CHAPTER 4:

USING THE COMMAND-LINE

INTERFACE
ACCESSING THE CISCO CATALYST SWITCH CLI
• Cisco uses the concept of a command-line interface (CLI) with its
router products and most of its Catalyst LAN switch products.

• The CLI is a text-based interface in which the user, typically a network

engineer, enters a text command and presses Enter. Pressing Enter
sends the command to the switch, which tells the device to do
something.

• The switch does what the command says, and in some cases, the
switch replies with some messages stating the results of the
command.
CLI
• Cisco Catalyst switches also support other methods to both monitor
and configure a switch.

• For example, a switch can provide a web interface so that an engineer

can open a web browser to connect to a web server running in the
switch.

• Switches also can be controlled and operated using network

management software.
CISCO CONFIGURATION PROFESSIONAL - CCP
CISCO CATALYST SWITCHES
• Within the Cisco Catalyst brand of LAN switches, Cisco produces a wide
variety of switch series or families.

• Each switch series includes several specific models of switches that have
similar features, similar price-versus-performance tradeoffs, and similar
internal components.

• For example, at the time this book was published, the Cisco 2960-XR series
of switches was a current switch model series.

• Cisco positions the 2960-XR series (family) of switches as full-featured, low-

cost wiring closet switches for enterprises. That means that you would
expect to use 2960-XR switches as access switches in a typical campus LAN
design
• Figure 4-1 shows a photo of 10 different models from the 2960-XR
switch model series from Cisco.

• Each switch series includes several models, with a mix of features. For
example, some of the switches have 48 RJ-45 unshielded twisted-pair
(UTP) 10/100/1000 ports, meaning that these ports can
autonegotiate the use of 10BASE-T (10 Mbps), 100BASE-T (100
Mbps), or 1000BASE-T (1 Gbps) Ethernet.
• Cisco refers to a switch’s physical connectors as either interfaces or
ports, with an interface type and interface number. The interface
type, as used in commands on the switch, is either Ethernet, Fast
Ethernet, Gigabit Ethernet, and so on for faster speeds.

• For Ethernet interfaces that support running at multiple speeds, the

permanent name for the interface refers to the fastest supported
speed.

• For example, a 10/100/1000 interface (that is, an interface that runs

at 10 Mbps, 100 Mbps, or 1000 Mbps) would be called Gigabit
Ethernet no matter what speed is currently in use.
• To uniquely number each different interface, some Catalyst switches
use a two-digit interface number (x/y), while others have a three-digit
number (x/y/z).

• For instance, two 10/100/1000 ports on many older Cisco Catalyst

switches would be called GigabitEthernet 0/0 and GigabitEthernet
0/1, while on the newer 2960-XR series, two interfaces would be
GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
ACCESSING THE CISCO IOS CLI
• Like any other piece of computer hardware, Cisco switches need some kind
of operating system software. Cisco calls this OS the Internetwork
Operating System (IOS).

• Cisco IOS Software for Catalyst switches implements and controls logic and
functions performed by a Cisco switch. Besides controlling the switch’s
performance and behavior, Cisco IOS also defines an interface for humans
called the CLI.

• The Cisco IOS CLI allows the user to use a terminal emulation program,
which accepts text entered by the user. When the user presses Enter, the
terminal emulator sends that text to the switch. The switch processes the
text as if it is a command, does what the command says, and sends text
back to the terminal emulator.
• The switch CLI can be accessed through three popular methods—the
console, Telnet, and Secure Shell (SSH).

• Two of these methods (Telnet and SSH) use the IP network in which
the switch resides to reach the switch. The console is a physical port
built specifically to allow access to the CLI. Figure 4-2 depicts the
options.
• Console access requires both a physical connection between a PC (or
other user device) and the switch’s console port, as well as some
software on the PC.

• Telnet and SSH require software on the user’s device, but they rely on
the existing TCP/IP network to transmit data.

• The next few pages detail how to connect the console and set up the
software for each method to access the CLI.
CABLING THE CONSOLE CONNECTION
• The physical console connection, both old and new, uses three main
components:

1. The physical console port on the switch,

2. A physical serial port on the PC, and

3. A cable that works with the console and serial ports.

• Most PCs today use a familiar standard USB cable for the console
connection.

• Cisco has been including USB ports as console ports in newer routers
and switches as well.

• All you have to do is look at the switch to make sure you have the
correct style of USB cable end to match the USB console port.

• In the simplest form, you can use any USB port on the PC, with a USB
cable, connected to the USB console port on the switch or router, as
shown on the far right side of Figure 4-3.
Original Rollover cable
Rollover cable and USB Converter
USB Console Cable
• Older console connections use a PC serial port that pre-dates USB, a
UTP cable, and an RJ-45 console port on the switch, as shown on the
left side of Figure 4-3. The PC serial port typically has a D-shell
connector (roughly rectangular) with nine pins (often called a DB-9).

• The console port looks like any Ethernet RJ-45 port (but is typically
colored in blue and with the word console beside it on the switch).
• The 2960-XR series, for instance, supports both the older RJ-45
console port and a USB console port.

• Figure 4-4 points to the two console ports; you would use only one or
the other. Note that the USB console port uses a mini-B port rather
than the more commonly seen rectangular standard USB Type A port.
• After the PC is physically connected to the console port, a terminal
emulator software package must be installed and configured on the
PC. The terminal emulator software treats all data as text.

• It accepts the text typed by the user and sends it over the console
connection to the switch. Similarly, any bits coming into the PC over
the console connection are displayed as text for the user to read.
• The emulator must be configured to use the PC’s serial port to match
the settings on the switch’s console port settings. The default console
port settings on a switch are as follows.

Note that the last three parameters are referred to collectively as 8N1:
■ 9600 bits/second
■ No hardware flow control
■ 8-bit ASCII
■ No parity bits
■ 1 stop bit
• In this example I am using PuTTy as the emulator
ACCESSING THE CLI WITH TELNET AND SSH
• Terminal emulators support a variety of TCP/IP applications as well,
including Telnet and SSH.

• Telnet and SSH both allow the user to connect to another device’s CLI,
but instead of connecting through a console cable to the console
port, the traffic flows over the same IP network that the networking
devices are helping to create.

• Telnet uses the concept of a Telnet client (the terminal application)

and a Telnet server (the switch in this case). A Telnet client, the
device that sits in front of the user, accepts keyboard input and sends
those commands to the Telnet server. The Telnet server accepts the
text, interprets the text as a command, and replies back.
• Cisco Catalyst switches enable a Telnet server by default, but
switches need a few more configuration settings before you can
successfully use Telnet to connect to a switch.

• Using Telnet in a lab today makes sense, but Telnet poses a

significant security risk in production networks. Telnet sends all data
(including any username and password for login to the switch) as
clear-text data. SSH gives us a much better option.

• Think of SSH as the much more secure Telnet cousin. SSH encrypts
the contents of all messages, including the passwords, avoiding the
possibility of someone capturing packets in the network and stealing
the password to network devices.
USER AND ENABLE (PRIVILEGED) MODES
• All three CLI access methods covered so far (console, Telnet, and SSH) place the user in
an area of the CLI called user EXEC mode.

• User EXEC mode, sometimes also called user mode, allows the user to look around but
not break anything. The “EXEC mode” part of the name refers to the fact that in this
mode, when you enter a command, the switch executes the command and then displays
messages that describe the command’s results.

• Cisco IOS supports a more powerful EXEC mode called enable mode (also known as
privileged mode or privileged EXEC mode). Enable mode gets its name from the enable
command, which moves the user from user mode to enable mode, as shown in Figure 4-
6.

• The other name for this mode, privileged mode, refers to the fact that powerful (or
privileged) commands can be executed there. For example, you can use the reload
command, which tells the switch to reinitialize or reboot Cisco IOS, only from enable
mode.
• Example 4-1 demonstrates the differences between user and enable
modes.
PASSWORD SECURITY FOR CLI ACCESS FROM THE
CONSOLE
• The enable secret Cisco123 configuration command defines the
password that all users must use to reach enable mode.

• So, no matter whether users connect from the console, Telnet, or

SSH, they would use the password Cisco321 when prompted for a
password after typing the enable EXEC command.
CLI HELP FEATURES
• If you printed the Cisco IOS Command Reference documents, you would end up
with a stack of paper several feet tall. No one should expect to memorize all the
commands—and no one does.

• You can use several very easy, convenient tools to help remember commands and
save time typing. As you progress through your Cisco certifications, the exams will
cover progressively more commands. However, you should know the methods of
getting command help.

• Table 4-2 summarizes command-recall help options available at the CLI. Note
that, in the first column, command represents any command. Likewise, parm
represents a command’s parameter.

• For example, the second row lists command ?, which means that commands such
as show ? and copy ? would list help for the show and copy commands,
respectively.
• When you enter the ?, the Cisco IOS CLI reacts immediately; that is,
you don’t need to press the Enter key or any other keys.

• The device running Cisco IOS also redisplays what you entered before
the ? to save you some keystrokes. If you press Enter immediately
after the ?, Cisco IOS tries to execute the command with only the
parameters you have entered so far.

• The information supplied by using help depends on the CLI mode.

• Cisco IOS stores the commands that you enter in a history buffer,
storing ten commands by default.

• The CLI allows you to move backward and forward in the historical list
of commands and then edit the command before reissuing it.

• These key sequences can help you use the CLI more quickly on the
exams. Table 4-3 lists the commands used to manipulate previously
entered commands.
THE DEBUG AND SHOW COMMANDS
• By far, the single most popular Cisco IOS command is the show
command. The show command has a large variety of options, and
with those options, you can find the status of almost every feature of
Cisco IOS.

• Essentially, the show command lists the currently known facts about
the switch’s operational status. The only work the switch does in
reaction to show commands is to find the current status and list the
information in messages sent to the user.
• For example, consider the output from the show mac address-table
dynamic command listed in Example 4-3.

