Navigating the Cisco CLI

Real World Application

As a Cisco network engineer, you’ll need to master navigating through the command line interface as all cisco devices are configured via CLI. However there are a few Java configuration GUI’s such as ASDM and PDM but these are commonly frowned upon as those GUI configuration tools tend to make device configurations look unclean to engineers whom use the CLI. As a CCNA You’re required to master navigation through different CLI modes including but not limited to User Mode, Privileged Mode, Global Configuration Mode, Interface Configuration Mode, Router Configuration Mode, VLAN Database Configuration Mode, Access-List Configuration Mode Mode and Line Configuration Mode.

Lab Prerequisites

Lab Objectives

Lab Instruction

Mastering the navigation through the Cisco command line interface is an absolute requirement for any Cisco engineer. There are several different types of modes in the Cisco CLI. User mode is the mode you’re first placed into upon pressing return after entering your user authentication information, vty or line password. Once you’re placed into User Mode, you’re limited as to the commands you’re able to execute from the CLI.

However, many commands at the user level can be very informative such including but not limited to; ping, traceroute, show cdp neighbors, show version and show interface command(s).

In privileged mode, you’re given the ability to configure the device and execute management commands including but not limited to; configure, clear, reload, more, copy, delete, erase and debug.

As shown below in the terminal box you can see that after pressing return you’re placed into Cisco CLI with the “>” greater then sign next to the hostname. This is called user mode.

Router con0 is now available

Press RETURN to get started.

Router>

At any point in the Cisco CLI you can use the question mark to get a context mode sensitive help list of available commands to execute from your current privilege level. shown below;

Router>?
Exec commands:
  access-enable    Create a temporary Access-List entry
  access-profile   Apply user-profile to interface
  clear            Reset functions
  connect          Open a terminal connection
  crypto           Encryption related commands.
  disable          Turn off privileged commands
  disconnect       Disconnect an existing network connection
  emm              Run a configured Menu System
  enable           Turn on privileged commands
  ethernet         Ethernet parameters
  exit             Exit from the EXEC
  help             Description of the interactive help system
  lat              Open a lat connection
  lock             Lock the terminal
  login            Log in as a particular user
  logout           Exit from the EXEC
  mrinfo           Request neighbor and version information from a multicast router
  mstat            Show statistics after multiple multicast traceroutes
  mtrace           Trace reverse multicast path from destination to source
  name-connection  Name an existing network connection
 --More--

You can use return to show line by line or space bar to show the next paragraph of available commands. If you wish to exit the list without pressing space bar continuously to reach the end of the list, press the Q key.

When in user mode you can elevate your privileges by issuing the command enable from the user mode cli prompt. If you have an enable password or enable secret configured then you’ll be prompted to provide such authentication information to elevate your privileges.

Take note that when entering the password on a Cisco device, you will NOT see the password typed out. This is intentionally done by Cisco to prevent people from looking over your shoulders.

Router>enable
Password:
Router#

Once in privileged mode you’re able to execute commands that allow you to maintain and configure the device such as copy running-configuration startup-configuration

Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#

When you’re in privileged mode you can configure the router by entering the command configure terminal. This command will place you into global configuration mode where you can make device configuration changes. Note that this may not always be the case, if a Cisco Access Control Server is used for command authorization then each command you execute will be authorized by the Cisco ACS server prior to execution. The ACS Server (which is outside of the scope of the CCNA Certification) allows security engineers to control which users can execute which commands based on configured policies.

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#

Within global configuration mode (denoted by the (config)# prompt) you have access to different configuration modes such as interface configuration mode, router configuration mode, VLAN Database configuration mode, access-list configuration mode and many others;

Router(config)#interface f0/0
Router(config-if)#router eigrp 1
Router(config-router)#ip access-list extended example_acl_name
Router(config-ext-nacl)#line con 0
Router(config-line)#

To exit a specific mode to the previous mode just execute the command exit

In the early days of the Cisco IOS, keystroke navigation was used. Now days this type of navigation is considered “legacy” and no longer used but there is that .001% change that one day you’ll need it so its good to be aware of its existence.