Mode Control Commands

Command Description
Moves a user from user exec mode into Privileged
enable EXEC mode. Privileged exec mode is indicated by
the # symbol in the command prompt.
configure terminal Logs the user into Global Configuration mode
Enters interface configuration mode for the
interface fastethernet/number
specified fast ethernet interface

Basic Configuration Commands List

reload Reboots the Cisco switch or router
Sets a host name to the current Cisco network
hostname name
device
copy from-location to-location Copies files from one file location to another
Replaces the startup config with the active
copy running-config startup-config
config when the Cisco network device initializes
Merges the startup config with the currently active
copy startup-config running-config
config in RAM
write erase
Deletes the startup config
erase startup-config
ip address ip-address mask Assigns the specified IP address and subnet mask
shutdown Shuts the interface down (shutdown) or brings it up
no shutdown (no shutdown)
ip default-gateway ip_address Sets the default gateway on the Cisco device
show running-config Displays the current configuration of the device
Displays the saved configuration stored in the
show startup-config device's NVRAM, which will be loaded when the
device starts up
description string Assigns the specified description to an interface
show running-config interface interface Displays the running configuration for the specified
slot/number interface
Displays the status of a network interface as well as
show ip interface [type number] a detailed listing of its IP configurations and related
characteristics.
Sets the IP address of or more DNS servers that the
ip name-server serverip-1 serverip-2 device can use to resolve hostnames to IP
addresses.

Troubleshooting Cisco Commands List

ping {hostname | system-address}
Used to diagnose basic network connectivity
[source source-address]
speed {10 | 100 | 1000 | auto} Either configures the transmission speed of a
 network interface to the specified value in megabits
per second (Mbps), or enables automatic speed
detection for the port
duplex {auto | full | half} Sets duplex to half, full or auto
cdp run Enables or disables Cisco Discovery Protocol
no cdp run (CDP) for the device
show mac address-table Displays the MAC address table
show cdp Shows whether CDP is enabled globally
Lists summary (or detailed) information about each
show cdp neighbors[detail]
neighbor connected to the device
Displays detailed information about interface
show interfaces
status, settings and counters
show interface status Displays the interface line status
Displays many configuration settings and current
show interfaces switchport operational status, including VLAN trunking
details
Lists information about the currently operational
show interfaces trunk
trunks and the VLANs supported by those trunks
show vlan Lists each VLAN and all interfaces assigned to that
show vlan brief VLAN but does not include trunks
Lists the current VLAN Trunk Protocol (VTP)
show vtp status
status, including the current mode

Routing and VLAN Commands

Displays the current state of the IP routing of all
show ip route known routes that are either statically configured or
learned dynamically through a routing protocol
ip route network-number network-mask {ip-
Sets a static route in the IP routing table
address | interface}
Enables a Routing Information Protocol (RIP)
router rip routing process, which places you in router
configuration mode
network ip-address Associates a network with a RIP routing process
Configures the software to receive and send only
version 2
RIP version 2 packets
no auto-summary Disables automatic summarization
default-information originate Generates a default route into RIP
Sets the specified interface to passive RIP mode,
passive-interface interface which means RIP routing updates are accepted by,
but not sent out of, the interface
show ip rip database Displays the contents of the RIP routing database
ip nat [inside | outside] Configure Network Address Translation (NAT),
which allows private IP addresses on a local

