Cisco Commands

Access levels and modes

There are several Cisco access levels and modes that allow you to run different commands. You can learn
more about each mode in the Cisco IOS command hierarchy, but the table below is a reference for our
examples.

Cisco Mode What the prompt Command to Command to

looks like enter exit
from upper-level to upper-level
mode mode

EXEC Switch> Default mode logout or exit

Privileged EXEC Switch# enable disable

(access from EXEC)

Global configuration Switch(Config)# config t CTRL/Z

(access from
Privileged EXEC)

Interface Switch(config-if)# interface exit

configuration <interface name>
(access from global
configuration)

Line level Switch(config- line <line name/ exit

configuration line)# number>
(access from global
configuration)

Almost all Cisco devices use Cisco IOS to operate and Cisco CLI to be managed. The basic CLI commands
for all of them are the same, which simplifies Cisco device management. Here is a Cisco commands cheat
sheet that describes the basic commands for configuring, securing and troubleshooting Cisco network
devices.
Basic Configuration Commands

Command Purpose

enable Logs you into enable mode, which is also known as user
exec mode or privileged mode

configure terminal Logs you into configuration mode

interface fastethernet/number Enters interface configuration mode for the specified

fast ethernet interface

reload An exec mode command that reboots a Cisco switch or

router

hostname name Sets a host name to the current Cisco network device

copy from-location to-location An enable mode command that copies files from one
file location to another

copy running-config startup-config An enable mode command that saves the active config,
replacing the startup config when a Cisco network
device initializes

copy startup-config running-config An enable mode command that merges the startup
config with the currently active config in RAM

write erase An enable mode command that deletes the startup

config
erase startup-config
ip address ip-address mask Assigns an IP address and a subnet mask

shutdown Used in interface configuration mode. “Shutdown”

shuts down the interface, while “no shutdown” brings
no shutdown
up the interface.

ip default-gateway ip_address Sets the default gateway on a Cisco device

show running-config An enable mode command that displays the current

configuration

description name-string A config interface command to describe or name an

interface

show running-config interface interface An enable mode command to display the running
slot/number configuration for a specific interface

show ip interface [type number] Displays the usability status of interfaces that are
configured for IP

ip name-server serverip-1 serverip-2 A configure mode command that sets the IP addresses
of DNS servers

Troubleshooting Commands

ping {hostname | system-address} Used in enable mode to diagnose basic network

[source source-address] connectivity
speed {10 | 100 | 1000 | auto} An interface mode command that manually sets the
speed to the specified value or negotiates it
automatically

duplex {auto | full | half} An interface mode command that manually sets
duplex to half, full or auto

cdp run A configuration mode command that enables or

disables Cisco Discovery Protocol (CDP) for the device
no cdp run

show mac address-table Displays the MAC address table

show cdp Shows whether CDP is enabled globally

show cdp neighbors[detail] Lists summary information about each neighbor

connected to this device; the “detail” option lists
detailed information about each neighbor

show interfaces Displays detailed information about interface status,

settings and counters

show interface status Displays the interface line status

show interfaces switchport Displays a large variety of configuration settings and

current operational status, including VLAN trunking
details.

show interfaces trunk Lists information about the currently operational

trunks and the VLANs supported by those trunks
show vlan Lists each VLAN and all interfaces assigned to that
VLAN but does not include trunks
show vlan brief

show vtp status Lists the current VTP status, including the current
mode

Routing and VLAN Commands

ip routenetwork-number network-mask Sets a static route in the IP routing table

{ip-address | interface}

router rip Enables a Routing Information Protocol (RIP) routing

process, which places you in router configuration
mode

network ip-address In router configuration mode, associates a network

with a RIP routing process

version 2 In router configuration mode, configures the software

to receive and send only RIP version 2 packets

no auto-summary In router configuration mode, disables automatic

summarization

default-information originate In router configuration mode, generates a default

route into RIP
passive-interface interface
show ip rip database
ip nat [inside | outside]
vlan
switchport access vlan
switchport trunk encapsulation dot1q
switchport access
vlan vlan-id [name vlan-name]
switchport mode { access | trunk }
In router configuration mode, sets only that interface
to passive RIP mode. In passive RIP mode, RIP routing
updates are accepted by, but not sent out of, the
specified interface.
Displays the contents of the RIP routing database
An interface configuration mode command to
designate that traffic originating from or destined for
the interface is subject to NAT
Creates a VLAN and enters VLAN configuration mode
for further definitions
Sets the VLAN that the interface belongs to.
Specifies 802.1Q encapsulation on the trunk link.
Assigns this port to a VLAN
Configures a specific VLAN name (1 to 32 characters)
Configures the VLAN membership mode of a port. The
access port is set to access unconditionally and
operates as a non-trunking, single VLAN interface that
sends and receives non-encapsulated (non-tagged)
frames. An access port can be assigned to only one
VLAN.
The trunk port sends and receives encapsulated
(tagged) frames that identify the VLAN of origination.
A trunk is a point-to-point link between two switches
or between a switch and a router.
switchport trunk {encapsulation { dot1q Sets the trunk characteristics when the interface is in
} trunking mode. In this mode, the switch supports
simultaneous tagged and untagged traffic on a port.

encapsulation dot1q vlan-id A configuration mode command that defines the

matching criteria to map 802.1Q frames ingress on an
interface to the appropriate service instance

Security Commands

passwordpass-value Lists the password that is required if

the login command (with no other parameters) is
configured

username name password pass-value A global command that defines one of possibly
multiple user names and associated passwords used
for user authentication. It is used when the login
local line configuration command has been used.

enable password pass-value A configuration mode command that defines the

password required when using the enable command

enable secretpass-value A configuration mode command that sets this Cisco

device password that is required for any user to enter
enable mode

service password-encryption A configuration mode command that directs the Cisco

IOS software to encrypt the passwords, CHAP secrets,
and similar data saved in its configuration file
ip domain-name name Configures a DNS domain name

crypto key generate rsa A configuration mode command that creates and
stores (in a hidden location in flash memory) the keys
that are required by SSH

transport input {telnet | ssh} Used in vty line configuration mode, defines whether
Telnet or SSH access is allowed into this switch. Both
values can be specified in a single command to allow
both Telnet and SSH access (default settings).