Cisco IOS Commands
Accessing the Router
User EXEC mode :-
Router >
Privilege EXEC mode :-
Router > enable
Router #
Disabling Privilege EXEC mode :-
Router # disable
Router >
Global Configuration mode :-
Router # configure terminal
Router (config) #
Exit from Global config mode :-
Router (config) # exit
Router #
Basic Configuration
Change Hostname :-
Router (config) # hostname [hostname]
Router (config) # hostname R1
R1 (config) #
Disable Hostname :-
R1 (config) # no hostname
Router (config) #
Insert a Banner :-
R1 (config) # banner motd #[banner]#
R1 (config) # banner motd #Authorized Personal Only#
Removing a Banner :-
R1 (config) # no banner motd
R1 (config) # no ip domain-lookup
R1 (config) # line console 0 / vty 0 4
R1 (config-line) # logging synchronous
R1 (config-line) # exit
History :-
R1 # terminal history
R1 # terminal history size 50
R1 # terminal no history
R1 # terminal no history size
R1 # show history
Changing History Size :-
Configure Clock :-
S1 (config) # line console 0 / vty 0 4
S1 (config-line) # history size [no.]
S1 (config-line) # history size 35
S1 (config-line) # exit
S1 # clock set hh:mm:ss day(1-31) month year
S1 # clock set 12:12:12 1 jan 2010
CDP (Cisco Discovery Protocol)
R1 # show cdp neighbors
R1 # show cdp neighbors detail
Dumidu Darshika Senanayake
Page 1 of 17
Cisco IOS Commands
Disable: R1 (config) # no cdp run
Enable: R1 (config) # cdp run
Router Security
Router access password :R1 (config) # line console 0 / vty 0 4
R1 (config-line) # password [password]
R1 (config-line) # password cisco
R1 (config-line) # login
R1 (config-line) # exit
Configure SSH :-
Remove password :-
R1 (config-line) # no password
S1 (config) # username [name] password [password]
S1 (config) # username ccna password cisco
S1 (config) # ip domain-name [domain name]
S1 (config) # ip domain-name mydomain.com
S1 (config) # crypto key generate rsa
S1 (config) # line vty 0 4
S1 (config-line) # transport input [ssh, telnet, all]
S1 (config-line) # transport input ssh
S1 (config-line) # login local
S1 (config-line) # exit
S1 (config) # ip ssh version 2 (optional)
S1 (config) # ip ssh time-out 60
S1 (config) # ip ssh authentication-retries 3
Encrypting Passwords :-
R1 (config) # service password-encryption
Privilege EXEC mode password :-
R1 (config) # enable password [password] (no encryption)
R1 (config) # enable password cisco
R1 (config) # enable secret [password] (heavy encryption)
R1 (config) # enable secret cisco
Removing enable password :-
R1 (config) # no enable password
R1 (config) # no enable secret
Pre configuration for Cisco SDM
S1 (config-line) # privilege level 15
Configure HTTP Server :S1 (config) # ip http authentication enable
S1 (config) # ip http server
S1 (config) # ip http secure-server
ACL (Access Control List)
Wildcard mask:
0 bit - check 1 bit - ignore
A single host: 192.168.10.5 0.0.0.0 / host 192.16.10.5
Standard ACL: [1-99] [1300-1999] implemented close to the destination of the traffic
Dumidu Darshika Senanayake
Page 2 of 17
Cisco IOS Commands
R1 (config) # access-list [ACL no.] [permit / deny] [source ip add.] [wildcard mask]
R1 (config) # access-list 10 deny 192.168.10.0 0.0.0.255
Extended ACL: [100-199] [2000-2699] implemented close to source of the traffic
R1 (config) # access-list [ACL no.] [permit / deny] [protocol] [source network add. wildcard
mask] [destination network add. wildcard mask] eq [service]
R1 (config) # access-list 110 deny tcp 192.168.10.0 0.0.0.255 any eq telnet
Activating an ACL:
R1 (config-if) # ip access-group [no.] [in / out]
R1 (config-if) # ip access-group 10 out
R1 (config) # line vty 0 4
R1 (config-line) # ip access-group 10 in
Named ACL:
R1 (config) # ip access-list standard [name]
R1 (config) # ip access-list standard NO_ACCESS
R1 (config-std-nacl) # [permit / deny] [source ip add.] [wildcard mask]
R1 (config-std-nacl) # deny 192.168.10.0 0.0.0.255
R1 (config-std-nacl) # exit
R1 (config) # ip access-list extended [name]
R1 (config) # ip access-list extended SURFING
R1 (config-exd-nacl) # [permit / deny] [protocol] [source network add. wildcard mask]
[destination network add. wildcard mask] eq [service]
R1 (config-exd-nacl) # permit tcp 192.168.10.0 0.0.0.255 any eq telnet
R1 (config-exd-nacl) # exit
Activating a named ACL:
R1 (config-if) # ip access-group [name] [in / out]
R1 (config-if) # ip access-group NO_ACCESS in
R1 # show access-lists
Configuring Interfaces
Configure Ethernet Ports :R1 (config) # interface [interface]
R1 (config) # interface f0/0
R1 (config-if) # ip address [ip add.] [subnet mask]
R1 (config-if) # ip address 192.168.1.1 255.255.255.0
R1 (config-if) # description [description]
R1 (config-if) # description –Link to PC1—
R1 (config-if) # no shutdown
R1 (config-if) # exit
Configuring Sub Interface :- (inter VLAN routing)
R1 (config) # interface f0/0.[vlan no.]
R1 (config) # interface f0/0.99
R1 (config-subif) # encapsulation dot1Q [vlan no.] native
R1 (config-subif) # encapsulation dot1Q 99 native
Dumidu Darshika Senanayake
Page 3 of 17
Cisco IOS Commands
R1 (config-subif) # ip address 172.17.99.1 255.255.255.0
R1 (config-subif) # exit
R1 (config) # interface f0/0.10
R1 (config-subif) # encapsulation dot1Q 10
R1 (config-subif) # ip address 172.17.10.1 255.255.255.0
R1 (config-subif) # exit
 Only type “no shutdown” on main interface
Configure Serial Ports :R1 (config) # interface s0/0/0
R1 (config-if) # ip address 192.168.2.1 255.255.255.0
R1 (config-if) # clock rate [clock rate]
(only for DCE)
R1 (config-if) # clock rate 64000
R1 (config-if) # description –Link to R2—
R1 (config-if) # no shutdown
R1 (config-if) # exit
Configuring a loopback interface :R1 (config) # interface loopback 0
R1 (config-if) # ip address 172.16.10.1 255.255.255.0
R1 (config-if) # description –Loopback interface 1—
R1 (config-if) # no shutdown
R1 (config-if) # exit
Modify a link
Bandwidth
R1 (config-if) # bandwidth [Kilobits]
R1 (config-if) # bandwidth 1544
Mode
S1 (config-if) # duplex [auto / full / half]
Speed
S1 (config-if) # speed [no.]
S1 (config-if) # speed 100
R1 (config-if) # no bandwidth
Removing ip address & disabling the port
R1 (config) # interface f0/0
R1 (config-if) # no ip address
R1 (config-if) # shutdown
R1 # show ip interface brief
R1 # show interface s0/0/0
R1 # show controllers
Configure Routing Protocols
Static Route :AD = 1
R1 (config) # ip route [network add.] [subnet mask] [next hop IP add. / exit interface]
Dumidu Darshika Senanayake
Page 4 of 17
Cisco IOS Commands
R1 (config) # ip route 192.168.3.0 255.255.255.0 192.168.2.2 (next hop IP add.)
R1 (config) # ip route 192.168.3.0 255.255.255.0 s0/0/0 (exit interface)
Removing a Static Route :-
R1 (config) # no ip route 192.168.3.0 255.255.255.0 s0/0/0
Dynamic Routing Protocols : Use the adjacent network’s network address
 [1 / 0] = [Administrative distance / Metric]
RIP v1 (Routing Information Protocol)
broadcast
AD = 120
R1 (config) # router rip
R1 (config-router) # network [network add. of adjacent networks]
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit
RIP v2
R1 (config) # router rip
R1 (config-router) # version 2
R1 (config-router) # no auto-summary
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit
R1 # debug ip rip
multicast: 224.0.0.9
undebug all
EIGRP (Enhanced Interior Gateway Routing Protocol)
AD = 90
multicast: 224.0.0.10
[Autonomous System no. 1 – 65535]
R1 (config) # router eigrp [as no.]
R1 (config) # router eigrp 1
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network [network add.] [wildcard mask] (specific range)
R1 (config-router) # network 192.168.1.0 0.0.0.3
R1 (config-router) # exit
R1 (config-if) # ip summary-address eigrp [as no.] [network add.] [subnet mask]
R1 (config-if) # ip summary-address eigrp 1 192.168.0.0 255.255.252.0
R1 (config-if) # ip bandwidth-percent eigrp [as no.] [percent]
R1 (config-if) # ip bandwidth-percent eigrp 1 50
R1 (config-if) # ip hello-interval eigrp [as no.] [seconds]
R1 (config-if) # ip hold-time eigrp [as no.] [seconds]
R1 # show ip eigrp neighbors
R1 # show ip eigrp topology
OSPF (Open Shortest Path First)
multicast: 224.0.0.5
AD = 110
 Make sure to configure the loopback interfaces for network stability
Dumidu Darshika Senanayake
Page 5 of 17
Cisco IOS Commands
R1 (config) # router ospf [process ID]
[Process ID 1 – 65535]
R1 (config) # router ospf 1
R1 (config-router) # network [network add.] [wildcard mask]area [area ID]
R1 (config-router) # network 192.168.1.0 0.0.0.3 area 0
R1 (config-router) # exit
Modifying router ID :-
R1 (config-router) # router-id [ip add.]
R1 (config-router) # router-id 192.168.1.1
Modifying OSPF cost of a link :-
R1 (config-if) # ip ospf cost [cost]
R1 (config-if) # ip ospf cost 1562
Interface priority :-
R1 (config-if) # ip ospf priority [1-255]
R1 (config-if) # ip ospf priority 1
Changing reference bandwidth value :R1 (config-router) # auto-cost reference-bandwidth 10000
Modifying OSPF timers :-
R1 (config-if) # ip ospf hello-interval [seconds]
R1 (config-if) # ip ospf dead-interval [seconds] (hello x 4)
Simple Authentication :enables authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication
R1 (config-if) # ip ospf authentication-key [password]
R1 (config-if) # ip ospf authentication-key cisco123
enables authentication for specific interface
R1 (config-if) # ip ospf authentication
R1 (config-if) # ip ospf authentication-key [password]
R1 (config-if) # ip ospf authentication-key cisco123
md5 (message-digest) Authentication :enables md5 authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication message-digest
R1 (config-if) # ip ospf message-digest-key 1 md5 [password]
R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123
enables md5 authentication for specific interface
R1 (config-if) # ip ospf authentication message-digest
R1 (config-if) # ip ospf message-digest-key 1 md5 [password]
R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123
R1 # show ip ospf
R1 # show ip ospf interface
R1 # show ip ospf neighbor
R1 # clear ip ospf process
Configuring Passive interface :-
R1 (config-router) # passive-interface [interface]
R1 (config-router) # passive-interface f0/0
Dumidu Darshika Senanayake
Page 6 of 17
Cisco IOS Commands
Distributing (Default) Static route through RIP, EIGRP, OSPF
01).
R1 (config) # ip route 0.0.0.0 0.0.0.0 209.165.200.225 (next hop ip)
R1 (config-router) # default-information originate
02).
