Cisco iOS Command Hierarchy
Last Updated :
01 Jan, 2023
The operating system that Cisco uses in many of its products is called Cisco IOS, and you can communicate with it using a command line shell (or Command Line Interface or CLI, as Cisco nomenclature calls it). You have access to about 2000 different commands if you count the commands for many advanced routers and wireless items. The basic commands available in the IOS Cisco CLI used by the router are described here. Some Cisco IOS commands allow you to perform more than one action. You can also navigate up and down the hierarchy of IOS configuration levels (or modes). Some of the various levels are shown below:
Note: Here we are talking about iOS in general and not to a specific version. So not all iOS versions support all the commands listed here, and certain iOS versions contain additional commands not included in this list. Also, note that PIX line of products was originally acquired by Cisco and is not manufactured, so it has (or had) its own operating system. Although some PIX operating system command line shells were eventually merged into the Cisco iOS CLI. Finally, many basic commands have multiple modes.
Start with Cisco iOS:
First, press “Return” to enter user mode, and you will see a “router” prompt. Cisco more accurately calls this User Executive mode or User EXEC mode.
Command prompt |
Available commands |
router> |
access-enable |
router> |
access-profile |
router> |
clear |
router> |
connect |
router> |
disable |
router> |
disconnect |
router> |
enable |
router> |
exit |
router> |
help |
router> |
lock |
router> |
login |
router> |
logout |
router> |
mrinfo |
router> |
mstat |
router> |
mtrace |
router> |
name-connection |
router> |
pad |
router> |
ping |
router> |
ppp |
router> |
resume |
router> |
rlogin |
router> |
set |
router> |
show |
router> |
slip |
router> |
systat |
Privileged Mode:
As mentioned earlier, running the enable command in user mode puts you in privileged mode, specifically privileged EXEC mode. Most of the commands available in User mode are also available in privileged mode, so there is a fair amount of duplication in this table.
Command prompt |
Available commands |
router# |
access-enable |
router# |
access-profile |
router# |
access-template |
router# |
bfe |
router# |
cd |
router# |
clear |
router# |
clock |
router# |
configure terminal |
router# |
connect |
router# |
copy |
router# |
debug |
router# |
delete |
router# |
dir |
router# |
disable |
router# |
disconnect |
router# |
enable |
router# |
erase |
router# |
exit |
router# |
help |
router# |
lock |
router# |
login |
router# |
logout |
router# |
more |
router# |
mstat |
router# |
mtrace |
router# |
name-connection |
router# |
pad |
router# |
ping |
router# |
ppp |
router# |
resume |
router# |
rlogin |
router# |
rsh |
router# |
send |
router# |
set |
router# |
setup |
router# |
show —- |
router# |
slip |
router# |
systat |
router# |
telnet |
router# |
terminal |
router# |
test |
router# |
traceroute |
router# |
tunnel |
router# |
undebug |
router# |
verify |
router# |
where |
router# |
write |
Global Configuration mode:
Invoking the “configure terminal” command in privileged mode will switch to global configuration mode as shown above. The accepted shortcut for the command is “config t” and it works. Note that in this mode, as in all configuration modes, configuration settings are applied to the router’s current configuration. If the configuration needs to be applied to the boot configuration, the running configuration must be copied to NVRAM using the “Write” or “Copy” command, depending on the iOS version.
Command prompt |
Available commands |
router(config)# |
aaa |
router(config)# |
|
router(config)# |
alias |
router(config)# |
arp |
router(config)# |
async-bootp |
router(config)# |
banner |
router(config)# |
boot |
router(config)# |
bridge |
router(config)# |
buffers |
router(config)# |
busy-message |
router(config)# |
call-history-mib |
router(config)# |
cdp |
router(config)# |
chat-script |
router(config)# |
clock |
router(config)# |
config-register |
router(config)# |
default |
router(config)# |
default-value |
router(config)# |
dialer |
router(config)# |
dialer-list |
router(config)# |
dnsix-dmdp |
router(config)# |
dnsix-nat |
router(config)# |
downward-compatible-config |
router(config)# |
enable |
router(config)# |
end |
router(config)# |
exception |
router(config)# |
exit |
router(config)# |
file |
router(config)# |
frame-relay |
router(config)# |
help |
router(config)# |
hostname |
router(config)# |
interface [ e0 or s0 or s1 ] |
router(config)# |
ip —- |
router(config)# |
key |
router(config)# |
line aux |
router(config)# |
line console |
router(config)# |
line vty |
router(config)# |
logging |
router(config)# |
login-string |
router(config)# |
map-class |
router(config)# |
map-list |
router(config)# |
menu |
router(config)# |
modemcap |
router(config)# |
multilink |
router(config)# |
netbios |
router(config)# |
no |
router(config)# |
partition |
router(config)# |
priority-list |
router(config)# |
privilege |
router(config)# |
prompt |
router(config)# |
queue-list |
router(config)# |
resume-string |
router(config)# |
rlogin |
router(config)# |
rmon |
router(config)# |
route-map |
router(config)# |
router {protocol} |
router(config)# |
rtr |
router(config)# |
scheduler |
router(config)# |
service |
router(config)# |
snmp-server |
router(config)# |
sntp |
router(config)# |
stackmaker |
router(config)# |
state-machine |
router(config)# |
subscriber-policy |
router(config)# |
tacacs-server |
router(config)# |
terminal-queue |
router(config)# |
tftp-server |
router(config)# |
username |
router(config)# |
virtual-profile |
router(config)# |
x25 |
router(config)# |
x29 |
Global IP configuration commands:
We are still in global configuration mode, therefore this is a subset of IP instructions.
Command Prompt |
Available Commands |
router(config)# |
ip access-list |
router(config)# |
ip access-list standard (name) |
router(config)# |
ip access-list extended (name) |
router(config)# |
ip accounting-list |
router(config)# |
ip accounting-threshold |
router(config)# |
ip accounting-transits |
router(config)# |
ip address-pool |
router(config)# |
ip alias |
router(config)# |
ip as-path |
router(config)# |
ip bgp-community |
router(config)# |
ip bootp |
router(config)# |
ip classless |
router(config)# |
ip community-list |
router(config)# |
ip default-gateway |
router(config)# |
ip default-network |
router(config)# |
ip dhcp-server |
router(config)# |
ip domain-list |
router(config)# |
ip domain-lookup |
router(config)# |
ip domain-name |
router(config)# |
ip drp |
router(config)# |
ip dvmrp |
router(config)# |
ip finger |
router(config)# |
ip forward-protocol |
router(config)# |
ip ftp |
router(config)# |
ip gdp |
router(config)# |
ip gratuitous-arps |
router(config)# |
ip host |
router(config)# |
ip host-routing |
router(config)# |
ip hp-host |
router(config)# |
ip http |
router(config)# |
ip icmp |
router(config)# |
ip local |
router(config)# |
ip mobile-host |
router(config)# |
ip mroute |
router(config)# |
ip multicast-routing |
router(config)# |
ip name-server |
router(config)# |
ip nat |
router(config)# |
ip ospf |
router(config)# |
ip pim |
router(config)# |
ip prefix-list |
router(config)# |
ip radius |
router(config)# |
ip rcmd |
router(config)# |
ip reflexive-list |
router(config)# |
ip route |
router(config)# |
ip routing |
router(config)# |
ip rsvp |
router(config)# |
ip sap |
router(config)# |
ip sdr |
router(config)# |
ip security |
router(config)# |
ip source-route |
router(config)# |
ip subnet-zero |
router(config)# |
ip tacacs |
router(config)# |
ip tcp |
router(config)# |
ip telnet |
router(config)# |
ip tftp |
router(config)# |
ip trigger-authentication |
Interface configuration mode:
The commands in the following table are used to configure a specific interface.
Command prompt |
Available commands |
router(config-if)# |
access-expression |
router(config-if)# |
arp |
router(config-if)# |
backup |
router(config-if)# |
bandwidth |
router(config-if)# |
bridge-group |
router(config-if)# |
carrier-delay |
router(config-if)# |
cdp |
router(config-if)# |
cmns |
router(config-if)# |
custom-queue-list |
router(config-if)# |
default |
router(config-if)# |
delay |
router(config-if)# |
description |
router(config-if)# |
exit |
router(config-if)# |
fair-queue |
router(config-if)# |
help |
router(config-if)# |
hold-queue |
router(config-if)# |
ip —- |
router(config-if)# |
keepalive |
router(config-if)# |
llc2 |
router(config-if)# |
load-interval |
router(config-if)# |
logging |
router(config-if)# |
loopback |
router(config-if)# |
mac-address |
router(config-if)# |
media-type |
router(config-if)# |
mtu |
router(config-if)# |
netbios |
router(config-if)# |
no |
router(config-if)# |
priority-group |
router(config-if)# |
random-detect |
router(config-if)# |
shutdown |
router(config-if)# |
snapshot |
router(config-if)# |
snmp |
router(config-if)# |
standby |
router(config-if)# |
timeout |
router(config-if)# |
traffic-shape |
router(config-if)# |
transmit-interface |
router(config-if)# |
tx-queue-limit |
Interface specific IP configuration commands:
These are the IP instructions that apply only to the specified interface because we are still in interface setup mode.
Command prompt |
Available commands |
router(config-if)# |
ip access-group {acl name/number} {in/out} |
router(config-if)# |
ip accounting |
router(config-if)# |
ip address |
router(config-if)# |
ip authentication |
router(config-if)# |
ip bandwidth-percent |
router(config-if)# |
ip broadcast-address |
router(config-if)# |
ip cgmp |
router(config-if)# |
ip directed-broadcast |
router(config-if)# |
ip dvmrp |
router(config-if)# |
ip hello-interval |
router(config-if)# |
ip helper-address |
router(config-if)# |
ip hold-time |
router(config-if)# |
ip igmp |
router(config-if)# |
ip irdp |
router(config-if)# |
ip mask-reply |
router(config-if)# |
ip mobile |
router(config-if)# |
ip mroute-cache |
router(config-if)# |
ip mtu |
router(config-if)# |
ip multicast |
router(config-if)# |
ip nat |
router(config-if)# |
ip nhrp |
router(config-if)# |
ip ospf |
router(config-if)# |
ip pim |
router(config-if)# |
ip policy |
router(config-if)# |
ip probe |
router(config-if)# |
ip proxy-arp |
router(config-if)# |
ip rarp-server |
router(config-if)# |
ip redirects |
router(config-if)# |
ip rip |
router(config-if)# |
ip route-cache |
router(config-if)# |
ip rsvp |
router(config-if)# |
ip rtp |
router(config-if)# |
ip sap |
router(config-if)# |
ip sdr |
router(config-if)# |
ip security |
router(config-if)# |
ip split-horizon |
router(config-if)# |
ip summary-address |
router(config-if)# |
ip tcp |
router(config-if)# |
ip unnumbered |
router(config-if)# |
ip unreachables |
router(config-if)# |
ip verify |
router(config-if)# |
ip web-cache |
Commands for line configuration:
These are to be used while setting up the router’s line connections. The same prompt is used for the console line, the vty line, and the auxiliary line, which can cause some confusion. Depending on the command that was sent in global configuration mode, i.e. – determine which one you are working on.
- router(config)# line aux 0
- router(config)# line console 0
- router(config)# line vty 0 4 in
You can only configure one type of line connection at a time; to configure another, you must return to the global configuration mode and choose the appropriate line type as described above.
Command prompt |
Available commands |
Comments |
router(config-line)# |
exec-timeout |
To configure the console time out |
router(config-line)# |
logging synchronous |
This command disables console pop-up messages. |
router(config-line)# |
line vty 0 ? |
To determine the number of available vty lines |
router(config-line)# |
login |
To ask for a login that is valid for aux, console, and vty |
router(config-line)# |
password |
Set a password that is valid for the aux, console, and vty |
router(config-line)# |
no login |
Risky – this command says that a password is not necessary and is valid for vty |
Like Article
Suggest improvement
Share your thoughts in the comments
Please Login to comment...