Cisco IOS Modes

Cisco IOS is the proprietary operating system for Cisco devices. IOS provides group of commands used for monitoring, configuring, maintaining cisco devices. For security and easy administration, IOS commands are divided in the set of different command modes. Each command mode has its own set of commands. Which commands are available to use, depend upon the mode you are in.

CLI ( command-line interface) is the primary user interface used for connecting Cisco devices. Although new devices support web interface for management, still you need to be fluent at command prompt. CLI allows you to directly execute IOS commands, whether using a router console or terminal, or using remote access methods.

Cisco IOS Mode

Cisco IOS supports various command modes, among those following are the main command modes.

• User EXEC Mode
• Privileged EXEC Mode
• Global Configuration Mode
• Interface Configuration Mode
• Sub Interface Configuration Mode
• Setup Mode
• ROM Monitor Mode

You need to execute specific commands to navigate from one mode to another. Following section describe IOS command modes with specific navigation commands in details.

User EXEC Mode

This is the primary mode when you logged in router. On job environment, it is usually password protected. You need a valid username and password to access this mode. You have three chances to enter a valid password, before connection attempt is refused. On LAB environment, you could access this mode directly ( unless you have configured it for password).

User Exec Mode Command Prompt

By default it consists device hostname followed by greater than sign. For router default hostname is Router. For switch default hostname is Switch.

Default hostname can be changed from global configuration mode using hostname command.

User exec mode is the subset of privileged exec mode. For security purposes, this mode is reserved for tasks that do not change the configuration of router. It has limited commands those allow you to connect to remote devices, change terminal line settings on a temporary basis, perform basic tests, and list system information.

Enter ? at command prompt to list all available commands on this mode.

Privileged Exec Mode

Privileged exec mode is the main exec mode. Same as user exec mode on job environment, this mode is also password protected. You have to enter the password to access this mode. In lab environment, it's usually unprotected. You can access this mode by executing enable command at user exec mode.

Most commands of this mode are one time commands, like show or clear commands, which show current configuration status and clear counters on interfaces respectively. You can list all available commands of this mode by entering ? at command prompt.

This mode has all commands available for exec mode including user exec mode.

Common commands can be entered either from user exec mode or privileged exec mode.

Exec mode commands are not saved across the reboot of device.

Global Configuration Mode

Global configuration mode is the next access level in IOS mode sequence. This mode is used to configure device globally, or to enter in element like interface, protocols specific configuration mode. Use configure terminal command at privileged exec mode to access global configuration mode.

Global configuration mode and element specific configuration mode allow you to make change in running configuration. By default running configuration is not stored across the reboot, but you can save running configuration to preserve it across the reboot. To save running configuration use copy running-config startup-config from privileged EXEC mode commands.

To return in privileged exec mode from global configuration mode or element specific configuration mode we have three commands.

1. Ctrl + Z ( Press CTRL key with Z Key)
2. exit
3. end

Ctrl+Z key combination will works in all mode. But it has a drawback, if you pressed Ctrl+Z at the end of a command line in which a valid command has been typed, that command will be added in the running configuration file.

exit command only works in global configuration mode.

end command is the safest way to exit from global configuration mode or interface specific mode. It will always take you back in privileged EXEC mode regardless of which configuration mode or configuration submode you are in.

Interface configuration mode

Interface configuration mode is used to configure interface related settings. Many settings are enabled on a per-interface basis like as serial port, Ethernet. Interface configuration commands affect interface related settings, such as enable or disable interface, bandwidth, clock rate etc. To configure or change these setting, you need to enter in interface specific mode. To access interface configuration mode use following command.

Router(config)# interface type number

For example, to configure first serial port on 1841 series router we would use following command

Router(config)#interface serial 0/0/0

Sub Interface Configuration Mode

If interface supports virtualization, than sub interface mode is used to configure the virtual interface. From sub interface configuration mode you can configure multiple virtual interfaces known as sub interface on a single physical interface. On router usually virtual interfaces are used for wan connection such as Frame Relay. Frame Relay connection supports multiple point-to-point links known as PVC ( Permanent virtual circuits). PVC can be combined under the separate sub interfaces those are configured on a single physical interface. Another example of sub interface is VLAN communication, where we create sub interface on physical FastEthernet port for each VLAN. To access sub interface configuration mode run following command from interface configuration mode.

Router(config-if)# interface type number

In above example fastethernet 0/0.1 is the virtual interface ( sub interface ) of physical interface fastethernet 0/0.

Setup Mode

At the end of booting process, router try to locate running configuration. If it finds the configuration, it would load that. If it fails to find valid configuration, it would initiate the setup mode. In Setup Mode router will ask you questions about the initial setting in a sequence for basic configuration values. Depending on answers provided by you, router will automatically build initial configuration.

