Cisco IOS Commands

 1# Enter privileged EXEC mode
 2enable
 3
 4# Enter global configuration mode
 5configure terminal
 6
 7# Exit to previous mode
 8exit
 9
10# Exit to privileged EXEC
11end
12
13# Show current mode
14# (indicated by prompt: > user, # privileged, (config)# global config)

 1# Global configuration
 2Router(config)#
 3
 4# Interface configuration
 5Router(config)# interface gigabitethernet 0/1
 6Router(config-if)#
 7
 8# Line configuration (console, vty)
 9Router(config)# line console 0
10Router(config-line)#
11
12# Router configuration
13Router(config)# router ospf 1
14Router(config-router)#
15
16# VLAN configuration
17Switch(config)# vlan 10
18Switch(config-vlan)#

 1# Running configuration
 2show running-config
 3show run
 4
 5# Startup configuration
 6show startup-config
 7show start
 8
 9# Interfaces
10show interfaces
11show ip interface brief
12show interfaces status
13show interfaces gigabitethernet 0/1
14
15# IP routing
16show ip route
17show ip protocols
18
19# VLANs
20show vlan
21show vlan brief
22show vlan id 10
23
24# MAC address table
25show mac address-table
26show mac address-table dynamic
27
28# ARP table
29show arp
30show ip arp
31
32# Version and hardware
33show version
34show inventory
35
36# Logs
37show logging
38show log
39
40# CDP (Cisco Discovery Protocol)
41show cdp neighbors
42show cdp neighbors detail
43
44# LLDP (Link Layer Discovery Protocol)
45show lldp neighbors
46show lldp neighbors detail
47
48# Spanning Tree
49show spanning-tree
50show spanning-tree vlan 10

 1# Enter interface
 2interface gigabitethernet 0/1
 3
 4# Set IP address
 5ip address 192.168.1.1 255.255.255.0
 6
 7# Enable interface
 8no shutdown
 9
10# Disable interface
11shutdown
12
13# Description
14description "Uplink to Core Switch"
15
16# Speed and duplex
17speed 1000
18duplex full
19speed auto
20duplex auto
21
22# Access port (single VLAN)
23switchport mode access
24switchport access vlan 10
25
26# Trunk port (multiple VLANs)
27switchport mode trunk
28switchport trunk allowed vlan 10,20,30
29switchport trunk native vlan 1
30
31# Port security
32switchport port-security
33switchport port-security maximum 2
34switchport port-security mac-address sticky
35switchport port-security violation restrict

 1# Create VLAN
 2vlan 10
 3name Sales
 4exit
 5
 6# Delete VLAN
 7no vlan 10
 8
 9# Assign interface to VLAN
10interface gigabitethernet 0/5
11switchport mode access
12switchport access vlan 10
13
14# Inter-VLAN routing (router-on-a-stick)
15interface gigabitethernet 0/1.10
16encapsulation dot1Q 10
17ip address 192.168.10.1 255.255.255.0

1# IPv4 static route
2ip route 192.168.2.0 255.255.255.0 192.168.1.1
3
4# Default route
5ip route 0.0.0.0 0.0.0.0 192.168.1.1
6
7# IPv6 static route
8ipv6 route 2001:db8::/32 2001:db8::1

 1# Enable OSPF
 2router ospf 1
 3network 192.168.1.0 0.0.0.255 area 0
 4network 10.0.0.0 0.255.255.255 area 1
 5
 6# Set router ID
 7router-id 1.1.1.1
 8
 9# Passive interface
10passive-interface gigabitethernet 0/1
11
12# Show OSPF
13show ip ospf
14show ip ospf neighbor
15show ip ospf database

1# Enable EIGRP
2router eigrp 100
3network 192.168.1.0
4network 10.0.0.0 0.255.255.255
5
6# Show EIGRP
7show ip eigrp neighbors
8show ip eigrp topology

 1# Enable secret (encrypted)
 2enable secret MySecretPassword
 3
 4# Console password
 5line console 0
 6password MyConsolePassword
 7login
 8
 9# VTY (Telnet/SSH) password
10line vty 0 4
11password MyVTYPassword
12login
13
14# Encrypt passwords
15service password-encryption

 1# Set hostname and domain
 2hostname Router1
 3ip domain-name example.com
 4
 5# Generate RSA keys
 6crypto key generate rsa
 7# (choose key size, e.g., 2048)
 8
 9# Configure VTY for SSH
10line vty 0 4
11transport input ssh
12login local
13
14# Create user
15username admin privilege 15 secret AdminPassword
16
17# SSH version
18ip ssh version 2

 1# Standard ACL
 2access-list 10 permit 192.168.1.0 0.0.0.255
 3access-list 10 deny any
 4
 5# Extended ACL
 6access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
 7access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
 8access-list 100 deny ip any any
 9
10# Named ACL
11ip access-list extended WEB-TRAFFIC
12permit tcp 192.168.1.0 0.0.0.255 any eq 80
13permit tcp 192.168.1.0 0.0.0.255 any eq 443
14deny ip any any
15
16# Apply ACL to interface
17interface gigabitethernet 0/1
18ip access-group 100 in
19
20# Show ACLs
21show access-lists
22show ip access-lists

 1# Set spanning tree mode
 2spanning-tree mode rapid-pvst
 3
 4# Set priority (lower = preferred root)
 5spanning-tree vlan 10 priority 4096
 6
 7# PortFast (access ports only)
 8interface gigabitethernet 0/5
 9spanning-tree portfast
10
11# BPDU Guard
12spanning-tree portfast bpduguard default
13
14# Show spanning tree
15show spanning-tree
16show spanning-tree summary

 1# Ping
 2ping 192.168.1.1
 3ping 192.168.1.1 repeat 100
 4
 5# Traceroute
 6traceroute 8.8.8.8
 7
 8# Debug (use with caution!)
 9debug ip icmp
10debug ip routing
11undebug all  # Disable all debugging
12
13# Clear commands
14clear mac address-table dynamic
15clear arp-cache
16clear ip route *
17
18# Reload
19reload
20reload in 10  # Reload in 10 minutes
21reload cancel

 1# Save running config to startup config
 2copy running-config startup-config
 3write memory
 4wr
 5
 6# Backup config to TFTP
 7copy running-config tftp:
 8# (enter TFTP server IP and filename)
 9
10# Restore config from TFTP
11copy tftp: running-config

1# Erase startup config
2erase startup-config
3
4# Delete VLAN database (switches)
5delete flash:vlan.dat
6
7# Reload
8reload

 1# 1. Interrupt boot process (Ctrl+Break)
 2# 2. Change config register
 3confreg 0x2142
 4reset
 5
 6# 3. After boot, copy startup to running
 7copy startup-config running-config
 8
 9# 4. Change password
10enable secret NewPassword
11
12# 5. Restore config register
13config-register 0x2102
14
15# 6. Save and reload
16copy running-config startup-config
17reload