R1 (config) # ip route 192.168.0.0 255.255.0.0 s0/0/1
R1 (config-router) # redistribute static
R1 # show ip route
R1 # show ip protocol
R1 # debug ip routing
WAN Configuration
 WAN configuration only performed on serial interfaces.
HDLC (High-level Data Link Control)
R1 (config-if) # encapsulation hdlc
PPP (Point to Point Protocol)
R1 (config-if) # encapsulation ppp
Compression:
Link quality:
Load balancing:
R1 (config-if) # compress [predictor / stac]
R1 (config-if) # ppp quality [percentage]
R1 (config-if) # ppp multilink
Authentication:R1 (config) # username [remote-host] password [remote-password]
R1 (config) # username R2 password cisco123
Configuring PAP (PPP Authentication Protocol)
R1 (config-if) # ppp authentication pap
R1 (config-if) # ppp pap sent-username [local-host] password [local-host-password]
R1 (config-if) # ppp pap sent-username R1 password cisco123
Configuring CHAP (Challenge Handshake Authentication Protocol)
R1 (config-if) # ppp authentication chap
Troubleshooting PPP
Debug ppp authentication
Debug ppp chap
Debug ppp error
Debug ppp negotiation
Debug ppp packet
Frame Relay
Dumidu Darshika Senanayake
Page 7 of 17
Cisco IOS Commands
Basic Frame Relay configuration
R1 (config-if) # encapsulation frame-relay [cisco / ietf]
ietf for non-Cisco products
Static Frame Relay Mapping
R1 (config-if) # frame-relay map [protocol] [ip add. of neighbor] [dlci] broadcast
R1 (config-if) # frame-relay map ip 192.168.10.20 120 broadcast
R1 (config-if) # frame-relay map ip 192.168.10.30 130 broadcast
LMI (Local Management Interface) is default autosense
R1 (config-if) # frame-relay lmi-type [cisco / ansi / q933a]
Configuring Frame-Relay sub-interfaces
R1 (config) # interface s0/0/0
R1 (config-if) # encapsulation frame-relay
R1 (config-if) # no shutdown
R1 (config-if) # exit
R1 (config) # interface [serial int.].[dlci] [point-to-point / multipoint]
R1 (config) # interface s0/0/0.120 point-to-point
R1 (config-subif) # ip address 192.168.10.1 255.255.255.0
R1 (config-subif) # frame-relay interface-dlci [dlci]
R1 (config-subif) # frame-relay interface-dlci 120
R1 (config-subif) # exit
R1 (config) # interface s0/0/0.130 point-to-point
R1 (config-subif) # ip address 192.168.20.1 255.255.255.0
R1 (config-subif) # frame-relay interface-dlci 130
R1 (config-subif) # exit
 Configure on main router. Only type “no shutdown” on main interface.
Branch routers
encapsulation frame-relay
frame-relay lmi-type [cisco / ansi / q933a]
Configuring Frame-Relay switch
FR-Switch (config) # frame-relay switching
FR-Switch (config-if) # encapsulation frame-relay
Dumidu Darshika Senanayake
Page 8 of 17
Cisco IOS Commands
FR-Switch (config-if) # frame-relay intf-type dce
FR-Switch (config-if) # frame-relay route 102 interface serial 0/0/1 201
no frame-relay inverse-arp
no ip split-horizon
R1 # show frame-relay map
R1 # show frame-relay pvc / show frame-relay pvc [dlci]
R1 # show frame-relay lmi
R1 #debug frame-relay lmi
DHCP (Dynamic Host Configuration Protocol)
Step1: Exclude an address range
R1 (config) # ip dhcp excluded-address [low add.] [high add.]
R1 (config) # ip dhcp excluded-address 192.168.1.1 192.168.1.9
Step2: Create DHCP pool
R1 (config) # ip dhcp pool [pool name]
R1 (config) # ip dhcp pool SALES
R1 (config-dhcp) #
Step3: define the pool address
R1 (config-dhcp) # network [network add. mask / prefix]
R1 (config-dhcp) # network 192.168.1.0 255.255.255.0
R1 (config-dhcp) # default-router [ip add.]