Router will enter in setup mode only if it does not find the valid configuration.

ROMMON Mode

During the boot process router loads IOS image in RAM. If it does not find a valid IOS image, it would enter in ROMMON mode. You can manually enter in this mode by interrupting boot sequence during the startup. This mode is used for diagnostic purpose. By default router does not enter in this mode unless it completely fail to locate the IOS image. To manually enter in this mode, execute reload command from privileged exec mode and then press CTRL + C key combination during the first 60 seconds of startup.

Cisco IOS mode cheat sheet

Mode	Purpose	Prompt	Command to enter	Command to exit
User EXEC	Allow you to connect with remote devices, perform basic tests, temporary change terminal setting, list system information	Router >	Default mode after booting. Login with password, if configured.	Use exit command
Privileged EXEC	Allow you to set operating parameters. It also includes high level testing and list commands like show, copy, debug.	Router #	Use enable command from user exec mode	Use exit command
Global Configuration	Contain commands those affect the entire system	Router(config)#	Use configure terminal command from privileged exec mode	Use exit command
Interface Configuration	Contain commands those modify the operation of an interface	Router(config-if)#	Use interface type number command from global configuration mode	Use exit command to return in global configuration mode
Sub-Interface Configuration	Configure or modify the virtual interface created from physical interface	Router(config-subif)	Use interface type sub interface number command from global configuration mode or interface configure mode	Use exit to return previous mode. Use end command to return in privileged exec mode.
Setup	Used by router to create initial configuration, if running configuration is not present	Parameter[Parameter value]:	Router will automatically insert in this mode if running configuration is not present	Press CTRL+C to abort. Type yes to save configuration, or no to exit without saving when asked in the end of setup.
ROMMON	If router automatically enter in this mode, than it indicate that it fails to locate a valid IOS image. Manual entrance in this mode Allow you to perform low-level diagnostics.	ROMMON>	Enter reload command from privileged exec mode. Press CTRL + C key combination during the first 60 seconds of booting process	Use exit command.

• IOS commands are not case sensitive, you can enter them in uppercase, lowercase, or mixed case.
• Password is case sensitive. Make sure you type it in correct case.
• In any mode, you can obtain a list of commands available on that mode by entering a question mark(?).
• Standard order of accessing mode is
• User Exec mode => Privileged Exec mode => Global Configuration mode => Interface Configuration mode => Sub Interface Configuration mode
• Router will enter in setup mode only if it fails to load a valid running configuration.
• Router will enter in ROMMON mode only if it fails to load a valid IOS image file.
• You can manually enter in ROMMON mode for diagnostics purpose.

Cisco Internetwork Operating System

Cisco IOS is a proprietary operating system developed by Cisco System for cisco device. It includes all necessary features required by routers and switches including, routing protocols, security features, and access control lists. It is stored in flash memory and transferred into the RAM during the boot process. IOS controls and manages the device on which it is running. Basically it provides the platform to execute the commands to configure and manage the device.

Advantage of IOS

Originally Cisco developed IOS for routers. Success of IOS makes Cisco to implement it in its other platforms including Catalyst switches. IOS provides following advantages:-

Connectivity

IOS connects various type of data link layer technologies together including Ethernet, Fiber and WAN. It provides interoperability between twisted pair and optical fiber, between LAN and WAN media, between branch office and company server, between Novell NetWare and IBM SNA, between UINX and Novell, and many more. IOS supports more protocols than any other internetwork supplier in industry.

Scalability

IOS is scalable for all level of internetworks as organization. It supports both fixed and modular chassis platforms to reduce the management cost. It supports scalable routing protocols that help in overcoming inherent protocol limitations. Other services like protocol termination and translation, filtering, smart broadcasting builds a flexible and scalable infrastructure that keep pace with evolving network requirements.

Reliability

Cisco IOS is the most reliable and innovative OS that enhance applications availability by finding performance-optimal paths and quickly routing traffic around any network failures. Cisco continuously upgrades IOS features to provide network redundancy.

Security

Security is the top priority in IOS. IOS includes many dedicate features for security. With advance security features, you can control access to your network and networking devices in accordance with your organizations security policies.

IOS Naming Conventions

In first instance all IOS look like same. Navigation between access levels and many of management commands are performed in the same way on all IOS products. This might confuse to beginner, as specific command for a particular feature is the same on all IOS products, but configuring another feature might different between router and switch. Cisco sells different flavors of its IOS software for routers and switches depending on the features that it need. In addition to customer need Cisco also makes product specific IOS. This lead differences between different products, some commands work on some routers but not on others.

So before you start working with IOS, it is always a good idea to check its version number and platform. A single command can get all this information including model number, types of interfaces, amount of memory, software version, and configuration setting. Use "show version" command to get all these details.

Router stores IOS in flash memory. You can also use "show flash" command to know the available IOS.

