Which EXEC mode allows the execution of configuration and management commands?

Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface.switchport port-security violation {shutdown | restrict | protect}Used in interface configuration mode to set the action to be taken when a security violation is detectedshow port security [interface interface-id]Displays information about security options configured on the interface

Nội dung chính Show

Device Modes
Navigating Between Modes
Privilege Levels
Context-Sensitive Help
What privileged EXEC mode is used for?
Which command is used for user EXEC mode?
Which command is used from configuration mode to privileged EXEC mode?
Which mode is used to run commands to display the configuration file?

Cisco IOS Modes

The Cisco IOS is designed as a modal operating system. The term modal describes a system where there are different modes of operation, each having its own domain of operation. The CLI uses a hierarchical structure for the modes.

In order from top to bottom, the major modes are:
User executive mode
Privileged executive mode
Global configuration mode
Other specific configuration modes

Each mode is used to accomplish particular tasks and has a specific set of commands that are available when in that mode. For example, to configure a router interface, the user must enter interface configuration mode. All configurations that are entered in interface configuration mode apply only to that interface.

Some commands are available to all users; others can be executed only after entering the mode in which that command is available. Each mode is distinguished with a distinctive prompt, and only commands that are appropriate for that mode are allowed.

The hierarchal modal structure can be configured to provide security. Different authentication can be required for each hierarchal mode. This controls the level of access that network personnel can be granted.

The figure shows the IOS modal structure with typical prompts and features.

Command Prompts

When using the CLI, the mode is identified by the command-line prompt that is unique to that mode. The prompt is composed of the words and symbols on the line to the left of the entry area. The word prompt is used because the system is prompting you to make an entry.

By default, every prompt begins with the device name. Following the name, the remainder of the prompt indicates the mode. For example, the default prompt for the global configuration mode on a router would be:

Router(config)#

Primary Modes

The two primary modes of operation are:
User EXEC
Privileged EXEC

As a security feature, the Cisco IOS software separates the EXEC sessions into two access modes. These two primary access modes are used within the Cisco CLI hierarchical structure.

Each mode has similar commands. However, the privileged EXEC mode has a higher level of authority in what it allows to be executed.

User Executive Mode

The user executive mode, or user EXEC for short, has limited capabilities but is useful for some basic operations. The user EXEC mode is at the top of the modal hierarchical structure. This mode is the first entrance into the CLI of an IOS router.

The user EXEC mode allows only a limited number of basic monitoring commands. This is often referred to as view-only mode. The user EXEC level does not allow the execution of any commands tha

Privileged EXEC Mode

The execution of configuration and management commands requires that the network administrator use the privileged EXEC mode, or a specific mode further down the hierarchy.

The privileged EXEC mode can be identified by the prompt ending with the # symbol.

Switch#

By default, privileged EXEC does not require authentication. It is a good practice to ensure that authentication is configured.

Global configuration mode and all other more specific configuration modes can only be reached from the privileged EXEC mode. In a later section of this chapter, we will examine device configuration and some of the configuration modes.

Moving between the User EXEC and Privileged EXEC Modes

The enable and disable commands are used to change the CLI between the user EXEC mode and the privileged EXEC mode, respectively.

In order to access the privileged EXEC mode, use the enable command. The privileged EXEC mode is sometimes called the enable mode.

The syntax for entering the enable command is:

Router#enable

This command is executed without the need for an argument or keyword. Onceis pressed, the router prompt changes to:

Router#

The # at the end of the prompt indicates that the router is now in privileged EXEC mode.

If password authentication has been configured for the privileged EXEC mode, the IOS prompts for the password.

Cisco IOS Modes

In part 1 we covered device access. Now let’s put that knowledge to use. In this article I cover CLI device modes and privilege levels. I also cover the basics of navigating between modes and getting more comfortable with some CLI commands.

Device Modes

Cisco devices running IOS have four different modes:

User-exec – If your device requires a username and password, user-exec is the default mode you will enter upon log in. User-exec gives limited access to diagnostic commands like ping and traceroute. A subset of commands to view a device’s operational state (called “show” commands) are also available. User-exec mode does not allow any configuration changes to your device. User-exec mode is denoted with a > symbol next to your device’s hostname.
Enable – Once you are logged in with user-exec privileges, you can gain access to even more features by entering “enable” mode. Enable mode will allow filesystem manipulations, diagnostic commands, and even more show commands than user-exec mode. Also, enable mode allows us to elevate to the configuration context. Enable mode is denoted with a # symbol next to your device’s hostname.
Global Configuration Mode – Global configuration mode allows for changes to be made to a device’s settings. Any changes made in this mode will be placed in the “running configuration” of the device and will take effect immediately. Configuration mode is denoted with (config)# next to your device’s hostname.
Sub-Configuration Mode – This is similar to global configuration, but commands only apply to specific subsets of configuration. For example, when configuring an interface on a router, the configuration applies only to the interface you choose. Sub-configuration modes are not limited to just interfaces. Routing protocols, access-lists, VLANs, etc., all have their own particular configuration modes. Each sub-configuration mode has its own denotation next to the device’s hostname (for example, interface sub-configuraiton mode is denoted with (config-if)#).

Navigating Between Modes

The following flowchart exhibits the flow between the various modes in Cisco IOS:

From User-Exec Mode, the “enable” command moves us into Enable Mode. “Configure Terminal” moves us into Global Configuration Mode. Many different Sub-Configuration Modes are available, but the VLAN Sub-Configuration is very commonly used. Also illustrated above is the use of the “exit” command to navigate backward through this hierarchy.

Privilege Levels

Cisco IOS has 16 privilege levels ranging from 0 to 15. User-Exec Mode’s default privilege level is 1 and Enable Mode’s default privilege level is 15. The higher your privilege level, the more commands you will have access to. Level 15 gives you access to every command. You can always check your privilege level by issuing the show privilege command in the CLI:

As an administrator, you are able to define custom privileges on levels 2-14. This is a great option for providing a more limited command set to contractors, network operators, and so on.

Context-Sensitive Help

Even the most experienced network engineer may forget a command or its parameters. Luckily, Cisco IOS offers a few tools for the forgetful engineer:

Tab key – If you are unsure of proper syntax for a command, simply pressing the “tab” key on your keyboard will cause the CLI to attempt to auto-complete the text you provided. In the example below, I wanted to issue the show errdisable command, but I did not remember if the command was show errdisable or show errordisable. I simply typed show err and hit “tab” to see what the proper output should be:

? key – When typing any command, typing the “?” key will provide all available parameters and their descriptions. Following on the example above, hitting “?” provides the parameters we can pass to show errdisable to further refine the output we want:

Partial Input – Cisco devices will accept partial commands when executing certain tasks. For example, the command to generate an RSA key for SSH use: crypto key generate rsa general-use modulus 2048 can be shortened to cry ke gen rsa gen mod 2048. You can save a lot of time by only issuing the minimum text required for a command!

What Now?

Now you should be familiar with the different modes of access on a Cisco IOS device. Take some time to navigate between the modes, understand the differences between them, and test various CLI command shortcuts. In the next article we will put some of our CLI skills to use in managing Cisco device filesystems.

What privileged EXEC mode is used for?

User EXEC level allows you to access only basic monitoring commands; privileged EXEC level allows you to access all router commands. Privileged EXEC level can be password protected to allow only authorized users the ability to configure or manage the router.

Which command is used for user EXEC mode?

Enter the logout command. To enter privileged EXEC mode, enter the enable command. Privileged EXEC From user EXEC mode, enter the enable command.

Which command is used from configuration mode to privileged EXEC mode?

To get into Privileged Mode we enter the "Enable" command from User Exec Mode. If set, the router will prompt you for a password. Once in Privileged Mode, you will notice the prompt changes from ">" to a "#" to indicate that we are now in Privileged Mode.

Which mode is used to run commands to display the configuration file?

To display the contents of NVRAM (if present and valid) or to show the configuration file pointed to by the CONFIG_FILE environment variable, use the show startup-config EXEC command.