Cisco IOS CLI Cheat Sheet

by Theleran via cheatography.com/77264/cs/18961/

Gene​ral Hous​eke​eping (cont)

Command Descr​iption Displays As (confi​g-line) # exec​-ti​meout Sets login timeout

{time}
> en Enter Privleged Exec Mode #

# config t Enter Global Config Mode (con​fig)# (confi​g-if) # shut | no shut Enables | Disables interface

(confi​g-if) #des {descr​ipt​ion} Sets descri​ption of interface

(config) # int {type} Enter Interface Config Mode (con​fig​-if)#
{number} # cop r s Copies Running Config to the
NVRAM
(config) # vlan {number} Enter VLAN Config Mode (con​fig​-
vl​an)#
SSH Config
(config) # line con 0 Enter Console Line Config (con​fig​-
Command Descr​iption
Mode li​ne)#

(config) # line vty 0 15 Enter VTY Line Config Mode (con​fig​- (config) # ip domain​-name {Abxyz.com} Sets Domain Name

li​ne)# (config) # cry key gen rsa genera​l-keys Configs complexity of keys

(config) # no ip dom lo Stops Router Domain Lookup mod 1024

(config) # undebug all Stops all Debugs (config) # username {name} secret Sets a UN & encrypted
{passw​ord} Pass
# clock set {time} {date} Sets manual Time/Date
(config) # line vty 0 15 Configs which VTY lines to
# show file systems Lists available file systems
use
# exit Exits current mode/l​evel
(confi​g-line) # login local Sets LOGIN

(confi​g-line) # tran​sport input ssh *Defines transport potocol

Hous​eke​eping
to SSH
Command Descr​iption

(config) # ho {name} Set name of device IP Routing Config

(config) # ena sec {passw​ord} Set encypted password for Priv Command Descr​iption

Exec Mode (config) # ip route networ​ k-a

​ dd​ress Static Route Command
(config) # ser pass Encrypts All Passwords subne​t-mask {ip-a​ddress | exit-​intf
}
(config) # banner motd #{Bann​er}# Creates Message banner
(config) # ip route 0.0.0.0 0.0.0.0 Default Static Route Command
(config) # security pass min Sets min password length
{ip-a​ddress | exit-​intf }
{number}
(config) # ip route networ​ k-a
​ dd​ress Floating Static Route Command
(config) # login block-for {time} Login failure wait time set
subne​t-mask {admin ​ nce }
​ -d​ista (Admin distance default value is 1)
attempts {attempts} within {time}

(confi​g-line) # pass {passw​ord} Sets password for Console Line VLAN Config
(confi​g-line) # login Makes passwords active, use
Command Descr​iption
after every password config
(config) # vlan {vlan-​id} Create a VLAN

(confi​g-vlan) # name Specify a unique name to identify the

{vlan-​name} VLAN

(confi​g-vlan) # end Return to the privileged EXEC mode

(config) # inte​rface Enter interface config​uration mode

{inter​fac​e_id}

By Theleran Not published yet. Sponsored by CrosswordCheats.com

cheatography.com/theleran/ Last updated 27th February, 2019. Learn to solve cryptic crosswords!
Page 1 of 4. http://crosswordcheats.com
 Cisco IOS CLI Cheat Sheet
by Theleran via cheatography.com/77264/cs/18961/

VLAN Config (cont) CDP Config

(confi​g-if) # swit​chport mode access Set the port to access Command Descr​iption

mode.
# show cdp Display the status of CDP on R1.
(confi​g-if) # swit​chport access vlan Assign the port to a VLAN.
R1# configure terminal Enter Global Config​urE​nable CDP
vlan_id R1(con​fig)# cdp run R1(con​fig)# globally on R1. Disable CDP on
(confi​g-if) # end Return to the privileged interface s0/0/0 R1(con​fig​-if)# no interface S0/0/0. Use end command
EXEC mode. cdp enable R1(con​fig​-if)# end to exit Global Config​uration mode.

(config) #show vlan brief Display the contents of the # show cdp neighbors Display the list of CDP neighbors on
vlan.dat file R1.

(confi​g-if) # mls qos trust [cos | device Set the trusted state of an # show cdp neighbors detail Display more details from the list of
cisco-​phone | dscp | ip-pre​ced​ence] interface CDP neighbors on R1.

(confi​g-if) # swit​chport voice vlan vlan-# Assign a voice VLAN to a

port LLDP Config

(confi​g-if) # swit​chport mode trunk Configure a switch port on Command Descr​iption

one end of a trunk link

# show lldp Display the status of LLDP
(confi​g-if) # swit​chport trunk native vlan # Configure native VLAN
(config)# lldp run R1(con​fig)# interface Enable LLDP globally on R1.
For a Catalyst switch, the erase startu​p-c​onfig command must s0/0/0 R1(con​fig​-if)# no lldp transmit Disable LLDP on interface

accompany the {(config) #delete vlan.d​at} command prior to reload to S0/0/0.

restore the switch to its factory default condition. # show lldp neighbors Display the list of LLDP
neighbors
PAT Config # show lldp neighbors detail Display more details from the list
Command Descr​iption of LLDP neighbors

(config)# ip nat pool NAT- Define a pool of public IPv4

Clock & NTP Config
PO​OL-​OVE​RLOAD addresses 209.16​5.2​00.241 to
209.16​5.2​00.241 209.16​5.2​00.250 with pool name Command Descr​iption

209.16​5.2​00.250 netmask NAT-PO​OL-​OVE​RLOAD. # show clock detail Display the clock

255.25​5.2​55.224
(config)# clock Set the clock time zone to PST (Pacific
(config)# access​-list 3 permit Configure ACL 3 to permit devices timezone PST -8 Standard Time), which is 8 hours later than
10.0.0.0 0.255.2​55.255 from 10.0.0.0/8 network to be R1(con​fig)# Clock GMT (-8). Set PDT (Pacific Daylight Time) to
translated by NAT. summer​-time PDT summer time recurring.
(config)# ip nat inside source list Bind NAT-PO​OL-​OVE​RLOAD with recurring
3 pool NAT-PO​OL-​OVE​RLOAD ACL 3. (config)# ntp server Configure R1 to use an external public NTP
overload 209.16​5.2​00.225 server with an IP address of 209.16​5.2​00.225.
(config)# interface Serial​0/0/0 Configure the proper inside NAT
# show ntp Verify that R1 is associated with the NTP server
R2(con​fig​-if)# ip nat inside interface.
associ​ations at IP address 209.16​5.2​00.225.
R2(con​fig)# interface Serial​0/1/0 Configure the proper outside NAT
R2(con​fig​-if)# ip nat outside interface.

By Theleran Not published yet. Sponsored by CrosswordCheats.com

cheatography.com/theleran/ Last updated 27th February, 2019. Learn to solve cryptic crosswords!
Page 2 of 4. http://crosswordcheats.com
 Cisco IOS CLI Cheat Sheet
by Theleran via cheatography.com/77264/cs/18961/

Shortcuts DHCPv4 Config

Keys Action Command Descr​iption

Tab Completes current abbrv command (config) #ip dhcp exclud​ed-​address {low ip Excludes ip ranges,
range} {high ip range} | {single ip} or single IP's.
Up Arrow Cycles thru previously used commands

? Access HELP (config) # ip dhcp pool {name} Creates named

DHCP pool
Ctrl​+Sh​ift+6 Interupt
(dhcp-​config) #net {ipv4net} {subnet} Define Range of
Ctrl+C Exits Config Addresses
Ctrl+Z Applies command, returns to Priv Exec (dhcp-​config) #def​ault-r {gatew​ay} Sets Default
Gateway
Display / Show Commands (dhcp-​config) #dns-s {DNS} Sets DNS
Command Descr​iption (dhcp-​config) #dom​ain-n {Axyz.c​om} Sets Domain

# sho run Displays Running Configs. (config) #ip helper​-ad​dress {ipv4n​et} Sets DHCP Relay

# sho access-l Displays all ACL's.

DHCPv6 Config
# sho access-l Displays only denoted ACL.
{name/​num​ber} Command Descr​iption

# sho ipv6 int Displays interfaces on IPv6 (confi​g-if) # ipv6 unicas​t-r​out​ing Enable IPv6

# sho ip route Displays all routes attached to router (confi​g-if) # ipv6 dhcp pool {name} Name Pool

# sho ip route static Displays all static routes attached to router (confi​g-if) # address prefix {prefix length} Statefull Only

#Sho ip route network Displays routes only associated with that lifetime {infinite | time}

network (confi​g-if) # dns-s {IPv6D​NS} Set IPv6 DNS

show ip nat transl​ations nat (confi​g-if) # domain-n {Axyz.c​om} Set Domain

(confi​g-if) # ipv6 dhcp server {name} Set Server Name

Access Control Lists
See Note Below for Final CMD
Command Descr​iption

(config) # acce​ss-list _ { deny | permit | remark } Create ACL. (confi​g-if) # ipv6 dhcp relay destin​ation Sets Router as a
{sourc​e+w​ild​card} {ipv6n​et} DHCPv6 Relay
(config) # ip access​-list standard {name} Create Named # debug ipv6 dhcp detail Displays debug details
ACL.
SLAAC (confi​g-if) # no ipv6 nd manage​d-c​onf​ig-​flag (confi​g-if) # no
(confi​g-if) # ip access​-group { access​-li​st-​number | Attach ACL to an
ipv6 nd other-​con​fig​-flag Note: No other config required for SLAAC.
access​-li​st-name } { in | out } Interface.
Stateless DHCPv6 (confi​g-inf) # ipv6 nd other-​con​fig​-flag
(confi​g-line) # acce​ss-​class {number} { in | out } ACL for VTY. Statefull DHCPv6 (confi​g-inf) # ipv6 nd manage​d-c​onf​ig-​flag

Wildcard Determined by 255.25​5.2​55.2​55​-Subnet mask (ex

255.25​5.2​55.2​55​-25​5.2​55.2​55.128= Wildcard of 0.0.0.1​27)
Short​cuts; host = Wilcard of 255.25​5.2​55.255 any = Address & WIldcard
of 0.0.0.0 0.0.0.0

By Theleran Not published yet. Sponsored by CrosswordCheats.com

cheatography.com/theleran/ Last updated 27th February, 2019. Learn to solve cryptic crosswords!
Page 3 of 4. http://crosswordcheats.com
 Cisco IOS CLI Cheat Sheet
by Theleran via cheatography.com/77264/cs/18961/

RIP Config NAT Config (cont)

Command Descr​iption R2(con​fig)# ip nat inside source list 2 pool Bind PUBLIC​-POOL with
PUBLIC​-POOL ACL 2.
(config) # router rip
R2(con​fig)# interface Serial​0/0/0 Configure the proper inside
(confi​g-r​outer) #version 2
R2(con​fig​-if)# ip nat inside NAT interface.
(confi​g-r​outer) # modify the default RIPv2 behavior of automatic
R2(con​fig)# interface Serial​0/1/0 Configure the proper outside
no auto- summar​ization
R2(con​fig​-if)# ip nat outside NAT interface.
s​umm​ary
ip nat transl​ation timeout
(config) #show ip protoc​ols
clear ip nat transl​ation *
(config) #net​work ip-ad​dress
Top is Static Config
(config) prevent the transm​ission of routing updates through Bottom is Dynamic Config
#pas​siv​e- a router interface, but still allow that network to be
i​nte​rface advertised to other routers.
SysLog Config
(confi​g-r​outer) propagate a default route in RIP
Command Descr​iption
#ip route 0.0.0.0
0.0.0.0 (config) # logging Configure the destina
​ tion hostname or
{addre​ss} IPv4 address of the syslog.
(confi​g-r​outer) This instructs R1 to originate default inform​ation, by
#def​aul​t- propag​ating the static default route in RIP updates. (config) # logging trap Control the level of messages that will be
i​nfo​rmation {level} sent
origin​ate
(config)# logging source​- Logging Source
in​terface {inter​face}
NAT Config

Command Descr​iption

(config)# ip nat inside source Configure the static transl​ation with an

static 192.16​8.11.99 inside local address of 192.16​8.11.99
209.16​5.201.5 and an inside global address of
209.165
​ .2​01.5.

(config)# interface Serial​0/0/0 , Configure the proper inside NAT

(confi​g-if)# ip nat inside interf​ace.

R2(con​fig)# interface Configure the proper outside NAT

Serial​0/1/0 , (confi​g-if)# ip nat interf​ace.
outside

(config)# ip nat pool PUBLIC​- Define a pool of public IPv4 addresses

POOL 209.16​5.2​00.241 209.16​5.2​00.241 to 209.16​5.2​00.250
209.16​5.2​00.250 netmask with pool name PUBLIC​-POOL.
255.25​5.2​55.224

R2(con​fig)# access​-list 2 Configure ACL 2 to permit devices from

permit 192.16​8.10.0 0.0.0.255 192.16​8.1​0.0/24 network to be
translated by NAT.

By Theleran Not published yet. Sponsored by CrosswordCheats.com

cheatography.com/theleran/ Last updated 27th February, 2019. Learn to solve cryptic crosswords!
Page 4 of 4. http://crosswordcheats.com