Cisco IOS Cheat Sheet

ROUTER COMMANDS

TERMINAL CONTROLS:
·  Config# terminal editing - allows for enhanced editing commands
·  Config# terminal monitor - shows output on telnet session
·  Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks 

HOST NAME:
·  Config# hostname ROUTER_NAME 

BANNER:
·  Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message 

DESCRIPTIONS:
·  Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level 

CLOCK:
·  Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy
 - Example: clock set 14:35:00 25 August 2003 

CHANGING THE REGISTER:
·  Config# config-register 0x2100 - ROM Monitor Mode
·  Config# config-register 0x2101 - ROM boot
·  Config# config-register 0x2102 - Boot from NVRAM 

BOOT SYSTEM:
·  Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2
·  Config# boot system ROM
·  Config# boot system flash - Then - Config# reload 

CDP:
·  Config# cdp run - Turns CDP on
·  Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180
·  Config# cdp timer 30 - Sets the update timer.The default is 60
·  Config# int Ethernet 0
·  Config-if# cdp enable - Enables cdp on the interface
·  Config-if# no cdp enable - Disables CDP on the interface
·  Config# no cdp run - Turns CDP off 

HOST TABLE:
·  Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1
-or-
·  Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1) 

DOMAIN NAME SERVICES:
·  Config# ip domain-lookup - Tell router to lookup domain names
·  Config# ip name-server 122.22.2.2 - Location of DNS server
·  Config# ip domain-name cisco.com - Domain to append to end of names 

CLEARING COUNTERS:
·  # clear interface Ethernet 0 - Clears counters on the specified interface
·  # clear counters - Clears all interface counters
·  # clear cdp counters - Clears CDP counters 
STATIC ROUTES:
·  Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
·  Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
·  Config# ip default-network Net_Add - Gateway LAN network 

IP ROUTING:
·  Config# ip routing - Enabled by default
·  Config# router rip
-or-
·  Config# router igrp 100
·  Config# interface Ethernet 0
·  Config-if# ip address 122.2.3.2 255.255.255.0
·  Config-if# no shutdown 

IPX ROUTING:
·  Config# ipx routing
·  Config# interface Ethernet 0
·  Config# ipx maximum-paths 2 - Maximum equal metric paths used
·  Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
·  Config-if# no shutdown 
ACCESS LISTS:
IP Standard
1-99
IP Extended
100-199
IPX Standard
800-899
IPX Extended
900-999
IPX SAP Filters
1000-1099

IP STANDARD:
·  Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip’s on network 133.2.2.0
-or-
·  Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
·  Config# access-list 10 permit any - allows any address
·  Config# int Ethernet 0
·  Config-if# ip access-group 10 in - also available: out 

IP EXTENDED:
·  Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
    -protocols: tcp, udp, icmp, ip (no sockets then), among others
    -source then destination address
    -eq, gt, lt for comparison
    -sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
·  Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
·  Config# access-list 101 permit ip any any
·  Config# interface Ethernet 0
·  Config-if# ip access-group 101 out 

IPX STANDARD:
·  Config# access-list 801 permit 233 AA3 - source network/host then destination network/host
-or-
·  Config# access-list 801 permit -1 -1 - “-1” is the same as “any” with network/host addresses
·  Config# interface Ethernet 0
·  Config-if# ipx access-group 801 out 

IPX EXTENDED:
·  Config# access-list 901 permit sap 4AA all 4BB all
    - Permit protocol src_add socket dest_add socket
    -“all” includes all sockets, or can use socket numbers
-or-
·  Config# access-list 901 permit any any all any all
    -Permits any protocol with any address on any socket to go anywhere
·  Config# interface Ethernet 0
·  Config-if# ipx access-group 901 in 

IPX SAP FILTER:
·  Config# access-list 1000 permit 4aa 3 - “3” is the service type
-or-
·  Config# access-list 1000 permit 4aa 0 - service type of “0” matches all services
·  Config# interface Ethernet 0
·  Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
·  Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets 

NAMED ACCESS LISTS:
·  Config# ip access-list standard LISTNAME
    -can be ip or ipx, standard or extended
    -followed by the permit or deny list
·  Config# permit any
·  Config-if# ip access-group LISTNAME in
    -use the list name instead of a list number
    -allows for a larger amount of access-lists 

PPP SETUP:
·  Config-if# encapsulation ppp
·  Config-if# ppp authentication chap pap
    -order in which they will be used
    -only attempted with the authentification listed
    -if one fails, then connection is terminated
·  Config-if# exit
·  Config# username Lab-b password 123456
    -username is the router that will be connecting to this one
    -only specified routers can connect
-or-
·  Config-if# ppp chap hostname ROUTER
·  Config-if# ppp chap password 123456
    -if this is set on all routers, then any of them can connect to any other
    -set same on all for easy configuration 

ISDN SETUP:
·  Config# isdn switch-type basic-5ess - determined by telecom
·  Config# interface serial 0
·  Config-if# isdn spid1 2705554564 - isdn “phonenumber” of line 1
·  Config-if# isdn spid2 2705554565 - isdn “phonenumber” of line 2
·  Config-if# encapsulation PPP - or HDLC, LAPD 

