Cisco IOS Commands
Privileged Mode
enable – get to privileged mode
disable – get to user mode
enable password <password_here> – sets privileged mode password
enable secret <password_here> – sets encrypted privileged mode password
Setting Passwords
enable secret <password_here> – set encrypted password for privileged access
enable password <password_here> – set password for privileged access (used when there is no enable secret and when using older software)
Set password for console access:
1 2 3 | (config)#line console 0 (config-line)#login (config-line)#password <password_here> |
Set password for virtual terminal (telnet) access (password must be set to access the router through telnet):
1 2 3 | (config)#line vty 0 4 (config-line)#login (config-line)#password <password_here> |
Set password for auxiliary (modem) access:
1 2 3 | (config)#line aux 0 (config-line)#login (config-line)#password <password_here> |
Configuring the Router
sh running-config – details the running configuration file (RAM)
sh startup-config – displays the configuration stored in NVRAM
setup – Will start the automatic setup; the same as when you first boot the router
config t – use to execute configuration commands from the terminal
config mem – executes configuration commands stored in NVRAM; copies startup-config to running-config
config net – used to retrieve configuration info from a TFTP server
copy running-config startup-config – copies saved the config in NVRAM to running-config (RAM)
copy startup-config running-config – copies current running-config (RAM) to non-volatile (NVRAM)
boot system flash <filename_here> – tells the router which IOS file in flash to boot from
boot system tftp – tells the router which IOS file on the TFTP server to boot from
boot system rom – tell the router to boot from ROM at next boot
copy flash tftp – Copies flash to TFTP server
copy tftp flash – Restores flash from TFTP server
copy run tftp – Copies the current running-config to TFTP server
copy tftp run – Restores the running-config from TFTP server
General Commands
no shutdown – (enables the interface)
reload – restarts the router
sh ver – Cisco IOS version, the uptime of router, how the router started, where the system was loaded from, the interfaces the POST found, and the configuration register
sh clock – shows date and time on the router
sh history – shows the history of your commands
sh debug – shows all debugging that is currently enabled
no debug all – turns off all debugging
sh users – shows users connected to the router
sh protocols – shows which protocols are configured
banner motd # Your_message # – Set/change banner
hostname <router_name_here> – use to configure the hostname of the router
clear counters – clear interface counters
Processes & Statistics
sh processes – shows active processes running on the router
sh process cpu – shows CPU statistics
sh mem – shows memory statistics
sh flash – describes the flash memory and displays the size of files and the amount of free flash memory
sh buffers – displays statistics for router buffer pools; shows the size of the Small, Middle, Big, Very Big, Large and Huge Buffers
sh stacks – shows the reason for the last reboot, monitors the stack use of processes and interrupts routines
CDP Commands (Cisco Discovery Protocol uses layer 2 multicasts over a SNAP-capable link to send data):
sh cdp neighbor – shows directly connected neighbors
sh cdp int – shows which interfaces are running CDP
sh cdp int eth 0/0 – show CDP info for a specific interface
sh cdp entry <cdp_neighbor_here> – shows CDP neighbor detail
cdp timer 120 – change how often CDP info is sent (default CDP timer is 60)
cp holdtime 240 – how long to wait before removing a CDP neighbor (default CDP holdtime is 180)
sh cdp run – shows if CDP turned on
no cdp run – turns off CDP for an entire router (global config)
no cdp enable – turns off CDP on a specific interface
Miscellaneous Commands
sh controller t1 – shows the status of T1 lines
sh controller serial 1 – use to determine if DCE or DTE device
1 2 | (config-if)#clock rate 6400 - set clock on DCE (bits per second) (config-if)#bandwidth 64 - set bandwidth (kilobits) |
IP Commands
Configure IP on an interface:
int serial 0
ip address 157.89.1.3 255.255.0.0
int eth 0
ip address 2008.1.1.4 255.255.255.0
Other IP Commands:
sh ip route – view ip routing table
ip route <remote_network> <mask> <default_gateway> [administrative_distance] – configure a static IP route
ip route 0.0.0.0 0.0.0.0 <gateway_of_last_resort> – sets default gateway
ip classless – use with static routing to allow packets destined for unrecognized subnets to use the best possible route
sh arp – view arp cache; shows MAC address of connected routers
ip address 2.2.2.2 255.255.255.0 secondary – configure a 2nd IP address on an interface
sh ip protocol
IPX Commands
Enable IPX on the router:
ipx routing
Configure IPX + IPX-RIP on an int:
int ser 0
ipx network 4A
Other Commands:
sh ipx route – shows IPX routing table
sh ipx int e0 – shows IPX address on int
sh ipx servers – shows SAP table
sh ipx traffic – view traffic statistics
debug ipx routing activity – debugs IPS RIP packets
debug ipx sap – debugs SAP packets
Routing Protocols
Configure RIP:
router rip
network 157.89.0.0
network 208.1.1.0
Other RIP Commands:
debug ip rip – view RIP debugging info
Configure IGRP:
router IGRP 200
network 157.89.0.0
network 208.1.1.0
Other IGRP Commands:
debug ip igrp events – view IGRP debugging info
debug ip igrp transactions – view IGRP debugging info
Access Lists
sh ip int ser 0 – use to view which IP access lists are applied to which int
sh ipx int ser 0 – use to view which IPX access lists are applied to which int
sh appletalk int ser 0 – use to view which AppleTalk access lists are applied to which int
View access lists:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | sh access-lists sh ip access-lists sh ipx access-lists sh appletalk access-lists Apply standard IP access list to int eth 0: access-list 1 deny 200.1.1.0 0.0.0.255 access-list 1 permit any int eth 0 ip access-group 1 in Apply Extended IP access list to int eth 0: access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23 access-list 100 deny tcp 3.3.3.0 0.0.0.255 any eq 80 int eth 0 ip access-group 100 out Apply Standard IPX access list to int eth 0: access-list 800 deny 7a 8000 access-list 800 permit -1 int eth 0 ipx access-group 800 out Apply Standard IPX access list to int eth 0: access-list 900 deny sap any 3378 -1 access-list 900 permit sap any all -1 int eth 0 ipx access-group 900 out |
Wan Configurations
PPP Configuration
encapsulation ppp
ppp authentication <chap_or_pap_here>
ppp chap hostname <routername_here>
ppp pap sent-username <username_here>
sh int ser 0 – use to view encapsulation on the interface
Frame-Relay Configuration
encapsulation frame-relay ietf – use IETF when setting up a frame-relay network between a Cisco router and a non-Cisco router
frame-relay lmi-type ansi – LMI types are Cisco, ANSI, Q933A; Cisco is the default; LMI type is auto-sensed in IOS v11.2 and up
frame-relay map ip 3.3.3.3 100 broadcast – if inverse ARP won’t work, map Other IP to Your DLCI # (local)
keepalive 10 – use to set keepalive
sh int ser 0 – use to show DLCI, LMI, and encapsulation info
sh frame-relay pvc – shows the configured DLCI’s; shows PVC traffic stats
sh frame-relay map – shows route maps
sh frame-relay lmi – shows LMI info
Keyboard Shortcuts
CTRL-P – show the previous command
CTRL-N – show next command
SHIFT-CTRL-6 – Break