Scribd
Upload
12 views23 pages

Cisco Networking Commands Reference

The document is a comprehensive reference guide for Cisco networking commands, covering essential topics such as switch and router configuration, VLANs, routing protocols, and security settings. It includes command syntax and examples for various configurations like DHCP, ACLs, and STP. The guide serves as a valuable resource for network administrators to efficiently manage Cisco devices.

Uploaded by

edward
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views23 pages

Cisco Networking Commands Reference

The document is a comprehensive reference guide for Cisco networking commands, covering essential topics such as switch and router configuration, VLANs, routing protocols, and security settings. It includes command syntax and examples for various configurations like DHCP, ACLs, and STP. The guide serves as a valuable resource for network administrators to efficiently manage Cisco devices.

Uploaded by

edward
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cisco Networking Commands

Complete Reference Guide

Generated: February 06, 2026


Table of Contents
1. Basic Switch Configuration
2. Password and Security Configuration
3. Network Configuration
4. VLANs and Trunking
5. VTP (VLAN Trunking Protocol)
6. STP (Spanning Tree Protocol)
7. CDP (Cisco Discovery Protocol)
8. Router Configuration
9. Routing Protocols (RIP, OSPF, EIGRP)
10. Access Control Lists (ACLs)
11. DHCP Configuration
12. PPP Configuration
13. Frame Relay
14. Network Address Translation (NAT)
1. Basic Switch Configuration
Changing Switch Hostname
Switch(config)#hostname SW1
Sets the device hostname to 'SW1'. This name appears in the command prompt.

2. Password and Security Configuration


Enable Secret Password
SW1(config)#enable secret cisco
Sets encrypted (MD5 hash) privileged EXEC mode password. More secure than 'enable password'.

Enable Password (Clear Text)


SW1(config)#enable password notcisco
Sets unencrypted password. Use 'enable secret' instead for security.

Console Port Security


SW1(config)#line con 0
SW1(config-line)#password cisco
SW1(config-line)#login
Secures console access (physical connection) with password authentication.

Terminal Lines Security


SW1(config)#line vty 0 4
SW1(config-line)#password cisco
SW1(config-line)#login
Secures remote access (Telnet/SSH) on virtual terminal lines 0-4.

Password Encryption
SW1(config)#service password-encryption
Encrypts all plaintext passwords in the configuration file using Type 7 encryption.

Login Banner
SW1(config)#banner motd $
UNAUTHORIZED ACCESS IS PROHIBITED
$
Displays a message-of-the-day banner before login. Use delimiter ($) to mark start/end.

3. Network Configuration
Assign IP Address to Switch
SW1(config)#interface vlan 1
SW1(config-if)#ip address [Link] [Link]
SW1(config-if)#shutdown / no shutdown
Configures management VLAN 1 with IP address for remote access. Can also use DHCP with 'ip address dhcp'.

Default Gateway
SW1(config)#ip default-gateway [Link]
Sets default gateway for the switch to communicate with other networks.

Save Configuration
SW1#copy running-config startup-config
Saves running config to NVRAM so changes persist after reboot. Press Enter to confirm.

Write Memory (Alternative)


SW1#wr
Shorthand command to write configuration to memory.
4. VLANs and Trunking
Create VLAN
SW1(config)#vlan 10
SW1(config-vlan)#name SALES
Creates VLAN 10 and names it 'SALES'. VLANs segment broadcast domains.

Assign Interface to VLAN


SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
Configures interface as access port for VLAN 10. Devices connected will be in SALES VLAN.

Configure Trunk Port


SW1(config)#interface fastEthernet 0/1
SW1(config-if)#switchport mode trunk
Trunk links carry traffic for multiple VLANs between switches. Options: access, trunk, dynamic auto, dynamic desirable.

Configure Auxiliary VLAN (VoIP)


SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport access vlan 10
SW1(config-if)#switchport voice vlan 12
Allows IP phones to use VLAN 12 (voice) while PCs use VLAN 10 (data) on same port.