DDR - 4 Steps to setting up ISDN with DDR
  1. Configure switch typeConfig# isdn switch-type basic-5ess - can be done at interface config
  2. Configure static routesConfig# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0)
  3. Configure InterfaceConfig-if# ip address 192.3.5.5 255.255.255.0
    Config-if# no shutdown
    Config-if# encapsulation ppp
    Config-if# dialer-group 1 - applies dialer-list to this interfaceConfig-if# dialer map ip 192.3.5.6 name Lab-b 5551212
        connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
        can also use “dialer string 5551212” instead if there is only one router to connect to
  4. Specify interesting trafficConfig# dialer-list 1 ip permit any
    -or-
    Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list
  5. Other OptionsConfig-if# hold-queue 75 - queue 75 packets before dialingConfig-if# dialer load-threshold 125 either
        -load needed before second line is brought up
        -“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
        -can check by in, out, or either 
    Config-if# dialer idle-timeout 180
        -determines how long to stay idle before terminating the session
        -default is 120
FRAME RELAY SETUP:
·  Config# interface serial 0
·  Config-if# encapsulation frame-relay - cisco by default, can change to ietf
·  Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
·  Config-if# bandwidth 56
·  Config-if# interface serial 0.100 point-to-point - subinterface
·  Config-if# ip address 122.1.1.1 255.255.255.0
·  Config-if# frame-relay interface-dlci 100
    -maps the dlci to the interface
    -can add BROADCAST and/or IETF at the end
·  Config-if# interface serial 1.100 multipoint
·  Config-if# no inverse-arp - turns IARP off; good to do
·  Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
    -maps an IP to a dlci (48 in this case)
    -required if IARP is turned off
    -ietf and broadcast are optional
·  Config-if# frame-relay map ip 122.1.1.3 54 broadcast
SHOW COMMANDS

·  Show access-lists - all access lists on the router
·  Show cdp - cdp timer and holdtime frequency
·  Show cdp entry * - same as next
·  Show cdp neighbors detail - details of neighbor with ip add and ios version
·  Show cdp neighbors - id, local interface, holdtime, capability, platform portid
·  Show cdp interface - int’s running cdp and their encapsulation
·  Show cdp traffic - cdp packets sent and received
·  Show controllers serial 0 - DTE or DCE status
·  Show dialer - number of times dialer string has been reached, other stats
·  Show flash - files in flash
·  Show frame-relay lmi - lmi stats
·  Show frame-relay map - static and dynamic maps for PVC’s
·  Show frame-relay pvc - pvc’s and dlci’s
·  Show history - commands entered
·  Show hosts - contents of host table
·  Show int f0/26 - stats of f0/26
·  Show interface Ethernet 0 - show stats of Ethernet 0
·  Show ip - ip config of switch
·  Show ip access-lists - ip access-lists on switch
·  Show ip interface - ip config of interface
·  Show ip protocols - routing protocols and timers
·  Show ip route - Displays IP routing table
·  Show ipx access-lists - same, only ipx
·  Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses
·  Show ipx route - ipx routes in the table
·  Show ipx servers - SAP table
·  Show ipx traffic - RIP and SAP info
·  Show isdn active - number with active status
·  Show isdn status - shows if SPIDs are valid, if connected
·  Show mac-address-table - contents of the dynamic table
·  Show protocols - routed protocols and net_addresses of interfaces
·  Show running-config - dram config file
·  Show sessions - connections via telnet to remote device
·  Show startup-config - nvram config file
·  Show terminal - shows history size
·  Show trunk a/b - trunk stat of port 26/27
·  Show version - ios info, uptime, address of switch
·  Show vlan - all configured vlan’s
·  Show vlan-membership - vlan assignments
·  Show vtp - vtp configs
CATALYST COMMANDS
For Native IOS - Not CatOS

SWITCH ADDRESS:
·  Config# ip address 192.168.10.2 255.255.255.0
·  Config# ip default-gateway 192.168.10.1 

DUPLEX MODE:
·  Config# interface Ethernet 0/5 - “fastethernet” for 100 Mbps ports
·  Config-if# duplex full - also, half | auto | full-flow-control 

SWITCHING MODE:
·  Config# switching-mode store-and-forward - also, fragment-free 

MAC ADDRESS CONFIGS:
·  Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port
·  Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
    -port 3 can only send data out port 2 with that mac
    -very restrictive security
·  Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port 

VLANS:
·  Config# vlan 10 name FINANCE
·  Config# interface Ethernet 0/3
·  Config-if# vlan-membership static 10 

TRUNK LINKS:
·  Config-if# trunk on - also, off | auto | desirable | nonegotiate
·  Config-if# no trunk-vlan 2
    -removes vlan 2 from the trunk port
    -by default, all vlans are set on a trunk port 

CONFIGURING VTP:
·  Config# delete vtp - should be done prior to adding to a network
·  Config# vtp server - the default is server, also client and transparent
·  Config# vtp domain Camp - name doesn’t matter, just so all switches use the same
·  Config# vtp password 1234 - limited security
·  Config# vtp pruning enable - limits vtp broadcasts to only switches affected
·  Config# vtp pruning disable 

FLASH UPGRADE:
·  Config# copy tftp://192.5.5.5/configname.ios opcode - “opcode” for ios upgrade, “nvram” for startup config 

DELETE STARTUP CONFIG:
·  Config# delete nvram

Comments

0 Responses to "Cisco IOS Cheat Sheet"

Post a Comment

Search This Blog

Blog Archive

Total Pageviews