Cisco IOS Command List (Notes from ICND1 Scenario Specific Examples)

After a Cisco ICND1 refresher course (I did my CCNA back in 2005), a refresher of Cisco IOS commands.

Implementing the Initial Switch Configuration

enable – enters privileged EXEC mode.

configure terminal – enters global configuration mode.

hostname name – configures a hostname to the device.

interface interface slot/number – enters interface configuration mode for the specified interface.

ip address ip_address subnet_mask – configures an IP address with the specified subnet mask.

description name-string – an interface configuration command to describe or name an interface.

no shutdown – brings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.

ip default-gateway ip_address – set the default gateway of the switch.

show running-config – a privileged EXEC command to display the list of configuration commands that modify the default configuration of the system.

show interface status – displays the interface line status

Implementing the Initial Router Configuration

enable – enters privileged EXEC mode.

configure terminal – enters global configuration mode.

hostname name – configures a hostname to the device.

interface interface slot/number – enters interface configuration mode for the specified interface.

ip address ip_address subnet_mask – configures an IP address with the specified subnet mask.

description name-string – an interface configuration command to describe or name an interface.

no shutdown – brings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.

show running-config interface interface slot/number – privileged EXEC command to display the running configuration for a specific interface.

show interface status – displays the interface line status

show ip interface [type number] – displays the usability status of interfaces that are configured for IP.

Implementing Static Routing

enable – enters privileged EXEC mode.

configure terminal – enters global configuration mode.

interface interface slot/number – enters interface configuration mode for the specified interface.

ip address ip_address subnet_mask – configures an IP address with the specified subnet mask.

no shutdown – brings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.

ip route network-number network-mask {ip-address | interface} – sets as static route in the IP routing table.

Implementing Basic Numbered and Named ACLs

ip access-list {standard|extended} {access-list-name|access-list-number} – used in global configuration mode to define an IP access list by name or number.

permit source [source-wildcard] – used in ACL configuration mode to set conditions to allow a packed to pass a named IP ACL. To remove a permit condition from an ACL, use the no form of this command.

deny source [source-wildcard] – used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the no form of this command.

ping {hostname|system-address} [source source-address] – used in privileged EXEC mode to diagnose basic network connectivity.

Implementing PAT

ip address dhcp – used in interface configuration mode to acquire an IP address on an interface via DHCP

ip access-list {standard|extended} {access-list-name|access-list-number} – used in global configuration mode to define an IP access list by name or number.

permit source [source-wildcard] – used in ACL configuration mode to set conditions to allow a packed to pass a named IP ACL. To remove a permit condition from an ACL, use the no form of this command.

ip nat [inside|outside] – used in interface configuration mode to designate that traffic originating from or destined for the interface is subject to NAT.

ip nat inside source {list {access-list-number|access-list-name}} interface type number [overload] – used in global configuration mode to establish dynamic source translation. Use of the list keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The overload option enables the route to use one global address for many local addresses.

ip nat inside source static local-ip global-ip – used in global configuration mode to establish a static translation between an inside local address and an inside global address.

Troubleshooting VLANs and Trunks

vlan – creates VLAN and enters VLAN configuration mode for further definitions.

name – assigns a name to the VLAN. The length of the name can be from 1 to 32 characters.

switchport access vlan – sets the VLAN that the interface belongs to.

switchport trunk encapsulation dot1q – specifies 802.1Q encapsulation on the trunk link.

switchport mode trunk – puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link.

switchport access – assigns this port to a VLAN.

show vlan – displays VLAN information.

show vlan brief – displays VLAN information in brief.

show interfaces trunk – displays the trunk information on the switch.

ping – to diagnose basic network connectivity.

Implement Multiple VLANs and Basic Routing Between the VLANs

enable – enters privileged EXEC mode.

configure terminal – enters global configuration mode.

interface interface slot/number – enters interface configuration mode for the specified interface.

ip address ip_address subnet_mask – configures an IP address with the specified subnet mask.

vlan – creates VLAN and enters VLAN configuration mode for further definitions.

switchport mode {access|trunk} – configures the VLAN membership of a port. The access port is set to access unconditionally and operates as a nontrunking, single VLAN interface that sends and receives nonencapsulated (nontagged) frames. An access port can be assigned to only one VLAN. The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.

switchport trunk {encapsulation {dot1q}} – the command sets the trunk characteristics when the interface is in trunking mode. Sets the encapsulation format on the trunk port to IEEE 802.1Q. With this format, the switch supports simultaneous tagged and untagged traffic on a port.

encapsulation dot1q vlan-id – to define the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance, uses the encapsulation dot1q command in interface configuration mode.

show vlan – displays VLAN information.

Implementing a DHCP Server in a Cisco IOS Device

ip dhcp pool name – used in global configuration mode to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode.

domain-name domain – used in DHCP pool configuration mode to specify the domain name for a DHCP client.

network network-number [mask] – used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server.

ip dhcp excluded-address ip-address [last-ip-address] – used in global configuration mode to specify IP addresses that a DHCP server should not assign to DHCP clients.

ip helper-address address – used in interface configuration mode to enable forwarding of UDP broadcasts, including BOOTP, that are received on an interface.

default-router address [address2 ... address8] – used in DHCP pool configuration mode to specify the default router list for a DHCP client.

Implementing RIPv2

ip route prefix mask – uses the ip route command in global configuration mode to configure static routes. Prefix denotes IP route prefix for the destination and mask denotes prefix mask for the destination.

router rip – enables a RIP routing process which places you in router configuration mode.

network ip-address – associates a network with a RIP routing process.

version 2 – configures the software to receive and send only RIPv2 packets.

no auto-summary – disables automatic summarization.

default-information originate – generates a default route into RIP and uses the default-information originate command in router configuration mode.

passive-interface interface – specifying an interface name sets only this interface to passive RIP mode. In passive mode, RIP routing updates are accepted by, but not sent out of the specified interface.

show ip rip database – displays the contents of the RIP routing database.

Securing Device Administrative Access

line console 0 – changes the context to console configuration mode.

line vty 1st-vty 2nd-vty – changes the context to vty configuration mode for the range of vty lines listed in the command.

login – enables console and vty configuration mode; tells Cisco IOS Software to prompt for a password.

login local – enables console and vty configuration mode; tells Cisco IOS Software to prompt for a username and password to be changed against locally configured username global configuration commands on this switch or router.

password pass-value – enables console and vty configuration mode; lists the password that is required if the login command (with no other parameters) is configured.

username name password pass-value – enables the global command; defines one of possible multiple usernames and associated passwords that are used for user authentication. It is used when the login local line configuration command has been used.

enable – a user in user mode can gain access to enable mode by using the enable command.

enable password actual-password – if the enable password actual-password global configuration command is used, it defines the password that is required when using the enable EXEC command.

enable secret pass-value – enables the global command, sets the switch password that is required for any user to reach enable mode.

service password-encryption – the service password-encryption global configuration command directs Cisco IOS Software to encrypt the passwords, CHAP secrets, and similar data that are saved in its configuration file.

ip domain-name name – configures a DNS domain name with the ip domain-name name global configuration command.

crypto key generate rsa – enables the global command; creates and stores (in a hidden location in flash memory) the keys that are required by SSH.

transport input {telnet|ssh} – used in vty line configuration mode; defines whether telnet or SSH access, or both, is allowed into this switch. Both values can be configured on one command to allow both Telnet and SSH access (the default.)

access-list access-list-number {deny|permit} source [source-wildcard] – to define a standard IP access list, uses the standard version of the access-list command in global configuration mode.

access-class – restricts incoming and outgoing connections between a particular vty (into a Cisco device) and the address in an access list.

Implementing Device Hardening

ntp server ip-address – used in global configuration mode to allow the software clock to be synchronized by an NTP time server.

ntp peer ip-address – used in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peer.

interface type number – used in global configuration mode to enter configuration mode for an interface.

shutdown – used in interface configuration mode to shut down the interface.

vlan {vlan-id|vlan-range} – used in global configuration mode to add a VLAN and enter configuration mode for the VLAN.

name name – used in VLAN configuration mode to name a VLAN.

switchport access vlan vlan-id – used in interface configuration mode to assign the interface to a VLAN.

switchport port-security – used in interface configuration mode to enable port security on the interface.

switchport port-security maximum maximum – used in interface configuration mode to set the maximum number of secure MAC addresses on the port.

switchport port-security mac-address {mac-addr|{sticky [mac-addr]}} – used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The sticky option configures the MAC addresses as sticky on the interface.

switchport port-security violation {shutdown|restrict|protect} – used in interface configuration mode to set the action to be taken when a security violation is detected.

Configuring System Message Logging

logging ip address – configures the IP address of the host that will receive the system logging (syslog) messages.

logging trap level – to limit messages that are logged to the syslog servers based on severity, use the logging trap command in global configuration mode. The number or name of the desired severity level is which messages should be logged.

show logging – displays the state of system logging (syslog) and the contents of the standard system logging buffer. Use the show logging command in privileged EXEC mode.

Implement IPv6 Static Routing

ipv6 unicast-routing – used in global configuration mode to enable the forwarding of IPv6 unicast datagrams.

ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length} – used in interface configuration mode to configure an IPv6 address based on an IPv6 general prefix and to enable IPv6 processing on an interface.

show ipv6 route – used in user EXEC or privileged EXEC mode to display the current contents of the IPv6 routing table.

ipv6 route ipv6-prefix/prefix-length ipv6-address – used in global configuration mode to create static IPv6 routes. To remove a previously configured static route, use the no form of this command.

ipv6 address autoconfig [default] – used in interface configuration mode to enable automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface and to enable IPv6 processing on the interface. To remove the address from the interface, use the no form of this command.