Skip to main content

 

 

Cisco Defense Orchestrator

ASA Bulk CLI Use Cases

The following cases are possible workflows you may experience when using CDO's bulk CLI function for ASA devices. 

Show all users in the running configuration of an ASA and then delete one of the users

  1. On the navigation bar, click Devices & Services page.
  2. Search and filter the device list for the devices from which you want to delete the user and select them. 

Note: Make sure that the devices you choose are synced. Only the following commands are allowed when the device is not synced: show, ping, traceroute, vpn-sessiondb, changeto, dir, copy,  and  write.

  1. Click >_Command Line Interface in the details pane. CDO lists the devices you chose in the My List pane. If you decide to send the command to fewer devices, uncheck devices in that list.  
  2. In the command pane, enter show run | grep user and click Send.  All the lines in the running configuration file that contain the string user will be displayed in the response pane. The Execution tab opens to display the devices on which the command was executed.
  3. Click the By Response tab and review the responses to determine which devices have the user that you want to delete. 
  4. Click the My List tab and select the list of devices from which you want to delete the user.
  5. In the command pane, enter the no form of the user command to delete user2 and then click Send. For the sake of this example, you are going to delete user2:

no user user2 password reallyhardpassword privilege 10

  1. Look in the history panel for the instance of the show run | grep user  command, you used to search for the user name. Select that command, look at the list of devices in the Execution list and select Send. You should see that the username has been deleted from the devices you specified. 
  2. If you are satisfied that you have deleted the correct users from the running configuration and that the correct users remain in the running configuration:
    1. Select the no user user2 password reallyhardpassword privilege 10 command from the history pane. 
    2. Click the By Device tab and click Execute a command on these devices.
    3. In the command pane, click Clear to clear the command pane.
    4. Enter the command deploy memory and click Send

Find all SNMP configurations on selected ASAs

This procedure shows you all the SNMP configuration entries in the running configuration of the ASA. 

  1. Open the Devices & Services page.
  2. Filter and search for the devices on which you want to analyze the SNMP configuration in the running configuration and select them.

Note: Make sure that the devices you choose are synced. Only the following commands are allowed when the device is not synced: show, ping, traceroute, vpn-sessiondb, changeto, and dir.

  1. Click Command Line Interface in the details pane. The devices you chose are in the My List pane. If you decide to send the command to fewer devices, uncheck devices in the list.  
  2. In the command pane, enter show run | grep snmp and click Send. All the lines in the running configuration file that contain the string snmp will be displayed in the response pane. The Execution tab opens to display the devices on which the command was executed.
  3. Review the command output in the response pane. 
  • Was this article helpful?