Cisco CLI Cheat Sheet¶

Quick reference for common Cisco IOS commands.

Modes¶

Mode	Prompt	How to Enter
User EXEC	`Switch>`	Default after login
Privileged EXEC	`Switch#`	`enable`
Global Config	`Switch(config)#`	`configure terminal`
Interface Config	`Switch(config-if)#`	`interface <type> <number>`
Line Config	`Switch(config-line)#`	`line console 0` or `line vty 0 15`

enable                      # Enter privileged mode
configure terminal          # Enter global config
exit                        # Go back one level
end                         # Return to privileged EXEC
disable                     # Return to user EXEC

Show Commands¶

show running-config         # Current configuration (RAM)
show startup-config         # Saved configuration (NVRAM)
show version                # IOS version, uptime, hardware
show ip interface brief     # Quick interface status
show interfaces             # Detailed interface info
show vlan brief             # VLAN summary
show mac address-table      # MAC address table
show cdp neighbors          # Connected Cisco devices
show cdp neighbors detail   # Detailed neighbor info
show logging                # System logs
show clock                  # Current time
show users                  # Logged in users
show history                # Command history

Configuration Management¶

Save Configuration¶

copy running-config startup-config
write memory
wr

Erase Configuration¶

write erase                 # Erase startup-config
erase startup-config        # Same as above
reload                      # Reboot device

Backup/Restore via TFTP¶

copy running-config tftp://192.168.1.100/backup.cfg
copy tftp://192.168.1.100/backup.cfg running-config

Interface Configuration¶

Basic Interface Setup¶

interface GigabitEthernet0/1
  description Uplink to Core
  ip address 192.168.1.1 255.255.255.0
  no shutdown

Shutdown/Enable Interface¶

interface GigabitEthernet0/1
  shutdown                  # Disable interface
  no shutdown               # Enable interface

Speed and Duplex¶

interface GigabitEthernet0/1
  speed 1000                # 10, 100, 1000, auto
  duplex full               # full, half, auto

VLAN Configuration¶

Create VLAN¶

vlan 10
  name Sales
vlan 20
  name Engineering

Assign Port to VLAN¶

interface GigabitEthernet0/1
  switchport mode access
  switchport access vlan 10

Trunk Port¶

interface GigabitEthernet0/24
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  switchport trunk native vlan 99

Show VLAN Info¶

show vlan brief
show interfaces trunk
show interfaces switchport

Passwords & Security¶

Console Password¶

line console 0
  password cisco123
  login

VTY (Telnet/SSH) Password¶

line vty 0 15
  password cisco123
  login
  transport input ssh       # SSH only (recommended)

Enable Password¶

enable secret MySecretPass  # Encrypted (use this)
enable password MyPass      # Plain text (avoid)

Encrypt Passwords¶

service password-encryption

SSH Setup¶

hostname Switch1
ip domain-name company.local
crypto key generate rsa modulus 2048
ip ssh version 2
username admin privilege 15 secret MyPassword
line vty 0 15
  login local
  transport input ssh

Port Security¶

interface GigabitEthernet0/1
  switchport mode access
  switchport port-security
  switchport port-security maximum 2
  switchport port-security mac-address sticky
  switchport port-security violation shutdown

Show Port Security¶

show port-security
show port-security interface GigabitEthernet0/1
show port-security address

Recover from Violation¶

interface GigabitEthernet0/1
  shutdown
  no shutdown

Spanning Tree¶

show spanning-tree
show spanning-tree summary
show spanning-tree vlan 10

spanning-tree mode rapid-pvst    # Recommended mode
spanning-tree vlan 10 priority 4096   # Make root bridge

Routing (Layer 3)¶

Static Route¶

ip route 10.0.0.0 255.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 192.168.1.1    # Default route

Show Routes¶

show ip route
show ip route static
show ip route connected

DHCP¶

DHCP Server¶

ip dhcp pool OFFICE
  network 192.168.10.0 255.255.255.0
  default-router 192.168.10.1
  dns-server 8.8.8.8 8.8.4.4
  lease 7

ip dhcp excluded-address 192.168.10.1 192.168.10.10

Show DHCP¶

show ip dhcp binding
show ip dhcp pool

Troubleshooting¶

Connectivity¶

ping 192.168.1.1
traceroute 192.168.1.1

Debug (use carefully)¶

debug ip icmp
undebug all                 # Stop all debugging
terminal monitor            # See debug on SSH/Telnet

Interface Issues¶

show interfaces GigabitEthernet0/1
show interfaces status
show interfaces counters errors

Password Recovery¶

Catalyst Switch¶

Hold MODE button while powering on
Release after ~15 seconds
flash_init
rename flash:config.text flash:config.old
boot
After boot: rename flash:config.old flash:config.text
copy flash:config.text running-config
Change passwords
copy running-config startup-config

Useful Shortcuts¶

Shortcut	Action
`?`	Context help
`Tab`	Auto-complete
`Ctrl+A`	Beginning of line
`Ctrl+E`	End of line
`Ctrl+Z`	Exit to privileged EXEC
`Ctrl+C`	Abort command
`Up Arrow`	Previous command
`do show...`	Run show from config mode

Best Practices

Always copy run start after changes
Use enable secret not enable password
Enable SSH, disable Telnet
Document changes with description on interfaces

Cisco CLI Cheat Sheet¶

Modes¶

Basic Navigation¶

Show Commands¶

Configuration Management¶

Save Configuration¶

Erase Configuration¶

Backup/Restore via TFTP¶

Interface Configuration¶

Basic Interface Setup¶

Shutdown/Enable Interface¶

Speed and Duplex¶

VLAN Configuration¶

Create VLAN¶

Assign Port to VLAN¶

Trunk Port¶

Show VLAN Info¶

Passwords & Security¶

Console Password¶

VTY (Telnet/SSH) Password¶

Enable Password¶

Encrypt Passwords¶

SSH Setup¶

Port Security¶

Show Port Security¶

Recover from Violation¶

Spanning Tree¶

Routing (Layer 3)¶

Static Route¶

Show Routes¶

DHCP¶

DHCP Server¶

Show DHCP¶

Troubleshooting¶

Connectivity¶

Debug (use carefully)¶

Interface Issues¶

Password Recovery¶

Catalyst Switch¶

Useful Shortcuts¶