Cisco Command Cheat Sheet
Friday, July 4th, 2008 @ 10:22 am
| Infrastructure
I found a list of useful Cisco commands which I though I would post here. When I get a chance I will continue to expand the list and broaden command set.
Thanks to the fastget2you.com Joined With #missomhack Community for the original list.
ROUTER COMMANDS :
- Config# terminal editing – allows for enhanced editing commands
- Config# terminal monitor – shows output on telnet session
- Config# terminal ip netmask-format hexadecimal|bit-count|decimal – changes the format of subnet masks
HOST NAME:
- Config# hostname ROUTER_NAME
BANNER:
- Config# banner motd # TYPE MESSAGE HERE # – # can be substituted for any character, must start and finish the message
DESCRIPTIONS:
- Config# description THIS IS THE SOUTH ROUTER – can be entered at the Config-if level
CLOCK:
- Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy – Example: clock set 14:13:00 25 August 2003
CHANGING THE REGISTER:
- Config# config-register 0×2100 – ROM Monitor Mode
- Config# config-register 0×2101 – ROM boot
- Config# config-register 0×2102 – Boot from NVRAM
BOOT SYSTEM:
- Config# boot system tftp FILENAME SERVER_IP – Example: boot system tftp 2600_ios.bin 192.168.14.2
- Config# boot system ROM
- Config# boot system flash – Then – Config# reload
CDP:
- Config# cdp run – Turns CDP on
- Config# cdp holdtime 180 – Sets the time that a device remains. Default is 180
- Config# cdp timer 30 – Sets the update timer.The default is 60
- Config# int Ethernet 0
- Config-if# cdp enable – Enables cdp on the interface
- Config-if# no cdp enable – Disables CDP on the interface
- Config# no cdp run – Turns CDP off
HOST TABLE:
- Config# ip host ROUTER_NAME INT_Address – Example: ip host lab-a 192.168.5.1
-or- - Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 – Example: ip host lab-a 192.168.5.1 203.23.4.2 199.2.3.2 – (for e0, s0, s1)
DOMAIN NAME SERVICES:
- Config# ip domain-lookup – Tell router to lookup domain names
- Config# ip name-server 122.22.2.2 – Location of DNS server
- Config# ip domain-name cisco.com – Domain to append to end of names
CLEARING COUNTERS:
- # clear interface Ethernet 0 – Clears counters on the specified interface
- # clear counters – Clears all interface counters
- # clear cdp counters – Clears CDP counters
STATIC ROUTES:
- Config# ip route Net_Add SN_Mask Next_Hop_Add – Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
- Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add – Default route
-or- - Config# ip default-network Net_Add – Gateway LAN network
IP ROUTING:
- Config# ip routing – Enabled by default
- Config# router rip
-or- - Config# router igrp 100
- Config# interface Ethernet 0
- Config-if# ip address 122.2.3.2 255.255.255.0
- Config-if# no shutdown
IPX ROUTING:
- Config# ipx routing
- Config# interface Ethernet 0
- Config# ipx maximum-paths 2 – Maximum equal metric paths used
- Config-if# ipx network 222 encapsulation sap – Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
- Config-if# no shutdown
ACCESS LISTS:
| IP Standard | 1-99 |
| IP Extended | 100-199 |
| IPX Standard | 800-899 |
| IPX Extended | 900-999 |
| IPX SAP Filters | 1000-1099 |
IP STANDARD:
- Config# access-list 10 permit 133.2.2.0 0.0.0.255 – allow all src ip’s on network 133.2.2.0
-or- - Config# access-list 10 permit host 133.2.2.2 – specifies a specific host
-or- - Config# access-list 10 permit any – allows any address
- Config# int Ethernet 0
- Config-if# ip access-group 10 in – also available: out
IP EXTENDED:
- Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or- - Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
- Config# access-list 101 permit ip any any
- Config# interface Ethernet 0
- Config-if# ip access-group 101 outIPX STANDARD:
- Config# access-list 801 permit 233 AA3 – source network/host then destination network/host
-or-
- Config# access-list 801 permit -1 -1 – “-1″ is the same as “any” with network/host addresses
- Config# interface Ethernet 0
- Config-if# ipx access-group 801 outIPX EXTENDED:
- Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-”all” includes all sockets, or can use socket numbers
-or-
- Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere - Config# interface Ethernet 0
- Config-if# ipx access-group 901 inIPX SAP FILTER:
- Config# access-list 1000 permit 4aa 3 – “3″ is the service type
-or-
- Config# access-list 1000 permit 4aa 0 – service type of “0″ matches all services
- Config# interface Ethernet 0
- Config-if# ipx input-sap-filter 1000 – filter applied to incoming packets
-or-
- Config-if# ipx output-sap-filter 1000 – filter applied to outgoing packets
NAMED ACCESS LISTS:
- Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list - Config# permit any
- Config-if# ip access-group LISTNAME in
-use the list name instead of a list number
-allows for a larger amount of access-lists
PPP SETUP:
- Config-if# encapsulation ppp
- Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated - Config-if# exit
- Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
- Config-if# ppp chap hostname ROUTER
- Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration
ISDN SETUP:
- Config# isdn switch-type basic-5ess – determined by telecom
- Config# interface serial 0
- Config-if# isdn spid1 2705554564 – isdn “phonenumber” of line 1
