About the CLI
After you log into a device via the CLI (see Logging Into the Command Line Interface on Classic Devices or Logging Into the Command Line Interface on Firepower Threat Defense Devices), you can use the commands described in this chapter to view, configure, and troubleshoot your device.
If you reboot a 7000 or 8000 Series device and then log in to the CLI as soon as you are able, any commands you execute are not recorded in the audit log until the web interface is available.
Note that CLI commands are case-insensitive with the exception of parameters whose text is not part of the CLI framework, such as user names and search filters.
There are numerous CLI modes, such as
configure, that contain sets of commands beginning with the mode name. You may enter a mode and then enter valid commands within that
mode, or you may enter an entire full command from any mode. For example, to display information about a user account called
Analyst1, you can enter the following at the CLI prompt:
show user Analyst1
If you have previously entered
show mode, enter the following at the CLI prompt:
CLI Access Levels
Within each mode, the commands available to a user depend on the user’s CLI access. When you create a user account, you can assign it one of the following CLI access levels:
Basic — The user has read-only access and cannot run commands that impact system performance.
Configuration — The user has read-write access and can run commands that impact system performance.
None — The user is unable to log in to the shell.
On 7000 and 8000 Series devices, you can assign command line permissions on the User Management page in the web interface. On NGIPSv and ASA FirePOWER, you assign command line permissions using the CLI.