Intro to CLI
Last updated
Last updated
Command-line interface
interface you use to configure Cisco devices
there is also a GUI (not preferred)
when you first configure a device, you have to connect to the console port (eg: connecting a laptop to the console port, either RJ45 or USB mini-B port, of a Cisco catalyst switch)
using a rollover cable - one end is RJ45 and the other end is DB9 connector (if the laptop does not have a serial port to plug the cable, use an adapter which has USB connector)
connections inside rollover cable: 1<->8, 2<->7, 3<->6, 4<->5
using PuTTy (terminal emulator)
also user mode
default when entering CLI indicated by '>' sign next to host name of the device (like router)
User EXEC mode is very limited
can't make any changes to the configuration and we won't be doing anything in this mode
also called 'enable mode'
Router>enable => Router#
provides complete access to view the device's configuration, restart the device
this is not the mode where you change the configuration, but you can change the time of the device, save current configuration file etc.
Features
use '?' to view the commands available
type 'en' and press 'tab' to complete the command
type 'en' and press enter to directly enter into privileged exec mode, because there is only 1 command staritng with 'en' that can be entered in user exec mode.
typing 'e' and pressing enter will return that it is an ambiguous command, beacuse there is more than 1 command starting with 'e'
typing 'e?' displays the possible commands that begin with 'e'
enter Privileged EXEC mode
Router#configure terminal => Router(config)#
shortest possible command for configure is 'conf' and for terminal is 't'
Router#conf t => Router(config)#
enter Global configuration mode
Router(config)#hostname R1 => R1(config)#
can protect [[#Privileged EXEC mode]] mode with a password, so that when entering 'enable' command from user exec mode, a password is asked
passwords are case sensitive
should be entered in Global configuration mode
Router(config)#enable password CCNA
the password does not display as you type it, for security purposes
if you enter the wrong password 3 times, you will be denied access
Features
Router(config)#enable pass? - shows all possible completions of the word (no space before ?)
Router(config)#enable password ? - shows all possible options one could enter next in the command (space before ?)
< cr > means there are no further options, enter the command
there are 2 separate config files kept on the device at once.
Running-config: the current, active config file on the device. as you enter commands in the CLI, you edit the active configuration
Startup-config: the config file that will be loaded upon restart of the device. if you don't save the running-config before closing the device (router), you will lose the changes. you have to save them to the startup-config
should be entered in Privileged exec mode
Router#show running-config : displays 'enable password CCNA' at the begining of the output
Router#show startup-config : displays 'not present', because we haven't saved the running-config yet
Saving the configuration
3 ways. all entered from privileged exec mode
after this, 'show startup-config' command will display the same output as 'running-config'
should also be entered in Privileged exec mode
Router#write
Router#write memory
Router#copy running-config startup-config
should be entered in Global configuration mode
Router(config)#service password-encryption
because password is displayed in plain text, it is a security risk, which will allow the person to enter privileged exec, global configuration mode and make changes to the device.
this will encrypt all passwords in a jumble of numbers and letters.
check by entering 'show running-config' command.
displays: enable password 7 08027AJ6T
number '7' indicates the type of encryption used. 7 -> Cisco's proprietary encryption algorithm.
not very secure, can be cracked (Cisco type 7 password cracker)
Router(config)#enable secret Cisco (Cisco - password)
check by entering '#do sh run' in global configuration mode.
displays: enable secret 5 $ajkLsaj483hakhbHABbah
number '5' indicates MD5 encryption
much more secure, still can be cracked
Note
if both 'enable secret' and 'enable password' commands are configured, only 'enable secret' will be valid and 'enable password' will become invalid
'service password-encryption' (used to encrypt 'enable password') has no effect on 'enable secret' command, which is always encrypted, whether you enter 'service password-encryption' or not.
so always use 'enable secret'
Features
Router(config)#do sh run
to execute privileged exec mode commands like 'show running-config' in other configuration levels
type 'no' in front of the command
Router(config)#no service password-encryption
future passwords will no longer be encrypted and will be in clear text
passwords which are already encrypted will NOT be decrypted by disabling 'service password-encryption'
Modes
Router> user EXEC mode
Router# privileged EXEC mode
Router(config)# global configuration mode
Commands
Router>enable to enter privileged EXEC mode
Router#configure terminal to enter global configuration mode
Router(config)#enable password password configures a password to protect privileged EXEC mode
Router(config)#service password-encryption encrypts the enable password (and others)
Router(config)#enable secret password configures a more secure, always encrypted password
Router(config)#do privileged-exec-level-command executes a privileged-exec level command from global configuration mode
Router(config)#no command removes the command
Router#show running-config displays the current, active configuration file
Router#show startup-config displays the saved configuration file which will be loaded if the device is restarted
Router(config)#write saves the configuration
Router(config)#write memory saves the configuration
Router(config)#copy running-config startup-config saves the configuration