CCNA2 Commands Summary

To configure switch hostname:

Switch(config)# hostname HQSW1

To configure encrypted privilege mode password:

Switch(config)# enable secret cisco123

To set console and line VTY passwords to cisco:

Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login

Switch(config)# line vty 0 15

Switch(config-line)# password cisco
Switch(config-line)# login

To encrypt the plain text passwords in the configuration:

Switch(config)# service password-encryption

To configure VLAN1 with an IP address and activate the interface:

Switch(config)# interface vlan 1
Switch(config-if)# ip address 192.168.10.1 255.255.255.0
Switch(config-if)# no shutdown

To configure the switch to boot from a specific image:

Switch(config)# boot system flash:/c2960.lanbase9-mz.15.2.bin

To see what the current IOS boot file is set to:

Switch# show bootvar

To see the contents of the flash:

Switch# dir flash:

To create a new VLAN:

Switch(config)# vlan 99
Switch(config-vlan)# name TEST

To put a physical interface in a VLAN:

Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 99

To configure a default gateway on a switch:

Switch(config)# ip default-gateway 192.168.10.1
To save the running-configuration to the startup:
Switch# copy running-config startup-config

To verify the interfaces with their IP addresses and status:

Switch# show ip interface brief

To configure the duplex and speed setting on a physical interface:

Switch(config)# interface fastethernet0/1
Switch(config-if)# duplex {full | half | auto}
Switch(config-if)# speed {10 | 100 | 1000 | 10000 | auto}

To enable auto-MDIX on an interface

Switch(config)# interface fastethernet0/1
Switch(config-if)# mdix auto

To examine the auto-MDIX setting for an interface:

Switch# show controllers Ethernet-controller fa0/1 phy | include Auto-MDIX

To display the interface status and configuration:

Switch# show interfaces [interface-id]

To display system hardware and software status:

Switch# show version

To display the history of the commands entered:

Switch# show history

To display the MAC address table:

Switch# show mac-address-table
Switch# show mac address-table

To configure SSH for remote management:

Switch(config)# hostname SW1
Switch(config)# ip domain-name cisco.com
Switch(config)# crypto key generate rsa modulus 1024
Switch(config)# username admin password ccna

Switch(config)# line vty 0 15

Switch(config-line)# transport input ssh
Switch(config-line)# login local

To display the version and configuration data for SSH on the device:
Switch# show ip ssh

To check the SSH connections:

Switch# show ssh

To disable a range of interfaces:

Switch(config)# interface range fa0/1 -5
Switch(config-if-range)# shutdown

To configure IP DHCP Snooping:

Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10,20

Switch(config)# interface fa0/1

Switch(config-if)# ip dhcp snooping trust

Switch(config)# interface fa0/2

Switch(config-if)# ip dhcp snooping limit rate 5

To configure port-security:
Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security violation {protect | restrict | shutdown}

Switch# show port-security interface fa0/1

To display all secure MAC addresses configured:

Switch# show port-security address

To check for any error disabled interfaces:

Switch# show interface fa0/1 status

To allow the switch software clock to be synchronized by an NTP server:

Switch(config)# ntp server 10.1.1.1

To configure a switch as an NTP server with a stratum value:

Switch(config)# ntp master [stratum]

To display the status of NTP associations:

Switch# show ntp associations

To display NTP synchronization status:

Switch# show ntp status

To display the list of VLANs:

Switch# show vlan brief

To delete the vlan.dat file from flash, after erasing the switch startup config:
Switch# delete flash:vlan.dat

To configure an interface as trunk:

Switch(config)# interface fa0/2
Switch(config-if)# switchport mode trunk

To change the native VLAN on a trunk interface:

Switch(config-if)# switchport trunk native vlan 99

To specify the list of allowed VLANs over a trunk interface:

Switch(config-if)# switchport trunk allowed vlan 1-350

To disable dynamic trunking protocol DTP negotiation:

Switch(config-if)# switchport nonegotiate

To check the interfaces in trunking mode:

Switch# show interfaces trunk

To configure a physical port as protected using the PVLAN edge feature:

Switch(config-if)# switchport protected

To give an IPv4 address and description to a router interface:

Router(config)# interface gi0/0
Router(config-if)# description Connected To Branch1
Router(config-if)# ip address 10.10.10.1 255.255.255.0
Router(config-if)# no shutdown

