Show Menu
Cheatography
  1. Home >
  2. Cheat Sheets >

Cisco IOS R&S Commands Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Core Modes

Mode
Syntax
Descri­ption
User
 
N/A
Default landing space
Privileged (from User)
 
{ enable }
Turn on privileged commands.
Global (from Privil­eged)
 
{ configure terminal }
Configure from the terminal.
Interface (from Global)
 
{ interface <in­ter­fac­e> <#/­#> }
Select an interface to configure.
  
{ interface range <in­ter­fac­e> <#/­#-#> }
Select a range of interfaces to configure.
Line (from Global)
 
{ line console <#> }
Configure primary terminal line.
  
{ line vty <#> <#> }
Configure virtual terminal line.

Base Config­uration

Mode
Syntax
Descri­ption
Global
* 
{ no ip domain­-lookup }
Configure no IP DNS hostname transl­ation.
  
{ hostname <na­me> }
Configure system's network name.
  
{ banner motd & <me­ssa­ge> & }
Configure a login MOTD banner.
  
{ enable secret <pa­ssw­ord> }
Configure privileged level encrypted password.
  
{ service passwo­rd-­enc­ryption }
Encrypt system passwords.
Interface
 
{ ip address <ip> <su­bne­t> }
Configure IP address of an interface.
  
{ no shutdown }
Configure interface port status up.
Line - Console
* 
{ logging synchr­onous }
Configure synchr­onised message output.
  
{ password <pa­ssw­ord> }
Configure password.
  
{ login }
Enable password checking.
Line - VTY
 
{ password <pa­ssw­ord> }
Configure password.
  
{ login }
Enable password checking.
* Optional or altern­ative comman­d(s).

Show Commands

Device & Mode
Syntax
Descri­ption
Universal - Privileged
 
{ show access­-lists }
Display access lists
  
{ show arp }
Display ARP table.
  
{ show cdp }
Display CDP info.
  
{ show clock }
Display system clock.
  
{ show dhcp }
Display DHCP status.
  
{ show flash }
Display flash file system info.
  
{ show history }
Display session command history.
  
{ show interfaces }
Display interface status and config.
  
{ show ip interface brief }
Display brief summary of IP status and config.
  
{ show ip dhcp <...> }
Display items in the DHCP database.
  
{ show logging }
Display the contents of logging buffers.
  
{ show port-s­ecurity interface <in­ter­fac­e> <#/­#> }
Display port security config.
  
{ show runnin­g-c­onfig }
Display running config.
  
{ show sessions }
Display info about Telnet connec­tions.
  
{ show startu­p-c­onfig }
Display start-up config.
  
{ show ssh }
Display status of SSH server connec­tions.
  
{ show users }
Display info about virtual terminal lines.
  
{ show version }
Display system hardware and software status.
Router - Privileged
 
{ show ip route }
Display IP routing table.
  
{ show ip nat }
Display IP NAT info.
  
{ show ip <bg­p/e­igr­p/o­spf­/ri­p> }
Display info on selected protocol.
  
{ show protocols }
Display active network routing protocols.
Switch - Privileged
 
{ show dtp }
Display DTP info.
  
{ show etherc­hannel }
Display etherc­hannel info.
  
{ show mac }
Display MAC config.
  
{ show mac-ad­dre­ss-­table }
Display MAC forwarding table.
  
{ show vlan }
Display VTP VLAN status.
  
{ show vtp }
Display VTP info.
To enable typing of privileged level commands in any mode, use 
{ do <e.g. show comman­d> }
.

How To: Clear Device Config­ura­tions

Device & Mode
Syntax
Descri­ption
Universal - Privileged
 
{ erase startu­p-c­onfig }
Erase contents of config memory.
  
{ write erase }
Erase NV memory.
Switch - Privileged
 
{ delete flash:vlan dat }
Delete the VLAN database.

How To: Configure ACLs

Mode
Syntax
Descri­ption
Global
* 
{ access­-list <#> <pe­rmi­t/d­eny> <ip> <wc mask> }
Add an ACL entry.
  
{ ip access­-list <ty­pe> <ac­l_n­ame> }
Configure named ACL.
  
{ <pe­rmi­t/d­eny> <ip> <wc mask> }
Specify packets to forwar­d/r­eject.
  
{ exit }
Return to Global mode.
 
 
* 
{ interface <in­ter­fac­e> <#/­#> }
 
* 
{ interface range <in­ter­fac­e> <#/­#-#> }
Interface
 
{ ip access­-group <ac­l_n­ame> <in­/ou­t> }
Assign specified ACL to interface inboun­d/o­utbound traffic.
 
  
{ line <li­ne> <#> <#> }
Line - VTY
 
{ access­-class <AC­L_n­ame> <in­/ou­t> }
Assign specified ACL to line inboun­d/o­utbound traffic.
 
Global
 
{ ip access­-list resequence <ac­l_n­ame> <st­art­_#> <in­cre­men­t_#> }
Configure ACL resequ­ence.
  
{ <en­try­_#> }
* Optional or altern­ative comman­d(s).

How To: Configure Default Route

Mode
Syntax
Descri­ption
Global
 
{ ip route 0.0.0.0 0.0.0.0 <is­p_d­efa­ult­_ga­tew­ay> }
  
{ ip defaul­t-n­etwork <is­p_d­efa­ult­_ga­tew­ay> }

How To: Configure DHCP

Mode
Syntax
Descri­ption
Global
 
{ ip dhcp exclud­ed-­address <low ip> <high ip> }
Configure prevent DHCP from assigning certain addresses.
  
{ ip dhcp pool <pool name> }
Configure DHCP address pools.
  
{ network <ip> <su­bne­t> }
Specify network to provide DHCP service for.
  
{ defaul­t-r­outer <ga­teway ip> }
Configure default router (gateway).
  
{ dns-server <dns ip> }
Configure DNS servers.
  
{ exit }
 
  
{ interface <in­ter­fac­e> <#/­#> }
Interface
 
{ ip helper­-ad­dress <dh­cp_­ser­ver­_ip> }
Configure DHCP relay.
The IP address range 169.25­4.#.# indicates Microsoft Automatic Private Addres­sing, which indicates a possible DHCP problem.
To release a DHCP assigned IP address, type 
{ ipconfig /release }
command in Windows CLI.
To renew a DHCP assigned IP address, type 
{ ipconfig /renew }
command in Windows CLI.

How To: Configure IPv6

Mode
Syntax
Descri­ption
Global
 
{ ipv6 unicas­t-r­outing }
Enable IPv6 unicast routing.
Interface
 
{ ipv6 address <gl­oba­l_p­ref­ix:­sub­net­_id­:in­ter­fac­e_i­d/m­ask> }
Configure IPv6 address.

How To: Configure L3 Switching

Mode
Syntax
Descri­ption
Global
 
{ ip routing }
Enable routing on the switch.
  
{ interface vlan <#> }
Select catalyst VLAN.
Interface
 
{ ip address <ip> <su­bne­t>}
Configure IP address of VLAN.
  
{ no shutdown }
Configure interface port status up.

How To: Configure NAT

 

How To: Configure Port Security

Mode
Syntax
Descri­ption
Global
 
{ interface <in­ter­fac­e> <#/­#> }
 
* 
{ interface range <in­ter­fac­e> <#/­#-#> }
Interface
 
{ switchport mode access }
Configure interface port to access mode.
  
{ switchport port-s­ecurity }
Enable interface port security.
  
{ switchport port-s­ecurity mac-ad­dress <?> }
Configure secure mac addresses.
  
{ switchport port-s­ecurity maximum <?> }
Configure maximum secure addresses.
  
{ switchport port-s­ecurity violation <?> }
Configure security violation mode.
* Optional or altern­ative comman­d(s).

How To: Configure RIPv2

Mode
Syntax
Descri­ption
Global
 
{ router <pr­oto­col> }
Configure routing protocol.
  
{ version <#> }
Configure version.
  
{ network <ne­twork ip> }
Specify network.
 
* 
{ no auto-s­ummary }
Disable auto-s­ummary.
* Optional or altern­ative comman­d(s).

How To: Configure ROAS

Device & Mode
Syntax
Descri­ption
Router - Global
 
{ interface <in­ter­fac­e> <#/­#.#> }
Router - Interface
 
{ encaps­ulation dot1q <vlan #> }
Configure IEEE 802.1Q.
  
{ ip address <ip> <su­bne­t> }
Configure IP address.
Switch - Global
 
{ interface <in­ter­fac­e> <#/­#> }
Switch - Interface
 
{ switchport trunk encaps­ulation dot1q }
Configure trunking charac­ter­istics. (older models)
  
{ switchport mode trunk }
Configure trunking mode of the interface.
  
{ switchport nonego­tiate }
Configure disable engagement in negoti­ation protocol.
Good practice to correlate VLAN- and sub-in­terface numbers.
The VLAN will have the first address on the sub-in­terface network.
VLAN members to use sub-in­terface IP address as default gateway.

How To: Configure SSH

Mode
Syntax
Descri­ption
Global
 
{ ip domain­-name <do­mai­n> }
Define default domain.
  
{ crypto key generate rsa }
Generate RSA crypto key.
  
{ username <us­er> secret <pa­ssw­ord> }
Establish User Name authen­tic­ation.
Line - VTY
 
{ login local }
Enable local password checking.
  
{ transport input <pr­oto­col­s> }
Define transport protocols for line.

How To: Configure Static Route

Mode
Syntax
Descri­ption
Global
 
{ ip route <de­sti­nat­ion> <su­bne­t> <ga­tew­ay> <ad­_#> }
Configure static route and assign AD.

How To: Configure Switch Management Interface

Mode
Syntax
Descri­ption
Global
 
{ interface <vl­an> <#> }
Select native VLAN.
  
{ ip address <ip> <su­bne­t> }
Configure IP address of VLAN.
  
{ no shutdown }
Configure interface port status up.

How To: Configure VLANs

Mode
Syntax
Descri­ption
Global
 
{ vlan <#> }
Create VLAN.
  
{ name <na­me> }
Configure VLAN name.
Interface
 
{ descri­ption <de­scr­ipt­ion> }
Configure interface descri­ption.
  
{ switchport mode access }
Configure interface port to access only one VLAN
  
{ switchport access vlan <#> }
Allocate interface port to VLAN.
  
{ no shutdown }
Configure interface port status up.
Good practice to correlate VLAN- and interface numbers.