Allowed VLANs on Trunk


SW1(config)#interface fastEthernet 0/1
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan add 10
Restricts trunk to carry only specific VLANs. Options: add, remove, all, except.

5. VTP (VLAN Trunking Protocol)


VTP Mode Configuration
SW1(config)#vtp mode server
Modes: server (can create/modify/delete VLANs), client (receives updates), transparent (forwards but doesn't sync).
VTP Domain
SW1(config)#vtp domain EXAMPLE
Sets VTP domain name (case-sensitive). Switches must share same domain to exchange VLAN info.

VTP Password
SW1(config)#vtp password cisco
Optional password for VTP authentication. Must match across domain.

VTP Pruning
SW1(config)#vtp pruning
Prevents unnecessary VLAN traffic on trunk links. Only works on VTP servers.

VTP Version
SW1(config)#vtp version 2
Enables VTP version 2. All switches must use same version.
6. STP (Spanning Tree Protocol)
Set Root Bridge Priority
SW1(config)#spanning-tree vlan 1 root primary
Makes this switch the root bridge for VLAN 1. Root bridge priority must be multiple of 4096.

Set Secondary Root


SW1(config)#spanning-tree vlan 1 root secondary
Designates switch as backup root bridge.

Manual Priority Setting


SW1(config)#spanning-tree [vlan 1] priority 8192
Manually sets STP priority. Lower values = higher priority. Range: 0-61440 in increments of 4096.

STP Mode
SW1(config)#spanning-tree mode rapid-pvst
Sets STP mode. Options: mst, pvst, rapid-pvst (faster convergence).

PortFast and BPDU Guard


SW1(config-if)#spanning-tree portfast
SW1(config-if)#spanning-tree bpduguard enable
PortFast skips listening/learning states for end hosts. BPDU Guard disables port if BPDU received (prevents loops).

Port Cost
SW1(config-if)#spanning-tree [vlan 1] cost 25
Manually sets path cost for STP calculations. Lower cost = preferred path.

EtherChannel
SW1(config-if)#channel-group 1 mode on
Bundles multiple physical links into one logical link. Options: auto, desirable, on.

7. CDP (Cisco Discovery Protocol)


Enable CDP Globally
SW1(config)#cdp run
Enables CDP on the switch to discover directly connected Cisco devices.

Disable CDP on Interface


SW1(config-if)#no cdp enable
Disables CDP on specific interface (security best practice for edge ports).
8. Router Configuration
Basic Router Setup
Router configuration uses identical commands to switches for hostname, passwords, banners, etc. Key differences:

Router Interface Configuration


R1(config)#interface fastEthernet 0/0
R1(config-if)#description LINK_TO_LOCAL_LAN_THROUGH_SW1
R1(config-if)#ip address [Link] [Link]
R1(config-if)#no shutdown
Clock rate is set on DCE side for serial connections. Router interfaces are shutdown by default.

Serial Interface Configuration


R1(config)#interface serial 0/1/0
R1(config-if)#description WAN_CONNECTION_TO_R2
R1(config-if)#ip address [Link] [Link]
R1(config-if)#clock rate 128000
R1(config-if)#no shutdown
Clock rate only configured on DCE side. Typical ISP side. Check with 'show controllers' command.

Router-on-a-Stick (Inter-VLAN Routing)


R1(config)#interface fastEthernet 0/0
R1(config-if)#no shutdown
R1(config)#interface fastEthernet 0/0.10
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address [Link] [Link]
Subinterfaces route between VLANs using 802.1Q encapsulation.

9. Routing Protocols
Static Routes
R1(config)#ip route [Link] [Link] [Link]
Next-hop static route. Destination network, subnet mask, next-hop IP.

R1(config)#ip route [Link] [Link] Serial 0/0


Exit interface static route. Use for point-to-point links.
R1(config)#ip route [Link] [Link] [Link]
Default route (gateway of last resort). Matches any destination.

RIPv2 Configuration
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network [Link]
R1(config-router)#no auto-summary
R1(config-router)#passive-interface serial 0/0
RIP is distance-vector, hop-count metric (max 15). Networks specified by classful boundaries. Passive interface prevents
routing updates.

