Cisco IOS is used to operate and Cisco CLI is used to manage almost all Cisco equipment. Cisco device management is simplified because the core CLI commands are the same for all of them. The basic instructions for configuring, securing, and troubleshooting Cisco network equipment are described on this Cisco commands check list.
|
Configuration Commands |
|
|
Command |
Function |
|
enable |
This command puts you in enable mode, often known as
user exec mode or privileged mode. |
|
configure terminal |
logs you as a
configuration user |
|
interface fastethernet/number |
Enters interface
configuration mode for the fast ethernet interface specified. |
|
reload |
reboots a Cisco
switch or router |
|
hostname name |
Gives the current
Cisco network device's host name. |
|
copy from-location to-location |
copies files from
one file location to another |
|
copy running-config startup-config |
saves the active
config, replacing the startup config when a Cisco network device initializes |
|
copy startup-config running-config |
merges the
startup config with the currently active config in RAM |
|
write erase erase startup-config |
deletes the
startup config |
|
ip address ip-address mask |
Assigns an IP
address and a subnet mask |
|
shutdown no shutdown |
"Shutdown"
turns off the interface, while "no shutdown" turns it back on. |
|
ip default-gateway ip_address |
Specifies the
default gateway on a Cisco device. |
|
show running-config |
displays the
current configuration |
|
description name-string |
describe or name
an interface |
|
show running-config interface interface
slot/number |
show the current
configuration of a specific interface |
|
show ip interface [type number] |
Displays the
usability status of IP-configured interfaces. |
|
ip name-server serverip-1 serverip-2 |
sets the IP
addresses of DNS servers |
|
Troubleshooting Commands |
|
|
Command |
Function |
|
ping {hostname | system-address}
[source source-address] |
Used in enable mode to diagnose basic network
connectivity |
|
speed {10 | 100 | 1000 | auto} |
An interface mode command that manually
sets the speed to the specified value or negotiates it automatically |
|
duplex {auto | full | half} |
An interface mode command that manually
sets duplex to half, full or auto |
|
cdp
run no cdp run |
A configuration mode command that
enables or disables Cisco Discovery Protocol (CDP) for the device |
|
speed {10 | 100 | 1000 | auto} |
An interface mode command that manually
sets the speed to the specified value or negotiates it automatically |
|
duplex {auto | full | half} |
An interface mode command that manually
sets duplex to half, full or auto |
|
cdp
run no cdp run |
A configuration mode command that
enables or disables Cisco Discovery Protocol (CDP) for the device |
|
speed {10 | 100 | 1000 |
auto} |
An interface mode command that manually
sets the speed to the specified value or negotiates it automatically |
|
duplex {auto | full | half} |
An interface mode command that manually
sets duplex to half, full or auto |
|
cdp
run no cdp run |
A configuration mode command that
enables or disables Cisco Discovery Protocol (CDP) for the device |
|
speed {10 | 100 | 1000 | auto} |
An interface mode command that manually
sets the speed to the specified value or negotiates it automatically |
|
show
vlan show vlan brief |
Lists each VLAN and all interfaces
assigned to that VLAN but does not include trunks |
|
show vtp status |
Lists the current VTP status, including
the current mode |
|
show
vlan show vlan brief |
Lists each VLAN and all interfaces
assigned to that VLAN but does not include trunks |
|
Routing and VLAN Commands |
|
|
Command |
Function |
|
ip routenetwork-number network-mask
{ip-address | interface} |
Sets a static route in the IP routing
table |
|
router rip |
Enables a Routing Information Protocol
(RIP) routing process, which places you in router configuration mode |
|
network ip-address |
In router configuration mode, associates
a network with a RIP routing process |
|
version 2 |
In router configuration mode, configures
the software to receive and send only RIP version 2 packets |
|
no auto-summary |
In router configuration mode, disables
automatic summarization |
|
default-information originate |
In router configuration mode, generates
a default route into RIP |
|
passive-interface interface |
In router configuration mode, sets only
that interface to passive RIP mode. In passive RIP mode, RIP routing updates
are accepted by, but not sent out of, the specified interface. |
|
show ip rip database |
Displays the contents of the RIP routing
database |
|
ip nat [inside | outside] |
An interface configuration mode command
to designate that traffic originating from or destined for the interface is
subject to NAT |
|
ip nat inside source {list{access-list-number | access-list-name}} interface type
number[overload] |
A configuration mode command to
establish dynamic source translation. Use of the “list” keyword
enables you to use an ACL to identify the traffic that will be subject to
NAT. The “overload” option enables the router to use one global address
for many local addresses. |
|
ip nat inside source static local-ip
global-ip |
A configuration mode command to
establish a static translation between an inside local address and an inside
global address |
|
vlan |
Creates a VLAN and enters VLAN
configuration mode for further definitions |
|
switchport access vlan |
Sets the VLAN that the interface belongs
to. |
|
switchport trunk encapsulation dot1q |
Specifies 802.1Q encapsulation on the
trunk link. |
|
switchport access |
Assigns this port to a VLAN |
|
vlan vlan-id [name vlan-name] |
Configures a specific VLAN name (1 to 32
characters) |
|
switchport mode { access |
trunk } |
Configures the VLAN membership mode of a
port. The access port is set to access unconditionally and operates as a
non-trunking, single VLAN interface that sends and receives non-encapsulated
(non-tagged) frames. An access port can be assigned to only one VLAN. |
|
switchport trunk {encapsulation {
dot1q } |
Sets the trunk characteristics when the
interface is in trunking mode. In this mode, the switch supports simultaneous
tagged and untagged traffic on a port. |
|
encapsulation dot1q vlan-id |
A configuration mode command that
defines the matching criteria to map 802.1Q frames ingress on an interface to
the appropriate service instance |
|
DHCP Commands
|
|
|
Command |
Function |
|
ip address dhcp |
A configuration mode command to acquire
an IP address on an interface via DHCP |
|
ip dhcp pool name |
A configuration mode command to
configure a DHCP address pool on a DHCP server and enter DHCP pool
configuration mode |
|
domain-name domain |
Used in DHCP pool configuration mode to
specify the domain name for a DHCP client |
|
network network-number [mask] |
Used in DHCP pool configuration mode to
configure the network number and mask for a DHCP address pool primary or
secondary subnet on a Cisco IOS DHCP server |
|
ip dhcp excluded-address ip-address [last-ip-address] |
A configuration mode command to specify
IP addresses that a DHCP server should not assign to DHCP clients |
|
ip helper-address address |
An interface configuration mode command
to enable forwarding of UDP broadcasts, including BOOTP, received on an
interface |
|
default-router address[address2 ...
address8] |
Used in DHCP pool configuration mode to
specify the default router list for a DHCP client |
|
Security Commands |
|
|
Command |
Function |
|
passwordpass-value |
Lists the password that is required if
the login command (with no other parameters) is configured |
|
username name password pass-value |
A global command that defines one of
possibly multiple user names and associated passwords used for user
authentication. It is used when the login local line configuration
command has been used. |
|
enable password pass-value |
A configuration mode command that defines
the password required when using the enable command |
|
enable secretpass-value |
A configuration mode command that sets
this Cisco device password that is required for any user to enter enable mode |
|
service password-encryption |
A configuration mode command that
directs the Cisco IOS software to encrypt the passwords, CHAP secrets, and
similar data saved in its configuration file |
|
ip domain-name name |
Configures a DNS domain name |
|
crypto key generate rsa |
A configuration mode command that
creates and stores (in a hidden location in flash memory) the keys that are
required by SSH |
|
transport input {telnet | ssh} |
Used in vty line configuration mode, defines
whether Telnet or SSH access is allowed into this switch. Both values can be
specified in a single command to allow both Telnet and SSH access (default
settings). |
|
access-list access-list-number {deny
| permit} source [source-wildcard] [log] |
A configuration mode command that
defines a standard IP access list |
|
access-class |
Restricts incoming and outgoing
connections between a particular vty (into a basic Cisco device) and the
addresses in an access list |
|
ip access-list {standard | extended}
{access-list-name | access-list-number} |
A configuration mode command that
defines an IP access list by name or number |
|
permit source [source-wildcard] |
Used in ACL configuration mode to set
conditions to allow a packet to pass a named IP ACL. To remove a permit
condition from an ACL, use the “no” form of this command. |
|
deny source [source-wildcard] |
Used in ACL configuration mode to set
conditions in a named IP ACL that will deny packets. To remove a deny
condition from an ACL, use the “no” form of this command. |
|
ntp peer <ip-address> |
Used in global configuration mode to
configure the software clock to synchronize a peer or to be synchronized by a
peer |
|
switchport port-security |
Used in interface configuration mode to
enable port security on the interface |
|
switchport port-security
maximum maximum |
Used in interface configuration mode to
set the maximum number of secure MAC addresses on the port |
|
switchport port-security
mac-address {mac-addr | {sticky [mac-addr]}} |
Used in interface configuration mode to
add a MAC address to the list of secure MAC addresses. The “sticky” option
configures the MAC addresses as sticky on the interface. |
|
switchport port-security violation {shutdown | restrict | protect} |
Used in interface configuration mode to
set the action to be taken when a security violation is detected |
|
show port security [interface
interface-id] |
Displays information about security
options configured on the interface |
|
Monitoring and Logging Commands |
|
|
Command |
Function |
|
logging ip address |
Configures the IP address of the host
that will receive the system logging (syslog) messages |
|
logging trap level |
Used in configuration mode to limit
messages that are logged to the syslog servers based on severity. Specify the
number or name of the desired severity level at which messages should be
logged. |
|
show logging |
Enable mode command that displays the
state of system logging (syslog) and the contents of the standard system
logging buffer. |
|
terminal monitor |
An enable mode command that tells Cisco
IOS to send a copy of all syslog messages, including debug messages, to the
Telnet or SSH user who issues this command |
