Skip to main content

Cisco Command - Cheat Sheet

A comprehensive reference guide for CISCO CCNA CLI commands, both basic and advanced.

Cisco Modes

Router>User mode
Router#Privilege mode
Router(config)#Global Config mode
Router(config-if)Interface mode
Router(config-vlan)#Vlan config mode
Router(config-router)#router config mode

Basic Commands

enableEnters privilege mode
configure terminalEnters configuration mode
description <name-string>Sets a description to the interface
hostname nameSets a host name to the current Cisco network device
interface fastethernet/numberEnters interface configuration mode for the specified fast ethernet interface
default interface <interface>Rests the specified interface to its default configuration
copy from-location to-locationcopie a file (or set of files) from one location to another
copy running-config startup-configIt saves the configuration when the device reloads, it loads the latest configuration file
copy startup-config running-configSaves the startup configuration into the running configuration
write / write memorySave the current configuration
write erase / erase startup-configDeletes the startup config
reloadReboots the device
exit / endReturns to previous mode
logout/ disableExit User mode
shutdownShuts down the interface
no shutdownturns up the interface

Basic show Commads

show running-configDisplays the current configuration
show startup-configDisplays the configuration at startup
show interfacesDisplays detailed information about interface status
show ip protocolsDisplays all the configured routing protocols
show ip interfaceDisplays the status for each interface
show interface statusDisplays the interface line status
show mac address-tableDisplays the MAC address table
show interfaces trunkDisplays trunk ports
show interfaces <interface> switchportDisables the switchport configuration

Multilayer Switch Config Commands

ip routingEnables layer 3 routing on a switch
no switch portConfigures the interface as a routed port

VLAN Config Commands

vlan vlan-idEnter to Config vlan mode
show vlan/ show vlan briefLists each VLAN and all interfaces assigned to that VLAN but does not include trunks
switchport trunk native vlan <vlan-number>Configures the native VLAN on a trunk port
switchport mode trunk/accessSet the interface link type as a trunk or access
show interfaces trunkDisplays information about the operational trunks along with their VLANs
encapsulation dot1q <vlan-number>Configures the VLAN number on a router subinterface
encapsulation dot1q <vlan-id> nativeConfigures the native VLAN on a router subinterface
switchport trunk encapsulation dot1qSets the 802.1Q encapsulation on the trunk port
switchport voice vlan <vlan id>Configures a voice VLan

DTP & VTP Config Commands

switchport mode dynamicConfigures DTP
switchport mode dynamic auto / desirableConfigures dynamic mode
switchport nonegotiateDisables DTP negogotiation on an interface
vtp mode < client / server / tranparent>Configure VTP mode
vtp versionChanges the VTP version
vtp domain <domain name>Changes the VTP domain name
show vtp statusDisables VTP Config

RIP Config Commands

router ripEnters RIP Config mode
version 2RIP version 2
maximum-paths <number>Modifies the number of paths RIP will perform ECMP load-balancing over
no auto-summaryModifys the default RIPv2 behavior of automatic summarization
default-information originateGenerates a default route
show ip rip databaseDisplays the contents of the RIP routing database
debug ip ripEnables RIP debugging

EIGRP Config Commands

router eigrp <Autonomous system number> Enters EIGRP config mode
network ip-address [ wildcard-mask ]Enables EIGRP on interfaces in the specified range
eigrp router idConfigures EIGRP router ID
no auto-summary Modifys the default EIGRP behavior of automatic summarization
show ip eigrp neighborsDisables EIGRP neighbors

OSPF Config Commands

router ospf numberEnters OSPF config mode
passive-interface interfaceStops sending 'Hello' messages of the specified interface
router-id numberSets an OSPF router ID in ip format
clear ip ospfRests OSPF
auto-cost bandwidth megabits per secondChange the refrence bandwidth
ip ospf cost costManually configure the OSPF cost
ip ospf [process-id] area [area]Activates OSPF on an interface
ip priority [Priority]Changes the OSPF interface priority
ip ospf processRests the OSPF process
ip ospf network typeManually configure the network type
ip ospf databaseDisplays the contents of the OSPF routing database
bandwidth <bandwidth in kilobits>Changes the interface bandwidth
ip ospf authenticationEnables authentication
ip ospf authentication-key <password>Configures an OSPF password on an interface
show ip interface ospf briefDisables each OSPF-enabled interface
show ip ospf interface interfaceDisplays the specified OSPF interface
show ip ospf neighborDisables OSPF neighbors

HSRP Config Commands

standby group numberConfigures HSRP
standby version 2HSRP version 2
standby <group number> ip IP addressConfigures the virtual IP address
standby <group number> priority valueManually configure the active router
standby <group number> preemptEnables preemption
show standbyDisplays global information for HSRP

