A little cheat-sheet for some of the Cisco CLI commands. I can’t guarantee that this is a complete list.
Level Legend
| Level | Symbol |
|---|---|
| user EXEC | > |
| privileged EXEC | # |
| global config. | conf |
| interface config. | if |
| router config. | rout |
Command Table
Italics denote user-selected input, curly braces denote optional extra commands
| Command | Description | Level | Devices |
|---|---|---|---|
| ? | contextual command — use this while typing a command for a list of options, or run by itself for a list of all available commands on the system | any | any |
| channel-group virtual-interface-number mode EtherChannel-mode | Sets the selected interface(s) to the specified EtherChannel protocol & mode. See EtherChannel for more info. | if | switch |
| channel-protocol protocol | Explicitly configure which EtherChannel protocol the selected interface(s) will use. This command is mostly useless as setting the EtherChannel mode (which must be done anyway) will automatically select the correct protocol anyway. Possible values for protocol are lacp and pagp. If you later try to configure a mode with a conflicting protocol to the one specified with this command you will receive a protocol mismatch error. | if | switch |
| configure terminal | enter global configuration mode | # | any |
| do ___ | run a command in global config mode without having to exit | conf | any |
| enable | enter privileged EXEC mode | > | any |
| enable password password | Configure a plaintext password for privileged EXEC mode — inadvisable | # | any |
| enable secret password | Enables a type 5 MD5 encrypted password. Supersedes normal passwords. The least you could do, really. | # | any |
| exit | exit current mode to next lower lever, e.g. global config → privileged EXEC, priv. EXEC → user EXEC | any | any |
| interface interface-id | enter configuration for the particular interface | conf, if | any |
| interface range interface-ids | Select multiple interfaces at once for simultaneous configuration. You can select multiple consecutive IDs with a dash (e.g. Fa0/1-5), or you can select non-consecutive IDs with a comma-separated list (e.g. Fa0/1,2,5) | conf, if | switch |
| port-channel load-balance balance-method | Change the current EtherChannel [[Cisco CCNA/Networking/EtherChannel#Load-Balancing | conf | switch | |
| service password-encryption | Encrypt current and future passwords using type 7 Cisco encryption. Still inadvisable. | # | any |
| show data | presents requested information; there’s a lot of possible values for (x) here | # | any |
| show etherchannel load-balance | Displays the current EtherChannel [[Cisco CCNA/Networking/EtherChannel#Load-Balancing | # | switch | |
| show etherchannel port-channel | displays information about the virtual port-channel interfaces on the switch | # | switch |
| show etherchannel summary | Displays basic info about EtherChannel] on the switch | # | switch |
| show interfaces interface-id switchport | displays switchport mode and other info of specified interface | # | switch |
| show interfaces trunk | displays which interfaces are configured as trunk ports, as well as which VLANs are allowed on each | # | switch |
| show ip route | shows the current routing table | # | switch |
| show spanning-tree {vlan vlan-id-number} | Displays STP info and whether the switch is root. Optional VLAN specification, if omitted will display for all VLANs | # | switch |
| show vlan {brief} | shows info about all VLANs configured on the device | # | switch |
| show vtp status | shows useful information about a switch’s [[DTP & VTP#VTP\ | VTP]] capabilities and configuration | # |
| spanning-tree bpduguard enable | enables [[STP#BPDU Guard\ | STP BPDU Guard]] on the interface | if |
| spanning-tree mode mode | Change the STP mode of the switch. Available modes: mst, pvst, rapid-pvst | conf | switch |
| spanning-tree portfast | enable [[STP#Portfast \ | STP Portfast]] on the interface | if |
| spanning-tree portfast bpduguard default | enables [[STP#BPDU Guard \ | STP BPDU Guard]] on all portfast-enabled interfaces | conf |
| spanning-tree portfast default | enable [[STP#Portfast \ | STP Portfast]] on all access ports | conf |
| spanning-tree vlan vlan-number cost cost | Manually configure the route cost of an interface. Value must be and integer between 1 and 2,000,000. | if | switch |
| spanning-tree vlan vlan-number port-priority priority | Manually configure the port priority of the interface. Value must be between 0 and 224 in increments of 32. | if | switch |
| spanning-tree vlan vlan-number root primary | Sets the switch as the root by changing its STP priority to 24576 (or 4096 less than the lowest priority of any other switch on the network) | conf | switch |
| spanning-tree vlan vlan-number root secondary | Sets the switch as next-in-line to be root by changing its STP priority to 28672 | conf | switch |
| switchport nonegotiate | Disable [[DTP & VTP#DTP\ | DTP]] negotiation on the interface | if |
| router rip | Enter RIP configuration mode | conf | router |
| no auto-summary | Disables auto-conversion of networks the router advertises to classful networks. You need to use this to properly handle subnets on a RIP-enabled router. See RIP and EIGRP | rout (RIP/EIGRP) | router |
| version version-number | Select the version of RIP to be used. You probably want at least version 2 for subnetting support. See RIP | rout (RIP) | router |
| network ip-address | OSPF: Same as EIGRP, see below. See OSPF EIGRP: Works like in RIP (see below), although you can specify a netmask. Assumes classful address if no mask specified. See EIGRP#Configuration RIP: Prompt RIP to look for interfaces with an IP address that are within the specified range, then activate any such interfaces it finds. It will also form adjacencies with connected RIP-enabled neighbors and advertise the network prefix of the interface (not the prefix of the address provided in this command, see below). This command is classful. Whatever address you ender will be converted to a classful network address e.g. 10.0.12.0 will be converted to 10.0.0.0. Hence, you don’t need to specify a netmask. See RIP | rout (RIP/EIGRP) | router |
| passive-interface interface-id | Tell the Dynamic Routing protocol that an interface does not have any RIP/EIGRP neighbors and advertisements should not be sent along that interface. The router will continue to advertise the connected network prefix to its RIP/EIGRP-enabled neighbors. See RIP and EIGRP | rout (RIP/EIGRP) | router |
| default-information originate | Shares the router’s default route with RIP. | rout (RIP) | router |
| show ip protocols | Shows information about current IP protocols, including the current Dynamic Routing protocol and related info. | # | router |
| maximum paths number | Set the maximum number of paths that RIP will use to load-balance traffic in ECMP. Default 4. | rout (RIP) | router |
| router eigrp number | Enter EIGRP configuration mode. The number denotes the Autonomous System (AS) number. The AS number must match between routers for them to form an adjacency. | conf | router |
| router ospf process-ID | Enter OSPF configuration mode. The process ID is locally significant; routers with different process IDs can still become OSPF neighbors. See OSPF | conf | router |
| show interface interface-ID | Shows some diagnostic info on a specific interface. | # | any |
| show ip ospf database | Displays the entire OSPF LSDB | # | router |
| show ip ospf neighbor | Displays the router’s OSPF neighbors | # | router |
| show ip ospf interface [interface-ID] | Displays OSPF information about interfaces. Add an interface ID for information on a specific interface, or leave blank for information about all interfaces. | # | router |
| auto-cost reference-bandwidth mbps | Change the OSPF reference bandwidth used for making cost calculations. The default is 100 Mbps. It is recommended to use a higher value than the default. Ideally, use a value higher than the fastest links in the network. | rout (OSPF) | router |
| bandwidth bandwidth | Change the configured bandwidth of an interface. Doesn’t actually make the interface operate faster or slower, but this value is used in a number of calculations, including some Dynamic Routing Protocol’s metric calculations. If you want to change the speed at which the interface actually operates, use the speed command. Bandwidth is specified in kilobits-per-second. | if | any |
| speed speed | Changes the speed at which the interface operates. | if | any |
Abbreviations and Autocomplete
- You never need to type out the entire command in a Cisco CLI; you only need enough letters that there’s only one possible meaning for the command
- e.g.
conf twill be interpreted asconfigure terminal
- e.g.
- pressing tab while typing a word will autofill the completed keyword if there is only one command applicable