A Comprehensive Guide Written by Sayed Hamza Jillani, Software/Network Engineer.

This CCNA command ‘cheat sheet’ covers both ICND parts 1 & 2 and covers the current
CCNA exam (640-802).

Whilst not an exhaustive IOS command list it covers the majority of commands found in the
exam. Older ‘cheat sheets’ may contain additional commands, such as IPX which is no longer
in the exam.

Cisco Modes

Description Keyboard short cut

User mode Switch>

Enter Privilege mode Switch>enable

Privileged mode Switch#

Enter configuration mode Switch#configure terminal

Global Config mode Switch(config)#

Enter Interface mode Switch(config)#interface fa0/1

Interface mode Switch(config-if)

Return to global Switch(config-if)exit

configuration

Exit Global Config mode Switch(config)#exit

Return to use mode Switch#disable

Logout Switch>exit

Keyboard Shortcuts

Description Keyboard shortcut

Recall Previous command Up arrow or <Ctrl> p

Recall Next command Down arrow or <Ctrl> n

Beginning of command <Ctrl> a

End of command <Ctrl> e

Delete input <Ctrl> d

Exit Configuration Mode <Ctrl> z

Complete command TAB

[email protected]
Device Configuration

Description Commands
Configure device system Switch(config)#hostname sw1
name

Sets the encrypted enable Switch(config)#enable secret cisco

password

Sets the unencrypted enable Switch(config)#enable password cisco

password

Enable password encryption Switch(config)#service password-encryption

on all clear text password
within the configuration file

Configure a Message Of The Switch(config)#banner motd $

Banner, with an ending
character of $

Assign IP address to vlan Switch(config)#int vlan 1

Switch(config-if)#ip addr 172.22.1.11
255.255.255.0

Assign Default gateway, note Switch(config)#ip default-gateway 10.1.1.1

the mode

Select one interface Switch(config)#int fa0/1

Select a range of interfaces Switch(config)#int range fa0/1 – 12

(version dependant)

Set the interface description Switch(config-if)#description

Add vlan using config mode switch(config)#vlan 11

switch(config-vlan)#name test

Configure Interface fa0/1 @ Switch(config-if)#speed 100

speed 100 Mbps and full Switch(config-if)#duplex full
duplex

Assign interface to vlan switch(config-if)#switchport access vlan 11

Enable Port Security. Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security
mac-address sticky

Disable Interface Switch(config-if)shutdown

Enable Interface Switch(config-if)no shutdown

[email protected]
Configures 5 Telnet sessions Switch(config)#line vty 0 4
each with a password of Switch(config-line)#login
‘cisco’ Switch(config-line)#password cisco

Enable and define console Switch(config)#line con 0

password of ‘cisco’ Switch(config-line)#login
Switch(config-line)#password cisco

Synchronise console Switch(config-line)#logging synchronous

messages (keep what you
have typing on the screen)

Set the timezone and Switch(config)#clock timezone gmt 0

automatically adjust Switch(config)#clock summer-time gmt
recurring

Sets the switch priority for Switch(config)#spanning-tree vlan 1 priority

the vlan. This combined with 4096
the switch mac address
creates the switch BID

Enables portfast Switch(config)#int fa0/1

Switch(config-if)#spanning-tree portfast

Enables RSTP. Other Switch(config)#spanning-tree mode rapid-pvst

options are, PVST and MST

Creates a vlan. Note this Switch(config)#vlan 2

now done in config mode Switch(config-vlan)#name sales
not vlan database. Also note
the ‘int vlan’ command does
NOT create vlans

Assign an interface to vlan 2 Switch(config-if)#switchport access vlan 2

Unconditionally forces an Switch(config-if)#switchport mode trunk

interface into trunking. Other
options are access and
dynamic

Manually assign a switch to Switch(config)#vtp domain lab

a VTP domain. A switch will
automatically become part of
a VTP domain if it’s currently
in the ‘null’ domain and
receives a VTP frame

Changes the VTP mode from Switch(config)#vtp mode client

the default ‘server’ mode to
client mode. In client mode
no changes can be made

Enable the http server to Router(config)#ip http server

SDM can be used

[email protected]
Defines a username and Router(config)#username sue password cisco
password. The list can be
used for many things from
PPP authentication to user
access

Defines a local host file. Like Router(config)#ip host mypc 10.1.1.3

/etc/hosts in unix

Disables DNS lookup. Useful Router(config)#no ip domain-lookup

when a command as been
miss typed

Sets the logical (not Router(config)#int s0

physical) bandwidth of Router(config-if)#bandwidth
interface. This is used by
routing protocols, SNMP
queuing etc

Sets the physical clock Router(config-if)#clock rate 64000

Set the serial interface WAN Router(config-if)#encapsulation hdlc

encapsulation. Other options
are PPP or frame-relay

Authentication on PPP is Router(config-if)#ppp authentication chap

optional. This command
enable chap on the interface.
Other option PAP

Defines the type of LMI Router(config-if)#frame-relay lmi-type cisco

being used. If left un-
configured the correct LMI
type should be automatically
detected

Defines a static route. Router(config)#ip route 50.0.0.0 255.0.0.0

Renumber static routes have 10.1.2.1
an admin distance of 1.
Therefore will over ride any
dynamic routing.

