CLI Modes

When configuring the IDS, you need to know how to navigate among several different command modes , sometimes called levels. Each level supports a subset of commands appropriate for configuring it. For example, at the privileged exec level, you can make configuration backups and restores . At the network access level, you can configure managed devices.

Figure 7.3 displays a simple map of the IDS CLI for commonly used configuration modes. For example, navigating to networkParams, you need to enter privileged exec mode, global configuration mode, services mode, and finally networkParams mode. Make sure that you practice navigating through these levels before taking the test.

Privileged Exec (Level 1)

Privileged exec mode is the first CLI level you see once you log on to the IDS. This area gives you the ability to initialize the sensor, reboot the sensor, copy sensor configurations, display system settings, and enter other levels to further configure the system. The prompt you see at the privileged exec mode is sensor# . You can use the ? help feature to show the possible commands available at this level; the results of using ? appear in Listing 7.1.

Listing 7.1. Privilege Exec Commands

 sensor#  ?  clear           Clear system settings or devices clock           Set system clock settings configure       Enter configuration mode copy            Copy iplog or configuration files erase           Erase a logical file exit            Terminate current CLI login session iplog           Control ip logging on the interface group iplog-status    Display a list of IP Logs currently existing in the system more            Display a logical file no              Remove or disable system settings ping            Send echo messages to destination reset           Shutdown the sensor applications and reboot setup           Perform basic sensor configuration show            Display system settings and/or history information ssh             Secure Shell Settings terminal        Change terminal configuration parameters tls             Configure TLS settings trace           Display the route an IP packet takes to a destination 

Global Configuration (Level 2)

The global configuration mode allows you to actually start configuring the sensor by entering interface levels or modifying basic global settings that affect the entire sensor. To navigate to global configuration mode from privileged exec mode, just type configure terminal or config t at the sensor# prompt. The prompt changes to sensor(config)# and you see a list of available commands, as shown in Listing 7.2.

Listing 7.2. Global Configuration Commands

 sensor#  configure terminal  sensor(config)#  ?  display-serial     Re-direct all terminal output to the serial port downgrade          Remove the last applied upgrade end                Exit configuration mode and return to exec mode exit               Exit configuration mode and return to exec mode hostname           Set the sensor's hostname interface          Enter configuration mode for system interfaces no                 Remove configuration password           Modify current user password on the local sensor privilege          Modify user privilege recover            Re-image the application partition from the recovery service            Enter configuration mode for node services show               Display system settings and/or history information ssh                Secure Shell Settings telnet-server      Modify telnet-server settings tls                Configure TLS settings upgrade            Upgrade system software and signatures username           Add a user to the local sensor