmcp Commands
-
default through duplex Commands
-
email through functions Commands
-
gateway through hw-module module shutdown Commands
-
icmp through imap4s Commands
-
inspect ctiqbe through inspect xdmcp Commands
-
interface-dhcp through issuer-name Commands
-
join-failover-group through kill Commands
-
ldap-attribute-map through log-adj-changes Commands
-
logging asdm through logout message Commands
-
mac-address through multicast-routing Commands
-
name through override-account-disable Commands
-
page style through pwd Commands
-
queue-limit through routerospf Commands
-
same-security-traffic through show asdm sessions Commands
-
show asp drop through show curpriv Commands
-
show debug through show ipv6 traffic Commands
-
show isakmp sa through show route Commands
-
show running-config through show running-config isakmp Commands
-
show running-config ldap through show running-config webvpn auto-signon Commands
-
show service-policy through show webvpn svc Commands
-
shun through sysopt uauth allow-http-cache Commands
-
tcp-map through tx-ring-limit Commands
-
urgent-flag through write terminal Commands
-
Feedback
Table Of Contents
backup-servers through browse-networks Commands
backup-servers through browse-networks Commands
backup-servers
To configure backup servers, use the backup-servers command in group-policy configuration mode. To remove a backup server, use the no form of this command. To remove the backup-servers attribute from the running configuration, use the no form of this command without arguments. This enables inheritance of a value for backup-servers from another group policy.
IPSec backup servers let a VPN client connect to the central site when the primary security appliance is unavailable. When you configure backup servers, the security appliance pushes the server list to the client as the IPSec tunnel is established.
backup-servers {server1 server2. . . . server10 | clear-client-config | keep-client-config}
no backup-servers [server1 server2. . . . server10 | clear-client-config | keep-client-config]
Syntax Description
Defaults
Backup servers do not exist until you configure them, either on the client or on the primary security appliance.
Command Modes
The following table shows the modes in which you can enter the command:
Group-policy
•
—
•
—
—
Command History
Usage Guidelines
Configure backup servers either on the client or on the primary security appliance. If you configure backup servers on the security appliance, it pushes the backup server policy to the clients in the group, replacing the backup server list on the client if one is configured.
Note
Examples
The following example shows how to configure backup servers with IP addresses 10.10.10.1 and 192.168.10.14, for the group policy named "FirstGroup":
hostname(config)#group-policy FirstGroup attributeshostname(config-group-policy)#backup-servers 10.10.10.1 192.168.10.14banner
To configure the session, login, or message-of-the-day banner, use the banner command in global configuration mode. The no banner command removes all lines from the banner keyword specified (exec, login, or motd).
banner {exec | login | motd text}
[no] banner {exec | login | motd [text]}
Syntax Description
Defaults
The default is no login, session, or message-of-the-day banner.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
•
Command History
Usage Guidelines
The banner command configures a banner to display for the keyword specified. The text string consists of all characters following the first white space (space) until the end of the line (carriage return or line feed [LF]). Spaces in the text are preserved. However, you cannot enter tabs through the CLI.
Subsequent text entries are added to the end of an existing banner unless the banner is cleared first.
Note
Multiple lines in a banner are handled by entering a new banner command for each line that you wish to add. Each line is then appended to the end of the existing banner. There is no limit on the length of a banner other than RAM and Flash limits.
When accessing the security appliance through Telnet or SSH, the session closes if there is not enough system memory available to process the banner messages or if a TCP write error occurs. Only the exec and motd banners support access to the security appliance through SSH. The login banner does not support SSH.
To replace a banner, use the no banner command before adding the new lines.
Use the no banner {exec | login | motd} command to remove all the lines for the banner keyword specified.
The no banner command does not selectively delete text strings, so any text that you enter at the end of the no banner command is ignored.
Examples
This example shows how to configure the exec, login, and motd banners:
hostname(config)# banner motd Think on These Thingshostname(config)# banner exec Enter your password carefullyhostname(config)# banner login Enter your password to log inhostname(config)# show running-config bannerexec:Enter your password carefullylogin:Enter your password to log inmotd:Think on These ThingsThis example shows how to add a second line to the motd banner:
hostname(config)# banner motd and Enjoy Todayhostname(config)# show running-config banner motdThink on These Things and Enjoy TodayRelated Commands
clear configure banner
Removes all banners.
show running-config banner
Displays all banners.
banner (group-policy)
To display a banner, or welcome text, on remote clients when they connect, use the banner command in group-policy configuration mode. To delete a banner, use the no form of this command. This option allows inheritance of a banner from another group policy. To prevent inheriting a banner, use the banner none command.
banner {value banner_string | none}
no banner
Note
Syntax Description
Defaults
There is no default banner.
Command Modes
The following table shows the modes in which you can enter the command:
Group-policy
•
—
•
—
—
Command History
Examples
The following example shows how to create a banner for the group policy named "FirstGroup":
hostname(config)# group-policy FirstGroup attributeshostname(config-group-policy)# banner value Welcome to Cisco Systems 7.0(1).blocks
To allocate additional memory to block diagnostics (displayed by the show blocks command), use the blocks command in privileged EXEC mode. To set the value back to the default, use the no form of this command. The amount of memory allocated will be at most 150 KB but never more than 50% of free memory. Optionally, you can specify the memory size manually.
blocks queue history enable [memory_size]
no blocks queue history enable [memory_size]
Syntax Description
Defaults
The default memory assigned to track block diagnostics is 2136 Bytes.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
—
•
Command History
Usage Guidelines
To view the currently allocated memory, enter the show blocks queue history command.
If you reload the security appliance, the memory allocation returns to the default.
Examples
The following example increases the memory size for block diagnostics:
hostname# blocks queue history enableThe following example increases the memory size to 3000 Bytes:
hostname# blocks queue history enable 3000The following example attempts to increase the memory size to 3000 Bytes, but the value is more than free memory:
hostname# blocks queue history enable 3000ERROR: memory size exceeds current free memoryThe following example increases the memory size to 3000 Bytes, but the value is more than 50% of free memory:
hostname# blocks queue history enable 3000WARNING: memory size exceeds 50% of current free memoryRelated Commands
clear blocks
Clears the system buffer statistics.
show blocks
Shows the system buffer utilization.
boot
To specify which system image the system will use at next reload and which configuration file the system will use at startup, use the boot command in privileged EXEC mode. Use the no form of this command to restore the default value.
boot {config | system} url
no boot {config | system} url
Syntax Description
Defaults
If the boot config command is not specified, the startup-config will be saved to a hidden location, and used only with commands that utilize it, such as the show startup-config command and the copy startup-config command.
For the boot system command, there are no defaults. If the BOOT environment variable is not configured, the system searches only the internal Flash for the first valid image to boot. If no valid image is found no system image will be loaded, and the system will boot loop until ROMMON or Monitor mode is broken into.
You can enter up to four boot system command entries, to specify different images to boot from in order, and the security appliance will boot the first valid image it finds.
Note
The following table shows the modes in which you can enter the command
Privileged EXEC
•
•
•
—
—
.
Command History
Usage Guidelines
You set the CONFIG_FILE environment variable in the current running memory when you use the boot config command. This variable specifies which configuration file to load when the system boots.
Note
When you use this global configuration command, you affect only the running configuration. Use the write memory or copy command to save the environment variable from your running configuration to your startup configuration. Note that saving the running configuration to the startup configuration will also overwrite the configured file with the running configuration, so change this variable and execute the write memory command before copying the new configuration file to the configured name.
The system stores and executes the boot system commands in the order in which you enter them in the configuration file. To execute the configuration when the reloads use the write memory command or copy command to save the environment variable from your running configuration to your startup configuration.
Tip
Examples
The following example specifies that at startup the security appliance should load a configuration file called configuration.txt:
hostname(config)# boot config configuration.txtRelated Commands
Specifies the ASDM software image.
Displays boot file and configuration properties.
border style
To customize the border of the WebVPN Home page that is displayed to authenticated WebVPN users, use the border style command from webvpn customization mode:
border style value
[no] border style value
To remove the command from the configuration and cause the value to be inherited, use the no form of the command.
Syntax Description
Defaults
The default style of the border is background-color:#669999;color:white.
Command Modes
The following table shows the modes in which you can enter the command:
Webvpn customization
•
—
•
—
—
Command History
Usage Guidelines
The style option is expressed as any valid Cascading Style Sheet (CSS) parameters. Describing these parameters is beyond the scope of this document. For more information about CSS parameters, consult CSS specifications at the World Wide Web Consortium (W3C) website at www.w3.org. Appendix F of the CSS 2.1 Specification contains a convenient list of CSS parameters, and is available at www.w3.org/TR/CSS21/propidx.html.
Here are some tips for making the most common changes to the WebVPN pages—the page colors:
•
•
•
Note
Examples
The following example customizes the background color of the border to the RGB color #66FFFF, a shade of green:
F1-asa1(config)# webvpnF1-asa1(config-webvpn)# customization ciscoF1-asa1(config-webvpn-custom)# border style background-color:66FFFFRelated Commands
browse-networks
To customize the Browse Networks box of the WebVPN Home page that is displayed to authenticated WebVPN users, use the browse-networks command from webvpn customization mode:
browse-networks {title | message | dropdown} {text | style} value
[no] browse-networks {title | message | dropdown} {text | style} value
To remove the command from the configuration and cause the value to be inherited, use the no form of the command.
Syntax Description
Defaults
The default title text is "Browse Networks".
The default title style is:
background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase
The default message text is "Enter Network Path".
The default message style is:
background-color:#99CCCC;color:maroon;font-size:smaller.
The default dropdown text is "File Folder Bookmarks".
The default dropdown style is:
border:1px solid black;font-weight:bold;color:black;font-size:80%.
Command Modes
The following table shows the modes in which you can enter the command:
Webvpn customization
•
—
•
—
—
Command History
Usage Guidelines
The style option is expressed as any valid Cascading Style Sheet (CSS) parameters. Describing these parameters is beyond the scope of this document. For more information about CSS parameters, consult CSS specifications at the World Wide Web Consortium (W3C) website at www.w3.org. Appendix F of the CSS 2.1 Specification contains a convenient list of CSS parameters, and is available at www.w3.org/TR/CSS21/propidx.html.
Here are some tips for making the most common changes to the WebVPN pages—the page colors:
•
•
•
Note
Examples
The following example changes the title to "Browse Corporate Networks", and the text within the style to blue:
F1-asa1(config)# webvpnF1-asa1(config-webvpn)# customization ciscoF1-asa1(config-webvpn-custom)# browse-networks title text Browse Corporate NetworksF1-asa1(config-webvpn-custom)# browse-networks title style color:blueRelated Commands
