2023-10-11 03:08 PM 2024-01-12 10:21 AM 更新
FPR2100 シリーズを rommon> より ASA (Platform Mode) に Re-imageする方法を紹介します.
必要なもの
作業の大まかな流れ
以下はCLI上で行う作業の詳細となります
*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************
Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Present
Platform FPR-2140 with 65536 MBytes of main memory
WARNING: This board is using a temporary MAC address.
WARNING: The temporary MAC address override value = 00:11:22:33:44:24
WARNING: Please clear this value to use the programmed MAC address.
WARNING: Use the following two CLI commands:
WARNING: unset MACADDR
WARNING: sync
BIOS has been successfully locked !!
MAC Address: 60:26:aa:0e:36:80
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Boot in 9 seconds.
Boot in 8 seconds.
Boot in 7 seconds.
Boot interrupted.
###### Escape キーを押して Boot を中断させる
rommon 1 > factory-reset ###### 'factory-reset' を実行
Warning: All configuration will be permanently lost with this operation
and application will be initialized to default configuration.
This operation cannot be undone after booting the application image.
Are you sure you would like to continue ? yes/no [no]: yes ###### 'yes' を回答
Please type 'ERASE' to confirm the operation or any other value to cancel: ERASE ###### 'ERASE' を回答
Performing factory reset...
Located '.boot_string' @ cluster 115924.
Rommon will continue to boot the application: disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA
Are you sure you would like to continue ? yes/no [no]: no ###### 'no' を回答
Execute 'boot' command afterwards for factory-reset to be initiated.
Use of reset/reboot/reload command will cancel the factory-reset request!
rommon 2 >
rommon 2 > boot ###### 'boot' を実行
Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA' @ cluster 5200.
####################################################################################### [SNIP]
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Sep 21 19:54:34 UTC 2023
kernel_image = 0x8daf8478, kernel_size=0x6452a0
Image validated
[ 11.445818] Disabling IRQ #16
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version and PSEQ version
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Primary SSD discovered
Rommon requested SSD reformat
Formating SSD...
Creating config partition: START: 1MB END: 1001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda1 contains a ext3 file system
last mounted on /opt/cisco/config on Tue Oct 10 13:22:07 2023
Discarding device blocks: 4096/244224 done
Creating filesystem with 244224 4k blocks and 61056 inodes
Filesystem UUID: f128bf4f-d489-42ea-ac19-33e3328ccd32
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: 0/8 done
Writing inode tables: 0/8 done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done
Creating log partition: START: 1001MB END: 2001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda2 contains a ext3 file system
last mounted on /opt/cisco/platform/logs on Tue Oct 10 13:22:07 2023
Discarding device blocks: 4096/243968 done
Creating filesystem with 243968 4k blocks and 61056 inodes
Filesystem UUID: 8f46f10e-64dc-49ae-acb3-1c1152b434aa
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: 0/8 done
Writing inode tables: 0/8 done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done
Creating coredump partition: START: 2001MB END: 32001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda3 contains a ext3 file system
last mounted on Tue Oct 10 13:22:07 2023
Discarding device blocks: 4096/73244165771264/7324416 done
Creating filesystem with 7324416 4k blocks and 1831424 inodes
Filesystem UUID: b137e416-e39f-4461-a675-d156da3f993f
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Allocating group tables: 0/224 done
Writing inode tables: 0/224 done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: 0/224 done
Creating csp partition: START: 32001MB END: 100%
meta-data=/dev/sda4 isize=256 agcount=4, agsize=10254144 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0, sparse=0, rmapbt=0
= reflink=0
data = bsize=4096 blocks=41016576, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=20027, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Done with primary disk partition
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 11/61056 files, 8244/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 11/61056 files, 8244/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 11/1831424 files, 158994/7324416 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1
fsck.fat 4.1 (2017-01-24)
/dev/sdb1: 34 files, 115925/1919062 clusters
fsck(/dev/sdb1) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Configuring packages on first boINIT: Entering runlevel: 3
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ...
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false
INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA size 1296
Done!
Computed Hash SHA2: b017cba05abf5495f8e598501d60f518
0ef46d1ef0436453c242f2d2421a6de3
ef9e56df4cacc6547d5a5d30138a2ef6
1427ed399485eaedd95240ae37810ddf
Embedded Hash SHA2: b017cba05abf5495f8e598501d60f518
0ef46d1ef0436453c242f2d2421a6de3
ef9e56df4cacc6547d5a5d30138a2ef6
1427ed399485eaedd95240ae37810ddf
The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.1611.SPA verified successfully
INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA size 37135504
Done!
