CLI Architecture

A Cisco IOS router command line interface can be accessed through either a console connection, modem connection, or a telnet session. Regardless of which connection method is used, access to the IOS command line interface is generally referred to as an EXEC session.

As a security feature, Cisco IOS separates EXEC sessions into two different access levels – user EXEC level and privileged EXEC level. User EXEC level allows a person to access only a limited amount of basic monitoring commands. Privileged EXEC level allows a person to access all router commands (e.g. configuration and management) and can be password protected to allow only authorized users the ability to configure or maintain the router.

For example, when an EXEC session is started, the router will display a “Router>” prompt. The right arrow (>) in the prompt indicates that the router is at the user EXEC level. The user EXEC level does not contain any commands that might control (e.g. reload or configure) the operation of the router. To list the commands available at the user EXEC level, type a question mark (?) at the Router> prompt. (This feature is referred to as context sensitive help.)

Critical commands (e.g. configuration and management) require that the user be at the privileged EXEC level. To change to the privileged EXEC level, type “enable” at the Router> prompt. If an enable password is configured, the router will then prompt for that password. When the correct enable password is entered, the router prompt will change to “Router#” indicating that the user is now at the privileged EXEC level. To switch back to user EXEC level, type “disable” at the Router# prompt. Typing a question mark (?) at the privileged EXEC level will now reveal many more command options than those available at the user EXEC level. The text below illustrates the process of changing EXEC levels.

Router> enable
Password: [enable password]
Router# disable

Note: For security reasons, the router will not echo the password that is entered. Also, be advised that if configuring a router via telnet, the password is sent in clear text. Telnet does not offer a method to secure packets.

Once an EXEC session is established, commands within Cisco IOS are hierarchically structured. In order to successfully configure the router, it is important to understand this hierarchy. To illustrate this hierarchy, Figure 1 provides a simple high-level schematic diagram of some IOS commands.

Figure 1 – IOS CLI hierarchy

Command options and applications vary depending on position within this hierarchy. Referring to the diagram in figure 1, configuration command options will not be available until the user has navigated to the configuration branch of the IOS CLI structure. Once in the configuration branch, a user may enter system level configuration commands that apply to the entire router at the global configuration level. Interface specific configuration commands are available once the user has switched to the particular interface configuration level. More detailed information and examples on how to navigate through the IOS CLI hierarchy are offered in the Router Configuration section.

To assist users in navigation through IOS CLI, the command prompt will change to reflect the position of a user within the command hierarchy. This allows users to easily identify where within the command structure they are at any given moment. Table 2 is a summary of command prompts and the corresponding location within the command structure

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s