Cisco devices have two main shell modes, the user EXEC mode and the Privileage EXEC mode
- The user EXEC mode offers a very limited set of commands like ping, telnet, traceroute and a small set of show commands.
- The Privilege EXEC Mode offers full control to the device.
- To move from user mode to privilege mode, we use the command enable
- To move from privilege mode to user mode, we use the command disable
- To move to the configuration mode, you need to be in the privilege EXEC mode and type configure terminal (conf t)
| Prompt | Name |
| Switch> | User EXEC Mode |
| Switch# | Privilege EXEC Mode |
| Switch(Config)# | Configuration Mode |
Sample commands:
To set the device hostname:
SWITCH1#conf t
SWITCH1(config)#hostname NEWHOSTNAME
To shutdown an interface:
SWITCH1(config)#interface [x]
SWITCH1(conf-if)#shutdown
To enable an interface:
SWITCH1(config)#interface [x]
SWITCH1(conf-if)#no shutdown
To set an IP address on an interface:
SWITCH1(config)#interface [x]
SWITCH1(conf-if)#ip address 192.168.1.1 255.255.255.0
To enable remote access to devices using Telnet or SSH, we need to configure Virtual Teletype lines (VTY lines)
Telnet offers cleartext unencrypted access to the device (not recommended) while SSH offers secure encrypted access to the device shell
Telnet can be enabled using:
SWITCH1(config)#line vty 0 15
SWITCH1(conf-line)#transport input telnet
SWITCH1(conf-line)#password [password]
While SSH configuration is a bit longer as it requires generating a certificate and creating a username and a password:
SWITCH1(config)#username admin secret 0 cisco privilege 15
SWITCH1(config)#line vty 0 15
SWITCH1(conf-line)#transport input ssh
SWITCH1(conf-line)#login local #use local users database, can be used with telnet as well.
