Here is my own notes I have had as a word doc for several years. It's a basic reference for Cisco router commands.

 


BASIC DEVICE COMMANDS

 

Show Running Configuration File

>show running-config

 

Show Startup Configuration File (NVRAM)

>show startup-config

 

Show Flash Memory Information

>show flash

 

Show Command History

>show history

 

Copy Changes from Running Config to the Startup Config

#copy running-config startup-config

 

Show Version (Platform Type / OS Revision / Last Boot / Memory / Interfaces /Conf Register)

>show version

 

Show Devices Clock (Time/Date)

>show clock

 

Show Users Connected to Device

>show users

 

 

DEVICE SECURITY

 

Set password exec & non-exec (console / aux / telnet)

>enable

#configure terminal

#enable password EnablePass1

 

#line console 0

#login

#password ConsolePass1

#exit

 

#line aux 0

#login

#password AuxPass1

#exit

 

#line vty 0 4

#login

#password TelnetPass1

#exit

 

Set Secret Password (recommended method)

>enable

#configure terminal

#enable secret EnableSecret1

#exit

 

 

BASIC SETINGS

 

Set a Warning Banner For Login Prompt

>enable

#configure terminal

#banner motd &

#banner line1

#banner line2 &

#exit

 

Set hostname

>enable

#configure terminal

#hostname router1

#prompt router01

#exit

 

 

SAVING AND RESTORING CONFIGURATIONS

 

Save Running Config to Startup Config

#copy running-configuration startup-configuration

 

Save Running Config to a Remote TFTP Server

#copy running-configuration tftp

<enter IP>

<enter filename>

 

Save Config From Remote TFTP Server to the Running Config

#copy tftp running-configuration

<enter IP>

<enter filename>

 

Erase NVRAM

#erase nvram

 

 

INTERFACE COMAMNDS

 

Show Summary of All Interfaces (IP & Status)

>show ip interface brief

 

Show Detailed Interface Information (All Interfaces)

>show interfaces

 

Show Detailed Interface Information (Single Interface)

>show interfaces serial 0

 

Show Detailed Interface Protocol Information (Single Interface)

>show ip interface serial 0

 

Show Status of Interface Layer 3 Protocols

>show protocols

 

Show Information About IP Routing Protocols

>show ip protocols

 

Show IP Routes (Interfaces that are routing)

>show ip route

 

Show Cached Hosts List

>show hosts

 

Set description for an interface

>enable

#configure terminal

#interface serial 0

#description this is the serial0 link to router2

#exit

 

Configure an IP for an interface

#configure terminal

#interface Ethernet 0

#ip address 10.1.1.251 255.255.255.0

#exit

 

Enable an Interface

#configure terminal

#interface Ethernet 0

#no shutdown

#exit

 

Disable an Interface (Administratively Down)

#configure terminal

#interface Serial 1

#shutdown

#exit

 

 

SERIAL INTERFACES

 

Set Serial Interface Clock Rate (DCE Cable – Data Circuit-Terminating Equipment)

R1#configure terminal

R1#interface serial 0

R1#clock rate 56000

R1#no shut

 

R2#configure terminal

R2#interface serial 0

R2#no shut

 

Set Serial Interface Bandwidth and Clock Rate

#configure terminal

#interface serial 0

#bandwidth 64

#clock rate 64000

#exit

 

 

LOOPBACK INTERFACES

 

Create a Loopback Interface and Set the IP Address and Mask

R1#configure terminal

R1#interface loopback 0

R1#ip address 10.1.100.1 255.255.255.0

R1#no shut

 

 

CDP (Cisco Discovery Protocol)

 

Show CDP General Information

>show cdp

 

Show CDP Interface Information

>show cdp interface

 

Show CDP Neighbors

>show cdp neighbors

 

Show CDP Neighbors Detail

>show cdp neighbors detail

 

Show Specific CDP Entry Details

>show cdp entry R4

 

Set / Adjust the Time between CDP Updates

#configure terminal

(config)#cdp timer 45

 

Set / Adjust the CDP Information Hold Time

#configure terminal

(config)#cdp holdtime 60

 

Disable CDP on the Entire Router

#configure terminal

(config)#no cdp run

 

Enable CDP on the Entire Router

#configure terminal

(config)#cdp run

 

Disable CDP on an Interface

#configure terminal

(config)#interface Ethernet 0

(config-if)#no cdp run

 

Enable CDP on an Interface

#configure terminal

(config)#interface Ethernet 0

(config-if)#cdp run

 

 

ARP

 

Show ARP Table

>show arp

 

Clear ARP Table

#clear arp

 

 

TELNET

 

Telnet to another Device

>telnet 10.1.1.2

password: ****

 

Show Sessions

>show sessions

 

Disconnect from a session

>disconnect 1

 

Setup to Allow Telnet Logins

#conf term

(config)#line vty 0 4

(config-line)#login

(config-line)#password Pass1

 

 

HOSTS TABLE

 

Add an Entry to the Hosts Table

#conf term

(config)#ip host California 192.168.10.1

 

 

STATIC ROUTING

 

Show IP Routes (S = Static)

>show ip route

Add a Static Route

#conf term

#ip route 10.1.1.0 255.255.255.0 192.168.10.1

 

Remove a Static Route

#conf term

#no ip route 10.1.1.0 255.255.255.0 192.168.10.1

 

 

DEFAULT ROUTING

 

Show IP Routes (S = Static * = Default Candidate)

>show ip route

Add a Default Route

#conf term

#ip route 0.0.0.0 0.0.0.0 192.168.10.1

 

Remove Default Route

#conf term

#no ip route 0.0.0.0 0.0.0.0 192.168.10.1

 

 

RIP (Routing Information Protocol)

 

Uses UDP port 520

Show IP Routes (R = RIP)

>show ip route

 

Show Information About IP Routing Protocols

>show ip protocols

 

Enable RIP

#conf term

#router rip

 

Disable RIP

#conf term

#no router rip

 

Add a Network for RIP Advertisements/Receives (Delay <30secs)

#conf term

#router rip

#network 10.0.0.0

 

Remove a Network from RIP Advertisements/Receives

#conf term

#router rip

#no network 10.0.0.0

 

Turn on RIP Debugging

#debug ip rip

 

Turn off RIP Debugging

#no debug ip rip

 

Clear and Re-Create IP Routing Table

#clear ip route *

 

 

IGRP (Interior Gateway Routing Protocol)

 

Show IP Routes (I = IGRP)

>show ip route

 

Show Information About IP Routing Protocols

>show ip protocols

 

Enable IGRP

#conf term

#router igrp 100

 

Add Networks Directly Connected to Router for IGRP Routing

#conf term

#router igrp 100

#network 10.0.0.0

 

Remove Networks Directly Connected to Router for IGRP Routing

#conf term

#router igrp 100

#no network 10.0.0.0

 

 

EIGRP (Enhanced Interior Gateway Routing Protocol)

 

Show IP Routes (D = EIGRP)

>show ip route

 

Show Information About IP Routing Protocols

>show ip protocols

 

Show EIGRP Neighbours

>show ip eigrp neighbours

 

Show EIGRP Traffic, Shows EIGRP Packet Types Sent and Recieved

>show ip eigrp traffic

 

Enable EGRP 100

#conf term

#router eigrp 100

 

Add Networks Directly Connected to Router for EIGRP Routing

#conf term

#router eigrp 100

#network 10.0.0.0

 

Remove Networks Directly Connected to Router for EIGRP Routing

#conf term

#router eigrp 100

#no network 10.0.0.0

 

 

OSPF (Open Shortest Path First) Routing

 

Show Routing Table (O = OSPF)

>show ip route

 

Show Routing Protocol Information

>show ip protocols

 

Show the OSPF Database

>show ip ospf database

 

Show OSPF Neighbours

>show ip ospf neighbour

 

Show Interfaces Running OSPF – Detailed Information

>show ip ospf interface

 

Configure OSPF Routing and Set the Process Number

R1#conf term

R1(config)#router ospf 100

 

R2#conf term

R2(config)#router ospf 100

 

R3#conf term

R3(config)#router ospf 100

 

Configure Networks that the Router is Connected to

R1#conf term

R1(config)#router ospf 100

R1(config-router)#network 10.1.20.0 0.0.0.255 area 0

R1(config-router)#network 192.16.1.0 0.0.255.255 area 0

 

R2#conf term

R2(config)#router ospf 100

R2(config-router)#network 10.1.20.0 0.0.0.255 area 0

 

R3#conf term

R3(config)#router ospf 100

R3(config-router)#network 192.16.1.0 0.0.255.255 area 0

 

 

PPP (Point-to-Point Protocol)

 

With CHAP Authentication (Challenge-Handshake Authentication Protocol)

 

R1

Set the Enable Secret on R1

R1#conf term

R1#enable secret secretPassR1

Create a User on R1 with Same Password as R2’s Enable Secret

R1#username R2 password secretPassR2

Set an IP and Enable the Serial Interface on R1

R1#interface serial 0

R1#ip address 10.1.0.1 255.255.255.0

R1#no shutdown

Set Encapsulation for the Serial Interface to PPP on R1

R1#encapsulation ppp

Set PPP Authentication to CHAP for the Serial Interface on R1

R1#ppp authentication chap

 

