Scribd
Upload
190 views17 pages

Ccna Ios Commands

The document discusses Cisco IOS commands for basic router configuration and management. It covers commands for accessing different router modes, configuring system settings like hostname and banners, enabling services like SSH and HTTP, setting passwords and authentication, configuring interfaces, and setting up routing protocols including static, RIP, OSPF, and EIGRP routing. The document provides detailed explanations and examples of commands for router configuration, management, and troubleshooting.

Uploaded by

Dumidu Darshika Senanayake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
190 views17 pages

Ccna Ios Commands

The document discusses Cisco IOS commands for basic router configuration and management. It covers commands for accessing different router modes, configuring system settings like hostname and banners, enabling services like SSH and HTTP, setting passwords and authentication, configuring interfaces, and setting up routing protocols including static, RIP, OSPF, and EIGRP routing. The document provides detailed explanations and examples of commands for router configuration, management, and troubleshooting.

Uploaded by

Dumidu Darshika Senanayake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Cisco IOS Commands

Accessing the Router

User EXEC mode :- Router >

Privilege EXEC mode :- Router > enable


Router #

Disabling Privilege EXEC mode :- Router # disable


Router >

Global Configuration mode :- Router # configure terminal


Router (config) #

Exit from Global config mode :- Router (config) # exit


Router #

Basic Configuration

Change Hostname :- Router (config) # hostname [hostname]


Router (config) # hostname R1
R1 (config) #

Disable Hostname :- R1 (config) # no hostname


Router (config) #

Insert a Banner :- R1 (config) # banner motd #[banner]#


R1 (config) # banner motd #Authorized Personal Only#

Removing a Banner :- R1 (config) # no banner motd

R1 (config) # no ip domain-lookup

R1 (config) # line console 0 / vty 0 4


R1 (config-line) # logging synchronous
R1 (config-line) # exit

History :- R1 # terminal history R1 # terminal no history


R1 # terminal history size 50 R1 # terminal no history size

R1 # show history

Changing History Size :- S1 (config) # line console 0 / vty 0 4


S1 (config-line) # history size [no.]
S1 (config-line) # history size 35
S1 (config-line) # exit

Configure Clock :- S1 # clock set hh:mm:ss day(1-31) month year


S1 # clock set 12:12:12 1 jan 2010

CDP (Cisco Discovery Protocol)


R1 # show cdp neighbors
R1 # show cdp neighbors detail
Dumidu Darshika Senanayake
Page 1 of 17
Cisco IOS Commands

Disable: R1 (config) # no cdp run Enable: R1 (config) # cdp run

Router Security

Router access password :- Remove password :-


R1 (config) # line console 0 / vty 0 4
R1 (config-line) # password [password]
R1 (config-line) # password cisco R1 (config-line) # no password
R1 (config-line) # login
R1 (config-line) # exit

Configure SSH :- S1 (config) # username [name] password [password]


S1 (config) # username ccna password cisco
S1 (config) # ip domain-name [domain name]
S1 (config) # ip domain-name mydomain.com
S1 (config) # crypto key generate rsa

S1 (config) # line vty 0 4


S1 (config-line) # transport input [ssh, telnet, all]
S1 (config-line) # transport input ssh
S1 (config-line) # login local
S1 (config-line) # exit

S1 (config) # ip ssh version 2 (optional)


S1 (config) # ip ssh time-out 60
S1 (config) # ip ssh authentication-retries 3

Encrypting Passwords :- R1 (config) # service password-encryption

Privilege EXEC mode password :- R1 (config) # enable password [password] (no encryption)
R1 (config) # enable password cisco

R1 (config) # enable secret [password] (heavy encryption)


R1 (config) # enable secret cisco

Removing enable password :- R1 (config) # no enable password

R1 (config) # no enable secret

Pre configuration for Cisco SDM


S1 (config-line) # privilege level 15
Configure HTTP Server :-
S1 (config) # ip http authentication enable
S1 (config) # ip http server
S1 (config) # ip http secure-server

ACL (Access Control List)


Wildcard mask: 0 bit - check 1 bit - ignore
A single host: 192.168.10.5 0.0.0.0 / host 192.16.10.5

Standard ACL: [1-99] [1300-1999] implemented close to the destination of the traffic
Dumidu Darshika Senanayake
Page 2 of 17
Cisco IOS Commands

R1 (config) # access-list [ACL no.] [permit / deny] [source ip add.] [wildcard mask]
R1 (config) # access-list 10 deny 192.168.10.0 0.0.0.255

Extended ACL: [100-199] [2000-2699] implemented close to source of the traffic

R1 (config) # access-list [ACL no.] [permit / deny] [protocol] [source network add. wildcard
mask] [destination network add. wildcard mask] eq [service]
R1 (config) # access-list 110 deny tcp 192.168.10.0 0.0.0.255 any eq telnet

Activating an ACL: R1 (config-if) # ip access-group [no.] [in / out]


R1 (config-if) # ip access-group 10 out

R1 (config) # line vty 0 4


R1 (config-line) # ip access-group 10 in

Named ACL: R1 (config) # ip access-list standard [name]


R1 (config) # ip access-list standard NO_ACCESS
R1 (config-std-nacl) # [permit / deny] [source ip add.] [wildcard mask]
R1 (config-std-nacl) # deny 192.168.10.0 0.0.0.255
R1 (config-std-nacl) # exit

R1 (config) # ip access-list extended [name]


R1 (config) # ip access-list extended SURFING
R1 (config-exd-nacl) # [permit / deny] [protocol] [source network add. wildcard mask]
[destination network add. wildcard mask] eq [service]
R1 (config-exd-nacl) # permit tcp 192.168.10.0 0.0.0.255 any eq telnet
R1 (config-exd-nacl) # exit

Activating a named ACL: R1 (config-if) # ip access-group [name] [in / out]


R1 (config-if) # ip access-group NO_ACCESS in

R1 # show access-lists

Configuring Interfaces
Configure Ethernet Ports :-

R1 (config) # interface [interface]


R1 (config) # interface f0/0
R1 (config-if) # ip address [ip add.] [subnet mask]
R1 (config-if) # ip address 192.168.1.1 255.255.255.0
R1 (config-if) # description [description]
R1 (config-if) # description Link to PC1
R1 (config-if) # no shutdown
R1 (config-if) # exit

Configuring Sub Interface :- (inter VLAN routing)

R1 (config) # interface f0/0.[vlan no.]


R1 (config) # interface f0/0.99
R1 (config-subif) # encapsulation dot1Q [vlan no.] native
R1 (config-subif) # encapsulation dot1Q 99 native
Dumidu Darshika Senanayake
Page 3 of 17
Cisco IOS Commands

R1 (config-subif) # ip address 172.17.99.1 255.255.255.0


R1 (config-subif) # exit

R1 (config) # interface f0/0.10


R1 (config-subif) # encapsulation dot1Q 10
R1 (config-subif) # ip address 172.17.10.1 255.255.255.0
R1 (config-subif) # exit

Only type no shutdown on main interface

Configure Serial Ports :-

R1 (config) # interface s0/0/0


R1 (config-if) # ip address 192.168.2.1 255.255.255.0
R1 (config-if) # clock rate [clock rate] (only for DCE)
R1 (config-if) # clock rate 64000
R1 (config-if) # description Link to R2
R1 (config-if) # no shutdown
R1 (config-if) # exit

Configuring a loopback interface :-

R1 (config) # interface loopback 0


R1 (config-if) # ip address 172.16.10.1 255.255.255.0
R1 (config-if) # description Loopback interface 1
R1 (config-if) # no shutdown
R1 (config-if) # exit

Modify a link
Bandwidth R1 (config-if) # bandwidth [Kilobits]
R1 (config-if) # bandwidth 1544 R1 (config-if) # no bandwidth

Mode S1 (config-if) # duplex [auto / full / half]

Speed S1 (config-if) # speed [no.]


S1 (config-if) # speed 100

Removing ip address & disabling the port

R1 (config) # interface f0/0


R1 (config-if) # no ip address
R1 (config-if) # shutdown

R1 # show ip interface brief


R1 # show interface s0/0/0
R1 # show controllers

Configure Routing Protocols

Static Route :-
AD = 1
R1 (config) # ip route [network add.] [subnet mask] [next hop IP add. / exit interface]
Dumidu Darshika Senanayake
Page 4 of 17
Cisco IOS Commands

R1 (config) # ip route 192.168.3.0 255.255.255.0 192.168.2.2 (next hop IP add.)


R1 (config) # ip route 192.168.3.0 255.255.255.0 s0/0/0 (exit interface)

Removing a Static Route :- R1 (config) # no ip route 192.168.3.0 255.255.255.0 s0/0/0

Dynamic Routing Protocols :-


Use the adjacent networks network address
[1 / 0] = [Administrative distance / Metric]

RIP v1 (Routing Information Protocol) broadcast AD = 120

R1 (config) # router rip


R1 (config-router) # network [network add. of adjacent networks]
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit

RIP v2 R1 (config) # router rip multicast: 224.0.0.9


R1 (config-router) # version 2
R1 (config-router) # no auto-summary
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit

R1 # debug ip rip undebug all

EIGRP (Enhanced Interior Gateway Routing Protocol) AD = 90


multicast: 224.0.0.10
R1 (config) # router eigrp [as no.] [Autonomous System no. 1 65535]
R1 (config) # router eigrp 1
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network [network add.] [wildcard mask] (specific range)
R1 (config-router) # network 192.168.1.0 0.0.0.3
R1 (config-router) # exit

R1 (config-if) # ip summary-address eigrp [as no.] [network add.] [subnet mask]


R1 (config-if) # ip summary-address eigrp 1 192.168.0.0 255.255.252.0

R1 (config-if) # ip bandwidth-percent eigrp [as no.] [percent]


R1 (config-if) # ip bandwidth-percent eigrp 1 50
R1 (config-if) # ip hello-interval eigrp [as no.] [seconds]

R1 (config-if) # ip hold-time eigrp [as no.] [seconds]

R1 # show ip eigrp neighbors


R1 # show ip eigrp topology

OSPF (Open Shortest Path First) multicast: 224.0.0.5 AD = 110

Make sure to configure the loopback interfaces for network stability

Dumidu Darshika Senanayake


Page 5 of 17
Cisco IOS Commands

R1 (config) # router ospf [process ID] [Process ID 1 65535]


R1 (config) # router ospf 1
R1 (config-router) # network [network add.] [wildcard mask]area [area ID]
R1 (config-router) # network 192.168.1.0 0.0.0.3 area 0
R1 (config-router) # exit

Modifying router ID :- R1 (config-router) # router-id [ip add.]


R1 (config-router) # router-id 192.168.1.1

Modifying OSPF cost of a link :- R1 (config-if) # ip ospf cost [cost]


R1 (config-if) # ip ospf cost 1562

Interface priority :- R1 (config-if) # ip ospf priority [1-255]


R1 (config-if) # ip ospf priority 1

Changing reference bandwidth value :-


R1 (config-router) # auto-cost reference-bandwidth 10000

Modifying OSPF timers :- R1 (config-if) # ip ospf hello-interval [seconds]


R1 (config-if) # ip ospf dead-interval [seconds] (hello x 4)

Simple Authentication :-
enables authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication

R1 (config-if) # ip ospf authentication-key [password]


R1 (config-if) # ip ospf authentication-key cisco123

enables authentication for specific interface


R1 (config-if) # ip ospf authentication
R1 (config-if) # ip ospf authentication-key [password]
R1 (config-if) # ip ospf authentication-key cisco123

md5 (message-digest) Authentication :-


enables md5 authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication message-digest

R1 (config-if) # ip ospf message-digest-key 1 md5 [password]


R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123

enables md5 authentication for specific interface


R1 (config-if) # ip ospf authentication message-digest
R1 (config-if) # ip ospf message-digest-key 1 md5 [password]
R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123

R1 # show ip ospf
R1 # show ip ospf interface
R1 # show ip ospf neighbor
R1 # clear ip ospf process

Configuring Passive interface :- R1 (config-router) # passive-interface [interface]


R1 (config-router) # passive-interface f0/0

Dumidu Darshika Senanayake


Page 6 of 17
Cisco IOS Commands

Distributing (Default) Static route through RIP, EIGRP, OSPF

01). R1 (config) # ip route 0.0.0.0 0.0.0.0 209.165.200.225 (next hop ip)


R1 (config-router) # default-information originate

02). R1 (config) # ip route 192.168.0.0 255.255.0.0 s0/0/1


R1 (config-router) # redistribute static

R1 # show ip route
R1 # show ip protocol
R1 # debug ip routing

WAN Configuration
WAN configuration only performed on serial interfaces.

HDLC (High-level Data Link Control)


R1 (config-if) # encapsulation hdlc

PPP (Point to Point Protocol)


R1 (config-if) # encapsulation ppp

Compression: R1 (config-if) # compress [predictor / stac]


Link quality: R1 (config-if) # ppp quality [percentage]
Load balancing: R1 (config-if) # ppp multilink

Authentication:-
R1 (config) # username [remote-host] password [remote-password]
R1 (config) # username R2 password cisco123

Configuring PAP (PPP Authentication Protocol)


R1 (config-if) # ppp authentication pap
R1 (config-if) # ppp pap sent-username [local-host] password [local-host-password]
R1 (config-if) # ppp pap sent-username R1 password cisco123

Configuring CHAP (Challenge Handshake Authentication Protocol)


R1 (config-if) # ppp authentication chap

Troubleshooting PPP Debug ppp authentication


Debug ppp chap
Debug ppp error
Debug ppp negotiation
Debug ppp packet

Frame Relay

Dumidu Darshika Senanayake


Page 7 of 17
Cisco IOS Commands

Basic Frame Relay configuration


R1 (config-if) # encapsulation frame-relay [cisco / ietf] ietf for non-Cisco products

Static Frame Relay Mapping


R1 (config-if) # frame-relay map [protocol] [ip add. of neighbor] [dlci] broadcast
R1 (config-if) # frame-relay map ip 192.168.10.20 120 broadcast
R1 (config-if) # frame-relay map ip 192.168.10.30 130 broadcast

LMI (Local Management Interface) is default autosense


R1 (config-if) # frame-relay lmi-type [cisco / ansi / q933a]

Configuring Frame-Relay sub-interfaces


R1 (config) # interface s0/0/0
R1 (config-if) # encapsulation frame-relay
R1 (config-if) # no shutdown
R1 (config-if) # exit

R1 (config) # interface [serial int.].[dlci] [point-to-point / multipoint]


R1 (config) # interface s0/0/0.120 point-to-point
R1 (config-subif) # ip address 192.168.10.1 255.255.255.0
R1 (config-subif) # frame-relay interface-dlci [dlci]
R1 (config-subif) # frame-relay interface-dlci 120
R1 (config-subif) # exit

R1 (config) # interface s0/0/0.130 point-to-point


R1 (config-subif) # ip address 192.168.20.1 255.255.255.0
R1 (config-subif) # frame-relay interface-dlci 130
R1 (config-subif) # exit

Configure on main router. Only type no shutdown on main interface.


Branch routers encapsulation frame-relay
frame-relay lmi-type [cisco / ansi / q933a]

Configuring Frame-Relay switch


FR-Switch (config) # frame-relay switching

FR-Switch (config-if) # encapsulation frame-relay

Dumidu Darshika Senanayake


Page 8 of 17
Cisco IOS Commands

FR-Switch (config-if) # frame-relay intf-type dce


FR-Switch (config-if) # frame-relay route 102 interface serial 0/0/1 201

no frame-relay inverse-arp
no ip split-horizon

R1 # show frame-relay map


R1 # show frame-relay pvc / show frame-relay pvc [dlci]
R1 # show frame-relay lmi

R1 #debug frame-relay lmi

DHCP (Dynamic Host Configuration Protocol)

Step1: Exclude an address range


R1 (config) # ip dhcp excluded-address [low add.] [high add.]
R1 (config) # ip dhcp excluded-address 192.168.1.1 192.168.1.9

Step2: Create DHCP pool


R1 (config) # ip dhcp pool [pool name]
R1 (config) # ip dhcp pool SALES
R1 (config-dhcp) #

Step3: define the pool address


R1 (config-dhcp) # network [network add. mask / prefix]
R1 (config-dhcp) # network 192.168.1.0 255.255.255.0

R1 (config-dhcp) # default-router [ip add.]


R1 (config-dhcp) # default-router 192.168.1.1

R1 (config-dhcp) # dns-server [ip add.]


R1 (config-dhcp) # dns-server 192.168.20.254

R1 (config-dhcp) # netbios-name-server [ip add.]


R1 (config-dhcp) # netbios-name-server 192.168.20.254

R1 (config-dhcp) # domain-name [name]


R1 (config-dhcp) # domain-name mydomain.com

R1 (config-dhcp) # lease {days hours minutes / infinite}


R1 (config-dhcp) # lease 7

DHCP Relay

R1 (config) # interface f0/0


R1 (config-if) # ip helper-address [dhcp server ip add.]
R1 (config-if) # ip helper-address 192.168.10.5

Dumidu Darshika Senanayake


Page 9 of 17
Cisco IOS Commands

R1 (config) # ip forward-protocol udp [port no.]


R1 (config) # ip forward-protocol udp 161

R1 # show ip dhcp binding


R1 # show ip dhcp server statistics
R1 # show ip dhcp pool
R1 # show ip address conflicts

R1 # debug ip dhcp events


R1 # debug ip dhcp server
R1 # debug ip dhcp packet detail

NAT (Network Address Translation)

ISP static route ISP (config) # ip route 209.165.200.0 255.255.255.0 209.165.100.225

Static NAT (Public address given by ISP 209.165.200.254)


Step1: specify static translation between an inside local and inside global address
R1 (config) # ip nat inside source static [local ip] [global ip]
R1 (config) # ip nat inside source static 192.168.20.10 209.165.200.254

Step2: mark the router interface as an inside or outside interface


R1 (config-if) # ip nat [inside / outside]

R1 (config) # interface f0/0 R1 (config) # interface s0/0/0


R1 (config-if) # ip nat inside R1 (config-if) # ip nat outside

Dynamic NAT (Public address range from ISP 209.165.200.11 209.165.200.20 /24)
Step1: define a named address pool of outside addresses
R1 (config) # ip nat pool [name] [ip range] netmask [mask]
R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 netmask 255.255.255.0

Step2: define an access list to specify those inside address


R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255

Dumidu Darshika Senanayake


Page 10 of 17
Cisco IOS Commands

Step3 *: Specify dynamic translation


R1 (config) # ip nat inside source list [ACL no.] pool [name]
R1 (config) # ip nat inside source list 1 pool NAT1

Step4: R1 (config-if) # ip nat [inside / outside]

PAT (Port Address Translation)

Single public address


Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Step2 *: R1 (config) # ip nat inside source list 1 interface s0/0/0 overload
Step3: R1 (config-if) # ip nat [inside / outside]

Multiple public address


Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Step2: R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20
Step3 *: R1 (config) # ip nat inside source list 1 pool NAT1 overload
Step4: R1 (config-if) # ip nat [inside / outside]

R1 # show ip nat translation


R1 # show ip nat translation verbose
R1 # show ip nat statistics

R1 # debug ip nat

R1 # clear ip nat translation

IPv6

2002:c0a8:0101:0000:0000:0000:0000:0042 2002:c0a8:101::42

Classful / Classless Routing Behavior


R1 (config) # ip classless R1 (config) # no ip classless

Saving Configuration :- R1 # copy running-config startup-config

Backup Startup-config to flash :- R1 # copy startup-config flash:config.bak1

R1 # copy system:running-config tftp://172.16.2.155/tokyo-config

R1 # copy startup-config tftp


[tftp server ip add.]

