Admins/Engineers: CLI or GUI?

I am curious about what most network guys use to configure devices on their job, CLI or GUI (CCP/ASDM/CSM)?

In my CCNA-Sec studies, the instructor says that most professionals, especially in environments with many devices, like to use a GUI to streamline their commands, put it in a text file, customize the text file, then push/enter it at the CLI. Is this typical?

I kind of imagine for simple tweaks on a small number of devices that people would just use the CLI and maybe for more complex tweaks on a larger number of devices they use the GUI?

Also, is CCNP-Sec similar to CCNA-Sec in pushing the GUI, or does it dive deeper into the CLI I hope?

Thanks!

Find more posts tagged with

Comments

pevangel

We use GUI for our MetroE, ATM, SONET, and some TDM gear but use CLI for everything else. We have several hundred devices on the network. I think it's actually close to a thousand. We don't have a lot of Cisco gear though (less than 100) and don't use CCP, ASDM, or CSM.

colemic

GUI for me, for Ironport and ASDM/AnyConnect. So, so much easier to see and understand for me.

shodown

Generally on firewalls I use a GUI unless I have the commands ready. For Routers and Switches I use Excel to get my configs ready and then I copy and paste into the device or run a script to log into several devices and do it at 1 time. If you are in a large enterprise you can get tools do this for you, but as an consultant the price of these tools would be close to 10K for me.

docrice

I always prefer the CLI as it's generally less overhead to manage with and often easier to "read" on the screen for me. There are cases where a GUI is preferred, but as a general rule I reach for the command line first if I have a choice. As soon as I have to manage something through a web UI, I have to consider the potential of web-based attacks, browser plugins, etc. which increases the attack surface.

In addition, if a network device has a web management interface available, it immediately becomes a candidate for web application scanning which adds more time to a vuln scan.

ande0255

Always CLI for Firewalls and troubleshooting voice routers, CCA or CCP I'll use for an advanced setup but I use CLI for adding ephones or dn's.

pitviper

Voice/Routing/Switching 100% CLI. Same for ASA unless I’m implementing something new – If so, I’ll use the GUI and analyze the configuration changes, then use the CLI (like your instructor mentioned).

Zone-Based Firewalls are a different story if you started out with a GUI generated config – they are a nightmare to work on via the CLI after that.

CoolAsAFan

Very interesting replies, it is cool to get an insight into how you guys do your jobs because hopefully I will be there one day!

xnx

docrice wrote: »

I always prefer the CLI as it's generally less overhead to manage with and often easier to "read" on the screen for me. There are cases where a GUI is preferred, but as a general rule I reach for the command line first if I have a choice. As soon as I have to manage something through a web UI, I have to consider the potential of web-based attacks, browser plugins, etc. which increases the attack surface.

In addition, if a network device has a web management interface available, it immediately becomes a candidate for web application scanning which adds more time to a vuln scan.

Yes, especially if your Front end code is as bad as Asus and D-Link..

matai

We're 99% GUI due to Merakis which I like a lot.

maharaliel

We are using GUI ASDM with ASA firewall configuration and CLI when configuring router or switches.

matt333

CLI 99.9% of the time Routing/switching and Gui for firewalls/ASA 80% of the time.

GreenLantern

I work with Cisco,Juniper,brocade,riverbed,mcafee. The only time I have used a GUI is when changing an image on a Juniper.
I have never used the CCP except to practice for the CCNA:SECURITY exam.

JDMurray

I used the command line for years before I saw a GUI (Windows 1.0 and 2.0, Macintosh, and the X Window System) and didn't think much of them. I still prefer the CLI for tools with simple and list output (Nmap, tracert, etc.). However, you can't beat grids and tables in a Web browser-based GUI for carving and massaging log and packet data. The right tool for the right job.

MAC_Addy

100% command line for (cisco) routers, switches, and ASA's. Even on the voice routers I prefer CLI. Though, when it comes to HP and other products, I always use GUI.

cisco_trooper

I use CLI for all cutovers. I will use the ASDM to just look at things sometimes, but never for configuration. I don't like what it does to the configuraton, and there still to this day is not 100% parity with the CLI.

With the CLI, you can **** a full configuration to text, throw it on a lab device if needed, make all cutover specific changes and have a full cutover config ready to go. All you do is hit enter or maybe copy it to startup and reload. This is the easiest and most painless way to handle a cutover.

Customer: How long is this going to take?
Me: You can go get coffee, but we will be done before you get back.
Customer:

cisco_trooper

BUT, start gearing yourself up for some GUI work. TRUST me on that.