The Cisco IOS is designed as a modal operating system. The term modal describes a system where there are different modes of operation, each having its own domain of operation. The CLI uses a hierarchical structure for the modes.
In order from top to bottom, the major modes are:
User executive mode
Privileged executive mode
Global configuration mode
Other specific configuration modes
Each mode is used to accomplish particular tasks and has a specific set of commands that are available when in that mode. For example, to configure a router interface, the user must enter interface configuration mode. All configurations that are entered in interface configuration mode apply only to that interface.
Some commands are available to all users; others can be executed only after entering the mode in which that command is available. Each mode is distinguished with a distinctive prompt, and only commands that are appropriate for that mode are allowed.
The hierarchal modal structure can be configured to provide security. Different authentication can be required for each hierarchal mode. This controls the level of access that network personnel can be granted.
The figure shows the IOS modal structure with typical prompts and features.
When using the CLI, the mode is identified by the command-line prompt that is unique to that mode. The prompt is composed of the words and symbols on the line to the left of the entry area. The word prompt is used because the system is prompting you to make an entry.
By default, every prompt begins with the device name. Following the name, the remainder of the prompt indicates the mode. For example, the default prompt for the global configuration mode on a router would be:
The two primary modes of operation are:
As a security feature, the Cisco IOS software separates the EXEC sessions into two access modes. These two primary access modes are used within the Cisco CLI hierarchical structure.
Each mode has similar commands. However, the privileged EXEC mode has a higher level of authority in what it allows to be executed.
User Executive Mode
The user executive mode, or user EXEC for short, has limited capabilities but is useful for some basic operations. The user EXEC mode is at the top of the modal hierarchical structure. This mode is the first entrance into the CLI of an IOS router.
The user EXEC mode allows only a limited number of basic monitoring commands. This is often referred to as view-only mode. The user EXEC level does not allow the execution of any commands tha
Privileged EXEC Mode
The execution of configuration and management commands requires that the network administrator use the privileged EXEC mode, or a specific mode further down the hierarchy.
The privileged EXEC mode can be identified by the prompt ending with the # symbol.
By default, privileged EXEC does not require authentication. It is a good practice to ensure that authentication is configured.
Global configuration mode and all other more specific configuration modes can only be reached from the privileged EXEC mode. In a later section of this chapter, we will examine device configuration and some of the configuration modes.
Moving between the User EXEC and Privileged EXEC Modes
The enable and disable commands are used to change the CLI between the user EXEC mode and the privileged EXEC mode, respectively.
In order to access the privileged EXEC mode, use the enable command. The privileged EXEC mode is sometimes called the enable mode.
The syntax for entering the enable command is:
This command is executed without the need for an argument or keyword. Once
The # at the end of the prompt indicates that the router is now in privileged EXEC mode.
If password authentication has been configured for the privileged EXEC mode, the IOS prompts for the password.
Cisco IOS Modes