-
Cisco Security Appliance Command Reference, Version 7.1
-
About this Guide
-
Using the Command Line Interface
-
aaa accounting through accounting-server-group
-
acl-netmask-convert through auto-update timeout Commands
-
backup-servers through browse networks Commands
-
cache through clear compression Commands
-
clear configure through clear configure vpn-load-balancing Commands
-
clear console-output through clear xlate Commands
-
client-access-rule through crl-configure Commands
-
crypto ca authenticate through customization Commands
-
debug aaa through debug xdmcp Commands
-
default through duplex Commands
-
email through functions Commands
-
gateway through hw-module module shutdown Commands
-
icmp through imap4s Commands
-
inspect ctiqbe through inspect xdmcp Commands
-
interface-dhcp through issuer-name Commands
-
join-failover-group through kill Commands
-
ldap-attribute-map through log-adj-changes Commands
-
logging asdm through logout message Commands
-
mac-address through multicast-routing Commands
-
name through override-account-disable Commands
-
page style through pwd Commands
-
queue-limit through routerospf Commands
-
same-security-traffic through show asdm sessions Commands
-
show asp drop through show curpriv Commands
-
show debug through show ipv6 traffic Commands
-
show isakmp sa through show route Commands
-
show running-config through show running-config isakmp Commands
-
show running-config ldap through show running-config webvpn auto-signon Commands
-
show service-policy through show webvpn svc Commands
-
shun through sysopt uauth allow-http-cache Commands
-
tcp-map through tx-ring-limit Commands
-
urgent-flag through write terminal Commands
-
Feedback
Table Of Contents
join-failover-group through kill Commands
join-failover-group through kill Commands
join-failover-group
To assign a context to a failover group, use the join-failover-group command in context configuration mode. To restore the default setting, use the no form of this command.
join-failover-group group_num
no join-failover-group group_num
Syntax Description
Defaults
Failover group 1.
Command Modes
The following table shows the modes in which you can enter the command:
Context configuration
•
•
—
•
—
Command History
Usage Guidelines
The admin context is always assigned to failover group 1. You can use the show context detail command to display the failover group and context association.
Before you can assign a context to a failover group, you must create the failover group with the failover group command in the system context. Enter this command on the unit where the context is in the active state. By default, unassigned contexts are members of failover group 1, so if the context had not been previously assigned to a failover group, you should enter this command on the unit that has failover group 1 in the active state.
You must remove all contexts from a failover group, using the no join-failover-group command, before you can remove a failover group from the system.
Examples
The following example assigns a context named ctx1 to failover group 2:
hostname(config)# context ctx1hostname(config-context)# join-failover-group 2hostname(config-context)# exitRelated Commands
kerberos-realm
To specify the realm name for this Kerberos server, use the kerberos-realm command in aaa-server host configuration mode. To remove the realm name, use the no form of this command:
kerberos-realm string
no kerberos-realm
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Aaa-server host configuration
•
•
•
•
—
Command History
Usage Guidelines
This command is valid only for Kerberos servers.
The value of the string argument should match the output of the Microsoft Windows set USERDNSDOMAIN command when it is run on the Windows 2000 Active Directory server for the Kerberos realm. In the following example, EXAMPLE.COM is the Kerberos realm name:
C:\>set USERDNSDOMAINUSERDNSDOMAIN=EXAMPLE.COMThe string argument must use numbers and upper-case letters only. The kerberos-realm command is case sensitive and the security appliance does not translate lower-case letters to upper-case letters.
Examples
The following sequence shows the kerberos-realm command to set the kerberos realm to "EXAMPLE.COM" in the context of configuring a AAA server host:
hostname(config)#aaa-server svrgrp1 protocol kerberoshostname(config-aaa-server-group)#aaa-server svrgrp1 host 1.2.3.4hostname(config-aaa-server-host)#timeout 9hostname(config-aaa-server-host)#retry 7hostname(config-aaa-server-host)#kerberos-realm EXAMPLE.COMhostname(config-aaa-server-host)#exithostname(config)#Related Commands
key
To specify the server secret value used to authenticate the NAS to the AAA server, use the key command in aaa-server host mode. Aaa-server host configuration mode is accessibile from aaa-server protocol configuration mode. To remove the key, use the no form of this command.The key (server secret) value authenticates the security appliance to the AAA server.
key key
no key
Syntax Description
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Aaa-server host
•
•
•
•
—
Command History
Usage Guidelines
The key value is a case-sensitive, alphanumeric keyword of up to 127 characters that is the same value as the key on the TACACS+ server. Any characters entered past 127 are ignored. The key is used between the client and the server for encrypting data between them. The key must be the same on both the client and server systems.The key cannot contain spaces, but other special characters are allowed.
This command is valid only for RADIUS and TACACS+ servers.
The key parameter of the aaa-server command in earlier PIX Firewall versions is automatically converted to the equivalent key command.
Examples
The following example configures a TACACS+ AAA server named "srvgrp1" on host "1.2.3.4", sets a timeout of 9 seconds, sets a retry-interval of 7 seconds, and configures the key as "myexclusivemumblekey".
hostname(config)#aaa-server svrgrp1 protocol tacacs+hostname(config-aaa-server-group)#aaa-server svrgrp1 host 1.2.3.4hostname(config-aaa-server-host)#timeout 9hostname(config-aaa-server-host)#retry-interval 7hostname(config-aaa-server-host)#key myexclusivemumblekeyRelated Commands
keypair
To specify the key pair whose public key is to be certified, use the keypair command in crypto ca trustpoint configuration mode. To restore the default setting, use the no form of the command.
keypair name
no keypair
Syntax Description
Defaults
The default setting is not to include the key pair.
Command Modes
The following table shows the modes in which you can enter the command:
Crypto ca trustpoint configuration
•
•
•
•
—
Command History
Examples
The following example enters crypto ca trustpoint configuration mode for trustpoint central, and specifies a key pair to be certified for trustpoint central:
hostname(config)# crypto ca trustpoint centralhostname(ca-trustpoint)# keypair exchangeRelated Commands
Enters trustpoint configuration mode.
Generates DSA keys.
Generates RSA keys.
Returns enrollment parameters to their defaults.
kill
To terminate a Telnet session, use the kill command in privileged EXEC mode.
kill telnet_id
Syntax Description
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The kill command lets you terminate a Telnet session. Use the who command to see the Telnet session ID. When you kill a Telnet session, the security appliance lets any active commands terminate and then drops the connection without warning.
Examples
The following example shows how to terminate a Telnet session with the ID "2". First, the who command is entered to display the list of active Telnet sessions. Then the kill 2 command is entered to terminate the Telnet session with the ID "2".
hostname# who2: From 10.10.54.0hostname# kill 2Related Commands
Configures Telnet access to the security appliance.
Displays a list of active Telnet sessions.