Cisco IOS Mode User Privilege Configurations
CLI Access ModesEach Cisco device on CLI interface supports three access modes
- User EXEC
Provides basic access to the IOS with limited command availability (basically simple monitoring and troubleshooting commands)
- Privilege EXEC
Provides high-level management access to the IOS, including all commands available at User EXEC mode
Allows configuration changes to be made to the device
User EXEC ModeYour initial access to the CLI is via the User EXEC mode, which has only a limited number of IOS commands you can execute. Depending on the Cisco device’s configuration, you might be prompted for a password to access this mode.
This mode is typically used for basic troubleshooting of networking problems. You can tell that you are in User EXEC mode by examining the prompt on the left side of the screen:
Router>If you see a > character at the end of the information, you know that you are in User EXEC mode. The information preceding the > is the name of the Cisco device.
For instance, the default name of all Cisco routers is Router, whereas the 2960 switch’s User EXEC prompt looks like this: Switch>. These device names can be changed with the hostname command.
Privilege EXEC ModeOnce you have gained access to User EXEC mode, you can use the enable command to access Privilege EXEC mode:
Router> enable Router#Once you enter the enable command, if a Privilege EXEC password has been configured on the Cisco device, you will be prompted for it. Upon successfully authenticating, you will be in Privilege EXEC mode. You can tell that you are in this mode by examining the CLI prompt. In the preceding code example, notice that the > changed to a #.
When you are in Privilege EXEC mode, you have access to all of the User EXEC commands as well as many more advanced management and troubleshooting commands. These commands include extended ping and trace abilities, managing configuration files and IOS images, and detailed troubleshooting using debug commands. About the only thing that you can’t do from this mode is change the configuration of the Cisco device—this can be done only from Configuration mode. If you wish to return to User EXEC mode from Privilege EXEC mode, use the exit command:
Router# exit Router>Again, by examining the prompt, you can tell that you are now in User EXEC mode.
Configuration Modes of Cisco IOS SoftwareFrom privileged EXEC mode, you can enter global configuration mode using the
configure terminal command.
From global configuration mode, you can access specific configuration modes, which include, but are not limited to, the following:
Supports commands that configure operations on a per-interface basis
Supports commands that configure multiple virtual interfaces on a single physical interface
Supports commands that configure controllers (for example, E1 and T1 controllers)
Supports commands that configure the operation of a terminal line (for example, the console or the vty ports)
Supports commands that configure an IP routing protocol
Commands that affect the entire device are called global commands.
The hostname and enable password commands are examples of global commands.
Commands that point to or indicate a process or interface that will be configured are called major commands. When entered, major commands cause the CLI to enter a specific configuration mode.
Major commands have no effect unless you immediately enter a subcommand that supplies the configuration entry. For example, the major command interface serial 0 has no effect unless you follow it with a subcommand that tells what is to be done to that interface.
|Router#||Privileged mode (also known as EXEC-level mode)|
|Router(config)#||Global configuration mode|
|Router(config-router)#||Router configuration mode|