[ LiB ] |
When configuring the IDS, you need to know how to navigate among several different command modes , sometimes called levels. Each level supports a subset of commands appropriate for configuring it. For example, at the privileged exec level, you can make configuration backups and restores . At the network access level, you can configure managed devices.
Figure 7.3 displays a simple map of the IDS CLI for commonly used configuration modes. For example, navigating to networkParams, you need to enter privileged exec mode, global configuration mode, services mode, and finally networkParams mode. Make sure that you practice navigating through these levels before taking the test.
Privileged exec mode is the first CLI level you see once you log on to the IDS. This area gives you the ability to initialize the sensor, reboot the sensor, copy sensor configurations, display system settings, and enter other levels to further configure the system. The prompt you see at the privileged exec mode is sensor# . You can use the ? help feature to show the possible commands available at this level; the results of using ? appear in Listing 7.1.
sensor# ? clear Clear system settings or devices clock Set system clock settings configure Enter configuration mode copy Copy iplog or configuration files erase Erase a logical file exit Terminate current CLI login session iplog Control ip logging on the interface group iplog-status Display a list of IP Logs currently existing in the system more Display a logical file no Remove or disable system settings ping Send echo messages to destination reset Shutdown the sensor applications and reboot setup Perform basic sensor configuration show Display system settings and/or history information ssh Secure Shell Settings terminal Change terminal configuration parameters tls Configure TLS settings trace Display the route an IP packet takes to a destination
The global configuration mode allows you to actually start configuring the sensor by entering interface levels or modifying basic global settings that affect the entire sensor. To navigate to global configuration mode from privileged exec mode, just type configure terminal or config t at the sensor# prompt. The prompt changes to sensor(config)# and you see a list of available commands, as shown in Listing 7.2.
sensor# configure terminal sensor(config)# ? display-serial Re-direct all terminal output to the serial port downgrade Remove the last applied upgrade end Exit configuration mode and return to exec mode exit Exit configuration mode and return to exec mode hostname Set the sensor's hostname interface Enter configuration mode for system interfaces no Remove configuration password Modify current user password on the local sensor privilege Modify user privilege recover Re-image the application partition from the recovery service Enter configuration mode for node services show Display system settings and/or history information ssh Secure Shell Settings telnet-server Modify telnet-server settings tls Configure TLS settings upgrade Upgrade system software and signatures username Add a user to the local sensor
[ LiB ] |