User EXEC Commands

enable
exit
end

Privileged EXEC Commands

General
- configure terminal
- ping ip address
- hostname hostname
- copy running-config startup-config /write / write memory --> Saves running configuration to startup configuration
- erase startup-config / write erase / erase nvram: --> Deletes the startup configuration
Clear
1. MAC Address Table:
  - clear mac address-table
  - clear mac address-table dynamic --> Clears all dynamically learned MAC addresses
  - clear mac address-table dynamic address address --> Clears a specific dynamically learned MAC address
  - clear mac address-table dynamic interface interface --> Clear all dynamically learned MAC addresses on a specific interface
2. OSPF ^clear-ospf
  - clear ip ospf process --> Restarts the current OSPF process
3. NAT ^priv-clear-nat
  - clear ip nat translation * --> Clears all dynamic NAT translations in the NAT translation table
NTP ^priv-ntp
- clock set hh:mm:ss day month year --> Sets the device’s software clock (day and month can be swapped around)
- calendar set hh:mm:ss day month year --> Sets the device’s hardware clock (day and month can be swapped around)
- clock update-calendar --> Syncs the calendar (hardware clock) to the clock’s (software clock) time
- clock read-calendar --> Syncs the clock (software time) to the calendar’s (hardware clock) time
Syslog ^priv-syslog
- terminal monitor --> Displays Syslog messages when connected through VTY (Telnet, SSH). Must be used every time a connection is established
VRF ^priv-vrf
- ping vrf vrf-name ip-address --> Pings an IP address in the specified VRF
Show (Can be used in Global config with ‘do’)
1. General
  - show item
  - show item | argument String --> Filters through the command’s output with selected argument (Arguments: include / section)
  - show running-config
  - show startup-config
  - show mac address-table / show mac-address-table (for older devices)
  - show logging --> Shows the device’s logs
  - show version --> Shows information about the current device’s version and OS
  - show file systems --> Shows the file systems of a Cisco IOS device
  - show flash --> Shows the contents of the system’s flash memory
2. Interfaces: ^show-int
  - show interfaces [interface-id | argument] --> Shows full interface information
  - show interfaces interface-id switchport --> Shows the interface’s switchport information.
  - show interfaces status --> Shows full interface(s) information on switches
  - show interfaces trunk --> Shows switchport trunk information for all interfaces
  - show interfaces interface-id trunk --> Shows switchport trunk information for a specific interface
  - show controllers serial port/number --> Shows information about the serial interface, mostly used to determine the DCE (Data Communications Equipment) and the DTE (Data Terminal Equipment)
3. IP commands:
  - show ip interface brief --> Shows short, concise interfaces’ information
4. VLANs: ^show-vlan
  - show vlan
  - show vlan brief --> Shows a brief list of VLANs and the access ports that are using them
5. VTP: ^show-vtp
  - show vtp status
6. Spanning Tree: ^show-stp
  - show spanning-tree --> Shows general STP status and information
  - show spanning-tree vlan vlan-id --> Shows spanning-tree information for a specific VLAN
  - show spanning-tree detail --> Shows detailed STP information
  - show spanning-tree summary --> Shows a summary of the current STP configuration
7. EtherChannel ^show-etherchannel
  - show etherchannel
  - show etherchannel summary --> Shows a summary of current EtherChannels
  - show etherchannel port-channel --> Like the summary command, but it shows the current EtherChannel protocol as well (LACP/PAgP)
  - show etherchannel load-balance --> Shows current EtherChannel load balancing method
8. Routes ^show-routes-main
  - General
    - show ip route [argument] --> Shows the router/switch’s routing table, optionally with an argument to filter for routes of a specific type
    - show ip protocols --> Shows routing protocol information
  - EIGRP Routes
    - show ip eigrp neighbors --> Shows information about EIGRP neighbors
    - show ip eigrp topology --> Shows all learned routes through EIGRP and their information. Includes routes that aren’t currently displayed in show ip route, and shows the EIGRP Feasible Distance and Reported Distance
  - OSPF Routes ^show-ospf
    - show ip ospf database --> Shows all of the Link State Advertisements (LSA) in the Link State Database (LSDB)
    - show ip ospf neighbor --> Shows the router’s OSPF neighbors
    - show ip ospf interface [interface-id] --> Shows detailed information about all the interfaces running OSPF, or one specific interface if specified
    - show ip ospf interface brief --> Brief view of all OSPF interfaces
9. FHRP Protocols ^show-fhrp-protocols
  - HSRP
    - show standby --> Shows information about the running HSRP configuration on the router
10. IPv6 ^show-ipv6
  - show ipv6 route --> Shows the IPv6 routing table.
  - show ipv6 interface brief --> Shows brief information about all IPv6 interfaces
  - show ipv6 interface interface-id --> Shows full IPv6 interface information
  - show ipv6 neighbor --> Shows the IPv6 equivalent of an ARP table
11. ACL ^show-acl
  - show access-lists --> Shows ALL configured access-lists on the router
  - show ip access-lists --> Shows IP related access-lists on the router
12. Layer 2 Discovery Protocols ^show-layer2-discovery-protocols
  - CDP
    - show cdp --> Shows global CDP information, like the timer, holdtime, and advertisement version
    - show cdp traffic --> Shows CDP traffic statistics
    - show cdp interface --> Shows full CDP information about the interfaces running the CDP protocol, along with a basic summary at the end
    - show cdp interface interface-id --> Shows full CDP information about the specified interface running the CDP protocol
    - show cdp neighbors --> Shows brief information about all connected CDP neighbors
    - show cdp neighbors detail --> Shows detailed information about all connected CDP neighbors
    - show cdp entry host-name --> Similar to show cdp neighbors detail, but only shows detailed information for the specified host
  - LLDP
    - show lldp --> Shows global lldp information, like the timer, holdtime, and reinit timer
    - show lldp traffic --> Shows LLDP traffic statistics
    - show lldp interface --> Shows full LLDP information about the interfaces running the LLDP protocol, such as transmit and receive status and state
    - show lldp interface interface-id --> Shows full LLDP information about the specified interface running the LLDP protocol
    - show lldp neighbors --> Shows brief information about all connected LLDP neighbors
    - show lldp neighbors detail --> Shows detailed information about all connected LLDP neighbors
    - show lldp entry host-name --> Similar to show lldp neighbors detail, but only shows detailed information for the specified host
13. NTP ^show-ntp
  - show clock --> Shows basic clock information
  - show clock detail --> Shows the time source (hardware calendar by default) and basic clock information
  - show ntp status --> Shows general NTP information like stratum level and IP address of the connected time syncing server
  - show ntp associations --> Shows the NTP servers the device is syncing to
14. DNS ^show-dns
  - show hosts --> Shows the configured hosts as well as hosts learned and cached through DNS
15. DHCP ^show-dhcp
  - show ip dhcp binding --> Shows all DHCP clients which are currently assigned IP addresses
16. SSH ^show-ssh
  - show ip ssh --> Shows detailed information about the current SSH configuration
17. FTP & TFTP ^show-ftp-tftp
  - show version --> Shows information about the current device’s version and OS
  - show file systems --> Shows the file systems of a Cisco IOS device
  - show flash --> Shows the contents of the system’s flash memory
18. NAT ^show-nat
  - show ip nat translations --> Shows information about IP addresses that have been translated through NAT
  - show ip nat statistics --> Shows statistics about the current NAT process
19. Power Policing ^show-power-police
  - show power inline police interface-id --> Shows the power policing information of the specified interface
20. Port Security ^show-port-security
  - show port-security --> Shows general port security information about the current configuration
  - show port-security interface interface-id --> Shows the port security configuration on the specified interface
  - show mac address-table secure --> Shows all configured Secure MAC addresses
  - show errdisable recovery --> Shows the current err-disable recovery settings
21. DHCP Snooping ^show-dhcp-snooping
  - show ip dhcp snooping binding --> Shows the DHCP snooping binding table
22. Dynamic ARP Inspection ^show-arp-inspection
  - show ip arp inspection --> Shows a summary of the Dynamic ARP Inspection configuration as well as statistics
  - show ip arp inspection interfaces --> Shows the status of Dynamic ARP Inspection on the switch’s interfaces
23. VRF ^show-vrf
  - show ip vrf --> Shows all configured VRFs on the router.
  - show ip route vrf vrf-name --> Shows the IP routing table for a specific VRF (VRF routing tables do not show up in the normal show ip route command.)

Global Config Commands

General
- enable password password
- enable secret password
- no command-here --> To remove commands from the configuration
- do command-here --> To execute Privileged EXEC commands in Global
- ip route ip-address netmask [exit-interface &/ next-hop] [distance-metric]
- ip routing --> Enables Layer 3 routing on a Multilayer switch
- ip default-gateway ip-address --> Configures the switch’s default gateway
- ipv6 unicast-routing --> Enables IPv6 routing on the router
- username username secret password --> Configures a user and their password on the device. Usually used with login local
- login --> Enables login, which prompts the user to enter a password only in order to access the Cisco IOS CLI
- login local --> Enables local login, which prompts the user to enter a username and password in order to access the Cisco IOS CLI
- line line-type line-number --> Enters the configuration mode for the specified line type (console, VTY, etc.) and the specified line’s number
- boot system file-path --> Sets the Cisco device’s boot system IOS file
- copy source destination --> Copies files from a source location to a destination location
- delete file-path --> Deletes the specified file.
Service:
1. General
  - service password-encryption --> Enables Type 7 password encryption on all existing and future passwords, removing the service will NOT decrypt passwords. (not recommended)
2. Syslog Related ^global-service-syslog
  - service sequence-numbers --> Enables sequence numbers to be displayed in Syslog messages
  - service timestamps log time-type { datetime | uptime } --> Enables timestamps to be displayed in Syslog messages
VLANs ^global-vlan
- show vlan brief
- vlan vlan-id --> Creates a new VLAN, or enters VLAN configuration mode
  - name name --> Changes the current VLAN’s name
ACL ^global-acl
1. General
  - access-list number remark description --> Gives the specified access list a remark/description
  - ip access-list resequence acl-name/acl-number starting-seq-number increment --> Modifies the access list’s sequencing numbers according to specified arguments
2. Standard
  - access-list number { deny | permit } ip wildcard-mask --> Configures a standard numbered ACL
  - ip access-list standard acl-name/acl-number --> Enters standard named ACL configuration mode
    - [entry-number] { deny | permit } ip wildcard-mask
3. Extended
  - access-list number { deny | permit } protocol src-ip dst-ip --> Configures an extended numbered ACL
  - ip access-list extended acl-name/acl-number --> Enters standard named ACL configuration mode
    - [entry-number] { deny | permit } protocol src-ip dst-ip
    - [entry-number] { deny | permit } protocol src-ip argument source-port-num dst-ip argument dst-port-num (Arguments: eq / gt / lt / neq / range )
Layer 2 Discovery Protocols ^global-layer2-discovery-protocols
1. CDP
  - cdp run --> Enables CDP globally
  - cdp timer seconds --> Sets the CDP message timer
  - cdp holdtime seconds --> Sets the CDP message holdtime
  - cdp advertise-v2 --> Changes CDP version to V2
2. LLDP
  - lldp run --> Enables LLDP globally
  - lldp timer seconds --> Sets the LLDP message timer
  - lldp holdtime seconds --> Sets the LLDP message holdtime
  - lldp reinit seconds --> Sets the LLDP reinit timer
NTP ^global-ntp
- clock timezone timezone-name hours-offset [minutes-offset] --> Changes the clock’s timezone to a user specified timezone name with an hours offset, and an optional minutes offset
- clock summer-time name recurring start end [offset] --> Sets the daylight saving time (summer time) configuration for the clock
  - (start and end each require the week (first, last or number), weekday, month and time)
- ntp update-calendar --> Updates the calendar (hardware clock) using NTP
- ntp server ip-address [prefer] --> Configures an NTP server that the client will sync to
- ntp server ip-address key key-number --> Configures an NTP server that the client will sync to along with the authentication key number
- ntp peer ip-address --> Sets up symmetric active peering mode with another NTP server
- ntp peer ip-address key key-number --> Sets up symmetric active peering mode with another NTP server along with the authentication key number
- ntp master [stratum-level] --> Configures the device as an NTP server with an optional stratum level argument (Defaults to stratum 8)
- ntp source interface-id --> Changes the source of NTP messages to be that of the specified interface
- ntp authenticate --> Enables NTP authentication
- ntp authentication-key key-number md5 key/password --> Configures an NTP authentication key
- ntp trusted-key key-number --> Trusts the NTP key number on the current device
DNS ^global-dns
- ip dns server --> Configures the router to act as a DNS server
- ip domain lookup / ip domain-lookup --> Enables the router to perform DNS queries (enabled by default)
- ip host host-name ip-address --> Configures a host address mapping to be used for DNS queries
- ip name-server ip-address --> Configures an external DNS server to query if a requested record isn’t available in the router’s host table
- ip domain name domain-name / ip domain-name domain-name --> Configures the default domain name
DHCP ^global-dhcp
- ip dhcp excluded-address low-address high-address --> Specifies the range of addresses that won’t be given to DHCP clients
- ip dhcp pool pool-name --> Initiates a DHCP pool and enters DHCP pool configuration mode or enters DHCP pool configuration if the pool already exists
  - network ip-address { /prefix-length | subnet-mask } --> Specifies the subnet of addressed to be assigned to clients (Except the excluded addresses)
  - lease time { days hours minutes | infinite } --> Specifies the DHCP IP address lease time
  - default-router ip-address --> Specifies the default gateway that the DHCP clients should use
  - dns-server ip-address --> Specifies the DNS server that DHCP clients should use
  - domain-name domain-name --> Specifies the domain name of the network
  - option 43 ip ip-address --> Enables Option 43 for DHCP clients, which can be used to tell the APs the IP address of their WLC
SNMP ^global-snmp
- snmp-server contact contact-info --> Sets the SNMP server contact information
- snmp-server location location-info --> Sets the SNMP server location information
- snmp-server community password ro --> Sets the community password for read-only operations
- snmp-server community password rw --> Sets the community password for read-write operations
- snmp-server host ip-address version 2c community-string --> Specifies the NMS, version and community string
- snmp-server enable traps trap-types --> Enables specific trap (notification) types
Syslog ^global-syslog
- logging console level --> Sets the Syslog logging level for console lines
- logging monitor level --> Sets the Syslog logging level for VTY lines
- logging buffered [size] level --> Sets the Syslog logging level for the buffer (RAM) (size is in Bytes)
- logging trap trap-types --> Configures the Syslog level for an external Syslog server
- logging ip-address --> Configures a Syslog server that will receive Syslog messages
- logging host ip-address --> Configures a Syslog server that will receive Syslog messages
- logging synchronous --> Causes a new line to be printed if your typing is interrupted by a message (Executed in line-configuration mode)
SSH / Line Configuration ^global-ssh-line-configuration
1. General
  - ip ssh version version { 1 | 2 }--> Sets the SSH version
  - ip default-gateway ip-address --> Configures the switch’s default gateway
  - exec-timeout minutes seconds --> Sets a timeout timer that will log out the user from the current session after a specified period of inactivity
  - crypto key generate rsa --> Generates a RSA keys to be used for SSH authentication (requires a Domain Name)
  - show version --> Shows information about the current device’s version and OS
2. Console Line Configuration
