As a security feature CISCO IOS implements different user-levels and modes through which each of them provides support for different commands. Basically Cisco has three command line modes named as.
- User level (user exec-mode)
- Prevailed mode (Privilege exec-mode)
- Global Configuration mode
User level (user exec-mode)
The user exec-level is very basic level that has the very least privileges it is the first mode that a user has access to once he has sucessfuly logged-in. This mode can be identified by the router name followed by > Symbol. This mode only allows the administrator to run basic commands, no configuration can be changed from this level. The basic command that can be used from this mode may includes
- SSH
- Ping
- Telnet
- Enable
- Traceroute
In order to display all the supported commands at user-exec level enter the question mark (?) in CLI (command line interface). There are 16 privileges level (0-15) available in CISCO IOS and by default user level has privilege of 1, while the zero level access allows only five commands named as logout, enable, disable, help and exit.
The privilege level can be checked by issuing the following command.
Router>show privilege
Current privilege level is 1
Router>
Prevailed mode (Privilege exec-mode)
This mode allow user to have more controls and allows them to view system configuration, this mode also allows the user to run the commands that’s are available in user-mode. This mode can be identified by the Router name followed by # symbol.
A user can navigate form user mode to privilege mode by entering the “enable” command.in order to make the device more secure we can place enable password.
Router(config)#enable secret HIRAJ
Router(config)#
Thus by setting the secret password will ask the user to enter the password once he want to migrate from user-level to privilege mode.
Router>en
Password:
Global Configuration mode
This mode allows the user to change the configuration of systems a user can navigate from privilege mode to global configuration mode by enter “configure terminal” command and then to exit from configuration the user may enter “end” command or CNTRL+Z key combination.
The Global configuration can be identified by the Router name followed by (config).
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
The global configuration mode has several sub modes like interface mode, sub-interface mode, Line mode, VLAN mode.
Interface mode (The router physical interface)
The router interface mode
Sub interface mode (The router sub-interface configuration mode)
Router sub-interface mode
Line mode (VTY, Console)
Router line interface
Router configuration mode
router configuration mode
Cisco IOS Command line summary
| Command name | Access method | Prompt | Exit or enter to next mode |
| User exec | Upon sucessfuly user will be prompted over here. | Switch >
Router > |
Use the “log out” command or enter “enable” to navigate to privilege mode. |
| Privilege mode | From user-exec mode enter “enable” command | Switch #
Router # |
User “logout “ command to navigate to user-exec or Configure terminal to navigate to configuration mode. |
| Global Configuration mode | Prom the privilege mode enter “configure terminal” command | Switch(config)
Router(config) |
To exit from this mode enter “end” or CNTRL+Z keyword combination. |
Also, read…
- What is Trivial File transfer Protocol
- How to install Solarwinds Trivial File Transfer Protocol (TFTP) Server
Download Cisco IOS Command Line Modes in pdf – Click here