R1 (config-dhcp) # default-router 192.168.1.1
R1 (config-dhcp) # dns-server [ip add.]
R1 (config-dhcp) # dns-server 192.168.20.254
R1 (config-dhcp) # netbios-name-server [ip add.]
R1 (config-dhcp) # netbios-name-server 192.168.20.254
R1 (config-dhcp) # domain-name [name]
R1 (config-dhcp) # domain-name mydomain.com
R1 (config-dhcp) # lease {days hours minutes / infinite}
R1 (config-dhcp) # lease 7
DHCP Relay
R1 (config) # interface f0/0
R1 (config-if) # ip helper-address [dhcp server ip add.]
R1 (config-if) # ip helper-address 192.168.10.5
Dumidu Darshika Senanayake
Page 9 of 17
Cisco IOS Commands
R1 (config) # ip forward-protocol udp [port no.]
R1 (config) # ip forward-protocol udp 161
R1 # show ip dhcp binding
R1 # show ip dhcp server statistics
R1 # show ip dhcp pool
R1 # show ip address conflicts
R1 # debug ip dhcp events
R1 # debug ip dhcp server
R1 # debug ip dhcp packet detail
NAT (Network Address Translation)
ISP static route
ISP (config) # ip route 209.165.200.0 255.255.255.0 209.165.100.225
Static NAT (Public address given by ISP 209.165.200.254)
Step1: specify static translation between an inside local and inside global address
R1 (config) # ip nat inside source static [local ip] [global ip]
R1 (config) # ip nat inside source static 192.168.20.10 209.165.200.254
Step2: mark the router interface as an inside or outside interface
R1 (config-if) # ip nat [inside / outside]
R1 (config) # interface f0/0
R1 (config-if) # ip nat inside
R1 (config) # interface s0/0/0
R1 (config-if) # ip nat outside
Dynamic NAT (Public address range from ISP 209.165.200.11 – 209.165.200.20 /24)
Step1: define a named address pool of outside addresses
R1 (config) # ip nat pool [name] [ip range] netmask [mask]
R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 netmask 255.255.255.0
Step2: define an access list to specify those inside address
R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Dumidu Darshika Senanayake
Page 10 of 17
Cisco IOS Commands
Step3 *: Specify dynamic translation
R1 (config) # ip nat inside source list [ACL no.] pool [name]
R1 (config) # ip nat inside source list 1 pool NAT1
Step4: R1 (config-if) # ip nat [inside / outside]
PAT (Port Address Translation)
Single public address
Step1:
R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Step2 *:
R1 (config) # ip nat inside source list 1 interface s0/0/0 overload
Step3:
R1 (config-if) # ip nat [inside / outside]
Multiple public address
Step1:
R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Step2:
R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20
Step3 *:
R1 (config) # ip nat inside source list 1 pool NAT1 overload
Step4:
R1 (config-if) # ip nat [inside / outside]
R1 # show ip nat translation
R1 # show ip nat translation verbose
R1 # show ip nat statistics
R1 # debug ip nat
R1 # clear ip nat translation
IPv6
2002:c0a8:0101:0000:0000:0000:0000:0042  2002:c0a8:101::42
Classful / Classless Routing Behavior
R1 (config) # ip classless
Saving Configuration :-
R1 (config) # no ip classless
R1 # copy running-config startup-config
Backup Startup-config to flash :-
R1 # copy startup-config flash:config.bak1
R1 # copy system:running-config tftp://172.16.2.155/tokyo-config
R1 # copy startup-config tftp
[tftp server ip add.]
Restore Configuration :-
R1 # copy flash:config.bak1 startup-config
R1 # reload
Reset Router Configuration :-
R1 # erase startup-config
[confirm]
R1 # reload
Boot from another image :Step1: configure a tftp server
Dumidu Darshika Senanayake
Page 11 of 17
Cisco IOS Commands
Step2: R1 # copy tftp flash
[ip add. of tftp server] 192.168.20.254
[new IOS image name] c1841-ipbasek9-mz.124-12.bin
Step3: R1 (config) # boot system flash: c1841-ipbasek9-mz.124-12.bin
Step4: save configuration R1 # copy run start
Step5: restart the router
c2960-lanbase-mz.122-25.SEE1.bin
c1841-ipbase-mz.123-14.T7.bin
c1841-ipbasek9-mz.124-12.bin
Platform:
Cisco 2960
Cisco 1841
Cisco 1841
Feature set: lan base
ip base
ip base k9
File format: m (runs in RAM)
z (compressed)
Version:
12.2 (25) SEE1
12.3 (14) T7 12.4 (12)
File extinction: binary executable
Recovering a lost password :Step1: power cycle the router, and press [Ctrl]+[Break] key while booting. This will bring the
router to ROMmon mode.
Step2: rommon 1 > confreg 0x2142
rommon 2 > reset
Step3: after rebooting copy startup to running. Change the password
Step4: change the configuration registry back to default.
R1 (config) # config-register 0x2102
Step5: save the configuration, and power cycle the router.
0x2102 – default registry value
0x2142 – bypass startup configuration
Commands helpful in Troubleshooting
R1 # show running-config
R1 # show startup-config
R1 # show version
R1 # show flash
R1 (config) # do show run
Dumidu Darshika Senanayake
Page 12 of 17
Cisco IOS Commands
Configuring Interfaces
Creating VLAN :-
Remove a VLAN :-
S1 (config) # vlan [vlan no.]
S1 (config) # vlan 99
S1 (config) # name [vlan name]
S1 (config-vlan) # name Admin
S1 (config-vlan) # exit
Removing vlan database :-
S1 (config) # no vlan 99
S1 # delete flash:vlan.dat
S1 # show vlan
S1 # show vlan brief
Configure (management) VLAN :S1 (config) # interface vlan [management vlan no.]
S1 (config) # interface vlan 99
S1 (config-if) # ip address [ip add.] [subnet mask]
S1 (config-if) # ip address 172.17.99.11 255.255.255.0
S1 (config-if) # no shutdown
S1 (config-if) # exit
Switch default gateway :-
S1 (config) # ip default-gateway [default gateway ip add.]
S1 (config) # ip default-gateway 172.17.99.1
S1 # show interface vlan [management vlan no.]
S1 # show interface vlan 99
Assign an interface to VLAN :S1 (config) # interface [interface]
S1 (config) # interface range f0/18-24
f0/6, f0/11, f0/18
Configure Access Port :-
S1 (config) # interface f0/18
S1 (config-if) # switchport mode access
S1 (config-if) # switchport access vlan 10
S1 (config-if) # exit
Configure Trunk port :-
S1 (config) # interface f0/24
S1 (config-if) # switchport mode trunk
S1 (config-if) # switchport trunk native vlan 99
S1 (config-if) # exit
S1 (config-if) # switchport trunk allowed vlan 10, 20, 99
S1 (config-if) # switchport trunk allowed vlan all
S1 (config-if) # switchport mode dynamic auto
S1 (config-if) # switchport mode dynamic desirable
Dumidu Darshika Senanayake
Page 13 of 17
Cisco IOS Commands
Voice VLAN :-
S1 (config-if) # mls qos trust cos
S1 (config-if) # switchport voice vlan 150
Dynamic Trunking Protocol :trunk
Dynamic auto/desirable
trunk
access
Dynamic auto/desirable
access
access
Dynamic auto
dynamic auto
trunk
Dynamic desirable
dynamic desirable
trunk
Dynamic desirable
Remove a VLAN & port type:-
dynamic auto
S1 (config-if) # no switchport mode access
S1 (config-if) # no switchport access vlan
S1 (config-if) # no switchport mode trunk
S1 (config-if) # no switchport trunk vlan
S1 # show interface f0/14 switchport
S1 # show interface trunk
Configure VTP (VLAN Trunking Protocol)
S1 (config) # vtp mode [server / client / transparent]
S1 (config) # vtp domain [domain name]
S1 (config) # vtp domain CCNA
S1 (config) # vtp password [password]
S1 (config) # vtp password cisco
S1 (config) # vtp version [version 1 / 2]
S1 (config) # vtp version 2
S1 (config) # vtp pruning
S1 # show vtp status
S1 # show vtp password
S1 # show vtp counters
Dumidu Darshika Senanayake
Page 14 of 17
Cisco IOS Commands
STP (Spanning Tree Protocol) activated by default
S1 # show spanning-tree
S1 # show spanning-tree active
S1 # show spanning-tree vlan 10
S1 # debug spanning-tree events
S1 (config) # spanning-tree vlan [vlan no.] priority [priority]
S1 (config) # spanning-tree vlan 10 priority 4096
(multiples of 4096)
(default priority is 32769)
S1 (config) # spanning-tree vlan 10 root primary
S1 (config) # spanning-tree vlan 20 root secondary
S1 (config) # spanning-tree vlan [vlan no.] root primary diameter [value]
S1 (config) # spanning-tree vlan 10 root primary diameter 5
S1 (config-if) # spanning-tree cost [cost]
S1 (config-if) # spanning-tree cost 25
S1 (config-if) # no spanning-tree cost
S1 (config-if) # spanning-tree port-priority [priority]
S1 (config-if) # spanning-tree port-priority 112
(0 – 240, increments of 16)
S1 (config-if) # spanning-tree portfast
(only for ports connected to a single host – edge ports)
S1 (config-if) # no spanning-tree portfast
Configure Rapid-PVST+ :-
S1 (config) # spanning-tree mode rapid-pvst
S1 (config-if) # spanning-tree link-type point-to-point
S1 # clear spanning-tree detected-protocols
Configure static MAC address :S1 (config) # mac-address-table static [MAC add.] vlan [no.] interface [interface]
S1 (config) # mac-address-table static 0060.3edd.19a3 vlan 99 interface f0/24
S1 (config) # no mac-address-table static [MAC add.] vlan [no.] interface [interface]
S1 # clear mac-address-table dynamic
Dumidu Darshika Senanayake
Page 15 of 17
Cisco IOS Commands
S1 # show mac-address-table
Configure Static Port Security :S1 (config-if) # switchport port-security mac-address [MAC add.] interface [interface]
S1 (config-if) # switchport port-security mac-address 000c.7259.0a63 interface f0/4
Configure Dymanic Port Security :S1 (config-if) # switchport port-security
S1 (config-if) # switchport port-security maximum 1
S1 (config-if) # switchport port-security mac-address sticky
S1 (config-if) # switchport port-security violation [protect / restrict / shutdown]
S1 # show port-security
S1 # show port-security interface f0/18
S1 # show port-security address
DHCP Snooping :-
Password Recovery :-
S1 (config) # ip dhcp snooping
S1 (config) # ip dhcp snooping vlan [no.]
S1 (config) # ip dhcp snooping trust
S1 (config) # ip dhcp snooping limit rate [no.]
flash_init
load_helper
dir flash:
rename flash: config.text flash: config.old
boot
rename flash: config.old flash: config.text
copy flash: config.text system: running-config
This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two
ports as static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable :
Switch# configure terminal
Switch(config)# interface range gigabitethernet2/0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config-if-range)# channel-group 5 mode desirable non-silent
Switch(config-if-range)# end
This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two
ports as static-access ports in VLAN 10 to channel 5 with the LACP mode active :
Switch# configure terminal
Switch(config)# interface range gigabitethernet2/0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Dumidu Darshika Senanayake
Page 16 of 17
Cisco IOS Commands
Switch(config-if-range)# channel-group 5 mode active
Switch(config-if-range)# end
Dumidu Darshika Senanayake
Page 17 of 17