Day 4: Introduction to the CLI

CCNA 200-301 Study Guide: Device Management & CLI Fundamentals

Mastering initial device access and Command-Line Interface (CLI) navigation is the foundation for all network configuration, troubleshooting, and security hardening. These skills are central to Domain 1.0 (Network Fundamentals) and Domain 5.0 (Security Fundamentals).

1.0 Establishing the Initial Console Connection

Before network-based protocols (SSH/Telnet) can be used, you must establish "out-of-band" access. This is the only reliable method for managing unconfigured devices.

1.1 Physical Hardware and Cabling

Console Port: A dedicated management port (RJ-45 or USB mini-B).
Rollover Cable: A specialized cable with reversed pinouts designed for serial communication.
USB-to-Serial Adapter: Required for modern PCs lacking native DB9 serial ports.

Critical Note: A rollover cable is electrically incompatible with standard Ethernet signaling. Using a standard Ethernet cable in a console port will not work and may cause hardware damage.

1.2 Terminal Emulator Configuration

Use an application like PuTTY or Tera Term with the following precise serial settings:

Setting	Value
Baud Rate (Speed)	9600 bps
Data Bits	8
Parity	None
Stop Bits	1
Flow Control	None

2.0 Mastering the Cisco IOS CLI

The Cisco Internetwork Operating System (IOS) uses a hierarchical mode structure to prevent accidental configuration errors by restricting sensitive commands to specific modes.

2.1 The Hierarchy of CLI Modes

Mode Name	Prompt	Access Method	Core Function
User EXEC	Router>	Default on login.	Basic monitoring/connectivity tests.
Privileged EXEC	Router#	enable	Full "show" commands, file mgmt, reloads.
Global Config	Router(config)#	configure terminal	Commands affecting the entire device.
Interface Config	Router(config-if)#	interface [type/id]	Specific interface settings (IP, Speed).

Command/Shortcut	Purpose and Operational Impact
exit	Moves back one level in the hierarchy.
end or Ctrl+Z	Immediately returns to Privileged EXEC mode.
?	Context-sensitive help; lists available commands/options.
Tab	Command completion; also verifies correct syntax.
do	Executes a Privileged EXEC command from configuration modes.

3.0 Core Device Configuration and Security

3.1 Establishing Identity and Access

Hostname: Use hostname [Name] in Global Config to identify the device.
Securing Privileged Access:
- enable password: Insecure. Stores password in plain text. Do not use.
- enable secret: Best Practice. Stores password as a strong cryptographic hash.

Precedence Rule: If both are configured, the device always enforces the enable secret and ignores the plain-text password.

3.2 Password Obfuscation & Reversal

service password-encryption: Applies weak, reversible encryption to plain-text passwords to prevent "shoulder surfing."
The no Command: Prefix any command with no to remove or reverse it (e.g., no hostname).

4.0 Managing and Saving Configuration Files

It is vital to distinguish between active (volatile) memory and permanent storage.

4.1 The Two Key Configuration Files

File Type	Storage Location	Persistence	View Command
Running Configuration	RAM	Volatile: Lost on power loss.	show running-config
Startup Configuration	NVRAM	Non-Volatile: Persists on reboot.	show startup-config

4.2 Persisting Changes

To save active changes, you must copy the running configuration to the startup configuration:

copy running-config startup-config

5.0 Study Summary: Critical Recall

Console Settings: 9600, 8, N, 1 (8-N-1).
Access Escalation: User EXEC $\rightarrow$ enable $\rightarrow$ Privileged EXEC $\rightarrow$ conf t $\rightarrow$ Global Config.
Encryption Best Practice: Always use enable secret over enable password.
Final Step: Always perform a copy run start before exiting your session to ensure changes survive a reboot.