IOS has a command hierarchy
| Router> | – User EXEC mode |
| Router# | – Privileged EXEC mode |
| Router(config)# | – Configuration mode (notice the # sign indicates this is accessible only at privileged EXEC mode) |
| Router(config-if)# | – Interface level within configuration mode |
| Router(config-router)# | – Routing engine level within configuration mode |
| Router(config-line)# | – Line level (vty, tty, async) within configuration mode |
User Mode.
In user mode we cant configure anything, Only we can read and execute a few basic commands but we can’t change anything.User EXEC level allows you to access only basic monitoring commands
3750>? Exec commands: <1-99> Session number to resume access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface clear Reset functions connect Open a terminal connection disable Turn off privileged commands disconnect Disconnect an existing network connection do-exec Mode-independent "do-exec" prefix support emm Run a configured Menu System enable Turn on privileged commands ethernet Ethernet parameters exit Exit from the EXEC help Description of the interactive help system lock Lock the terminal login Log in as a particular user logout Exit from the EXEC mrinfo Request neighbor and version information from a multicast router mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection ping Send echo messages platform Platform CPU commands platform Platform specific command rcommand Run command on remote switch release Release a resource renew Renew a resource rep Resilient Ethernet Protocol Exec Commands resume Resume an active network connection routing-context Routing Context set Set system parameter (not config) show Show running system information systat Display information about terminal lines tclquit Quit Tool Command Language shell telnet Open a telnet connection terminal Set terminal line parameters traceroute Trace route to destination tunnel Open a tunnel connection where List active connections 3750>
Privilege Mode.
privileged EXEC level allows you to access few commands. Privileged EXEC level can be password protected to allow only authorized users the ability to configure or manage the router. But you can’t change any major configurations such as Routing protocols configurations, Switching protocols etc.
3750#? Exec commands: <1-99> Session number to resume access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files attach Console for a module beep Blocks Extensible Exchange Protocol commands calendar Manage the hardware calendar call-home Call-Home commands cd Change current directory clear Reset functions clock Manage the system clock cns CNS agents configure Enter configuration mode connect Open a terminal connection copy Copy from one file to another debug Debugging functions (see also 'undebug') delete Delete a file diagnostic Diagnostic commands dir List files on a filesystem disable Turn off privileged commands disconnect Disconnect an existing network connection do-exec Mode-independent "do-exec" prefix support dot1x IEEE 802.1X Exec Commands emm Run a configured Menu System enable Turn on privileged commands eou EAPoUDP erase Erase a filesystem ethernet Ethernet parameters event Event related commands exit Exit from the EXEC format Format a filesystem fsck Fsck a filesystem help Description of the interactive help system hw-module Apply command (e.g. reset) to specified hardware target if-mgr IF-MGR operations ip Global IP commands lock Lock the terminal logging Handles logging operations login Log in as a particular user logout Exit from the EXEC macro Exec level macro commands mediatrace Mediatrace Commands mkdir Create new directory monitor Monitoring different system events more Display the contents of a file mrinfo Request neighbor and version information from a multicast router mrm IP Multicast Routing Monitor Test msp Exec command to attach profile to flow mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection no Disable debugging functions ping Send echo messages platform Platform CPU commands platform Platform specific command pwd Display current working directory rcommand Run command on remote switch release Release a resource reload Halt and perform a cold restart remote Remote commands rename Rename a file renew Renew a resource rep Resilient Ethernet Protocol Exec Commands resume Resume an active network connection rmdir Remove existing directory routing-context Routing Context rsh Execute a remote command send Send a message to other tty lines session Console session for a module set Set system parameter (not config) show Show running system information spec-file format spec file commands systat Display information about terminal lines tclquit Quit Tool Command Language shell tclsh Tool Command Language shell telnet Open a telnet connection terminal Set terminal line parameters test Test subsystems, memory, and interfaces traceroute Trace route to destination tunnel Open a tunnel connection udld UDLD protocol commands undebug Disable debugging functions (see also 'debug') upgrade Upgrade commands verify Verify a file vmps VMPS actions vstack Vstack Exec Commands vtp Configure global VTP state where List active connections which-route Do OSI route table lookup and display results write Write running configuration to memory, network, or terminal 3750#
Global Configuration Mode.
