Intro to the CLI

Day 4

Cisco IOS is an operating system used on Cisco devices (not related to Apple iOS). CLI is a command-line interface used to configure Cisco devices. There is also a GUI (graphical user interface). Network engineers prefer using CLI over GUI, so GUI will not be covered here.

CLI connection

To configure a Cisco device with the CLI, we can connect via the console port as below.

A cable that can be used to connect to the RJ45 console port is called a rollover cable. And the pins are connected as follows.

After the connection is done, we need to use a Terminal emulator like PuTTY and choose a serial connection type to access a CLI. PuTTY configuration and the default settings for Cisco devices are as follows.

Modes

User EXEC mode

Once you access the CLI, you will be in User EXEC mode by default. It is indicated by the ">" (greater than) sign next to the hostname of the device. User EXEC mode is very limited, users can look at some things but are not allowed to change any configuration. It is also called "user mode".

Privileged EXEC mode

To enter Privileged EXEC mode, you have to enter the command enable in user mode. It is indicated by the "#" (hashtag) sign next to the hostname. It provides complete access to view the device's configuration, restart it, etc. But the configuration cannot still be changed. Here is the list of all available commands. Also, you can use a "?" (question mark) to see the available commands in the current mode.

Global configuration mode

The command to enter global configuration mode is configure terminal. The indication of this mode is "(config)" after the hostname. Entering this mode, you can configure the device.

Password protection

To protect the privileged EXEC mode with a password, we use the command enable password followed by the password we want to use. It is case-sensitive. The problem with this command is that it keeps the password unencrypted in the configuration file, to encrypt it, there is another command entered in global configuration mode -service password-encryption. But there is an even more secure method, using enable secret command instead of enable password. In this way, the encryption algorithm used is more advanced. To disable password encryption or cancel any other command, a keyword no is used in front of the command. E.g. if we type no service password-encryption, future passwords will no longer be encrypted but it doesn't affect the passwords which are already encrypted.

Configuration files

There are two separate configuration files in the device at once:

Running config - the current, active configuration file on the device. As commands are entered in the CLI, this file gets changed.
Startup config - the configuration file which gets loaded upon the restart of the device.

To view the running configuration file, show running-config command is used in global configuration mode. For the startup-config file use show startup-config.

There are 3 ways to save the running configuration as a startup configuration, and all of them are executed from privileged EXEC mode:

write
write memory
copy running-config startup-config

8KB

Day 4 Flashcards - Intro to the CLI.apkg

45KB

Day 4 Lab - Basic Device Security.pkt

PreviousOSI Model & TCP/IP Suite NextEthernet LAN Switching (Part 1)

Last updated 8 months ago