Cisco Commands

Comprehensive Cisco IOS commands reference from legacy to modern versions.

Basic Navigation

enable

Enter privileged EXEC mode

disable

Exit privileged EXEC mode

configure terminal

Enter global configuration mode

exit

Exit current mode

end

Exit to privileged EXEC mode from any config mode

show running-config

Display current running configuration

show startup-config

Display startup configuration

reload

Reboot the device

copy running-config startup-config

Save running config to startup config

write memory

Save configuration (legacy command)

Interface Configuration

interface <type> <number>

Enter interface configuration mode

ip address <IP> <subnet-mask>

Configure IP address on interface

no shutdown

Enable interface

shutdown

Disable interface

description <text>

Add interface description

speed <10|100|1000|auto>

Set interface speed

duplex <auto|full|half>

Set duplex mode

switchport mode <access|trunk>

Configure switchport mode

switchport access vlan <vlan-id>

Assign VLAN to access port

switchport trunk allowed vlan <vlan-list>

Set allowed VLANs on trunk

channel-group <number> mode <on|auto|desirable|active|passive>

Configure EtherChannel

VLAN Configuration

vlan <vlan-id>

Create VLAN and enter VLAN config mode

name <vlan-name>

Name the VLAN

show vlan brief

Display VLAN summary

show vlan id <vlan-id>

Display specific VLAN information

no vlan <vlan-id>

Delete a VLAN

switchport trunk native vlan <vlan-id>

Set native VLAN for trunk

vtp mode <server|client|transparent>

Set VTP mode

vtp domain <domain-name>

Set VTP domain

vtp password <password>

Set VTP password

Routing - Static

ip route <network> <mask> <next-hop|interface>

Configure static route

ip route 0.0.0.0 0.0.0.0 <next-hop>

Configure default route

show ip route

Display routing table

show ip route static

Display only static routes

no ip route <network> <mask> <next-hop>

Remove static route

ip route <network> <mask> <next-hop> <distance>

Static route with admin distance

Routing - OSPF

router ospf <process-id>

Enable OSPF routing

network <network> <wildcard> area <area-id>

Advertise network in OSPF

router-id <router-id>

Set OSPF router ID

passive-interface <interface>

Set interface as passive

default-information originate

Advertise default route

show ip ospf neighbor

Display OSPF neighbors

show ip ospf interface

Display OSPF interface information

show ip ospf database

Display OSPF topology database

clear ip ospf process

Reset OSPF process

ip ospf cost <cost>

Set OSPF cost on interface

ip ospf priority <priority>

Set OSPF priority for DR election

Routing - EIGRP

router eigrp <as-number>

Enable EIGRP routing

network <network>

Advertise network in EIGRP

no auto-summary

Disable automatic summarization

passive-interface <interface>

Set interface as passive

show ip eigrp neighbors

Display EIGRP neighbors

show ip eigrp topology

Display EIGRP topology table

show ip eigrp interfaces

Display EIGRP interfaces

metric weights <tos> <k1> <k2> <k3> <k4> <k5>

Configure EIGRP metric

variance <multiplier>

Configure EIGRP load balancing

Security - Access Lists

access-list <number> <permit|deny> <source> <wildcard>

Create standard ACL (1-99)

access-list <number> <permit|deny> <protocol> <source> <dest>

Create extended ACL (100-199)

ip access-list standard <name>

Create named standard ACL

ip access-list extended <name>

Create named extended ACL

ip access-group <acl> <in|out>

Apply ACL to interface

show access-lists

Display all ACLs

show ip access-lists <name|number>

Display specific ACL

no access-list <number>

Remove ACL

access-list <number> remark <text>

Add comment to ACL

Security - Port Security

switchport port-security

Enable port security

switchport port-security maximum <count>

Set max MAC addresses

switchport port-security mac-address <mac>

Configure static secure MAC

switchport port-security mac-address sticky

Enable sticky MAC learning

switchport port-security violation <shutdown|restrict|protect>

Set violation mode

show port-security

Display port security status

show port-security address

Display secure MAC addresses

show port-security interface <interface>

Display interface port security

clear port-security sticky interface <interface>

Clear sticky MAC addresses

Spanning Tree Protocol

spanning-tree mode <pvst|rapid-pvst|mst>

Set STP mode

spanning-tree vlan <vlan-id> root primary

Set bridge as root

spanning-tree vlan <vlan-id> root secondary

Set bridge as secondary root

spanning-tree vlan <vlan-id> priority <priority>

Set STP priority

spanning-tree portfast

Enable PortFast on interface

spanning-tree bpduguard enable

Enable BPDU Guard

show spanning-tree

Display STP information

show spanning-tree summary

Display STP summary

spanning-tree guard root

Enable Root Guard

ISE Integration

aaa new-model

Enable AAA

address ipv4 <ip> auth-port <port> acct-port <port>

Set RADIUS server address

key <key>

Set RADIUS shared secret

aaa group server radius <group-name>

Create RADIUS server group

server name <server-name>

Add server to group

aaa authentication dot1x default group <group>

Configure 802.1X authentication

dot1x system-auth-control

Enable 802.1X globally

authentication port-control auto

Enable 802.1X on interface

show dot1x all

Display 802.1X status

Device Management

hostname <name>

Set device hostname

enable secret <password>

Set encrypted enable password

service password-encryption

Encrypt all plaintext passwords

banner motd # <message> #

Set MOTD banner

line console 0

Enter console line configuration

line vty 0 4

Enter VTY line configuration

password <password>

Set line password

login

Require login on line

logging synchronous

Prevent log messages from interrupting input

exec-timeout <minutes> <seconds>

Set inactivity timeout

Diagnostics & Troubleshooting

show version

Display system version and hardware info

show interfaces

Display all interface status

show interfaces status

Display interface line status

show ip interface brief

Display brief IP interface status

show mac address-table

Display MAC address table

show arp

Display ARP table

show cdp neighbors

Display CDP neighbors

show cdp neighbors detail

Display detailed CDP neighbor info

show processes cpu

Display CPU utilization

show memory

Display memory statistics

show log

Display system log messages

debug <protocol>

Enable debugging for protocol

undebug all

Disable all debugging

terminal monitor

Send log messages to current session

High Availability

standby <group> ip <virtual-ip>

Configure HSRP virtual IP

standby <group> priority <priority>

Set HSRP priority

standby <group> preempt

Enable HSRP preemption

show standby

Display HSRP status