Useful Cisco Commands for configuring and troubleshooting

What is Cisco command and how it is used?

Cisco IOS command line interface shortly called as Cisco commands is a user interface (UI) used for configuring, analysing, and maintaining Cisco devices such as routers, and switches. By using these commands, we can easily implement Cisco IOS commands by using terminal, router console or even from remote location.

Some useful Cisco commands

Here, we are discussing about top 5 fundamental commands of Cisco administrator. The below commands are very useful to collect information and save changes on Cisco routers.

The following commands need to memorize if you are going to be a Cisco networking engineer.

IOS command #1: Show running-config

Show running-config is considered as the most useful Cisco show commands. You can gather information about the router’s entire configuration by using these commands. You can get information by using simple IOS command. You can get information such as IP addresses, passwords, interfaces, routing protocols, etc. This comment only worked when the cisco router in Privileged EXEC mode.

We can abbreviate the command as "sh run or wr t."

IOS command #2: Show IP interface brief

Show interface command will give you a lot of information about the interfaces of routers. We can gather information like is interface up, what IP address assigned etc. Both User EXEC and Privileged EXEC modes support the Show interface.

We can abbreviate the command as “sh ip int brie”.

IOS command #3: Show IP route

Routers either statically or dynamically learn about networks and save the optimum path to those networks in their routing table. Once you’ve confirmed that your interfaces are operational and that you’ve saved your configuration, check to see if your router has convergence, which implies it has accurate network reachability information. The show IP route command displays every known connection and destination network, as well as the mechanism used to learn about them, the next-hop IP address, and the local interface used to connect to them. Both User-EXEC and Privileged EXEC modes are supported by this command.

Can be abbreviated this command as “sh ip ro”.

IOS command #4: Copy running-config start up-config

It’s critical to remember to save changes to the router’s configuration after you’ve made them. This command replicates the modified active running configuration in RAM to the start-up configuration in flash memory. The configuration will be saved when the router is shut off and restarted if it is copied into flash. Only Privileged EXEC mode can be used with this command.

Wr is the shortcut term for using this command (wr means write memory).

IOS command #5: Show interfaces

It’s critical to understand the several types of interfaces on your router, as well as essential data and whether they’re up or down. The display interfaces command is an extremely verbose command that outputs a large amount of information. You may have to sift through the output to discover what you’re searching for; the output from this command includes just about everything related to interfaces, such as interface type, speed, IP address, and faults on the interface. Both User EXEC and Privileged EXEC modes are supported by this command.

Can be abbreviated this command “sh int”.

Basic Configuration Commands

Command Purpose
enable It allows you to enter into the enable mode. It is also called user exec or privileged mode.
configure terminal Allows you to enter into the configuration mode
interface FastEthernet/number For the chosen fast ethernet interface, enter interface configuration mode.
reload To reboot Cisco router or switch
hostname name To set a host name
copy from-location to-location Command copies files from one location to another
copy running-config startup-config An enable mode command that saves the active config, replacing the startup-config when a Cisco network device initializes
copy startup-config running-config An enable mode command that merges the startup-config with the currently active config in RAM
write erase erase startup-config An enable mode command that deletes the startup config
IP address IP-address mask Assigns an IP address and a subnet mask
shutdown no shutdown Used in interface configuration mode. “Shutdown” shuts down the interface, while “no shutdown” brings up the interface.
ip default-gateway ip_address Sets the default gateway on a Cisco device
show running-config An enable mode command that displays the current configuration
description name-string A config interface command to describe or name an interface
show running-config interface interface slot/number An enable mode command to display the running configuration for a specific interface
show ip interface [type number] Displays the usability status of interfaces that are configured for IP
ip name-server serverip-1 serverip-2 A configure mode command that sets the IP addresses of DNS servers

Troubleshooting Commands

Command Purpose
ping {hostname system-address} [source source-address] Used in enable mode to diagnose basic network connectivity
speed {10/ 100/ 1000/ auto} An interface mode command that manually sets the speed to the specified value or negotiates it automatically
duplex {auto full half} An interface mode command that manually sets duplex to half, full or auto
cdp run no cdp run A configuration mode command that enables or disables Cisco Discovery Protocol (CDP) for the device
show mac address-table Displays the MAC address table
show cdp Shows whether CDP is enabled globally
show cdp neighbors[detail] Lists summary information about each neighbor connected to this device; the “detail” option lists detailed information about each neighbor
show interfaces Displays detailed information about interface status, settings and counters
show interface status Displays the interface line status
show interfaces switchport Displays a large variety of configuration settings and current operational status, including VLAN trunking details.
show interfaces trunk Lists information about the currently operational trunks and the VLANs supported by those trunks
show vlan show vlan brief Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks
show vtp status Lists the current VTP status, including the current mode

Routing and VLAN Commands

Command Purpose
ip route network-number network-mask {ip-address interface} Sets a static route in the IP routing table
router rip Enables a Routing Information Protocol (RIP) routing process, which places you in router configuration mode
network ip-address In router configuration mode, associates a network with a RIP routing process
version 2 In router configuration mode, configures the software to receive and send only RIP version 2 packets
no auto-summary In router configuration mode, disables automatic summarization
default-information originate In router configuration mode, generates a default route into RIP
passive-interface interface In router configuration mode, sets only that interface to passive RIP mode. In passive RIP mode, RIP routing updates are accepted by, but not sent out of, the specified interface.
show ip rip database Displays the contents of the RIP routing database
ip nat [inside outside] An interface configuration mode command to designate that traffic originating from or destined for the interface is subject to NAT
ip nat inside source {list{access-list-number access-list-name}} interface type number[overload] A configuration mode command to establish dynamic source translation. Use of the “list” keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The “overload” option enables the router to use one global address for many local addresses.
ip nat inside source static local-ip global-ip A configuration mode command to establish a static translation between an inside local address and an inside global address
vlan Creates a VLAN and enters VLAN configuration mode for further definitions
switchport access vlan Sets the VLAN that the interface belongs to.
switchport trunk encapsulation dot1q Specifies 802.1Q encapsulation on the trunk link.
switchport access Assigns this port to a VLAN
vlan vlan-id [name vlan-name] Configures a specific VLAN name
switchport mode { access trunk } Configures the VLAN membership mode of a port. The access port is set to access unconditionally and operates as a non-trunking, single VLAN interface that sends and receives non-encapsulated (non-tagged) frames. An access port can be assigned to only one VLAN.The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.
switchport trunk {encapsulation { dot1q } Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port.
encapsulation dot1q vlan-id A configuration mode command that defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance

DHCP Commands

Command Purpose
ip address dhcp A configuration mode command to acquire an IP address on an interface via DHCP
ip dhcp pool name A configuration mode command to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode
domain-name domain Used in DHCP pool configuration mode to specify the domain name for a DHCP client
network network-number [mask] Used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server
ip dhcp excluded-address ip-address [last-ip-address] A configuration mode command to specify IP addresses that a DHCP server should not assign to DHCP clients
ip helper-address address An interface configuration mode command to enable forwarding of UDP broadcasts, including BOOTP, received on an interface
default-router address[address2 … address8] Used in DHCP pool configuration mode to specify the default router list for a DHCP client

Security Commands

Command Purpose
password pass-value Lists the password that is required if the login command (with no other parameters) is configured
username name password pass-value A global command that defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used.
enable password pass-value A configuration mode command that defines the password required when using the enable command
enable secretpass-value A configuration mode command that sets this Cisco device password that is required for any user to enter enable mode
service password-encryption A configuration mode command that directs the Cisco IOS software to encrypt the passwords, CHAP secrets, and similar data saved in its configuration file
ip domain-name name Configures a DNS domain name
crypto key generate rsa A configuration mode command that creates and stores (in a hidden location in flash memory) the keys that are required by SSH
transport input {telnet ssh} Used in vty line configuration mode, defines whether Telnet or SSH access is allowed into this switch. Both values can be specified in a single command to allow both Telnet and SSH access (default settings).
access-list access-list-number {deny permit} source [source-wildcard] [log] A configuration mode command that defines a standard IP access list
access-class Restricts incoming and outgoing connections between a particular vty (into a basic Cisco device) and the addresses in an access list
ip access-list {standard extended} {access-list-name access-list-number} A configuration mode command that defines an IP access list by name or number
permit source [source-wildcard] Used in ACL configuration mode to set conditions to allow a packet to pass a named IP ACL. To remove a permit condition from an ACL, use the “no” form of this command.
deny source [source-wildcard] Used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the “no” form of this command.
ntp peer Used in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peer
switchport port-security Used in interface configuration mode to enable port security on the interface
switchport port-security maximum maximum Used in interface configuration mode to set the maximum number of secure MAC addresses on the port
switchport port-security mac-address {mac-addr {sticky [mac-addr]}} Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface.
switchport port-security violation {shutdown restrict protect} Used in interface configuration mode to set the action to be taken when a security violation is detected
show port security [interface interface-id] Displays information about security options configured on the interface
switchport port-security maximum maximum Used in interface configuration mode to set the maximum number of secure MAC addresses on the port
switchport port-security mac-address {mac-addr {sticky [mac-addr]}} Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface.
switchport port-security violation {shutdown restrict protect} Used in interface configuration mode to set the action to be taken when a security violation is detected
show port security [interface interface-id] Displays information about security options configured on the interface

Monitoring and Logging Commands

Command Purpose
logging ip address Configures the IP address of the host that will receive the system logging (syslog) messages
logging trap level Used in configuration mode to limit messages that are logged to the syslog servers based on severity. Specify the number or name of the desired severity level at which messages should be logged.
show logging Enable mode command that displays the state of system logging (syslog) and the contents of the standard system logging buffer.
terminal monitor An enable mode command that tells Cisco IOS to send a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command

Some useful Questions

How to connect to switch and start configuring?

Step1: Connect the Cisco switch to putty

  1. Connect your Cisco switch/router to your computer by using 9 pin serial cable and open putty in your computer.

Click here to download putty

  1. Open putty and select Connection Type settings and check the Serial option

  2. Select Category and choose Serial option

  3. Enter digital transmission speed and select Data bits field and enter 8

  4. Go to Stop bits and enter 1

  5. Select Parity and choose None option and select Flow Control and select None .

Step2: Set Switch Hostname

Type enable command to enter privileged EXEC mode. Then enter following command.

Switch# configure terminal

Switch(config)#

Enter the following command to assign hostname

Switch(config)# hostname access-switch1

access-switch1(config)#1

Step 3: Assign switch password

After setting the hostname, need to set Password to control the unwanted entry.

To set password: access-switch1(config)# enable secret COMPARI7ECH

Step 4: Telnet Control

To secure more, need to set a password for Telnet and console access.

Telnet

access-switch1(config)# line vty 0 15

access-switch1(config-line)# password COMPARI7ECH

access-switch1(config-line)# login

access-switch1(config-line)# exit

access-switch1(config)#

Console

access-switch1(config)# line console 0

access-switch1(config-line)# password COMPARI7ECH

access-switch1(config-line)# login

access-switch1(config-line)# exit

access-switch1(config)#

How to disable specific ports in a Cisco Switch?

Step 1: Select the switch and select CLI tab in the popup window.

Step 2: Click the command box and press “Enter”.

To enable the port follow below commands

Enable>configure terminal>interface fastethernet

Ex: Enable>configure terminal>interface fastethernet 0/1

enable

configure terminal

(config)# interface FastEthernet 0/1

(config-subif)# no shutdown

(config-subif)# end

write

To disable the port, follow below commands

Shutdown à exit

enable

configure terminal

(config)# interface FastEthernet 0/1 (config-subif)# shutdown (config-subif)# end

write

What is running configuration?

The data/ commands will be stored in running configuration mode when we completed a command in the global configuration mode. It is like a RAM (Random Access Memory). The configured commands will be lost if any power failure occurs.

What is Start up configuration?

We already discussed; the commands will be lost if any power supply failure occurs in running configuration mode. To overcome this problem, we copy our current configuration in start-up configuration.

Start-up configuration is referred as non-volatile memory of a device.

The commands used to copy your commands in running configuration to start-up configuration

copy running-configuration startup-configuration.

What are all free software available to practice Cisco commands?

  1. IOS Command Simulator

  2. Cisco Simulator

  3. On works

What is IOS?

The Cisco IOS (Internetwork Operating System) is an unique operating system for Cisco routers and switches. Cisco IOS’ main purpose is to allow data communication between network nodes.

IOS operating systems are divided into two categories:

IOS XE is a Linux-based operating system. Although IOS XE and IOS share a lot of the same code, IOS XR is considered a separate code base.

IOS XR is a real-time operating system based on QNX, a commercial Unix-like operating system. Software-defined networking (SDN) and the embedded systems industry are supported by IOS XR.

Who are all competitors of CISCO?

  • Juniper Networks.
  • Huawei.
  • Arista Networks.
  • VMware.
  • Dell Technologies.
  • Extreme.
  • HPE (Aruba)
  • NETGEAR.

What is Vlan?

A VLAN is a conceptually segmented set of end stations in a switched network that is logically separated by function or application, regardless of the users’ physical locations. VLANs have the same properties as physical LANs, but they allow you to group end stations that are not physically connected to the same LAN segment.

What is HSRP?

The Hot Standby Router Protocol (HSRP) enables IP network redundancy by ensuring that user traffic recovers quickly and transparently in the event of a first hop router failure. Multiple routers on the same LAN might share a virtual IP and MAC address that is set as the default gateway on the hosts using HSRP.