What is Cisco command and how it is used?
Cisco IOS command line interface shortly called as Cisco commands is a user interface (UI) used for configuring, analysing, and maintaining Cisco devices such as routers, and switches. By using these commands, we can easily implement Cisco IOS commands by using terminal, router console or even from remote location.
Some useful Cisco commands
Here, we are discussing about top 5 fundamental commands of Cisco administrator. The below commands are very useful to collect information and save changes on Cisco routers.
The following commands need to memorize if you are going to be a Cisco networking engineer.
IOS command #1: Show running-config
Show running-config is considered as the most useful Cisco show commands. You can gather information about the router’s entire configuration by using these commands. You can get information by using simple IOS command. You can get information such as IP addresses, passwords, interfaces, routing protocols, etc. This comment only worked when the cisco router in Privileged EXEC mode.
We can abbreviate the command as “sh run or wr t.”
IOS command #2: Show IP interface brief
Show interface command will give you a lot of information about the interfaces of routers. We can gather information like is interface up, what IP address assigned etc. Both User EXEC and Privileged EXEC modes support the Show interface.
We can abbreviate the command as “sh ip int brie”.
IOS command #3: Show IP route
Routers either statically or dynamically learn about networks and save the optimum path to those networks in their routing table. Once you’ve confirmed that your interfaces are operational and that you’ve saved your configuration, check to see if your router has convergence, which implies it has accurate network reachability information. The show IP route command displays every known connection and destination network, as well as the mechanism used to learn about them, the next-hop IP address, and the local interface used to connect to them. Both User-EXEC and Privileged EXEC modes are supported by this command.
Can be abbreviated this command as “sh ip ro”.
IOS command #4: Copy running-config start up-config
It’s critical to remember to save changes to the router’s configuration after you’ve made them. This command replicates the modified active running configuration in RAM to the start-up configuration in flash memory. The configuration will be saved when the router is shut off and restarted if it is copied into flash. Only Privileged EXEC mode can be used with this command.
Wr is the shortcut term for using this command (wr means write memory).
IOS command #5: Show interfaces
It’s critical to understand the several types of interfaces on your router, as well as essential data and whether they’re up or down. The display interfaces command is an extremely verbose command that outputs a large amount of information. You may have to sift through the output to discover what you’re searching for; the output from this command includes just about everything related to interfaces, such as interface type, speed, IP address, and faults on the interface. Both User EXEC and Privileged EXEC modes are supported by this command.
Can be abbreviated this command “sh int”.
Basic Configuration Commands
| Command | Purpose |
|---|---|
| enable | It allows you to enter into the enable mode. It is also called user exec or privileged mode. |
| configure terminal | Allows you to enter into the configuration mode |
| interface FastEthernet/number | For the chosen fast ethernet interface, enter interface configuration mode. |
| reload | To reboot Cisco router or switch |
| hostname name | To set a host name |
| copy from-location to-location | Command copies files from one location to another |
| copy running-config startup-config | An enable mode command that saves the active config, replacing the startup-config when a Cisco network device initializes |
| copy startup-config running-config | An enable mode command that merges the startup-config with the currently active config in RAM |
| write erase erase startup-config | An enable mode command that deletes the startup config |
| IP address IP-address mask | Assigns an IP address and a subnet mask |
| shutdown no shutdown | Used in interface configuration mode. “Shutdown” shuts down the interface, while “no shutdown” brings up the interface. |
| ip default-gateway ip_address | Sets the default gateway on a Cisco device |
| show running-config | An enable mode command that displays the current configuration |
| description name-string | A config interface command to describe or name an interface |
| show running-config interface interface slot/number | An enable mode command to display the running configuration for a specific interface |
| show ip interface [type number] | Displays the usability status of interfaces that are configured for IP |
| ip name-server serverip-1 serverip-2 | A configure mode command that sets the IP addresses of DNS servers |
Troubleshooting Commands
| Command | Purpose |
|---|---|
| ping {hostname system-address} [source source-address] | Used in enable mode to diagnose basic network connectivity |
| speed {10/ 100/ 1000/ auto} | An interface mode command that manually sets the speed to the specified value or negotiates it automatically |
| duplex {auto full half} | An interface mode command that manually sets duplex to half, full or auto |
| cdp run no cdp run | A configuration mode command that enables or disables Cisco Discovery Protocol (CDP) for the device |
| show mac address-table | Displays the MAC address table |
| show cdp | Shows whether CDP is enabled globally |
| show cdp neighbors[detail] | Lists summary information about each neighbor connected to this device; the “detail” option lists detailed information about each neighbor |
| show interfaces | Displays detailed information about interface status, settings and counters |
| show interface status | Displays the interface line status |
| show interfaces switchport | Displays a large variety of configuration settings and current operational status, including VLAN trunking details. |
| show interfaces trunk | Lists information about the currently operational trunks and the VLANs supported by those trunks |
| show vlan show vlan brief | Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks |
| show vtp status | Lists the current VTP status, including the current mode |
Routing and VLAN Commands
| Command | Purpose |
|---|---|
| ip route network-number network-mask {ip-address interface} | Sets a static route in the IP routing table |
| router rip | Enables a Routing Information Protocol (RIP) routing process, which places you in router configuration mode |
| network | ip-address In router configuration mode, associates a network with a RIP routing process |
| version 2 | In router configuration mode, configures the software to receive and send only RIP version 2 packets |
| no auto-summary | In router configuration mode, disables automatic summarization |
| default-information originate | In router configuration mode, generates a default route into RIP |
| passive-interface | interface In router configuration mode, sets only that interface to passive RIP mode. In passive RIP mode, RIP routing updates are accepted by, but not sent out of, the specified interface. |
| show ip rip database | Displays the contents of the RIP routing database |
| ip nat [inside outside] | An interface configuration mode command to designate that traffic originating from or destined for the interface is subject to NAT |
| ip nat inside source {list{access-list-number access-list-name}} interface type number[overload] | A configuration mode command to establish dynamic source translation. Use of the “list” keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The “overload” option enables the router to use one global address for many local addresses. |
| ip nat inside source static local-ip global-ip | A configuration mode command to establish a static translation between an inside local address and an inside global address |
| vlan | Creates a VLAN and enters VLAN configuration mode for further definitions |
| switchport access vlan | Sets the VLAN that the interface belongs to. |
| switchport trunk encapsulation dot1q | Specifies 802.1Q encapsulation on the trunk link. |
| switchport access | Assigns this port to a VLAN |
| vlan vlan-id [name vlan-name] | Configures a specific VLAN name |
| switchport mode { access trunk } | Configures the VLAN membership mode of a port. The access port is set to access unconditionally and operates as a non-trunking, single VLAN interface that sends and receives non-encapsulated (non-tagged) frames. An access port can be assigned to only one VLAN.The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router. |
| switchport trunk {encapsulation { dot1q } | Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port. |
| encapsulation dot1q vlan-id | A configuration mode command that defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance |
DHCP Commands
| Command | Purpose |
|---|---|
| ip address dhcp | A configuration mode command to acquire an IP address on an interface via DHCP |
| ip dhcp pool name | A configuration mode command to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode |
| domain-name domain | Used in DHCP pool configuration mode to specify the domain name for a DHCP client |
| network network-number [mask] | Used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server |
| ip dhcp excluded-address ip-address [last-ip-address] | A configuration mode command to specify IP addresses that a DHCP server should not assign to DHCP clients |
| ip helper-address address | An interface configuration mode command to enable forwarding of UDP broadcasts, including BOOTP, received on an interface |
| default-router address[address2 … address8] | Used in DHCP pool configuration mode to specify the default router list for a DHCP client |
Security Commands
| Command | Purpose |
|---|---|
| password pass-value | Lists the password that is required if the login command (with no other parameters) is configured |
| username name password pass-value | A global command that defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used. |
| enable password pass-value | A configuration mode command that defines the password required when using the enable command |
| enable secretpass-value | A configuration mode command that sets this Cisco device password that is required for any user to enter enable mode |
| service password-encryption | A configuration mode command that directs the Cisco IOS software to encrypt the passwords, CHAP secrets, and similar data saved in its configuration file |
| ip domain-name name | Configures a DNS domain name |
| crypto key generate rsa | A configuration mode command that creates and stores (in a hidden location in flash memory) the keys that are required by SSH |
| transport input {telnet ssh} | Used in vty line configuration mode, defines whether Telnet or SSH access is allowed into this switch. Both values can be specified in a single command to allow both Telnet and SSH access (default settings). |
| access-list access-list-number {deny permit} source [source-wildcard] [log] | A configuration mode command that defines a standard IP access list |
| access-class | Restricts incoming and outgoing connections between a particular vty (into a basic Cisco device) and the addresses in an access list |
| ip access-list {standard extended} {access-list-name access-list-number} | A configuration mode command that defines an IP access list by name or number |
| permit source [source-wildcard] | Used in ACL configuration mode to set conditions to allow a packet to pass a named IP ACL. To remove a permit condition from an ACL, use the “no” form of this command. |
| deny source [source-wildcard] | Used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the “no” form of this command. |
| ntp peer | Used in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peer |
| switchport port-security | Used in interface configuration mode to enable port security on the interface |
| switchport port-security maximum maximum | Used in interface configuration mode to set the maximum number of secure MAC addresses on the port |
| switchport port-security mac-address {mac-addr {sticky [mac-addr]}} | Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface. |
| switchport port-security violation {shutdown restrict protect} | Used in interface configuration mode to set the action to be taken when a security violation is detected |
| show port security [interface interface-id] | Displays information about security options configured on the interface |
| switchport port-security maximum maximum | Used in interface configuration mode to set the maximum number of secure MAC addresses on the port |
| switchport port-security mac-address {mac-addr {sticky [mac-addr]}} | Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface. |
| switchport port-security violation {shutdown restrict protect} | Used in interface configuration mode to set the action to be taken when a security violation is detected |
| show port security [interface interface-id] | Displays information about security options configured on the interface |
Monitoring and Logging Commands
| Command | Purpose |
|---|---|
| logging ip address | Configures the IP address of the host that will receive the system logging (syslog) messages |
| logging trap level | Used in configuration mode to limit messages that are logged to the syslog servers based on severity. Specify the number or name of the desired severity level at which messages should be logged. |
| show logging | Enable mode command that displays the state of system logging (syslog) and the contents of the standard system logging buffer. |
| terminal monitor | An enable mode command that tells Cisco IOS to send a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command |
Some useful Questions
How to connect to switch and start configuring?
Step1: Connect the Cisco switch to putty
- Connect your Cisco switch/router to your computer by using 9 pin serial cable and open putty in your computer.
Click here to download putty
-
Open putty and select Connection Type settings and check the Serial option
-
Select Category and choose Serial option
-
Enter digital transmission speed and select Data bits field and enter 8
-
Go to Stop bits and enter 1
-
Select Parity and choose None option and select Flow Control and select None .
Step2: Set Switch Hostname
Type enable command to enter privileged EXEC mode. Then enter following command.
Switch# configure terminal
Switch(config)#
Enter the following command to assign hostname
Switch(config)# hostname access-switch1
access-switch1(config)#1
Step 3: Assign switch password
After setting the hostname, need to set Password to control the unwanted entry.
To set password: access-switch1(config)# enable secret COMPARI7ECH
Step 4: Telnet Control
To secure more, need to set a password for Telnet and console access.
Telnet
access-switch1(config)# line vty 0 15
access-switch1(config-line)# password COMPARI7ECH
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
Console
access-switch1(config)# line console 0
access-switch1(config-line)# password COMPARI7ECH
access-switch1(config-line)# login
access-switch1(config-line)# exit
access-switch1(config)#
How to disable specific ports in a Cisco Switch?
Step 1: Select the switch and select CLI tab in the popup window.
Step 2: Click the command box and press “Enter”.
To enable the port follow below commands
Enable>configure terminal>interface fastethernet
Ex: Enable>configure terminal>interface fastethernet 0/1
enable
configure terminal
(config)# interface FastEthernet 0/1
(config-subif)# no shutdown
(config-subif)# end
write
To disable the port, follow below commands
Shutdown à exit
enable
configure terminal
(config)# interface FastEthernet 0/1 (config-subif)# shutdown (config-subif)# end
write
What is running configuration?
The data/ commands will be stored in running configuration mode when we completed a command in the global configuration mode. It is like a RAM (Random Access Memory). The configured commands will be lost if any power failure occurs.
What is Start up configuration?
We already discussed; the commands will be lost if any power supply failure occurs in running configuration mode. To overcome this problem, we copy our current configuration in start-up configuration.
Start-up configuration is referred as non-volatile memory of a device.
The commands used to copy your commands in running configuration to start-up configuration
copy running-configuration startup-configuration.
What are all free software available to practice Cisco commands?
What is IOS?
The Cisco IOS (Internetwork Operating System) is an unique operating system for Cisco routers and switches. Cisco IOS’ main purpose is to allow data communication between network nodes.
IOS operating systems are divided into two categories:
IOS XE is a Linux-based operating system. Although IOS XE and IOS share a lot of the same code, IOS XR is considered a separate code base.
IOS XR is a real-time operating system based on QNX, a commercial Unix-like operating system. Software-defined networking (SDN) and the embedded systems industry are supported by IOS XR.
Who are all competitors of CISCO?
- Juniper Networks.
- Huawei.
- Arista Networks.
- VMware.
- Dell Technologies.
- Extreme.
- HPE (Aruba)
- NETGEAR.
What is Vlan?
A VLAN is a conceptually segmented set of end stations in a switched network that is logically separated by function or application, regardless of the users’ physical locations. VLANs have the same properties as physical LANs, but they allow you to group end stations that are not physically connected to the same LAN segment.
What is HSRP?
The Hot Standby Router Protocol (HSRP) enables IP network redundancy by ensuring that user traffic recovers quickly and transparently in the event of a first hop router failure. Multiple routers on the same LAN might share a virtual IP and MAC address that is set as the default gateway on the hosts using HSRP.