Computed Hash SHA2: 152e65b198a7b98491ebc4d3212d9b5f
47a3a10dfe42296d9f095cbb45994c15
7a97413e849739cc25a47e5bffbf7ea4
b6e81eaf2c0890f2dea162cc62ef8e4b
Embedded Hash SHA2: 152e65b198a7b98491ebc4d3212d9b5f
47a3a10dfe42296d9f095cbb45994c15
7a97413e849739cc25a47e5bffbf7ea4
b6e81eaf2c0890f2dea162cc62ef8e4b
The digital signature of the file: fxos-k9-mgmtext.2.10.1.60.SPA verified successfully
INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false
INFO: manager_post_install: fxmgr is dummy
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
INFO: Creating directory /tmp/chmgr
INFO: creating /isan/apache/chassis-mgr/
INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh
INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf
INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt
INFO: manager_post_install: succesful install chassis mgr
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...
2023-10-10T13:33:02 [WARN/lldpctl] unknown command from argument 4: `status`
INFO: Configure system files ...
INFO: System Name is: firepower-2140
Starting sensors logging daemon: sensord... done.
INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA
INFO: Need to validate the image
: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA size 73782640
Done!
Computed Hash SHA2: c04a9fdf274ab056a8f07e7abade825c
0d42272fdd5e5f1e170eec6c2b28ea65
427c6d820a86bfb7def348a2fd98529b
0b012de4a333a3266b2dac3739b96cb2
Embedded Hash SHA2: c04a9fdf274ab056a8f07e7abade825c
0d42272fdd5e5f1e170eec6c2b28ea65
427c6d820a86bfb7def348a2fd98529b
0b012de4a333a3266b2dac3739b96cb2
The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.1611.SPA verified successfully
INFO: Creating directory /tmp/npu
INFO: all files are there ...
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.2839 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2839 script exit]
INFO: manager_startup: Completed manager httpd setup!
INFO: manager_startup: configuring chassis manager
INFO: unconfig older conf files
httpdAppconf INFO: [httpd.2918 -d /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]
httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied
INFO: httpdAppconf [httpd.2918 script exit]
httpdAppconf INFO: [httpd.2948 -V -d /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]
httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
httpdAppconf INFO: httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf already applied
INFO: httpdAppconf [httpd.2948 script exit]
INFO: Configuring httpd
httpdAppconf INFO: [httpd.2981 -V -a /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]
httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf
INFO: httpdAppconf [httpd.2981 script exit]
INFO: manager_startup: successfully configured chassis mgr
nscd: 3030 monitoring file `/etc/hosts` (1)
nscd: 3030 monitoring directory `/etc` (2)
nscd: 3030 monitoring file `/etc/resolv.conf` (3)
nscd: 3030 monitoring directory `/etc` (2)
Starting crond: OK
FTD
Starting Octeon Serial Logd...
Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.
firepower-2140 login:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Oct 10 13:33:27 firepower-2140 kernel: [ 11.445818] Disabling IRQ #16
Oct 10 13:33:29 firepower-2140 rst_manager: Reset Manager not required on this platform: 1
Oct 10 13:33:38 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Oct 10 13:34:23 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to UP
Oct 10 13:34:23 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to UP
firepower-2140 login: admin ###### admin/Admin123 でログイン (このパスワードはDefault)
Password:
Successful login attempts for user 'admin' : 1
Hello admin. You must change your password.
Enter new password: ********* ###### 任意のパスワードを設定 (アスタリスクは出力されません)
Confirm new password: ********* ###### 任意のパスワードの再入力 (アスタリスクは出力されません)
Your password was updated successfully.
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
firepower-2140#
firepower-2140# connect local-mgmt ###### 'connect local-mgmt' を実行して 'local-mgmt' に移行
firepower-2140(local-mgmt)#
firepower-2140(local-mgmt)# format everything ###### 'format everything' を実行
All configuration and bootable images will be lost.
Do you still want to format? (yes/no):yes ###### 'yes' を回答
100+0 records in
100+0 records out
51200 bytes (51 kB, 50 KiB) copied, 0.00821808 s, 6.2 MB/s
4+0 records in
4+0 records out
2048 bytes (2.0 kB, 2.0 KiB) copied, 6.5215e-05 s, 31.4 MB/s
100+0 records in
100+0 records out
51200 bytes (51 kB, 50 KiB) copied, 0.0956049 s, 536 kB/s
Broadcast message from root@firepower-2140 (Tue Oct 10 13:34:59 2023):
All shells being terminated due to system /sbin/reboot
Broadcast message from root@firepower-2140 (Tue Oct 10 13:35:00 2023):
System restarted due to disks being reformatted.
INIT: 2023 Oct 10 13:35:07 PMLOG: PM IPC UTILITY: Shutting down all ports
Stopping Octeon Serial Logd...
Stopping Octeon Serial Logd... success
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 1611)
done.
Stopping Octeon NPU ...
Oct 10 13:35:08 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to DOWN
Oct 10 13:35:08 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to DOWN
Oct 10 13:35:08 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Stopping Octeon NPU ... unreachable
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1623)
acpid.
Stopping web server: apache2failed
Stopping system message bus: acpid: exiting
dbus.
Stopping DHCP server: dhcpd3no /usr/sbin/dhcpd found; none killed
.
stopping DNS forwarder and DHCP server: dnsmasq... no /usr/bin/dnsmasq found; none killed
stopping mountd: done
stopping nfsd: .done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 1661)
done
Stopping internet superserver: xinetd.
stopping statd: done
Stopping random number generator daemon.
Stopping domain name service: named.
Stopping crond: OK
Stopping rpcbind daemon...
done.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 2761)
done.
* Stopping virtualization library daemon: libvirtd
*[fail]
Deconfiguring network interfaces... done.
Stopping FreeRADIUS daemon radiusd Failed
Tue Oct 10 13:35:11 UCT 2023
Oct 10 13:35:11 firepower-2140 KP-NVRAM: Confreg value: confreg = 0x1
SSP-Security-Module is shutting down ...
Tue Oct 10 13:35:12 UCT 2023 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Tue Oct 10 13:35:12 UCT 2023 SHUTDOWN WARNING: Upgrade process ready for reboot
Tue Oct 10 13:35:12 UCT 2023 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
Tue Oct 10 13:35:13 UCT 2023 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down
omit_pids_opt: -o 679,700,704
Tue Oct 10 13:35:13 UCT 2023
Sending ALL processes the TERM signal ...
Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...
Tue Oct 10 13:35:14 UCT 2023
Sending ALL processes the KILL signal ...
Tue Oct 10 13:35:15 UCT 2023
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 212.511600] reboot: Restarting system
*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************
Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Present
Platform FPR-2140 with 65536 MBytes of main memory
WARNING: This board is using a temporary MAC address.
WARNING: The temporary MAC address override value = 00:11:22:33:44:24
WARNING: Please clear this value to use the programmed MAC address.
WARNING: Use the following two CLI commands:
WARNING: unset MACADDR
WARNING: sync
BIOS has been successfully locked !!
MAC Address: 60:26:aa:0e:36:80
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Boot in 9 seconds.
Boot in 8 seconds.
Boot in 7 seconds.
###### Escapeキーを押して Boot を中断させる
Boot interrupted.
rommon 1 >
rommon 1 > ADDRESS=10.122.187.155 ###### IP Address の設定
rommon 2 > NETMASK=255.255.255.240 ###### Netmask の設定
rommon 3 > GATEWAY=10.122.187.145 ###### Default Gateway の設定
rommon 4 > SERVER=10.207.204.10 ###### イメージが置いてあるサーバーの設定
rommon 5 > IMAGE=cisco-asa-fp2k.9.16.4.42.SPA ###### イメージ名の設定
rommon 6 > set ###### 設定内容の確認
ADDRESS=10.122.187.155
NETMASK=255.255.255.240
GATEWAY=10.122.187.145
SERVER=10.207.204.10
IMAGE=cisco-asa-fp2k.9.16.4.42.SPA
CONFIG=
PS1="rommon ! > "
MACADDR=00:11:22:33:44:24
FIRMWARE_VERSION=1012.0200.0213
rommon 7 >
rommon 7 > ping 10.207.204.10 ###### サーバーへの疎通確認
link upSending 10, 32-byte ICMP Echoes to 10.207.204.10 timeout is 4 seconds
!!!!!!!!!!
Success rate is 100 percent (10/10)
rommon 8 >
rommon 8 > tftpdnld ##### 'tftpdnld' を実行しイメーをダウンロード
ADDRESS: 10.122.187.155
NETMASK: 255.255.255.240
GATEWAY: 10.122.187.145
SERVER: 10.207.204.10
IMAGE: cisco-asa-fp2k.9.16.4.42.SPA
MACADDR: 60:26:aa:0e:36:80
VERBOSITY: Progress
RETRY: 40
PKTTIMEOUT: 7200
BLKSIZE: 1460
CHECKSUM: Yes
PORT: GbE/1
PHYMODE: Auto Detect
link up
Receiving cisco-asa-fp2k.9.16.4.42.SPA from 10.207.204.10!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [SNIP]
TFTP: Transfer stopped after 268434140 bytes.
will try boot bundle image !!
File reception completed.
Boot buffer bigbuf=7e13e3d8
Boot image size = 191411968 (0xb68b700) bytes
[image size] 191411968
[MD5 signature] afe2e2f0f675ffc728d04bcb7394a36a
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Sep 21 19:54:34 UTC 2023
kernel_image = 0x89184838, kernel_size=0x6452a0
Image validated
[ 11.447411] Disabling IRQ #16
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version and PSEQ version
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Primary SSD discovered
eMMC has incorrect partitions
Skipping prompt because disk is blank
Reformatting eMMC to clear error
Creating eMMC partition: START: 1 MB END: 100%
mkfs.fat 4.1 (2017-01-24)
Primary SSD has incorrect partitions
Skipping prompt because disk is blank
Formating Primary SSD...