OSPF Configuration
R1(config)#router ospf 10
R1(config-router)#network [Link] [Link] area 0
R1(config-router)#network [Link] [Link] area 0
R1(config-router)#network [Link] [Link] area 1
OSPF uses process ID (locally significant) and wildcard masks. Link-state protocol with cost metric based on bandwidth.

OSPF Router ID
R1(config-router)#router-id [Link]
Manually sets router ID. Can also use loopback interface IP.

R1(config)#interface loopback 0
R1(config-if)#ip address [Link] [Link]
Loopback interfaces provide stable router IDs and never go down.

OSPF Cost Tuning


R1(config-if)#ip ospf cost 55
R1(config-if)#bandwidth 128
R1(config-router)#auto-cost reference-bandwidth 1000
Manually set interface cost or adjust reference bandwidth (in Mbps) for cost calculation.

OSPF Authentication
R1(config-if)#ip ospf authentication null
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 cisco
Type 0=none, Type 1=clear text, Type 2=MD5 (most secure).

OSPF Load Balancing


R1(config-router)#maximum-paths 6
Configure equal-cost multi-path routing (1-16 paths).
EIGRP Configuration
R1(config)#router eigrp 121
R1(config-router)#network [Link]
R1(config-router)#network [Link] [Link]
R1(config-router)#network [Link] [Link]
EIGRP is Cisco's advanced distance-vector (hybrid) protocol. AS number must match between routers.

EIGRP Authentication
R1(config)#key chain MY_KEYS
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 1stKEY
R1(config-if)#ip authentication mode eigrp 121 md5
R1(config-if)#ip authentication key-chain eigrp 121 MY_KEYS
Key-string and mode must match on both routers. Lifetime can be configured for key rotation.

EIGRP Tuning
R1(config-if)#ip hello-interval eigrp 121 3
R1(config-if)#ip hold-time eigrp 121 10
R1(config-if)#bandwidth 265
R1(config-if)#delay 120
Adjust hello/hold timers and metric calculation parameters. Bandwidth in Kbps, delay in tens of microseconds.

10. Access Control Lists (ACLs)


Standard ACL (1-99, 1300-1999)
R1(config)#access-list 1 remark ACL_TO_DENY_ACCESS_FROM_SALES_VLAN
R1(config)#access-list 2 deny [Link]
R1(config)#access-list 2 deny [Link] [Link]
R1(config)#access-list 2 permit [Link] [Link]
R1(config)#access-list 2 deny [Link] [Link]
R1(config)#access-list 2 permit any
Standard ACLs filter based on source IP only. Place close to destination. Implicit deny all at end.

Apply Standard ACL


R1(config)#interface fastEthernet 0/0
R1(config-if)#ip access-group 2 out
Apply ACL to interface in inbound (in) or outbound (out) direction.

Extended ACL (100-199, 2000-2699)


R1(config)#access-list 101 remark MY_ACCESS_LIST
R1(config)#access-list 101 deny ip host [Link] host [Link]
R1(config)#access-list 101 deny tcp [Link] [Link] any eq 23
R1(config)#access-list 101 deny icmp [Link] [Link] any
R1(config)#access-list 101 deny tcp host [Link] host [Link] eq 80
R1(config)#access-list 101 deny udp host [Link] eq 53 any
R1(config)#access-list 101 permit ip any any
Extended ACLs filter on source/dest IP, protocol, port. Place close to source. Options: H.H.H, sticky.

Named ACL
R1(config)#ip access-list standard MY_STANDARD_ACL
R1(config-std-nacl)#permit [Link] [Link]
R1(config-std-nacl)#deny [Link]
R1(config-std-nacl)#permit any
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip access-group MY_STANDARD_ACL out
Named ACLs allow editing with sequence numbers. Easier to manage than numbered ACLs.

Named Extended ACL


R1(config)#ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)#deny icmp [Link] [Link] any
R1(config-ext-nacl)#deny tcp host [Link] host [Link] eq 80
R1(config-ext-nacl)#permit ip any any
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip access-group MY_EXTENDED_ACL in
Extended named ACLs enable sequence number editing for insertion/deletion.

Edit ACL with Sequence Numbers


R1(config)#ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)#no 20
R1(config)#ip access-list standard 99
R1(config-std-nacl)#5 deny [Link]
Sequence numbers allow precise editing without rewriting entire ACL.
11. DHCP Configuration
Create DHCP Pool
R1(config)#ip dhcp pool MY_POOL
R1(dhcp-config)#network [Link] [Link]
R1(dhcp-config)#default-router [Link]
R1(dhcp-config)#dns-server [Link] [Link]
R1(dhcp-config)#lease 2
Configures DHCP server to assign IP addresses. Lease time in days.

Exclude Addresses
R1(config)#ip dhcp excluded-address [Link] [Link]
R1(config)#ip dhcp excluded-address [Link] [Link]
Prevents DHCP from assigning reserved/static IP addresses.

12. PPP Configuration


Basic PPP Setup
R1(config)#interface serial 0/0
R1(config-if)#encapsulation ppp
Changes encapsulation from HDLC (default) to PPP for serial links.

PPP CHAP Authentication


R1(config)#hostname ALPHA
ALPHA(config)#username BETA password XYZ
ALPHA(config)#interface serial 0/0
ALPHA(config-if)#ppp authentication chap
CHAP uses shared password for mutual authentication. More secure than PAP.

PPP PAP Authentication


R1(config)#hostname ALPHA
ALPHA(config)#username BETA password XYZ
ALPHA(config)#interface serial 0/0
ALPHA(config-if)#ppp authentication pap
ALPHA(config-if)#ppp pap sent-username ALPHA password XYZ
PAP sends username/password in clear text. Less secure than CHAP.
13. Frame Relay Configuration
Multipoint Frame Relay
R1(config)#interface serial 0/0
R1(config-if)#ip address [Link] [Link]
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay lmi-type ansi
R1(config-if)#frame-relay map ip [Link] 102 broadcast
R1(config-if)#frame-relay map ip [Link] 103 broadcast
Maps remote IP to DLCI. LMI types: ansi, cisco (default), q933a. Broadcast enables routing protocols.

Point-to-Point Frame Relay


R1(config)#interface serial 0/0
R1(config-if)#encapsulation frame-relay
R1(config)#interface serial 0/0.102 point-to-point
R1(config-subif)#ip address [Link] [Link]
R1(config-subif)#frame-relay interface-dlci 102
Subinterfaces create separate subnets per PVC. Point-to-point avoids split-horizon issues.
14. Network Address Translation (NAT)
Static NAT
R1(config)#interface serial 0/0
R1(config-if)#ip nat outside
R1(config)#interface FastEthernet 1/1
R1(config-if)#ip nat inside
R1(config)#ip nat inside source static [Link] [Link]
One-to-one mapping of private to public IP. Used for servers.

Dynamic NAT
R1(config)#access-list 3 permit [Link] [Link]
R1(config)#ip nat pool PUB [Link] [Link] netmask [Link]
R1(config)#ip nat inside source list 3 pool PUB
Maps inside addresses to pool of public IPs. First-come, first-served.

NAT Overload (PAT)


R1(config)#ip nat inside source list 3 pool PUB overload
Multiple inside addresses share one/few public IPs using port numbers. Most common type.
Verification Commands Reference
Switch/Router Status
show version
Hardware/software info, RAM, NVRAM, Flash, IOS

show running-config
Current active configuration in DRAM

show startup-config
Boot configuration in NVRAM

show history
Command history buffer

Interface Verification
show ip interface brief
Interface status, IP addresses (quick overview)

show interface vlan 1


Detailed info for specific VLAN interface

show interfaces description


All interface descriptions

show interfaces status


Physical status (connected/not, speed, duplex, trunk/access)

VLAN Verification
show interfaces if switchport
Administrative and operational VLAN settings

show interfaces trunk


Trunk ports and allowed VLANs

show vlan [brief|id|name|summary]


VLAN information and assignments

show vtp status


VTP mode, domain, revision

show vtp password


VTP password (if configured)
STP Verification
show spanning-tree
Detailed STP state for all VLANs

show spanning-tree interface fa0/2


STP info for specific port

show spanning-tree vlan 1


STP info for specific VLAN

show spanning-tree [vlan1] root


Root bridge information

show spanning-tree [vlan1] bridge


Local switch bridge info

show etherchannel 1
EtherChannel state

debug spanning-tree events


Real-time STP topology changes

CDP Verification
show cdp
CDP global information

show cdp interface fa0/2


CDP on specific interface

show cdp neighbors


Directly connected Cisco devices

show cdp neighbors detail


Detailed neighbor info with IOS version

show cdp entry *


Same as neighbors detail

show cdp entry SW2


Specific neighbor details

Routing Verification
show ip protocols
Running routing protocols

show ip route
Complete routing table

show ip route rip


RIP-learned routes only

show ip route [Link]


Route to specific destination

show ip route ospf


OSPF routes only

show ip ospf neighbors


OSPF neighbors and adjacency state

show ip ospf database


OSPF link-state database (LSDB)

show ip ospf interfaces serial 0/0


OSPF interface details

show ip route eigrp


EIGRP routes only

show ip eigrp neighbors


EIGRP neighbors and status

show ip eigrp topology


EIGRP topology table with successor/feasible successor

show ip eigrp interfaces


EIGRP-enabled interfaces

show ip eigrp traffic


EIGRP packet statistics

ACL Verification
show access-lists
All ACLs with hit counters

show ip access-list
IP ACLs only

show ip access-list 101


Specific ACL details

show ip interface f0/0


ACLs applied to interface
DHCP Verification
show ip dhcp pool POOL_1
Specific pool status and leases

show ip dhcp binding


All leased IP addresses

show ip dhcp conflict


IP conflicts detected

NAT Verification
show run
NAT configuration

show access-lists
ACL used for NAT

show ip nat stasitics


NAT table counters

show ip nat translations


Active NAT translations

show ip nat translations *


All dynamic NAT entries

debug ip nat
Real-time NAT translation messages

PPP Verification
show interface s0/0
Encapsulation type and control protocols

show run
PPP authentication configuration

debug ppp authentication


Real-time PPP authentication process

Frame Relay Verification


show interfaces serial 0/0
Encapsulation type

show frame-relay PVC


PVC status

show frame-relay map


DLCI to IP mappings

show frame-relay lmi


LMI status

debug frame-relay lmi


LMI message content

debug frame-relay events


Frame Relay events and Inverse ARP
Additional Notes & Best Practices
Command Modes
Remember the hierarchy: User EXEC (>) → Privileged EXEC (#) → Global Config → Specific Config modes. Use 'exit' to go
back one level, 'end' or Ctrl+Z to return to privileged EXEC.

Security Best Practices


Always use 'enable secret' over 'enable password'. Enable 'service password-encryption'. Disable unused interfaces. Use strong
passwords and consider AAA authentication.

ACL Guidelines
Standard ACLs: place close to destination. Extended ACLs: place close to source. Remember implicit 'deny all' at end. Use
remarks for documentation.

VLAN Best Practices


VLAN 1 is default and can't be deleted. Don't use VLAN 1 for user traffic. Use VTP transparent mode if you don't want VLAN
database synchronization.

Routing Protocol Selection


RIP: Small networks, easy config, slow convergence. OSPF: Large networks, fast convergence, scalable. EIGRP: Cisco-only,
fastest convergence, low bandwidth.

Documentation
Always add descriptions to interfaces. Use remarks in ACLs. Document VLANs with meaningful names. Keep configuration
backups.

Troubleshooting Sequence
1. Check physical layer (cables, LEDs). 2. Verify IP addressing/subnet masks. 3. Check routing/switching. 4. Verify ACLs. 5.
Test end-to-end connectivity.
End of Reference Guide

This guide provides a comprehensive reference for Cisco networking commands covering switches, routers, routing
protocols, VLANs, security, and more. For the most current information and additional details, consult Cisco's official
documentation.

You might also like