Cisco Commands
From Lucca's Wiki
Cisco IOS Command Reference
A quick-reference guide for common Cisco IOS commands on switches and routers.
System & Routing Basics
Enable IPv4 Routing (Layer 3 Switches)
ip routing
Enable IPv6 Routing (Routers)
ipv6 unicast-routing
Device & System Information
Show MAC Address Table
show mac address-table
Show OS and Device Version
show version
Show Logged-in Users
show users
Show Files
dir dir nvram:
Configuration Files
Show Configurations
show running-config show startup-config
Show Interface Config
show run interface g0/0
Filter Running Config (grep-like)
show run | include {searchterm}
show run | begin {searchterm}
show run | section {section-name}
Save Running Config
copy running-config startup-config copy run start wr
User Privileges & Security
Enter Privileged Mode
enable
Set Encrypted Enable Password
enable secret ThisisaSecret
Encrypt Plaintext Passwords (Weak Encryption)
service password-encryption
Interface & Network Status
Interface IP Summary
show ip interface brief show ipv6 interface brief
Interface IP Summary (filtered to only interfaces with IPs)
show ip interface brief | exclude unassigned
Routing Table
show ip route
VLAN & Switching
Show VLANs
show vlan brief
Show Interface VLAN Details
show interface g0/1 switchport
Show Trunk Interfaces
show int trunk
Clear Tables
clear mac address-table clear arp-cache
Telnet & Remote Access
Connect via Telnet
connect {DeviceName}
Show Hosts & Sessions
show hosts show sessions
Disconnect Session
disconnect {DeviceName}
Suspend Active Session
Ctrl+Shift+6, then x
SSH Configuration
Basic SSH Setup
ip domain-name cisco.com crypto key generate rsa ip ssh version 2
Remove RSA Keys
crypto key zeroize rsa
Create Local User
username admin secret ccna
Set Default Gateway
ip default-gateway 192.168.10.1
Enable SSH on VTY Lines
line vty 0 15 transport input ssh login local exit
Global Configuration Mode
Enter Global Config
configure terminal
Disable DNS Lookup on Typos
no ip domain-lookup
Set MOTD Banner
banner motd MESSAGEHERE
Set Hostname
hostname HOSTNAME
Line Configuration
Console Line
line con 0 password itsasecret login
VTY Lines
line vty 0 15 password itsasecret login
Interface Configuration
Interface Selection
interface vlan 1 interface fa0/1 interface range fa0/2-3 interface range fa0/2-3,g0/1
Enable Interface
no shutdown
Assign IPv4 Address
ip address 192.168.0.1 255.255.255.0
VLAN Configuration
Create / Configure VLAN
vlan 10 name MyAwesomeVlan
Switchport Configuration
Access Port
switchport mode access switchport access vlan 10
Trunk Port
switchport trunk encapsulation dot1q switchport mode trunk
Trunk VLAN Settings
switchport trunk allowed vlan 10,20,33,99 switchport trunk native vlan 99
IPv6 Interface Configuration
Assign IPv6 Address
ipv6 address 2001:DB8:CAFE:1::1/64
Assign Link-Local Address
ipv6 address fe80::1 link-local
Remove IPv6 Addresses
no ipv6 address 2001:DB8:CAFE:1::1/64 no ipv6 address
Spanning Tree
Enable portfast on an interface
spanning-tree portfast
Port Security
Activate Port Security on an interface
The port cannot be a dynamic port:
switchport mode access
Enable Port Security
switchport port-security
Set the maximum number of mac addresses that can be used on that port
switchport port-security maximum 1
Whitelist a specific mac address
switchport port-security mac-address 0001.6311.E7BC
Enable sticky mode to automatically learn mac addresses
switchport port-security mac-address sticky
Port Security Violation Modes
Protect
Silently drops packets from unknown MAC addresses while keeping the port up and generating no alerts.
switchport port-security violation protect
Restrict
Drops packets from unknown MAC addresses and logs the violation while incrementing the security counter.
switchport port-security violation restrict
Shutdown
Immediately disables the port when an unknown MAC address is detected, placing it into an error-disabled state.
switchport port-security violation shutdown
Port Security Aging
Enable static aging on an interface
switchport port-security aging static
Enable timed aging on an interface (5 minutes)
switchport port-security aging time 5