Form the output of above commands we know that router has a IOS of following name

c1841-advipservicesk9-mz.124-6.T7.bin

Let's break this name for clarify. An IOS filename is broken down into four parts:

• Platform
• Feature set
• Run location and compression
• Version

c1841

c1841 is the platform on which IOS will run. From earlier section of this article we know that different devices have different hardware architecture, and a IOS complied for one device may not run on another device. c1841 indicates that, this IOS is complied for 1841 series router.

advipservicesk9

advipservicesk9 indicates the features provided by this IOS. As we have already discussed that different IOS are complied to solve different purpose. This IOS provides advanced IP services for security purpose and k9 refers to the inclusion of encryption support.

mz

mz refers compression. It indicates that the IOS image is compressed and must be uncompressed before running. You may see letter l here, that indicates where IOS image is run from.

124-6.T7

The 124-6.T7 is the version number of IOS. Images names with T indicate new features, and without the T the mainline (only bug fixes are made to it).

.bin

.bin indicates that this is a binary image.

Let's take one more example of IOS name C2500-D-L.120-9.bin.

we could break it down as follows:

1. Platform: C2500
2. Feature Set: D
3. Run Location: L
4. IOS Version: 12.0-9

Now we know the naming conventions used in IOS image. For CCNA exam you do not need to know the feature set code, however you need to know the naming conventions used in IOS filename ( platform, feature set, compression/run location, and version).

IOS naming conventions cheat sheet

IOS Feature set codes

Feature Set code	Description
I	IP
IS	IP PLUS
J	Enterprise
JS	Enterprise Plus
JK8S	Enterprise Plus with IPSec

IOS Run Locations

Code	Memory Location
F	Image runs in flash
M	Image runs in Random Access Memory (RAM)
R	Image runs in Read Only Memory (ROM)
L	Image will be relocated at runtime

IOS Compression Identifiers

Code	Compression
Z	Image is Zip compressed
X	Image is Mzip compressed
W	Image is Stac compressed

Variable Lenght Subnet Mask (VLSM)

VLSM is a process of dividing an IP space into the subnets of different sizes without wasting IP addresses. When we perform subnetting, all subnets have the same number of hosts, this is known as FLSM ( Fixed length subnet mask). In FLSM all subnets use same subnet mask, this lead to inefficiencies. In real life scenario, some subnets may require large number of host addresses while other may require only few addresses.

For example, assume that you are a network administrator at Laxmisoftwares. Company have three departments connected with wan links.

• Development department have 74 computers.
• Production department have 52 computers.
• Administrative department have 28 computers.
• All departments are connected with each other via wan link.
• Each wan link requires two IP addresses.

With FLSM, to accumulate this requirement you have two choices, either purchase a class B IP address space or purchase at least two class C IP address space.

First choice with a example class B address space

172.168.1.0/23

Subnetting of this address space would give us 128 subnets and 512 hosts in each subnet. Our network requires only 6 subnets and 160 addresses. Every IP address add more dollars in company bill. You would have to pay for 65356 addresses while you need only 160 addresses. Would you consider this address space for company?

Second choice with two example class C address spaces

• 192.168.1.0/25
• 192.168.2.0/26

Subnetting of first address 192.168.1.0/25 would give us 2 subnets and 128 hosts in each subnet.

Subnetting of second address 192.168.2.0/26 would give us 4 subnets and 64 hosts in each subnet.

Collectively we are getting 6 subnets and 512 hosts from these two address spaces. We are still wasting more than 300 IP address, and we would have to purchase two address spaces.

Variable Length Subnet Mask

Variable Length Subnet Mask (VLSM) extends classic subnetting. VLSM is a process of breaking down subnets into the smaller subnets, according to the need of individual networks. In above example company have requirement of 6 subnets and 160 host addresses. With VSLM you can fulfill this requirement with single class C address space.

VLSM Subnetting

In VLSM Subnetting, we do subnetting of subnets according the network requirement.

Steps for VLSM Subnetting

• Find the largest segment. Segment which need largest number of hosts address.
• Do subnetting to fulfill the requirement of largest segment.
• Assign the appropriate subnet mask for the largest segment.
• For second largest segments, take one of these newly created subnets and apply a different, more appropriate, subnet mask to it.
• Assign the appropriate subnet mask for the second largest segment.
• Repeat this process until the last network.

VLSM Example

Now you know the steps of VLSM Subnetting. Let's understand it with above example. Our company requires 6 subnets and 160 hosts.

Step 1 :- Oder all segments according the hosts requirement (Largest to smallest).

Subnet	Segment	Hosts
1	Development	74
2	Production	52
3	Administrative	28
4	Wan link 1	2
5	Wan link 2	2
6	Wan link 3	2

Step 2 :- Do subnetting for largest segment. Our largest segment needs 74 host addresses. /25 provide us two subnets with 128 hosts in each subnet.