  - line console 0 --> Enters console line configuration mode
  - password password --> Sets a password on the console line
  - login --> Enables login when connecting through the console line/port, which prompts the user to enter a password only, in order to access the Cisco IOS CLI
  - login local --> Enables local login when connecting through the console line/port, which prompts the user to enter a username and password in order to access the Cisco IOS CLI (used with Pass command)
3. VTY Line Configuration
  - line vty line-number OR low-line-number high-line-number --> Enters VTY line configuration mode. You can specify either one line to be configured (Ex. 0) or a range of lines (Ex. 0 15)
  - login --> Enables login when connecting through the VTY line(s), which prompts the user to enter a password only, in order to access the Cisco IOS CLI
  - login local --> Enables local login when connecting through the VTY line(s), which prompts the user to enter a username and password in order to access the Cisco IOS CLI (used with Pass command)
  - transport input connection-types { all | none | protocol(s) }--> Allows the specified connection type(s) to connect through the VTY line(s) (SSH, Telnet, etc.)
  - access-class acl-id in --> Applies an ACL inbound on the VTY line(s)
FTP & TFTP ^global-ftp-tftp
1. General / Related
  - boot system file-path --> Sets the Cisco device’s boot system IOS file
  - copy source destination --> Copies files from a source location to a destination location
  - delete file-path --> Deletes the specified file.
2. FTP
  - ip ftp username username --> Sets the username for FTP authentication
  - ip ftp password password --> Sets the password for FTP authentication
NAT ^global-nat
1. Static NAT
  - ip nat inside source static inside-local-ip inside-global-ip --> Configures a one-to-one (Static NAT) IP address mapping
2. Dynamic NAT
  - deny } ARGUMENTS --> Creates an ACL with the specified arguments. Used to decide which addresses should be translated with NAT
  - ip nat pool pool-name start-ip end-ip { prefix-length prefix-length | netmask subnet-mask } --> Creates a NAT pool to be used for dynamic NAT translations
  - ip nat inside source list acl-id pool pool-name --> Configures dynamic NAT on the router using the specified NAT pool and ACL
  - ip nat inside source list acl-id pool pool-name overload --> Configures dynamic PAT on the router using the specified NAT pool and ACL
  - ip nat inside source list acl-id interface interface-id overload --> Configures dynamic PAT on an interface using the specified NAT pool and ACL
ErrDisable (Port Security / DHCP Snooping / ARP Inspection) ^global-errdisable
- errdisable recovery cause cause { psecure-violation | dhcp-rate-limit | arp-inspection } --> Enables err-disable recovery for the specified cause
- errdisable recovery interval seconds --> Determines how long the switch should wait before enabling an err-disabled interface (if the err-disable recovery for that cause is enabled)
DHCP Snooping ^global-dhcp-snooping
- ip dhcp snooping --> Enables the DHCP snooping functionality on the switch (needs to be enabled per VLAN as well)
- ip dhcp snooping vlan vlan-id --> Enables DHCP snooping on the specified VLAN
- no ip dhcp snooping information option --> Disables applying Option 82 for DHCP messages
Dynamic ARP Inspection ^global-arp-inspection
- ip arp inspection vlan vlan-id --> Enables Dynamic ARP Inspection on the specified VLAN
- ip arp inspection validate validation-method(s) ( src-mac | dst-mac | ip ) --> Configures the current ARP Inspection validation method(s)
  - (You can use multiple by specifying them in the same command)
- arp access-list arp-acl-id --> Creates an ARP ACL and enters ARP ACL configuration mode
  - In configuration mode:
  - { permit | deny } ip host ip-address mac host mac-address
- ip arp inspection filter arp-acl-id vlan vlan-id --> Applies an ARP ACL on the specified VLAN
VRF ^global-vrf
- ip vrf vrf-name --> Creates a new VRF

Interface Commands

General ^int-general
- show interfaces commands
- ip address ip-address netmask
- mac-address custom-mac-address
- interface range interface-id - interface-id or interface-id, interface-id, interface-id
- default interface interface-id --> Resets the interface to default settings
- interface loopback loopback-interface-id or interface l loopback-interface-id --> Creates a loopback interface
- description description --> Adds a description to the interface
- speed mode / value { auto | speed-value } --> Changes the interface’s speed
- duplex mode { full / half } --> Changes the interface’s duplex mode
- bandwidth value (in Kbps) --> Changes the interface’s bandwidth (doesn’t affect interface speed)
- ip mtu bytes --> Changes the MTU value on the interface
Switchport: ^int-switchport
1. General:
  - switchport mode type { access / trunk / dynamic auto / dynamic desirable } --> Configures the switchport type for VLANs
  - switchport nonegotiate --> Disables Dynamic Trunking Protocol (DTP) requests between switches (setting the switch to access mode does the same thing)
2. Access ports:
  - switchport access vlan vlan-id --> Changes the access port’s VLAN to the specified VLAN ID
  - switchport voice vlan vlan-id --> Assigns VOIP (Voice over IP) traffic to be tagged with a specific VLAN ID (Done while the switchport is in access mode)
3. Trunk ports:
  - show interfaces trunk
  - switchport trunk encapsulation mode {auto / negotiate / dot1q / isl}
  - switchport trunk allowed vlan argument {vlan-id/ add vlan-id / remove vlan-id / all / none / except vlan-id}
    (Multiple VLANs can be used in add, remove and except by putting a comma in between the vlan-IDs)
  - switchport trunk native vlan vlan-id
Serial ^int-serial
- show controllers serial INTERFACE-ID command
- interface serial port/number --> Enters serial interface configuration mode
  - clock rate bits-per-second --> Changes the serial interface’s operating speed, used on the DCE (Data Communications Equipment) side
  - encapsulation protocol {ppp / hdlc} --> Changes the encapsulation mode. Must match on both sides of the serial connection
Sub-interface / ROAS ^int-subint-roas
- interface interface/id.sub-interface-id --> Initialize a sub-interface
  - Ex: interface G0/0.10
- encapsulation dot1q vlan-id --> Set the sub-interface’s VLAN
- encapsulation dot1q vlan-id native --> Sets the native VLAN for the sub-interface
- ip address ip-address netmask --> Sets the IP address on the virtual sub-interface
Multilayer Switch and SVI ^int-multilayer-svi
- ip routing --> Enables Layer 3 routing on a Multilayer switch
- no switchport --> Configures the interface as a Layer 3/routed port (Not a Layer 2/switchport)
- interface vlan id --> Creates an switch virtual interface (SVI)
VTP ^int-vtp
- show vtp status
- vtp mode type {server / client / transparent}
- vtp domain domain-name
- vtp version version-number (1 / 2 / 3)
Spanning Tree ^int-stp
1. General
  - show spanning-tree commands
  - spanning-tree mode mode {mst / pvst / rapid-pvst} (Versions)
2. Spanning Tree Portfast / BPDU Guard
  - spanning-tree portfast --> Enables portfast on the current interface.
  - spanning-tree portfast default --> Enables Portfast on all access ports by default.
  - spanning-tree bpduguard enable --> Enables BPDU Guard on the current interface.
  - spanning-tree portfast bpduguard default --> Enables BPDU Guard on all Portfast-enabled interfaces by default.
3. Spanning Tree VLAN related
  - spanning-tree vlan vlan-id root primary --> Sets the STP bridge priority to 24576 (Or 4096 lower than the current lowest STP priority.)
  - spanning-tree vlan vlan-id root secondary --> Sets the STP bridge priority to 28672
  - spanning-tree vlan vlan-id cost number --> Changes the interface’s STP root cost
  - spanning-tree vlan vlan-id port-priority number --> Changes the interface’s port priority
4. Spanning Tree Link Type
  - spanning-tree link-type type { point-to-point / shared }
EtherChannel ^int-etherchannel
- show etherchannel commands
- interface port-channel etherchannel-group-number --> Enters EtherChannel group configuration mode (or creates an EtherChannel port if it doesn’t exist)
  - interface ponumber --> Shorter version of interface port-channel
- channel-group etherchannel-group-number mode mode { desirable / auto / active / passive / on }
  - (active/passive are LACP modes, while desirable/auto are PAgP modes, on is static etherchannel)
- channel-protocol protocol (lacp / pagp)
- port-channel load-balance method { src-mac / dst-mac / src-dst-mac / src-ip / dst-ip / src-dst-ip } --> Changes the EtherChannel load balancing method
Routing protocols’ interfaces ^int-routing-protocols
1. OSPF ^1e7708
  - show ip ospf commands
  - ip ospf cost cost --> Changes the interface’s cost value
  - ip ospf process-ID area area --> Enables OSPF directly on an interface
  - ip ospf priority priority --> Changes the interface’s OSPF priority, used for DR/BDR elections
  - ip ospf network network-type { broadcast / point-to-point / non-broadcast } --> Changes the OSPF network type used on the interface
  - ip ospf hello-interval seconds --> Changes the Hello message timer
  - ip ospf dead-interval seconds --> Changes the Dead message timer
  - ip ospf authentication --> Enables OSPF authentication on the current interface
  - ip ospf authentication-key password --> Sets the authentication key/password on the interface
FHRP Protocols ^int-fhrp-protocols
1. HSRP
  - show standby command
  - standby version version {1 / 2} --> Changes HSRP version
  - standby group-number ip virtual-ip-address --> Sets the interface’s HSRP IP address in the specified group
  - standby group-number priority priority --> Sets the interface’s HSRP priority to a certain value in the specified group. Default is 100 and maximum is 255
  - standby group-number preempt --> Enables preemption on the HSRP interface
IPv6 ^int-ipv6
- show ipv6 commands
- [[Cisco IOS Commands#^global-ipv6-routing|ipv6 unicast-routing --> Enables IPv6 routing on the router]]
- ipv6 address ipv6-address/prefix --> Assigns the interface an IPv6 address
- ipv6 address ipv6-address/prefix eui-64 --> Assigns the interface an IPv6 address with the host portion being an EUI-64 generated address.
- ipv6 address ipv6-address/prefix anycast --> Assigns the interface with an IPv6 address with anycast enabled
- ipv6 enable --> Enables IPv6 on a single interface with an automatically generated EUI-64 Link-Local address
- ipv6 address autoconfig --> Uses SLAAC (Stateless Address Auto-configuration) to generate an IPv6 address. Uses NDP to find the network prefix and EUI-64 to generate the interface identifier (could be chosen randomly as well).
ACL ^int-acl
- ip access-group number/name { in | out } --> Applies the specified access-list onto the interface, either inbound or outbound
Layer 2 Discovery Protocols ^int-layer2-discovery-protocols
1. CDP
  - cdp enable --> Enables CDP on the current interface
2. LLDP
  - lldp transmit --> Enables LLDP transmission on the current interface
  - lldp receive --> Enables LLDP receiving on the current interface
DHCP ^int-dhcp
- ip helper-address ip-address --> Configures the current interface as a DHCP relay agent (meant to be used on the interface that’s connected to the DHCP clients)
- ip address dhcp --> Tells the router to get an IP address from the DHCP server for this specific interface
NAT ^int-nat
- ip nat inside --> Defines the ‘inside’ interface(s) connected to the internal network
- ip nat outside --> Defines the ‘outside’ interface(s) connected to the external network
IP Phones / Voice VLAN ^int-voip
- switchport voice vlan vlan-id --> Assigns VOIP (Voice over IP) traffic to be tagged with a specific VLAN ID (Done while the switchport is in access mode)
Power Policing / POE ^int-power-police
- power inline police --> Configures power policing on the interface with default settings, being: Disable the port and a send a Syslog message if a PD draws too much power
- power inline police action err-disable --> Same function as power inline police
- power inline police action log --> Configures power policing on the interface with these settings: Restart the interface and send a Syslog message when the PD draws too much power
Port Security ^int-port-security
- switchport port-security --> Enables port security on the current interface
- switchport port-security maximum maximum-mac-addresses --> Configures the maximum amount of Secure MAC addresses allowed on the current port-security enabled interface
- switchport port-security mac-address mac-address --> Manually configures an authorized port security MAC address
- switchport port-security mac-address sticky --> Enables Sticky MAC address learning
- switchport port-security mac-address sticky mac-address --> Manually adds a Sticky MAC address
- switchport port-security violation violation-mode { shutdown | restrict | protect } --> Configures the violation mode for the port security enabled interface
- switchport port-security aging static --> Enables aging for Secure Static MAC addresses
- switchport port-security aging time minutes --> Configures the timer for Secure MAC addresses aging
- switchport port-security aging type type { absolute | inactivity } --> Configures the type for Secure MAC addresses aging
DHCP Snooping ^int-dhcp-snooping
- ip dhcp snooping trust --> Configures the current interface as trusted for DHCP snooping
- ip dhcp snooping limit rate packets-per-second --> Limits how many DHCP packets are allowed per second
Dynamic ARP Inspection ^int-arp-inspection
- ip arp inspection trust --> Configures the current interface as trusted for ARP inspections
- ip arp inspection limit rate packets burst interval seconds --> Limits how many ARP packets are allowed per burst interval (Burst interval default is 1)
VRF ^int-vrf
- ip vrf forwarding vrf-name --> Applies the specified VRF onto the interface

Router Commands

General ^router-general
- router routing-protocol
- network arguments --> Enables the routing protocol on interfaces within that IP range
- passive-interface interface-id --> Turns the interface into a passive interface that doesn’t send out protocol advertisements. The router will still continue to advertise the network prefix of the interface
- passive-interface default --> Enables the Passive Interface mode on all interfaces by default
- default-information originate --> Advertises the default route to all other neighbors
- no router-id --> Resets the current Router ID on the router.
- distance distance-value --> Changes the administrative distance (AD) of the routing protocol
- maximum-paths path-value --> Changes the maximum amount of paths that Equal Cost Multi-Path (ECMP) can be done over
RIP ^router-rip
- router rip --> Goes into RIP configuration mode
- version 2 --> Switches RIP version to 2
- no auto-summary --> Disables auto-summarization to stop routers from converting advertised classless addresses into classful addresses
- network ip-address --> Enables RIP on all interfaces that are within the IP range
EIGRP ^router-eigrp
- router eigrp autonomous-system-number --> Goes into EIGRP configuration mode in the specified autonomous system group
- eigrp router-id a.b.c.d --> Changes the EIGRP router ID
- no auto-summary --> Disables auto-summarization to stop routers from converting advertised classless addresses into classful addresses
- network ip-address [wildcard-mask] --> Enables EIGRP on interfaces within the specified range. A wildcard mask can be used optionally
OSPF ^router-ospf
- router ospf process-id --> Goes into OSPF router configuration for the specified process
- router-id a.b.c.d --> Changes the OSPF router ID
- network ip-address wildcard-mask area area-number --> Enables OSPF on interfaces within the specified range and puts them in the specified area number.
- auto-cost reference-bandwidth megabits-per-second --> Changes the default reference bandwidth that is used for calculating the metric/cost
- shutdown --> Shuts down the current OSPF process when in OSPF process configuration mode

Roy's CCNA Notes

Explorer

Explorer

Cisco IOS Commands

User EXEC Commands

Privileged EXEC Commands

Global Config Commands

Interface Commands

Router Commands

Graph View

Table of Contents

Backlinks