One can enter in to global configuration mode either by using the command “CONFIGURE TERMINAL” or “CONF T” in Privileged EXEC mode. In global configuration mode, we can make changes to the device configurations. The global configuration mode has symbol ‘#’ after the user name followed by config in braces.
3750#conf t Enter configuration commands, one per line. End with CNTL/Z. 3750(config)#? Configure commands: aaa Authentication, Authorization and Accounting. access-list Add an access list entry access-session Access Session Global Configuration Commands alias Create command alias ancp Configure ANCP archive Archive the configuration arp Set a static ARP entry async-bootp Modify system bootp parameters audit Router Audit authentication Auth Manager Global Configuration Commands auto Configure Automation banner Define a login banner beep Configure BEEP (Blocks Extensible Exchange Protocol) bfd BFD configuration commands bfd-template BFD template configuration boot Modify system boot parameters bridge Bridge Group. buffers Adjust system buffer pool parameters call-home Enter call-home configuration mode cdp Global CDP configuration subcommands cef Cisco Express Forwarding cisp Set CISP parameters class-map Configure CPL Class Map clns Global CLNS configuration subcommands clock Configure time-of-day clock cluster Cluster configuration commands cns CNS agents config-register Define the configuration register configuration Configuration access control-plane Configure control plane services default Set a command to its defaults default-value Default character-bits values define interface range macro definition device-sensor IOS Sensor Commands diagnostic Configure diagnostic information dnsix-dmdp Provide DMDP service for DNSIX dnsix-nat Provide DNSIX service for audit trails do-exec To run exec commands in config mode dot1x IEEE 802.1X Global Configuration Commands downward-compatible-config Generate a configuration compatible with older software eap EAP Global Configuration Commands emm Specify pre-loading of MDF enable Modify enable password parameters end Exit from configure mode energywise EnergyWise Global Configuration Commands eou EAPoUDP Global Configuration Commands epm EPM Global Configuration Commands errdisable Error disable ethernet Ethernet configuration event Event related configuration commands exception Exception handling exit Exit from configure mode fallback Fallback configuration commands file Adjust file system parameters flow Global Flow configuration subcommands format Format the output fullcoredump Configure parameters required for coredump global-address-family Enter address-family base routing topology mode help Description of the interactive help system hostname Set system's network name identity Identity Configuration Commands interface Select an interface to configure ip Global IP configuration subcommands ipc Configure IPC system ipv6 Global IPv6 configuration commands isis Global ISIS configuration subcommands key Key management kron Kron interval Facility l2 Layer 2 l2protocol-tunnel Tunnel Layer2 protocols lacp LACP configuration li-view LI View line Configure a terminal line link Enable Link State Tracking feature lldp Global LLDP configuration subcommands location Global location configuration commands logging Modify message logging facilities login Enable secure login checking mab MAC Authentication Bypass Global Configuration Commands mac Global MAC configuration subcommands macro Macro configuration media-proxy Global media proxy configuration mediatrace Mediatrace Application memory Configure memory management metadata Metadata Application module Module monitor Monitoring different system events netconf Configure NETCONF netflow-lite Netflow-lite Configuration Subcommands network-policy Network Policy nmsp NMSP configuration commands no Negate a command or set its defaults ntp Configure NTP parser Configure parser password Configure encryption password (key) policy-manager Policy Manager configuration commands policy-map Configure CPL Policy Map port-channel EtherChannel configuration power Power configure pppoe Point to Point Protocol over Ethernet privilege Command privilege parameters process Configure process process-max-time Maximum time for process to run before voluntarily relinquishing processor profile MSP Profile qos Global QoS configuration subcommands regexp regexp commands rep Resilient Ethernet Protocol characteristics resource Configure Resource settings rif Source-route RIF cache rmon Remote Monitoring route-map Create route-map or enter route-map command mode router Enable a routing process sampler Define a Sampler sasl Configure SASL scheduler Scheduler parameters scripting Configure options for scripting languages service Modify use of network based services service-family Configure extenal service-family clients shell Configure shell command shutdown Shutdown system elements snmp Modify non engine SNMP parameters snmp-server Modify SNMP engine parameters spanning-tree Spanning Tree Subsystem stacks Configure stacks standby Global HSRP configuration commands subscriber-policy Subscriber policy system Set the global ethernet configuration table-map Configure Table Map tacacs-server Modify TACACS query parameters template Select a template to configure tftp-server Provide TFTP service for netload requests time-range Define time range entries track Object tracking configuration commands ttyscan Configure Line scanning delay time udld Configure global UDLD setting username Establish User Name Authentication vlan Vlan commands vmps VMPS settings vrf VRF commands vstack Configure vstack parameters and enable or disable SmartInstall vtp Configure global VTP state wsma Configure Web Services Management Agents xdr Configure XDR parameters 3750#
Interface Configuration Mode.
