Cisco’s command line interface (CLI) is a powerful tool that allows network administrators to configure network devices such as routers, switches, firewalls and others.
In this article, we’ll examine the major configuration modes that are available within the IOS framework, how to enter them, how to recognize them, and what primary configuration parameters and commands can be configured in each.
Cisco IOS
Before we take a look at the specific configuration modes, it is important to note that cisco has various IOS operating system versions and editions depending upon the platform and the type of device.
These include IOS, IOS-XE, IOS-XR, NX-OS, and ASA. All of these network operating systems follow the same philosophy of configuration modes, however, they may differ slightly in syntax.
For the purposes of this article, we will focus on the configuration modes as they appear within the Cisco IOS operating system. Note however, that most systems are virtually identical to these modes.
For more specific information about the operating system and platform that you may be using, take a look at the appropriate Cisco documentation.
Configuration Modes
The following sections describe the configuration modes that the IOS operating system has including the syntax used to get to those modes, and a description of the types of commands that can be issued.
User Exec Mode
The user executive or User Exec mode is the default mode that is provided when you log in to a Cisco device. It provides limited monitoring and connectivity commands such as ping and show version. No configuration changes are allowed in this mode.
The prompt in User Exec mode looks like this: Router>
An example of some of the commands that can be issued in this mode, and their syntax is shown below:
Router>ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
Router>show version
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE12, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 11-Aug-10 12:00 by prod_rel_team
ROM: Bootstrap program is C3750 boot loader
Router uptime is 1 week, 4 days, 2 hours, 15 minutes
System returned to ROM by power-on
System image file is “flash:c3750-ipbasek9-mz.122-55.SE12.bin”
cisco WS-C3750G-24TS-S (PowerPC405) processor (revision Q0) with 131072K bytes of memory.
Processor board ID FHK1032X0ZD
Last reset from power-on
1 Virtual Ethernet interface
24 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
Configuration register is 0x2102
Privileged Exec Mode
The privileged executive or Privileged Exec mode provides more advanced commands including debugging and the viewing of detailed device information. It does not allow any direct configuration changes, but it allows you to see detailed information about:
- Device system information including the running and starup configurations
- Interface information including IP addresses, controllers, and MAC addresses
- Routing protocol information and statuses, including the routing table, routing protocol databases, and neighbor adjacencies
- Performance and traffic information as well as detailed debugs
From the Privileged Exec mode, you are able to enter into configuration mode to make changes to the parameters of the device.
The prompt in Privileged Exec mode looks like this: Router#
In order to enter Privileged Exec mode, you must use the enable command. Best practice dictates that a password be configured to enter this mode, although by default, no password is set. Assuming a password has been configured, this is how to enter Privileged Exec mode from User Exec mode:
Router>enable
Password:
Router#
Note that the password does not appear on the screen when you type it. Some example commands that can be issued from the Privileged Exec mode include:
Router# show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
* – candidate default, U – per-user static route, o – ODR,
P – periodic downloaded static route, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
D 10.1.1.0/24 [90/3072] via 10.2.2.2, 00:01:32, GigabitEthernet0/2
O 10.3.3.0/24 [110/2] via 192.168.2.1, 00:00:30, GigabitEthernet0/3
O E2 10.4.4.0/24 [110/20] via 192.168.2.1, 00:00:30, GigabitEthernet0/3
S* 0.0.0.0/0 [1/0] via 192.168.1.1
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.1 YES manual up up
GigabitEthernet0/1 192.168.2.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down down
Serial0/0/0 10.1.1.1 YES manual up up
Global Configuration Mode
Global Configuration mode is the CLI mode in which you can begin to configure the device. Changes made in this mode are typically system-wide From this mode, you can either configure global parameters that affect the whole device, or you can enter into sub-configuration modes for more specific configuration capabilities.
The prompt in Global Configuration mode looks like this: Router(config)#
In order to enter Global Configuration mode, you must issue the configure terminal command from Privileged Exec mode like so:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Some example commands that can be issued from the Global Configuration mode include:
Router(config)#ip route 10.10.10.0 255.255.255.0 192.168.5.1
Router(config)#hostname My_Router
My_Router(config)#
My_Router(config)#enable secret my_password
Sub-Configuration Modes
The following modes are considered sub-configuration modes. These are configuration modes that configure particular aspects, features, or components of the network device.
Interface Configuration Mode
The Interface Configuration mode is used to configure the parameters of specific interfaces on the device. From this mode, you can configure interface-specific parameters such as:
- Enable or disable the interface
- IP address and subnet mask (for a Layer 3 interface)
- Configure VLAN specific parameters (for a Layer 2 interface)
The Interface Configuration mode prompt looks like this: Router(config-if)#
In order to enter Interface Configuration mode, you must issue the interface command from Global Configuration mode like so:
Router(config)#interface GigabitEthernet 0/1
Router(config-if)#
Some example commands that can be issued from the Interface Configuration mode on a router include:
Router(config-if)#ip address 10.20.55.6 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
Some example commands that can be issued from the Interface Configuration mode on a switch include:
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)#
Router Configuration Mode
The Router Configuration mode is used to configure the parameters of specific dynamic routing protocols such as EIGRP, OSPF, BGP, or RIP, depending upon the protocols that the specific device supports. From this mode, you can configure routing protocol specific parameters including:
- Networks to advertise
- Neighbor adjacencies
- Passive interfaces
- Redistribution
- Other protocol-specific parameters
The Router Configuration mode prompt looks like this: Router(config-router)#
In order to enter Router Configuration mode, you must issue the router command along with the routing protocol you wish to configure. This must be done from the Global Configuration mode like so:
Router(config)#router eigrp 1
Router(config-router)#
Some example commands that can be issued from the Router Configuration mode include the following. OSPF is being used as the example protocol in this case:
Router(config)#router ospf 1
Router (config-router)#network 10.10.10.0 0.0.0.255 area 0
Router (config-router)#passive-interface GigabitEthernet 0/1
Router (config-router)#redistribute static
Router (config-router)#
The syntax used to issue the commands within the Router Configuration mode is highly dependent upon the routing protocol that is being configured.
Line Configuration Mode
The Line Configuration mode is used to configure settings for console, auxiliary, and virtual terminal (VTY) lines for remote access to the CLI. From this mode, you can configure things like passwords, enabling login checking, set the line protocol to be used, adjust the idle timeout, and apply access lists to restrict connectivity.
The Line Configuration mode prompt looks like this: Router(config-line)#
In order to enter Line Configuration mode, you must issue the line command along with the type of line you want to configure. This must be done from the Global Configuration mode like so:
Router(config)#line vty 0 15
Router(config-line)#
Some example commands that can be issued from the Line Configuration mode include the following:
Router(config)#line vty 0 15
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#transport input ssh
Router(config-line)#login local
Router(config-line)#
Other Configuration Modes
There are many additional configuration modes that can be explored that deal with more specific features and capabilities. These will be listed briefly here:
Sub-interface configuration mode
This mode can be used to configure sub-interfaces.
Prompt: Router(config-subif)#
VRF Configuration Mode
This mode is used to configure Virtual Routing and Forwarding (VRF) instances.
Prompt: Router(config-vrf)#
Router address family mode
Used to configure address families under the Router Configuration mode.
Prompt: Router(config-router-af)#
Access list configuration mode
Used to create, configure, and modify standard and extended access lists.
Prompt for standard ACLs: Router(config-std-nacl)#
Prompt for extended ACLs: Router(config-ext-nacl)#
Route map configuration mode
Used to create, configure, and modify route maps.
Prompt: Router(config-route-map)#
Navigating and Exiting Modes
Note that the configuration modes are hierarchical in nature. To get to a particular sub-configuration mode, you may need to enter one, two, or three other modes to get there.
Having that in mind, there are a few shortcuts and commands that you can use to exit from particular modes. Specifically:
- The end command or pressing Ctrl+Z will bring you back to Privileged Exec mode (except if you are in User Exec mode).
- The exit command will move you up one configuration mode level.
- The disable command issued in the Privileged Exec mode will return you to User Exec mode.
Final Words
Understanding Cisco IOS configuration modes is essential for effectively managing and troubleshooting network devices.
Each mode serves a distinct purpose, from basic monitoring in User EXEC mode to advanced configuration in Global Configuration mode and its various sub-modes.
By mastering these modes, network engineers can confidently navigate the CLI, implement configurations, and maintain the stability and performance of their networks.
Related Posts
- Introduction to Cisco EEM (Embedded Event Manager)
- What is Cisco IOS – Overview and Description of Cisco’s Operating System
- How to Configure SNMP on Cisco Devices (Routers, Switches)
- Comparing Cisco IOS Configurations (Config Compare Tools)
- Cisco Access List Configuration Examples (Standard, Extended ACL) on Routers Etc