Logging Into the Command Line Interface (CLI)
To log into the CLI, use an SSH client to make a connection to the management IP address. Log in using the admin username (default password is Admin123) or another CLI user account.
You can also connect to the address on a data interface if you open the interface for SSH connections. SSH access to data interfaces is disabled by default. To enable SSH access, use the device manager (management center or device manager) to allow SSH connections to specific data interfaces. You cannot SSH to the Diagnostic interface.
You can create user accounts that can log into the CLI using the configure user add command. However, these users can log into the CLI only. They cannot log into the device manager web interface. The CLI supports local authentication only. You cannot access the CLI using external authentication.
Console Port Access
In addition to SSH, you can directly connect to the Console port on the device. Use the console cable included with the device to connect your PC to the console using a terminal emulator set for 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. See the hardware guide for your device for more information about the console cable.
The initial CLI you access on the Console port differs by device type.
ASA hardware platforms—The CLI on the Console port is the regular threat defense CLI.
Other hardware platforms—The CLI on the Console port is Secure Firewall eXtensible Operating System (FXOS). You can get to the threat defense CLI using the connect command. Use the FXOS CLI for chassis-level configuration and troubleshooting only. For the Firepower 2100, you cannot perform any configuration at the FXOS CLI. Use the threat defense CLI for basic configuration, monitoring, and normal system troubleshooting. See the FXOS documentation for information on FXOS commands for the Firepower 4100 and 9300. See the FXOS troubleshooting guide for information on FXOS commands for other models.