Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface.switchport port-security violation {shutdown | restrict | protect}Used in interface configuration mode to set the action to be taken when a security violation is detectedshow port security [interface interface-id]Displays information about security options configured on the interface Show The Cisco IOS is designed as a modal operating system. The term modal describes a system where there are different modes of operation, each having its own domain of operation. The CLI uses a hierarchical structure for the modes. In order from top to bottom, the major modes are: User executive mode Privileged executive mode Global configuration mode Other specific configuration modes Each mode is used to accomplish particular tasks and has a specific set of commands that are available when in that mode. For example, to configure a router interface, the user must enter interface configuration mode. All configurations that are entered in interface configuration mode apply only to that interface. Some commands are available to all users; others can be executed only after entering the mode in which that command is available. Each mode is distinguished with a distinctive prompt, and only commands that are appropriate for that mode are allowed. The hierarchal modal structure can be configured to provide security. Different authentication can be required for each hierarchal mode. This controls the level of access that network personnel can be granted. The figure shows the IOS modal structure with typical prompts and features. Command Prompts When using the CLI, the mode is identified by the command-line prompt that is unique to that mode. The prompt is composed of the words and symbols on the line to the left of the entry area. The word prompt is used because the system is prompting you to make an entry. By default, every prompt begins with the device name. Following the name, the remainder of the prompt indicates the mode. For example, the default prompt for the global configuration mode on a router would be: Router(config)# Primary Modes The two primary modes of operation are: User EXEC Privileged EXEC As a security feature, the Cisco IOS software separates the EXEC sessions into two access modes. These two primary access modes are used within the Cisco CLI hierarchical structure. Each mode has similar commands. However, the privileged EXEC mode has a higher level of authority in what it allows to be executed. User Executive Mode The user executive mode, or user EXEC for short, has limited capabilities but is useful for some basic operations. The user EXEC mode is at the top of the modal hierarchical structure. This mode is the first entrance into the CLI of an IOS router. The user EXEC mode allows only a limited number of basic monitoring commands. This is often referred to as view-only mode. The user EXEC level does not allow the execution of any commands tha Privileged EXEC Mode The execution of configuration and management commands requires that the network administrator use the privileged EXEC mode, or a specific mode further down the hierarchy. The privileged EXEC mode can be identified by the prompt ending with the # symbol. Switch# By default, privileged EXEC does not require authentication. It is a good practice to ensure that authentication is configured. Global configuration mode and all other more specific configuration modes can only be reached from the privileged EXEC mode. In a later section of this chapter, we will examine device configuration and some of the configuration modes. Moving between the User EXEC and Privileged EXEC Modes The enable and disable commands are used to change the CLI between the user EXEC mode and the privileged EXEC mode, respectively. In order to access the privileged EXEC mode, use the enable command. The privileged EXEC mode is sometimes called the enable mode. The syntax for entering the enable command is: Router#enable This command is executed without the need for an argument or keyword. Onceis pressed, the router prompt changes to: Router# The # at the end of the prompt indicates that the router is now in privileged EXEC mode. If password authentication has been configured for the privileged EXEC mode, the IOS prompts for the password. Cisco IOS Modes In part 1 we covered device access. Now let’s put that knowledge to use. In this article I cover CLI device modes and privilege levels. I also cover the basics of navigating between modes and getting more comfortable with some CLI commands. Device ModesCisco devices running IOS have four different modes:
Navigating Between ModesThe following flowchart exhibits the flow between the various modes in Cisco IOS: From User-Exec Mode, the “enable” command moves us into Enable Mode. “Configure Terminal” moves us into Global Configuration Mode. Many different Sub-Configuration Modes are available, but the VLAN Sub-Configuration is very commonly used. Also illustrated above is the use of the “exit” command to navigate backward through this hierarchy. Privilege LevelsCisco IOS has 16 privilege levels ranging from 0 to 15. User-Exec Mode’s default privilege level is 1 and Enable Mode’s default privilege level is 15. The higher your privilege level, the more commands you will have access to. Level 15 gives you access to every command. You can always check your privilege level by issuing the show privilege command in the CLI: As an administrator, you are able to define custom privileges on levels 2-14. This is a great option for providing a more limited command set to contractors, network operators, and so on. Context-Sensitive HelpEven the most experienced network engineer may forget a command or its parameters. Luckily, Cisco IOS offers a few tools for the forgetful engineer:
What Now?Now you should be familiar with the different modes of access on a Cisco IOS device. Take some time to navigate between the modes, understand the differences between them, and test various CLI command shortcuts. In the next article we will put some of our CLI skills to use in managing Cisco device filesystems. What privileged EXEC mode is used for?User EXEC level allows you to access only basic monitoring commands; privileged EXEC level allows you to access all router commands. Privileged EXEC level can be password protected to allow only authorized users the ability to configure or manage the router.
Which command is used for user EXEC mode?Enter the logout command. To enter privileged EXEC mode, enter the enable command. Privileged EXEC From user EXEC mode, enter the enable command.
Which command is used from configuration mode to privileged EXEC mode?To get into Privileged Mode we enter the "Enable" command from User Exec Mode. If set, the router will prompt you for a password. Once in Privileged Mode, you will notice the prompt changes from ">" to a "#" to indicate that we are now in Privileged Mode.
Which mode is used to run commands to display the configuration file?To display the contents of NVRAM (if present and valid) or to show the configuration file pointed to by the CONFIG_FILE environment variable, use the show startup-config EXEC command.
|