# Day 4: Introduction to the CLI # CCNA 200-301 Study Guide: Device Management & CLI Fundamentals Mastering initial device access and Command-Line Interface (CLI) navigation is the foundation for all network configuration, troubleshooting, and security hardening. These skills are central to Domain 1.0 (Network Fundamentals) and Domain 5.0 (Security Fundamentals). ## 1.0 Establishing the Initial Console Connection Before network-based protocols (SSH/Telnet) can be used, you must establish "out-of-band" access. This is the only reliable method for managing unconfigured devices. ### 1.1 Physical Hardware and Cabling - Console Port: A dedicated management port (RJ-45 or USB mini-B). - Rollover Cable: A specialized cable with reversed pinouts designed for serial communication. - USB-to-Serial Adapter: Required for modern PCs lacking native DB9 serial ports. Critical Note: A rollover cable is electrically incompatible with standard Ethernet signaling. Using a standard Ethernet cable in a console port will not work and may cause hardware damage. ### 1.2 Terminal Emulator Configuration Use an application like PuTTY or Tera Term with the following precise serial settings:

Setting	Value
Baud Rate (Speed)	9600 bps
Data Bits	8
Parity	None
Stop Bits	1
Flow Control	None

## 2.0 Mastering the Cisco IOS CLI The Cisco Internetwork Operating System (IOS) uses a hierarchical mode structure to prevent accidental configuration errors by restricting sensitive commands to specific modes. ### 2.1 The Hierarchy of CLI Modes

Mode Name	Prompt	Access Method	Core Function
User EXEC	Router>	Default on login.	Basic monitoring/connectivity tests.
Privileged EXEC	Router#	enable	Full "show" commands, file mgmt, reloads.
Global Config	Router(config)#	configure terminal	Commands affecting the entire device.
Interface Config	Router(config-if)#	interface \[type/id\]	Specific interface settings (IP, Speed).

### 2.2 Navigation & Productivity Shortcuts

Command/Shortcut	Purpose and Operational Impact
exit	Moves back one level in the hierarchy.
end or Ctrl+Z	Immediately returns to Privileged EXEC mode.
?	Context-sensitive help; lists available commands/options.
Tab	Command completion; also verifies correct syntax.
do	Executes a Privileged EXEC command from configuration modes.

## 3.0 Core Device Configuration and Security ### 3.1 Establishing Identity and Access - Hostname: Use hostname \[Name\] in Global Config to identify the device. - Securing Privileged Access: - enable password: Insecure. Stores password in plain text. Do not use. - enable secret: Best Practice. Stores password as a strong cryptographic hash. Precedence Rule: If both are configured, the device always enforces the enable secret and ignores the plain-text password. ### 3.2 Password Obfuscation & Reversal - service password-encryption: Applies weak, reversible encryption to plain-text passwords to prevent "shoulder surfing." - The no Command: Prefix any command with no to remove or reverse it (e.g., no hostname). ## 4.0 Managing and Saving Configuration Files It is vital to distinguish between active (volatile) memory and permanent storage. ### 4.1 The Two Key Configuration Files

File Type	Storage Location	Persistence	View Command
Running Configuration	RAM	Volatile: Lost on power loss.	show running-config
Startup Configuration	NVRAM	Non-Volatile: Persists on reboot.	show startup-config

### 4.2 Persisting Changes To save active changes, you must copy the running configuration to the startup configuration: copy running-config startup-config ## 5.0 Study Summary: Critical Recall - Console Settings: 9600, 8, N, 1 (8-N-1). - Access Escalation: User EXEC $\\rightarrow$ enable $\\rightarrow$ Privileged EXEC $\\rightarrow$ conf t $\\rightarrow$ Global Config. - Encryption Best Practice: Always use enable secret over enable password. - Final Step: Always perform a copy run start before exiting your session to ensure changes survive a reboot.