Free CCNA | Intro to the CLI | Day 4 | CCNA 200-301 Complete Course
Introduction to Cisco IOS CLI
Overview of the Course
- Welcome to Jeremy’s IT Lab, offering a complete and free CCNA course.
- Viewers are encouraged to stay until the end for a quiz to test their knowledge.
- Anki flashcards are available via a link in the description to aid study efforts.
Understanding Cisco IOS
- Cisco IOS is the operating system for Cisco devices, analogous to Windows or macOS.
- Clarification that Cisco IOS is not related to Apple’s iOS for iPhones.
Connecting to Cisco Devices
Methods of Connection
- The lesson focuses on connecting via the console port; remote connection methods will be discussed later.
Console Port Details
- A Cisco Catalyst switch has two console ports: an RJ45 and a USB mini-B connector.
- To connect through the RJ45 port, a rollover cable is required, which has different pin configurations than standard Ethernet cables.
Accessing the CLI
Terminal Emulator Setup
- Use terminal emulators like PuTTy (available at putty.org) for accessing the CLI.
- Default settings include 9600 bits per second speed, 8 data bits, 1 stop bit, no parity, and no flow control.
Initial Configuration Dialog
- Upon first booting up a device, users can choose whether or not to enter an initial configuration dialog.
User EXEC Mode vs. Privileged EXEC Mode
User EXEC Mode
- Users start in user EXEC mode indicated by a ‘greater than sign’ next to the hostname (default: Router).
- This mode allows limited access; users can view but not change configurations.
Privileged EXEC Mode
- Entering 'enable' command switches users from user EXEC mode to privileged EXEC mode (indicated by a pound sign).
- In this mode, users have full access for viewing configurations and performing certain actions like saving files.
Using Packet Tracer Software
Resource Limitations
CLI Command Shortcuts and Configuration
Using the Question Mark for Command Assistance
- The question mark can be used in the CLI to view available commands, enhancing user experience.
- Typing 'en' allows access to privileged EXEC mode without needing to type 'enable', showcasing command shortcuts.
- If a command is ambiguous (like just typing 'e'), using 'e?' displays possible commands starting with that letter.
Entering Global Configuration Mode
- To enter global configuration mode, use the command
configure terminal, which can be shortened toconf t.
- The CLI provides options when typing partial commands; for example, typing 'con?' shows both
configureandconnect.
Setting Password Protection
- Protecting privileged EXEC mode requires setting a password using the command
enable passwordin global configuration mode.
- The question mark's placement affects output: no space after it shows completions of the current word, while a space reveals next possible inputs.
Testing Password Functionality
- After setting a password (case-sensitive), testing involves exiting back to user EXEC mode and entering the enable command.
- Incorrect passwords lead to being locked out after three failed attempts, emphasizing security measures.
Understanding Configuration Files
- There are two main configuration files: running-config (active settings) and startup-config (settings loaded on reboot).
Configuration and Security of Cisco Devices
Understanding Configuration Files
- The configuration file contains a lot of data by default; only the output up to the entered command is included for clarity.
- The command
show startup-configreveals that the startup configuration is not present until the running configuration is saved, leading to a default load upon router restart.
Saving Configurations
- Three commands can save the running configuration:
write,write memory, andcopy running-config startup-config. All are executed from privileged exec mode.
- After saving, using
show startup-configdisplays the same information asshow running-config, confirming successful saving.
Enhancing Password Security
- The enable password appears in plain text, posing a security risk. To enhance security, use the command
service password-encryptionin global configuration mode.
- This command encrypts passwords into an unreadable format. For example, 'CCNA' becomes '08026F6028', with '7' indicating Cisco's proprietary encryption algorithm.
Limitations of Basic Encryption
- Despite using
service password-encryption, this method is still vulnerable; passwords can be cracked easily with available tools.
- A more secure option is to use the
enable secretcommand instead ofenable password. This employs MD5 encryption (indicated by '5'), which offers better protection against cracking.
Command Effects and Deletion
- The presence of both commands (
enable secretandenable password) means only the enable secret will be valid if both are configured.
- To delete or cancel a command, prefix it with ‘no’. However, disabling service password-encryption does not decrypt existing passwords; future passwords will be stored in clear text.
Summary of Key Commands
- Review of CLI modes: User EXEC mode (greater than sign), Privileged EXEC mode (pound/hash), Global Configuration mode (config in brackets).
- Important commands include:
- enable: Enter privileged exec mode.
- configure terminal: Enter global configuration mode.
- enable password: Set a password for privileged exec access.
Understanding Cisco Device Configuration
Key Commands for Device Configuration
- The enable secret command configures a secure, encrypted enable password for the device.
- The do command allows execution of privileged exec-level commands while in global configuration mode.
- The no command is used to remove previously configured commands from the device settings.
- The show running-config command displays the current active configuration, while show startup-config shows the saved configuration that loads on restart.
Saving Configurations
- To save the current running configuration as the startup configuration, use any of these commands: write, write memory, or copy running-config startup-config.
Quiz Question 1: Connecting to Cisco Devices
- Question: What type of cable connects to a Cisco device via RJ45 console port?
- A. Rollover cable
- B. Crossover cable
- C. USB cable
- Correct answer is A (rollover cable). Crossover cables connect similar devices (e.g., switch to switch), and USB ports are separate from RJ45 console ports.
Quiz Question 2: Password Issues
- Question: If your password isn't accepted when entering privileged exec mode, what could be wrong?
- A. Service password-encryption is enabled
- B. Service password-encryption is disabled
- C. Caps Lock is on
- Correct answer is C (Caps Lock is on). Password case sensitivity means incorrect entry can occur if Caps Lock is activated.
Quiz Question 3: Securing Privileged EXEC Mode
- Question: What’s the most secure method to protect access to privileged EXEC mode?
- A. Enable secret command
- B. Enable password command
- C. Enable password with service password-encryption
- Correct answer is A (enable secret command), which uses MD5 encryption, making it more secure than plain-text passwords or weak encryption methods.
Quiz Question 4: Command Precedence
- Question: If both enable password and enable secret are set, which do you enter for privileged EXEC mode?
- A. Enter enable password followed by enable secret
- B. Enter only enable password
- C. Enter only enable secret
- Correct answer is C (you must enter the enable secret only), as it takes precedence over the enable password.
Final Quiz Question: Global Configuration Mode Command
- Question: What does conf t stand for in global configuration mode?
- A. Configuration time
- B. Configure terminal
- C. Configuration terminal
- Correct answer is B (configure terminal). Knowing full-length commands helps reduce typing errors in CLI operations.
Supplementary Materials
- Review flashcards are available for memorizing commands; check links in description.
- There will also be a Packet Tracer practice lab provided in the next video for hands-on experience with configuring Cisco devices through CLI.