Restore Configuration :- R1 # copy flash:config.bak1 startup-config


R1 # reload

Reset Router Configuration :- R1 # erase startup-config


[confirm]
R1 # reload

Boot from another image :-


Step1: configure a tftp server
Dumidu Darshika Senanayake
Page 11 of 17
Cisco IOS Commands

Step2: R1 # copy tftp flash


[ip add. of tftp server] 192.168.20.254
[new IOS image name] c1841-ipbasek9-mz.124-12.bin
Step3: R1 (config) # boot system flash: c1841-ipbasek9-mz.124-12.bin
Step4: save configuration R1 # copy run start
Step5: restart the router

c2960-lanbase-mz.122-25.SEE1.bin
c1841-ipbase-mz.123-14.T7.bin
c1841-ipbasek9-mz.124-12.bin
Platform: Cisco 2960 Cisco 1841 Cisco 1841
Feature set: lan base ip base ip base k9
File format: m (runs in RAM)
z (compressed)
Version: 12.2 (25) SEE1 12.3 (14) T7 12.4 (12)
File extinction: binary executable

Recovering a lost password :-


Step1: power cycle the router, and press [Ctrl]+[Break] key while booting. This will bring the
router to ROMmon mode.
Step2: rommon 1 > confreg 0x2142
rommon 2 > reset
Step3: after rebooting copy startup to running. Change the password
Step4: change the configuration registry back to default.
R1 (config) # config-register 0x2102
Step5: save the configuration, and power cycle the router.

0x2102 default registry value


0x2142 bypass startup configuration

Commands helpful in Troubleshooting

R1 # show running-config R1 (config) # do show run


R1 # show startup-config
R1 # show version
R1 # show flash

Dumidu Darshika Senanayake


Page 12 of 17
Cisco IOS Commands

Configuring Interfaces

Creating VLAN :- Remove a VLAN :-

S1 (config) # vlan [vlan no.]


S1 (config) # vlan 99 S1 (config) # no vlan 99
S1 (config) # name [vlan name]
S1 (config-vlan) # name Admin
S1 (config-vlan) # exit

Removing vlan database :- S1 # delete flash:vlan.dat

S1 # show vlan
S1 # show vlan brief

Configure (management) VLAN :-

S1 (config) # interface vlan [management vlan no.]


S1 (config) # interface vlan 99
S1 (config-if) # ip address [ip add.] [subnet mask]
S1 (config-if) # ip address 172.17.99.11 255.255.255.0
S1 (config-if) # no shutdown
S1 (config-if) # exit

Switch default gateway :- S1 (config) # ip default-gateway [default gateway ip add.]


S1 (config) # ip default-gateway 172.17.99.1

S1 # show interface vlan [management vlan no.]


S1 # show interface vlan 99

Assign an interface to VLAN :-

S1 (config) # interface [interface]

S1 (config) # interface range f0/18-24 f0/6, f0/11, f0/18

Configure Access Port :- S1 (config) # interface f0/18


S1 (config-if) # switchport mode access
S1 (config-if) # switchport access vlan 10
S1 (config-if) # exit

Configure Trunk port :- S1 (config) # interface f0/24


S1 (config-if) # switchport mode trunk
S1 (config-if) # switchport trunk native vlan 99
S1 (config-if) # exit

S1 (config-if) # switchport trunk allowed vlan 10, 20, 99


S1 (config-if) # switchport trunk allowed vlan all

S1 (config-if) # switchport mode dynamic auto


S1 (config-if) # switchport mode dynamic desirable

Dumidu Darshika Senanayake


Page 13 of 17
Cisco IOS Commands

Voice VLAN :- S1 (config-if) # mls qos trust cos


S1 (config-if) # switchport voice vlan 150

Dynamic Trunking Protocol :-


trunk
Dynamic auto/desirable trunk
access
Dynamic auto/desirable access
access
Dynamic auto dynamic auto
trunk
Dynamic desirable dynamic desirable
trunk
Dynamic desirable dynamic auto