IPv6 Config Commands

ipv6 unicat-routingEnables IPv6 routing
ipv6 address <address/prefix> eui-64Configures an IPv6 address
ipv6 address autoconfig
ipv6 enableEnables IPv6
show ipv6 nterface brief
show ipv6 neighborDisplays IPv6 neighbor table
show ipv6 routeDisplays the IPv6 routing table

ACLs Config Commands

access-list <number> {deny / permit} ip wildcard maskConfigures a basic standard ACL
ip access-list standard <acl-name>Enters standard ACL config mode
[entry number] {deny / permit} ip wildcard maskConfigures a named ACL
access-list <number> remark <remark>Adds a remark to an ACL
ip access-group <number> {in / out}Applys the ACL to an interface
<permit / deny> ip any anyCreates an extended ACL entry to permit or deny all traffic
show access-listDisplays all the configured ACLs
show ip access-listDisplays only IP ACLs

STP Config Commands

spanning-tree portfastEnables portfast
spanning-tree portfast defaultEnables portfast on all access ports
spanning-tree portfast bpdguard defaultEnables BPDU Gurad on all portfast interfaces
spanning-tree bpdguard enableEnbales BPDU Gurad
spanning-tree mode modeConfigures STP mode
spanning-tree vlan <vlan number> root primaryConfigures the root bridge
spanning-tree vlan <vlan number> root secondaryConfigures the secondary root bridge
spanning-tree vlan <vlan-id> cost <cost>Configures the STP cost of an interface
spanning-tree vlan <vlan-id> port-priority priorityConfigures the STP priority of an interface
show spanning-treeDisplays global information for STP

RSTP Config Commands

spanning-tree mode rapid-pvstEnables rapid PVST mode
spanning-tree portfastConfigures a switchport as an RSTP edge port
spanning-tree link-type <point-to-point / shared>Configures the RSTP switchport link type

Etherchannel Config Commands

interface port-channel <channel-group>Enters interface config mode for the specified port channel
channel-group <interface id> mode < active / desirable / on / passive / auto >Configures an interface to be part of an Etherchannel
channel protocol <lacp / pagp >Manually configures the Etherchannel negotiation protocol
port channel load-balance < src-mac / dst-mac / src-dst-mac / dst-ip / src-ip / src-dst-ip >Configures the Etherchannl load-balancing method
show etherchannel summaryDisplayes the summary of the etherchannels
show etherchannle port-channelDisplays information about virtual port-channel interfaces
show etherchannel load-balanceDisplays information about the load-balancing settings

CDP Config Commands

cdp runEnables cdp
cdp enableEnables cdp
cdp timerConfigres the CDP timer
cdp holdtime secondsConfigures cdp holdtimer
cdp advertise-v2Configres CPDv2
show cdpDisplays global information for CDP
show cdp trafficDisplayes the cdp trafic
show cdp neighborsDisplays all CDP neighbors
show cdp entry <hostname>Shows detailed information for a specific CDP neighbor

LLDP Config Commands

lldp runEnables LLDP
lldp transmitEnables LLDP transmition on a specfic interface
lldp receiveEnables LLDP to revceive
lldp timer secondsConfigures the LLDP timer
lldp holdtime secondsConfigures LLDP holdtimer
lldp reinit secondsConfigures the LLDP reinit timer
show lldpDisplays global information for LLDP
show lldp trafficDisplayes the LLDP trafic
show lldp neighborsDisplays the list of LLDP neighbors
show lldp neighbors detailDisplays more details from the list of LLDP neighbors

Clock & NTP Config Commands

clock set hh:mm:ss {day/month} {month/day} yearManually configure the software clock
calendar set hh:mm:ss {day/month} {month/day} yearManually configure the hardware clock
clock timezone <name of time zone> [minuits-offest]Configures the timezone
clock update calendarSynchronizes the hardware to the software's time
clock read calenderSynchronizes the software to the calender's time
clock summer-time reccuring <name> <start> <end> [offest]Automatically configure summer time
ntp server <IP>Configures ntp server
ntp master [number]Manually configure an device to act like an ntp sever
ntp peer <IP address>Symmetric active mode
ntp authenticateEnable NTP authentication
ntp authentication-key <key number> md5 <key>Create the authentication key(s)
ntp trusted-key <key-number>Specified which key(s) is trusted
show clockView the time
show clock detailView the time source of the device
show calendarView the calendar
show ntp statusView the ntp status
show ntp associationsView all the servers you configured

SNMP Config Commands

snmp-server contact contactConfigures contact infomation
snmp-server location locationConfigures the location of the SNMP server
snmp-server community <string> roConfigures the community strings (read only)
snmp-server community <string> rwConfigures the community strings (read/write)
snmp-server host <host> version 2c <string>Configures the NMC address
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps config

SYSLOG Config Commnads

logging console levelConfigures logging to the console line
logging monitor level key-wordConfigures logging to the VTY lines
logging buffered size levelConfigures logging to the buffer
logging <server-ip>/ logging host <server-ip>Configures logging to an external server
logging trap <level>Limits messages that are logged to the syslog servers based on severity
logging synchronusPrevents every logging output from immediately interrupting the console session
terminal monitorSends a copy of all syslog messages to Telnet or SSH
service timestamps log datetime / uptimeEnables timestamps
service squence-numbersEnable squence numbers
show loggingDisplays the device's logs

Console Port Security Commands

line console 0Enters console configuration mode
passowrd <passowrd>Sets up a passowrd
loginRequires a user to enter the passowrd to access the CLI
login locallogin with the username
exec-timeout <minuits> <seconds>Log out after a certain period of incativity

SSH Config Commands

crypto key generate rsaCreates the keys that are required by SSH
ip ssh version 2Restricts SSH version 2 only
ip domain name <name>Configures a domain name
tranport input sshLimits connection to SSH only
show ip sshShows if SSH is enabled or not
line vty 0 15Access all VTY lines

FTP & TFTP Config Commands

ip ftp username <username>Configures a username
ip ftp password <pasword>Configures a passowrd
copy ftp: flash:Copies files from a FTP server the device flash
copy tftp: flash:Copies files from a TFTP server the device flash
boot system flash <file name>Configures the new IOS
delete flash:<file name>Deletes a file
show file systemsView the file systems on a CISCO IOS
show flashView the contents of flash

NAT Config Commands

ip nat inside / outsideDesignatea an inside or outside interface
ip nat inside source <inside local ip> <inside global ip>Configures the one-to-one ip mappings
ip nat inside source list <acess-list> pool <pool-name>Configures dynamic NAT by mapping to the ACL pool
ip nat inside source list <acess-listacess-list> pool <pool-name> overloadConfigures PAT
ip nat inside source list <acess-list> interface <interface> overloadConfigures PAT
ip nat pool <pool>Creates a NAT pool
show ip nat translations
show ip nat statistics
clear ip nat translation *Clears the NAT translation table

Voice vlan Commands

switchport voice vlan <vlan-id>Configures a voice VLAN

Port security Commands

switchport port-securityEnables port security
switchport port-security mac-address <mac address>Adds a MAC address to the list of secure MAC addresses
switchport port-security aging time <minutes / inactivity>Configures the aging time
switchport port-security aging type <absolute / inactivity>Configures the the aging type
switchport port-security aging static
switchport port-security violation <shutdown / restrict / protect>Sets the action to be taken when a security violation is detected
switchport port-security maximum maximumSets the maximum number of secure MAC addresses on the port
switchport port-security mac-address stickyEnables sticky secure mac address
switchport port-security mac-address sticky <mac address>Configures a sticky mac address
errdisable recovery cause psecure-violationRe-enables an interface
show port-securityDisplays the port security interfaces
errdisable recovery interval <seconds>Configures the timer interval
show port-security interface <interface>Displays information about security options configured on the interface
show errdisable recoveryDisplays reasons an interface is errdisabled

DHCP Snooping Commands

ip dhcp snoopingEnables DHCP snooping globally
ip dhcp snooping vlan <vlan-num>Enables DHCP snooping on the specified VLan
ip dhcp snooping trustConfigures an interface as a trusted port
ip dhcp snooping rate limit rate <packets per second>Configures DHCP rate limitation
errdisable recovery cause dhcp-rate-limitEnables errdisable recovery for DHCP rate limiting
no ip dhcp snooping information optionDisables DHCP option 82
show ip dhcp snooping biding

DAI Config Commands

ip arp inspection vlan <vlan-num>Enables DAI
ip arp inspection trustConfigures an interface as a trusted port
ip arp inspection validate <dst-mac / src-mac / ip>
ip arp inspection limit rate Configures DAI rate limiting
errdiable recovery cause arp-inspectionManually re-enable disabled interfaces
show ip arp inspectionDisplays the summury of the DAI configuration

Client DNS Config Check Commands

Windows Commads

ipconfig /displaydnsView the DNS cache
ipconfig /flushdnsClears the DNS cache

IOS Commands

ip dns serverConfigures a router as a DNS server
ip host <host> <IP address>Configures a list of mappings
ip name-server <IP address>Configures an external DNS server
ip domain-name nameConfigures a DNS domain name
ip domain lookupEnables DNS lookup
show hostsDisables the configured and learned hosts

DHCP Config Commands

Windows Commads

ipconfig /releaseReleases the DHCP learned IP address
ipconfig /renewGets an IP address from a DHCP server

IOS Commands

ip dhcp excluded-address <low-address> <high-address>Specifies IP addresses that a DHCP server should not assign to DHCP clients
ip dhcp pool nameCreates a DHCP pool / Entres DHCP config mode
network <network-number> <mask>Configures the network number and mask for a DHCP address pool
default-router <address>Specifies the default router list for a DHCP client
lease days hours minutsConfigures the lease time
lease infinit
show dhcp bidingDisplays all of the DHCP clients
ip helper-address addressConfigure a DHCP relay-agent
ip address dhcpConfigures a DHCP client