Collection Of Cisco Commands Used For Configuration

 

Below is collection of Cisco commands that are often used in configuration. It covers 90% of CCNA commands.

__
Basic commands

enable - Priviliged exec mode
conf t - Enters global configuration
hostname - Renames router to
exit - Back once
end - Back to #

banner motd * - Editing banner, end with *
enable secret - Set enable password to

int x - Configure interface x
ip add IP MS - Set IP and MaSk for interface
no sh - Starts interface (w/ sh close int)
clock rate - Clock rate n for serial ports
bandwidth - Set bandwidth n in kilobit

line console x - Configure line x
line vty x - Configue vty x
password x - Password x for line
login - Logs in for password

service password-encryption - Encrypts password
no ip domain-lookup - No ip domain lookup
ip default-gateway - Default gateway (when no routing)
ip default-network - Default network (when there is routing)
ip route 0.0.0.0 0.0.0.0 - Default route address to 0, from/to (x=ip or int)
ip route - Static route from/to ip or interface
ip route - is the value for administrative distance
logging trap debugging - Shows all console messages

copy run start - Copies running config to startup
erase startup - Erases startup config
delete flash: - Delete from flash memory

__
Basic sh/debug commands

sh history - Shows history
sh run/start - Shows running/start config
sh int - Shows interfaces
sh arp - Shows arp
sh ip ro - Shows ip routes
sh prot - Shows protocols
sh users - Shows users

sh ip route
sh protocols
sh interface

debug ip rip/eigrp/ospf

__
SSH and user

hostname
ip domain name
crypto generate rsa

line vty 0 4
no transport input
transport input ssh

username privilege secret - Creates xy user with privelege(0-15) password

__
DHCP commands

ip dhcp pool x - Makes a dhcp pool with name x and enters
network ip ms - Gives IP and mask for dhcp pool
ip dhcp excluded-add ip ip - Excluded addresses (ex. 192.168.1.7-10)
dns-server ip - DNS server for dhcp
domain-name x - Configures x domain name
default-router ip - The default router address (switch)
lease n - Lease time (n) for dhcp clients

DHCP for VLANs

1. Create vlans (vlan 10) and assign vlan to port
1. Create trunk link
2. Create subint (int fa0/0.10)
3. Set encapsulation dot1q and IP address
4. Make dhcp pool
5. In pool set "default route"
6. Request dhcp

Note --> default route = int ip address

__
ACLs

1-99: standard
100-199: extended
2000-2699: extended

access-list 1 permit - Permits on acl 1
access-list 101 permit - Permits on acl 101
ip access-list - ACL using a name and (config-ext-nacl)#

Example:
access-list established
access-list 1 permit tcp 192.168.1.0 0.0.255.255 any eq 80 established

lt = less than
gt = greater than
neq = not equal
eq = equal
range = range of ports

int
ip access-group - Sets ACL on interface

__
NAT/PAT commands

Static NAT
ip nat inside - On interface, inside int
ip nat outside - On interface, outside int
ip nat inside source static - Global NAT config
ip nat outside source static - Global NAT config

Dynamic PAT
ip nat pool netmask - Makes a pool from to
ip nat source list pool - Uses an ACL on pool as NAT

Port Translation
ip nat source list interface overload - Configues PAT using ACL

sh ip nat translations
sh ip nat statistics

__
Switch Port security commands

switchport mode access - Turns on access mode
switchport port-security - Enables port security
switchport port-security mac - Enables port security statically
switchport port-security maximum n - Sets maximum number of secure addresses to n
switchport port-security mac-address sticky - Enables sticky learning for MAC

__
VLANs and VTP

sh dtp interface - To determine current settings

__
STP
spanning-tree vlan 1-4094 priority
spanning-tree vlan 1-4094 root primary
spanning-tree vlan 1-4094 root secondary

__
CDP commands

cdp run - Enables CDP
no cdp run - Disables CDP
cdp enable - Enable CDP for interface
no cdp enable - Disable CDP for interface
sh cdp x - Shows CDP (x=entry/interface/neighbor)

__
RIP
router rip - Router rip config
version - Sets version
network - Sets given ips for RIP
default-information originate - Advertise static routes

Secure RIP

Int-->
ip rip auth mode md5 - Use md5 for rip
ip rip auth key-chain - Use key chain for md5 (key chain needed!)

__
EIGRP

router eigrp - Router EIGRP config with AS number
network - Sets network info for share
no auto-summary - Disables auto-summary
redistribute - Shares routes: static, rip, ospf..etc
auto-summary - Enables auto summarization
passive-interface - Disables eigrp on an interface

Interface
ip summary-address eigrp as ip ms - Manual summarization
ip hello-interval eigrp as n - Eigrp hello interval, n=seconds
ip hold-time eigrp as n - Eigrp hold-timer, n= sec from 1 to 65535

sh ip eigrp topology ip - EIGRP Topology on ip

Secure EIGRP

router rip
passice-int default
no passive-int - turn off passives

Int-->
ip auth mode eigrp md5 - Use md5 for eigrp
ip auth key-c eigrp - Use key-chain for eigrp

__
OSPF
ip ospf
network - Sets network info for share
router-id - Router ID
clear ip ospf proces - Restarts ospf
passive interface - Disables ospf on an interface
default-information originate - Advertise static routes

int -
ip ospf priority - Priority on interface
ip ospf cost - Cost of interface
auto-cost reference - Bandwith
ip ospf hello-interval - Hello interval in sec
ip ospf dead-interval - Dead interval in sec

DR (highest ospf prio) > BDR
Backup Designated Router, others are DROthers. DR updates all.

Secure OSPF

router ospf
area auth message-dig

Int-->
ip ospf message-digest-key md5
ip ospf auth message-dig

__
BGP commands

router bgp n - Sets n as AS number for the router
neighbor ip remote_as n - Identifies bgp neighbor (for CPE)
network ip mas - Sets router's network address
metric weights tos k1-k5 - Changes metric for routing

__
Frame Relay

int x
encapsulation frame-relay - Needed for subintercae too!
frame-relay map ip - Give other side's DLCI
frame-relay map ip br - Sends broadcast too
sh fr map
sh fr pvc

int . point-to-point
frame-relay interface-dlci - Self DLCI number!

__
TFTP recovery

IP_ADDRESS - IP address on the LAN interface
IP_SUBNET_MASK - Subnet mask for the LAN interface
DEFAULT_GATEWAY - Default gateway for the LAN interface
TFTP_SERVER - IP address of the TFTP serve
TFTP_FILE - Cisco IOS filename on the server
tftpdnld - download