Cisco CCNA Logo

How to Master CCNA Lab Configuration: Cisco Command Cheat Sheet

Introduction

Cisco devices are among the most widely popular Networking devices. It makes sense to master, at least, the most common Cisco IOS commands. This blog post is a collection of the Cisco Command Cheat Sheet, the most commonly used IOS commands.

I found them very useful in my preparation and passing the Cisco 200-301 exam, and when I was just starting out my career as Network Administration.

This Cisco Command Cheat Sheet are easy to memorize, you only need to practice using them. You will learn the full command, the abbreviation or shortcut (Which is preferred by all network engineers I know) and a description of what the command does.

The Commands categories include

  • Mode Control Commands
  • Basic Cisco Configuration Commands
  • Cisco IOS Show Commands
  • Remote Connections Commands
  • Troubleshooting Cisco Commands List
  • Security Configuration Commands
  • ACLs and Port Security Commands Lists
  • DHCP Commands list
  • Logging and Monitoring Commands (Syslog)

How To Change Cisco IOS Modes (Mode Control Commands)

IOS Command
ShortcutDescription
enable
(Indicated by the >)
enaThis moves a user from User Exec mode into Priviledged Exec mode. Priviledged Exec mode is indicated by the # symbol in the command prompt.
configure terminal
conf tLogs the user into Global Configuration mode
interface fastethernet/numberint fa 0/0
where 0/0 is the interface number.
Enters interface configuration mode for the specified fast ethernet interface

Basic Cisco Configuration Command Lists

These are the fundamental Cisco IOS commands every network professional should know. Learning them gives you a base to move to other more advanced and specific commands.

It is also good to learn the short forms of these commands – to save time and avoid typographical errors. I have included them in the table as well.

Full Command ShortcutDescription of the Command DoesExample
reloadreloadReboots the Cisco switch or router reload
hostname namehostSets a host name to the current Cisco network device
hostname Router1
copy from-location to-location Copies files from one file location to anothercopy usbflash0:/ios-image.bin flash:/ios-image.bin
copy running-config startup-configcopy run startReplaces the startup config with the active config when the Cisco network device initializescopy running-config startup-config
or
copy run start
copy startup-config running-configcopy start runMerges the startup config with the currently active config in RAMcopy startup-config running-config
or
copy start run
write erase
erase startup-config
write erase or erase startup-config or wr erDeletes the startup configwrite erase
erase startup-config or write erase or erase startup-config or wr er
ip address ip-address maskAssigns the specified IP address and subnet maskip address 192.168.1.10 255.255.255.0
shutdown/
no shutdown
shut/no shutShuts the interface down (shutdown) or brings it up (no shutdown) shutdown/
no shutdown
ip default-gateway ip_addressip def-gateway
Sets the default gateway on the Cisco deviceip default-gateway 192.168.1.1
show running-config show runShows the current configuration of the device
show running-config
or
sh run
show startup-config show startshows the saved configuration stored in the device's NVRAM, which will be loaded when the device starts up
show startup-config
or show start
show running-config interface interface slot/numbershow run interface interface slot/numberDisplays the running configuration for the specified interfaceshow running-config interface GigabitEthernet0/1
or show run int g0/1
show ip interface [type number] show ip int [type number] Displays the status of a network interface as well as a detailed listing of its IP configurations and related characteristics.
show ip interface GigabitEthernet0/1
or show ip int g0/1
ip name-server serverip-1 serverip-2 noneSets the IP address of or more DNS servers that the device can use to resolve hostnames to IP addresses.
ip name-server 8.8.8.8 8.8.4.4
description stringdes stringUse to add a description or comment to a specified interface. Description help make your configuration easy to understand i.e, what is happening description #connects to old router

Cisco IOS Show Commands

These commands are used to show the status of various protocols or configuration. Often employed in troubleshooting or to check if you have properly implemented a configuration.

The following are the commonly used show commands for Cisco IOS.

CommandDescriptionExample
1.show running-configshows the current configuration of the deviceshow running-config
2.show startup-configshows the saved configuration stored in the device's NVRAM. It is this that will be used to bootup a Cisco IOS device upon switching them upshow startup-config
3.show running-config interface interface slot/numberTo show the running configuration of a specific interface on a Cisco deviceshow running-config interface GigabitEthernet0/3
4.show ip interface [type number]Shows the status of a network interface, including details of its IP configurations and related parameters.show ip interface GigabitEthernet0/2
5.show cdpShows whether CDP is enabled globallyshow cdp
6.show cdp neighborsShows information about neighboring Cisco devices that are discovered using the Cisco Discovery Protocol (CDP)show cdp neighbors
7.show lldpDisplays global information for LLDPshow lldp
8.show lldp neighbors Show all LLDP neighbors.
show lldp neighbors
9.show interfacesShows detailed information about interface status, settings and counters. For example if a particular interface is up or downshow interfaces
10.show interface statusDisplays the interface line statusshow interface status
11.show mac address-tableShows the MAC address tableshow mac address-table
12.show interfaces switchportDisplays many configuration settings and current operational status, including VLAN trunking detailsshow interfaces switchport
13.show interfaces trunkLists information about the currently operational trunks and the VLANs supported by those trunks
show interfaces trunk
14.show vlan
show vlan brief
Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks. It gives a more concise information about the VLANSshow vlan
show vlan brief
15.show vtp statusDisplays information about the VLAN Trunking Protocol (VTP) configuration and status on a Cisco switchshow vtp status
16.show ip routedisplays the routing table of a Cisco router or switch (L3 Switch)show ip route
17.show ip rip databaseDisplays the contents of the RIP routing databaseshow ip rip database
18.show spanning-treeShows the Spanning Tree Protocol (STP) status and configuration on a Cisco switchshow spanning-tree
19.show port security [interface interface-id]Shows the port security settings and status for a specific interface show port-security interface Gi0/6
20.show loggingDisplays the logging messages that have been recorded by the system (Syslog)show logging
21.show versionDisplay details about the Cisco device, including its operating system version, hardware configuration, and uptime. to verify software versionshow version
22.show access-listsShows the access control lists (ACLs) configured on a device and the content of the ACLshow access-lists
23.show ip dhcp poolDisplay information about the DHCP poolshow ip dhcp pool
24.show ip dhcp binding Display information about all the current DHCP bindings.show ip dhcp binding
25.sh ip sshVerify SSH access into the devicesh ip ssh

Remote Connections Commands Lists (Telnet, SSH)

The two commonly used remote connections are Telnet and Secure Shell (SSH). Telnet is not secure and uses port number 23 while SSH is a secure protocol using port number 22.

The common Cisco Configuration commands for remote connection are in the table below.

CommandDescription of what the Command doesExample
1.telnet [hostname or IP address]Use Telnet to check for listening ports (1 to 65535) on a remote device.telnet 192.168.1.1
telnet itcareerbits.com
2.ssh username@hostname_or_IPTo connect to a Remote Host viassh john@itcareerbits.com or ssh john@192.168.1.100
3.ssh -p port_number username@hostname_or_IPTo connect to a Specific Port, if SSH is running on a non default port. Default SSH port is 22ssh -p 2222 matthew@itcareerbits.com or
ssh -p 2222 matthew@192.168.1.100
4.ssh username@hostname_or_IP 'command'
To execute a Command on the Remote Host:
ssh matthew@itcareerbits.com 'ls -l'
or
ssh matthew@192.168.1.100 'ls -l'
5.scp [options] source_file_or_directory. username@hostname_or_IP:dest._path

Secure Copy (SCP): To
SCP allows secure file transfer between hosts using SSH:
scp file.txt rose@it.com:/home/rose/
or
scp file.txt rose@10.10.1.1:/home/rose/
6.exit or logoutto end SSH and Telnet sessionexit
or
logout
7.ip domain-name name Configures a DNS domain name which is required when configuring SSH. You must configure this before you can configure SSHip domain-name itcareerbits.com
8.crypto key generate rsaThis generates a set of RSA key pairs for your device. These keys may be used for remote access via SSH.crypto key generate rsa
9.transport input {telnet | ssh}Defines whether Telnet or SSH access is allowed into this switch. Both values can be specified in a single command.transport input telnet
or
transport input ssh
or transport input telnet ssh

Troubleshooting Cisco Commands List

The following are common Cisco IOS commands that are used in troubleshooting i.e diagnosing or finding out what is wrong with your Network or device.

Cisco IOS CommandDescriptionExample
1.ping {ip-address | hostname}
Used to diagnose basic network connectivity. To test if a particular IP or device is reachableping 10.10.10.1 or Ping Router1
2.ping {ip-address | hostname} timeout {seconds}Set the timeout value for each pingping 192.168.1.1 timeout 2 or ping itcareerbits.com timeout 3
3.ping {ip-address | hostname} size {bytes}To specify the size of the ping packetRouter# ping 192.168.1.1 size 200 or Router# ping itcareerbits.com size 500

4.ping {ip-address | hostname} source {interface} To use a specific interface for the ping operationping 192.168.1.1 source GigabitEthernet0/07
5.ping {ip-address | hostname} repeat {count}To repeat a ping multiple times ping 192.168.1.1 repeat 12
ping itcareerbits.com repeat 5
6.duplex {auto | full | half}Sets duplex to half, full or auto
duplex full , or duplex half or duplex auto (done from the interface mode level)
7.speed {10 | 100 | 1000 | auto}Either configures the transmission speed of a network interface to the specified value in megabits per second (Mbps), or enables automatic speed detection for the portspeed 100 ,or speed 1000 or speed auto
(from the interface configuration level)
8.cdp run/
no cdp run
Enables or disables Cisco Discovery Protocol (CDP) for the device
cdp run /no cpd run
9.show mac address-table Display the contents of the mac-address table.show mac address-table
10.show cdp Shows whether CDP is enabled globallyshow cdp
11.show cdp neighborsDiscover information about neighboring Cisco’s routers and switches (detailed information about the neighbors for Cisco devices only) show cdp neighbors
12.show interfacesShows detailed information about interface status, settings and counters
show interfaces
13.traceroute {target IP | hostname}Use traceroute to diagnose connectivity on a hop by hop basis.traceroute 192.168.1.12
14.show interface statusshows the interface line status
show interface status
15.show interfaces switchport Displays many configuration settings and current operational status, including VLAN trunking details
show interfaces switchport
16.show interfaces trunk Lists information about the currently operational trunks and the VLANs supported by those trunks
show interfaces trunk
17.show vtp statusLists the current VLAN Trunk Protocol (VTP) status, including the current mode
show vtp status
18.show vlan/
show vlan brief
show vlan brief lists each VLAN and all interfaces assigned to that VLAN but does not include trunks (in summary).while show vlan shows more
show vlan/
show vlan brief

Free CCNA Lab Guide

For a Complete Collection of CCNA Practice Labs (with complete commands) to help you pass the CCNA 200-301 exam, download a free copy below: https://www.flackbox.com/cisco-ccna-lab-guide. It covers all the labs in the CCNA exam blueprint.

Free CCNA Lab eBook Guide

Security Configuration Commands

This section highlight Security Configuration commands. It includes Cisco IOS commands for setting passwords, basic AAA configurations. (ACLs and Port Security are listed in the next section),

The common security commands are as follows;

CommandDescription of what it doesExample
1.enable password passwordDefines the password required when using the enable command enable password myCCNA201
2.enable secret passwordSets the password required for any user to enter enable mode. Enable secret passwords are hashed via the MD5 algorithm. Better security than enable passwordenable secret mySecretPassword
3.service password-encryptionDirects the Cisco IOS software to encrypt the passwords, CHAP secrets and similar data saved in its configuration fileservice password-encryption
4.password passwordThis is done from the Line mode, it sets a password for those remote sessions with the “password” command. It lists the password that is required if the login command (with no other parameters) is configured password myRemoteLogin
5.username name password passwordDefines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been usedusername admin password adminPass
6.username username privilege level secret passwordThis require a username with a specific password. Also configure different levels of privilege. It is done from the privilege executive modeusername admin privilege 15 secret adminSecret
7.login localIt configure a Cisco device to authenticate users based on local user accounts created on the device. It is done on the Line Mode ,users will need log in using the usernames and passwords defined with the username command.login local
8.line vty 0 4It is a global configuration command to access the virtual terminal configuration. VTY is a virtual port used to access the device remotely (via SSH and Telnet). There are five virtual lines numbered from 0 to 4 to allow simultaneous connectionsline vty 0 4
9.line console 0To configure the console line of Cisco devicesline console 0
10.crypto key generate rsaCreates and stores (in a hidden location in flash memory) the keys that are required by SSH. The command will also prompt you to select a key size. The default is 512 but is inadequate for security. They typical suggested value is 2048; which is ok for both security and performance. crypto key generate rsa
11.ip domain-name nameConfigures a DNS domain name which is required when configuring SSH ip domain-name itcareerbits.com

Access Control and Port Security Command Lists (Cisco IOS Security Commands)

Access controls lists ACLs (standard and extended ACLs) and Port Security commands list are as follows

CommandDescriptionExample
1.access-list access-list-number {deny | permit} source [source-wildcard] [log]configures a standard IP access listaccess-list 10 deny 192.168.1.10 0.0.0.0 log
2.access-classRestricts incoming and outgoing connections between a particular VTY (into a basic Cisco device) and the addresses in an access list access-class 10 in
3.ip access-list {standard | extended} {access-list-name | access-list-number}Defines an IP access list by name or numberip access-list standard ALLOW_HOST_1
permit 192.168.1.10
or
ip access-list extended 100
deny icmp host 192.168.2.20 any
permit ip any any
4.permit source [source-wildcard]Allows a packet to pass a named IP ACL. To remove a permit condition from an ACL, use the “no” form of this command.ip access-list extended ALLOW_HTTP
permit tcp 192.168.1.0 0.0.0.255 any eq 80
5.deny source [source-wildcard]To set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the “no” form of this command.ip access-list extended BLOCK_SUBNET
deny ip 192.168.2.0 0.0.0.255 any
6.show ip access-listShow all IPv4 ACLsshow access-lists
7.switchport port-securityConfigures port security on an interfaceswitchport port-security
8.switchport port-security maximum maximumSpecify the maximum number of secure MAC addresses on the specific interface. switchport port-security maximum 2
9.switchport port-security mac-address {mac-addr | {sticky [mac-addr]}}
Adds a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface switchport port-security mac-address 0011.2233.4455
or
switchport port-security mac-address sticky
10.switchport port-security violation {shutdown | restrict | protect}Sets the action to be taken when a security violation is detected switchport port-security violation shutdown
or
switchport port-security violation protect
or
switchport port-security violation restrict
11.show port security [interface interface-id]shows information about security options configured on the interfaceshow port-security interface FastEthernet0/1

Routing and VLAN Commands

The common used Routing and VLAN commands for Cisco IOS commands are in the table below

CommandDescriptionExamples
1.show ip route Shows current state of the IP routing of all known routes - both static and dynamic routes.show ip route
2.ip route network-number network-mask {ip-address | interface} Configures a static route in the IP routing tableRouter(config)# ip route 192.168.2.0 255.255.255.0 10.1.1.2
3.network ip-addressAssociates a network with a RIP routing processnetwork 10.0.0.0
4.version 2 Configures the software to receive and send only RIP version 2 packets
version 2
5.no auto-summaryDisables automatic route summarization
no auto-summary
6.router ripConfigures a Routing Information Protocol (RIP) routing process, which places you in router configuration mode
router rip
7.default-information originate used to advertise a default route (0.0.0.0/0) to other routers in the RIP domaindefault-information originate
8.passive-interface interfaceUsed to prevent RIP updates from being sent out on a specific interface, while still allowing the interface to receive updates and participate in routing.passive-interface G0/1
9.show ip rip database Shows the contents of the RIP routing database
show ip rip database
10.ip nat [inside | outside] Configure Network Address Translation (NAT), which allows private IP addresses on a local network to be translated into public IP addresses before being sent over the internetip nat inside
or ip nat outside
11.show spanning-treeDisplays the spanning-tree status overview for all VLANSshow spanning-tree
12.ip nat inside source {list{access-list-number | access-list-name}} interface type number[overload]NAT translates internal IP addresses to External routable IP address. This command establishes dynamic source translation. Use of the “list” keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The “overload” option enables the router to use one global address for many local addresses.ip nat inside source list 1 interface GigabitEthernet0/0 overload
13.ip nat inside source static local-ip global-ip configures a static translation between an inside local address and an inside global addressip nat inside source static 192.168.1.10 203.0.113.5
14.vlan vlan-idCreates a VLAN and enters VLAN configuration mode for further definitionsvlan 10
15.switchport access vlan numberAssigns the interface to a particular VLANswitchport access vlan 10
16.switchport accessConfigures a specific Ethernet port on a switch to operate in access mode to accommodate an end device such as a computer, server or printer. The port must then be assigned to a single VLAN (unlike Trunk which accommodates multiple vlans)
switchport mode access
17.switchport trunk encapsulation dot1qSpecifies 802.1Q encapsulation on the trunk link.
switchport trunk encapsulation dot1q
18.vlan vlan-id [name vlan-name]Assigns a name to a VLANSwitch(config)# vlan 10
Switch(config-vlan)# name Sales
19.switchport mode { access | trunk }configures the operational mode of a switch port as either access and trunk. It is done at the interface level.switchport mode access
or
switchport mode trunk
20.switchport trunk {encapsulation { dot1q }Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port. It is done at the interface mode switchport trunk encapsulation dot1q
21.show spanning-tree displays detailed information about the Spanning Tree protocol for all VLANsshow spanning-tree

DHCP Commands

The DHCP (Dynamic Host Configuration Protocol) is a Networking Protocol that dynamically assigns IP addresses to hosts on a Network. With DHCP, you do not need to manually assign IP addresses to nodes or hosts on a network.

The common DHCP configuration commands for Cisco IOS are in the table below:

CommandDescriptionExample
1.ip address dhcpTo acquire an IP address on an interface via DHCPip address dhcp (done from the interface mode level)

2.ip dhcp pool nameTo create a DHCP address pool on a DHCP server and enter DHCP pool configuration mode
ip dhcp pool Pool2 where Pool2 is the pool name
3.domain-name domainTo specify the domain name for a DHCP client
ip domain-name itcareerbits.com
4.ip dhcp excluded-address ip-address [last-ip-address]Specifies IP addresses that a DHCP server should not assign to DHCP clients
ip dhcp excluded-address 192.168.1.1 192.168.1.10
5.ip helper-address addressTo enable the forwarding of UDP broadcasts, including BOOTP, received on an interfaceip helper-address 10.0.0.1 (from the interface mode level)
6.default-router address[address2 ... address8]To specify the default routers for a DHCP client
default-router 192.168.1.1 192.168.1.2 (from the DHCP configuration level)
7.network network-number [mask] To configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server
network 192.168.1.0 255.255.255.0

Logging and Monitoring Commands (Syslog)

Some of the more commonly used Logging and Monitoring commands for Cisco IOS devices are as follows:

Command DescriptionExample
1.logging ip addressConfigures the IP address of the host that will receive the system logging (syslog) messageslogging 192.168.1.100
2.logging trap levelUsed to configure or set the severity level of messages that are sent to the syslog server. Severity levels are set from 0 - 7, So this Specifies the number or name of the desired severity level at which messages should be logged logging trap 7.
(Severity level7 is Debugging, so the above configuration sends all messages, including debugging messages, to the syslog server)
3.show loggingDisplays the logged messages and the current logging configuration settingsshow logging
4.terminal monitorSends a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command
terminal monitor

Interested in getting the best study materials for your CCNA Exam? See BEST FREE COURSES FOR THE CCNA EXAM 200-301

Leave a Comment

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights