Skip to content

Instantly share code, notes, and snippets.

Last active Mar 23, 2022
What would you like to do?
Cisco CCNA (200-125) command summary

Cisco CCNA (200-125) command summary

Working with configuration

Show configuration

show running-config
show stored-config

Save configuration

copy run start
copy running-config flash

copy to ram(running-config) will perfom a MERGE operation!!! Use the replace instead.
configure replace

Safe way of doing changes

reload in X will reboot the device in X minutes
... do the changes ...
reload cancel cancel the scheduled reboot

Reset default settings

Restore interface to default settings
default intefrace fa0/1

Restore switch to default settings

write erase
show flash:
delete flash:vlan.dat

The perfect initial config for a cisco device

The commands to perform this steps should be memorized

  1. Hostname
  2. MOTD banner
  3. Console config
    • No timeout
    • Logging sync
    • Request password
  4. No domain lookup
  5. Set domain name
  6. Encrypt passwords in config
  7. Set secret for privileged mode
  8. VTY config
    • Login local
    • Timeout in 30 minutes
    • Set access through SSH only
  9. Add user with secret
  10. Create RSA key
  11. Setup management IP on VLAN
    • Set IP
    • Enable interface
  12. Copy config to startup
conf t
	hostname blabla
	no ip domain-lookup
	ip domain-name
	crypto key generate rsa
	banner motd #Unauthorized access to this device is prohibited!# ! appears before login
	enable secret XXXX ! good encryption, `password` is old
	service password ecnryption ! encrypts clear text password
	line 0
		exec-timeout 30
		password cisco 
	username bla secret blabla
	line vty 0 4
		exec-timeout 30
		transport input ssh
		login local
	interface vlan 1
		ip address x.x.x.x y.y.y.y
		no shutdown

Serial interface

DCE config:
show controllers s1/0 shows if cable is DTE or DCE
clock rate 1000000 set clock rate in bits per second
bandwidth 1000 set bandwith in kbits per second, used by routing algs

DTP - Dynamic Trunking Protocol


interface g0/0	
	switchport mode dynamic auto
	switchport mode dynamic desirable
	switchport mode trunk ! DTP will send messages on this port
	switchport nonegotiate ! DISABLE
	no switchport nonegotiate ! ENABLE


sh dtp interface g0/0

CDP Cisco discovery protocol


cdp run 	   ! enable globally
no cdp run     ! disable globally
cdp enable 	   ! on inteface
cdp timer x    ! timer for CDP advertisements
cdp holdtime x ! timer for CDP holdtime


show cdp
show cdp neigbors
show cdp neigbors detail
show cdp traffic shows CDP stats
show cdp interface



lldp run
lldp holdtime
lldp timer
lldp reint
interface g0/0
	no lldp transmit
	no lldp receive


show lldp
show lldp interface


  • Vlan Trunking Protocol is NOT a trunking protocol!
  • Version 1, 2, 3


vtp version 2
vpt domain test

vtp mode transparent disable VTP


show vtp status
show vtp password
show vtp counters

VLANs on routers


interface g0/0.51
	encapsulation dot1Q 51 [native]
	ip address x.x.x.x

VLANs on switches

  • Vlans 1002 - 1005 reserved


switchport trunk encapsulation dot1q
switchport mode trunk
switchport mode access
switchport voice vlan 10
switchport acces vlan 11
switchport native vlan 12


show vlan shows only access
show vlan brief
show interfaces trunk shows trunk port vlans
show interfaces switchport shows information about interface
show interface g0/0 switchport vlan port information



ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool VLAN51
ip dhcp pool VLAN52


show ip dhcp binding
show ip dhcp conflict
show ip dhcp pool
show ip dhcp server statistics



router rip
version 2
network x.x.x.x
no auto-summary
default-information originate ! default route
  • 1st way to exclude interface
    passive interface fa0/0

  • 2nd way to exclide interface

passive-interface default  ! do not advertice on any interface
no passive interface fa0/1 ! add interface to advertise


show ip protocols



access-list 100 blabla Standard access list
ip access-list standard INTERNET_FILTER extended access list
ip access-list resequence name 10 10 change sentence sequence inside of a list

Apply access list to interface

interfacfe g0/1
ip access-group blabla in

Apply access list to ssh/telnet line

line vty 0 4
access-class FILTER_TELNET in


show access-list
show ip access-lists



  1. Choose the direction
interface eth0/0
ip nat outside
interface eth0/1
ip nat inside
  1. Create access list to match natted addresses
ip access-list standard NATTED
  1. Create a NAT pool
ip nat pool OUTSIDE netmask
  1. Apply NAT
ip nat inside source list NATTED interface eth0/0 overload 	! masquerading
ip nat inside source static 			! static nat
ip nat inside source list NATTED pool OUTSIDE overload 		! one to many natting


show ip nat translations
show ip nat statistics
clear ip nat translation *



aaa new-model
radius-server host x.x.x.x key secretKey ! or tacacs-server
! or
radius server RADIUS ! or tacacs server
	address ipv4 x.x.x.x
	key secretKey
aaa group server radius RadiusServerGROUP ! or ... server tacacs+ ...
	server x.x.x.x                        ! or server name RADIUS,  whatever was defined before
aaa authentication login default group RadiusServerGROUP local


Configure v2c

snmp-server community SecretCommunity 1 default is ro, is possible to add an acces list
snmp-server location LOCATION
snmp-server contact SOMEBODY

Configure v3 SNMP Object Explorer to view MIB family name

snmp-server view VIEWNAME ifIndex included
snmp-server group GROUPNAME v3 priv read VIEWNAME ! priv = auth + priv (encryption)
snmp-server user USER GROUPNAME v3 auth sha PASSWORD priv des56 ENCRYPTIONKEY ! also can use access list

Configure trap server

snmp-server host x.x.x.x traps


show snmp
show snmp community


ipv6 unicast-routing globally
ipv6 enable on interface



spanning-tree mode rapid-pvst
spanning-tree vlan 1 root [primary|secondary]
spanning-tree portfast default !enable portfast on all access ports
spanning-tree bpduguard default !enable bpduguard on all access ports

Configuration on interface

spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree vlan X priority Y
spanning-tree link-type point-to-point
spanning-tree cost X ! change interface cost


show spanning-tree
show spanning-tree detail
show spanning-tree summary
clear spanning-tree detected protocols [interface intId]

Bonding (Link aggregation)


interface gig0/1
channel-group X mode [...] ! the enabled protocol depends on the selected mode
interface port-channel X
! ... configure as normal interface


show etherchannel port-channel
show etherchannel summary



router eigrp 90          ! specify AS number
network x.x.x.x y.y.y.y  ! network and wilcard
no auto-summary
redistribute static      ! advertise default route
variance 3
maximum-paths 10
interface gi0/0
ip summary-address eigrp 90 x.x.x.x y.y.y.y   ! summarization on interface
ip hello-interval eigrp 90 1                  ! send hello every 1s
ip hold-time eigrp 90 3                       ! consider me dead in 3s
ip bandwidth-percent 90 40                    ! allow eigrp use up to 40% of bandwith

IPv6 configuration

ipv6 unicast-routing
ipv6 router eigrp X  ! AS number
no shutdown
interface g0/0
ivp6 eigrp X   ! AS number


show ip eigrp neighbors
show ip eigrp topology
show ip eigrp topology all-links
show ip eigrp interfaces
show ip eigrp interfaces detail g0/0
show ip route eigrp



router ospf 1 ! ospf process ID
	network x.x.x.x y.y.y.y area Z
	area 1 stub
	maximum-paths X                        ! change maximum paths to load balance
	auto-cost reference-bandwidth 10000    ! adjust ospf to work on 10G
	area X range x.x.x.x y.y.y.y advertise ! add summarization
	default-information originate          ! generate default information posible to add 'always'
    ! Passive and active interfaces
    passive-interface g0/1    ! make only this interface passive
	passive-interface default ! make all the interfaces passive
	no passive-interface g0/0 ! make the desiredinterface not passive
interface g0/4
    ip ospf priority X             ! preference for being DR
    ip ospf cost X                 ! prefer one path over another
    ip ospf hello-interval X       ! this will adjust dead timer automatically
    ip ospf dead-interval Y
    ip ospf network point-to-point
    ip ospf mtu-ignore             ! ignore mtu errors

IPv6 on interface

interface g0/5
ipv6 ospf 1 area 0


show ip ospf
show ip ospf int brief
show ip ospf int f0/0
show ip ospf neighbors
show ip ospf database



ip sla 1
	icmp-echo x.x.x.x
	frequency 10
ip sla schedule 1 life forever start-time now


show ip sla configuration
show ip sla statistics



monitor session 1 source interface f0/1
monitor session 1 destination interface f0/2


show monitor

POINT to POINT connections

! global config router A
username RouterB password cisco # password must match for CHAP
int s1/0
	encapsulation ppp
	ppp authentication pap ! or chap
	ppp pap sent-username RouterA password cisco ! PAP only
	ppp compress stacker
	ppp compress predictor
! global config router B
username RouterA password cisco # password must match for CHAP
int s1/0
	encapsulation ppp
	ppp authentication pap ! or chap
	ppp pap sent-username RouterB password cisco ! PAP only



interface Multilink 1
	ip address x.x.x.x y.y.y.y
	encapsulation ppp
	ppp multilink
	ppp multilink group 1
interface s1/0
	ppp multilink group 1
	no ip address
	encapsulation ppp


shos ppp multilink


int dialer 1
	mtu 1492
	encapsulation ppp
	ip address negotiated
	ppp chap hostname CBTNuggets
	ppp chap password IsQuiteFun
	dialer pool 1
int fa0/1
	pppoe enable
	pppoe-client dial-pool-number 1
ip route Dialer 1



int Tunnel 1
	ip address x.x.x.x y.y.y.y
	tunnel mode gre ip
	tunnel source z.z.z.z
	tunnel destination w.w.w.w



router bgp X ! AS Number
	neighbor z.z.z.z remote-as XXXX
	network x.x.x.x y.y.y.y


show ip bgp
show ip bgp summary
show ip bgp neighbors


  • There are 2 version, v1 and v2.
  • Works with groups.
  • Active/Standby status.
  • Ties = highest IP and Highes priority (0-255) wins
  • Hello timer 3s
  • Hold timer 10s
  • Supports authentication: txt or md5
  • Multicast communication
  • In datacenter with VPC (virtual port channel) the standby router also process traffic. It becomes some kind of active-active
V1 V2
256 groups 4096 groups
second timers ms timers
0000.0c07.acXX 0000.0c9f.fXXX


int fa0/0
	standby version 2     ! default is v1
	standby 1 ip x.x.x.x
	standby 1 priority 100
	standby 1 preempt
	standby 1 timers 5 15 ! hello and hold timers


show standby


Log display configuration

service timestamps log datetime
service sequence-numbers

Logging onfiguration

logging x.x.x.x
logging trap 4  ! 4 or waring. Control the messages sent to syslog
logging source-interface g0/0
logging console
logging buffered


show logging

Other usfeull commands

CTRL + SHIFT + 6, X cancel traceroute or name resolution (like Ctrl + C in Linux)

ip host XX y.y.y.y host to ip asignment
ip name-server x.x.x.x act as dns client
ip dns server enable dns server
config-register 0x2102 router should attempt to load a Cisco IOS software image from Flash memory and load the startup configuration with a console speed of 9600 baud
show controllers utilization display bandwidth utilization onthe switch or specific ports show users show vty users
show mac address-table
show ip interface brief
show port-security
clear line vty x
terminal ip netmask-format bit-count
service compress-config compress config file
terminal monitor shows debug output on vty

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment