As a security feature CISCO IOS implements different user-levels and modes through which each of them provides support for different commands. Basically Cisco has three command line modes named as.

  1. User level (user exec-mode)
  2. Prevailed mode (Privilege exec-mode)
  3. Global Configuration mode

User level (user exec-mode)

The user exec-level is very basic level that has the very least privileges it is the first mode that a user has access to once he has sucessfuly logged-in. This mode can be identified by the router name followed by > Symbol. This mode only allows the administrator to run basic commands, no configuration can be changed from this level. The basic command that can be used from this mode may includes

  1. SSH
  2. Ping
  3. Telnet
  4. Enable
  5. Traceroute

user exec-level

In order to display all the supported commands at user-exec level enter the question mark (?) in CLI (command line interface). There are 16 privileges level (0-15) available in CISCO IOS and by default user level has privilege of 1, while the zero level access allows only five commands named as logout, enable, disable, help and exit.

The privilege level can be checked by issuing the following command.

Router>show privilege

Current privilege level is 1


Prevailed mode (Privilege exec-mode)

This mode allow user to have more controls and allows them to view system configuration, this mode also allows the user to run the commands that’s are available in user-mode. This mode can be identified by the Router name followed by # symbol.

A user can navigate form user mode to privilege mode by entering the “enable” order to make the device more secure we can place enable password.

Router(config)#enable secret HIRAJ


Thus by setting the secret password will ask the user to enter the password once he want to migrate from user-level to privilege mode.



Global Configuration mode

This mode allows the user to change the configuration of systems a user can navigate from privilege mode to global configuration mode by enter “configure terminal” command and then to exit from configuration the user may enter “end” command or CNTRL+Z key combination.

The Global configuration can be identified by the Router name followed by (config).

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.


The global configuration mode has several sub modes like interface mode, sub-interface mode, Line mode, VLAN mode.

Interface mode (The router physical interface)

The router interface mode


Sub interface mode (The router sub-interface configuration mode)

Router sub-interface mode


Line mode (VTY, Console)

Router line interface


Router configuration mode

Cisco IOS Command router configuration mode
router configuration mode


Cisco IOS Command line summary

Command name Access method Prompt Exit or enter to next mode
User exec Upon sucessfuly user will be prompted over here. Switch >

Router >

Use  the “log out” command or enter “enable” to navigate to privilege mode.
Privilege  mode From user-exec mode enter “enable” command Switch #

Router #

User “logout “ command to navigate to user-exec or Configure terminal to navigate to   configuration mode.
Global Configuration mode Prom the privilege mode enter “configure terminal” command Switch(config)


To exit from this mode enter “end” or CNTRL+Z keyword combination.


Also, read…

Download Cisco IOS Command Line Modes in pdf – Click here