Cisco Commands: Difference between revisions

From Lucca's Wiki
Jump to navigationJump to search
← Older editNewer edit →
No edit summary
Line 1: Line 1:
<hr>
= Cisco IOS Command Reference =
====Commands for cisco IOS devices (switches, routers, etc)====
<hr>


====Enable ipv4 routing====
A quick-reference guide for common Cisco IOS commands on switches and routers.
This needs to be manually done sometimes on layer 3 switches
ip routing


====Enable ipv6 routing====
----
This needs to be done on routers to enable ipv6 functionality
ipv6 unicast-routing


== System & Routing Basics ==


Show the entire mac address table (Lets you figure out what device is plugged into each switch port)
=== Enable IPv4 Routing (Layer 3 Switches) ===
show mac address-table
<pre>
ip routing
</pre>


Show OS and Device versions
=== Enable IPv6 Routing (Routers) ===
show version
<pre>
ipv6 unicast-routing
</pre>


Show logged in users
----
show users


List files in current directory
== Device & System Information ==
dir


List files in nvram
=== Show MAC Address Table ===
dir nvram:
<pre>
show mac address-table
</pre>


Copy command destinatons (we use running-config as an example source file)
=== Show OS and Device Version ===
copy running-config [[cisco copy destinations]]
<pre>
show version
</pre>


Elevate to root user
=== Show Logged-in Users ===
enable
<pre>
show users
</pre>


Add an encrypted password for the enable command
=== Show Files ===
enable secret ThisisaSecret
<pre>
dir
dir nvram:
</pre>


Enter global configuration mode (You can use the <code>do</code> prefix to run regular commands from the config mode if you don't feel like running <code>exit</code> first)
----
configure terminal


Show startup config (the one stored in nvram for next boot)
== Configuration Files ==
show startup-config


Show running config (the one stored in ram and is currently in use)
=== Show Configurations ===
show running-config
<pre>
show running-config
show startup-config
</pre>


Show a specific interface's config in the running configuration.
=== Show Interface Config ===
show run interface g0/0
<pre>
show run interface g0/0
</pre>


Filter through the running config (similar to grep on linux)
=== Filter Running Config (grep-like) ===
show run | include {searchterm}
<pre>
show run | begin {searchterm}
show run | include {searchterm}
show run | section {section-name}
show run | begin {searchterm}
show run | section {section-name}
</pre>


Copy the in-use config to the startup config so that it will be used on the next boot. There are two ways to shorten it below
=== Save Running Config ===
copy running-config startup-config
<pre>
copy run start
copy running-config startup-config
wr
copy run start
wr
</pre>


Apply weak encryption to all unencrypted passwords. This only changes what is displayed in the config file, any password typed through a network cable is still transmitted in plain text.
----
service password-encryption


Show IPv4 IP Address assigned to each interface
== User Privileges & Security ==
show ip interface brief


Show IPv6 IP Address assigned to each interface
=== Enter Privileged Mode ===
show ipv6 interface brief
<pre>
enable
</pre>


Show all routes
=== Set Encrypted Enable Password ===
show ip route
<pre>
enable secret ThisisaSecret
</pre>


Show vlans and interfaces assigned to them
=== Encrypt Plaintext Passwords (Weak Encryption) ===
show vlan brief
<pre>
service password-encryption
</pre>


Show VLAN and related information about an interface
----
show interface g0/1 switchport


Show trunk interfaces
== Interface & Network Status ==
show int trunk


Clear mac address table (switches only)
=== Interface IP Summary ===
clear mac address-table
<pre>
show ip interface brief
show ipv6 interface brief
</pre>


Clear arp cache
=== Routing Table ===
clear arp-cache
<pre>
<hr>
show ip route
</pre>


====Telnet/Remote Access Commands====
----
<hr>
Remote into a connected device using telnet
connect {Device Name}


Show a list of hosts to connect to
== VLAN & Switching ==
show hosts


Show all connected telnet sessions
=== Show VLANs ===
show sessions
<pre>
show vlan brief
</pre>


Disconnect a telnet session
=== Show Interface VLAN Details ===
disconnect {Device Name}
<pre>
show interface g0/1 switchport
</pre>


Suspend the active telnet connection (Keyboard Shortcut)
=== Show Trunk Interfaces ===
Ctrl+Shift+6 -> x
<pre>
show int trunk
</pre>


