IOS command modes

We’ve already learned that IOS has three main command modes: the user exec, privileged exec, and the global configuration modes. Each of these modes serves a different purpose and has its own set of commands. In this lesson we will describe each of this modes in more detail.

User EXEC mode commands

Initially, a user logs into the User Exec mode. This is the mode with the least number of commands. You can get a list of all available commands by typing the character ?.

Router>?
Exec commands:
<1-99> Session number to resume
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC
ping Send echo messages
resume Resume an active network connection
show Show running system information
ssh Open a secure shell client connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination

As you can see, most of the commands available are used to show statistics and perform some basic troubleshooting. The prompt on the left side of the screen always displays the device hostname (R1 in this case), followed by the character >.

All commands can be abbreviated to their first letters of the command name. For example, you can abbreviate ping by typing pin, because no other command in the User EXEC mode IOS mode begins with these letters.

Privileged EXEC mode commands

This IOS mode is also called enable mode because you must enter the enable command from a user EXEC mode if you want to access this mode. You can use more commands in the privileged EXEC mode than you were able to use in the user EXEC mode. You can save a device configuration or reload a device in this mode. You can also enter a third mode, the configuration mode. The access to the privileged EXEC mode is usually protected with a password.

The prompt for this mode shows # after the device hostname.

Router>en
Router#?
Exec commands:
<1-99> Session number to resume
auto Exec level Automation
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
erase Erase a filesystem
exit Exit from the EXEC
logout Exit from the EXEC
mkdir Create new directory
more Display the contents of a file
no Disable debugging informations
ping Send echo messages
reload Halt and perform a cold restart
resume Resume an active network connection
rmdir Remove existing directory
send Send a message to other tty lines
setup Run the SETUP command facility
show Show running system information
ssh Open a secure shell client connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also 'debug')
vlan Configure VLAN parameters
write Write running configuration to memory, network, or terminal

 

Global configuration mode commands

To change a device configuration, you need to enter the global configuration mode. This mode can be accessed by typing configure terminal (or conf t, the abbreviated version of the command) from the enable mode. The prompt for this mode is hostname(config).

Global configuration mode commands are used to configure a device. You can set a hostname, configure authentication, set an IP address for an interface, etc. From this mode you can also access submodes, for example the interface mode, from where you can configure interface options.

You can get back to a privileged EXEC mode by typing the end command. You can also type CTRL + C to exit the configuration mode.

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#?
Configure commands:
aaa Authentication, Authorization and Accounting.
access-list Add an access list entry
banner Define a login banner
bba-group Configure BBA Group
boot Modify system boot parameters
cdp Global CDP configuration subcommands
class-map Configure Class Map
clock Configure time-of-day clock
config-register Define the configuration register
crypto Encryption module
default Set a command to its defaults
do To run exec commands in config mode
dot11 IEEE 802.11 config commands
enable Modify enable password parameters
end Exit from configure mode
exit Exit from configure mode
flow Global Flow configuration subcommands
hostname Set system's network name
interface Select an interface to configure
ip Global IP configuration subcommands
ipv6 Global IPv6 configuration commands
key Key management
license Configure license features
line Configure a terminal line
lldp Global LLDP configuration subcommands
logging Modify message logging facilities
login Enable secure login checking
mac-address-table Configure the MAC address table
no Negate a command or set its defaults
ntp Configure NTP
parameter-map parameter map
parser Configure parser
policy-map Configure QoS Policy Map
port-channel EtherChannel configuration
priority-list Build a priority list
privilege Command privilege parameters
queue-list Build a custom queue list
router Enable a routing process
secure Secure image and configuration archival commands
security Infra Security CLIs
service Modify use of network based services
snmp-server Modify SNMP engine parameters
spanning-tree Spanning Tree Subsystem
tacacs-server Modify TACACS query parameters
username Establish User Name Authentication
vpdn Virtual Private Dialup Network
vpdn-group VPDN group configuration
zone FW with zoning
zone-pair Zone pair command

 

Submode commands

A global configuration mode contains many submodes. For example, if you want to configure an interface you have to enter that interface configuration mode. Each submode contains only commands that pertain to the resource that is being configured.

To enter the interface configuration mode you need to specify which interface you would like to configure. This is done by using the interface INTERFACE_TYPE/INTERFACE_NUMBER global configuration command, where INTERFACE_TYPE represents the type of an interface (Ethernet, FastEthernet, Serial…) and INTERFACE_NUMBER represents the interface number, since CIsco devices usually have more than one physical interface. Once inside the interface configuration mode, you can get a list of available commands by typing the “?” character. Each submode has its own prompt. Notice how the command prompt was changed to Router(config-if) after I’ve entered the interface submode:

Router(config)#interface GigabitEthernet 0/1
Router(config-if)#?
arp Set arp type (arpa, probe, snap) or timeout
bandwidth Set bandwidth informational parameter
cdp CDP interface subcommands
channel-group Add this interface to an Etherchannel group
crypto Encryption/Decryption commands
custom-queue-list Assign a custom queue list to an interface
delay Specify interface throughput delay
description Interface specific description
duplex Configure duplex operation.
exit Exit from interface configuration mode
fair-queue Enable Fair Queuing on an Interface
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
ipv6 IPv6 interface subcommands
lldp LLDP interface subcommands
mac-address Manually set interface MAC address
mtu Set the interface Maximum Transmission Unit (MTU)
no Negate a command or set its defaults
pppoe pppoe interface subcommands
pppoe-client pppoe client
priority-group Assign a priority group to an interface
service-policy Configure QoS Service Policy
shutdown Shutdown the selected interface
speed Configure speed operation.
standby HSRP interface configuration commands
tx-ring-limit Configure PA level transmit ring limit

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: