Common Cisco commands

Enable name lookup

SW1(config)# ip domain-lookup
SW1(config)# ip name-server YOUR.DNS.SERVER.IP
SW1(config)# ip domain name yourDomainName.com

Disable name lookup

SW1(config)# no ip domain-lookup

Give DNS domain name

SW1(config)# ip domain-name example.com

Increase SSH session timeout (e.g. 720 mins = 30 hours and 0 sec)

SW252(config)# line vty 0 4
SW252(config-line)# exec-timeout 720 0

Change History buffer & logging behavior

SW1(config)# line vty 0 4
SW1(config-line)# history size 15
SW1(config-line)# logging synchronous

Prevents breaking your line output especially when typing

SW252(config)# line vty 0 4
SW252(config-line)# logging synchronous

Change hostname

Switch(config)# hostname SW123

Set password (in clear text)

SW1(config)# enable password cisco

Set password (MD5 hash)

SW1(config)# enable secret cisco

Secure console

SW1(config)# line con 0
SW1(config-line)# password cisco
SW1(config-line)# login

Secure terminal lines

SW1(config)# line vty 0 4
SW1(config-line)# password cisco
SW1(config-line)# login

Encrypt password in config

SW1(config)# service password-encryption

Add banners

SW1(config)# banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
UNAUTHORIZED ACCESS IS PROHIBITED 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
$

Give VLAN 192 an IP address

SW1(config)# interface vlan 192
SW1(config-if)# ip address 192.168.1.x 255.255.255.0

Delete vlan 192

SW1(config)# no vlan 192

Set default gateway

SW1(config)# ip default-gateway 192.168.1.1

Save config

SW1# copy running-config startup-config
or
SW1# wr

Set Description, speed, duplex

SW1(config)# interface fastEthernet 0/1
SW1(config-if)# description FIREWALL
SW1(config-if)# speed auto
SW1(config-if-range)# duplex full

Show RAM, NVRAM, flash, IOS

SW1# show version

Shows current configuration file stored in DRAM

SW1# show running-config

Show configuration in NVRAM used at boot process

SW1# show startup-config

Show commands currently held in the history buffer.

SW1# show history

Shows the public encryption key used for SSH

SW1# show crypto key mypubkey rsa

If interface is configured to get IP address via a dhcp server

SW1# show dhcp lease

Access port and enable security

SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 192
SW1(config-if)# switchport port-security

Auxiliary VLAN for cisco IP phones

SW1(config-if) #switchport access vlan 192
SW1(config-if) #switchport voice vlan 10

Trunk

SW1(config)# interface fastEthernet 0/1
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan add 192

VTP (transparent mode is used when deactivating VTP)

SW1(config)# vtp mode server
SW1(config)# vtp domain YourDomain.com
SW1(config)# vtp password cisco
SW1(config)# vtp version 2

VTP pruning only works on VTP servers

SW1(config)# vtp pruning

Checklist for VLAN & VTP

SW1# show interfaces trunk
SW1# show vlan
SW1# show vlan brief
SW1# show vlan id 192
SW1# show vlan summary
SW1# show vtp status
SW1# show vtp password

STP (hard code root bridge)

SW1(config)# spanning-tree vlan 192 root primary
SW1(config)# spanning-tree vlan 192 root secondary
SW1(config)# spanning-tree vlan 192 priority 8192

Change STP mode

SW1(config)# spanning-tree mode rapid-pvst

Change STP port cost

SW1(config-if)#spanning-tree vlan 192 cost 25

Portfast and BPDU guard (for end user only)

SW1(config-if)# spanning-tree portfast
SW1(config-if)# spanning-tree bpduguard enable

BPDU guard globally

SW1(config)# spanning-tree portfast bpduguard default

BPDU filter globally (when loop is detected, Portfast is disabled & re-enables STP)

SW1(config)# spanning-tree portfast bpdufilter default

BPDU filter on interface (when loop is detected, STP is disabled & PortFast continues)

SW1(config-if)# spanning-tree bpdufilter enable

Interfaces into an etherchannel

SW1(config-if)# channel-group 1 mode on

Checklist for STP

SW1# show spanning-tree
SW1# show spanning-tree summary totals
SW1# show spanning-tree interface fa0/2
SW1# show spanning-tree vlan 192
SW1# show spanning-tree vlan 192 root
SW1# show spanning-tree vlan 192 bridge
SW1# show etherchannel 1
SW1# debug spanning-tree events

Set maximum number of allowed MAC addresses

SW1(config-if)# switchport port-security maximum 1

Define action to take when violation occurs [protect,restrict,shutdown]

SW1(config-if)# switchport port-security violation shutdown

Sticky. Dynamically learn MAC

SW1(config-if)#switchport port-security mac-address sticky

Checklist for port security

SW1# show mac-address-table
SW1# show port-security
SW1# show port-security interface fa0/5

Create VLAN

SW1(config)# vlan 10
SW1(config-vlan)# name SALES

CDP (enables globally on a switch)

SW1(config)# cdp run

CDP (disable on a given interface)

SW1(config-if)# no cdp enable

Checklist for CDP

SW1# show cdp
SW1# show cdp interface fa0/2
SW1# show cdp neighbors
SW1# show cdp neighbors detail
SW1# show cdp entry *
SW1# show cdp entry SW2

MSTP

SW1(config)# spanning-tree mode mst
SW1(config)# spanning-tree mst configuration
SW1(config-mst)# revision 1
SW1(config-mst)# name CCNP
SW1(config-mst)# instance 1 vlan 10,20
SW1(config-mst)# instance 2 vlan 30,40
SW1(config-mst)# exit
SW1# show spanning-tree mst

MSTP (Switch A)

SW1(config)# spanning-tree mst 1 root primary
SW1(config)# spanning-tree mst 2 root secondary

MSTP (Switch B)

SW222(config)# spanning-tree mst 2 root primary
SW222(config)# spanning-tree mst 1 root secondary

Basic commands

SW1# show ip interface brief
SW1# show interface vlan 1
SW1# show interfaces description
SW1# show interfaces status

When using non-Cisco SFP

SW1(config)# service unsupported-transceiver
SW1(config)# no errdisable detect cause gbic-invalid

Recover from error in 30 secs

SW1(config)# errdisable recovery interval 30

Enable IP source guard with source IP and MAC filtering

SW(config)# ip source binding xxxx.xxxx.xxxx vlan 192 192.168.32.3 interface gi1/0/13

Disable Service Configuration Error Messages

%Error opening tftp://255.255.255.255/network config

R(config)#no service config
R#copy running-config startup-config

If router is getting IP from DHCP but wish to remove default route provided

R(config-if)# no ip dhcp client request router

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top