Here is my own notes I have had as a word doc for several years. It's a basic reference for Cisco router commands.

 


BASIC DEVICE COMMANDS

 

Show Running Configuration File

>show running-config

 

Show Startup Configuration File (NVRAM)

>show startup-config

 

Show Flash Memory Information

>show flash

 

Show Command History

>show history

 

Copy Changes from Running Config to the Startup Config

#copy running-config startup-config

 

Show Version (Platform Type / OS Revision / Last Boot / Memory / Interfaces /Conf Register)

>show version

 

Show Devices Clock (Time/Date)

>show clock

 

Show Users Connected to Device

>show users

 

 

DEVICE SECURITY

 

Set password exec & non-exec (console / aux / telnet)

>enable

#configure terminal

#enable password EnablePass1

 

#line console 0

#login

#password ConsolePass1

#exit

 

#line aux 0

#login

#password AuxPass1

#exit

 

#line vty 0 4

#login

#password TelnetPass1

#exit

 

Set Secret Password (recommended method)

>enable

#configure terminal

#enable secret EnableSecret1

#exit

 

 

BASIC SETINGS

 

Set a Warning Banner For Login Prompt

>enable

#configure terminal

#banner motd &

#banner line1

#banner line2 &

#exit

 

Set hostname

>enable

#configure terminal

#hostname router1

#prompt router01

#exit

 

 

SAVING AND RESTORING CONFIGURATIONS

 

Save Running Config to Startup Config

#copy running-configuration startup-configuration

 

Save Running Config to a Remote TFTP Server

#copy running-configuration tftp

<enter IP>

<enter filename>

 

Save Config From Remote TFTP Server to the Running Config

#copy tftp running-configuration

<enter IP>

<enter filename>

 

Erase NVRAM

#erase nvram

 

 

INTERFACE COMAMNDS

 

Show Summary of All Interfaces (IP & Status)

>show ip interface brief

 

Show Detailed Interface Information (All Interfaces)

>show interfaces

 

Show Detailed Interface Information (Single Interface)

>show interfaces serial 0

 

Show Detailed Interface Protocol Information (Single Interface)

>show ip interface serial 0

 

Show Status of Interface Layer 3 Protocols

>show protocols

 

Show Information About IP Routing Protocols

>show ip protocols

 

Show IP Routes (Interfaces that are routing)

>show ip route

 

Show Cached Hosts List

>show hosts

 

Set description for an interface

>enable

#configure terminal

#interface serial 0

#description this is the serial0 link to router2

#exit

 

Configure an IP for an interface

#configure terminal

#interface Ethernet 0

#ip address 10.1.1.251 255.255.255.0

#exit

 

Enable an Interface

#configure terminal

#interface Ethernet 0

#no shutdown

#exit

 

Disable an Interface (Administratively Down)

#configure terminal

#interface Serial 1

#shutdown

#exit

 

 

SERIAL INTERFACES

 

Set Serial Interface Clock Rate (DCE Cable – Data Circuit-Terminating Equipment)

R1#configure terminal

R1#interface serial 0

R1#clock rate 56000

R1#no shut

 

R2#configure terminal

R2#interface serial 0

R2#no shut

 

Set Serial Interface Bandwidth and Clock Rate

#configure terminal

#interface serial 0

#bandwidth 64

#clock rate 64000

#exit

 

 

LOOPBACK INTERFACES

 

Create a Loopback Interface and Set the IP Address and Mask

R1#configure terminal

R1#interface loopback 0

R1#ip address 10.1.100.1 255.255.255.0

R1#no shut

 

 

CDP (Cisco Discovery Protocol)

 

Show CDP General Information

>show cdp

 

Show CDP Interface Information

>show cdp interface

 

Show CDP Neighbors

>show cdp neighbors

 

Show CDP Neighbors Detail

>show cdp neighbors detail

 

Show Specific CDP Entry Details

>show cdp entry R4

 

Set / Adjust the Time between CDP Updates

#configure terminal

(config)#cdp timer 45

 

Set / Adjust the CDP Information Hold Time

#configure terminal

(config)#cdp holdtime 60

 

Disable CDP on the Entire Router

#configure terminal

(config)#no cdp run

 

Enable CDP on the Entire Router

#configure terminal

(config)#cdp run

 

Disable CDP on an Interface

#configure terminal

(config)#interface Ethernet 0

(config-if)#no cdp run

 

Enable CDP on an Interface

#configure terminal

(config)#interface Ethernet 0

(config-if)#cdp run

 

 

ARP

 

Show ARP Table

>show arp

 

Clear ARP Table

#clear arp

 

 

TELNET

 

Telnet to another Device

>telnet 10.1.1.2

password: ****

 

Show Sessions

>show sessions

 

Disconnect from a session

>disconnect 1

 

Setup to Allow Telnet Logins

#conf term

(config)#line vty 0 4

(config-line)#login

(config-line)#password Pass1

 

 

HOSTS TABLE

 

Add an Entry to the Hosts Table

#conf term

(config)#ip host California 192.168.10.1

 

 

STATIC ROUTING

 

Show IP Routes (S = Static)

>show ip route

Add a Static Route

#conf term

#ip route 10.1.1.0 255.255.255.0 192.168.10.1

 

Remove a Static Route

#conf term

#no ip route 10.1.1.0 255.255.255.0 192.168.10.1

 

 

DEFAULT ROUTING

 

Show IP Routes (S = Static * = Default Candidate)

>show ip route

Add a Default Route

#conf term

#ip route 0.0.0.0 0.0.0.0 192.168.10.1

 

Remove Default Route

#conf term

#no ip route 0.0.0.0 0.0.0.0 192.168.10.1

 

 

RIP (Routing Information Protocol)

 

Uses UDP port 520

Show IP Routes (R = RIP)

>show ip route

 

Show Information About IP Routing Protocols

>show ip protocols

 

Enable RIP

#conf term

#router rip

 

Disable RIP

#conf term

#no router rip

 

Add a Network for RIP Advertisements/Receives (Delay <30secs)

#conf term

#router rip

#network 10.0.0.0

 

Remove a Network from RIP Advertisements/Receives

#conf term

#router rip

#no network 10.0.0.0

 

Turn on RIP Debugging

#debug ip rip

 

Turn off RIP Debugging

#no debug ip rip

 

Clear and Re-Create IP Routing Table

#clear ip route *

 

 

IGRP (Interior Gateway Routing Protocol)

 

Show IP Routes (I = IGRP)

>show ip route

 

Show Information About IP Routing Protocols

>show ip protocols

 

Enable IGRP

#conf term

#router igrp 100

 

Add Networks Directly Connected to Router for IGRP Routing

#conf term

#router igrp 100

#network 10.0.0.0

 

Remove Networks Directly Connected to Router for IGRP Routing

#conf term

#router igrp 100

#no network 10.0.0.0

 

 

EIGRP (Enhanced Interior Gateway Routing Protocol)

 

Show IP Routes (D = EIGRP)

>show ip route

 

Show Information About IP Routing Protocols

>show ip protocols

 

Show EIGRP Neighbours

>show ip eigrp neighbours

 

Show EIGRP Traffic, Shows EIGRP Packet Types Sent and Recieved

>show ip eigrp traffic

 

Enable EGRP 100

#conf term

#router eigrp 100

 

Add Networks Directly Connected to Router for EIGRP Routing

#conf term

#router eigrp 100

#network 10.0.0.0

 

Remove Networks Directly Connected to Router for EIGRP Routing

#conf term

#router eigrp 100

#no network 10.0.0.0

 

 

OSPF (Open Shortest Path First) Routing

 

Show Routing Table (O = OSPF)

>show ip route

 

Show Routing Protocol Information

>show ip protocols

 

Show the OSPF Database

>show ip ospf database

 

Show OSPF Neighbours

>show ip ospf neighbour

 

Show Interfaces Running OSPF – Detailed Information

>show ip ospf interface

 

Configure OSPF Routing and Set the Process Number

R1#conf term

R1(config)#router ospf 100

 

R2#conf term

R2(config)#router ospf 100

 

R3#conf term

R3(config)#router ospf 100

 

Configure Networks that the Router is Connected to

R1#conf term

R1(config)#router ospf 100

R1(config-router)#network 10.1.20.0 0.0.0.255 area 0

R1(config-router)#network 192.16.1.0 0.0.255.255 area 0

 

R2#conf term

R2(config)#router ospf 100

R2(config-router)#network 10.1.20.0 0.0.0.255 area 0

 

R3#conf term

R3(config)#router ospf 100

R3(config-router)#network 192.16.1.0 0.0.255.255 area 0

 

 

PPP (Point-to-Point Protocol)

 

With CHAP Authentication (Challenge-Handshake Authentication Protocol)

 

R1

Set the Enable Secret on R1

R1#conf term

R1#enable secret secretPassR1

Create a User on R1 with Same Password as R2’s Enable Secret

R1#username R2 password secretPassR2

Set an IP and Enable the Serial Interface on R1

R1#interface serial 0

R1#ip address 10.1.0.1 255.255.255.0

R1#no shutdown

Set Encapsulation for the Serial Interface to PPP on R1

R1#encapsulation ppp

Set PPP Authentication to CHAP for the Serial Interface on R1

R1#ppp authentication chap

 

R2

Set the Enable Secret on R2

R2#conf term

R2#enable secret secretPassR2

Create a User on R2 with Same Password as R1’s Enable Secret

R1#username R1 password secretPassR1

Set an IP and Enable the Serial Interface on R2

R2#interface serial 0

R2#ip address 10.1.0.2 255.255.255.0

R2#no shutdown

Set Encapsulation for the Serial Interface to PPP on R2

R2#encapsulation ppp

Set PPP Authentication to CHAP for the Serial Interface on R2

R2#ppp authentication chap

 

Show Serial Interface Details including Encapsulation Type

>show interfaces serial 0

 

Without CHAP Authentication

 

R1

Set an IP and Enable the Serial Interface on R1

R1#conf term

R1#interface serial 0

R1#ip address 10.1.0.1 255.255.255.0

R1#no shutdown

Set Encapsulation for the Serial Interface to PPP on R1

R1#encapsulation ppp

 

R2

Set an IP and Enable the Serial Interface on R2

R2#conf term

R2#interface serial 0

R2#ip address 10.1.0.2 255.255.255.0

R2#no shutdown

Set Encapsulation for the Serial Interface to PPP on R2

R2#encapsulation ppp

 

Show Serial Interface Details including Encapsulation Type

>show interfaces serial 0

 

 

ISDN (Integrated Services Digital Network)

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Show ISDN Interface Information

>show interface bri 0

 

Specify the ISDN Switch Type

#conf term

#isdn switch-type basic-ni

Set the SPID for the Interface

#interface bri 0

#isdn spid1 32177820010100

 

Set the Dialler String on the Interface to Establish Layer 3

#interface bri 0

#dialer string 7782002

 

Setup a Dialer-list to Permit All IP Traffic

#dialer-list 1 protocol ip permit

 

ISDN BRI-BRI using Legacy DDR (Dial on Demand Routing)

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Configure ISDN BRI-BRI using Legacy DDR

R1(config)#isdn switch-type basic-ni

R1(config)#dialer-list 1 protocol ip permit

R1(config)#username R2 password cisco

R1(config)#interface bri0

R1(config-if)#encapsulation ppp

R1(config-if)#ip address 200.10.1.1 255.255.255.0

R1(config-if)#isdn spid1 32177820010100

R1(config-if)#dialer-group 1

R1(config-if)#dialer map ip 200.10.1.2 name R2 broadcast 7782001

R1(config-if)#ppp authentication chap

R1(config-if)#no shut

 

R2(config)#isdn switch-type basic-ni

R2(config)#dialer-list 1 protocol ip permit

R2(config)#username R1 password cisco

R2(config)#interface bri0

R2(config-if)#encapsulation ppp

R2(config-if)#ip address 200.10.1.1 255.255.255.0

R2(config-if)#isdn spid1 32177820020100

R2(config-if)#dialer-group 1

R2(config-if)#dialer map ip 200.10.1.1 name R1 broadcast 7782002

R2(config-if)#ppp authentication chap

R2(config-if)#no shut

 

 

ISDN BRI-BRI using Dialer Profiles

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Configure ISDN BRI-BRI using Dialer Profiles

R1(config)#isdn switch-type basic-ni

R1(config)#dialer-list 1 protocol ip permit

R1(config)#username R2 password cisco

R1(config)#int bri0

R1(config-if)#encap ppp

R1(config-if)#ppp authentication chap

R1(config-if)#isdn spid1 32177820010100

R1(config-if)#dialer pool-member 1

R1(config-if)#no shut

R1(config-if)#int dialer 1

R1(config-if)#no shut

R1(config-if)#ip address 200.10.1.1 255.255.255.0

R1(config-if)#encap ppp

R1(config-if)#dialer-group 1

R1(config-if)#dialer pool 1

R1(config-if)#dialer remote-name R2

R1(config-if)#dilaer string 7782001

R1(config-if)#ppp authentication chap

 

R2(config)#isdn switch-type basic-ni

R2(config)#dialer-list 1 protocol ip permit

R2(config)#username R1 password cisco

R2(config)#int bri0

R2(config-if)#encap ppp

R2(config-if)#ppp authentication chap

R2(config-if)#isdn spid1 32177820020100

R2(config-if)#dialer pool-member 1

R2(config-if)#no shut

R2(config-if)#int dialer 1

R2(config-if)#no shut

R2(config-if)#ip address 200.10.1.2 255.255.255.0

R2(config-if)#encap ppp

R2(config-if)#dialer-group 1

R2(config-if)#dialer pool 1

R2(config-if)#dialer remote-name R1

R2(config-if)#dilaer string 7782002

R2(config-if)#ppp authentication chap

 

 

ISDN PRI using Dialer Profiles

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Configure ISDN PRI using Dialer Profiles

R1(config)#isdn switch-type basic-ni

R1(config)#dialer-list 1 protocol ip permit

R1(config)#username R2 password cisco

R1(config)#interface bri0

R1(config-if)#encap ppp

R1(config-if)#ppp authentication chap

R1(config-if)#isdn spid1 32177820010100

R1(config-if)#dialer pool-member 1

R1(config-if)#no shut

R1(config-if)#int dialer 2

R1(config-if)#no shut

R1(config-if)#ip add 201.10.1.1 255.255.255.0

R1(config-if)#encap ppp

R1(config-if)#dialer-group 1

R1(config-if)#dialer pool 1

R1(config-if)#dialer remote-name R2

R1(config-if)#dialer string 7782001

R1(config-if)#ppp authentication chap

 

R2(config)#isdn switch-type primary-5ess

R2(config)#dialer-list 1 protocol ip permit

R2(config)#username R1 password cisco

R2(config)#controller tl 0/0

R2(config-contoller)#framing esf

R2(config-contoller)#linecode b8zs

R2(config-contoller)#pri-group timeslots 1-24

R2(config-contoller)#exit

R2(config)#interface serial0/0:23

R2(config-if)#encapsulation ppp

R2(config-if)#ppp authentication chap

R2(config-if)#dialer pool-member 2

R2(config-if)#no shut

R2(config-if)#interface dialer 2

R2(config-if)#ip add 201.10.1.2 255.255.255.0

R2(config-if)#encaps ppp

R2(config-if)#dialer-group 1

R2(config-if)#dialer pool 2

R2(config-if)#dialer remote-name R1

R2(config-if)#dialer string 7782002

R2(config-if)#ppp authentication chap

R2(config-if)#no shut

 

 

IPX (Internetwork Packet Exchange)

 

Show IPX Interface Information

>show ipx interface

 

Show IPX Interface Information Brief

>show ipx interface brief

 

Show IPX Traffic

>show ipx traffic

 

Enable IPX Routing on Both Routers

#conf term

#ipx routing

 

Assign an IPX Network to the Ethernet Interfaces on the Routers

#interface Ethernet 0

(config-if)#ipx network AAA

(config-if)#no shut

 

 

FRAME RELAY

 

Show Global Frame-Relay Traffic Statistics

>show frame-relay traffic

 

Show Frame-Relay LMI (Local Management Interface) Traffic

>show frame-relay lmi

 

Show Frame-Relay Mappings of DLCI (Layer 2) to the IP Address (Layer 3)

>show frame-relay map

 

Show Frame-Relay PVC (Permanent Virtual Circuit) Mappings between Router and the Frame-Relay Switch

>show frame-relay pvc

 

Set the Interfaces Encapsulation to Frame-Relay on Both Routers

#interface serial 0

#encapsulation frame-relay

#no shut

 

Set the Frame-Relay Interface DLCI (Data Link Connection Identifer) for the Connection

R1(config-if)#frame-relay interface-dlci 102

R2(config-if)#frame-relay interface-dlci 202

 

Create Sub Interface and IP for Each Connection and Set DLCI on Connections

R1(config-if)#interface serial 0.100 point-to-point

R1(config-subif)#frame-relay interface-dlci 102

R1(config-subif)#ip address 172.16.1.1 255.255.255.0

R1(config-if)#interface serial 0.200 point-to-point

R1(config-subif)#frame-relay interface-dlci 103

R1(config-subif)#ip address 172.16.1.2 255.255.255.0

 

R2(config-if)#interface serial 0.100 point-to-point

R2(config-subif)#frame-relay interface-dlci 201

R2(config-subif)#ip address 172.16.2.1 255.255.255.0

 

R3(config-if)#interface serial 0.100 point-to-point

R3(config-subif)#frame-relay interface-dlci 301

R3(config-subif)#ip address 172.16.2.1 255.255.255.0

 

Set the LMI (Local Management Interface) Type

#conf term

(config)#int serial1

(config-if)#frame-relay lmi-type ansi

 

Set Frame Relay Map IP

#conf term

(config)#int serial1

(config-if)#frame-relay map ip 10.50.1.1 105 broadcast

 

 

STANDARD ACCESS LISTS

 

Show Access Lists

>show access-lists

>show access-lists 1

>show access-lists 99

 

View Access Lists Applied to an Interface

>show ip interface

 

access-list [#(1-99) ] [permit | deny] [source-address | keyword any] [source mask]

Create an Access List to Deny

#conf term

(config)#access-list 1 deny host 192.168.20.1

(config)#access-list 1 deny 192.168.20.2

(config)#access-list 1 deny 192.168.20.3 0.0.0.0

 

Create an Access List to Permit

#conf term

(config)#access-list 1 permit any

 

Delete an Access List

#conf term

(config)#no access-list 1

 

ip access-group [access-list] [in | out]

Add the Access Group to an Interface (in/out)

#conf term

(config)#interface ethernet 0

(config-if)#ip access-group 1 in

(config-if)#ip access-group 20 out

 

Remove the Access Group from an Interface (in/out)

#conf term

(config)#interface ethernet 0

(config-if)#no ip access-group 1 in

 

 

EXTENDED ACCESS LISTS

 

Show Access Lists

>show access-lists

>show access-lists 101 (100-199 and 2000-2699)

 

View Access Lists Applied to an Interface

>show ip interface

 

Create an Extended Access List

#conf term

(config)#access-list 101 deny icmp any any echo

(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log

(config)#access-list 102 permit tcp 24.17.2.0 0.0.0.15 any log

(config)#access-list 103 permit ip host 192.168.1.123 host 192.168.1.12 log

 

Delete an Extended Access List

#conf term

(config)#no access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log

 

Add the Access Group to an Interface (in/out)

ip access-group [access-list] [in | out]

#conf term

(config)#interface ethernet 0

(config-if)#ip access-group 101 in

(config-if)#ip access-group 102 out

 

Remove the Access Group from an Interface (in/out)

#conf term

(config)#interface ethernet 0

(config-if)#no ip access-group 101 in

 

 

 

NAMED ACCESS CONTROL LISTS

 

Show Access Lists

>show access-lists

 

Create a Named Access List to Deny Ping and Log

#conf term

(config)#ip access-list extended deny_icmp_ping

(config-ext-acl)#deny icmp host 192.168.1.20 192.168.1.1 0.0.0.0 log

(config-ext-acl)#permit ip any any log

 

Delete a Named Access List

#conf term

(config)#no ip access-list extended deny_icmp_ping

 

Add the Named Access Group to an Interface (in/out)

#conf term

(config)#interface FA0/0

(config-if)#ip access-group deny_icmp_ping in

 

Remove the Named Access Group from an Interface (in/out)

#conf term

(config)#interface FA0/0

(config-if)#no ip access-group deny_icmp_ping in

 

 

NAT/PAT (Network Address Translation/Port Address Translation)

 

Show IP NAT Translations

>show ip nat translations

 

Clear IP NAT Translations

#clear ip nat translation *

 

Show IP NAT Statistics

>show ip nat statistics

 

STATIC NAT

Add a Static NAT

#conf term

(config)#ip nat inside source static 10.50.1.2 10.70.1.2

(config)#interface ethernet 0

(config-if)#ip nat inside

(config-if)#interface serial 0

(config-if)#ip nat outside

 

Remove a Static NAT

#conf term

(config)#no ip nat inside source static 10.50.1.2 10.70.1.2

 

MANY-TO-ONE NAT

Add a Many-To-One NAT

#conf term

(config)#access-list 11 permit 10.50.1.0 0.0.0.255

(config)#ip nat inside source list 11 interface serial 0 overload

(config)#interface ethernet 0

(config-if)#ip nat inside

(config-if)#interface serial 0

(config-if)#ip nat outside

 

Remove a Many-To-One NAT

#conf term

(config)#no ip nat inside source static 10.50.1.2 10.70.1.2

 

DYNAMIC NAT (Using Pools)

Add a Dynamic NAT

#conf term

(config)#ip nat pool poolname1 10.50.1.100 10.50.1.150 netmask 255.255.255.0

(config)#ip nat inside source list 2 pool poolname1

(config)#interface ethernet 0

(config-if)#ip nat inside

(config-if)#interface serial 0

(config-if)#ip nat outside

 

Remove a Dynamic NAT

#conf term

(config)#no ip nat pool pool1 10.50.1.100 10.50.1.150 netmask 255.255.255.0

 

PAT (Port Address Translation)

Add a PAT

#conf term

(config)#ip nat inside source list 2 interface serial 0 overload

Remove a PAT

#conf term

(config)#no ip nat inside source list 2 interface serial 0 overload

 

 

Share this blog post on social media:

Latest Blog Posts

Popular

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes

We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok Decline