Quartz Fix - Cisco IOS Commands

What is this file?

• This file was made for a certain feature to work correctly on the website.
• I recommend using Cisco IOS Commands instead.

User EXEC Commands

• enable
• exit
• end

---

Privileged EXEC Commands

General

• configure terminal
• ping ip address
• hostname hostname
• copy running-config startup-config /write / write memory --> Saves running configuration to startup configuration
• erase startup-config / write erase / erase nvram: --> Deletes the startup configuration

Clear

1. MAC Address Table

• clear mac address-table
• clear mac address-table dynamic --> Clears all dynamically learned MAC addresses
• clear mac address-table dynamic address address --> Clears a specific dynamically learned MAC address
• clear mac address-table dynamic interface interface --> Clear all dynamically learned MAC addresses on a specific interface

2. OSPF

• clear ip ospf process --> Restarts the current OSPF process

3. NAT

• clear ip nat translation * --> Clears all dynamic NAT translations in the NAT translation table

NTP Privileged

• clock set hh:mm:ss day month year --> Sets the device’s software clock (day and month can be swapped around)
• calendar set hh:mm:ss day month year --> Sets the device’s hardware clock (day and month can be swapped around)
• clock update-calendar --> Syncs the calendar (hardware clock) to the clock’s (software clock) time
• clock read-calendar --> Syncs the clock (software time) to the calendar’s (hardware clock) time

Syslog Privileged

• terminal monitor --> Displays Syslog messages when connected through VTY (Telnet, SSH). Must be used every time a connection is established

VRF Privileged

• ping vrf vrf-name ip-address --> Pings an IP address in the specified VRF

Show (Can Be Used in Global Config with ‘do’)

1. General Show

• show item
• show item | argument String --> Filters through the command’s output with selected argument (Arguments: include / section)
• show running-config
• show startup-config
• show mac address-table / show mac-address-table (for older devices)
• show logging --> Shows the device’s logs
• show version --> Shows information about the current device’s version and OS
• show file systems --> Shows the file systems of a Cisco IOS device
• show flash --> Shows the contents of the system’s flash memory

2. Interfaces

• show interfaces [interface-id | argument] --> Shows full interface information
• show interfaces interface-id switchport --> Shows the interface’s switchport information.
• show interfaces status --> Shows full interface(s) information on switches
• show interfaces trunk --> Shows switchport trunk information for all interfaces
• show interfaces interface-id trunk --> Shows switchport trunk information for a specific interface
• show controllers serial port/number --> Shows information about the serial interface, mostly used to determine the DCE (Data Communications Equipment) and the DTE (Data Terminal Equipment)

3. IP Commands

• show ip interface brief --> Shows short, concise interfaces’ information

4. VLANs

• show vlan
• show vlan brief --> Shows a brief list of VLANs and the access ports that are using them

5. VTP

• show vtp status

6. Spanning Tree

• show spanning-tree --> Shows general STP status and information
• show spanning-tree vlan vlan-id --> Shows spanning-tree information for a specific VLAN
• show spanning-tree detail --> Shows detailed STP information
• show spanning-tree summary --> Shows a summary of the current STP configuration

7. EtherChannel

• show etherchannel
• show etherchannel summary --> Shows a summary of current EtherChannels
• show etherchannel port-channel --> Like the summary command, but it shows the current EtherChannel protocol as well (LACP/PAgP)
• show etherchannel load-balance --> Shows current EtherChannel load balancing method

8. Routes

8.1 General

• show ip route [argument] --> Shows the router/switch’s routing table, optionally with an argument to filter for routes of a specific type
  • show ip protocols --> Shows routing protocol information

8.2 EIGRP Routes

• show ip eigrp neighbors --> Shows information about EIGRP neighbors
• show ip eigrp topology --> Shows all learned routes through EIGRP and their information. Includes routes that aren’t currently displayed in show ip route, and shows the EIGRP Feasible Distance and Reported Distance

8.3 OSPF Routes

• show ip ospf database --> Shows all of the Link State Advertisements (LSA) in the Link State Database (LSDB)
• show ip ospf neighbor --> Shows the router’s OSPF neighbors
• show ip ospf interface [interface-id] --> Shows detailed information about all the interfaces running OSPF, or one specific interface if specified
  • show ip ospf interface brief --> Brief view of all OSPF interfaces

9. FHRP Protocols

9.1 HSRP

• show standby --> Shows information about the running HSRP configuration on the router

10. IPv6

• show ipv6 route --> Shows the IPv6 routing table.
• show ipv6 interface brief --> Shows brief information about all IPv6 interfaces
• show ipv6 interface interface-id --> Shows full IPv6 interface information
• show ipv6 neighbor --> Shows the IPv6 equivalent of an ARP table

11. ACL

• show access-lists --> Shows ALL configured access-lists on the router
• show ip access-lists --> Shows IP related access-lists on the router

12. Layer 2 Discovery Protocols

12.1 CDP

• show cdp --> Shows global CDP information, like the timer, holdtime, and advertisement version
• show cdp traffic --> Shows CDP traffic statistics
• show cdp interface --> Shows full CDP information about the interfaces running the CDP protocol, along with a basic summary at the end
• show cdp interface interface-id --> Shows full CDP information about the specified interface running the CDP protocol
• show cdp neighbors --> Shows brief information about all connected CDP neighbors
• show cdp neighbors detail --> Shows detailed information about all connected CDP neighbors
• show cdp entry host-name --> Similar to show cdp neighbors detail, but only shows detailed information for the specified host

12.2 LLDP

• show lldp --> Shows global lldp information, like the timer, holdtime, and reinit timer
• show lldp traffic --> Shows LLDP traffic statistics
• show lldp interface --> Shows full LLDP information about the interfaces running the LLDP protocol, such as transmit and receive status and state
• show lldp interface interface-id --> Shows full LLDP information about the specified interface running the LLDP protocol
• show lldp neighbors --> Shows brief information about all connected LLDP neighbors
• show lldp neighbors detail --> Shows detailed information about all connected LLDP neighbors
• show lldp entry host-name --> Similar to show lldp neighbors detail, but only shows detailed information for the specified host

13. NTP

• show clock --> Shows basic clock information
• show clock detail --> Shows the time source (hardware calendar by default) and basic clock information
• show ntp status --> Shows general NTP information like stratum level and IP address of the connected time syncing server
• show ntp associations --> Shows the NTP servers the device is syncing to

14. DNS

• show hosts --> Shows the configured hosts as well as hosts learned and cached through DNS

15. DHCP

• show ip dhcp binding --> Shows all DHCP clients which are currently assigned IP addresses

16. SSH

• show ip ssh --> Shows detailed information about the current SSH configuration

17. FTP & TFTP

• show version --> Shows information about the current device’s version and OS
• show file systems --> Shows the file systems of a Cisco IOS device
• show flash --> Shows the contents of the system’s flash memory

18. NAT

• show ip nat translations --> Shows information about IP addresses that have been translated through NAT
• show ip nat statistics --> Shows statistics about the current NAT process

19. Power Policing

• show power inline police interface-id --> Shows the power policing information of the specified interface

20. Port Security

• show port-security --> Shows general port security information about the current configuration
• show port-security interface interface-id --> Shows the port security configuration on the specified interface
• show mac address-table secure --> Shows all configured Secure MAC addresses
• show errdisable recovery --> Shows the current err-disable recovery settings

21. DHCP Snooping

• show ip dhcp snooping binding --> Shows the DHCP snooping binding table

22. Dynamic ARP Inspection

• show ip arp inspection --> Shows a summary of the Dynamic ARP Inspection configuration as well as statistics
• show ip arp inspection interfaces --> Shows the status of Dynamic ARP Inspection on the switch’s interfaces

23. VRF

• show ip vrf --> Shows all configured VRFs on the router.
• show ip route vrf vrf-name --> Shows the IP routing table for a specific VRF (VRF routing tables do not show up in the normal show ip route command.)

---

Global Config Commands

General

• enable password password
• enable secret password
• no command-here --> To remove commands from the configuration
• do command-here --> To execute Privileged EXEC commands in Global
• ip route ip-address netmask [exit-interface &/ next-hop] [distance-metric]
• ip routing --> Enables Layer 3 routing on a Multilayer switch
• ip default-gateway ip-address --> Configures the switch’s default gateway
• ipv6 unicast-routing --> Enables IPv6 routing on the router
• username username secret password --> Configures a user and their password on the device. Usually used with login local
• login --> Enables login, which prompts the user to enter a password only in order to access the Cisco IOS CLI
• login local --> Enables local login, which prompts the user to enter a username and password in order to access the Cisco IOS CLI
• line line-type line-number --> Enters the configuration mode for the specified line type (console, VTY, etc.) and the specified line’s number
• boot system file-path --> Sets the Cisco device’s boot system IOS file
• copy source destination --> Copies files from a source location to a destination location
• delete file-path --> Deletes the specified file.

Service

1. General

• service password-encryption --> Enables Type 7 password encryption on all existing and future passwords, removing the service will NOT decrypt passwords. (not recommended)

2. Syslog Related

• service sequence-numbers --> Enables sequence numbers to be displayed in Syslog messages
• service timestamps log time-type { datetime | uptime } --> Enables timestamps to be displayed in Syslog messages

VLANs

• vlan vlan-id --> Creates a new VLAN, or enters VLAN configuration mode
  • name name --> Changes the current VLAN’s name

ACL Global

1. General

• access-list number remark description --> Gives the specified access list a remark/description
• ip access-list resequence acl-name/acl-number starting-seq-number increment --> Modifies the access list’s sequencing numbers according to specified arguments

2. Standard

• access-list number { deny | permit } ip wildcard-mask --> Configures a standard numbered ACL
• ip access-list standard acl-name/acl-number --> Enters standard named ACL configuration mode
  • [entry-number] { deny | permit } ip wildcard-mask

3. Extended

• access-list number { deny | permit } protocol src-ip dst-ip --> Configures an extended numbered ACL
• ip access-list extended acl-name/acl-number --> Enters standard named ACL configuration mode
  • [entry-number] { deny | permit } protocol src-ip dst-ip
  • [entry-number] { deny | permit } protocol src-ip argument source-port-num dst-ip argument dst-port-num (Arguments: eq / gt / lt / neq / range )

Layer 2 Discovery Protocols Global

1. CDP

• cdp run --> Enables CDP globally
• cdp timer seconds --> Sets the CDP message timer
• cdp holdtime seconds --> Sets the CDP message holdtime
• cdp advertise-v2 --> Changes CDP version to V2

2. LLDP

• lldp run --> Enables LLDP globally
• lldp timer seconds --> Sets the LLDP message timer
• lldp holdtime seconds --> Sets the LLDP message holdtime
• lldp reinit seconds --> Sets the LLDP reinit timer

NTP Global

• clock timezone timezone-name hours-offset [minutes-offset] --> Changes the clock’s timezone to a user specified timezone name with an hours offset, and an optional minutes offset
• clock summer-time name recurring start end [offset] --> Sets the daylight saving time (summer time) configuration for the clock
  • (start and end each require the week (first, last or number), weekday, month and time)
• ntp update-calendar --> Updates the calendar (hardware clock) using NTP
• ntp server ip-address [prefer] --> Configures an NTP server that the client will sync to
• ntp server ip-address key key-number --> Configures an NTP server that the client will sync to along with the authentication key number
• ntp peer ip-address --> Sets up symmetric active peering mode with another NTP server
• ntp peer ip-address key key-number --> Sets up symmetric active peering mode with another NTP server along with the authentication key number
• ntp master [stratum-level] --> Configures the device as an NTP server with an optional stratum level argument (Defaults to stratum 8)
• ntp source interface-id --> Changes the source of NTP messages to be that of the specified interface
• ntp authenticate --> Enables NTP authentication
• ntp authentication-key key-number md5 key/password --> Configures an NTP authentication key
• ntp trusted-key key-number --> Trusts the NTP key number on the current device

DNS

• ip dns server --> Configures the router to act as a DNS server
• ip domain lookup / ip domain-lookup --> Enables the router to perform DNS queries (enabled by default)
• ip host host-name ip-address --> Configures a host address mapping to be used for DNS queries
• ip name-server ip-address --> Configures an external DNS server to query if a requested record isn’t available in the router’s host table
• ip domain name domain-name / ip domain-name domain-name --> Configures the default domain name

DHCP Global

• ip dhcp excluded-address low-address high-address --> Specifies the range of addresses that won’t be given to DHCP clients
• ip dhcp pool pool-name --> Initiates a DHCP pool and enters DHCP pool configuration mode or enters DHCP pool configuration if the pool already exists
  • network ip-address { /prefix-length | subnet-mask } --> Specifies the subnet of addressed to be assigned to clients (Except the excluded addresses)
  • lease time { days hours minutes | infinite } --> Specifies the DHCP IP address lease time
  • default-router ip-address --> Specifies the default gateway that the DHCP clients should use
  • dns-server ip-address --> Specifies the DNS server that DHCP clients should use
  • domain-name domain-name --> Specifies the domain name of the network
  • option 43 ip ip-address --> Enables Option 43 for DHCP clients, which can be used to tell the APs the IP address of their WLC

SNMP

• snmp-server contact contact-info --> Sets the SNMP server contact information
• snmp-server location location-info --> Sets the SNMP server location information
• snmp-server community password ro --> Sets the community password for read-only operations
• snmp-server community password rw --> Sets the community password for read-write operations
• snmp-server host ip-address version 2c community-string --> Specifies the NMS, version and community string
• snmp-server enable traps trap-types --> Enables specific trap (notification) types

Syslog Global

• logging console level --> Sets the Syslog logging level for console lines
• logging monitor level --> Sets the Syslog logging level for VTY lines
• logging buffered [size] level --> Sets the Syslog logging level for the buffer (RAM) (size is in Bytes)
• logging trap trap-types --> Configures the Syslog level for an external Syslog server
• logging ip-address --> Configures a Syslog server that will receive Syslog messages
• logging host ip-address --> Configures a Syslog server that will receive Syslog messages
• logging synchronous --> Causes a new line to be printed if your typing is interrupted by a message (Executed in line-configuration mode)

SSH / Line Configuration

1. General

• ip ssh version version { 1 | 2 }--> Sets the SSH version
• ip default-gateway ip-address --> Configures the switch’s default gateway
• exec-timeout minutes seconds --> Sets a timeout timer that will log out the user from the current session after a specified period of inactivity
• crypto key generate rsa --> Generates a RSA keys to be used for SSH authentication (requires a Domain Name)
• show version --> Shows information about the current device’s version and OS

2. Console Line Configuration

• line console 0 --> Enters console line configuration mode
• password password --> Sets a password on the console line
• login --> Enables login when connecting through the console line/port, which prompts the user to enter a password only, in order to access the Cisco IOS CLI
• login local --> Enables local login when connecting through the console line/port, which prompts the user to enter a username and password in order to access the Cisco IOS CLI (used with Pass command)

3. VTY Line Configuration

• line vty line-number OR low-line-number high-line-number --> Enters VTY line configuration mode. You can specify either one line to be configured (Ex. 0) or a range of lines (Ex. 0 15)
• login --> Enables login when connecting through the VTY line(s), which prompts the user to enter a password only, in order to access the Cisco IOS CLI
• login local --> Enables local login when connecting through the VTY line(s), which prompts the user to enter a username and password in order to access the Cisco IOS CLI (used with Pass command)
• transport input connection-types { all | none | protocol(s) }--> Allows the specified connection type(s) to connect through the VTY line(s) (SSH, Telnet, etc.)
• access-class acl-id in --> Applies an ACL inbound on the VTY line(s)

FTP & TFTP

1. General / Related

• boot system file-path --> Sets the Cisco device’s boot system IOS file
• copy source destination --> Copies files from a source location to a destination location
• delete file-path --> Deletes the specified file.

2. FTP

• ip ftp username username --> Sets the username for FTP authentication
• ip ftp password password --> Sets the password for FTP authentication

NAT Global

1. Static NAT

• ip nat inside source static inside-local-ip inside-global-ip --> Configures a one-to-one (Static NAT) IP address mapping

2. Dynamic NAT

• access-list ACL-ID{ deny | permit } arguments --> Creates an ACL with the specified arguments. Used to decide which addresses should be translated with NAT
• ip nat pool pool-name start-ip end-ip { prefix-length prefix-length | netmask subnet-mask } --> Creates a NAT pool to be used for dynamic NAT translations
• ip nat inside source list acl-id pool pool-name --> Configures dynamic NAT on the router using the specified NAT pool and ACL
• ip nat inside source list acl-id pool pool-name overload --> Configures dynamic PAT on the router using the specified NAT pool and ACL
• ip nat inside source list acl-id interface interface-id overload --> Configures dynamic PAT on an interface using the specified NAT pool and ACL

ErrDisable (Port Security / DHCP Snooping / ARP Inspection)

• errdisable recovery cause cause { psecure-violation | dhcp-rate-limit | arp-inspection } --> Enables err-disable recovery for the specified cause
• errdisable recovery interval seconds --> Determines how long the switch should wait before enabling an err-disabled interface (if the err-disable recovery for that cause is enabled)

DHCP Snooping Global

• ip dhcp snooping --> Enables the DHCP snooping functionality on the switch (needs to be enabled per VLAN as well)
• ip dhcp snooping vlan vlan-id --> Enables DHCP snooping on the specified VLAN
• no ip dhcp snooping information option --> Disables applying Option 82 for DHCP messages

Dynamic ARP Inspection Global

• ip arp inspection vlan vlan-id --> Enables Dynamic ARP Inspection on the specified VLAN
• ip arp inspection validate validation-method(s) ( src-mac | dst-mac | ip ) --> Configures the current ARP Inspection validation method(s)
  • (You can use multiple by specifying them in the same command)
• arp access-list arp-acl-id --> Creates an ARP ACL and enters ARP ACL configuration mode
  • In configuration mode:
  • { permit | deny } ip host ip-address mac host mac-address
• ip arp inspection filter arp-acl-id vlan vlan-id --> Applies an ARP ACL on the specified VLAN

VRF Global

• ip vrf vrf-name --> Creates a new VRF

---

Interface Commands

General

• ip address ip-address netmask
• mac-address custom-mac-address
• interface range interface-id - interface-id or interface-id, interface-id, interface-id
• default interface interface-id --> Resets the interface to default settings
• interface loopback loopback-interface-id or interface l loopback-interface-id --> Creates a loopback interface
• description description --> Adds a description to the interface
• speed mode / value { auto | speed-value } --> Changes the interface’s speed
• duplex mode { full / half } --> Changes the interface’s duplex mode
• bandwidth value (in Kbps) --> Changes the interface’s bandwidth (doesn’t affect interface speed)
• ip mtu bytes --> Changes the MTU value on the interface

Switchport

1. General

• switchport mode type { access / trunk / dynamic auto / dynamic desirable } --> Configures the switchport type for VLANs
• switchport nonegotiate --> Disables Dynamic Trunking Protocol (DTP) requests between switches (setting the switch to access mode does the same thing)

2. Access Ports

• switchport access vlan vlan-id --> Changes the access port’s VLAN to the specified VLAN ID
• switchport voice vlan vlan-id --> Assigns VOIP (Voice over IP) traffic to be tagged with a specific VLAN ID (Done while the switchport is in access mode)

3. Trunk Ports

• switchport trunk encapsulation mode {auto / negotiate / dot1q / isl}
• switchport trunk allowed vlan argument {vlan-id/ add vlan-id / remove vlan-id / all / none / except vlan-id}
  (Multiple VLANs can be used in add, remove and except by putting a comma in between the vlan-IDs)
• switchport trunk native vlan vlan-id

Serial

• interface serial port/number --> Enters serial interface configuration mode
  • clock rate bits-per-second --> Changes the serial interface’s operating speed, used on the DCE (Data Communications Equipment) side
  • encapsulation protocol {ppp / hdlc} --> Changes the encapsulation mode. Must match on both sides of the serial connection

Sub-interface / ROAS

• interface interface/id.sub-interface-id --> Initialize a sub-interface
  • Ex: interface G0/0.10
• encapsulation dot1q vlan-id --> Set the sub-interface’s VLAN
• encapsulation dot1q vlan-id native --> Sets the native VLAN for the sub-interface
• ip address ip-address netmask --> Sets the IP address on the virtual sub-interface

Multilayer Switch and SVI

• ip routing --> Enables Layer 3 routing on a Multilayer switch
• no switchport --> Configures the interface as a Layer 3/routed port (Not a Layer 2/switchport)
• interface vlan id --> Creates an switch virtual interface (SVI)

VTP

• vtp mode type {server / client / transparent}
• vtp domain domain-name
• vtp version version-number (1 / 2 / 3)

Spanning Tree

1. General

• spanning-tree mode mode {mst / pvst / rapid-pvst} (Versions)

2. Spanning Tree Portfast / BPDU Guard

• spanning-tree portfast --> Enables portfast on the current interface.
• spanning-tree portfast default --> Enables Portfast on all access ports by default.
• spanning-tree bpduguard enable --> Enables BPDU Guard on the current interface.
• spanning-tree portfast bpduguard default --> Enables BPDU Guard on all Portfast-enabled interfaces by default.

3. Spanning Tree VLAN Related

• spanning-tree vlan vlan-id root primary --> Sets the STP bridge priority to 24576 (Or 4096 lower than the current lowest STP priority.)
• spanning-tree vlan vlan-id root secondary --> Sets the STP bridge priority to 28672
• spanning-tree vlan vlan-id cost number --> Changes the interface’s STP root cost
• spanning-tree vlan vlan-id port-priority number --> Changes the interface’s port priority

4. Spanning Tree Link Type

• spanning-tree link-type type { point-to-point / shared }

EtherChannel

• interface port-channel etherchannel-group-number --> Enters EtherChannel group configuration mode (or creates an EtherChannel port if it doesn’t exist)
  • interface ponumber --> Shorter version of interface port-channel
• channel-group etherchannel-group-number mode mode { desirable / auto / active / passive / on }
  • (active/passive are LACP modes, while desirable/auto are PAgP modes, on is static etherchannel)
• channel-protocol protocol (lacp / pagp)
• port-channel load-balance method { src-mac / dst-mac / src-dst-mac / src-ip / dst-ip / src-dst-ip } --> Changes the EtherChannel load balancing method

Routing Protocols’ Interfaces

1. OSPF

• ip ospf cost cost --> Changes the interface’s cost value
• ip ospf process-ID area area --> Enables OSPF directly on an interface
• ip ospf priority priority --> Changes the interface’s OSPF priority, used for DR/BDR elections
• ip ospf network network-type { broadcast / point-to-point / non-broadcast } --> Changes the OSPF network type used on the interface
• ip ospf hello-interval seconds --> Changes the Hello message timer
• ip ospf dead-interval seconds --> Changes the Dead message timer
• ip ospf authentication --> Enables OSPF authentication on the current interface
• ip ospf authentication-key password --> Sets the authentication key/password on the interface

FHRP Protocols

1. HSRP

• standby version version {1 / 2} --> Changes HSRP version
• standby group-number ip virtual-ip-address --> Sets the interface’s HSRP IP address in the specified group
• standby group-number priority priority --> Sets the interface’s HSRP priority to a certain value in the specified group. Default is 100 and maximum is 255
• standby group-number preempt --> Enables preemption on the HSRP interface

IPv6

• [[Quartz Fix - Cisco IOS Commands#^global-ipv6-routing|ipv6 unicast-routing --> Enables IPv6 routing on the router]]
• ipv6 address ipv6-address/prefix --> Assigns the interface an IPv6 address
• ipv6 address ipv6-address/prefix eui-64 --> Assigns the interface an IPv6 address with the host portion being an EUI-64 generated address.
• ipv6 address ipv6-address/prefix anycast --> Assigns the interface with an IPv6 address with anycast enabled
• ipv6 enable --> Enables IPv6 on a single interface with an automatically generated EUI-64 Link-Local address
• ipv6 address autoconfig --> Uses SLAAC (Stateless Address Auto-configuration) to generate an IPv6 address. Uses NDP to find the network prefix and EUI-64 to generate the interface identifier (could be chosen randomly as well).

ACL Interface

• ip access-group number/name { in | out } --> Applies the specified access-list onto the interface, either inbound or outbound

Layer 2 Discovery Protocols Interface

1. CDP

• cdp enable --> Enables CDP on the current interface

2. LLDP

• lldp transmit --> Enables LLDP transmission on the current interface
• lldp receive --> Enables LLDP receiving on the current interface

DHCP Interface

• ip helper-address ip-address --> Configures the current interface as a DHCP relay agent (meant to be used on the interface that’s connected to the DHCP clients)
• ip address dhcp --> Tells the router to get an IP address from the DHCP server for this specific interface

NAT Interface

• ip nat inside --> Defines the ‘inside’ interface(s) connected to the internal network
• ip nat outside --> Defines the ‘outside’ interface(s) connected to the external network

IP Phones / Voice VLAN

• switchport voice vlan vlan-id --> Assigns VOIP (Voice over IP) traffic to be tagged with a specific VLAN ID (Done while the switchport is in access mode)

Power Policing / POE

• power inline police --> Configures power policing on the interface with default settings, being: Disable the port and a send a Syslog message if a PD draws too much power
• power inline police action err-disable --> Same function as power inline police
• power inline police action log --> Configures power policing on the interface with these settings: Restart the interface and send a Syslog message when the PD draws too much power

Port Security

• switchport port-security --> Enables port security on the current interface
• switchport port-security maximum maximum-mac-addresses --> Configures the maximum amount of Secure MAC addresses allowed on the current port-security enabled interface
• switchport port-security mac-address mac-address --> Manually configures an authorized port security MAC address
• switchport port-security mac-address sticky --> Enables Sticky MAC address learning
• switchport port-security mac-address sticky mac-address --> Manually adds a Sticky MAC address
• switchport port-security violation violation-mode { shutdown | restrict | protect } --> Configures the violation mode for the port security enabled interface
• switchport port-security aging static --> Enables aging for Secure Static MAC addresses
• switchport port-security aging time minutes --> Configures the timer for Secure MAC addresses aging
• switchport port-security aging type type { absolute | inactivity } --> Configures the type for Secure MAC addresses aging

DHCP Snooping Interface

• ip dhcp snooping trust --> Configures the current interface as trusted for DHCP snooping
• ip dhcp snooping limit rate packets-per-second --> Limits how many DHCP packets are allowed per second

Dynamic ARP Inspection Interface

• ip arp inspection trust --> Configures the current interface as trusted for ARP inspections
• ip arp inspection limit rate packets burst interval seconds --> Limits how many ARP packets are allowed per burst interval (Burst interval default is 1)

VRF Interface

• ip vrf forwarding vrf-name --> Applies the specified VRF onto the interface

---

Router Commands

General

• router routing-protocol
• network arguments --> Enables the routing protocol on interfaces within that IP range
• passive-interface interface-id --> Turns the interface into a passive interface that doesn’t send out protocol advertisements. The router will still continue to advertise the network prefix of the interface
• passive-interface default --> Enables the Passive Interface mode on all interfaces by default
• default-information originate --> Advertises the default route to all other neighbors
• no router-id --> Resets the current Router ID on the router.
• distance distance-value --> Changes the administrative distance (AD) of the routing protocol
• maximum-paths path-value --> Changes the maximum amount of paths that Equal Cost Multi-Path (ECMP) can be done over

RIP

• router rip --> Goes into RIP configuration mode
• version 2 --> Switches RIP version to 2
• no auto-summary --> Disables auto-summarization to stop routers from converting advertised classless addresses into classful addresses
• network ip-address --> Enables RIP on all interfaces that are within the IP range

EIGRP

• router eigrp autonomous-system-number --> Goes into EIGRP configuration mode in the specified autonomous system group
• eigrp router-id a.b.c.d --> Changes the EIGRP router ID
• no auto-summary --> Disables auto-summarization to stop routers from converting advertised classless addresses into classful addresses
• network ip-address [wildcard-mask] --> Enables EIGRP on interfaces within the specified range. A wildcard mask can be used optionally

OSPF

• router ospf process-id --> Goes into OSPF router configuration for the specified process
• router-id a.b.c.d --> Changes the OSPF router ID
• network ip-address wildcard-mask area area-number --> Enables OSPF on interfaces within the specified range and puts them in the specified area number.
• auto-cost reference-bandwidth megabits-per-second --> Changes the default reference bandwidth that is used for calculating the metric/cost
• shutdown --> Shuts down the current OSPF process when in OSPF process configuration mode

---