192.168.1.0/25

Subnet	Subnet 1	Subnet 2
Network ID	192.168.1.0	192.168.1.128
First host address	192.168.1.1	192.168.1.129
Last host address	192.168.1.126	192.168.1.254
Broadcast ID	192.168.1.127	192.168.1.255

Step 3 :- Assign subnet mask to the largest segment. As you can see in above table, subnet 1 fulfill our largest segment requirement. Assign it to our segment.

Segment	Development
Requirement	74
CIDR	/25
Subnet mask	255.255.255.128
Network ID	192.168.1.0
First hosts	192.168.1.1
Last hosts	192.168.1.126
Broadcast ID	192.168.1.127

Step 4 :- Do subnetting for second largest segment from next available subnet. Next segment requires 52 host addresses. Subnetting of /25 has given us two subnets with 128 hosts in each, from that we have assigned first subnet to development segment. Second segment is available, we would do subnetting of this.

/26 provide us 4 subnets with 64 hosts in each subnet.

192.168.1.0/26

Subnet	Subnet 1	Subnet 2	Subnet 3	Subnet 4
Network ID	0	64	128	192
First address	1	65	129	193
Last address	62	126	190	254
Broadcast ID	63	127	191	255

We cannot use subnet 1 and subnet 2 ( address from 0 to 127 ) as they are already assigned to development department. We can assign subnet 3 to our production department.

Segment	Production
Requirement	52
CIDR	/26
Subnet mask	255.255.255.192
Network ID	192.168.1.128
First hosts	192.168.1.129
Last hosts	192.168.1.190
Broadcast ID	192.168.1.191

Step 5 :- Our next segment requires 28 hosts. From above subnetting we have subnet 3 and subnet 4 available. Do subnetting for the requirement of 28 hosts.

192.168.1.0/27

Subnet	Sub 1	Sub 2	Sub 3	Sub 4	Sub 5	Sub 6	Sub 7	Sub 8
Net ID	0	32	64	96	128	160	192	224
First Host	1	33	65	95	129	161	193	225
LastHost	30	62	94	126	158	190	222	254
Broadcast ID	31	63	95	127	159	191	223	255

Subnets 1 to 6 [ address from 0 to 191] are already occupied by previous segments. We can assign subnet 7 to this segment.

Segment	Administrative
Requirement	28
CIDR	/27
Subnet mask	255.255.255.224
Network ID	192.168.1.192
First hosts	192.168.1.193
Last hosts	192.168.1.222
Broadcast ID	192.168.1.223

Step 6 :- Our last three segments require 2 hosts per subnet. Do subnetting for these.

192.168.1.0/30

Valid subnets are:-

0,4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,236,240,244,248,252,256

From these subnets, subnet 1 to subnet 56 ( Address from 0 - 220) are already assigned to previous segments. We can use 224,228, and 232 for wan links.

Subnet	Subnet 57	Subnet 58	Subnet 59
Network ID	224	228	232
First host	225	229	233
Last host	226	230	234
Broadcast ID	227	231	235

Assign these subnets to wan links.

Wan Link 1

Segments	Wan Link 1
Requirement	2
CIDR	/30
Subnet mask	255.255.255.252
Network ID	192.168.1.224
First hosts	192.168.1.225
Last hosts	192.168.1.226
Broadcast ID	192.168.1.227

Wan Link 2

Segments	Wan Link 2
Requirement	2
CIDR	/30
Subnet mask	255.255.255.252
Network ID	192.168.1.228
First hosts	192.168.1.229
Last hosts	192.168.1.230
Broadcast ID	192.168.1.231

Wan link 3

Segments	Wan Link 3
Requirement	2
CIDR	/30
Subnet mask	255.255.255.252
Network ID	192.168.1.232
First hosts	192.168.1.233
Last hosts	192.168.1.234
Broadcast ID	192.168.1.235

We have assigned IP addresses to all segments, still we have 20 addresses available. This is the magic of VLSM.

Classful and classless, these two terms are also used for FLSM and VLSM.

Classful subnetting

FLSM is also known as classful subnetting as all subnets have same number of hosts. In classful subnetting all subnets use same subnet mask.

Classless subnetting

VLSM is also known as classless subnetting as all subnets may have different number of hosts depending upon network requirement.

Classful routing

RIPv1 and IGRP routing protocols do not have a field for subnet information. It means that if a router running RIP routing protocol, has a subnet mask of a certain value, it assumes that all interfaces within the classful address space have the same subnet mask. This is known as classful routing.

Classless routing

RIPv2, EIGRP and OSPF are known as classless routing protocols, as they have field for subnet information in their routing advertisement. VLSM only works with classless routing protocols.