[CCNA] Cisco Commands Cheat Sheet #2

CCNA RnS, Cisco, Network September 19, 2013 Comments: 5

Continuing our Cisco Commands Cheat Sheet for CCNA students, this is our 2nd post.

Cisco Commands Cheat Sheet #1

Cisco Commands Cheat Sheet #3
Cisco Commands Cheat Sheet #4
Cisco Commands Cheat Sheet #5

Configuring port security:

Make the switch interface as access port:

1 SW1(config-if)# switchport mode access

Enable port security on the interface:

1 SW1(config-if)# switchport port-security

Specify the maximum number of allowed MAC addresses:

1 SW1(config-if)# switchport port-security maximum 1

Define the action to take when violation occurs:

1 SW1(config-if)# switchport port-security violation shutdown ! options: shu

Specify the allowed MAC addresses:

The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses
of the currently connected hosts.

1 SW1(config-if)# switchport port-security mac-address 68b5.9965.1195 ! opti

Verify and troubleshoot port security:

Shows the entries of the mac address table:

1 SW1# show mac-address-table

Overview of port security of all interfaces:

 1 SW1# show port-security

Shows detailed information about port security on the specified interface:

1 SW1# show port-security interface fa0/5

Configuring VLANs:

Create a new VLAN and give it a name:

1 SW1(config)# vlan 10
2 SW1(config-vlan)# name SALES

Assign an access interface to access a specific VLAN:

1 SW1(config)# interface fastEthernet 0/5

2 SW1(config-if)# switchport mode access
3 SW1(config-if)# switchport access vlan 10

Configuring an auxiliary VLAN for cisco IP phones:

1 SW1(config)# interface fastEthernet 0/5

2 ! accessing vlan 10 (data) and 12 (VoIP)
3 SW1(config-if) #switchport access vlan 10
4 SW1(config-if) #switchport voice vlan 12

Configuring Trunks:

1 SW1(config)# interface fastEthernet 0/1

2 SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic au
3 SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remov

Securing VLANs and Trunking:

Administratively disable unused interfaces:

1 SW1(config-if)# shutdown

Prevent trunking by disabling auto negotiation on the interface:

1 SW1(config-if)# nonegotiate ! or hardcode the port asan access port

2 SW1(config-if)# switchport mode access

Assign the port to an unused VLAN:

1 SW1(config-if)# switchport access vlan 222

Configuring VTP:

Configure VTP mode:

The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch

1 SW1(config)# vtp mode server ! options: server, client, transparent

Configure VTP domain name:

1 SW1(config)# vtp domain EXAMPLE ! case-sensitive

Configure VTP password (optional):

1 SW1(config)# vtp password cisco ! case-sensitive

Configure VTP pruning (optional):

1 SW1(config)# vtp pruning ! only works on VTP servers

Enable VTP version 2 (optional):

1 SW1(config)# vtp version 2

Verify and troubleshoot VLANs and VTP:

Lists information about administrative se ing and operation status of interface:

1 SW1# show interfaces if switchport

Lists all the trunk ports on a switch including the trunk allowed VLANs:

1 SW1# show interfaces trunk

Lists information about the VLANs:

1 SW1# show vlan {brief | id | name | summary}

Lists VTP configuration (mode, domain-name, version, etc) and revision number:

1 SW1# show vtp status

Shows the VTP password:

1 SW1# show vtp password

STP optimization:

Hard coding the root bridge (changing bridge priority):

 1 SW1(config)# spanning-tree vlan 1 root primary
2 SW1(config)# spanning-tree vlan 1 root secondary
3 ! Priority must be a multiply of 4096
4 SW1(config)# spanning-tree [vlan 1]priority 8192

Changing the STP mode:

1 SW1(config)# spanning-tree mode rapid-pvst ! options: mst, pvst, rapid-pvs

Enabling portfast and BPDU guard on an interface:

Portfast and BPDU guard are enabled only on interfaces connected to end user hosts

1 SW1(config-if)# spanning-tree portfast

2 SW1(config-if)# spanning-tree bpduguard enable

Changing port cost:

1 SW1(config-if)# spanning-tree [vlan 1] cost 25

Bundling interfaces into an etherchannel:

1 SW1(config-if)# channel-group 1 mode on ! options: auto, desirable, on

STP verification and troubleshooting:

Shows detailed info about STP state:

1 SW1# show spanning-tree

Shows STP info only on a specific port:

1 SW1# show spanning-tree interface fa0/2

Shows STP info only for a specific VLAN:

1 SW1# show spanning-tree vlan 1

Shows info about the root switch:

1 SW1# show spanning-tree [vlan 1] root

Shows info about the local switch:

1 SW1# show spanning-tree [vlan 1] bridge

Show the state of the etherchannels:

1 SW1# show etherchannel 1

Provides informational messages about the changes in the STP topology:

1 SW1# debug spanning-tree events

Enabling or disabling CDP:

Enabling CDP globally on a switch:

1 SW1(config)# cdp run

Disabling CDP on a given interface:

1 SW1(config-if)# no cdp enable

Using CDP for network verification and troubleshooting:

Shows global information about CDP itself:

1 SW1# show cdp

Shows information about CDP on a specific interface:

1 SW1# show cdp interface fa0/2

Shows information about the directly connected cisco devices including interfaces names
capabilities:

1 SW1# show cdp neighbors

Shows detailed information about the neighboring cisco devices including device address and
version of IOS they run:

1 SW1# show cdp neighbors detail

2 ! OR
3 SW1# show cdp entry *

Shows detailed information about the specified entry only:

1 SW1# show cdp entry SW2

Enjoy !