About the Bulk Command Line Interface
Cisco Defense Orchestrator (CDO) offers users the ability to manage ASA, FTD, SSH, and Cisco IOS devices using a command-line interface (CLI). Users can send commands to a single device or to multiple devices of the same kind simultaneously. This article describes sending CLI commands to multiple devices at once.
- For detailed documentation on the ASA CLI documentation, see ASA Command Line Interface Documentation.
- For Cisco IOS CLI documentation, see Networking Software (IOS & NX-OS) for your IOS version.
- For FTD, CDO supports only the base FTD CLI. These devices only have the following commands: show, ping, traceroute, packet-tracer, failover, and shutdown. For FTD SSH CLI documentation, see Cisco Firepower Threat Defense Command Reference.
Bulk CLI Interface
Note: CDO displays the Done! message in two circumstances:
- After a command has executed successfully without errors.
- When the command has no results to return. For example, you may issue a show command with a regular expression searching for a certain configuration entry. If there is no configuration entry that meets the criteria of the regular expression, CDO returns Done!.
|1||Click the clock to expand or collapse the command history pane.|
|2||Command history. After you send a command, CDO records the command in this history pane so you can return to it, select it, and run it again.|
|3||Command pane. Enter your commands at the prompt in this pane.|
Response pane. CDO displays the device's response to your command as well as CDO messages. If the response was the same for more than one device, the response pane displays the message "Showing Responses for X devices." Click X devices and CDO displays all the devices that returned the same response to the command.
Note: CDO displays the Done! message in two circumstances:
|5||My List tab displays the devices you chose from the Devices & Service table and allows you to include or exclude devices you want to send a command to.|
|6||The Execution tab, highlighted in the figure above, displays the devices in the command that is selected in the history pane. In this example, the show run | grep user command is selected in the history pane and the Execution tab shows that it was sent to 10.82.109.160, 10.82.109.181, and 10.82.10.9.187.|
|7||Clicking the By Response tab shows you the list of responses generated by the command. Identical responses are grouped together in one row. When you select a row in the By Response tab, CDO displays the response to that command in the response pane.|
|8||Clicking the By Device tab displays individual responses from each device. Clicking one of the devices in the list allows you to see the response to the command from a specific device.|
Send Commands in Bulk
- On the navigation bar, click Devices & Service.
- Select the ASA, FTD, Cisco IOS or SSH-managed devices you want to manage using the command line interface and select them.
- Click >_Command Line Interface in the details pane.
- Enter your commands in the command pane and click Send. The command output is displayed in the response pane, the command is logged in the Change Log, and the command CDO records your command in the History pane in the Bulk CLI window.
Note: Make sure that the devices you choose are reachable and synced. If an ASA device is not synced, only the following commands are allowed for that device: show, ping, traceroute, vpn-sessiondb, changeto, dir, write, and copy.
Tip on entering commands:
A single command can be entered on a single line or several commands can be entered sequentially on several lines and CDO executes them in order as a batch. The following example sends to the ASA a batch of commands which creates three network objects and a network object group that contains those network objects.
Entering ASA Commands: CDO begins executing commands in Global configuration mode.
Entering FTD device Commands: The CLI Console uses the base FTD CLI. You cannot enter the diagnostic CLI, expert mode, or FXOS CLI (on models that use FXOS) using the CLI Console. Use SSH if you need to enter those other CLI modes.
Entering Cisco IOS commands: CDO begins executing commands in User EXEC mode. You will need to start a sequence of commands with enable followed by config t if they need to be executed in global configuration mode.
Work with Bulk Command History
After you send a bulk CLI command, CDO records that command in the history pane on the Bulk CLI page. You can rerun the commands saved in the history pane or use the commands as a template. The commands in the history pane are associated with the original devices on which they were run.
- On the Devices & Services page, select the devices you want to configure.
- Click Command Line Interface.
- Select the command in the History pane that you want to modify or resend. Note that the command you pick is associated with specific devices and not necessarily the ones you chose in the first step.
- Look at the My List tab to make sure the command you intend to send will be sent to the devices you expect.
- Edit the command in the command pane and click Send. CDO displays the results of the command in the response pane.
Note: If any of the selected devices are not synced, only the following commands are allowed: show, ping, traceroute, vpn-sessiondb, changeto, dir, write, and copy.
Work with Bulk Command Filters
After you run a bulk CLI command you can use the By Response filter and the By Device filter to continue to configure the devices.
By Response Filter
After running a bulk command, CDO populates the By Response tab with a list of responses returned by the devices that were sent the command. Devices with identical responses are consolidated in a single row. Clicking a row in the By Response tab displays the response from the device(s) in the response pane. If the response pane shows a response for more than one device, it displays the message "Showing Responses for X devices." Click X devices and CDO displays all the devices that returned the same response to the command.
To send a command to the list of devices associated with a command response, follow this procedure:
- Click the command symbol in a row in the By Response tab.
- Review the command in the command pane and click Send to resend the command or click Clear to clear the command pane and enter a new command to send to the devices and then click Send.
- Review the responses you receive from your command.
- If you are confident that the running configuration file on the devices you chose reflects your change, type deploy memory in the command pane and click Send. This saves your running configuration to the startup configuration.
By Device Filter
After running a bulk command, CDO populates the the Execution tab and the By Device tab with the list of devices that were sent the command. Clicking a row in the By Device tab displays the response for each device.
To run a command on that same list of devices, follow this procedure:
- Click the By Device tab.
- Click >_Execute a command on these devices.
- Click Clear to clear the command pane and enter a new command.
- In the My List pane, specify the list of devices you want to send the command to by checking or unchecking individual devices in the list.
- Click Send. The response to the command is displayed in the response pane. If the response pane shows a response for more than one device, it displays the message "Showing Responses for X devices." Click X devices and CDO displays all the devices that returned the same response to the command.
- If you are confident that the running configuration file on the devices you chose reflects your change, type deploy memory in the command pane and click Send.