Cisco Commands

Cheat Sheet
BASIC CONFIGURATION COMMANDS

COMMAND PURPOSE

enable Logs you into enable mode, which is also known as user exec mode or
privileged mode

configure terminal Logs you into configuration mode

interface fastethernet/number Enters interface configuration mode for the specified fast ethernet interface

reload An exec mode command that reboots a Cisco switch or router

hostname name Sets a host name to the current Cisco network device

copy from-location to-location An enable mode command that copies files from one file location to another

copy running-config startup- An enable mode command that saves the active config, replacing the startup
config config when a Cisco network device initializes

copy startup-config running- An enable mode command that merges the startup config with the
config currently active config in RAM

write erase An enable mode command that deletes the startup config
erase startup-config

ip address ip-address mask Assigns an IP address and a subnet mask

shutdown Used in interface configuration mode. “Shutdown” shuts down the interface,
no shutdown while “no shutdown” brings up the interface

ip default-gateway ip-address Sets the default gateway on a Cisco device

show running-config An enable mode command that displays the current configuration

description name-string A config interface command to describe or name an interface

show running-config interface An enable mode command to display the running configuration for a
interface slot/number specific interface

show ip interface [type number] Displays the usability status of interfaces that are configured for IP

ip name-server serverip-1 A configure mode command that sets the IP addresses of DNS
serverip-2 servers

2
TROUBLESHOOTING COMMANDS

ping {hostname | system- Used in enable mode to diagnose basic network connectivity
address} [source source-address]

speed {10 | 100 | 1000 | auto} An interface mode command that manually sets the speed to the specified
value or negotiates it automatically

duplex {auto | full | half} An interface mode command that manually sets duplex to half, full or auto

cdp run A configuration mode command that enables or disables Cisco Discovery
no cdp run Protocol (CDP) for the device

show mac address-table Displays the MAC address table

show cdp Shows whether CDP is enabled globally

show cdp neighbors [detail] Lists summary information about each neighbor connected to this device;
the “detail” option lists detailed information about each neighbor

show interfaces Displays detailed information about interface status, settings and
counters

show interface status Displays the interface line status

show interfaces switchport Displays a large variety of configuration settings and current operational
status, including VLAN trunking details

show interfaces trunk Lists information about the currently operational trunks and the VLANs
supported by those trunks

show vlan Lists each VLAN and all interfaces assigned to that VLAN but does not
show vlan brief include trunks

show vtp status Lists the current VTP status, including the current mode

3
ROUTING AND VLAN COMMANDS

ip route network-number Sets a static route in the IP routing table

network-mask {ip-address |
interface}

router rip Enables a Routing Information Protocol (RIP) routing process, which places
you in router configuration mode

network ip-address In router configuration mode, associates a network with a RIP routing
process

version 2 In router configuration mode, disables automatic summarization

no auto-summary In router configuration mode, disables automatic summarization

passive-interface interface In router configuration mode, sets only that interface to passive RIP mode.
In passive RIP mode, RIP routing updates are accepted by, but not sent out
of, the specified interface

show ip rip database Displays the contents of the RIP routing database

ip nat [inside | outside] An interface configuration mode command to designate that traffic
originating from or destined for the interface is subject to NAT

ip nat inside source A configuration mode command to establish dynamic source translation.
{list{access-list-number | Use of the “list” keyword enables you to use an ACL to identify the traffic
access-list-name}} interface that will be subject to NAT. The “overload” option enables the router to use
type number[overload] one global address for many local addresses.

ip nat inside source static A configuration mode command to establish a static translation between
local-ip global-ip an inside local address and an inside global address

vlan Creates a VLAN and enters VLAN configuration mode for further definitions

switchport access vlan Sets the VLAN that the interface belongs to

switchport trunk Specifies 802.1Q encapsulation on the trunk link

encapsulation dot1q

switchport access Assigns this port to a VLAN

4
vlan vlan-id [name vlan-name]
switchport mode { access |
trunk }
switchport trunk
{encapsulation { dot1q }
encapsulation dot1q vlan-id
Configures a specific VLAN name (1 to 32 characters)
Configures the VLAN membership mode of a port. The access port is set
to access unconditionally and operates as a non-trunking, single VLAN
interface that sends and receives non-encapsulated (non-tagged) frames.
An access port can be assigned to only one VLAN.
The trunk port sends and receives encapsulated (tagged) frames that
identify the VLAN of origination. A trunk is a point-to-point link between
two switches or between a switch and a router
Sets the trunk characteristics when the interface is in trunking mode. In
this mode, the switch supports simultaneous tagged and untagged traffic
on a port
A configuration mode command that defines the matching criteria to map
802.1Q frames ingress on an interface to the appropriate service instance
5
DHCP COMMANDS

ip address dhcp A configuration mode command to acquire an IP address on an interface via

