Day 4: Introduction to the CLI

CCNA 200-301 Study Guide: Device Management & CLI Fundamentals
Mastering initial device access and Command-Line Interface (CLI) navigation is the foundation for all network configuration, troubleshooting, and security hardening. These skills are central to Domain 1.0 (Network Fundamentals) and Domain 5.0 (Security Fundamentals).
1.0 Establishing the Initial Console Connection
Before network-based protocols (SSH/Telnet) can be used, you must establish "out-of-band" access. This is the only reliable method for managing unconfigured devices.
1.1 Physical Hardware and Cabling
Console Port: A dedicated management port (RJ-45 or USB mini-B).
Rollover Cable: A specialized cable with reversed pinouts designed for serial communication.
USB-to-Serial Adapter: Required for modern PCs lacking native DB9 serial ports.
Critical Note: A rollover cable is electrically incompatible with standard Ethernet signaling. Using a standard Ethernet cable in a console port will not work and may cause hardware damage.
1.2 Terminal Emulator Configuration
Use an application like PuTTY or Tera Term with the following precise serial settings:
Setting
Value
Baud Rate (Speed)
9600 bps
Data Bits
8
Parity
None
Stop Bits
1
Flow Control
None
2.0 Mastering the Cisco IOS CLI
The Cisco Internetwork Operating System (IOS) uses a hierarchical mode structure to prevent accidental configuration errors by restricting sensitive commands to specific modes.
2.1 The Hierarchy of CLI Modes
Mode Name
Prompt
Access Method
Core Function
User EXEC
Router>
Default on login.
Basic monitoring/connectivity tests.
Privileged EXEC
Router#
enable
Full "show" commands, file mgmt, reloads.
Global Config
Router(config)#
configure terminal
Commands affecting the entire device.
Interface Config
Router(config-if)#
interface [type/id]
Specific interface settings (IP, Speed).
2.2 Navigation & Productivity Shortcuts
Command/Shortcut
Purpose and Operational Impact
exit
Moves back one level in the hierarchy.
end or Ctrl+Z
Immediately returns to Privileged EXEC mode.
?
Context-sensitive help; lists available commands/options.
Tab
Command completion; also verifies correct syntax.
do
Executes a Privileged EXEC command from configuration modes.
3.0 Core Device Configuration and Security
3.1 Establishing Identity and Access
Hostname: Use hostname [Name] in Global Config to identify the device.
Securing Privileged Access:
enable password: Insecure. Stores password in plain text. Do not use.
enable secret: Best Practice. Stores password as a strong cryptographic hash.
Precedence Rule: If both are configured, the device always enforces the enable secret and ignores the plain-text password.
3.2 Password Obfuscation & Reversal
service password-encryption: Applies weak, reversible encryption to plain-text passwords to prevent "shoulder surfing."
The no Command: Prefix any command with no to remove or reverse it (e.g., no hostname).
4.0 Managing and Saving Configuration Files
It is vital to distinguish between active (volatile) memory and permanent storage.
4.1 The Two Key Configuration Files
File Type
Storage Location
Persistence
View Command
Running Configuration
RAM
Volatile: Lost on power loss.
show running-config
Startup Configuration
NVRAM
Non-Volatile: Persists on reboot.
show startup-config
4.2 Persisting Changes
To save active changes, you must copy the running configuration to the startup configuration:
copy running-config startup-config
5.0 Study Summary: Critical Recall
Console Settings: 9600, 8, N, 1 (8-N-1).
Access Escalation: User EXEC $\rightarrow$ enable $\rightarrow$ Privileged EXEC $\rightarrow$ conf t $\rightarrow$ Global Config.
Encryption Best Practice: Always use enable secret over enable password.
Final Step: Always perform a copy run start before exiting your session to ensure changes survive a reboot.