Professional Documents
Culture Documents
Ccna Cisco Commands Cheat Sheet
Ccna Cisco Commands Cheat Sheet
com/2013/09/16/ccna-cheat-sheet-part- 1/
Router Modes:
Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
Router(config)#: global configuration mode = Commands that affect the entire system
Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, aux…)
Configuring passwords:
2
SW1(config-line)# password cisco
3
SW1(config-line)# login
2
SW1(config-line)# password cisco
3
SW1(config-line)# login
1
Encrypting passwords:
Configuring banners:
2 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
4 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
5
3 SW1(config-if)# no shutdown
Saving configuration:
1
SW1# copy running-config startup-config
2
Destination filename [startup-config]? ! Press enter to confirm file
name.
3
Building configuration…
4
[OK]
5
6
! Short for write memory.
7
SW1# wr
8
Building configuration…
9
[OK]
2
Working environment:
name lookup, history, exec-timeout and logging behavior…, also valid for line con 0.
1
SW1(config)# no ip domain-lookup
2
SW1(config)# line vty 0 4
3
SW1(config-line)# history size 15
4
SW1(config-line)# exec-timeout 10 30
5
SW1(config-line)# logging synchronous
Aliases:
3
1
SW1(config)# alias exec c configure terminal
2
SW1(config)# alias exec s show ip interface brief
3
SW1(config)# alias exec sr show running-config
4
! The range keyword used to set a group of interfaces at once.
5
SW1(config)# interface range fastEthernet 0/5 – 10
6
SW1(config-if-range)# duplex full (options: half, full, auto)
Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
1 SW1# show version
Shows the configuration file stored in NVRAM which is used at first boot process.
1 SW1# show startup-config
Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned.
1 SW1# show ip interface brief
Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last
5 min traffic.
1 SW1# show interface vlan 1
Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
1 SW1# show interfaces status
4
Shows the public encryption key used for SSH.
1 SW1# show crypto key mypubkey rsa
Shows information about the leased IP address (when an interface is configured to get IP address via a
dhcp server)
1 SW1# show dhcp lease
The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently
connected hosts.
Configuring VLANs:
2
SW1(config-if)# switchport mode access
3
SW1(config-if)# switchport access vlan 10
3
SW1(config-if) #switchport access vlan 10
4
SW1(config-if) #switchport voice vlan 12
Configuring Trunks:
SW1(config)# interface fastEthernet 0/1
1
SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto, dynamic
2 desirable
3 SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remove, all,
except
6
Assign the port to an unused VLAN:
1 SW1(config-if)# switchport access vlan 222
Configuring VTP:
The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch
Lists all the trunk ports on a switch including the trunk allowed VLANs:
1 SW1# show interfaces trunk
Lists VTP configuration (mode, domain-name, version, etc) and revision number:
1 SW1# show vtp status
STP optimization:
7
Hard coding the root bridge (changing bridge priority):
1
SW1(config)# spanning-tree vlan 1 root primary
2
SW1(config)# spanning-tree vlan 1 root secondary
3
! Priority must be a multiply of 4096
4
SW1(config)# spanning-tree [vlan 1]priority 8192
Portfast and BPDU guard are enabled only on interfaces connected to end user hosts
Shows information about the directly connected cisco devices including interfaces names capabilities:
1 SW1# show cdp neighbors
Shows detailed information about the neighboring cisco devices including device address and version of IOS
they run:
1
SW1# show cdp neighbors detail
2
! OR
3
SW1# show cdp entry *
This section includes IOS commands that are absolutely identical on both routers and switches, except the part of line
aux 0 which is configured only on router because switches do not have an auxiliary port.
9
1 Router(config)# hostname R1
11
R1(config-line)# logging synchronous
12
R1(config-line)# exec-timeout 30 0
R1(config-line)# exit
13
R1(config)# line aux 0
14
R1(config-line)# password cisco
15
R1(config-line)# login
16
R1(config-line)# logging synchronous
17
R1(config-line)# exec-timeout 30 0
18
R1(config-line)# exit
19
R1(config)# banner motd $
20 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
22
$
23
R1(config)# alias exec c configure terminal
24
R1(config)# alias exec s show ip interface brief
25
R1(config)# alias exec sr show running-config
26
R1(config)# no ip domain-lookup
27
R1(config)# service password-encryption
10
28
29
R1(config)# ip domain-name example.com
30
R1(config)# username admin password cisco
31
R1(config)# crypto key generate rsa
32
How many bits in the modulus [512]: 1024
33
R1(config)# ip ssh version 2
34
R1(config)# line vty 0 4
35
R1(config-line)# login local
36
R1(config-line)# transport input telnet ssh
37
38
Clock rate is set only on the DCE side, typically the ISP side. On your router which is DTE you don’t need to set clocking.
1
R1(config)# interface fastEthernet 0/0
2
R1(config-if)# description LINK TO LOCAL LAN THROUGH SW1
3
R1(config-if)# ip address 172.16.1.1 255.255.255.0
4
R1(config-if)# no shutdown
5
R1(config-if)# exit
6
R1(config)# interface serial 0/1/0
7
R1(config-if)# description WAN CONNECTION TO R2
11
2 R1(config-if)# no shutdown
Static route:
Default Route:
RIPv2 Configuration:
1
R1(config)# router rip
2
R1(config-router)# version 2
3
R1(config-router)# network 10.0.0.0 ! written as an original class A
4
R1(config-router)# no auto-summary
5
R1(config-router)# passive-interface serial 0/0
RIPv2 Verification:
12
1 R1# show ip route
Shows detailed information about the route to the specified destination network:
1 R1# show ip route 10.1.1.1
OSPF Configuration:
Configure one or more network commands to identify which interfaces will run OSPF:
1 R1(config-router)# network 10.0.0.0 0.255.255.255 area 0
Impact routing choices by tuning interface cost using one of the following ways (Optional):
13
1 R1(config-if)# bandwidth 128 ! in Kbps
Changing the reference bandwidth that used by OSPF to calculate the cost:
OSPF verification:
Shows all neighboring routers along with their respective adjacency state:
1 R1# show ip ospf neighbors
14
Shows all the information contained in the LSDB:
1 R1# show ip ospf database
EIGRP Configuration:
Configure one or more network commands to enable EIGRP on the specified interfaces:
1 R1(config-router)# network 10.0.0.0
2 R1(config-router)# variance 4
EIGRP Authentication:
The key-string value and the mode must be the same on both routers. Lifetime options of the keys requires the clock of
15
the routers to be set correctly, better use NTP, or it can cause problems
16
Create an authentication key chain as follows:
1 R1(config-keychain)# key 1
1 R1(config-keychain-key)# key-string1stKEY
EIGRP Verification:
Lists statistics on numbers of EIGRP messages sent and received by the router:
1 R1# show ip eigrp traffic
17
[CCNA] Cisco Commands Cheat Sheet #4
Access Control Lists:
Enable the ACL on the chosen router interface in the correct direction (in or out):
1 R1(config-if)# ip access-group 2 out
2 R1(config-line)# access-class 99 in
Extended ACL matches packets based on source & des.IP addresses, protocol, source & des. Port
numbers andother criteria as well
1 R1(config)# access-list 101 remark MY_ACCESS_LIST
18
2 R1(config)# access-list 101 deny iphost 10.1.1.1 host 10.2.2.2
Named ACL:
Named ACLs use names to identify ACLs rather than numbers, and commands that permit or deny traffic
are written in a sub mode called named ACL mode (nacl).
Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing statements of
the ACL.
4
R1(config-ext-nacl)# permit ip any any
5
R1(config)# interface fastEthernet 0/1
6
R1(config-if)# ip access-group MY_EXTENDED_ACL in
19
2 R1(config-ext-nacl)# no 20 ! Deletes the statement of sequence
number 20
3
R1(config)# ip access-list standard 99
4
R1(config-std-nacl)# 5 deny 1.1.1.1 ! inserts a statement with
sequence 5
Verifying ACLs:
Shows all ACLs configured on a router with counters at the end of each statement:
1
R1# show access-lists
2
! OR
3
R1# show ip access-list
DHCP Server
Define network and mask to use in this pool and the default gateway:
1 R1(dhcp-config)# network 192.168.1.0 255.255.255.0
20
DHCP Verification and Troubleshooting:
Shows the status of the specified pool and the leased addresses from that pool:
1 R1# show ip dhcp pool POOL_1
Shows all the leased ip addresses from all configured DHCP pools:
1 R1# show ip dhcp binding
PPP Authentication:
CHAP:
Configure the hostname:
1 R1(config)# hostname ALPHA
Configure the name of the other end router and the shared password:
1 ! The password used is shared password, that means it must be the same on both
routers
PAP:
Configure the hostname:
1 R1(config)# hostname ALPHA
Configure the name of the other end router and the shared password:
1 ALPHA(config)# username BETA password XYZ
21
Enable PAP authentication on the interface and define the username and password to be sent by PAP:
1
ALPHA(config)# interface serial 0/0
2
ALPHA(config-if)# ppp authentication pap
3
ALPHA(config-if)# ppp pap sent-username ALPHA password XYZ
Useful for viewing the configuration of usernames and passwords used to authenticate PPP:
1 R1# show running-config
Frame Relay:
7
R2(config-if)# frame-relay map ip 1.1.1.3 201 broadcast
8
R3(config)# interface serial 0/0
23
11
R3(config)# interface serial 0/0
12
R3(config-if)# encapsulation frame-relay
13
R3(config)# interface serial 0/0.301 point-to-point
14
R3(config-subif)# ip address 2.2.2.2 255.255.255.0
15
R3(config-subif)# frame-relay interface-dlci 301
16
Lists messages about certain Frame Relay events, including Inverse ARP messaeges:
1 R1# debug frame-relay events
Static NAT:
Define the outside and inside interfaces:
1
R1(config)# interface serial 0/0
2
R1(config-if)# ip nat outside
3
R1(config)# interface FastEthernet 1/1
4
R1(config-if)# ip nat inside
24
1 R1(config)# ip nat inside source static 192.168.1.10 200.1.1.1
25
Dynamic NAT:
Define the outside and inside interfaces
3 <ul>
<li>The same as dynamic NAT with the use of the overload keyword at the end of NAT
4 statement:</li>
5 </ul>
6 <pre>
Useful in viewing the configuration of NAT pool and the inside and outside interfaces:
1 R1# show running-config
Shows counters for packets and NAT table entries, as well as basic configuration information:
1 R1# show ip nat stasitics
Issues a log message describing each packet whose ip address is translated with NAT:
26
1 R1# debug ip nat
Enjoy !
WildCard Mask:
It is just the reverse of the subnet mask:
0->Represents that there should be a
match. 1->Says no need to bother about the
match.
Now if you wanna tell the router that a route exists for the network 192.168.1.0/24 you will use subnet mask.
Eg: ip route 192.168.1.0 255.255.255.0 <next hop/exit int>
Now if you wanna tell the route to block this range/network using acl, you would use wildcard mask.
Eg: access-list 10 deny 192.168.1.0 0.0.0.255
To get the wildcard mask from a subnet mask, you just need to subtract each octet of the subnet mask with 255.
Eg;
Subnet mask: 255 . 255 . 128 . 0
Wildcard : 255-255 . 255-255 . 255-128 . 255-0 = 0.0.0.255
Regards,
Chandu
27