Introduction
Cisco devices are among the most widely popular Networking devices. It makes sense to master, at least, the most common Cisco IOS commands. This blog post is a collection of the Cisco Command Cheat Sheet, the most commonly used IOS commands.
I found them very useful in my preparation and passing the Cisco 200-301 exam, and when I was just starting out my career as Network Administration.
This Cisco Command Cheat Sheet are easy to memorize, you only need to practice using them. You will learn the full command, the abbreviation or shortcut (Which is preferred by all network engineers I know) and a description of what the command does.
The Commands categories include
- Mode Control Commands
- Basic Cisco Configuration Commands
- Cisco IOS Show Commands
- Remote Connections Commands
- Troubleshooting Cisco Commands List
- Security Configuration Commands
- ACLs and Port Security Commands Lists
- DHCP Commands list
- Logging and Monitoring Commands (Syslog)
How To Change Cisco IOS Modes (Mode Control Commands)
| IOS Command | Shortcut | Description |
|---|---|---|
| enable (Indicated by the >) | ena | This moves a user from User Exec mode into Priviledged Exec mode. Priviledged Exec mode is indicated by the # symbol in the command prompt. |
| configure terminal | conf t | Logs the user into Global Configuration mode |
| interface fastethernet/number | int fa 0/0 where 0/0 is the interface number. | Enters interface configuration mode for the specified fast ethernet interface |
Basic Cisco Configuration Command Lists
These are the fundamental Cisco IOS commands every network professional should know. Learning them gives you a base to move to other more advanced and specific commands.
It is also good to learn the short forms of these commands – to save time and avoid typographical errors. I have included them in the table as well.
| Full Command | Shortcut | Description of the Command Does | Example |
|---|---|---|---|
| reload | reload | Reboots the Cisco switch or router | reload |
| hostname name | host | Sets a host name to the current Cisco network device | hostname Router1 |
| copy from-location to-location | Copies files from one file location to another | copy usbflash0:/ios-image.bin flash:/ios-image.bin |
|
| copy running-config startup-config | copy run start | Replaces the startup config with the active config when the Cisco network device initializes | copy running-config startup-config or copy run start |
| copy startup-config running-config | copy start run | Merges the startup config with the currently active config in RAM | copy startup-config running-config or copy start run |
| write erase erase startup-config | write erase or erase startup-config or wr er | Deletes the startup config | write erase erase startup-config or write erase or erase startup-config or wr er |
| ip address ip-address mask | Assigns the specified IP address and subnet mask | ip address 192.168.1.10 255.255.255.0 | |
| shutdown/ no shutdown | shut/no shut | Shuts the interface down (shutdown) or brings it up (no shutdown) | shutdown/ no shutdown |
| ip default-gateway ip_address | ip def-gateway | Sets the default gateway on the Cisco device | ip default-gateway 192.168.1.1 |
| show running-config | show run | Shows the current configuration of the device | show running-config or sh run |
| show startup-config | show start | shows the saved configuration stored in the device's NVRAM, which will be loaded when the device starts up | show startup-config or show start |
| show running-config interface interface slot/number | show run interface interface slot/number | Displays the running configuration for the specified interface | show running-config interface GigabitEthernet0/1 or show run int g0/1 |
| show ip interface [type number] | show ip int [type number] | Displays the status of a network interface as well as a detailed listing of its IP configurations and related characteristics. | show ip interface GigabitEthernet0/1 or show ip int g0/1 |
| ip name-server serverip-1 serverip-2 | none | Sets the IP address of or more DNS servers that the device can use to resolve hostnames to IP addresses. | ip name-server 8.8.8.8 8.8.4.4 |
| description string | des string | Use to add a description or comment to a specified interface. Description help make your configuration easy to understand i.e, what is happening | description #connects to old router |
Cisco IOS Show Commands
These commands are used to show the status of various protocols or configuration. Often employed in troubleshooting or to check if you have properly implemented a configuration.
The following are the commonly used show commands for Cisco IOS.
| Command | Description | Example | |
|---|---|---|---|
| 1. | show running-config | shows the current configuration of the device | show running-config |
| 2. | show startup-config | shows the saved configuration stored in the device's NVRAM. It is this that will be used to bootup a Cisco IOS device upon switching them up | show startup-config |
| 3. | show running-config interface interface slot/number | To show the running configuration of a specific interface on a Cisco device | show running-config interface GigabitEthernet0/3 |
| 4. | show ip interface [type number] | Shows the status of a network interface, including details of its IP configurations and related parameters. | show ip interface GigabitEthernet0/2 |
| 5. | show cdp | Shows whether CDP is enabled globally | show cdp |
| 6. | show cdp neighbors | Shows information about neighboring Cisco devices that are discovered using the Cisco Discovery Protocol (CDP) | show cdp neighbors |
| 7. | show lldp | Displays global information for LLDP | show lldp |
| 8. | show lldp neighbors | Show all LLDP neighbors. | show lldp neighbors |
| 9. | show interfaces | Shows detailed information about interface status, settings and counters. For example if a particular interface is up or down | show interfaces |
| 10. | show interface status | Displays the interface line status | show interface status |
| 11. | show mac address-table | Shows the MAC address table | show mac address-table |
| 12. | show interfaces switchport | Displays many configuration settings and current operational status, including VLAN trunking details | show interfaces switchport |
| 13. | show interfaces trunk | Lists information about the currently operational trunks and the VLANs supported by those trunks | show interfaces trunk |
| 14. | show vlan show vlan brief | Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks. It gives a more concise information about the VLANS | show vlan show vlan brief |
| 15. | show vtp status | Displays information about the VLAN Trunking Protocol (VTP) configuration and status on a Cisco switch | show vtp status |
| 16. | show ip route | displays the routing table of a Cisco router or switch (L3 Switch) | show ip route |
| 17. | show ip rip database | Displays the contents of the RIP routing database | show ip rip database |
| 18. | show spanning-tree | Shows the Spanning Tree Protocol (STP) status and configuration on a Cisco switch | show spanning-tree |
| 19. | show port security [interface interface-id] | Shows the port security settings and status for a specific interface | show port-security interface Gi0/6 |
| 20. | show logging | Displays the logging messages that have been recorded by the system (Syslog) | show logging |
| 21. | show version | Display details about the Cisco device, including its operating system version, hardware configuration, and uptime. to verify software version | show version |
| 22. | show access-lists | Shows the access control lists (ACLs) configured on a device and the content of the ACL | show access-lists |
| 23. | show ip dhcp pool | Display information about the DHCP pool | show ip dhcp pool |
| 24. | show ip dhcp binding | Display information about all the current DHCP bindings. | show ip dhcp binding |
| 25. | sh ip ssh | Verify SSH access into the device | sh ip ssh |
Remote Connections Commands Lists (Telnet, SSH)
The two commonly used remote connections are Telnet and Secure Shell (SSH). Telnet is not secure and uses port number 23 while SSH is a secure protocol using port number 22.
The common Cisco Configuration commands for remote connection are in the table below.
| Command | Description of what the Command does | Example | |
|---|---|---|---|
| 1. | telnet [hostname or IP address] | Use Telnet to check for listening ports (1 to 65535) on a remote device. | telnet 192.168.1.1 telnet itcareerbits.com |
| 2. | ssh username@hostname_or_IP | To connect to a Remote Host via | ssh john@itcareerbits.com or ssh john@192.168.1.100 |
| 3. | ssh -p port_number username@hostname_or_IP | To connect to a Specific Port, if SSH is running on a non default port. Default SSH port is 22 | ssh -p 2222 matthew@itcareerbits.com or ssh -p 2222 matthew@192.168.1.100 |
| 4. | ssh username@hostname_or_IP 'command' | To execute a Command on the Remote Host: | ssh matthew@itcareerbits.com 'ls -l' or ssh matthew@192.168.1.100 'ls -l' |
| 5. | scp [options] source_file_or_directory. username@hostname_or_IP:dest._path | Secure Copy (SCP): To SCP allows secure file transfer between hosts using SSH: | scp file.txt rose@it.com:/home/rose/ or scp file.txt rose@10.10.1.1:/home/rose/ |
| 6. | exit or logout | to end SSH and Telnet session | exit or logout |
| 7. | ip domain-name name | Configures a DNS domain name which is required when configuring SSH. You must configure this before you can configure SSH | ip domain-name itcareerbits.com |
| 8. | crypto key generate rsa | This generates a set of RSA key pairs for your device. These keys may be used for remote access via SSH. | crypto key generate rsa |
| 9. | transport input {telnet | ssh} | Defines whether Telnet or SSH access is allowed into this switch. Both values can be specified in a single command. | transport input telnet or transport input ssh or transport input telnet ssh |
Troubleshooting Cisco Commands List
The following are common Cisco IOS commands that are used in troubleshooting i.e diagnosing or finding out what is wrong with your Network or device.
| Cisco IOS Command | Description | Example | |
|---|---|---|---|
| 1. | ping {ip-address | hostname} | Used to diagnose basic network connectivity. To test if a particular IP or device is reachable | ping 10.10.10.1 or Ping Router1 |
| 2. | ping {ip-address | hostname} timeout {seconds} | Set the timeout value for each ping | ping 192.168.1.1 timeout 2 or ping itcareerbits.com timeout 3 |
| 3. | ping {ip-address | hostname} size {bytes} | To specify the size of the ping packet | Router# ping 192.168.1.1 size 200 or Router# ping itcareerbits.com size 500 |
| 4. | ping {ip-address | hostname} source {interface} | To use a specific interface for the ping operation | ping 192.168.1.1 source GigabitEthernet0/07 |
| 5. | ping {ip-address | hostname} repeat {count} | To repeat a ping multiple times | ping 192.168.1.1 repeat 12 ping itcareerbits.com repeat 5 |
| 6. | duplex {auto | full | half} | Sets duplex to half, full or auto | duplex full , or duplex half or duplex auto (done from the interface mode level) |
| 7. | speed {10 | 100 | 1000 | auto} | Either configures the transmission speed of a network interface to the specified value in megabits per second (Mbps), or enables automatic speed detection for the port | speed 100 ,or speed 1000 or speed auto (from the interface configuration level) |
| 8. | cdp run/ no cdp run | Enables or disables Cisco Discovery Protocol (CDP) for the device | cdp run /no cpd run |
| 9. | show mac address-table | Display the contents of the mac-address table. | show mac address-table |
| 10. | show cdp | Shows whether CDP is enabled globally | show cdp |
| 11. | show cdp neighbors | Discover information about neighboring Cisco’s routers and switches (detailed information about the neighbors for Cisco devices only) | show cdp neighbors |
| 12. | show interfaces | Shows detailed information about interface status, settings and counters | show interfaces |
| 13. | traceroute {target IP | hostname} | Use traceroute to diagnose connectivity on a hop by hop basis. | traceroute 192.168.1.12 |
| 14. | show interface status | shows the interface line status | show interface status |
| 15. | show interfaces switchport | Displays many configuration settings and current operational status, including VLAN trunking details | show interfaces switchport |
| 16. | show interfaces trunk | Lists information about the currently operational trunks and the VLANs supported by those trunks | show interfaces trunk |
| 17. | show vtp status | Lists the current VLAN Trunk Protocol (VTP) status, including the current mode | show vtp status |
| 18. | show vlan/ show vlan brief | show vlan brief lists each VLAN and all interfaces assigned to that VLAN but does not include trunks (in summary).while show vlan shows more | show vlan/ show vlan brief |
Free CCNA Lab Guide
For a Complete Collection of CCNA Practice Labs (with complete commands) to help you pass the CCNA 200-301 exam, download a free copy below: https://www.flackbox.com/cisco-ccna-lab-guide. It covers all the labs in the CCNA exam blueprint.
Security Configuration Commands
This section highlight Security Configuration commands. It includes Cisco IOS commands for setting passwords, basic AAA configurations. (ACLs and Port Security are listed in the next section),
The common security commands are as follows;
| Command | Description of what it does | Example | |
|---|---|---|---|
| 1. | enable password password | Defines the password required when using the enable command | enable password myCCNA201 |
| 2. | enable secret password | Sets the password required for any user to enter enable mode. Enable secret passwords are hashed via the MD5 algorithm. Better security than enable password | enable secret mySecretPassword |
| 3. | service password-encryption | Directs the Cisco IOS software to encrypt the passwords, CHAP secrets and similar data saved in its configuration file | service password-encryption |
| 4. | password password | This is done from the Line mode, it sets a password for those remote sessions with the “password” command. It lists the password that is required if the login command (with no other parameters) is configured | password myRemoteLogin |
| 5. | username name password password | Defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used | username admin password adminPass |
| 6. | username username privilege level secret password | This require a username with a specific password. Also configure different levels of privilege. It is done from the privilege executive mode | username admin privilege 15 secret adminSecret |
| 7. | login local | It configure a Cisco device to authenticate users based on local user accounts created on the device. It is done on the Line Mode ,users will need log in using the usernames and passwords defined with the username command. | login local |
| 8. | line vty 0 4 | It is a global configuration command to access the virtual terminal configuration. VTY is a virtual port used to access the device remotely (via SSH and Telnet). There are five virtual lines numbered from 0 to 4 to allow simultaneous connections | line vty 0 4 |
| 9. | line console 0 | To configure the console line of Cisco devices | line console 0 |
| 10. | crypto key generate rsa | Creates and stores (in a hidden location in flash memory) the keys that are required by SSH. The command will also prompt you to select a key size. The default is 512 but is inadequate for security. They typical suggested value is 2048; which is ok for both security and performance. | crypto key generate rsa |
| 11. | ip domain-name name | Configures a DNS domain name which is required when configuring SSH | ip domain-name itcareerbits.com |
Access Control and Port Security Command Lists (Cisco IOS Security Commands)
Access controls lists ACLs (standard and extended ACLs) and Port Security commands list are as follows
| Command | Description | Example | |
|---|---|---|---|
| 1. | access-list access-list-number {deny | permit} source [source-wildcard] [log] | configures a standard IP access list | access-list 10 deny 192.168.1.10 0.0.0.0 log |
| 2. | access-class | Restricts incoming and outgoing connections between a particular VTY (into a basic Cisco device) and the addresses in an access list | access-class 10 in |
| 3. | ip access-list {standard | extended} {access-list-name | access-list-number} | Defines an IP access list by name or number | ip access-list standard ALLOW_HOST_1 permit 192.168.1.10 or ip access-list extended 100 deny icmp host 192.168.2.20 any permit ip any any |
| 4. | permit source [source-wildcard] | Allows a packet to pass a named IP ACL. To remove a permit condition from an ACL, use the “no” form of this command. | ip access-list extended ALLOW_HTTP permit tcp 192.168.1.0 0.0.0.255 any eq 80 |
| 5. | deny source [source-wildcard] | To set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the “no” form of this command. | ip access-list extended BLOCK_SUBNET deny ip 192.168.2.0 0.0.0.255 any |
| 6. | show ip access-list | Show all IPv4 ACLs | show access-lists |
| 7. | switchport port-security | Configures port security on an interface | switchport port-security |
| 8. | switchport port-security maximum maximum | Specify the maximum number of secure MAC addresses on the specific interface. | switchport port-security maximum 2 |
| 9. | switchport port-security mac-address {mac-addr | {sticky [mac-addr]}} | Adds a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface | switchport port-security mac-address 0011.2233.4455 or switchport port-security mac-address sticky |
| 10. | switchport port-security violation {shutdown | restrict | protect} | Sets the action to be taken when a security violation is detected | switchport port-security violation shutdown or switchport port-security violation protect or switchport port-security violation restrict |
| 11. | show port security [interface interface-id] | shows information about security options configured on the interface | show port-security interface FastEthernet0/1 |
Routing and VLAN Commands
The common used Routing and VLAN commands for Cisco IOS commands are in the table below
| Command | Description | Examples | |
|---|---|---|---|
| 1. | show ip route | Shows current state of the IP routing of all known routes - both static and dynamic routes. | show ip route |
| 2. | ip route network-number network-mask {ip-address | interface} | Configures a static route in the IP routing table | Router(config)# ip route 192.168.2.0 255.255.255.0 10.1.1.2 |
| 3. | network ip-address | Associates a network with a RIP routing process | network 10.0.0.0 |
| 4. | version 2 | Configures the software to receive and send only RIP version 2 packets | version 2 |
| 5. | no auto-summary | Disables automatic route summarization | no auto-summary |
| 6. | router rip | Configures a Routing Information Protocol (RIP) routing process, which places you in router configuration mode | router rip |
| 7. | default-information originate | used to advertise a default route (0.0.0.0/0) to other routers in the RIP domain | default-information originate |
| 8. | passive-interface interface | Used to prevent RIP updates from being sent out on a specific interface, while still allowing the interface to receive updates and participate in routing. | passive-interface G0/1 |
| 9. | show ip rip database | Shows the contents of the RIP routing database | show ip rip database |
| 10. | ip nat [inside | outside] | Configure Network Address Translation (NAT), which allows private IP addresses on a local network to be translated into public IP addresses before being sent over the internet | ip nat inside or ip nat outside |
| 11. | show spanning-tree | Displays the spanning-tree status overview for all VLANS | show spanning-tree |
| 12. | ip nat inside source {list{access-list-number | access-list-name}} interface type number[overload] | NAT translates internal IP addresses to External routable IP address. This command establishes dynamic source translation. Use of the “list” keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The “overload” option enables the router to use one global address for many local addresses. | ip nat inside source list 1 interface GigabitEthernet0/0 overload |
| 13. | ip nat inside source static local-ip global-ip | configures a static translation between an inside local address and an inside global address | ip nat inside source static 192.168.1.10 203.0.113.5 |
| 14. | vlan vlan-id | Creates a VLAN and enters VLAN configuration mode for further definitions | vlan 10 |
| 15. | switchport access vlan number | Assigns the interface to a particular VLAN | switchport access vlan 10 |
| 16. | switchport access | Configures a specific Ethernet port on a switch to operate in access mode to accommodate an end device such as a computer, server or printer. The port must then be assigned to a single VLAN (unlike Trunk which accommodates multiple vlans) | switchport mode access |
| 17. | switchport trunk encapsulation dot1q | Specifies 802.1Q encapsulation on the trunk link. | switchport trunk encapsulation dot1q |
| 18. | vlan vlan-id [name vlan-name] | Assigns a name to a VLAN | Switch(config)# vlan 10 Switch(config-vlan)# name Sales |
| 19. | switchport mode { access | trunk } | configures the operational mode of a switch port as either access and trunk. It is done at the interface level. | switchport mode access or switchport mode trunk |
| 20. | switchport trunk {encapsulation { dot1q } | Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port. It is done at the interface mode | switchport trunk encapsulation dot1q |
| 21. | show spanning-tree | displays detailed information about the Spanning Tree protocol for all VLANs | show spanning-tree |
DHCP Commands
The DHCP (Dynamic Host Configuration Protocol) is a Networking Protocol that dynamically assigns IP addresses to hosts on a Network. With DHCP, you do not need to manually assign IP addresses to nodes or hosts on a network.
The common DHCP configuration commands for Cisco IOS are in the table below:
| Command | Description | Example | |
|---|---|---|---|
| 1. | ip address dhcp | To acquire an IP address on an interface via DHCP | ip address dhcp (done from the interface mode level) |
| 2. | ip dhcp pool name | To create a DHCP address pool on a DHCP server and enter DHCP pool configuration mode | ip dhcp pool Pool2 where Pool2 is the pool name |
| 3. | domain-name domain | To specify the domain name for a DHCP client | ip domain-name itcareerbits.com |
| 4. | ip dhcp excluded-address ip-address [last-ip-address] | Specifies IP addresses that a DHCP server should not assign to DHCP clients | ip dhcp excluded-address 192.168.1.1 192.168.1.10 |
| 5. | ip helper-address address | To enable the forwarding of UDP broadcasts, including BOOTP, received on an interface | ip helper-address 10.0.0.1 (from the interface mode level) |
| 6. | default-router address[address2 ... address8] | To specify the default routers for a DHCP client | default-router 192.168.1.1 192.168.1.2 (from the DHCP configuration level) |
| 7. | network network-number [mask] | To configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server | network 192.168.1.0 255.255.255.0 |
Logging and Monitoring Commands (Syslog)
Some of the more commonly used Logging and Monitoring commands for Cisco IOS devices are as follows:
| Command | Description | Example | |
|---|---|---|---|
| 1. | logging ip address | Configures the IP address of the host that will receive the system logging (syslog) messages | logging 192.168.1.100 |
| 2. | logging trap level | Used to configure or set the severity level of messages that are sent to the syslog server. Severity levels are set from 0 - 7, So this Specifies the number or name of the desired severity level at which messages should be logged | logging trap 7. (Severity level7 is Debugging, so the above configuration sends all messages, including debugging messages, to the syslog server) |
| 3. | show logging | Displays the logged messages and the current logging configuration settings | show logging |
| 4. | terminal monitor | Sends a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command | terminal monitor |
Interested in getting the best study materials for your CCNA Exam? See BEST FREE COURSES FOR THE CCNA EXAM 200-301
