Image of Jeremy L. Gaddis, CCNA, CCNP (and Cortney, in case you were wondering)

The Cisco CLI: IOS Modes

by Jeremy L. Gaddis on September 6, 2011 · 0 comments

Post image for The Cisco CLI: IOS Modes

In Introduction to Cisco Devices and Cisco IOS, we talked about what IOS is and the different ways in which we can access the command-line interface (CLI). In this article, we’ll examine the different IOS modes, how they interact with each other, what each is used for, and how to switch between them.

IOS Modes

Cisco IOS is considered a modal operating system. By that, we mean that there are different modes of operation, each having its own purpose and function.

There are four major modes used in IOS:

  • User executive mode
  • Privileged executive mode
  • Global configuration mode
  • Other modes, specific to certain configurations

NOTE: I know, that last one is vague. I’ll expand on it further in this article.

Each of these modes is used to accomplish different tasks. In addition, there are different commands available to us depending on which mode we are in.

For example, if we want to configure an interface on a router, we must go into interface configuration mode. In this mode, any changes that we make will apply only to that specific interface and no others.

When configuring a router or switch, we can tell which mode we are in just by looking at the prompt that the device presents us with.

User executive mode

When we first connect to a device, either via the console or using telnet/SSH, we automatically enter into user executive mode. In user exec mode, the prompt looks like this:


In this case, user exec mode is distinguished by the use of the > symbol. “Router” refers to the hostname assigned to the device. In this case, I have started with a blank configuration and have not given the router a hostname so it uses the default. If this were a switch, the prompt would instead read Switch>.

Just like we name our children, pets, and computers, we give names to our routers and devices too. We’ll talk about this later, in Assigning Hostnames to Cisco Devices.

If our router was named “Steve”, for example, the prompt would look like this:


While the hostname lets us know which specific device we are connected to, it is the > symbol which lets us know that we are in user exec mode.

User exec mode is sometimes called view-only mode. This is because there are a very limited number of commands available to us in this mode and none of them allow us to modify the configuration. For that, we must enter privileged executive mode.

Privileged executive mode

Privileged executive mode, also referred to as enable mode, is our first step to gaining access to commands that modify the router’s configuration. When entering privileged exec mode, our prompt will change to the # symbol.

From user exec mode, we use the enable command to access privileged exec mode:

Router> enable

Note that the > symbol at the end of the prompt changed to a # symbol. This indicates that we are now in privileged exec mode. When we are done in privileged exec mode, we return to user exec mode by using the disable command.

Router# disable

See how the prompt returned to a > symbol? Again, this indicates that we are in user exec mode.

The above examples assume that no passwords have been configured on our router. If the router has been configured to require a password for privileged exec mode, we’ll be asked for it before being granted access to privileged exec mode.

Router> enable

NOTE: When typing in a password, it does not appear on the screen for security purposes. In the example above, I did have to type in the password, you just can’t see it.

Global configuration mode

While privileged exec mode provides us access to some management and troubleshooting commands, we’ll need to be in global configuration mode in order to issue commands that make changes to the router’s running configuration.

We gain access to global config mode by using the configure terminal command in privileged exec mode.

Router> enable
Router# configure terminal

You’ll notice that, once again, the prompt has changed as we switched between modes.

Other configuration modes

There are many other configuration modes that you’ll become familiar with as you make progress towards the CCNA certification. These include:

  • Line configuration mode (used to configure the CTY and VTY lines)
  • Interface configuration mode (used to configure router interfaces)
  • Router configuration mode (used to configure routing protocols)

You’ll see these modes in action in future articles when we discuss setting passwords and configuring interfaces but, for the sake of completeness, let’s look at a quick example.

In order to configure a password on the console port, we must be in line configuration mode. We get into line configuration mode by issuing the line console 0 command in global config mode.

Router> enable
Router# configure terminal
Router(config)# line console 0

Yet again our prompt has changed to reflect what mode we are currently in. These various configuration modes are all hierarchical and we return to the previous mode (e.g. going “up” one level) by issuing the exit command.

Router(config-line)# exit
Router(config)# exit

Alternatively, we can exit configuration mode entirely and return directly to privileged exec mode with the end command.

Router(config-line)# end


A firm understanding of the different IOS modes, while basic, is critical to being able to successfully configure Cisco routers and switches (as well as passing the CCNA test!). Beginners are often frustrated when they enter a command they know is correct and receive an error message. Many times, this is caused by being in the wrong mode.

Now that you know the different modes and what they’re used for, let’s get our hands dirty. Basic Cisco IOS Commands introduces some commands you’ll start using immediately and continue to use as long as you work with Cisco routers and switches.

Image Source

Previous post:

Next post: