Cisco IOS

Created August 25, 2025 Last modified August 25, 2025 @ 11:47 PM

Cisco IOS is the operating system used to configure Cisco networking devices. It is a command line interface (CLI).

Connecting to the CLI

Connecting to a device for configuration often entails connecting to the console port using a laptop with a rollover cable or a mini-USB cable. Then, a terminal emulator like PuTTY is used to connect with a Serial connection. The default settings are:

  • Speed (baud) = 9600
  • Data bits = 8
  • Stop bits = 1
  • Parity = None
  • Flow control = None

Command Completion

Commands can be abbreviated to their first several characters as long as the abbreviation is not ambiguous. For example, you may be able to run en to run the enable command, but running just e will return an ambiguous command error since the CLI doesn’t know whether you mean enable or exit, for example.

Viewing Available Commands

You can run ? to see the set of all available commands. You can also see a list of all commands that begin with a substring with substring?. For example, if I run e?, I’m asking for the set of commands that begin with the letter “e”, and so I might get enable and exit back.

User Exec Mode

When the connection is first established, the CLI will be in User Exec Mode, which is indicated by a greater than sign > following the hostname. For example, if the hostname is Router, then the CLI will display

Router>

This mode is pretty limited. No changes can be made to the configuration in user exec mode.

Privileged Exec Mode

Running the enable command puts the CLI in privileged exec mode, indicated by a pound sign # following the hostname. Continuing with the example above,

Router#

In this mode, the configuration still cannot be changed, but it does provide access to view the device’s entire configuration. You can also restart it, change the time on the device, and save the configuration file.

Global Configuration Mode

Running configure terminal puts the CLI into global configuration mode, indicated by (config)# following the hostname, like this:

Router(config)#

Global configuration mode enables many more privileges on the device,

Setting a Plain Text Password on Privileged Exec Mode

You can set a plain text password for privileged exec mode from global configuration mode by running enable password <password>, where <password> is the password you want to use. Still, this is generally not a good choice because the password is stored in plain text and is easy to get a hold of without authorization.

You can set a more secure password with service password-encryption. It encrypts all saved passwords so that they are not visible in plain text. The default type of encryption is Cisco’s proprietary encryption algorithm, which still isn’t very secure, and tools can be found easily that can crack these passwords.

For a better encryption type, use enable secret instead of enable password. This will use the MD5 encryption algorithm. MD5 also has some issues, but it is far better than the encryption used with service password-encryption.

If enable password and enable secret commands are both in the configuration, the enable password is ignored.

Configuration Files

There are two different configuration files kept on the device: running-config, the current, active configuration file that gets edited when you enter commands on the CLI, and startup-config, the configuration file that is loaded when the device reboots.

Viewing the Configuration Files

Run show running-config or show startup-config to see the configuration files. If a running-config file has not yet been saved, such as when you are doing a fresh configuration of a new or recently wiped device, show startup-config will return a message saying that the file is not present.

To save the current running configuration as the startup configuration, you can run any of the following from privileged exec mode:

  • write
  • write memory
  • copy running-config startup-config

Canceling Commands

You can cancel commands you’ve already run by running the command again with no prepended. For example, to stop encrypting passwords, you can run no service password-encryption.