CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.1
Index
Downloads: This chapterpdf (PDF - 588.0KB) The complete bookPDF (PDF - 12.93MB) | The complete bookePub (ePub - 2.91MB) | The complete bookMobi (Mobi - 4.43MB) | Feedback

Index

Symbols

?

command string 48-4

help 48-4

/bits subnet masks 49-3

Numerics

4GE SSM

connector types 9-15

fiber 9-15

SFP 9-15

802.1Q tagging 10-9

802.1Q trunk 9-33

A

AAA

about 32-1, 33-1, 34-1, 35-1, 37-1

authentication

CLI access 41-20

privileged EXEC mode 41-21

authorization

command 41-27

server 44-4

adding 34-15, 36-7, 37-3, 37-4

types 32-1

support summary 32-3

abbreviating commands 48-3

ABR

definition of 27-2

Access Group pane

description 30-8

access lists

about 18-1

ACE logging, configuring 23-1

deny flows, managing 23-5

implicit deny 18-3

IP address guidelines 18-3

logging 23-1

NAT guidelines 18-3

remarks 19-9

scheduling activation 19-2

types 18-1

access ports 10-7

ACEs

See access lists

activation key

entering 4-36

location 4-34

obtaining 4-35

Active/Active failover

about 7-22

actions 7-23

configuring

asymmetric routing support 7-39

failover group preemption 7-37

duplicate MAC addresses, avoiding 7-8

primary status 7-22

secondary status 7-22

Active/Standby failover

about 7-20

actions 7-20

command replication 7-19

configuration synchronization 7-18

device initialization 7-18

primary unit 7-20

secondary unit 7-20

Adaptive Security Algorithm 1-16

Add/Edit Access Group dialog box

description 30-8

Add/Edit IGMP Join Group dialog box

description 30-7

Add/Edit OSPF Neighbor Entry dialog box 27-15, 27-33

admin context

about 6-2

changing 6-26

administrative access

using ICMP for 41-11

administrative distance 25-3, 25-5

AIP SSM

port-forwarding

enabling 11-7, 12-9

alternate address, ICMP message 49-15

analyzing syslog messages 44-2

application inspection

security level requirements 11-2, 12-2

area border router 27-2

ARP inspection

about 5-6

enabling 5-11

static entry 5-10

ARP spoofing 5-6

ARP test, failover 7-17

ASA (Adaptive Security Algorithm) 1-16

ASA 5505

Base license 10-2

MAC addresses 10-4

maximum VLANs 10-2

native VLAN support 10-10

non-forwarding interface 10-7

power over Ethernet 10-4

protected switch ports 10-8, 10-10

Security Plus license 10-2

SPAN 10-4

Spanning Tree Protocol, unsupported 10-8

ASA 5550 throughput 11-7, 12-10

ASBR

definition of 27-2

ASDM software

allowing access 41-6

installing 42-17

ASR 7-39

ASR groups 7-39

asymmetric routing support 7-39

attributes

RADIUS 34-3

attribute-value pairs

TACACS+ 35-1

authentication

about 32-1

CLI access 41-20

privileged EXEC mode 41-21

authorization

about 32-2

command 41-27

Auto-MDI/MDIX 9-2, 10-4

autostate messaging 2-11

Auto-Update, configuring 42-36

B

Baltimore Technologies, CA server support 40-4

bits subnet masks 49-3

BPDUs

forwarding on the switch 2-11

bridge

entry timeout 5-12

table, See MAC address table

broadcast Ping test 7-17

building blocks 17-1

bypassing the firewall, in the switch 2-5

C

CA

CRs and 40-2

public key cryptography 40-2

revoked certificates 40-2

supported servers 40-4

capturing packets 43-2

CA server

Digicert 40-4

Geotrust 40-4

Godaddy 40-4

iPlanet 40-4

Netscape 40-4

RSA Keon 40-4

Thawte 40-4

Catalyst 6500

See switch

certificate

enrollment protocol 40-13

Certificate Revocation Lists

See CRLs