• This show command, issued from user mode, lists the table the
switch uses to make forwarding decisions.

• A switch’s MAC address table basically lists the data a switch uses to
do its primary job.
• The debug command also tells the user details about the operation of
the switch. However, while the show command lists status
information at one instant of time—more like a photograph— the
debug command acts more like a live video camera feed.

• Once you issue a debug command, IOS remembers, issuing messages

that any switch user can choose to see. The console sees these
messages by default.
CONFIGURING CISCO IOS SOFTWARE
• You will want to configure every switch in an Enterprise network, even though the
switches will forward traffic even with default configuration.

• Configuration mode is another mode for the Cisco CLI, similar to user mode and
privileged mode. User mode lets you issue nondisruptive commands and displays
some information.

• Privileged mode supports a superset of commands compared to user mode,

including commands that might disrupt switch operations. However, not one of
the commands in user or privileged mode changes the switch’s configuration.
Configuration mode accepts configuration commands—commands that tell the
switch the details of what to do and how to do it.

• Figure 4-7 illustrates the relationships among configuration mode, user EXEC
mode, andprivileged EXEC mode.
CONFIGURATION SUBMODES AND CONTEXTS
• Configuration mode itself contains a multitude of commands. To help
organize the configuration, IOS groups some kinds of configuration
commands together.

• To do that, when using configuration mode, you move from the initial
mode—global configuration mode—into subcommand modes.
Context-setting commands move you from one configuration
subcommand mode, or context, to another.

• These context-setting commands tell the switch the topic about

which you will enter the next few configuration commands. More
importantly, the context tells the switch the topic you care about right
now, so when you use the ? to get help, the switch gives you help
about that topic only.
• The best way to learn about configuration submodes is to use them.

DEMONSTRATE

• When you begin practicing with the CLI with real equipment, the
navigation between modes can become natural.
• The text inside parentheses in the command prompt identifies the
configuration mode. For example, the first command prompt after
you enter configuration mode lists (config), meaning global
configuration mode.

• After the line console 0 command, the text expands to (config-line),

meaning line configuration mode. Each time the command prompt
changes within config mode, you have moved to another
configuration mode.

• Table 4-4 shows the most common command prompts in

configuration mode, the names of those modes, and the context-
setting commands used to reach those modes.
• You should practice until you become comfortable moving between
the different configuration modes, back to enable mode, and then
back into the configuration modes.
STORING SWITCH CONFIGURATION FILES
• When you configure a switch, it needs to use the configuration. It also
needs to be able to retain the configuration in case the switch loses power.

• Cisco switches contain random access memory (RAM) to store data while
Cisco IOS is using it, but RAM loses its contents when the switch loses
power or is reloaded.

• To store information that must be retained when the switch loses power or
is reloaded, Cisco switches use several types of more permanent memory,
none of which has any moving parts.

• By avoiding components with moving parts (such as traditional disk drives),

switches can maintain better uptime and availability
The following list details the four main types of memory found in Cisco
switches, as well as the most common use of each type:
1. RAM: Sometimes called DRAM, for dynamic random-access memory,
RAM is used by the switch just as it is used by any other computer: for
working storage. The running (active) configuration file is stored here.

2. Flash memory: Either a chip inside the switch or a removable

memory card, flash memory stores fully functional Cisco IOS images
and is the default location where the switch gets its Cisco IOS at boot
time. Flash memory also can be used to store any other files, including
backup copies of configuration files.
3. ROM: Read-only memory (ROM) stores a bootstrap (or boothelper)
program that is loaded when the switch first powers on. This bootstrap
program then finds the full Cisco IOS image and manages the process
of loading Cisco IOS into RAM, at which point Cisco IOS takes over
operation of the switch.

4. NVRAM: Nonvolatile RAM (NVRAM) stores the initial or startup

configuration file that is used when the switch is first powered on and
when the switch is reloaded.
• Figure 4-9 summarizes this same information in a briefer and more
convenient form for memorization and study
• Essentially, when you use configuration mode, you change only the
running-config file. This means that the configuration example earlier
in this chapter (Example 4-4) updates only the running-config file.

• However, if the switch lost power right after that example, all that
configuration would be lost. If you want to keep that configuration,
you have to copy the running-config file into NVRAM, overwriting the
old startup-config file.
COPYING AND ERASING CONFIGURATION FILES
• The configuration process updates the running-config file, which is
lost if the router loses power or is reloaded.

• The EXEC command copy running-config startup-config backs up the

running-config to the startup-config file. This command overwrites
the current startup-config file with what is currently in the running-
configuration file.
• In addition, in the lab, you may want to just get rid of all existing
configuration and start over with a clean configuration. To do that,
you can erase the startup-config file using three different commands:

• write erase
• erase startup-config
• erase nvram:
• Once the startup-config file is erased, you can reload or power off/on
the switch, and it will boot with the now-empty startup configuration.

• Note that Cisco IOS does not have a command that erases the
contents of the running-config file. To clear out the running-config
file, simply erase the startup-config file, and then reload the switch,
and the running-config will be empty at the end of the process.
THE END.