Cisco IOS FW Tips
Some (hopefully) useful tips for administering the DoI Cisco Virtual Firewall using the IOS commandline. Full documentation is available online FWSM Configuration Guide
First up, you need an account on the Cisco Virtual Firewall for CECS.
Use Secure SHell (ssh) to log into the firewall:
> ssh bobe@150.203.204.166 bobe@150.203.204.166's password: csitfw/CECS>
(or, bobe@csitfw-vlan-1091.anu.edu.au - whichever floats your boat)
(give it your password)
You then need to enable "superuser" mode:
csitfw/CECS> en Password: ******** csitfw/CECS#
(you can also use "enable", or "e?" and then the "n" etc.)
(and give it your password again, for good measure - just like with sudo...)
There are two configurations of interest:
- running-config - the currently running configuration
- startup-config - saved config that will be used upon next startup
Generally, modify the running-config, then save to the startup-config.
A useful command is show. As Stu says: "Use show command to draw out information".
Now, a good thing to do is to find out which access groups are available:
csitfw/CECS# show running-config | inc access-group ...
(inc is like "grep" etc.)
To make changes, use:
csitfw/CECS# configure terminal csitfw/CECS(config)#
To add a new rule:
csitfw/CECS(config)# ipv6 access-list ipv6_inside_access_in line 1 permit icmp6 any any csitfw/CECS(config)#
To remove an existing rule:
csitfw/CECS(config)# no ipv6 access-list ipv6_inside_access_in line 2 permit icmp any any csitfw/CECS(config)#
When finished making changes:
csitfw/CECS(config)# exit csitfw/CECS#
If you have made any changes, save the running-config to startup-config with:
csitfw/CECS# write memory csitfw/CECS#
then, when finished:
csitfw/CECS# exit >