Remove a VLAN & port type:- S1 (config-if) # no switchport mode access


S1 (config-if) # no switchport access vlan

S1 (config-if) # no switchport mode trunk


S1 (config-if) # no switchport trunk vlan

S1 # show interface f0/14 switchport


S1 # show interface trunk

Configure VTP (VLAN Trunking Protocol)

S1 (config) # vtp mode [server / client / transparent]

S1 (config) # vtp domain [domain name]


S1 (config) # vtp domain CCNA

S1 (config) # vtp password [password]


S1 (config) # vtp password cisco

S1 (config) # vtp version [version 1 / 2]


S1 (config) # vtp version 2

S1 (config) # vtp pruning

S1 # show vtp status


S1 # show vtp password
S1 # show vtp counters

Dumidu Darshika Senanayake


Page 14 of 17
Cisco IOS Commands

STP (Spanning Tree Protocol) activated by default

S1 # show spanning-tree
S1 # show spanning-tree active
S1 # show spanning-tree vlan 10

S1 # debug spanning-tree events

S1 (config) # spanning-tree vlan [vlan no.] priority [priority] (multiples of 4096)


S1 (config) # spanning-tree vlan 10 priority 4096 (default priority is 32769)

S1 (config) # spanning-tree vlan 10 root primary


S1 (config) # spanning-tree vlan 20 root secondary

S1 (config) # spanning-tree vlan [vlan no.] root primary diameter [value]


S1 (config) # spanning-tree vlan 10 root primary diameter 5

S1 (config-if) # spanning-tree cost [cost]


S1 (config-if) # spanning-tree cost 25 S1 (config-if) # no spanning-tree cost

S1 (config-if) # spanning-tree port-priority [priority]


S1 (config-if) # spanning-tree port-priority 112 (0 240, increments of 16)

S1 (config-if) # spanning-tree portfast


(only for ports connected to a single host edge ports)
S1 (config-if) # no spanning-tree portfast

Configure Rapid-PVST+ :- S1 (config) # spanning-tree mode rapid-pvst

S1 (config-if) # spanning-tree link-type point-to-point

S1 # clear spanning-tree detected-protocols

Configure static MAC address :-


S1 (config) # mac-address-table static [MAC add.] vlan [no.] interface [interface]
S1 (config) # mac-address-table static 0060.3edd.19a3 vlan 99 interface f0/24

S1 (config) # no mac-address-table static [MAC add.] vlan [no.] interface [interface]

S1 # clear mac-address-table dynamic

Dumidu Darshika Senanayake


Page 15 of 17
Cisco IOS Commands

S1 # show mac-address-table

Configure Static Port Security :-


S1 (config-if) # switchport port-security mac-address [MAC add.] interface [interface]
S1 (config-if) # switchport port-security mac-address 000c.7259.0a63 interface f0/4

Configure Dymanic Port Security :-


S1 (config-if) # switchport port-security
S1 (config-if) # switchport port-security maximum 1
S1 (config-if) # switchport port-security mac-address sticky
S1 (config-if) # switchport port-security violation [protect / restrict / shutdown]

S1 # show port-security
S1 # show port-security interface f0/18
S1 # show port-security address

DHCP Snooping :- S1 (config) # ip dhcp snooping


S1 (config) # ip dhcp snooping vlan [no.]
S1 (config) # ip dhcp snooping trust
S1 (config) # ip dhcp snooping limit rate [no.]

Password Recovery :- flash_init


load_helper
dir flash:
rename flash: config.text flash: config.old
boot

rename flash: config.old flash: config.text


copy flash: config.text system: running-config

This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two
ports as static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable :

Switch# configure terminal


Switch(config)# interface range gigabitethernet2/0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config-if-range)# channel-group 5 mode desirable non-silent
Switch(config-if-range)# end

This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two
ports as static-access ports in VLAN 10 to channel 5 with the LACP mode active :

Switch# configure terminal


Switch(config)# interface range gigabitethernet2/0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Dumidu Darshika Senanayake
Page 16 of 17
Cisco IOS Commands

Switch(config-if-range)# channel-group 5 mode active


Switch(config-if-range)# end

Dumidu Darshika Senanayake


Page 17 of 17

You might also like