Professional Documents
Culture Documents
CCNA Command Cheat Sheet
CCNA Command Cheat Sheet
In this serie of 4-5 posts, we’ll try to create a simple Cisco Commands Cheat Sheet as a reference for
CCNA students.
Router Modes:
Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
Router(config)#: global configuration mode = Commands that affect the entire system
Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, aux…)
Configuring passwords:
SW1(config-line)# login
SW1(config-line)# login
Encrypting passwords:
Configuring banners:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SW1(config-if)# no shutdown
Saving configuration:
[OK]
SW1# wr
Building configuration…
[OK]
Working environment:
name lookup, history, exec-timeout and logging behavior…, also valid for line con 0.
SW1(config)# no ip domain-lookup
SW1(config-line)# exec-timeout 10 30
! You can set vty lines to use only telnet or only ssh or both as in the example.
Aliases:
Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
Shows the configuration file stored in NVRAM which is used at first boot process.
Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned.
1
Shows detailed information about the specified interface, its status, protocol, duplex, speed,
encapsulation, last 5 min traffic.
Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
Shows information about the leased IP address (when an interface is configured to get IP address via a
dhcp server)
Enjoy !
[CCNA] Cisco Commands Cheat Sheet #2
CCNA RnS, Cisco, Network September 19, 2013 Comments: 5
Continuing our Cisco Commands Cheat Sheet for CCNA students, this is our 2nd post.
The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of
the currently connected hosts.
Configuring Trunks:
SW1(config)# interface fastEthernet 0/1
1 SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto, dynami
2 desirable
3 SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remove, all,
except
Configuring VTP:
The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch
Lists all the trunk ports on a switch including the trunk allowed VLANs:
1 SW1# show interfaces trunk
Lists VTP configuration (mode, domain-name, version, etc) and revision number:
1 SW1# show vtp status
STP optimization:
Portfast and BPDU guard are enabled only on interfaces connected to end user hosts
Shows information about the directly connected cisco devices including interfaces names
capabilities:
1 SW1# show cdp neighbors
Shows detailed information about the neighboring cisco devices including device address and
version of IOS they run:
1 SW1# show cdp neighbors detail
2 ! OR
3 SW1# show cdp entry *
Enjoy !
Router basic configuration:
This section includes IOS commands that are absolutely identical on both routers and switches, except
the part of line aux 0 which is configured only on router because switches do not have an auxiliary port.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Router(config)# hostname R1
R1(config-line)# login
R1(config-line)# exec-timeout 30 0
R1(config-line)# exit
R1(config-line)# login
R1(config-line)# exec-timeout 30 0
R1(config-line)# exit
R1(config-line)# login
R1(config-line)# exec-timeout 30 0
R1(config-line)# exit
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
R1(config)# no ip domain-lookup
Clock rate is set only on the DCE side, typically the ISP side. On your router which is DTE you don’t need
to set clocking.
1
2
10
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config-if)# no shutdown
8
R1(config)# interface fastEthernet 0/0
R1(config-if)# no shutdown
Static route:
Default Route:
RIPv2 Configuration:
5
R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# no auto-summary
RIPv2 Verification:
Shows detailed information about the route to the specified destination network:
OSPF Configuration:
Configure one or more network commands to identify which interfaces will run OSPF:
Impact routing choices by tuning interface cost using one of the following ways (Optional):
Changing the reference bandwidth that used by OSPF to calculate the cost:
1
OSPF verification:
1
R1# show ip protocols
Shows all neighboring routers along with their respective adjacency state:
EIGRP Configuration:
Configure one or more network commands to enable EIGRP on the specified interfaces:
R1(config-router)# no auto-summary
R1(config-router)# maximum-paths 6
R1(config-router)# variance 4
EIGRP Authentication:
The key-string value and the mode must be the same on both routers. Lifetime options of the keys
requires the clock of the routers to be set correctly, better use NTP, or it can cause problems
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string1stKEY
EIGRP Verification:
Lists statistics on numbers of EIGRP messages sent and received by the router:
Enjoy !
[CCNA] Cisco Commands Cheat Sheet #4
CCNA RnS, Cisco, Network September 26, 2013 Comments: 3
Continuing our Cisco Commands Cheat Sheet for CCNA students, this is our 4th post.
Enable the ACL on the chosen router interface in the correct direction (in or out):
R1(config-if)# ip access-group 2 out
1
2 R1(config-line)# access-class 99 in
Extended ACL matches packets based on source & des.IP addresses, protocol, source & des. Port
numbers andother criteria as well
1 R1(config)# access-list 101 remark MY_ACCESS_LIST
2
R1(config)# access-list 101 deny iphost 10.1.1.1 host 10.2.2.2
3
R1(config)# access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
4
R1(config)# access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
5 R1(config)# access-list 101 deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
6 R1(config)# access-list 101 deny udphost 10.1.1.7 eq 53 any
Named ACL:
Named ACLs use names to identify ACLs rather than numbers, and commands that permit or
deny traffic are written in a sub mode called named ACL mode (nacl).
Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing
statements of the ACL.
Verifying ACLs:
Shows all ACLs configured on a router with counters at the end of each statement:
1 R1# show access-lists
2 ! OR
3 R1# show ip access-list
DHCP Server
Define network and mask to use in this pool and the default gateway:
1 R1(dhcp-config)# network 192.168.1.0 255.255.255.0
2 R1(dhcp-config)# default-router 192.168.1.1
Shows the status of the specified pool and the leased addresses from that pool:
R1# show ip dhcp pool POOL_1
1
Shows all the leased ip addresses from all configured DHCP pools:
R1# show ip dhcp binding
1
Enjoy !
[CCNA] Cisco Commands Cheat Sheet #5
CCNA RnS, Cisco, Network September 30, 2013 Comments: 12
Here is the last post in the Cisco Commands Cheat Sheet for CCNA students.
PPP Configuration:
PPP Authentication:
CHAP:
Configure the hostname:
R1(config)# hostname ALPHA
1
Configure the name of the other end router and the shared password:
! The password used is shared password, that means it must be the same on both
1 routers
2
ALPHA(config)# username BETA password XYZ
PAP:
Configure the hostname:
R1(config)# hostname ALPHA
1
Configure the name of the other end router and the shared password:
ALPHA(config)# username BETA password XYZ
1
Enable PAP authentication on the interface and define the username and password to be sent by
PAP:
1 ALPHA(config)# interface serial 0/0
2 ALPHA(config-if)# ppp authentication pap
3 ALPHA(config-if)# ppp pap sent-username ALPHA password XYZ
Useful for viewing the configuration of usernames and passwords used to authenticate PPP:
R1# show running-config
1
Frame Relay:
16
Lists messages about certain Frame Relay events, including Inverse ARP messaeges:
R1# debug frame-relay events
1
Static NAT:
Define the outside and inside interfaces:
1 R1(config)# interface serial 0/0
2 R1(config-if)# ip nat outside
3 R1(config)# interface FastEthernet 1/1
4 R1(config-if)# ip nat inside
Dynamic NAT:
Define the outside and inside interfaces
Create an ACL that determines the IP addresses thatare allowed to be translated:
R1(config)# access-list 3 permit 192.168.1.0 0.0.0.255
1
3 <ul>
4 <li>The same as dynamic NAT with the use of the overload keyword at the end of NAT
statement:</li>
5
</ul>
6 <pre>
7
Useful in viewing the configuration of NAT pool and the inside and outside interfaces:
R1# show running-config
1
Shows counters for packets and NAT table entries, as well as basic configuration information:
R1# show ip nat stasitics
1
Issues a log message describing each packet whose ip address is translated with NAT:
R1# debug ip nat
1
Enjoy !