Cisco IOS Quick Reference Cheat Sheet

This document is restored from some notes I took while studying for CompTIA A+ and Cisco CCNA certifications when I was enrolled in Columbia Basin Job Corps from Feb 2007 to Jan 2009 . My original goal of this document was to fit this on one sheet of paper by changing to landscape view and printing two pages per side with the duplex option. If you have comments or see any errors you can skype me at mrcambron Bookmark this page on your Android or iPhone!

Contents
Router Modes (Page 1) Quick Start (Page 2) Restrict Access to Router (Page 2) Perform Password Encryption Service (Page 2) Setup SSH and disable telnet (Page 2) Doing the do Command (Page 2) Configurations: View, Save, Erase (Page 2) SDM Basic Setup for http, https (Page 3) Configure an interface (Page 3) Connectivity (Page 3) Telnet (Page 3) Default and Static Routes (Page 3) DHCP Server (Page 4) NAT / PAT (Page 4) Privilege Level Account (Page 4) Switch: Basics (Page 4) Switch: Port Security (Page 4) Switch: VLAN (Page 5) Switch: Configure port as a Trunk Port (Page 5) Switch: VTP (Version 1) (Page 6) Inter-VLAN Routing (Page 6) RIP (Page 6) BGP (Page 6) EIGRP (Page 6) OSPF (Page 7) Access List (Page 8) Send logging to syslog server (Page 9) Set Clock (Page 9)

Router Modes
R> (User-mode prompt) R# (Privileged-mode prompt) R(config)# (Global configuration mode) R(config-if)# (Interface mode) R(config-subif)# (Subinterface mode) R(config-line)# (Line mode) R(config-router)# (Router configuration mode)

Cisco IOS Quick Reference Cheat Sheet 2.0

1 of 9

com] R(config)# crypto key generate rsa general-keys modulus [1024] R(config)# ip ssh time-out [180] R(config)# ip ssh authentication-retries [2] R(config)# line vty 0 4 R(config-line)# transport input ssh Doing the do Command (No need to be in R#) R(config)# do show run R(config)# do show int fa0/0 R(config)# do ping [172.Quick Start R> enable R# config terminal R(config)# hostname [Router1] R(config)# exit R# R# ? (Help with commands) Restrict Access to Router Privileged-mode R(config)# enable password [password] (Plain Text) R(config)# enable secret [password] (Hashed) User-mode (Select a line) R(config)# line console 0 R(config)# line vty 0 4 R(config)# line aux 0 R(config)# password [password] R(config)# login R(config)# exec-timeout [10] [0] (M.0 2 of 9 .16. Save. S) Perform Password Encryption Service R(config)# service password-encryption Setup SSH and Disable Telnet R(config)# ip domain-name [R1.MrCambron. Erase R# show running-config R# show startup-config R# copy run start (Copies run as startup-config) R# write R# erase start R# reload (Reboots the router) Cisco IOS Quick Reference Cheat Sheet 2.1] Configurations: View.0.

1] R# traceroute [172.0 3 of 9 .0.0.10 255.255.248] R(config-if)# no shutdown R(config)# ip http server R(config)# ip http secure-server R(config)# ip http authentication local R(config)# username [cisco] privilege 15 password 0 [cisco] R(config)# line console 0 R(config-line)# login local R(config)# line vty 0 4 R(config-line)# privilege level 15 R(config-line)# login local R(config-line)# transport input ssh Configure an Interface R(config)# interface [fa0/0] R(config-if)# description [Sales VLAN] R(config-if)# ip address [192.0.16.1] R# telnet [172. NCP) R(config-if)# encapsulation ppp PPP Authentication Using chap R(config)# hostname RA RA(config)# username RB password cisco RA(config-if)# ppp authentication chap Troubleshooting and Viewing Information R# show controllers serial 0/0/0 (layer 1 and layer 2 info) R# show ip interface brief R# show interface (View LCP is open) R# debug ppp negotiations (PPP packets during startup phase) R# debug ppp packet (real-time PPP packet flow) Connectivity R# ping [172. Authentication.1] R# show interface [fa0/0] R# show ip interface [fa0/0] (layer 3) Telnet R> telnet 172.0.0.0 172.0.0] R(config-if)# no shutdown R(config-if)# clock rate [64000] (only for Serial DCE) PPP Encapsulation (Phases: LCP.10.0.168.2] Cisco IOS Quick Reference Cheat Sheet 2.255.16. https R(config)# int fa0/0 R(config-if)# ip address [10.255.SDM Basic Setup for http.17.1] [255.1 R1# terminal monitor (Displays console messages) R1# terminal no monitor Default and Static Routes R(config)# ip route [0.0.0.16.0 0.255.10.1.16.

17.0.2] R# show ip route DHCP Server R(config)# ip dhcp pool [Pool_Name] R(dhcp-config)# network [172.202.10.165.255.1.16.224] R(config)# int [fa0/0] (Inside interface) R(config-if)# ip nat inside R(config)# int [serial0/0] (Outside interface) R(config-if)# ip nat outside Dynamic NAT R(config)# access-list 1 permit 172.16.255.0.1 172.0.255.0] [172.0.16.1] R(config)# ip dhcp excluded-address [172.0.16.255.165.255.0.16.255.99] NAT / PAT NAT R(config)# ip nat inside source static [10.0 0.0.140 R(config)# ip nate inside source list 1 pool pud-addr R(config)# int fa0/0 R(config)# ip address 172.1 255.17.0.dat S# reload S# show run S# show ip interface Switch: Port Security S(config)# interface fa0/18 (use this or next line) Cisco IOS Quick Reference Cheat Sheet 2.2 209.131 209.0 255.1 255.10.17.200.0 0.2] R(dhcp-config)# default-router [172.1 172.0] R(dhcp-config)# dns-server [172.165.18.16.0.202.0 R(config)# ip nat inside R(config)# int ser0/0/0 R(config)# ip address 209.0.202.0.17.0.0.255 R(config)# ip nat pool pub-addr 209.0 4 of 9 .255 R(config)# ip nat inside source list 1 int ser0/0/0 overload R(config)# int fa0/0 (inside) R(config)# ip nat inside R(config)# int ser0/0/0 (outside) R(config)# ip nat outside R# show ip nat translations (Verify NAT translation) Privilege Level Account R(config)# username [admin] privilege 15 password 0 [cisco] Switch: Basics S# erase start S# delete vlan.165.0.0 R(config)# ip nat outside PAT R(config)# access-list 1 permit 172.0 255.0.R(config)# ip route [172.0.

0 5 of 9 .24 S(config-if)# switch port-security Port Security Options S(config-if)# switchport port-security mac-address [MAC: MAC_Address | Sticky: (Last Source MAC)] S(config-if)# switchport port-security maximum [Max# MAC allowed] S(config-if)# Switchport port-security violation [shutdown | restrict | protect] Disable Port Security S(config)# interface fa0/18 S(config-if)# no switchport port-security Troubleshoot and View Status of Port Security S# show port-security address S# show port-security interface [fa0/1] S# show mac-address-table Switch: VLAN S(config)# vlan [vlan_number] S(config-vlan)# name[vlan_name] Assign Ports to a VLAN S(config)# interface fa0/1 S(config-if)# switchport access vlan [vlan_number] Remove a VLAN S(config)# no vlan [vlan_number] S(config)# interface fa0/1 S(config-if)# no switchport access vlan [vlan_number] Verify VLAN S# show vlan ? Switch: Configure port as a Trunk Port S(config)# interface fa0/1 S(config-if)# switchport mode truck S(config-if)# switchport trunk encapsulation [dot1q | ISL | negotiate] Configure a Port to Detect Trunk Link S(config-if)# switchport mode dynamic [desireable | auto] Configure native VLAN on a Trunk Port S(config-if)# dot1q native vlan [vlan_id] Configure a Port back to an access port S(config-if)# no switchport mode trunk (or next line) S(config-if)# switchport mode access Cisco IOS Quick Reference Cheat Sheet 2.S(config)# interface range fa0/1 .

0.0 RIP R(config)# router rip R(config-router)# version 2 R(config-router)# network [192.16.0] R# show ip route R# debug ip route RIP: Misc Commands R(config-router)# no auto-summary R(config-router)# passive-interface [fa0/0] R# show ip rip database RIP: Troubleshoot R# show ip route R# show ip protocol R# show running-config R# show interfaces R# show ip interface R# show ip route R# debug ip rip BGP R(config)# router bgp [100-AS number] R(config-router)# neighbor [10.0 6 of 9 .168.10 R(config-subif)# encapsulation dot1q10 R(config-subif)# ip address 192.0] Cisco IOS Quick Reference Cheat Sheet 2.255.10.19.0] R(config-router)# network [172.10.10.10] remote-as [100] R(config-router)# network [172.0.0] EIGRP R(config)# router eigrp [AS_Number] (AS must match) R(config-router)# network [172.168.1 255.19.Switch: VTP (Version 1) S(config)# vtp domain [vtp_domain] S(config)# vtp mode [server | client | transparent] S(config)# vtp password [password] S# show vtp [status | password | counters] S# show vlan brief Configure VTP Server and add VLANs S# vlan database S(vlan)# ? Inter-VLAN Routing R(config)# interface fa0/1 R(config-if)# no ip address R(config-if)# no shutdown R(config)# interface fa0/1.255.4.0.