<hr>
=== Clear Tables ===
<pre>
clear mac address-table
clear arp-cache
</pre>


====Configure SSH====
----
<hr>
Set the domain name
ip domain-name cisco.com


Generate rsa keypair
== Telnet & Remote Access ==
crypto key generate rsa


Delete rsa keypair
=== Connect via Telnet ===
  crypto key zeroize rsa
<pre>
connect {DeviceName}
</pre>


Make a user account
=== Show Hosts & Sessions ===
username admin secret ccna
<pre>
show hosts
show sessions
</pre>


Assign a default gateway
=== Disconnect Session ===
ip default-gateway 192.168.10.1
<pre>
disconnect {DeviceName}
</pre>


Enable ssh on the VTY lines (the second command disables telnet and forces ssh)
=== Suspend Active Session ===
line vty 0 15
<pre>
Ctrl+Shift+6, then x
</pre>
 
----
 
== SSH Configuration ==
 
=== Basic SSH Setup ===
<pre>
ip domain-name cisco.com
crypto key generate rsa
ip ssh version 2
</pre>
 
=== Remove RSA Keys ===
<pre>
crypto key zeroize rsa
</pre>
 
=== Create Local User ===
<pre>
username admin secret ccna
</pre>
 
=== Set Default Gateway ===
<pre>
ip default-gateway 192.168.10.1
</pre>
 
=== Enable SSH on VTY Lines ===
<pre>
line vty 0 15
  transport input ssh
  transport input ssh
  login local
  login local
  exit
  exit
</pre>


Enable SSH v2
----
ip ssh version 2


<hr>
== Global Configuration Mode ==


====Global configuration commands====
=== Enter Global Config ===
<hr>
<pre>
Disable default behavior of looking up unknown names/commands in DNS
configure terminal
no ip domain-lookup
</pre>


Set a banner message
=== Disable DNS Lookup on Typos ===
banner motd MESSAGEHERE
<pre>
no ip domain-lookup
</pre>


Change the machine's hostname (does not require a reboot)
=== Set MOTD Banner ===
hostname
<pre>
banner motd MESSAGEHERE
</pre>


Configure the console port (0)
=== Set Hostname ===
line con 0
<pre>
hostname HOSTNAME
</pre>


Configure vty interfaces 0 through 15
----
line vty 0 15


Configure the interface "vlan 1"
== Line Configuration ==
interface vlan 1


Configure the interface "fa0/1"
=== Console Line ===
  interface fa0/1
<pre>
line con 0
password itsasecret
  login
</pre>


Configure the range of interfaces fa0/2 to fa0/3
=== VTY Lines ===
  interface range fa0/2-3
<pre>
line vty 0 15
password itsasecret
  login
</pre>
 
----
 
== Interface Configuration ==


Enter vlan configuration mode
=== Interface Selection ===
vlan 1
<pre>
interface vlan 1
interface fa0/1
interface range fa0/2-3
</pre>


====Vlan Configuration Commands====
=== Enable Interface ===
Set vlan name
<pre>
name MyAwesomeVlan
no shutdown
</pre>


====Console or VTY line configuration commands====
=== Assign IPv4 Address ===
Add a password to console port access
<pre>
password itsasecret
ip address 192.168.0.1 255.255.255.0
</pre>


Force users to enter the password to login
----
login


<hr>
== VLAN Configuration ==
====Interface configuration commands====
<hr>
Set the interface to a specific vlan (Alt)
encapsulation dot1q 10


Set the interface to a specific vlan
=== Create / Configure VLAN ===
  switchport mode access ! disable trunking, default is switchport mode auto
<pre>
switchport access vlan 10
vlan 10
  name MyAwesomeVlan
</pre>


Set an interface to trunk mode
----
switchport trunk encapsulation dot1q ! switches off the legacy cisco trunking protocol, not needed on newer switches
switchport mode trunk


Change allowed vlans on trunk interface
== Switchport Configuration ==
switchport trunk allowed vlan 10,20,33,99


Set native vlan on a trunk interface
=== Access Port ===
switchport trunk native vlan 99
<pre>
switchport mode access
switchport access vlan 10
</pre>


Set an IPv4 address on the interface
=== Trunk Port ===
ip address 192.168.0.1 255.255.255.0
<pre>
switchport trunk encapsulation dot1q
switchport mode trunk
</pre>


Change interface state to "up"
=== Trunk VLAN Settings ===
no shutdown
<pre>
switchport trunk allowed vlan 10,20,33,99
switchport trunk native vlan 99
</pre>


<hr>
----


=====Ipv6 Interface Commands=====
== IPv6 Interface Configuration ==
<hr>
Set an IPv6 address on the interface
ipv6 address 2001:DB8:CAFE:1::1/64


Set a link-local address on the interface
=== Assign IPv6 Address ===
  ipv6 addr fe80::1 link-local
<pre>
ipv6 address 2001:DB8:CAFE:1::1/64
</pre>


Remove an IPv6 address on the interface
=== Assign Link-Local Address ===
no ipv6 address 2001:DB8:CAFE:1::1/64
<pre>
ipv6 address fe80::1 link-local
</pre>


Remove all IPv6 addresses on the interface
=== Remove IPv6 Addresses ===
no ipv6 address
<pre>
no ipv6 address 2001:DB8:CAFE:1::1/64
no ipv6 address
</pre>

Revision as of 21:50, 15 January 2026

Cisco IOS Command Reference

A quick-reference guide for common Cisco IOS commands on switches and routers.

System & Routing Basics

Enable IPv4 Routing (Layer 3 Switches)

ip routing

Enable IPv6 Routing (Routers)

ipv6 unicast-routing

Device & System Information

Show MAC Address Table

show mac address-table

Show OS and Device Version

show version

Show Logged-in Users

show users

Show Files

dir
dir nvram:

Configuration Files

Show Configurations

show running-config
show startup-config

Show Interface Config

show run interface g0/0

Filter Running Config (grep-like)

show run | include {searchterm}
show run | begin {searchterm}
show run | section {section-name}

Save Running Config

copy running-config startup-config
copy run start
wr

User Privileges & Security

Enter Privileged Mode

enable

Set Encrypted Enable Password

enable secret ThisisaSecret

Encrypt Plaintext Passwords (Weak Encryption)

service password-encryption

Interface & Network Status

Interface IP Summary

show ip interface brief
show ipv6 interface brief

Routing Table

show ip route

VLAN & Switching

Show VLANs

show vlan brief

Show Interface VLAN Details

show interface g0/1 switchport

Show Trunk Interfaces

show int trunk

Clear Tables

clear mac address-table
clear arp-cache

Telnet & Remote Access

Connect via Telnet

connect {DeviceName}

Show Hosts & Sessions

show hosts
show sessions

Disconnect Session

disconnect {DeviceName}

Suspend Active Session

Ctrl+Shift+6, then x

SSH Configuration

Basic SSH Setup

ip domain-name cisco.com
crypto key generate rsa
ip ssh version 2

Remove RSA Keys

crypto key zeroize rsa

Create Local User

username admin secret ccna

Set Default Gateway

ip default-gateway 192.168.10.1

Enable SSH on VTY Lines

line vty 0 15
 transport input ssh
 login local
 exit

Global Configuration Mode

Enter Global Config

configure terminal

Disable DNS Lookup on Typos

no ip domain-lookup

Set MOTD Banner

banner motd MESSAGEHERE

Set Hostname

hostname HOSTNAME

Line Configuration

Console Line

line con 0
 password itsasecret
 login

VTY Lines

line vty 0 15
 password itsasecret
 login

Interface Configuration

Interface Selection

interface vlan 1
interface fa0/1
interface range fa0/2-3

Enable Interface

no shutdown

Assign IPv4 Address

ip address 192.168.0.1 255.255.255.0

VLAN Configuration

Create / Configure VLAN

vlan 10
 name MyAwesomeVlan

Switchport Configuration

Access Port

switchport mode access
switchport access vlan 10

Trunk Port

switchport trunk encapsulation dot1q
switchport mode trunk

Trunk VLAN Settings

switchport trunk allowed vlan 10,20,33,99
switchport trunk native vlan 99

IPv6 Interface Configuration

Assign IPv6 Address

ipv6 address 2001:DB8:CAFE:1::1/64

Assign Link-Local Address

ipv6 address fe80::1 link-local

Remove IPv6 Addresses

no ipv6 address 2001:DB8:CAFE:1::1/64
no ipv6 address
Retrieved from "https://readonlywiki.luccapirovano.com/index.php?title=Cisco_Commands&oldid=1042"