I’m too old … I prefer CLI over GUI

A few weeks ago I’ve installed the ACE XML Gateway and got immediately upset that almost all configuration is web-based. Furthermore, you have to change the configuration on the manager (using a web browser), compile it and download it to the gateways.

The simple explanation for my feelings might be that I’m simply too old (or too spoiled by Cisco IOS), but I’ve tried to rationalize them and found several very good reasons why CLI is better than GUI. What are your thoughts?

Read more in Fragments

The post in Fragments has already earned me another affectionate nickname from Red Pineapple. On top of holy cow (not to mention Pineapple Certified Religious Bovine Professional) I became telnet jockey. On a more serious note, I agree with him on the need of visualization, but most GUIs I’ve seen look more like eye candy than a useful visualization tool.

10 comments:

  1. Sorry about giving you a hard time, Ivan. You are the most knowledgeable and helpful Cisco Blogger on the web.

    ReplyDelete
  2. Don't worry, I thorougly enjoy your comments. You usually look at the same problem from a completely different (and always quite valid) perspective. The interesting verbalization of your point-of-view is just the icing on the cake :))

    ReplyDelete
  3. I'm right there with ya. I stick to the CLI too.

    ReplyDelete
  4. I have the same problem with Cisco ASA, where some WebVPN options are only available via GUI. It is very hard to apply similar configs to many firewalls...

    /mspoerr

    ReplyDelete
  5. Yep, GUIs are OK, but the end result of the GUI should always be a text config, and you should be able to edit that directly if needed/desired. Having managed a couple of large WANs, there's nothing like being able to have the maintenance tech connect the new router's console to the modem, letting you drop in the backed-up configuration in a few seconds with no errors.

    ReplyDelete
  6. Regarding mspoerr's comment--the same issue that Ivan mentions regarding backups applies to the ASA. I have not found any way to completely back up an ASA that has a complex WebVPN config, since the GUI-only features create hidden directories and files in flash that can't be referenced from the CLI.

    ReplyDelete
  7. I totally agree. CLI is the way to go, plus it makes automated tasks via scripting, rancid, or expect much easier

    ReplyDelete
  8. @jswan: there is an option in ASDM where you can backup the whole config. But unfortunately this option is not available under CLI.

    /mspoerr

    ReplyDelete
  9. I really think it depends on what you're wanting to manage.

    Yes, Cisco routers (and perhaps network gear in general) is easier to manage on the commandline. IOS is a wonderful, efficient tool, and I am thankful every day for it.

    However, I can think of stuff I wouldn't want to work on via terminal, VMWare ESX is one product that springs to mind. The comamndline for that is awful. VirtualBox Headless is quite well written, but I'd still prefer a GUI for managing VMs.

    Horses for courses.

    ReplyDelete
  10. This is what my ASA5505 do when I ordered full backup from GUI:
    %ASA-7-111009: User 'Uname' executed cmd: show running-config
    %ASA-7-111009: User 'Uname' executed cmd: show import webvpn translation-table
    %ASA-7-111009: User 'Uname' executed cmd: show import webvpn customization
    %ASA-7-111009: User 'Uname' executed cmd: show import webvpn plug-in
    %ASA-7-111009: User 'Uname' executed cmd: show import webvpn url-list
    %ASA-7-111009: User 'Uname' executed cmd: show import webvpn webcontent
    %ASA-7-111009: User 'Uname' executed cmd: show running-config
    %ASA-7-111009: User 'Uname' executed cmd: show running-config
    %ASA-7-111009: User 'Uname' executed cmd: show running-config
    %ASA-7-111009: User 'Uname' executed cmd: show running-config
    %ASA-7-111009: User 'Uname' executed cmd: show running-config

    After that it complain that:
    No plug-in entries / configurations available
    No webcontent entries / configurations available
    No APCF entries / configurations available
    No certificates available
    No Proxy PAC entries / configurations available

    so command that do it may be missing from the log.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.