Creating config partition: START: 1MB END: 1001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda1 contains a ext3 file system
last mounted on /opt/cisco/config on Tue Oct 10 13:32:34 2023
Discarding device blocks: 4096/244224 done
Creating filesystem with 244224 4k blocks and 61056 inodes
Filesystem UUID: 0574363d-9dac-4d82-aa27-dd670a2ede42
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: 0/8 done
Writing inode tables: 0/8 done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done
Creating log partition: START: 1001MB END: 2001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda2 contains a ext3 file system
last mounted on /opt/cisco/platform/logs on Tue Oct 10 13:32:34 2023
Discarding device blocks: 4096/243968 done
Creating filesystem with 243968 4k blocks and 61056 inodes
Filesystem UUID: 4163d307-1119-4953-a8d9-250c3ce3d8a4
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: 0/8 done
Writing inode tables: 0/8 done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done
Creating coredump partition: START: 2001MB END: 32001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda3 contains a ext3 file system
last mounted on Tue Oct 10 13:32:34 2023
Discarding device blocks: 4096/73244164198400/7324416 done
Creating filesystem with 7324416 4k blocks and 1831424 inodes
Filesystem UUID: f41d5307-ec84-4a8c-8092-b4717454f638
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Allocating group tables: 0/224 done
Writing inode tables: 0/224 done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: 0/224 done
Creating csp partition: START: 32001MB END: 100%
meta-data=/dev/sda4 isize=256 agcount=4, agsize=10254144 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0, sparse=0, rmapbt=0
= reflink=0
data = bsize=4096 blocks=41016576, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=20027, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Done with primary disk partition
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 11/61056 files, 8244/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 11/61056 files, 8244/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 11/1831424 files, 158994/7324416 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1
fsck.fat 4.1 (2017-01-24)
/dev/sdb1: 0 files, 1/1919062 clusters
fsck(/dev/sdb1) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Configuring packages on first boINIT: Entering runlevel: 3
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ...
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: beginning of manager_install
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: disaster recovery - use default service mgr
INFO: manager_post_install ...
INFO: manager_post_install: boot file does not exist
INFO: manager_post_install: fxmgr= chmgr= update=false
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...
2023-10-10T13:39:11 [WARN/lldpctl] unknown command from argument 4: `status`
INFO: Configure system files ...
INFO: System Name is: firepower-2140
Starting sensors logging daemon: sensord... done.
INFO: file /mnt/boot/.boot_npu does not exist
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.2698 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2698 script exit]
INFO: manager_startup: Completed manager httpd setup!
nscd: 2773 monitoring file `/etc/hosts` (1)
nscd: 2773 monitoring directory `/etc` (2)
nscd: 2773 monitoring file `/etc/resolv.conf` (3)
nscd: 2773 monitoring directory `/etc` (2)
Starting crond: OK
FTD
Starting Octeon Serial Logd...
Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.
firepower-2140 login:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Oct 10 13:39:31 firepower-2140 kernel: [ 11.447411] Disabling IRQ #16
Oct 10 13:39:34 firepower-2140 rst_manager: Reset Manager not required on this platform: 1
Oct 10 13:39:43 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Oct 10 13:40:47 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to UP
Oct 10 13:40:47 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to UP
firepower-2140 login: admin ###### 'admin/Admin123' でログイン
Password:
Successful login attempts for user 'admin' : 1
Hello admin. You must change your password.
Enter new password: ******* ###### 任意のパスワードを設定 (アスタリスクは出力されません)
Confirm new password: ******* ###### 任意のパスワードの再入力 (アスタリスクは出力されません)
Your password was updated successfully.
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
firepower-2140#
firepower-2140# scope fabric-interconnect a ###### 'scope fabric-interconnect a' を実行
###### 'set out-of-band static ip' コマンドで IP Addressを設定
firepower-2140 /fabric-interconnect # set out-of-band static ip 10.122.187.155 netmask 255.255.255.240 gw 10.122.187.145
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
firepower-2140 /fabric-interconnect* # commit-buffer ###### 'commit-buffer' で設定変更を確定する
firepower-2140 /fabric-interconnect # exit ###### 'exit' で抜ける
firepower-2140#
firepower-2140# connect local-mgmt ###### 'connect local-mgmt' で 'local-mgmt' に移行
firepower-2140(local-mgmt)#
firepower-2140(local-mgmt)# ping 10.207.204.10 ###### ping で TFTP Server への疎通確認
PING 10.207.204.10 (10.207.204.10) from 10.122.187.155 : 56(84) bytes of data.
