You can go through it from here. Anyhow I believe one more dedicated post is required to show how we can move back and forth from 3 CLIs.
The 3 CLIs in Cisco FTD are;
1. Converged FTD CLISH (Command Line Interface Shell)
2. Firepower Linux CLI (Snort CLI)
3. LINA (Linux on ASA)
Converged FTD CLISH inherits some Firepower Linux management plane commands and most of the data plane related Cisco ASA commands.
Firepower Linux CLI is just plain Linux access to the Firepower Engine. You will need this to view the Management Plane routing stuff for Cisco FMC.
LINA is just classic Cisco ASA privilege level commands without config mode. This is where the Data Plane routing stuff is in.
Let's start exploring the commands and finally summarize with a graph..
When you SSH to the FTD, initially you will go to the Converged FTD CLISH cli with the user mode you logged in.
It shows just a ' > ' which indicates the very basic mode of operation in CLISH cli.
If you want to go to the LINA cli from here you can enter the following command.
system support diagnostic-cli
Now you can go to privilege mode by command enable, just like in classic ASA cli.
If you want to jump back to the CLISH mode from here, you can use a key sequence
Ctrl + A then release the keys and enter D
Note:-
Or just you can type exit 2 times in LINA cli to logoff and to detach from it, which will lead back to CLISH cli.
If you want to go to the Firepower Linux shell from here you can enter expert and proceed. This is also called the expert mode which is advanced Linux access.
To go to the root, enter sudo su and the password just like in other Linux distros.
You can go to the LINA cli from here just by entering the following command.
sfconsole
If you enter the Ctrl + A then D sequence now, this will lead you to the Firepower Linux cli because you were there before switching to LINA.
You can also type lina_cli to go to LINA cli, but this command is deprecated in newer FTDs.
You can also type clish to go back to to the CLISH cli from root. But keep in mind that this mode is pretty useless. (useless than the default converged CLISH cli of user mode). You will see you can't even enter system support diagnostic-cli command from here.
If you exit from here now, it will go back to the root's advanced cli where you were in expert mode.
Following is a summary of the modes and commands for a quick reference.
There is another CLI you will very rarely meet in FTDs. This is in Firepower Appliances and we call it FXOS. It is just like the LINA so you may get confused just by seeing it. To go to the Service Module 1 where the FTD software (Converged CLISH) is installed, you can type the following command..
FXOS# connect module 1 console
It will navigate to the following looking CLI which is the service module. You should enter the following command to go to the FTD software ( the Converged CLISH we know)
Firepower-Module1> connect ftd
Now you are in the FTD software and all the above things we discussed will be working..
If you want to go back to Service Module or FXOS, just hit type exit..
No comments:
Post a Comment