ip nat inside source {list{access-list-
number | access-list-name}} interface type identify the traffic that will be subject to NAT.
number[overload]
ip nat inside source static local-ip global-ip
vlan
switchport access vlan
switchport trunk encapsulation dot1q
switchport access
vlan vlan-id [name vlan-name]
switchport mode { access | trunk }
switchport trunk {encapsulation { dot1q } in trunking mode. In this mode, the switch supports
encapsulation dot1q vlan-id
show spanning-tree
network to be translated into public IP addresses
before being sent over the internet
Establishes dynamic source translation. Use of
the “list” keyword enables you to use an ACL to
The “overload” option enables the router to use one
global address for many local addresses.
Establishes a static translation between an inside
local address and an inside global address
Creates a VLAN and enters VLAN configuration
mode for further definitions
Sets the VLAN that the interface belongs to.
Specifies 802.1Q encapsulation on the trunk link.
Configures a specific Ethernet port on a switch to
operate in access mode to accommodate an end
device such as a computer, server or printer. The
port must then be assigned to a single VLAN.
Configures a specific VLAN name (1 to 32
characters)
Configures the VLAN membership mode of a port.
The access port is set to access unconditionally and
operates as a non-trunking, single VLAN interface
that sends and receives non-encapsulated (non-
tagged) frames. An access port can be assigned to
only one VLAN. The trunk port sends and receives
encapsulated (tagged) frames that identify the
VLAN of origination. A trunk is a point-to-point
link between two switches or between a switch and
a router.
Sets the trunk characteristics when the interface is
simultaneous tagged and untagged traffic on a port.
Defines the matching criteria to map 802.1Q
frames ingress on an interface to the appropriate
service instance
Provides detailed information about the Spanning
Tree protocol for all VLANs

DHCP Commands
ip address dhcp Acquires an IP address on an interface via DHCP
Used to configure a DHCP address pool on a
ip dhcp pool name DHCP server and enter DHCP pool configuration
mode
domain-name domain Specifies the domain name for a DHCP client

network network-number [mask]
ip dhcp excluded-address ip-address [last- Specifies IP addresses that a DHCP server should
ip-address]
ip helper-address address
default-router address[address2 ...
address8]
Security Commands
password pass-value
username name password pass-value
enable password pass-value
enable secret pass-value
service password-encryption
ip domain-name name
crypto key generate rsa
transport input {telnet | ssh}
access-list access-list-number {deny |
permit} source [source-wildcard] [log]
access-class
ip access-list {standard | extended} {access-
list-name | access-list-number}
permit source [source-wildcard]
deny source [source-wildcard]
Configures the network number and mask for a
DHCP address pool primary or secondary subnet
on a Cisco IOS DHCP server
not assign to DHCP clients
Enables forwarding of UDP broadcasts, including
BOOTP, received on an interface
Specifies the default routers for a DHCP client
Lists the password that is required if
the login command (with no other parameters) is
configured
Defines one of possibly multiple user names and
associated passwords used for user authentication.
It is used when the login local line configuration
command has been used
Defines the password required when using
the enable command
Sets the password required for any user to enter
enable mode
Directs the Cisco IOS software to encrypt the
passwords, CHAP secrets and similar data saved in
its configuration file
Configures a DNS domain name
Creates and stores (in a hidden location in flash
memory) the keys that are required by SSH
Defines whether Telnet or SSH access is allowed
into this switch. Both values can be specified in a
single command to allow both Telnet and SSH
access (default settings)
Defines a standard IP access list
Restricts incoming and outgoing connections
between a particular VTY (into a basic Cisco
device) and the addresses in an access list
Defines an IP access list by name or number
Allows a packet to pass a named IP ACL. To
remove a permit condition from an ACL, use
the “no” form of this command.
Used to set conditions in a named IP ACL that will
deny packets. To remove a deny condition from an

ntp peer <ip-address>
switchport port-security
switchport port-security
maximum maximum
switchport port-security mac-
address {mac-addr | {sticky [mac-addr]}}
switchport port-security
violation {shutdown | restrict | protect}
show port security [interface interface-id]
Monitoring and Logging Commands
logging ip address
logging trap level
show logging
terminal monitor
ACL, use the “no” form of this command.
Configures the software clock to synchronize a peer
or to be synchronized by a peer
Enables port security on the interface
Sets the maximum number of secure MAC
addresses on the port
Adds a MAC address to the list of secure MAC
addresses. The “sticky” option configures the MAC
addresses as sticky on the interface
Sets the action to be taken when a security violation
is detected
Displays information about security options
configured on the interface
Configures the IP address of the host that will
receive the system logging (syslog) messages
Used to limit messages that are logged to the syslog
servers based on severity. Specify the number or
name of the desired severity level at which
messages should be logged
Displays the state of system logging (syslog) and
the contents of the standard system logging buffer
Sends a copy of all syslog messages, including
debug messages, to the Telnet or SSH user who
issues this command