change query interval 30-9

change query response time 30-9

change query timeout value 30-9

changing between contexts 6-24

changing the severity level 44-19

Cisco 14-7

Cisco 7600

See switch

Cisco IOS CS CA

server support 40-4

Cisco IP Phones

DHCP 14-7

Class A, B, and C addresses 49-1

classes, logging

filtering messages by 44-17

message class variables 44-4

types 44-4

classes, resource

See resource management

class map

regular expression 17-17

CLI

abbreviating commands 48-3

adding comments 48-6

command line editing 48-3

command output paging 48-5

displaying 48-5

help 48-4

paging 48-5

syntax formatting 48-3

clustering

ASDM connection certificate IP address mismatch 8-12

backup owner 8-10

cabling 8-32

cluster control link

configuring 8-42, 8-48

failure 8-9

MTU 8-44

overview 8-7

redundancy 8-8

size 8-7

configuration

examples 8-62

replication 8-10

connection

new, ownership 8-18

rebalancing 8-47

console replication 8-47

context mode 8-27

data path connection state replication 8-10

device-local EtherChannels, configuring on switch 8-29

executing a command cluster-wide 8-57

failover 8-27

feature history 8-77

features

centralized 8-20

individual units 8-21

NAT 8-23

SNMP 8-25

syslog and netflow 8-25

unsupported 8-19

VPN 8-25

guidelines and limitations 8-27

high availability 8-9

individual cluster interfaces, configuring 8-35

interface monitoring 8-9

IPv6 8-27

key 8-45, 8-51

licensing 8-26

management

interface, configuring 8-35

interface, overview 8-11

network 8-11

overview 8-10

master unit

changing 8-56

election 8-3

maximum members 8-26

member requirements 8-3

model support 8-27

monitoring 8-58

overview

bootstrap configuration 8-3

cluster control link 8-7

Equal-Cost Multi-Path Routing 8-15

interfaces 8-4

load balancing 8-12

management 8-10

master unit 8-3

Policy-Based Routing 8-14

spanned EtherChannel 8-12

performance scaling factor 8-2

prerequisites 8-26

rebalancing new connections 8-19

removing a member 8-54

RSA key replication 8-12

software requirements 8-3

spanned EtherChannel

benefits 8-12

configuring 8-37

load balancing 8-13

maximum throughput 8-13

overview 8-12

redundancy 8-13

VSS or vPC 8-13

spanning-tree portfast 8-27

unit failure 8-9

unit health monitoring 8-9

upgrading software 8-3

command authorization

about 41-16

configuring 41-27

multiple contexts 41-17

command prompts 48-2

comments

configuration 48-6

configuration

clearing 3-27

comments 48-6

factory default

commands 3-18

restoring 3-19

saving 3-25

switch 2-1

text file 3-28

URL for a context 6-22

viewing 3-27

configuration examples

logging 44-21

configuration examples for SNMP 45-29

configuration mode

accessing 3-2, 3-4

prompt 48-2

connection limits

per context 6-17

console port logging 44-12

context mode 28-3

context modes 25-2, 26-3, 27-3, 29-3, 30-3

contexts

See security contexts

conversion error, ICMP message 49-16

Coredump 43-6

crash dump 43-6

creating a custom event list 44-14

custom messages list

logging output destination 44-5

D

data flow

routed firewall 5-14

transparent firewall 5-20

date and time in messages 44-19

DDNS 15-2

debug messages 43-1

default

class 6-9

routes, defining equal cost routes 25-4

default configuration

commands 3-18

restoring 3-19

default routes

about 25-4

configuring 25-4

delay sending flow-create events

flow-create events

delay sending 46-9

deleting files from Flash 42-12

deny flows, logging 23-5

device ID, including in messages 44-18

device ID in messages 44-18

DHCP

Cisco IP Phones 14-7

options 14-6

relay 14-8

server 14-5

DHCP Relay panel 15-9

DHCP services 13-8

directory hierarchy search 36-3

disabling messages 44-19

disabling messages, specific message IDs 44-19

DMZ, definition 1-13

DNS

server, configuring 13-13

domain name 13-4

dotted decimal subnet masks 49-3

dual IP stack, configuring 11-2

dual-ISP support 25-6

duplex, configuring 9-15, 10-6

E

echo reply, ICMP message 49-15

ECMP 25-3

editing command lines 48-3

EIGRP

DUAL algorithm 28-2

hello interval 28-15

hello packets 28-1

hold time 28-2, 28-15

neighbor discovery 28-1

stub routing 28-4

stuck-in-active 28-2

enable command 3-1

enabling logging 44-7

enabling secure logging 44-17

Entrust, CA server support 40-4

established command, security level requirements 11-2, 12-2

EtherChannel

adding interfaces 9-30

channel group 9-30

compatibility 9-5

converting existing interfaces 9-16

example 9-37

failover 9-13

guidelines 9-13

interface requirements 9-5

LACP 9-6

load balancing

configuring 9-32

overview 9-7

MAC address 9-8

management interface 9-30

maximum interfaces 9-32

minimum interfaces 9-32

mode

active 9-7

on 9-7

passive 9-7

monitoring 9-36

overview 9-5

port priority 9-30

system priority 9-32

Ethernet

Auto-MDI/MDIX 9-2, 10-4

duplex 9-15, 10-6

jumbo frames, ASA 5580 9-35

MTU 11-12, 12-15

speed 9-15, 10-6

evaluation license 4-24

exporting NetFlow records 46-5

extended ACLs

configuring

for management traffic 19-4

F

facility, syslog 44-9

factory default configuration

commands 3-18

restoring 3-19

failover

about 7-1

Active/Active, See Active/Active failover

Active/Standby, See Active/Standby failover

configuration file

terminal messages, Active/Standby 7-18

contexts 7-20

debug messages 7-48

disabling 7-43

Ethernet failover cable 7-4

failover link 7-3

forcing 7-42

guidelines 45-17

health monitoring 7-16

interface health 7-17

interface monitoring 7-17

interface tests 7-17

link communications 7-3

MAC addresses

about 7-20

automatically assigning 6-12

module placement

inter-chassis 7-9

intra-chassis 7-8

monitoring, health 7-16

network tests 7-17

primary unit 7-20

redundant interfaces 9-13

restoring a failed group 7-44

restoring a failed unit 7-44

secondary unit 7-20

SNMP syslog traps 7-48

Stateful Failover, See Stateful Failover

state link 7-4

switch configuration 2-11

system log messages 7-48

system requirements 7-2

testing 7-44

trunk 2-11

unit health 7-16

fast path 1-17

fiber interfaces 9-15

Fibre Channel interfaces

default settings 20-2, 21-2, 22-3

filtering

security level requirements 11-2, 12-2

show command output 48-5

filtering messages 44-4

firewall mode

about 5-1

configuring 5-1

Flash memory

removing files 42-12

flash memory available for logs 44-16

flow control for 10 Gigabit Ethernet 9-26

flow-export actions 46-4

format of messages 44-3

fragment protection 1-14

G

generating RSA keys 39-16, 39-18, 39-20, 39-22, 40-11

groups

SNMP 45-16

H

H.323

transparent firewall guidelines 5-6

help, command line 48-4

high availability

about 7-1

host

SNMP 45-16

hostname

configuring 13-3

in banners 13-3

multiple context mode 13-3

hosts, subnet masks for 49-3

HSRP 5-5

HTTP(S)

authentication 41-21

HTTPS/Telnet/SSH

allowing network or host access to ASDM 41-1

I

ICMP

rules for access to ADSM 41-11

type numbers 49-15

implementing SNMP 45-16

information reply, ICMP message 49-15

information request, ICMP message 49-15

inside, definition 1-13

installation

module verification 2-6

interface

MTU 11-12, 12-15

interfaces

ASA 5505

enabled status 10-7

MAC addresses 10-4

maximum VLANs 10-2

non-forwarding 10-7

protected switch ports 10-8, 10-10

switch port configuration 10-7

trunk ports 10-9

ASA 5550 throughput 11-7, 12-10

default settings 20-2, 21-2, 22-3

duplex 9-15, 10-6

enabling 9-27

failover monitoring 7-17

fiber 9-15

IDs 9-26

IP address 11-8, 12-13

MAC addresses

automatically assigning 6-24

manually assigning to interfaces 11-11, 12-15

mapped name 6-21

naming, physical and subinterface 11-8, 12-11, 12-12

redundant 9-28

SFP 9-15

speed 9-15, 10-6

subinterfaces 9-33

turning off 11-17, 12-19

turning on 11-17, 12-19

IOS

upgrading 2-3

IP addresses

classes 49-1

interface 11-8, 12-13

management, transparent firewall 12-8

private 49-2

subnet mask 49-4

IPv6

configuring alongside IPv4 11-2

default route 25-5

dual IP stack 11-2

duplicate address detection 31-2

neighbor discovery 31-1

router advertisement messages 31-3

static neighbors 31-4

static routes 25-5

IPv6 addresses

anycast 49-9

format 49-5

multicast 49-8

prefixes 49-10

required 49-10

types of 49-6

unicast 49-6

IPv6 prefixes 31-12

IPX 2-5

J

Join Group pane

description 30-7

jumbo frames, ASA 5580 9-35

K

Kerberos

configuring 34-15, 36-7, 37-3

L

LACP 9-6

Layer 2 firewall

See transparent firewall

Layer 2 forwarding table

See MAC address table

LDAP

attribute mapping 36-5

configuring 34-15, 36-7, 37-3

directory search 36-3

hierarchy example 36-2

SASL 36-2

user authorization 36-10

licenses

activation key

entering 4-36

location 4-34

obtaining 4-35

ASA 5505 4-3

ASA 5510 4-4, 4-9

ASA 5520 4-5

ASA 5540 4-6

ASA 5550 4-7

ASA 5580 4-8, 4-17

ASA 5585-X 4-16

default 4-24

evaluation 4-24

failover 4-34

guidelines 4-33

managing 4-1

preinstalled 4-24

Product Authorization Key 4-35

shared

backup server, configuring 4-39

backup server, information 4-28

client, configuring 4-39

communication issues 4-28

failover 4-29

maximum clients 4-29

monitoring 4-49

overview 4-27

server, configuring 4-37

SSL messages 4-28

temporary 4-24

viewing current 4-40

VPN Flex 4-24

licensing requirements

logging 44-5

licensing requirements for SNMP 45-17

link up/down test 7-17

local user database

adding a user 33-4

configuring 33-4

logging in 41-22

lockout recovery 41-36

logging

access lists 23-1

classes

filtering messages by 44-4

types 44-4, 44-17

device-id, including in system log messages 44-18

e-mail

source address 44-11

EMBLEM format 44-15

facility option 44-9

filtering

by message class 44-17

by message list 44-5

by severity level 44-1

logging queue, configuring 44-16

output destinations 44-8

console port 44-8, 44-11, 44-12

internal buffer 44-1, 44-7

Telnet or SSH session 44-7

queue

changing the size of 44-16

configuring 44-16

viewing queue statistics 44-20

severity level, changing 44-20

timestamp, including 44-19

logging feature history 44-21

logging queue

configuring 44-16

login

banner, configuring 41-7

console 3-1

enable 3-1

global configuration mode 3-2

local user 41-22

password 13-2

session 3-4

SSH 3-4, 41-5

Telnet 3-4, 13-2

loops, avoiding 2-11

M

MAC address

redundant interfaces 9-5

MAC addresses

ASA 5505 10-4

automatically assigning 6-24

failover 7-20

manually assigning to interfaces 11-11, 12-15

security context classification 6-3

MAC address table

about 5-20

built-in-switch 5-7

entry timeout 5-12

MAC learning, disabling 5-13

resource management 6-18

static entry 5-12

MAC learning, disabling 5-13

management interfaces

default settings 20-2, 21-2, 22-3

management IP address, transparent firewall 12-8

man-in-the-middle attack 5-6

mapped interface name 6-21

mask

reply, ICMP message 49-15

request, ICMP message 49-15

Master Passphrase 13-8

message filtering 44-4

message list

filtering by 44-5

message-of-the-day banner 41-8

messages, logging

classes

about 44-4

list of 44-4

component descriptions 44-3

filtering by message list 44-5

format of 44-3

message list, creating 44-14

severity levels 44-3

messages classes 44-4

messages in EMBLEM format 44-15

metacharacters, regular expression 17-15

mgmt0 interfaces

default settings 20-2, 21-2, 22-3

MIBs 45-3

MIBs for SNMP 45-30

Microsoft Windows CA, supported 40-4

mobile redirection, ICMP message 49-16

mode

context 6-16

firewall 5-1

modular policy framework

configuring flow-export actions for NetFlow 46-6

monitoring

failover 7-16

OSPF 27-44

resource management 6-30

SNMP 45-1

monitoring logging 44-20

monitoring NSEL 46-10

monitoring switch traffic, ASA 5505 10-4

More prompt 48-5

MRoute pane

description 30-5

MSFC

overview 2-2

SVIs 2-5

MTU 11-12, 12-15

multicast traffic 5-5

multiple context mode

logging 44-2

See security contexts

multiple SVIs 2-5

N

naming an interface

other models 11-8, 12-11, 12-12

NAT

disabling proxy ARP for global addresses 24-11

native VLAN support 10-10

neighbor reachable time 31-2

neighbor solicitation messages 31-2

neighrbor advertisement messages 31-2

NetFlow

overview 46-1

NetFlow collector

configuring 46-5

NetFlow event

matching to configured collectors 46-6

NetFlow event logging

disabling 46-9

Network Activity test 7-17

No Payload Encryption 4-32

NSEL and syslog messages

redundant messages 46-2

NSEL configuration examples 46-12

NSEL feature history 46-14

NSEL licensing requirements 46-4

NSEL runtime counters

clearing 46-10

NT server

configuring 34-15, 36-7, 37-3

O

open ports 49-14

OSPF

area authentication 27-13

area MD5 authentication 27-13

area parameters 27-12

authentication key 27-10

authentication support 27-2

cost 27-11

dead interval 27-11

defining a static neighbor 27-15, 27-33

interaction with NAT 27-2

interface parameters 27-10

link-state advertisement 27-2

logging neighbor states 27-16

LSAs 27-2

MD5 authentication 27-11

monitoring 27-44

NSSA 27-13

packet pacing 27-44, 27-45

processes 27-2

redistributing routes 27-6

route calculation timers 27-16

route summarization 27-9

output destination 44-5

output destinations 44-1, 44-7

e-mail address 44-1, 44-7

SNMP management station 44-1, 44-7

Telnet or SSH session 44-1, 44-7

outside, definition 1-13

oversubscribing resources 6-10

P

packet

capture 43-2

classifier 6-3

packet capture, enabling 43-3

packet flow

routed firewall 5-14

transparent firewall 5-20

paging screen displays 48-5

parameter problem, ICMP message 49-15

passwords

changing 13-3

recovery 13-14

security appliance 13-2

pause frames for flow control 9-26

PKI protocol 40-13

PoE 10-4

pools, address

DHCP 14-5

port-forwarding

enabling 11-7, 12-9

ports

open on device 49-14

TCP and UDP 49-11

power over Ethernet 10-4

primary unit, failover 7-20

private networks 49-2

privileged EXEC mode

accessing 3-4

privileged EXEC mode, accessing 3-1

privileged mode

accessing 3-1

prompt 48-2

Product Authorization Key 4-35

prompts

command 48-2

more 48-5

protocol numbers and literal values 49-11

Protocol pane (PIM)

description 30-10

proxy ARP, disabling 24-11

public key cryptography 40-2

Q

question mark

command string 48-4

help 48-4

queue, logging

changing the size of 44-16

viewing statistics 44-20

R

RADIUS

attributes 34-3

configuring a server 34-15, 36-7, 37-3

support 34-1

rapid link failure detection 2-11

rate limit 44-20

redirect, ICMP message 49-15

redundant interface

EtherChannel

converting existing interfaces 9-16

redundant interfaces

configuring 9-28

failover 9-13

MAC address 9-5

setting the active interface 9-30

Registration Authority description 40-2

regular expression 17-14

reloading

context 6-27

security appliance 3-29

Request Filter pane

description 30-12

resetting the services module 2-12

resource management

about 6-10

assigning a context 6-22

class 6-17

configuring 6-8

default class 6-9

monitoring 6-30

oversubscribing 6-10

resource types 6-17

unlimited 6-11

resource usage 6-33

revoked certificates 40-2

RFCs for SNMP 45-30

RIP

authentication 29-2

definition of 29-1

enabling 29-4

support for 29-2

RIP panel

limitations 29-3

RIP Version 2 Notes 29-3

routed mode

about 5-1

setting 5-1

route map

definition 26-1

route maps

defining 26-4

uses 26-1

router

advertisement, ICMP message 49-15

solicitation, ICMP message 49-15

router advertisement messages 31-3

router advertisement transmission interval 31-8

router lifetime value 31-9

routes

about default 25-4

configuring default routes 25-4

configuring IPv6 default 25-5

configuring IPv6 static 25-5

configuring static routes 25-3

RSA

keys, generating 39-16, 39-18, 39-20, 39-22, 40-11, 41-4

rules

ICMP 41-10

running configuration

copying 42-25

saving 3-25

S

same security level communication

enabling 11-15, 12-18

SDI

configuring 34-15, 36-7, 37-3

secondary unit, failover 7-20

Secure Copy

configure server 42-14

security appliance

CLI 48-1

connecting to 3-1

managing licenses 4-1

managing the configuration 3-24

reloading 3-29

upgrading software 42-17

viewing files in Flash memory 42-12

security contexts

about 6-1

adding 6-19

admin context

about 6-2

changing 6-26

assigning to a resource class 6-22

cascading 6-6

changing between 6-24

classifier 6-3

command authorization 41-17

configuration

URL, changing 6-26

URL, setting 6-22

logging in 6-7

MAC addresses

automatically assigning 6-24

classifying using 6-3

managing 6-1, 6-25

mapped interface name 6-21

monitoring 6-28

MSFC compatibility 2-3

multiple mode, enabling 6-16

nesting or cascading 6-7

prompt 48-2

reloading 6-27

removing 6-25

resource management 6-10

resource usage 6-33

saving all configurations 3-26

unsupported features 6-14

VLAN allocation 6-21

security level

about 11-1

interface 11-9, 12-11, 12-13

security models for SNMP 45-16

segment size

maximum and minimum 11-10

maximum and minimum, overview 9-8

sending messages to an e-mail address 44-11

sending messages to an SNMP server 44-12

sending messages to ASDM 44-12

sending messages to a specified output destination 44-17

sending messages to a syslog server 44-8

sending messages to a Telnet or SSH session 44-13

sending messages to the console port 44-12

sending messages to the internal log buffer 44-9

session management path 1-17

severity levels, of system log messages

changing 44-1

filtering by 44-1

list of 44-3

severity levels, of system messages

definition 44-3

shared license

backup server, configuring 4-39

backup server, information 4-28

client, configuring 4-39

communication issues 4-28

failover 4-29

maximum clients 4-29

monitoring 4-49

server, configuring 4-37

SSL messages 4-28

show command, filtering output 48-5

single mode

backing up configuration 6-16

configuration 6-16

enabling 6-16

restoring 6-16

Smart Call Home monitoring 47-22

SNMP

about 45-1

failover 45-17

management station 44-1, 44-7

prerequisites 45-17

SNMP configuration 45-18

SNMP groups 45-16

SNMP hosts 45-16

SNMP monitoring 45-27, 45-28

SNMP terminology 45-2

SNMP traps 45-3

SNMP users 45-16

SNMP Version 3 45-15, 45-23

SNMP Versions 1 and 2c 45-22

source quench, ICMP message 49-15

SPAN 10-4

Spanning Tree Protocol, unsupported 10-8

SPAN session 2-6

speed, configuring 9-15, 10-6

SSH

authentication 41-21

concurrent connections 41-2

login 41-5

password 13-2

RSA key 41-4

username 41-5

startup configuration

copying 42-25

saving 3-25

Stateful Failover

about 7-13

state information 7-13

state link 7-4

stateful inspection 1-16

state information 7-13

state link 7-4

static ARP entry 5-10

static bridge entry 5-12

Static Group pane

description 30-7

static routes

configuring 25-3

stealth firewall

See transparent firewall

stuck-in-active 28-2

subcommand mode prompt 48-2

subinterfaces, adding 9-33

subnet masks

/bits 49-3

about 49-2

address range 49-4

determining 49-3

dotted decimal 49-3

number of hosts 49-3

SVIs

configuring 2-10

multiple 2-5

overview 2-5

switch

assigning VLANs to module 2-7

autostate messaging 2-11

BPDU forwarding 2-11

configuration 2-1

failover compatibility with transparent firewall 2-11

failover configuration 2-11

trunk for failover 2-11

verifying module installation 2-6

switched virtual interfaces

See SVIs

switch MAC address table 5-7

switch ports

access ports 10-7

protected 10-8, 10-10

SPAN 10-4

trunk ports 10-9

SYN attacks, monitoring 6-34

SYN cookies 6-34

syntax formatting 48-3

syslogd server program 44-5

syslog messages

analyzing 44-2

syslog messaging for SNMP 45-28

syslog server

designating more than one as output destination 44-5

EMBLEM format

configuring 44-15

enabling 44-8, 44-15

system configuration 6-2

system log messages

classes 44-4

classes of 44-4

configuring in groups

by message list 44-5

by severity level 44-1

device ID, including 44-18

disabling logging of 44-1

filtering by message class 44-4

managing in groups

by message class 44-17

output destinations 44-1, 44-7

syslog message server 44-7

Telnet or SSH session 44-7

severity levels

about 44-3

changing the severity level of a message 44-1

timestamp, including 44-19

T

TACACS+

command authorization, configuring 41-33

configuring a server 34-15, 36-7, 37-3

TCP

connection limits per context 6-17

maximum segment size 11-10

maximum segment size, overview 9-8

ports and literal values 49-11

TCP Intercept

monitoring 6-34

TCP MSS

overview 9-8

Telnet

allowing management access 41-1

authentication 41-21

concurrent connections 41-2

login 41-3

password 13-2

template timeout intervals

configuring for flow-export actions 46-7

temporary license 4-24

time exceeded, ICMP message 49-15

time ranges, access lists 19-2

timestamp, including in system log messages 44-19

timestamp reply, ICMP message 49-15

timestamp request, ICMP message 49-15

traffic flow

routed firewall 5-14

transparent firewall 5-20

transparent firewall

about 5-2

ARP inspection

about 5-6

enabling 5-11

static entry 5-10

data flow 5-20

guidelines 5-8

H.323 guidelines 5-6

HSRP 5-5

MAC address timeout 5-12

MAC learning, disabling 5-13

management IP address 12-8

multicast traffic 5-5

static bridge entry 5-12

unsupported features 5-9

VRRP 5-5

troubleshooting SNMP 45-25

trunk, 802.1Q 9-33

trunk ports 10-9

Trusted Flow Acceleration

modes 5-8

trustpoint 40-3

U

UDP

connection limits per context 6-17

connection state information 1-17

ports and literal values 49-11

unprivileged mode

accessing 3-4

unreachable, ICMP message 49-15

unreachable messages

required for MTU discovery 41-10

upgrading

IOS 2-3

URLs

context configuration, changing 6-26

context configuration, setting 6-22

user EXEC mode

accessing 3-1

prompt 48-2

username

adding 33-4

encrypted 33-4

password 33-4

users

SNMP 45-16

using clustering 44-5, 46-3

V

VeriSign, configuring CAs example 40-4

viewing RMS 42-42

virtual firewalls

See security contexts

virtual reassembly 1-14

VLANs 9-33

802.1Q trunk 9-33

allocating to a context 6-21

ASA 5505

MAC addresses 10-4

maximum 10-2

assigning to FWSM 2-7

interfaces 2-7

mapped interface name 6-21

subinterfaces 9-33

VPN

address range, subnets 49-4

VPN flex license 4-24

VRRP 5-5

W

WCCP 16-1

web caching 16-1

X

XOFF frames 9-26