In this mode we change the configuration of the interfaces such as IP address configuration and other interface-level configurations.
3750(config)#interface gigabitEthernet 1/1 3750(config-if)#? Interface configuration commands: aaa Authentication, Authorization and Accounting. access-expression Build a bridge boolean access expression ancp ANCP interface commands arp Set arp type (arpa, probe, snap) or timeout or log options authentication Auth Manager Interface Configuration Commands auto Configure Automation backup Modify backup parameters bandwidth Set bandwidth informational parameter bfd BFD interface configuration commands bgp-policy Apply policy propagated by bgp community string bridge-group Transparent bridging interface parameters carrier-delay Specify delay for interface transitions cdp CDP interface subcommands channel-group Etherchannel/port bundling configuration channel-protocol Select the channel protocol (LACP, PAgP) clns CLNS interface subcommands counter Enable IPv4 and IPv6 combined statistic counters dampening Enable event dampening default Set a command to its defaults delay Specify interface throughput delay description Interface specific description dot1q dot1q interface configuration commands dot1x Interface Config Commands for IEEE 802.1X duplex Configure duplex operation. eou EAPoUDP Interface Configuration Commands ethernet Ethernet interface parameters exit Exit from interface configuration mode flowcontrol Configure flow operation. glbp Gateway Load Balancing Protocol interface commands help Description of the interactive help system history Interface history histograms - 60 second, 60 minute and 72 hour ip Interface Internet Protocol config commands ipv6 IPv6 interface subcommands isis IS-IS commands iso-igrp ISO-IGRP interface subcommands keepalive Enable keepalive lacp LACP interface subcommands link Interface link related commands lldp LLDP interface subcommands load-interval Specify interval for load calculation for an interface location Interface location information logging Configure logging for interface loopback Configure internal loopback on an interface mab MAC Authentication Bypass Interface Config Commands macro Command macro mdix Set Media Dependent Interface with Crossover media-proxy Enable media proxy services metadata Metadata Application mtu Set the interface Maximum Transmission Unit (MTU) neighbor interface neighbor configuration mode commands netflow-lite Netflow-lite Configuration Subcommands network-policy Network Policy no Negate a command or set its defaults ntp Configure NTP ospfv3 OSPFv3 interface commands pagp PAgP interface subcommands qos QoS configuration rmon Configure Remote Monitoring on an interface routing Per-interface routing configuration service-policy Configure CPL Service Policy shutdown Shutdown the selected interface snmp Modify SNMP interface parameters source Get config from another source spanning-tree Spanning Tree Subsystem speed Configure speed operation. standby HSRP interface configuration commands storm-control storm configuration switchport Set switching mode characteristics timeout Define timeout values for this interface topology Configure routing topology on the interface transmit-interface Assign a transmit interface to a receive-only interface udld Configure UDLD enabled or disabled and ignore global UDLD setting vnet Configure VNET interface options vrf VPN Routing/Forwarding parameters on the interface vrrp VRRP Interface configuration commands vtp Enable VTP on this interface 3750(config-if)#