Cisco IOS Modes-Config, Privileged and User EXEC Mode

Cisco IOS has a Command Line Interface (CLI). CLI is the primary user interface for Cisco router and switches. Command line interface(CLI) supports various command modes. The Cisco router and switch has following different modes.

  • User EXEC Mode
  • Privileged EXEC Mode
  • Global Configuration Mode
  • Setup Mode
  • ROM Monitor Mode

Furthermore, Global configuration mode has a Specific Configuration Modes. We will discuss these specific configuration modes under Global Configuration Mode. Figure 1 Illustrate some specific configuration modes with their prompt.

User mode

User Mode is also known is User EXEC mode. This mode is the first mode a user has access to the router after logging in. We can recognize user mode by the > prompt after the name of the routerUser EXEC Mode/switch. Router default name is Router and switch default name is Switch. We can change the default hostname from Global configuration mode by the help of hostname command. We will explain the command later in coming articles.

The user mode is usually password protected. You need a valid username and password to access this mode. This mode allows the user to execute only the basic commands, such as those that show the system’s status. The router cannot be configured or restarted from this mode. The figure-2 illustrate the user mode at CLI. 

 Privileged Mode

This mode is also known is enable mode or a privileged exec mode. Privileged exec mode is the main exec mode. This mode allows a user to view extensive info about the router’s configuration and allows a user to change some of the configuration parameters. The Privileged mode also password protected. The user should enter the password to access this mode. 

In the lab environment, it’s usually unprotected. You can use this mode by executing an enable command at user exec mode. We can list all available commands of this mode by entering at command line interface (CLI). Most commands of this mode are one-time commands. Which show the result and current status and clear counters on interfaces. We can enter common show commands both from user exec mode or privileged exec mode. the Exec mode commands do not save across the reboot of the device. The figure-3 illustrate the Privileged mode of the router.

Global Configuration Mode

The config mode is actually only a temporary gateway mode to get to extended configuration modes (specific configuration mode).  Very little can be done in the configuration mode. The figure-4 illustrate the global configuration mode. Global configuration mode is used for configuring device globally, or to enter in the element like interface, protocols specific configuration mode. Use configures terminal command at privileged exec mode to access global configuration mode.

Global configuration mode and extended (specific) configuration mode allowing you to make a change in running configuration. By default running configuration does not store across the reboot, but you can save the running configuration to keep it across the reboot. To save running configuration use copy running-config startup-config from privileged EXEC mode commands. To return in privileged exec mode from global configuration mode or specific configuration mode we have used three commands.

  1. Ctrl + Z
  2. exit
  3. end

Ctrl+Z key combination will work in all mode.

exit command only works in global configuration mode.

end command is the safest way to exit from global configuration mode or interface specific mode.

Some of the extended configuration or specific configuration modes listed below in figure-4 with their prompt.

Setup Mode

As I described in the previous article that when a Cisco router powered on, it will first run a POST test to make sure all hardware is working fine, and then router tries to find running configuration. If the router finds the configuration it would load that. If it fails to find configuration, it would start the setup mode. The setup mode is a step-by-step process which helps you configure basic aspects of the router. In this mode, the router will ask you questions about the first settings in a sequence for basic configuration values. Depending on answers provided by you, the router will automatically build initial configuration.


This mode also called ROM Monitor Mode. During the boot process, if the router does not find a valid IOS image and failed to load IOS in RAM, it would enter in ROMMON mode. This mode also accessible manually. This mode is the diagnostic mode just like safe mode in windows. By default, the router does not enter in this mode unless it fails to find the IOS image. To enter manually in ROMMON mode, execute reload command from privileged exec mode and then press CTRL + C  key combination or break during the first 60 seconds of startup. We can also use this mode for password recovery. Prompt for this mode is rommon>

Please follow and like us: