Commands List

Commands Use Commands Use Commands Use

GENERAL COMMANDS
line console 0 Enters the console line configuration show history Displays command history. show ap config global Displays global AP configuration
settings.
line vty 0 14 Enters the virtual terminal line [no] logging console Enables or disables console show ap config lap-name Displays configuration for a
configuration logging. specific LAP.
[show] ip default-gateway Shows or Configures the default- exec-timeout minutes Sets the inactivity timeout for the show ap config crash-file Displays the LAP crash file
gateway. console. configuration.
seconds
hostname hostname Set the device hostname show ap config core-dump Displays the core dump
lap-name configuration for a specific LAP.
ip domain-name Configure the default domain name logging synchronous Synchronizes log messages with logging {console I buffered Configures console logging
[Link] command entry. Prevents output I trap} {level_name I levels and destinations.
from interrupting your level_number}
commands.
ip address ip netmask Sets static ip of the interface show logging Displays the system logging [no] service timestamp Enables or disables timestamp
messages. in log messages.
write erase I erase start-up Erases startup configuration. Factory transport preferred none Sets no preferred transport [no] service sequence- Enables or disables sequence
reset method for connections. numbers in log messages.
config I erase nvram numbers
show interface interface Display detailed information about a errdisable recovery cause Specifies the causes for Errdisable verify md5 filename Verifies the MD5 hash of a file.
specific interface recovery.
[bpduguard I dhcp-rate- md5hash
limit I arp-inspection I
psecure-violation]
interface [interface I vlan ] Enters configuration mode of the errdisable recovery Sets the interval for Errdisable show flash Displays information about the
interface recovery. flash memory.
interval seconds
show arp Shows ARP cache copy source destination
Copies files
SWITCH
show mac address-table Displays the MAC address table entries speed {10 | 100 | 1000 | Sets speed setting for an interface no switchport Configures a Level 3 Switch port for
on the switch auto} Layer 3 routing.
[dynamic I static I vlan I
interface I address I secure]
show mac address-table Displays the aging time for MAC address duplex {full | half |auto} Sets duplex setting for an interface
entries
aging-time [vlan]
show mac address-table Displays the total number of MAC sdm prefer lanbase- Enables LAN Base routing features
address entries with SDM preference set to "lanbase-
count routing
routing."
show interface status Displays the status and basic ip routing Enables IP routing on the Level 3
configuration of all switch interfaces switch.
SECURITY
log in [local] Configures password security by no ssh -1 username address Verifies the status of SSH Server service-password Enables encryption for
username or local usernames passwords in the configuration
encryption
file.
 [no] password password Removes the password or adds the show ip ssh Displays SSH configuration switchport port-security Sets the violation action for port
password for local password type details. violation {protect I restrict I security to protect, restrict, or
shutdown} shutdown.
enable secret pass Sets the secret for entering privileged transport input [ssh I Specifies the allowed transport show port-security
EXEC mode protocols for remote access, Displays port security
telnet I all ] interface ifname
including SSH, Telnet, or all information for a specific
protocols. interface.
enable password pass Sets the password for entering enable algorithm-type Enables SSH with specified config-register 0x2120
privileged EXEC mode algorithm and password.
[md5 I sha256 I scrypt]
For username type replace enable with
secret password username user
crypto key generate rsa Generate RSA encryption keys for SSH switchport port-security Enables port security on a confreg 0x2142
config
[modulus len] switchport. reset
ip ssh version 2 Enable SSH version 2 for secure remote switchport port-security Sets the maximum number of config-register 0x2102
access
maximum n secure addresses.
VLANS AND STP
show vlan brief Displays a summary of VLANs on all vtp primary Sets the switch as the primary show etherchannel load- Shows the load-balancing
interfaces. VTP server. balance method for an EtherChannel.
show vlan Displays detailed information about vtp password password channel-group n mode on Configures an EtherChannel
VLANs. Configures the VTP password. statically.
show interfaces trunk [no] spanning-tree channel-group n mode Configures an EtherChannel
Shows trunking status of all bpduguard default Configures BPDUGuard with [ active I passive] with active or passive
interfaces. default settings. negotiation.
show interfaces name Displays information about spanning-tree bdpuguard channel-group n mode Configures an EtherChannel
switchport switchport configurations for a [enable I disable] Enables or disables BPDUGuard [desirable I auto] with desirable or auto
specified interface. on an interface. negotiation.
vlan name port-channel load-balance Configures the load-balancing
Assigns a name to a VLAN. method method for an EtherChannel.
switchport access vlan n [no] spanning-tree test etherchannel load-
portfast default balance interface port-
Configures PortFast with channel n {ip I mac I port} Tests the load-balancing method
Sets the VLAN for an access port. default settings. src dest for an EtherChannel interface.
switchport mode [access I spanning-tree portfast switchport trunk allowed Specifies allowed vlans on a
trunk I dynamic auto I vlan vlan,vlan trunk interface
dynamic desirable ] Configures the switchport mode. Enables PortFast on an interface.
switchport trunk spanning-tree portfast switchport nonegotiate Disables DTP negotiation on an
encapsulation [dot1q I isl I Configures the encapsulation [network I disable] Configures PortFast for network interface
negotiate] method for a trunk port. interfaces or disables it.
switchport voice vlan n spanning-tree guard
[default I disable I root I
Configures the voice VLAN for a
port. loop] Configures Root Guard settings.
show vtp status spanning-tree mode [pvst Configures the STP mode (PVST,
Shows the VTP status on the switch. I rapid-pvst I mst] Rapid-PVST, MST).
 spanning-tree vlan n Configures the root bridge for a
[primary I secondary] root specific VLAN.
vtp version number spanning-tree [vlan n] root Configures the bridge priority for spanning-tree [ vlan vlan-id ]
Configures the VTP version. cost x a specific VLAN. priority value
vtp mode {client I server I Sets the VTP mode (client, server, show etherchannel Shows the summary of
transparent I off} transparent, off). summary configured EtherChannels.
vtp domain name show etherchannel n port- Displays detailed information
Configures the VTP domain name. channel about an EtherChannel.
IPv4 AND IPv6 ROUTING
show ip interface brief encapsulation dot1q n Configures a subinterface with a ipv6 address autoconfig Enables automatic IPv6 address
Displays a brief summary of IP native native VLAN for 802.1Q configuration.
interfaces. encapsulation.
ip route ip mask Adds a static route to the IP routing ipv6 unicast-routing Enables IPv6 unicast routing ipv6 address address link- Assigns a link-local IPv6 address
interface/next-hop table. globally on the router. local to an interface.
show ip route [type] Displays IP routes with optional show ipv6 interface brief Displays a brief overview of IPv6 ipv6 enable Enables IPv6 on an interface.
filtering by type. interfaces and their statuses.
show ip route [address] Shows all ip routes for specific show ipv6 route [type I Displays IPv6 routes of a specific ipv6 route address/length Adds an link local IPv6 route.
[mask / prefix] address and for a subnet without address] type and address. ifname next-hop Ifname is out-going interface
mask and with mask respectively.
no ip route ip mask Removes a specific route from the show ipv6 interface Displays detailed information ipv6 route address/length Adds an global unicast or unique
interface/next-hop IP routing table. [name] about a specific IPv6 interface. next-hop local IPv6 route
show vlans Displays information about vlans ipv6 address Configures an IPv6 address with a show ipv6 neighbours Displays the IPv6 neighbors
address/prefix-length specified prefix length.
interface G0/1.10 Configures a sub-interface on G0/1 ipv6 address address/64 Configures an IPv6 address with a router eigrp number Enables EIGRP on a router
eui-64 /64 prefix using EUI-64
addressing.
encapsulation dot1q vlan-n Configures encapsulation for Vlan ipv6 address dhcp Configures an IPv6 address using passive-interface interface Configures a EIGRP passive
tagging on interface DHCPv6. interface on a router
OSPF
router ospf process-id OSPF configuration for a router with show ip route ospf Displays OSPF routes in the ip ospf priority n Sets OSPF priority for router
a specific process ID. routing table. participation.
network ip address wildcard Configures OSPF on a network with show ip ospf rib Displays OSPF routing ip ospf network [broadcast Configures OSPF network type.
area area-no a specified IP address, wildcard information in the RIB. I point-to-point I non-
mask, and area. broadast I point-to-
multipoint I point-to-
multipoint non-broadcast]
ip ospf process-id area area- Assigns an interface to a specific [no] passive interface Configures or Disables passive auto-config reference- Sets OSPF auto-config reference
no OSPF process ID and area. name interface for a specified interface. bandwith speed bandwidth.
show ip ospf interface Displays OSPF information for a passive interface default Sets the default passive state for maximum-paths n Configures OSPF maximum
[ifname] specific interface. all interfaces. parallel paths.
show ip ospf neighbour Displays OSPF neighbor information default-information Advertises a default route into neighbor address Specifies OSPF neighbor by
[ifname] for a specific interface. orginate [always] OSPF. address.
ip ospf cost n Configures OSPF cost on an bandwith speed Configures bandwidth for an auto-cost reference- Configures reference bandwidth
 interface to influence routing interface. bandwith speed for an interface.
decisions.
IP SERVICES
ip address dhcp Obtains IP address dynamically from ip dhcp snooping limit Sets the rate limit for DHCP [no] lldp transmit Enables LLDP transmission to
DHCP server. rate n snooping. advertise local information to
neighboring devices.
show dhcp lease Displays DHCP lease information. show ip dhcp snooping Displays the DHCP snooping show [cdp I lldp] Displays information about CDP
binding binding information. or LLDP neighbors.
ip name-server server address Configures DNS server(s) on device ip arp inspection vlan n Enables ARP inspection on a show [cdp I lldp] neighbors Displays detailed information
[secondary-address] for name resolution. specific VLAN. [ifname] about CDP or LLDP neighbors on
a specific interface.
no ip domain-lookup Disables DNS domain lookup. ip arp inspection validate Configures ARP inspection ntp server { address I Configures an NTP server by
[dst-mac] [src-mac] [ip] validation parameters. name} specifying its address or
hostname.
ip helper-address server-ip Specifies a helper address for DHCP ip arp inspection trust Sets an interface to trust for ARP ntp broadast client Configures the device as an NTP
requests. inspection. broadcast client to receive time
updates.
ip dhcp pool pool-name Enters DHCP pool configuration show ip arp inspection Displays ARP inspection statistics. ntp master [stratum] Configures the device as an NTP
mode. statistics master with an optional stratum
level.
ip dhcp excluded-address Excludes specific addresses from ip arp inspection limit rate Configures ARP inspection rate
low-address [high-address] DHCP allocation. [ n I none] limiting.

network address subnet Defines network address and access-list ID {permit I Defines an access list with source ntp peer {address I Configures the device to peer
mask subnet mask for DHCP pool. deny} source-ip wildcard IP and wildcard. hostname} with another NTP server.
default-router address Specifies default gateway for DHCP access-list name { permit I Defines an access list with source clock set HHH:MM:SS Day Sets the system clock with the
clients. deny } protocol src-ip src- and destination details. Month Year specified time and date.
wildcard eq port dest-ip
dest-wildcard eq port
dns-server address Configures DNS server for DHCP ip access-list {standard I Defines an IP access list, either clock timezone timezone Configures the time zone and
clients. extended} {ID I name} standard or extended. hour_offset [minute_offset] offset for the server
ip dhcp snooping Enables DHCP snooping globally. no seqeuence Removes a sequence from an clock summer-time Configures daylight saving time
access list. timezone [recurring] (DST) settings for the server.
ip dhcp snooping vlan n Enables DHCP snooping on a New-Style configuration uses the same commands but
specific VLAN. starts with permit and deny
no ip dhcp snooping Disables DHCP option information seq rule Modifies or adds rules to the ntp authenticate Enables NTP authentication for
information option insertion. sequence clients secure time
synchronization.
 ip dhcp snooping trust Marks an interface as trusted for ip access-group [ID I Applies an access control list to ntp authentication-key Sets an MD5 authentication key
DHCP snooping. name] {in I out} an interface (inbound or key-number md5 key for NTP.
outbound).
ip dhcp snooping untrust Marks an interface as untrusted for show ip Displays information about IP ntp trusted-key key- Specifies a trusted key for NTP
DHCP snooping. protocol configurations. number authentication.
ip nat inside Configures an interface as inside for show ntp status Shows the status of Network ntp server [address I name] Configures an NTP server with a
NAT. Time Protocol (NTP). key key-number specific authentication key.
ip nat outside Configures an interface as outside show ntp associations Displays the current NTP show cdp neighbors detail Displays detailed information
for NAT. associations. about CDP neighbors.
ip nat inside source static Performs static NAT mapping. show clock Shows the current system time. show cdp interface Shows CDP information for a
inside_local inside_global interface specific interface.
ip nat pool name Defines a pool of global addresses show [cdp I lldp] traffic Displays CDP or LLDP (Cisco show cdp entry name Displays detailed CDP
first_address last_address for dynamic NAT. Discovery Protocol) traffic information for a specific entry
network_id subnet_id information. by name.
ip nat inside source list {acl- Configures NAT [no] cdp run Enables or disables CDP globally.
number I acl-name} pool
pool-name
ip nat inside source list {acl- Configures NAT overload (PAT) [no] cdp enable Enables or disables CDP on an
name I acl-number} using a pool. interface.
interface name overload
show ip nat translations Displays NAT translations. {cdp I lldp} timer seconds Configures the timer interval for
CDP or LLDP updates in seconds.
clear ip nat translation Clears NAT translations. {cdp I lldp} holdtime Configures the holdtime interval
seconds for CDP or LLDP in seconds.
show ip nat statistics Displays NAT statistics. [no] lldp run Disables or enables LLDP globally.
debug ip nat Enables debugging for NAT. [no] lldp recieve Disables or enables LLDP
reception on an interface.
 Name First
Quadret Calculating Subnet ID – (IPv6 Prefix
divided by 4) = The resulting
Interface- FF01 hexadecimal digits + Remaining
Local Digits become 0

Link-Local FF02 Address Ranges by Wildcard Mask

Lowest Source address range = IP

Site-Local FF05
Highest Source Address Range = IP
Organization- FF08 address + Wildcard Mask
Local Calculating WildCard Address
Global FF0E Range=

(Wildcard Interest Octet +1 ) +

Subnet Mask Last bit defines the
Interest Octet
size of the subnet

1=128 Mac Address = 6 Byte 12 hexa-deicmal

2=192 MTU= 1500 bytes

3=224 OSPF Hello/Dead = 10/40

4=240 2.5Ghz = 1,6,11 Bands

5=248 Multi-Factor Authentication = Something you know +

Something you have
6=252
Port Protocol Application
7=254 Number
Multicast address Scope 20 FTP data TCP
Address First hex digits 8=255 21 FTP control TCP
type FF02::1 All nodes 22 SSH TCP
Global Any not FF02::2
RADUIS – encrypts only the password, UDP, All IPv6 routers 23 Telnet TCP
unicast otherwise combines authorization and authentication, Open 25 SMTP TCP
FF02::5 All OSPF routers
reserved, usually
OSPF – Higher Priority = Becomes 53 DNS UDP, TCP
TACAUS+ – encrypts the entire packet, TCP, AAA
2DR
or 3 FF02::6 All Designated Routers 67 DHCP Server UDP DHCP Server
68 DHCP Client UDP DHCP Client
Unique FD (most FF02::9 All RIPng routers
STP – Lower Priority = Becomes Root 69 TFTP UDP TFTP
local common) and FC FF02:A
Standard ACL: 1-99 and 1300-1999 All EIGRPv6 routers 80 HTTP (WWW) TCP HTTP (WWW)
Desirable/Auto – PAGP
Link-local FE80/10 FF02::1:1 All DHCP Relay Agents 110 POP3 TCP POP3
Active/Passive – LACP Extended ACL: 100-199 and 2000-2699 161 SNMP UDP
Multicast FF FF02::1:FF00:0/10 Neighbour Discovery 443 SSL, HTTP TCP
4 Protocol 514 Syslog UDP
 Aspect Methods Operation
Open Authentication Any client can authenticate without the need for credentials.
Authentication

Wired Equivalency Privacy (WEP) / Deprecated and insecure method using a pre-shared key for authentication; less secure than open
Shared-Key Authentication authentication with WEP.
LEAP Early Cisco proprietary method, deprecated, and insecure, used username/password with dynamic
802.1X WEP key.
Extensible Authentication Protocol
EAP EAP - FAST Cisco proprietary method; AS generates a Protected Access Credential (PAC) for supplicant
authentication.
PEAP AS presents a signed certificate; supplicant verifies and sets up a tunnel for authentication using
Authentication Protocol where the client
MSCHAPv2 or GTC.
authenticates with an Authentication
EAP - TLS Similar to PEAP, but requires client certificates, often involves building Public Key Infrastructure for
Server (AS) after open authentication.
certificate management.
WPA1 Uses TKIP (Temporary Key Integrity Protocol) as a stopgap measure for stronger encryption on WEP-
supporting hardware. TKIP is deprecated with known attacks. Some WPA devices support CCMP.
Encryption and Integrity
WPA2 Uses CCMP (Counter/CBC-MAC Protocol) with AES counter mode for encryption and CBC-MAC for
Message Integrity Check (MIC). Still secure with only theoretical attacks devised.
WPA3 Uses GCMP (Galois/Counter Mode Protocol) with AES counter mode for encryption and Galois
Message Authentication Code for MIC. Relatively fresh and considered the most secure.

Standard 2GHz 3GHz Speed

Physica 10BASE 10B 10GBA 10BAS 10BAS 100BAS 1000BASE- Physical layer standard Max speed Max range Medium
l layer -S ASE- SE-LR E-E E-T E-T T
standar LX 1000BASE-LX 1Gb/s 5km SM
d
100BASE-LX10 100Mb/s 10km SM
Max 10Gb/s 10Gb 10Gb/s 10Gb/s 10Mb/s 100Mb/s 1Gb/s
speed /s 1000BASE-LX10 1Gb/s 10km SM

Max 300m 400m 10km 30km 100m 100m 100m 1000BASE-ZX 1Gb/s 100km SM
range 10BASE-LR 10Gb/s 10km SM
Medium Multimo Multi Single Single UTP UTP Cat UTP Cat 5e 10BASE-ER 10Gb/s 30km SM
de fibre mode mode mode Cat 3 5
fibre fibre fibre 10BASE-S 10Gb/s 400km MM

Speed STP Cost RSTP Cost 10BASE-LX4 10Gb/s 300km MM

10 Mbps 100 2,000,000
100 19 200,000
Mbps
1 Gbps 4 20,000
10 Gbps 2 2,000
100 Gbps X 200
1 Tbps X 20

Ethernet Cables:
 0. Emergency
1. Alert
2. Critical
3. Error
4. Warning
5. Notification
6. Informational
7. Debug

Random Early Detection (RED) and Weighted

Random Early Detection (WRED) are congestion

avoidance mechanisms designed to avoid global
synchronisation.

For perspective, the following list

details some of the more common actions that a networking device does that fit into the
data plane:
■ De-encapsulating and re-encapsulating a packet in a data-link frame (routers, Layer 3
switches)
■ Adding or removing an 802.1Q trunking header (routers and switches)
■ Matching an Ethernet frame’s destination Media Access Control (MAC) address to the
 WLC interfaces:

● Management IP address: used to access the WLC’s web interface and SSH and to handle
management traffic (RADIUS authentication, NTP, syslog). Lightweight Aps connect to the
management IP address via CAPWAP.
The following list summarizes the terms that describe the roles of campus
switches: ● AP-manager interface: Communication with LAPs via Layer 3 Lightweight Access Point Protocol.
■ Access: Provides a connection point (access) for end-user devices. Does not
forward ● Redundancy management: Management IP for the backup WLC
frames between two other access switches under normal circumstances.
■ Distribution: Provides an aggregation point for access switches, providing
● Virtual interface: IP address facing wireless clients when they interact with WLC, e.g. when
connectivity
to the rest of the devices in the LAN, forwarding frames between switches, but relaying DHCP requests. For client mobility reasons, every WLC in the same mobility group (handling
not connecting roaming in the same network???) should have the same Virtual IP address.
directly to end-user devices.
■ Core: Aggregates distribution switches in very large campus LANs, providing ● Service Port IP Address: bound to service port
very high
forwarding rates for the larger volume of traffic due to the ize of the network. ● Dynamic interface: connects VLAN with a WLAN, used for client data, user-defined. Will also be
used for DHCP relay

MetroE: Metro Ethernet is Layer 2 Service.

MPLS: Multi-Protocol Layer Switching is Layer 3 Service. CE routers become

neighbours with their respective PE routers but not with each other. Provides QOS.

Ethernet over MPLS (EoMPLS) AKA Ethernet emulation – creates a separate