64 bytes from 10.207.204.10: icmp_seq=1 ttl=61 time=0.181 ms
64 bytes from 10.207.204.10: icmp_seq=2 ttl=61 time=0.166 ms
64 bytes from 10.207.204.10: icmp_seq=3 ttl=61 time=0.179 ms
^C
--- 10.207.204.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 92ms
rtt min/avg/max/mdev = 0.166/0.175/0.181/0.012 ms
firepower-2140(local-mgmt)#
firepower-2140(local-mgmt)# exit ###### 'exit' で抜ける
firepower-2140#
firepower-2140# scope firmware ###### 'scope firmware' を実行
firepower-2140 /firmware #
###### 'download image' コマンドを実行しイメージをダウンロードする
firepower-2140 /firmware # download image tftp://10.207.204.10/cisco-asa-fp2k.9.16.4.42.SPA
Please use the command 'show download-task' or 'show download-task detail' to check download progress.
firepower-2140 /firmware #
firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : transferring 104128 KB
firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : transferring 320768 KB
firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : transferring 463574 KB
firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : verifying image ...
###### ダウンロード完了の確認
firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : completed successfully.
firepower-2140 /firmware #
firepower-2140 /firmware # show package ###### 'show package' を実行してダウンロードしたファイルの 'Package-Vers' を確認する
Name Package-Vers
--------------------------------------------- ------------
cisco-asa-fp2k.9.16.4.42.SPA 9.16.4.42
firepower-2140 /firmware #
firepower-2140 /firmware # scope auto-install ###### 'scope auto-install' を実行
firepower-2140 /firmware/auto-install #
###### 'install security-pack' を実行
###### 'version' は上記の 'show package' で確認した 'Package-Vers' を指定
firepower-2140 /firmware/auto-install # install security-pack version 9.16.4.42
The system is currently installed with security software package not set, which has:
- The platform version: not set
If you proceed with the upgrade 9.16.4.42, it will do the following:
- upgrade to the new platform version 2.10.1.1611
- install with CSP asa version 9.16.4.42
During the upgrade, the system will be reboot
Do you want to proceed ? (yes/no):yes ###### 'yes' を回答
This operation upgrades firmware and software on Security Platform Components
Here is the checklist of things that are recommended before starting Auto-Install
(1) Review current critical/major faults
(2) Initiate a configuration backup
Do you want to proceed? (yes/no):yes ###### 'yes' を回答
Triggered the install of software package version 9.16.4.42
Install started. This will take several minutes.
For monitoring the upgrade progress, please enter 'show' or 'show detail' command.
firepower-2140 /firmware/auto-install # Oct 10 13:44:43 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show
Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
9.16.4.42 Scheduled Ready
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show detail
Firmware Auto-Install:
Package-Vers: 9.16.4.42
Oper State: Scheduled
Installation Time: 2023-10-10T13:44:43.540
Upgrade State: Validating Images
Upgrade Status: validating the software package
Validation Software Pack Status:
Firmware Upgrade Status:
Current Task: Validating the application pack(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ValidateApplicationPack)
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show
Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
9.16.4.42 Scheduled Validating Images
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show detail
Firmware Auto-Install:
Package-Vers: 9.16.4.42
Oper State: Scheduled
Installation Time: 2023-10-10T13:44:43.540
Upgrade State: Upgrading Npu
Upgrade Status: upgrading the npu image
Validation Software Pack Status: ok
Firmware Upgrade Status:
Current Task: Activating NPU Image(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ActivateNpuImage)
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show
Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
9.16.4.42 Scheduled Upgrading Service Manager
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show detail
Firmware Auto-Install:
Package-Vers: 9.16.4.42
Oper State: Scheduled
Installation Time: 2023-10-10T13:44:43.540
Upgrade State: Upgrading Service Manager
Upgrade Status: upgrading chassis manager image
Validation Software Pack Status: ok
Firmware Upgrade Status: up-to-date
Current Task: Activating Service Manager(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ActivateManagerImage)
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show
Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
9.16.4.42 Scheduled Installing Application
firepower-2140 /firmware/auto-install #
firepower-2140 /firmware/auto-install # show detail
Firmware Auto-Install:
Package-Vers: 9.16.4.42
Oper State: Scheduled
Installation Time: 2023-10-10T13:44:43.540
Upgrade State: Installing Application
Upgrade Status: installing application image
Validation Software Pack Status: ok
Firmware Upgrade Status: up-to-date
Current Task: Waiting for Application Activation to complete(FSM-STAGE:sam:dme:FirmwareSystemDeploy:PollApplicationActivationStatus)
firepower-2140 /firmware/auto-install #
Cisco ASA: CMD=-install, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''
Verifying signature for cisco-asa.9.16.4.42 ...
Verifying signature for cisco-asa.9.16.4.42 ... success
Cisco ASA: CMD=-start, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''
Cisco ASA starting ...
firepower-2140 login: admin (automatic login) ###### FXOSへのログインは自動で行われる
Last login: Tue Oct 10 13:40:54 UTC 2023 on ttyS0
Successful login attempts for user 'admin' : 2
Please wait for Cisco ASA to come online...1...
Registering to process manager ...
Cisco ASA started successfully.
Oct 10 13:48:54 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to DOWN
Oct 10 13:48:54 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to DOWN
Please wait for Cisco ASA to come online...2...
Please wait for Cisco ASA to come online...3...
Please wait for Cisco ASA to come online...4...
Please wait for Cisco ASA to come online...5...
lina_init_env: memif is not enabled.
System Cores 16 Nodes 1 Max Cores 48
Number of Cores 16
Global Reserve Memory Per Node: 1384120320 bytes Nodes=1
LCMB: HEAP-CACHE POOL got 1375731712 bytes on numa-id=0, virt=0x0000005555600000
total_reserved_mem = 1073741824
total_heapcache_mem = 1375731712
total mem 15545602335 system 15677886464 kernel 132284129 image 0
new 15545602335 old 1073741824 reserve 2449473536 priv new 13228412928 priv old 0
Processor memory: 14367166464
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Cisco Adaptive Security Appliance Software Version 9.16(4)42
Compiled on Fri 22-Sep-23 04:35 GMT by builders
Platform is FPR-2140
Adding Cavium NIC interface 0 port 0
Total NICs found: 5
NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1
NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0
NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1
NIC pci:id 04, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 03 MAC: 6026.aa0e.3681
en_vtun rev00 Backplane Tap Interface @ index 04 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
10Oct2023 13:50:00 Read error: Open failed. Error message: No such file or directory.
License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Use software crypto.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
Cisco Adaptive Security Appliance Software Version 9.16(4)42
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.16
Copyright (c) 1996-2023 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
config_fetcher: channel open failed
WARNING: MIGRATION - no startup configuration or configuration not found.
INFO: Power-On Self-Test in process.
..............
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...
Trustpoint CA certificate accepted.
Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...
Trustpoint CA certificate accepted.
INFO: Security level for "management" set to 0 by default.
INFO: Security level for "outside" set to 0 by default.
INFO: Security level for "inside" set to 100 by default.
User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.
ciscoasa>
ciscoasa> enable ###### 'enable' を実行
The enable password is not set. Please set it now.
Enter Password: ***** ###### パスワードを入力
Repeat Password: ***** ###### パスワードを入力
Note: Save your configuration so that the password can be used for FXOS failsafe access and persists across reboots
("write memory" or "copy running-config startup-config").
ciscoasa#
ciscoasa#
ciscoasa# show fxos mode ###### 現在の稼働モードを確認する
Mode is currently set to appliance
ciscoasa#
ciscoasa#
ciscoasa# config terminal ###### 'config terminal' を実行
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# no fxos mode appliance ###### 'no fxos mode appliance' コマンドで動作モードを 'Platform Mode' に変更する
Mode set to platform mode
WARNING: The running-config must be saved and the system must
be rebooted for this command to take effect. Upon reboot, the current
configuration will be erased, and the default configuration for
platform mode will be applied.
ciscoasa(config)# reload ###### 'reload' を実行する
System config has been modified. Save? [Y]es/[N]o: Y ###### 'Y' を返答する
Cryptochecksum: 9b5cef5e 9c1a1668 056471bc 35881f22
12637 bytes copied in 2.230 secs (6318 bytes/sec)
WARNING: Mode change detected. Upon reboot,
current configuration will be cleared and the default
configuration for platform mode will be applied.
Proceed with reload? [confirm] ###### Enterキーを押して再起動させる
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down Application Agent
Shutting down isakmp
Shutting down webvpn
Shutting down fover_reload
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting... (status 0x9)
..
lina_monitor process exited norm2023 Oct 10 13:52:17 PMLOG: PM IPC UTILITY: Shutting down all ports
Cisco ASA: CMD=-stop, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''
Cisco ASA stopping ...
Cisco ASA stopped successfully.
Stopping Octeon Serial Logd...
Stopping Octeon Serial Logd... success
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 46182)
done.
Stopping Octeon NPU ...
Stopping Octeon NPU ... success
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1621)
acpid.
Stopping web server: apache2failed
Stopping system message bus: dbus.
Stopping DHCP server: dhcpd3no /usr/sbin/dhcpd found; none killed
.
stopping DNS forwarder and DHCP server: dnsmasq... no /usr/bin/dnsmasq found; none killed
stopping mountd: done
stopping nfsd: .acpid: exiting
done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 39204)
done
Stopping internet superserver: xinetd.
stopping statd: done
Stopping random number generator daemon.
Stopping domain name service: named.
Stopping crond: OK
Stopping rpcbind daemon...
done.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 2645)
done.
* Stopping virtualization library daemon: libvirtd
*[fail]
Deconfiguring network interfaces... done.
Stopping FreeRADIUS daemon radiusd Failed
Tue Oct 10 13:52:28 UTC 2023
SSP-Security-Module is shutting down ...
Tue Oct 10 13:52:29 UTC 2023 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Tue Oct 10 13:52:29 UTC 2023 SHUTDOWN WARNING: Upgrade process ready for reboot
Tue Oct 10 13:52:29 UTC 2023 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
omit_pids_opt: -o 679,699,703
Tue Oct 10 13:52:29 UTC 2023
Sending ALL processes the TERM signal ...
Note: SIGKILL_ALL will be triggered after after 1 + 2 secs ...
Tue Oct 10 13:52:31 UTC 2023
Sending ALL processes the KILL signal ...
Tue Oct 10 13:52:32 UTC 2023
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 877.961794] reboot: Restarting system
*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************
Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Present
Platform FPR-2140 with 65536 MBytes of main memory
WARNING: This board is using a temporary MAC address.
WARNING: The temporary MAC address override value = 00:11:22:33:44:24
WARNING: Please clear this value to use the programmed MAC address.
WARNING: Use the following two CLI commands:
WARNING: unset MACADDR
WARNING: sync
BIOS has been successfully locked !!
MAC Address: 60:26:aa:0e:36:80
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Boot in 9 seconds.
Boot in 8 seconds.
Boot in 7 seconds.
Boot in 6 seconds.
Boot in 5 seconds.
Boot in 4 seconds.
Boot in 3 seconds.
Boot in 2 seconds.
Boot in 1 second.
Located '.boot_string' @ cluster 115924.
Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA"
Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA' @ cluster 5200.
#############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Sep 21 19:54:34 UTC 2023
kernel_image = 0x8daf8478, kernel_size=0x6452a0
Image validated
[ 11.436677] Disabling IRQ #16
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version and PSEQ version
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Primary SSD discovered
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 131/61056 files, 9505/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 81/61056 files, 10384/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 13/1831424 files, 158996/7324416 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1
fsck.fat 4.1 (2017-01-24)
/dev/sdb1: 34 files, 115925/1919062 clusters
fsck(/dev/sdb1) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Configuring packages on first boINIT: Entering runlevel: 3
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ...
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false
INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA size 1296
Done!
Computed Hash SHA2: b017cba05abf5495f8e598501d60f518
0ef46d1ef0436453c242f2d2421a6de3
ef9e56df4cacc6547d5a5d30138a2ef6
1427ed399485eaedd95240ae37810ddf
Embedded Hash SHA2: b017cba05abf5495f8e598501d60f518
0ef46d1ef0436453c242f2d2421a6de3
ef9e56df4cacc6547d5a5d30138a2ef6
1427ed399485eaedd95240ae37810ddf
The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.1611.SPA verified successfully
INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA size 37135504
Done!
Computed Hash SHA2: 152e65b198a7b98491ebc4d3212d9b5f
47a3a10dfe42296d9f095cbb45994c15
7a97413e849739cc25a47e5bffbf7ea4
b6e81eaf2c0890f2dea162cc62ef8e4b
Embedded Hash SHA2: 152e65b198a7b98491ebc4d3212d9b5f
47a3a10dfe42296d9f095cbb45994c15
7a97413e849739cc25a47e5bffbf7ea4
b6e81eaf2c0890f2dea162cc62ef8e4b
The digital signature of the file: fxos-k9-mgmtext.2.10.1.60.SPA verified successfully
INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false
INFO: manager_post_install: fxmgr is dummy
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
INFO: Creating directory /tmp/chmgr
INFO: creating /isan/apache/chassis-mgr/
INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh
INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf
INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt
INFO: manager_post_install: succesful install chassis mgr
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...
2023-10-10T13:54:58 [WARN/lldpctl] unknown command from argument 4: `status`
INFO: Configure system files ...
INFO: System Name is: firepower-2140
Starting sensors logging daemon: sensord... done.
INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA
INFO: Need to validate the image
: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA size 73782640
Done!
Computed Hash SHA2: c04a9fdf274ab056a8f07e7abade825c
0d42272fdd5e5f1e170eec6c2b28ea65
427c6d820a86bfb7def348a2fd98529b
0b012de4a333a3266b2dac3739b96cb2
Embedded Hash SHA2: c04a9fdf274ab056a8f07e7abade825c
0d42272fdd5e5f1e170eec6c2b28ea65
427c6d820a86bfb7def348a2fd98529b
0b012de4a333a3266b2dac3739b96cb2
The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.1611.SPA verified successfully
INFO: Creating directory /tmp/npu
INFO: all files are there ...
Set to platform default
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: using HTTPD_INFO persistent cache
/bin/rm: cannot remove '/tmp/openssl.conf': No such file or directory
httpdRegister INFO: [httpd.2788 -s -4 192.168.45.45 -n localhost]
httpdRegister INFO: SKIP httpd syntax check
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2788 script exit]
INFO: manager_startup: Completed manager httpd setup!
INFO: manager_startup: configuring chassis manager
INFO: unconfig older conf files
httpdAppconf INFO: [httpd.2850 -d /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]
httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied
INFO: httpdAppconf [httpd.2850 script exit]
httpdAppconf INFO: [httpd.2882 -V -d /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]
httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf
INFO: httpdAppconf [httpd.2882 script exit]
INFO: Configuring httpd
httpdAppconf INFO: [httpd.2931 -V -a /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]
httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf
INFO: httpdAppconf [httpd.2931 script exit]
INFO: manager_startup: successfully configured chassis mgr
nscd: 2980 monitoring file `/etc/hosts` (1)
nscd: 2980 monitoring directory `/etc` (2)
nscd: 2980 monitoring file `/etc/resolv.conf` (3)
nscd: 2980 monitoring directory `/etc` (2)
Starting crond: OK
FTD
1:/opt/cisco/csp/cores
/opt/cisco/csp/cores 31457280
Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''
Cisco ASA booting up ...
INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cspCfg_cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71.xml
INFO:-MspCheck: CSPID for App is cisco-asa.9.16.4.42INFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.
firepower-2140 login:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG='fromHconfFile'
Cisco ASA booting up ...
Cisco ASA started successfully.
Oct 10 13:55:35 firepower-2140 kernel: [ 11.436677] Disabling IRQ #16
Oct 10 13:55:38 firepower-2140 rst_manager: Reset Manager not required on this platform: 1
Oct 10 13:55:47 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Oct 10 13:56:51 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to UP
Oct 10 13:56:51 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to UP
Oct 10 13:57:16 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
lina_init_env: memif is not enabled.
System Cores 16 Nodes 1 Max Cores 48
Number of Cores 16
Global Reserve Memory Per Node: 1384120320 bytes Nodes=1
LCMB: HEAP-CACHE POOL got 1375731712 bytes on numa-id=0, virt=0x0000005555600000
total_reserved_mem = 1073741824
total_heapcache_mem = 1375731712
total mem 15545602335 system 15677886464 kernel 132284129 image 0
new 15545602335 old 1073741824 reserve 2449473536 priv new 13228412928 priv old 0
Processor memory: 14367166464
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Cisco Adaptive Security Appliance Software Version 9.16(4)42
Compiled on Fri 22-Sep-23 04:35 GMT by builders
Platform is FPR-2140
Adding Cavium NIC interface 0 port 0
Total NICs found: 4
NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1
NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0
NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1
NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
Oct 10 13:58:37 firepower-2140 port-manager: Alert: Internal1/3 link changed to UP
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 02 MAC: 6026.aa0e.3681
en_vtun rev00 Backplane Tap Interface @ index 03 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Use software crypto.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
Cisco Adaptive Security Appliance Software Version 9.16(4)42
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.16
Copyright (c) 1996-2023 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
config_fetcher: channel open failed
WARNING: MIGRATION - no startup configuration or configuration not found.
INFO: Power-On Self-Test in process.
..............
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...
Trustpoint CA certificate accepted.
Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...
Trustpoint CA certificate accepted.
INFO: Security level for "management" set to 0 by default.
INFO: Security level for "outside" set to 0 by default.
INFO: Security level for "inside" set to 100 by default.
WARNING: This command wil
firepower-2140 login: admin ###### admin/Admin123 でログイン (このパスワードはDefault)
Password:
Last login: Tue Oct 10 13:48:29 UTC 2023 on ttyS0
Successful login attempts for user 'admin' : 1
Hello admin. You must change your password.
Enter new password: ********* ###### 任意のパスワードを設定 (アスタリスクは出力されません)
Confirm new password: ********* ###### 任意のパスワードの再入力 (アスタリスクは出力されません)
Your password was updated successfully.
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
firepower-2140# connect asa
Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.
ciscoasa> enable ###### ASA CLI 上で 'enable' に移行する
The enable password is not set. Please set it now.
Enter Password: ***** ###### 'enable password' の設定を行う
Repeat Password: ***** ###### 'enable password' の再入力を行う
Note: Save your configuration so that the password persists across reboots
("write memory" or "copy running-config startup-config").
ciscoasa#
ciscoasa# write memory ###### 'write memory' を実行する
Building configuration...
Cryptochecksum: 979151af 353758ba 20a3082e 672f861a
12528 bytes copied in 0.560 secs
[OK]
ciscoasa#
ciscoasa# show fxos mode ###### 'show fxos mode' で現在の動作モードを確認する
Mode is currently set to platform
ciscoasa#
参考資料
検索バーにキーワード、フレーズ、または質問を入力し、お探しのものを見つけましょう
シスコ コミュニティをいち早く使いこなしていただけるよう役立つリンクをまとめました。みなさんのジャーニーがより良いものとなるようお手伝いします
下記より関連するコンテンツにアクセスできます