- Config-if# isdn spid2 2705554565 – isdn “phonenumber” of line 2
- Config-if# encapsulation PPP – or HDLC, LAPD
DDR – 4 Steps to setting up ISDN with DDR Configure switch type
1. Config# isdn switch-type basic-5ess – can be done at interface config
2. Configure static routes
Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 – sends traffic destined for 123.4.35.0 to 192.3.5.5
Config# ip route 192.3.5.5 255.255.255.255 bri0 – specifies how to get to network 192.3.5.5 (through bri0)
3. Configure Interface
Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 – applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
can also use “dialer string 5551212″ instead if there is only one router to connect to
4. Specify interesting traffic
Config# dialer-list 1 ip permit any
-or-
Config# dialer-list 1 ip list 101 – use the access-list 101 as the dialer list
5. Other Options
Config-if# hold-queue 75 – queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-”125″ is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120
FRAME RELAY SETUP:
- Config# interface serial 0
- Config-if# encapsulation frame-relay – cisco by default, can change to ietf
- Config-if# frame-relay lmi-type cisco – cisco by default, also ansi, q933a
- Config-if# bandwidth 56
- Config-if# interface serial 0.100 point-to-point – subinterface
- Config-if# ip address 122.1.1.1 255.255.255.0
- Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end - Config-if# interface serial 1.100 multipoint
- Config-if# no inverse-arp – turns IARP off; good to do
- Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional - Config-if# frame-relay map ip 122.1.1.3 54 broadcast
SHOW COMMANDS
- Show access-lists – all access lists on the router
- Show cdp – cdp timer and holdtime frequency
- Show cdp entry * – same as next
- Show cdp neighbors detail – details of neighbor with ip add and ios version
- Show cdp neighbors – id, local interface, holdtime, capability, platform portid
- Show cdp interface – int’s running cdp and their encapsulation
- Show cdp traffic – cdp packets sent and received
- Show controllers serial 0 – DTE or DCE status
- Show dialer – number of times dialer string has been reached, other stats
- Show flash – files in flash
- Show frame-relay lmi – lmi stats
- Show frame-relay map – static and dynamic maps for PVC’s
- Show frame-relay pvc – pvc’s and dlci’s
- Show history – commands entered
- Show hosts – contents of host table
- Show int f0/26 – stats of f0/26
- Show interface Ethernet 0 – show stats of Ethernet 0
- Show ip – ip config of switch
- Show ip access-lists – ip access-lists on switch
- Show ip interface – ip config of interface
- Show ip protocols – routing protocols and timers
- Show ip route – Displays IP routing table
- Show ipx access-lists – same, only ipx
- Show ipx interfaces – RIP and SAP info being sent and received, IPX addresses
- Show ipx route – ipx routes in the table
- Show ipx servers – SAP table
- Show ipx traffic – RIP and SAP info
- Show isdn active – number with active status
- Show isdn status – shows if SPIDs are valid, if connected
- Show mac-address-table – contents of the dynamic table
- Show protocols – routed protocols and net_addresses of interfaces
- Show running-config – dram config file
- Show sessions – connections via telnet to remote device
- Show startup-config – nvram config file
- Show terminal – shows history size
- Show trunk a/b – trunk stat of port 26/27
- Show version – ios info, uptime, address of switch
- Show vlan – all configured vlan’s
- Show vlan-membership – vlan assignments
- Show vtp – vtp configs
CATALYST COMMANDS
For Native IOS – Not CatOS
SWITCH ADDRESS:
- Config# ip address 192.168.10.2 255.255.255.0
- Config# ip default-gateway 192.168.10.1DUPLEX MODE:
- Config# interface Ethernet 0/5 – “fastethernet” for 100 Mbps ports
- Config-if# duplex full – also, half | auto | full-flow-control
SWITCHING MODE:
- Config# switching-mode store-and-forward – also, fragment-free
MAC ADDRESS CONFIGS:
- Config# mac-address-table permanent aaab.000f.ffef e0/2 – only this mac will work on this port
- Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security - Config-if# port secure max-mac-count 5 – allows only 5 mac addresses mapped to this port
VLANS:
- Config# vlan 10 name FINANCE
- Config# interface Ethernet 0/3
- Config-if# vlan-membership static 10TRUNK LINKS:
- Config-if# trunk on – also, off | auto | desirable | nonegotiate
- Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk portCONFIGURING VTP:
- Config# delete vtp – should be done prior to adding to a network
- Config# vtp server – the default is server, also client and transparent
- Config# vtp domain Camp – name doesn’t matter, just so all switches use the same
- Config# vtp password 1234 – limited security
- Config# vtp pruning enable – limits vtp broadcasts to only switches affected
- Config# vtp pruning disableFLASH UPGRADE:
- Config# copy tftp://192.168.5.5/configname.ios opcode – “opcode” for ios upgrade, “nvram” for startup config
DELETE STARTUP CONFIG:
- Config# delete nvram
Recently
October 15th, 2008 at 4:58 am
[...] General Cisco IOS cheat sheet (router/switch commands etc.) 12. Cisco Commands for Beginners 13. Descriptive list of Cisco Commands (fresh) 14. Cisco IOS Firewall Cheat Sheet (Official Design Guide) 15. Cisco – Ethernet [...]