0.255.3 area [0] R(config-router)# area [0] authentication message-digest R(config-if)# ip address 10.Key Creation R(config)# key chain [name_of_chain] R(config-keychain)# key 1 R(config-keychain-key)# key-string [san_fran] R(config)# interface [serial0/0/1] R(config-if)# ip authentication mode eigrp [AS_num] md5 R(config-if)# ip authentication key-chain eigrp [100 AS_R1] EIGRP .1 255.0 R(config-if)# ip ospf message-digest-key 10 md5 [area_password] R# show ip ospf ? R# debug ip ospf ? Tuning Priority R(config-if)# ip ospf priority [1-255] Tuning Router ID.1 (Router ID) R(config-if)# ip address 10.10.0 0.1.255.0. Interface Address R(config-router)# router-id 10.255.0 (Interface Address) (After changing interface priority or router ID use next line) R# clear ip ospf process Tune Reference Bandwidth R(config-router)# auto-cost reference-bandwidth [10000] (Mbit) Configure Interface Cost Value R(config)# ip ospf cost Cisco IOS Quick Reference Cheat Sheet 2.1.168.168.255.255.0 EIGRP .255 (Loopback Address) R(config-if)# ip address 192.0 255.Manual Summarization R(config-router)# no auto-summarization R(config-if)# ip summary-address eigrp 1 172.1 255.255.0.1.0 7 of 9 .1. Loopback Address.0.0 255.Information and Troubleshoot R# show ip eigrp topology (Examine topology tables) R# show ip eigrp traffic (Examine statistics) R# show ip route (Examine routing tables) R# debug ip eigrp (Observe routing activity) R# debug ip route (Observe routing activity) OSPF: Enable and Advertise Networks R(config)# router ospf [process_id] (1-65535) R(config-router)# network 192.255.Passive Interface R(config-router)# passive-interface serial0/1 EIGRP .1.1.17.255.EIGRP .

168.10 R(config)# access-list 100 permit tcp any host 10.0 255.0.0.1.Propagating a Default Router R(config)# ip router 0.0 8 of 9 .2 any range ftp-data ftp Named R(config)# access-list [standard|extended] SALES-ONLY R(config-ext-nacl)# permit 192.255 R(config-ext-nacl)# permit host 192.168.255 any log R(config)# access-list 100 deny ip any any log R# no logging console (turns off) Cisco IOS Quick Reference Cheat Sheet 2.0.16.0 Verify and Troubleshoot R# show ip protocols R# show ip ospf ? R# show ip route R# debug ip ospf ? Access List: Standard (Place close to destination) R(config)# access-list [1-99|1300-1999] remark [To servers] R(config)# access-list 1 [deny|permit] [source] [mask] R(config)# access-list 1 permit any R(config)# no access-list 1 Extended (Place closest to source) R(config)# access-list [100-199|2000-2699] remark [to servers] R(config)# access-list 100 [permit|deny] [tcp|ip|ospf] [source] [mask] host [destination] [mask] [eq|gt|lt] [tcp_port] R(config)# access-list 100 permit ip host 192.10.10.0.168.0 serial0/0/0 R(config-router)# default0information originate Configuring OSPF Summarization R# area 0 range 192.0.0 0.0.1.10 host 192.0.1.250 eq 80 R(config)# access-list 101 permit tcp any any established R(config)# access-list 123 tcp host 172.5.252.168.0.10.2 0.0 0.255.20.168.168.3 R(config-ext-nacl)# deny any Assign ACL to an Interface R(config-if)# ip access-group [100] [in|out] Assign ACL to vty R(config-line)# access-class 1 in Default ACL Match Tracking R# show access-list [1|100|name] (how many matches) ACL Console Logging R(config)# no access-list 100 R(config)# access-list 100 permit ip host 192.0.

1 R1(config-if)# ip access-group 10 in R1(config-if)# ip nat inside R1(config)# int Ser0/0/0 R1(config-if)# ip address 209.1 R1(config-if)# ip nat outside R(config)# ip nat inside source list 1 int ser0/0/0 overload R(config)# access-list 10 permit 192.168.0.0 9 of 9 .1.168.1.0.255 Troubleshooting and Viewing ACLs R# show access-lists (Displays all ACLs) R# clear access-list counters R# debug ip packet Send logging to syslog server R1# clock set 15:22:00 may 17 2007 R1(config)# clock timezone cst -8 R1(config)# service timestampts R1(config)# logging 192.168.201.165.1.6 R1(config)# no logging console Set Clock R# clock set 18:30:00 sep 17 2008 R# clock timezone EST -8 Cisco IOS Quick Reference Cheat Sheet 2.Configuring an ACL with NAT R1(config)# int fa0/0 R1(config-if)# ip address 192.0 0.