Enables RIP version 1 on all Router(config)#router rip

LOCAL interfaces which Router(config-router)#network 10.0.0.0
have a 10.x.x.x address

Enables RIP version 2 Router(config-router)#version 2

Enable the router to provide Router(config)#ip dhcp pool MYPOOL
a DHCP service. Router(dhcp-config)#network 10.1.1.0
255.255.255.0
Router(dhcp-config)#default-router 10.1.1.1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address
10.1.1.1 10.1.1.99
Changes the config register Router(config)#config-register 0x2102
which controls what the

[email protected]
router does when the router
boots

Creates a logical sub Router(config)#int fa0/0.1

interface below the physical
interface

Enables 802.1q trunking on Router(config-subif)#encapsulation dot1Q 1

the interface

Define the ip address Router(config-subif)#ip address 10.1.1.1

255.255.255.0
Enable OSPF on any local Router(config-)#router ospf 1
interface which start with the Router(config-router)#network 10.1.0.0
ip address 10.1.x.x. Note the 0.0.255.255 area 0
inverted mask

EIGRP can be configured in Router(config)#router eigrp 1

a similar way to RIP or the Router(config-router)#network 172.16.0.0
mask option could be used Or
Router(config-router)#network 172.16.2.0
0.0.0.255
Defines a standard ACL. Router(config)#access-list 1 permit
Standard ACL use number 172.16.1.1
1-99

Defines an Extended ACL. Router(config)#access-list 101 deny tcp host

The first address is the 172.16.1.1 host 172.16.2.1 eq telnet
source IP address Router(config)#access-list 101 permit ip any
any

Use the group command to Router(config)#interface fa0/0

attach an ACL to an Router(config-if)#ip access-group 1 out
interface.
is used under an interface if
the ACL is to filter traffic

An example using named Router(config)#ip access-list extended

ACL in stead of numbers my_list
Router(config-ext-nacl)# deny tcp host
172.16.1.1 host 172.16.2.1 eq ftp
Router(config-ext-nacl)# permit ip any any

Attaching a named ACL to Router(config)#int fa0/0

an interface Router(config-if)#ip access-group my_list in

Configuring a static NAT to Router(config)#ip nat inside source static

allow a server to be access 10.1.1.2 interface s0/0/1
via the Internet, using the IP
address on interface s0/0/1

Defining interface which NAT Router(config)#int fa0/0.1

takes place between Router(config-if)#ip nat inside

Enables RIPng Router(config)#ipv6 unicast-routing

ROuter(config)#ipv6 router rip ccna

[email protected]
 Router(config)#int s0/0/0
Router(config-if)#ipv6 rip ccna enable

Privilege
Commands

Description Commands
Manually starts the setup Switch#setup
dialog which is automatically
invoked when the device
starts with no config

Displays the config held in Switch#show running-config

DRAM. Which is lost if not
copy run start command is
not used

Displays the NVRAM (None Switch#show startup-config

volatile) config.

Saves the config. Without Switch#copy running-config startup-config

this command all
changes/configuration will be
lost.

Saves the running config to a Switch#copy running-config tftp

TFTP server

Copies IOS files to a TFTP Switch#copy flash tftp

server

Copies files from a TFTP Switch#copy tftp flash

server the device flash

Erase the config held in Switch#erase startup-config

NVRAM. If this is followed
with the reload command all
configuration is lost

Reboots the device Switch#reload

Abort sequence <Shift> <Ctrl> 6

Suspend Telnet Session <Shift> <Ctrl> 6(then let all keys go, then)x

Show the current sessions. Switch#show sessions

The one with a * is your
active session

Forcible closes a telnet Switch#disconnect

session

Set the device local clock. Switch#clock set 10:00:00 april 2 2008
Note this is not done in
config mode

[email protected]
Display the IOS version Switch#show version
along with other useful info
e.g sys uptime, config
register etc

Displays the file contents of Switch#show flash

the flash

Displays the clock Switch#show clock

Displays the users currently Switch#show users

logged on

By default displays the last Switch#show history

10 commands

Displays the ARP cache Switch#show arp

Displays the spanning tree Switch#show spanning-tree vlan 1

status on vlan 1

Lists all the configured vlans Switch#show vlan

Displays VTP info such as Switch#sh vtp status

VTP mode, VTP domain,
VTP counter.

Ping selected address Switch#ping 10.1.1.1

Extended ping. Must be in Switch#ping

privilege mode

Display the interface status Switch#show int fa0/1

Displays the vlan status and Switch#show interfaces vlan 1

the IP address VLAN 1
(often the management vlan)

Displays a list of CDP Switch#show cdp neighbors

neighbours

Extended information on the Switch#show cdp neighbors details

above

Display CDP packets as they Switch#debug cdp packets

arrive

Display ping packets as they Switch#debug icmp packets

arrive

Display switch MAC Switch#show mac address-table

Addresses table. These
entries are learnt from the
source mac address in the
Ethernet frames

[email protected]
Displays the interface Router#show ip interface brief
operational status and IP
addresses for all router
interfaces

Displays all the configured Router#show ip protocols

routing protocols

Displays the IP routeing Router#show ip route

table

Displays the NAT Router#show ip nat translations

translations

Displays the physical cable Router#show controllers s 0

DTE/DCE, x.21, V.35,
RS232 configuration

Displays the end-to-end Router#show frame-relay pvc

status. Recall that ‘show
interface’ does not

Displays the type of LMI and Router#show frame-relay lmi

the number LMI frames

Displays the frame relay Router#show frame-relay map

inverse ARP table

To be come neighbours both Router#show ip ospf neighbor

the local and remote
interface must be correctly
configured.

If adjacent routers don’t Router#show ip ospf interface

become neighbours. Then
use the command to check
the local router interface is
configured correctly

Same information as the Router#show ip eigrp neighbor

above OSPF commands but
with EIGRP. Remember that
AS numbers MUST match

Same information as the Router#show ip eigrp interface

above OSPF commands but
with EIGRP

IPv6 ping. Recall that :: Router#ping 2000:1000:500:3::1

means all zero in between

[email protected]