Cisco Switch and Router Configuration Commands
Classified in Technology
Written at on English with a size of 11.45 KB.
User mode
Switch>
Enter Privilege mode
Switch>enable
Privileged mode
Switch#
Enter configuration mode
Switch#configure terminal
Global Config mode
Switch(config)#
Enter Interface mode
Switch(config)#interface fa0/1
Interface mode
Switch(config-if)
Return to global configuration
Switch(config-if)exit
Exit Global Config mode
Switch(config)#exit
Return to use mode
Switch#disable
Logout
Switch>exit
Keyboard Shortcuts
- Recall Previous command: Up arrow or p
- Recall Next command: Down arrow or n
- Beginning of command: a
- End of command: e
- Delete input: d
- Exit Configuration Mode: z
- Complete command: TAB
Device Configuration
Configure device system name: Switch(config)#hostname sw1
Sets the encrypted enable password: Switch(config)#enable secret cisco
Sets the unencrypted enable password: Switch(config)#enable password cisco
Enable password encryption on all clear text password within the configuration file: Switch(config)#service password-encryption
Configure a Message Of The Banner, with an ending character of $: Switch(config)#banner motd $
Assign IP address to vlan: Switch(config)#int vlan 1
Switch(config-if)#ip addr 172.22.1.11 255.255.255.0
Assign Default gateway, note the mode: Switch(config)#ip default-gateway 10.1.1.1
Select one interface: Switch(config)#int fa0/1
Select a range of interfaces (version dependant): Switch(config)#int range fa0/1 – 12
Set the interface description: Switch(config-if)#description
Add vlan using config mode: switch(config)#vlan 11 switch(config-vlan)#name test
Configure Interface fa0/1 @ speed 100 Mbps and full duplex: Switch(config-if)#speed 100 Switch(config-if)#duplex full
Assign interface to vlan: switch(config-if)#switchport access vlan 11
Enable Port Security: Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address sticky
Disable Interface: Switch(config-if)shutdown
Enable Interface: Switch(config-if)no shutdown
Configures 5 Telnet sessions each with a password of ‘cisco’: Switch(config)#line vty 0 4 Switch(config-line)#login Switch(config-line)#password cisco
Enable and define console password of ‘cisco’: Switch(config)#line con 0 Switch(config-line)#login Switch(config-line)#password cisco
Synchronise console messages (keep what you have typing on the screen): Switch(config-line)#logging synchronous
Set the timezone and automatically adjust: Switch(config)#clock timezone gmt 0 Switch(config)#clock summer-time gmt recurring
Sets the switch priority for the vlan. This combined with the switch mac address creates the switch BID: Switch(config)#spanning-tree vlan 1 priority 4096
Enables portfast: Switch(config)#int fa0/1 Switch(config-if)#spanning-tree portfast
Enables RSTP. Other options are, PVST and MST: Switch(config)#spanning-tree mode rapid-pvst
Creates a vlan. Note this now done in config mode not vlan database. Also note the ‘int vlan’ command does NOT create vlans: Switch(config)#vlan 2 Switch(config-vlan)#name sales
Assign an interface to vlan 2: Switch(config-if)#switchport access vlan 2
Unconditionally forces an interface into trunking. Other options are access and dynamic: Switch(config-if)#switchport mode trunk
Manually assign a switch to a VTP domain. A switch will automatically become part of a VTP domain if it’s currently in the ‘null’ domain and receives a VTP frame: Switch(config)#vtp domain lab
Changes the VTP mode from the default ‘server’ mode to client mode. In client mode no changes can be made: Switch(config)#vtp mode client
Enable the http server to SDM can be used: Router(config)#ip http server
Defines a username and password. The list can be used for many things from PPP authentication to user access: Router(config)#username sue password cisco
Defines a local host file. Like /etc/hosts in unix: Router(config)#ip host mypc 10.1.1.3
Disables DNS lookup. Useful when a command as been miss typed: Router(config)#no ip domain-lookup
Sets the logical (not physical) bandwidth of interface. This is used by routing protocols, SNMP queuing etc: Router(config)#int s0 Router(config-if)#bandwidth
Sets the physical clock: Router(config-if)#clock rate 64000
Set the serial interface WAN encapsulation. Other options are PPP or frame-relay: Router(config-if)#encapsulation hdlc
Authentication on PPP is optional. This command enable chap on the interface. Other option PAP: Router(config-if)#ppp authentication chap
Defines the type of LMI being used. If left un- configured the correct LMI type should be automatically detected: Router(config-if)#frame-relay lmi-type cisco
Defines a static route. Renumber static routes have an admin distance of 1. Therefore will over ride any dynamic routing: Router(config)#ip route 50.0.0.0 255.0.0.0 10.1.2.1
Enables RIP version 1 on all LOCAL interfaces which have a 10.x.x.x address: Router(config)#router rip Router(config-router)#network 10.0.0.0
Enables RIP version 2: Router(config-router)#version 2
Enable the router to provide a DHCP service: Router(config)#ip dhcp pool MYPOOL Router(dhcp-config)#network 10.1.1.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.1.1 Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 10.1.1.1 10.1.1.99
Changes the config register which controls what the router does when the router boots: Router(config)#config-register 0x2102
Creates a logical sub interface below the physical interface
Enables 802.1q trunking on the interface
Define the ip address: Router(config)#int fa0/0.1 Router(config-subif)#encapsulation dot1Q 1 Router(config-subif)#ip address 10.1.1.1 255.255.255.0
Enable OSPF on any local interface which start with the ip address 10.1.x.x. Note the inverted mask: Router(config-)#router ospf 1 Router(config-router)#network 10.1.0.0 0.0.255.255 area 0
EIGRP can be configured in a similar way to RIP or the mask option could be used: Router(config)#router eigrp 1 Router(config-router)#network 172.16.0.0 Or Router(config-router)#network 172.16.2.0 0.0.0.255
Defines a standard ACL. Standard ACL use number 1-99: Router(config)#access-list 1 permit 172.16.1.1
Defines an Extended ACL. The first address is the source IP address: Router(config)#access-list 101 deny tcp host 172.16.1.1 host 172.16.2.1 eq telnet Router(config)#access-list 101 permit ip any any
Use the group command to attach an ACL to an interface. is used under an interface if the ACL is to filter traffic: Router(config)#interface fa0/0 Router(config-if)#ip access-group 1 out
An example using named ACL in stead of numbers: Router(config)#ip access-list extended my_list Router(config-ext-nacl)# deny tcp host 172.16.1.1 host 172.16.2.1 eq ftp Router(config-ext-nacl)# permit ip any any
Attaching a named ACL to an interface: Router(config)#int fa0/0 Router(config-if)#ip access-group my_list in
Configuring a static NAT to allow a server to be access via the Internet, using the IP address on interface s0/0/1: Router(config)#ip nat inside source static 10.1.1.2 interface s0/0/1
Defining interface which NAT takes place between: Router(config)#int fa0/0.1 Router(config-if)#ip nat inside
Enables RIPng: Router(config)#ipv6 unicast-routing ROuter(config)#ipv6 router rip ccna Router(config)#int s0/0/0 Router(config-if)#ipv6 rip ccna enable
Privilege Commands
Manually starts the setup dialog which is automatically invoked when the device starts with no config: Switch#setup
Displays the config held in DRAM. Which is lost if not copy run start command is not used: Switch#show running-config
Displays the NVRAM (None volatile) config: Switch#show startup-config
Saves the config. Without this command all changes/configuration will be lost: Switch#copy running-config startup-config
Saves the running config to a TFTP server: Switch#copy running-config tftp
Copies IOS files to a TFTP server: Switch#copy flash tftp
Copies files from a TFTP server the device flash: Switch#copy tftp flash
Erase the config held in NVRAM. If this is followed with the reload command all configuration is lost: Switch#erase startup-config
Reboots the device: Switch#reload
Abort sequence: 6
Suspend Telnet Session: 6(then let all keys go, then)x
Show the current sessions. The one with a * is your active session: Switch#show sessions
Forcible closes a telnet session: Switch#disconnect
Set the device local clock. Note this is not done in config mode: Switch#clock set 10:00:00 april 2 2008
Display the IOS version along with other useful info e.g sys uptime, config register etc: Switch#show version
Displays the file contents of the flash: Switch#show flash
Displays the clock: Switch#show clock
Displays the users currently logged on: Switch#show users
By default displays the last 10 commands: Switch#show history
Displays the ARP cache: Switch#show arp
Displays the spanning tree status on vlan 1: Switch#show spanning-tree vlan 1
Lists all the configured vlans: Switch#show vlan
Displays VTP info such as VTP mode, VTP domain, VTP counter: Switch#sh vtp status
Ping selected address: Switch#ping 10.1.1.1
Extended ping. Must be in privilege mode: Switch#ping
Display the interface status: Switch#show int fa0/1
Displays the vlan status and the IP address VLAN 1 (often the management vlan): Switch#show interfaces vlan 1
Displays a list of CDP neighbours: Switch#show cdp neighbors
Extended information on the above: Switch#show cdp neighbors details
Display CDP packets as they arrive: Switch#debug cdp packets
Display ping packets as they arrive: Switch#debug icmp packets
Display switch MAC Addresses table. These entries are learnt from the source mac address in the Ethernet frames: Switch#show mac address-table
Displays the interface operational status and IP addresses for all router interfaces: Router#show ip interface brief
Displays all the configured routing protocols: Router#show ip protocols
Displays the IP routeing table: Router#show ip route
Displays the NAT translations: Router#show ip nat translations
Displays the physical cable DTE/DCE, x.21, V.35, RS232 configuration: Router#show controllers s 0
Displays the end-to-end status. Recall that ‘show interface’ does not: Router#show frame-relay pvc
Displays the type of LMI and the number LMI frames: Router#show frame-relay lmi
Displays the frame relay inverse ARP table: Router#show frame-relay map
To be come neighbours both the local and remote interface must be correctly configured. Router#show ip ospf neighbor
If adjacent routers don’t become neighbours. Then use the command to check the local router interface is configured correctly: Router#show ip ospf interface
Same information as the above OSPF commands but with EIGRP. Remember that AS numbers MUST match: Router#show ip eigrp neighbor
Same information as the above OSPF commands but with EIGRP: Router#show ip eigrp interface
IPv6 ping. Recall that :: means all zero in between: Router#ping 2000:1000:500:3::1