To give an IPv6 global and link local address and description to a router interface:
Router(config)# interface gi0/0
Router(config-if)# description Connected To Branch1
Router(config-if)# ipv6 address 2001:db8:acad::1/64
Router(config-if)# ipv6 address FE80::1 link-local
Router(config-if)# no shutdown

To configure a serial interface with a clock rate:

Router(config)# interface serial0/0/0
Router(config-if)# clock rate 128000

To configure a loopback interface on a router:

Router(config)# interface loopback 0
Router(config-if)# ip address 10.0.0.1 255.255.255.0
Router(config-if)# exit

To display a summary of all interfaces status along with their IP addresses:

Router# show ip interface brief
Router# show ipv6 interface brief

To display the history of the command entered:

Router# show history

To increase the history buffer:

Router# terminal history size 200

To configure an IPv4 default static route:

Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.10.1

To configure an IPv4 static route:

Router(config)# ip route 10.10.10.0 255.255.255.0 172.16.10.1

To configure an IPv6 default static route:

Router(config)# ipv6 unicast-routing
Router(config)# ipv6 route ::/0 2001::1

To configure an IPv6 static route:

Router(config)# ipv6 route 2001:db8:acad::/64 2001:db8:4::2

To display the IP ARP table on the router:

Router# show ip arp

Configuring a router on a stick with two sub-interfaces to route VLANs 10 and 20:
Router(config)# interface gi0/0
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface gi0/0.1
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# ip address 10.10.10.1 255.255.255.0
Router(config-subif)# exit
Router(config)# interface gi0/0.2
Router(config-subif)# encapsulation dot1q 20
Router(config-subif)# ip address 10.10.20.1 255.255.255.0

To configure a routed port on a layer 3 switch:

Switch(config)# interface fa0/0
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.10.10.1 255.255.255.0

To configure a static floating route:

Router(config)# ip route 10.10.10.0 255.255.255.0 172.16.10.1 150

To display the routing table:

Router# show ip route
Router# show ipv6 route

To configure RIP v2:

Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network 10.0.0.0
Router(config-router)# network 172.16.0.0
Router(config-router)# network 192.168.10.0
Router(config-router)# no auto-summary

To verify the routing protocols settings:

Router# show ip protocols

To make a RIP interface passive and avoid sending updates on it:

Router(config)# router rip
Router(config-router)# passive-interface gi0/0

To make all interfaces as passive and only allow sending updates on one of them:
Router(config)# router rip
Router(config-router)# passive-interface default
Router(config-router)# no passive-interface gi0/0

To instruct a router to inject a default route into RIP:

Router(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1
Router(config)# router rip
Router(config-router)# default-information originate

To configure RIPng for IPv6:

Router(config)# ipv6 unicast-routing

Router(config)# interface gi0/0

Router(config-if)# ipv6 rip TEST enable

To propagate an IPv6 default route into RIPng:

Router(config)# ipv6 route ::/0 2001::1

Router(config)# interface gi0/0

Router(config-if)# ipv6 rip TEST enable
Router(config-if)# ipv6 rip TEST default-information originate

To check the RIPng protocol settings:

Router# show ipv6 protocols

To configure OSPF:
Router(config)# router ospf 1
Router(config-router)# router-id 1.1.1.1
Router(config-router)# network 172.16.10.0 0.0.0.255 area 0
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0
Router(config-router)# no auto-summary

To prevent sending routing updates from an interface:

Router(config)# router ospf 1

Router(config-router)# passive-interface gi0/0
To change the bandwidth on an interface to affect the OSPF cost metric:
Router(config-if)# bandwidth 64

To change the OSPF cost of an interface:

Router(config-if)# ip ospf cost 150

To check the OSPF neighbors:

Router# show ip ospf neighbor

To see on which interfaces is OSPF enabled:

Router# show ip ospf interface brief

To change the auto-cost reference bandwidth:

Router(config)# router ospf 1
Router(config-router)# auto-cost reference-bandwidth 1000

To configure OSPF v3 for IPv6:

Router(config)# ipv6 unicast-routing

Router(config)# ipv6 router ospf 1

Router(config-rtr)# router-id 1.1.1.1
Router(config-rtr)# exit

Router(config)# interface gi0/0

Router(config-if)# ipv6 ospf 1 area 0

Router# show ipv6 ospf interface brief

Router# show ipv6 ospf neighbor
Router# show ipv6 protocols

To create a standard access-list:

Router(config)# access-list 1 permit 192.168.30.0 0.0.0.255
Router(config)# access-list permit host 192.168.10.1

To apply an ACL to a line vty to restrict TELNET and SSH incoming access to specific IPs:
Router(config)# access-list 1 permit 10.10.10.0 0.0.0.255
Router(config)# line vty 0 15
Router(config-line)# access-class 1 in

To configure an extended access-list:

Router(config)# access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.10.0 0.0.0.255
Router(config)# access-list 101 permit tcp 172.16.10.0 0.0.0.255 host 192.168.1.1 eq 80

To apply an access-list to an interface:

Router(config-if)# ip access-group 1 {in | out}

Router# show access-lists

To configure a standard named access-list:
Router(config)# ip access-list standard TEST
Router(config-std-acl)# permit xxxx

To configure an extended named access-list:

Router(config)# ip access-list extended TEST
Router(config-extd-acl)# permit xxxx

To configure an IPv6 access-list:

Router(config)# ipv6 access-list TEST
Router(config-ipv6-acl)# deny ipv6 2001:db8:caff:30::/64 any
Router(config-ipv6-acl)# permit ipv6 any any

To apply an IPv6 access-list to an interface:

Router(config-if)# ipv6 traffic-filter TEST in

To configure a DHCP server pool:

Router(config)# service dhcp
Router(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10
Router(config)# ip dhcp pool TEST
Router(config-dhcp-pool)# network 192.168.10.0 255.255.255.0
Router(config-dhcp-pool)# default-router 192.168.10.1
Router(config-dhcp-pool)# dns-server 10.10.10.1
Router(config-dhcp-pool)# domain-name cisco.com
Router(config-dhcp-pool)# exit

To configure a DHCP relay to point to a DHCP server that is on another subnet:

Router(config)# interface gi0/0
Router(config-if)# description Connected to DHCP client device LAN
Router(config-if)# ip helper-address 172.16.10.10

To configure a router interface as a DHCP client:

Router(config-if)# ip address dhcp
Router(config-if)# no shutdown

Router# debug ip dhcp server events

To configure a statefull DHCP server for IPv6 on a router:

Router(config)# ipv6 unicast-routing
Router(config)# ipv6 dhcp pool TEST
Router(config-dhcpv6)# address 2001::/64
Router(config-dhcpv6)# dns-server 2001::2
Router(config-dhcpv6)# domain-name cisco.com

Router(config-if)# ipv6 dhcp server TEST

Router(config-if)# ipv6 nd managed-config-flag

To configure a router as a stateless DHCP client:

Router(config-if)# ipv6 enable
Router(config-if)# ipv6 address autoconfig

To configure a router as a statefull DHCP client:

Router(config-if)# ipv6 enable
Router(config-if)# ipv6 address dhcp

Router# show ipv6 dhcp pool

To configure an IPv6 DHCP relay:

Router(config-if)# ipv6 dhcp relay destination 2008:db8:caff::1

Router# debug ipv6 dhcp detail

To configure static NAT:

Router(config-if)# description Connected to LAN
Router(config-if)# ip nat inside

Router(config-if)# description Connected to Internet

Router(config-if)# ip nat outside

Router(config)# ip nat inside source static 10.10.10.10 198.200.200.10

Router# show ip nat translations

Router# show ip nat statistics

To configure dynamic NAT:

Router(config-if)# description Connected to LAN
Router(config-if)# ip nat inside

Router(config-if)# description Connected to Internet

Router(config-if)# ip nat outside

Router(config)# ip nat pool POOL 209.10.10.1 209.10.10.10

Router(config)# access-list 1 permit 10.10.10.0 0.0.0.255

Router(config)# ip nat inside source list 1 pool POOL

To configure port address translation PAT:

Router(config-if)# description Connected to LAN

Router(config-if)# ip nat inside

Router(config-if)# description Connected to Internet

Router(config-if)# ip nat outside

Router(config)# ip nat pool POOL 209.10.10.1 209.10.10.10

Router(config)# access-list 1 permit 10.10.10.0 0.0.0.255

Router(config)# ip nat inside source list 1 pool POOL overload

To configure port forwarding:

Router(config-if)# description Connected to LAN
Router(config-if)# ip nat inside

Router(config-if)# description Connected to Internet

Router(config-if)# ip nat outside

Router(config)# ip nat inside source static tcp 10.10.10.10 80 209.10.10.5 8080