R2

Set the Enable Secret on R2

R2#conf term

R2#enable secret secretPassR2

Create a User on R2 with Same Password as R1’s Enable Secret

R1#username R1 password secretPassR1

Set an IP and Enable the Serial Interface on R2

R2#interface serial 0

R2#ip address 10.1.0.2 255.255.255.0

R2#no shutdown

Set Encapsulation for the Serial Interface to PPP on R2

R2#encapsulation ppp

Set PPP Authentication to CHAP for the Serial Interface on R2

R2#ppp authentication chap

 

Show Serial Interface Details including Encapsulation Type

>show interfaces serial 0

 

Without CHAP Authentication

 

R1

Set an IP and Enable the Serial Interface on R1

R1#conf term

R1#interface serial 0

R1#ip address 10.1.0.1 255.255.255.0

R1#no shutdown

Set Encapsulation for the Serial Interface to PPP on R1

R1#encapsulation ppp

 

R2

Set an IP and Enable the Serial Interface on R2

R2#conf term

R2#interface serial 0

R2#ip address 10.1.0.2 255.255.255.0

R2#no shutdown

Set Encapsulation for the Serial Interface to PPP on R2

R2#encapsulation ppp

 

Show Serial Interface Details including Encapsulation Type

>show interfaces serial 0

 

 

ISDN (Integrated Services Digital Network)

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Show ISDN Interface Information

>show interface bri 0

 

Specify the ISDN Switch Type

#conf term

#isdn switch-type basic-ni

Set the SPID for the Interface

#interface bri 0

#isdn spid1 32177820010100

 

Set the Dialler String on the Interface to Establish Layer 3

#interface bri 0

#dialer string 7782002

 

Setup a Dialer-list to Permit All IP Traffic

#dialer-list 1 protocol ip permit

 

ISDN BRI-BRI using Legacy DDR (Dial on Demand Routing)

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Configure ISDN BRI-BRI using Legacy DDR

R1(config)#isdn switch-type basic-ni

R1(config)#dialer-list 1 protocol ip permit

R1(config)#username R2 password cisco

R1(config)#interface bri0

R1(config-if)#encapsulation ppp

R1(config-if)#ip address 200.10.1.1 255.255.255.0

R1(config-if)#isdn spid1 32177820010100

R1(config-if)#dialer-group 1

R1(config-if)#dialer map ip 200.10.1.2 name R2 broadcast 7782001

R1(config-if)#ppp authentication chap

R1(config-if)#no shut

 

R2(config)#isdn switch-type basic-ni

R2(config)#dialer-list 1 protocol ip permit

R2(config)#username R1 password cisco

R2(config)#interface bri0

R2(config-if)#encapsulation ppp

R2(config-if)#ip address 200.10.1.1 255.255.255.0

R2(config-if)#isdn spid1 32177820020100

R2(config-if)#dialer-group 1

R2(config-if)#dialer map ip 200.10.1.1 name R1 broadcast 7782002

R2(config-if)#ppp authentication chap

R2(config-if)#no shut

 

 

ISDN BRI-BRI using Dialer Profiles

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Configure ISDN BRI-BRI using Dialer Profiles

R1(config)#isdn switch-type basic-ni

R1(config)#dialer-list 1 protocol ip permit

R1(config)#username R2 password cisco

R1(config)#int bri0

R1(config-if)#encap ppp

R1(config-if)#ppp authentication chap

R1(config-if)#isdn spid1 32177820010100

R1(config-if)#dialer pool-member 1

R1(config-if)#no shut

R1(config-if)#int dialer 1

R1(config-if)#no shut

R1(config-if)#ip address 200.10.1.1 255.255.255.0

R1(config-if)#encap ppp

R1(config-if)#dialer-group 1

R1(config-if)#dialer pool 1

R1(config-if)#dialer remote-name R2

R1(config-if)#dilaer string 7782001

R1(config-if)#ppp authentication chap

 

R2(config)#isdn switch-type basic-ni

R2(config)#dialer-list 1 protocol ip permit

R2(config)#username R1 password cisco

R2(config)#int bri0

R2(config-if)#encap ppp

R2(config-if)#ppp authentication chap

R2(config-if)#isdn spid1 32177820020100

R2(config-if)#dialer pool-member 1

R2(config-if)#no shut

R2(config-if)#int dialer 1

R2(config-if)#no shut

R2(config-if)#ip address 200.10.1.2 255.255.255.0

R2(config-if)#encap ppp

R2(config-if)#dialer-group 1

R2(config-if)#dialer pool 1

R2(config-if)#dialer remote-name R1

R2(config-if)#dilaer string 7782002

R2(config-if)#ppp authentication chap

 

 

ISDN PRI using Dialer Profiles

 

Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established)

>show isdn status

 

Configure ISDN PRI using Dialer Profiles

R1(config)#isdn switch-type basic-ni

R1(config)#dialer-list 1 protocol ip permit

R1(config)#username R2 password cisco

R1(config)#interface bri0

R1(config-if)#encap ppp

R1(config-if)#ppp authentication chap

R1(config-if)#isdn spid1 32177820010100

R1(config-if)#dialer pool-member 1

R1(config-if)#no shut

R1(config-if)#int dialer 2

R1(config-if)#no shut

R1(config-if)#ip add 201.10.1.1 255.255.255.0

R1(config-if)#encap ppp

R1(config-if)#dialer-group 1

R1(config-if)#dialer pool 1

R1(config-if)#dialer remote-name R2

R1(config-if)#dialer string 7782001

R1(config-if)#ppp authentication chap

 

R2(config)#isdn switch-type primary-5ess

R2(config)#dialer-list 1 protocol ip permit

R2(config)#username R1 password cisco

R2(config)#controller tl 0/0

R2(config-contoller)#framing esf

R2(config-contoller)#linecode b8zs

R2(config-contoller)#pri-group timeslots 1-24

R2(config-contoller)#exit

R2(config)#interface serial0/0:23

R2(config-if)#encapsulation ppp

R2(config-if)#ppp authentication chap

R2(config-if)#dialer pool-member 2

R2(config-if)#no shut

R2(config-if)#interface dialer 2

R2(config-if)#ip add 201.10.1.2 255.255.255.0

R2(config-if)#encaps ppp

R2(config-if)#dialer-group 1

R2(config-if)#dialer pool 2

R2(config-if)#dialer remote-name R1

R2(config-if)#dialer string 7782002

R2(config-if)#ppp authentication chap

R2(config-if)#no shut

 

 

IPX (Internetwork Packet Exchange)

 

Show IPX Interface Information

>show ipx interface

 

Show IPX Interface Information Brief

>show ipx interface brief

 

Show IPX Traffic

>show ipx traffic

 

Enable IPX Routing on Both Routers

#conf term

#ipx routing

 

Assign an IPX Network to the Ethernet Interfaces on the Routers

#interface Ethernet 0

(config-if)#ipx network AAA

(config-if)#no shut

 

 

FRAME RELAY

 

Show Global Frame-Relay Traffic Statistics

>show frame-relay traffic

 

Show Frame-Relay LMI (Local Management Interface) Traffic

>show frame-relay lmi

 

Show Frame-Relay Mappings of DLCI (Layer 2) to the IP Address (Layer 3)

>show frame-relay map

 

Show Frame-Relay PVC (Permanent Virtual Circuit) Mappings between Router and the Frame-Relay Switch

>show frame-relay pvc

 

Set the Interfaces Encapsulation to Frame-Relay on Both Routers

#interface serial 0

#encapsulation frame-relay

#no shut

 

Set the Frame-Relay Interface DLCI (Data Link Connection Identifer) for the Connection

R1(config-if)#frame-relay interface-dlci 102

R2(config-if)#frame-relay interface-dlci 202

 

Create Sub Interface and IP for Each Connection and Set DLCI on Connections

R1(config-if)#interface serial 0.100 point-to-point

R1(config-subif)#frame-relay interface-dlci 102

R1(config-subif)#ip address 172.16.1.1 255.255.255.0

R1(config-if)#interface serial 0.200 point-to-point

R1(config-subif)#frame-relay interface-dlci 103

R1(config-subif)#ip address 172.16.1.2 255.255.255.0

 

R2(config-if)#interface serial 0.100 point-to-point

R2(config-subif)#frame-relay interface-dlci 201

R2(config-subif)#ip address 172.16.2.1 255.255.255.0

 

R3(config-if)#interface serial 0.100 point-to-point

R3(config-subif)#frame-relay interface-dlci 301

R3(config-subif)#ip address 172.16.2.1 255.255.255.0

 

Set the LMI (Local Management Interface) Type

#conf term

(config)#int serial1

(config-if)#frame-relay lmi-type ansi

 

Set Frame Relay Map IP

#conf term

(config)#int serial1

(config-if)#frame-relay map ip 10.50.1.1 105 broadcast

 

 

STANDARD ACCESS LISTS

 

