Access to the CLI

Cisco uses the acronym CLI to refer to the terminal user command-line interface to the IOS. The term CLI implies that the user is typing commands at a terminal, a terminal emulator, or a Telnet connection.

To access the CLI, use one of three methods, as illustrated in Figure 7-1.

You access the router through the console, through a dialup device through a modem attached to the auxiliary port, or by using Telnet. The router has RJ-45 receptacles for both the console and the auxiliary port. The cable from the console to a PC requires a special eight-wire cable, called a rollover cable, in which pin 1 connects to pin 8 on the other end of the cable, pin 2 connects to pin 7, and so on. Figure 7-1 shows the cable pinouts. The modem connection from the auxiliary port uses a straight-through cable.

Figure 7-1 CLI Access

From any of the three methods of accessing the router, you enter user exec mode first. User exec mode, also sometimes called user mode, enables you to look around, but not break anything. The passwords shown in Figure 7-1 are not defaults—those passwords would be required if the configuration used in Table 7-2 were used. The console, auxiliary, and Telnet passwords all are set separately.

Table 7-2 CLI Password Configuration

Access From

Password Type



Console password

line console 0 login password faith


Auxiliary password

line aux 0 login password hope


vty password

line vty 0 4 login password love

Passwords are required for Telnet and auxiliary access as of Cisco IOS Software Release 12.0, and the exams are based on Cisco IOS Software Release 12.2. However, there are no preconfigured passwords—therefore, you must configure passwords for Telnet and auxiliary access from the console first.

All Cisco routers have a console port, and most have an auxiliary port. The console port is intended for local administrative access from an ASCII terminal or a computer using a terminal emulator. The auxiliary port, which is missing on a few models of Cisco routers, is intended for asynchronous dial access from an ASCII terminal or terminal emulator; the auxiliary port often is used for dial backup.

This chapter focuses on the process of using the CLI instead of a particular set of commands. However, if you see a command in this chapter, you probably should remember it. In the last column of Table 7-2, the first command in each configuration is a context-setting command, as described later in this chapter. But, as you see, the second and third commands would be ambiguous if you did not supply some additional information, such as whether the password command was for the console, aux, or Telnet. The login command actually tells the router to display a password prompt. The password commands specify the text password to be typed by the user to gain access. Sometimes network engineers choose to set all three passwords to the same value because they all let you get into user mode.

Several concurrent Telnet connections to a router are allowed. The line vty 0 4 command signifies that this configuration applies to vtys (virtual teletypes/terminals) 0 through 4. Originally, IOS allowed for only these five vtys, unless the router was also a dial access server, such as a Cisco AS5300. At IOS Version 12.2, 16 vtys are allowed by default on all models of routers. Regardless, all the configured vtys typically have the same password, which is handy because users connecting to the router through Telnet cannot choose which vty they get.

NOTE On occasion, a network engineer might set the last vty to use a different password that no one else knows; that way, when all the other vtys are in use and that network engineer Telnets to the router, he can use the password only he knows—and always get access to the router.

User exec mode is one of two command exec modes in the IOS user interface. Enable mode (also known as privileged mode or privileged exec mode) is the other. Enable mode is so named because the enable command is used to reach this mode, as shown in Figure 7-2; privileged mode earns its name because powerful, or privileged, commands can be executed there.

Figure 7-2 User and Privileged Modes router>enable password: zzzzz router#

router>enable password: zzzzz router#

router#disable router>

'Also Called router#disable router>

Enable Mode

Was this article helpful?

0 0

Post a comment