DHCP

ip dhcp pool name A configuration mode command to configure a DHCP address pool on a
DHCP server and enter DHCP pool configuration mode

domain-name domain Used in DHCP pool configuration mode to specify the domain name for a
DHCP client

network network-number Used in DHCP pool configuration mode to configure the network number
[mask] and mask for a DHCP address pool primary or secondary subnet on a Cisco
IOS DHCP server

ip dhcp excluded-address A configuration mode command to specify IP addresses that a DHCP server
ip-address [last-ip-address] should not assign to DHCP clients

ip helper-address address An interface configuration mode command to enable forwarding of UDP

broadcasts, including BOOTP, received on an interface

default-router Used in DHCP pool configuration mode to specify the default router list for a
address[address2 ... address8] DHCP client

6
SECURITY COMMANDS

password pass-value Lists the password that is required if the login command (with no other
parameters) is configured

username name password A global command that defines one of possibly multiple user names and
pass-value associated passwords used for user authentication. It is used when the
login local line configuration command has been used

enable password pass-value A configuration mode command that defines the password required when
using the enable command

enable secret pass-value A configuration mode command that sets this Cisco device password that
is required for any user to enter enable mode

service password- A configuration mode command that directs the Cisco IOS software
encryption to encrypt the passwords, CHAP secrets, and similar data saved in its
configuration file

ip domain-name name Configures a DNS domain name

crypto key generate rsa A configuration mode command that creates and stores (in a hidden location
in flash memory) the keys that are required by SSH

transport input {telnet | Used in vty line configuration mode, defines whether Telnet or SSH access is
ssh} allowed into this switch. Both values can be specified in a single command to
allow both Telnet and SSH access (default settings)

access-list access-list-number A configuration mode command that defines a standard IP access list
{deny | permit} source [source-
wildcard] [log]

access-class Restricts incoming and outgoing connections between a particular vty (into
a basic Cisco device) and the addresses in an access list

ip access-list {standard | A configuration mode command that defines an IP access list by name or
extended} {access-list-name | number
access-list-number}

7
permit source [source- Used in ACL configuration mode to set conditions to allow a packet to pass
wildcard] a named IP ACL. To remove a permit condition from an ACL, use the “no”
form of this command

deny source [source- Used in ACL configuration mode to set conditions in a named IP ACL that
wildcard] will deny packets. To remove a deny condition from an ACL, use the “no”
form of this command

ntp peer <ip-address> Used in global configuration mode to configure the software clock to
synchronize a peer or to be synchronized by a peer

switchport port-security Used in interface configuration mode to enable port security on the
interface

switchport port-security Used in interface configuration mode to set the maximum number of
maximum maximum secure MAC addresses on the port

switchport port-security Used in interface configuration mode to add a MAC address to the list of
mac-address {mac-addr | secure MAC addresses. The “sticky” option configures the MAC addresses
{sticky [mac-addr]}} as sticky on the interface

switchport port-security Used in interface configuration mode to set the action to be taken when a
violation {shutdown | restrict security violation is detected
| protect}

show port security [interface Displays information about security options configured on the interface
interface-id]

8
MONITORING AND LOGGING COMMANDS

logging ip address Configures the IP address of the host that will receive the system logging
(syslog) messages

logging trap level Used in configuration mode to limit messages that are logged to the syslog
servers based on severity. Specify the number or name of the desired
severity level at which messages should be logged

show logging Enable mode command that displays the state of system logging (syslog)
and the contents of the standard system logging buffer

terminal monitor Used in interface configuration mode to enable port security on the interface

switchport port-security An enable mode command that tells Cisco IOS to send a copy of all syslog
maximum maximum messages, including debug messages, to the Telnet or SSH user who issues
this command