Show Access Lists

>show access-lists

>show access-lists 1

>show access-lists 99

 

View Access Lists Applied to an Interface

>show ip interface

 

access-list [#(1-99) ] [permit | deny] [source-address | keyword any] [source mask]

Create an Access List to Deny

#conf term

(config)#access-list 1 deny host 192.168.20.1

(config)#access-list 1 deny 192.168.20.2

(config)#access-list 1 deny 192.168.20.3 0.0.0.0

 

Create an Access List to Permit

#conf term

(config)#access-list 1 permit any

 

Delete an Access List

#conf term

(config)#no access-list 1

 

ip access-group [access-list] [in | out]

Add the Access Group to an Interface (in/out)

#conf term

(config)#interface ethernet 0

(config-if)#ip access-group 1 in

(config-if)#ip access-group 20 out

 

Remove the Access Group from an Interface (in/out)

#conf term

(config)#interface ethernet 0

(config-if)#no ip access-group 1 in

 

 

EXTENDED ACCESS LISTS

 

Show Access Lists

>show access-lists

>show access-lists 101 (100-199 and 2000-2699)

 

View Access Lists Applied to an Interface

>show ip interface

 

Create an Extended Access List

#conf term

(config)#access-list 101 deny icmp any any echo

(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log

(config)#access-list 102 permit tcp 24.17.2.0 0.0.0.15 any log

(config)#access-list 103 permit ip host 192.168.1.123 host 192.168.1.12 log

 

Delete an Extended Access List

#conf term

(config)#no access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log

 

Add the Access Group to an Interface (in/out)

ip access-group [access-list] [in | out]

#conf term

(config)#interface ethernet 0

(config-if)#ip access-group 101 in

(config-if)#ip access-group 102 out

 

Remove the Access Group from an Interface (in/out)

#conf term

(config)#interface ethernet 0

(config-if)#no ip access-group 101 in

 

 

 

NAMED ACCESS CONTROL LISTS

 

Show Access Lists

>show access-lists

 

Create a Named Access List to Deny Ping and Log

#conf term

(config)#ip access-list extended deny_icmp_ping

(config-ext-acl)#deny icmp host 192.168.1.20 192.168.1.1 0.0.0.0 log

(config-ext-acl)#permit ip any any log

 

Delete a Named Access List

#conf term

(config)#no ip access-list extended deny_icmp_ping

 

Add the Named Access Group to an Interface (in/out)

#conf term

(config)#interface FA0/0

(config-if)#ip access-group deny_icmp_ping in

 

Remove the Named Access Group from an Interface (in/out)

#conf term

(config)#interface FA0/0

(config-if)#no ip access-group deny_icmp_ping in

 

 

NAT/PAT (Network Address Translation/Port Address Translation)

 

Show IP NAT Translations

>show ip nat translations

 

Clear IP NAT Translations

#clear ip nat translation *

 

Show IP NAT Statistics

>show ip nat statistics

 

STATIC NAT

Add a Static NAT

#conf term

(config)#ip nat inside source static 10.50.1.2 10.70.1.2

(config)#interface ethernet 0

(config-if)#ip nat inside

(config-if)#interface serial 0

(config-if)#ip nat outside

 

Remove a Static NAT

#conf term

(config)#no ip nat inside source static 10.50.1.2 10.70.1.2

 

MANY-TO-ONE NAT

Add a Many-To-One NAT

#conf term

(config)#access-list 11 permit 10.50.1.0 0.0.0.255

(config)#ip nat inside source list 11 interface serial 0 overload

(config)#interface ethernet 0

(config-if)#ip nat inside

(config-if)#interface serial 0

(config-if)#ip nat outside

 

Remove a Many-To-One NAT

#conf term

(config)#no ip nat inside source static 10.50.1.2 10.70.1.2

 

DYNAMIC NAT (Using Pools)

Add a Dynamic NAT

#conf term

(config)#ip nat pool poolname1 10.50.1.100 10.50.1.150 netmask 255.255.255.0

(config)#ip nat inside source list 2 pool poolname1

(config)#interface ethernet 0

(config-if)#ip nat inside

(config-if)#interface serial 0

(config-if)#ip nat outside

 

Remove a Dynamic NAT

#conf term

(config)#no ip nat pool pool1 10.50.1.100 10.50.1.150 netmask 255.255.255.0

 

PAT (Port Address Translation)

Add a PAT

#conf term

(config)#ip nat inside source list 2 interface serial 0 overload

Remove a PAT

#conf term

(config)#no ip nat inside source list 2 interface serial 0 overload

 

 

Share this blog post on social media:

Latest Blog Posts

Popular

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes