Cisco IOS commands

Cisco IOS commands

- in Enterprise Infrastructure
3844
0

Commands Used to Monitor and Manipulate the CAM Table Task

Display all MAC addresses learned on a specific interface
Switch# show mac address-table dynamic interface type number

Display the current CAM table size
Switch# show mac address-table count

Enter a static CAM table entry
Switch(config)# mac address-table static mac-address vlan vlan-id { drop | interface type number}

Clear a CAM entry
Switch# clear mac address-table dynamic [ address mac-address | interface type number | vlan vlan-id ]

Display TCAM utilization
Switch# show platform tcam utilization

Display the current memory template
Switch# show sdm prefer

Configure a preferred memory template
Switch()# sdm prefer template

Switch Port Configuration Commands

Select a port.
Switch(config)# interface type member/module/number

Select multiple ports.
Switch(config)# interface range type member/module/number[, type member/module/number …]
or
Switch(config)# interface range type member/module/first-number – last-number

Define an interface macro.
Switch(config)# define interface-range macro-name type member/module/number[, type member/module/number…] [ type member/module/first-number – lastnumber] […]

Switch(config)# interface range macro macro-na me

Identify port.
Switch(config-if)# description description-string

Set port speed.
Switch(config-if)# speed {10 | 100 | 1000 | auto}

Set port mode.
Switch(config-if)# duplex {auto | full | half}

Detect port error conditions.
Switch(config-if)# errdisable detect cause [all| causename]

Automatically recover from errdisable.
Switch(config-if)# errdisable recovery cause [ all| causename]
Switch(config-if)# errdisable recovery interval seconds

Manually recover from errdisable.
Switch(config-if)# shutdown
Switch(config-if)# no shutdown

Display ports in errdisable state
Switch(config)# show interface status err-diablead

Neighbor Discovery Commands

Display CDP neighbor information.
Switch# show cdp neighbors [ type member/module/number] [detail]

Control CDP operation globally.
Switch(config)# [no] cdp run

Control CDP operation on an interface.
Switch(config-if)# [ no] cdp enable

Display LLDP neighbor information.
Switch(config)# show lldp neighbors [ type member/module/number] [ detail]

Control LLDP operation globally.
Switch(config)# [ no] lldp run

Control LLDP operation on an interface.
Switch(config-if)# [ no] lldp { receive | Transmit}

Power over Ethernet Commands

Set PoE behavior.
Switch(config-if)# power inline { auto | static} [max milliwatts]

Disable PoE on a switch port
Switch(config-if)# power inline never

Display PoE status.
Switch# show power inline [ type member/mod/num] [detail]

VLAN and Trunking Configuration Commands

Create VLAN.
Switch(config)# vlan vlan-num
Switch(config-vlan)# name vlan-nameAssign port to VLAN.
Switch(config)# interface type member/module/number
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan vlan-num


Configure trunk.
Switch(config)# interface type member/module/number
Switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate }
Switch(config-if)# switchport trunk native vlan vlan-id
Switch(config-if)# switchport trunk allowed vlan { vlan-list | all | {add | except | remove} vlan-list }
Switch(config-if)# switchport mode {trunk | dynamic {desirable | auto }}


Define the trunking on a port to a Cisco IP phone.
Switch(config-if)# switchport voice vlan { vlan-id | dot1p | untagged | none }

VLAN and Trunking Troubleshooting

Verify VLAN configuration.
Switch# show vlan id vlan-id
Switch# show vlan [ brief ]

Verify active trunk parameters.
Switch# show interface type member/module/number trunk

Compare trunk configuration and active parameters.
Switch# show interface type member/module/number switchport

Verify DTP operation.
Switch# show dtp [ interface type member/module/nombre]

VTP Configuration Commands

Define the VTP domain.
Switch(config)# vtp domain domain-nameSet the VTP mode.
Switch(config)# vtp mode { server | client | transparent | off }

Define an optional VTP password.
Switch(config)# vtp password password [ hidden | secret ]

Configure VTP version.
Switch(config)# vtp version { 1 | 2 | 3 }

Enable VTP pruning.
Switch(config)# vtp pruning

Select VLANs eligible for pruning on a trunk interface.
Switch(config)# interface type member/ module/number
Switch(config-if)# switchport trunk pruning vlan { add | except | none | remove } vlan-list

STP Configuration Commands

Enable STP.
Switch(config)# spanning-tree vlan-id

Set bridge priority.
Switch(config)# spanning-tree vlan vlan-id priority bridge-priority

Set root bridge (macro).
Switch(config)# spanning-tree vlan vlan-id root { primary | secondary } [ diameter diameter ]

Set port cost.
Switch(config-if)# spanning-tree [ vlan vlan-id ] cost cost

Set port priority.
Switch(config-if)# spanning-tree [ vlan vlan-id ] port-priority port-priority

Set STP timers.
Switch(config)# spanning-tree [ vlan vlan-id ] hello-time seconds
Switch(config)# spanning-tree [ vlan vlan-id ] forward-time seconds
Switch(config)# spanning-tree [ vlan vlan-id ] max-age seconds

Set PortFast on an interface.
Switch(config-if)# spanning-tree portfast

Set UplinkFast on a switch.
Switch(config)# spanning-tree uplinkfast [ max-update-rate pkts-per-second ]

Set BackboneFast on a switch.
Switch(config)# spanning-tree backbonefast


STP Protection Configuration Commands

Enable Root Guard. —
Switch(config-if)# spanningtree guarda root

Enable BPDU Guard.
Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if )# spanningtree bpduguard enable

Enable Loop Guard.
Switch(config)# spanning-tree loopguard default
Switch(config-if)# spanningtree guard loop

Enable UDLD.
Switch(config)# udld {enable | aggressive | message time seconds}
Switch(config-if)# udld {enable | aggressive | disable}

Enable BPDU filtering.
Switch(config)# spanning-tree bpdufilter default
Switch(config-if)# spanningtree bpdufilter enable

STP Protection Activity Commands

Look for ports that have been put in an inconsistent state.
Switch# show spanning-tree inconsistentports

Display the global BPDU Guard, BPDU filter, and Loop Guard states.
Switch# show spanning-tree summary

Show UDLD status.
Switch# show udld [ type mod/num ]

Reenable all ports that UDLD has errdisabled.
Switch# udld reset

RSTP Configuration

Define an edge port.
Switch(config-if)# spanning-tree portfast

Override a port type.
Switch(config-if)# spanning-tree link-type point-to-point

MST Region Configuration Commands

Enable MST on a switch.
Switch(config)# spanning-tree mode mst

Enter MST configuration mode.
Switch(config)# spanning-tree mst configuration

Name the MST region.
Switch(config-mst)# name name

Set the configuration revision number.
Switch(config-mst)# revision version

EtherChannel Configuration Commands Task

Select a load-balancing method for the switch.
port-channel load-balance method

Use a PAgP mode on an interface.
channel-protocol PAgP
channel-group number mode { on | {{ auto | desirable } [ non-silent ]}}

Assign the LACP system priority.
lacp system-priority priority

Use an LACP mode on an interface.
channel-protocol LACP
channel-group number mode { on | passive | active }
lacp port-priority priority

Configure EtherChannel Guard
[ no ] spanning-tree etherchannel guard misconfig

Inter-VLAN Routing Configuration Commands

Put a port into Layer 2 mode.
Switch(config-if)# switchport

Put a port into Layer 3 mode.
Switch(config-if)# no switchport

Define an SVI.
Switch(config)# interface vlan vlan-id

Multilayer Switching Verification Commands

Show a Layer 2 port status.
Switch# show interface type member/ module/number switchport

Show a Layer 3 port status.
Switch# show interface type member/ module/number

Show an SVI status.
Switch# show interface vlan vlan-id

View the FIB contents.
Switch# show ip cef

View FIB information for an interface.
Switch# show ip cef [ type member/ module/number | vlan vlan-id ] [ detail ]

View FIB information for an IP prefix.
Switch# show ip cef [ prefix-ip prefixmask ] [ longer-prefixes ] [ detail ]

View FIB adjacency information.
Switch# show adjacency [ type member/ module/number | vlan vlan-id ] [ summary | detail ]

View counters for packets not switched by CEF.
Switch# show cef not-cef-switched

DHCP Commands Related to IPv4

Exclude addresses from a DHCP server scope.
Switch(config-if)# ip dhcp excluded-address start-ip end-ip

Define a DHCP server scope.
Switch(config-if)# ip dhcp pool pool-name

Identify the IP subnet for the server scope.
Switch(config-dhcp)# network ip-address subnet-mask

Identify the default router used in the server scope.
Switch(config-dhcp)# default-router ip-address [ ip-address2 ] [ ip-address3 ] …

Define the DHCP server lease time.
Switch(config-dhcp )# lease {infinite | { days [hours [ minutes ]]}}

Define a DHCP option.
Switch(dhcp-config)# option option-num value

Configure a manual DHCP binding.
Switch(config)# ip dhcp pool pool-name
Switch(dhcp-config)# host ip-address mask
Switch(dhcp-config)# client-identifier identifier
Switch(dhcp-config)# exit

Enable DHCP relay on a Layer 3 interface.
Switch(config-if)# ip helper-address ip-address

Display current DHCP bindings.
Switch# show ip dhcp binding

Manually clear a DHCP binding.
Switch# clear ip dhcp binding { * | ip-address }

DHCP Commands Related to IPv6
Define an IPv6 address prefix on a Layer 3 interface.
Switch(config)# interface type member/module/number
Switch(config-if)# ipv6 address ipv6-prefix

Define a DHCPv6 pool.
Switch(config)# ipv6 dhcp pool pool-name
Switch(config-dhcpv6)# address prefix ipv6-prefix
Switch(config-dhcpv6)# dns-server dns-address
Switch(config-dhcpv6)# domain-name name

Bind a DHCPv6 pool to a Layer 3 interface.
Switch(config)# interface type member/module/number
Switch(config-if)# ipv6 address ipv6-address
Switch(config-if)# ipv6 dhcp server pool-name

Enable DHCPv6 Lite options.
Switch(config-if)# ipv6 nd other-config-Flag

Enable DHCPv6 relay on a Layer 3 interface.
Switch(config-if)# ipv6 dhcp relay destination ipv6- address

Manually clear a DHCPv6 binding.
Switch# clear ipv6 dhcp binding { * | ipv6-address }

Display a summary of DHCPv6 pool activity.
Switch# show ipv6 dhcp pool

Display current DHCPv6 bindings.
Switch# show ipv6 dhcp binding [ ipv6-address ]

Switch Logging Configuration Commands

Log to the console port.
Switch(config)# logging console severity

Log to a buffer.
Switch(config)# logging buffered severity
Switch(config)# logging buffered size

Display the logging buffer.
Switch# show logging

Log to a syslog server.
Switch(config)# logging host
Switch(config)# logging trap severity

Time Clock Configuration Commands

Display the clock.
Switch# show clock [detail]

Set the local time zone.
Switch(config)# clock timezone name offset-hours [ offsetminutes ]
Switch(config)# clock summer-time name date start-month date year hh:mm end-month day year hh:mm [ offset-minutes ]

Synchronize with an NTP server.
Switch(config)# ntp server ip-address [ prefer ] [ version { 3 | 4 }]

Verify NTP synchronization.
Switch# show ntp status Switch# show ntp associations

Use NTP authentication.
Switch(config)# ntp authentication-key key-number md5 keystring
Switch(config)# ntp authenticate
Switch(config)# ntp trusted-key key-number
Switch(config)# ntp server ip-address key key-number

Limit NTP access.
Switch(config)# access-list acl-num permit ip-address mask
Switch(config)# ntp access-group {serve-only | serve | peer | query-only } acl-num

Add time stamps to logging messages.
Switch(config)# service timestamps log datetime [ localtime ] [ show-timezone ] [ msec ] [ year ]

SNMP Configuration Commands

Define SNMPv1 or SNMPv2C access.
Switch(config)# snmp-server community community string [ ro | rw ] [ access-list-number ]

Define an SNMPv1 trap receiver.
Switch(config)# snmp-server host host-address community-string [ trap-type ]

Define an SNMPv2C trap or inform receiver.
Switch(config)# snmp-server host host-address [ informs ] version 2c community-string

Define an SNMPv3 view.
Switch(config)# snmp-server view view-name oid-tree

Define an SNMPv3 user group.
Switch(config)# snmp-server group group-name v3 { noauth | auth | priv } [ read read-view ] [ write write-view ] [ notify notify-view ] [ access access-list ]

Define an SNMPv3 user.
Switch(config)# snmp-server user user-name group-name v3 auth {md5 | sha auth-password priv { des | 3des | aes { 128 | 192 | 256 } priv-password [ access-list ]

Define an SNMPv3 trap or inform receiver.
Switch(config)# snmp-server host host-address [ informs ] version 3 { noauth | auth | priv } user-name [ trap-type ]

IP SLA Configuration and Monitoring Commands

Enable IP SLA responder.
Switch(config)# ip sla responder

Authenticate IP SLA operations.
Switch(config)# key chain chain-name
Switch(config-keychain)# key key-number
Switch(config-keychain-key)# key-string string
Switch(config-keychain-key)# exit
Switch(config-keychain)# exit
Switch(config)# ip sla key-chain chain-name

Define a new IP SLA operation.
Switch(config)# ip sla operation-number

Define an ICMP echo test.
Switch(config-ip-sla)# icmp-echo destination-ip-addr [ sourceip-addr]

Define a UDP jitter test.
Switch(config-ip-sla)# udp-jitter destination-ip-addr dest-udpport [ source-ip source-ip-addr] [ source-port source-udp-port] [num-packets number-of-packets] [ interval packet-interval]

Define UDP jitter codec.
Switch(config-ip-sla)# udp-jitter destination-ip-addr dest-udp-port codec { g711alaw| g711ulaw| g729a}

Set the test frequency.
Switch(config-ip-sla)# frequency seconds

Set the test schedule.
Switch(config)# ip sla schedule operation-number [ life { forever | seconds}] [ start-time { hh:mm[:ss] [ month day| day month] | pending| now| after hh:mm:ss}] [ ageout seconds] [ recurring]

Display the IP SLA test configuration.
Switch# show ip sla configuration [ operation-number]

Display the results of an IP SLA test operation.
Switch# show ip sla statistics [operation-number] [aggregated] [detail]

Configure a local SPAN session source.
Switch(config)# monitor session session-number source { interface type member/mod/num | vlan vlan-id }[ rx | tx | both ]

Configure a local SPAN session destination.
Switch(config)# monitor session session-number destination interface type member/mod/num [ encapsulation replicate ]

Enable ingress traffic from the destination interface.
… ingress { dot1q vlan vlan-id | isl | untagged vlan vlan-id }

Filter VLANs from a trunk link as a SPAN source.
Switch(config)# monitor session session-number filter vlan vlan-range

Create an RSPAN VLAN.
Switch(config)# vlan vlan-id
Switch(config-vlan)# remote-span

Configure an RSPAN session on the source switch.
Switch(config)# monitor session session-number source { interface type member/mod/num | vlan vlan-id }[ rx | tx | both ]
Switch(config)# monitor session session-number destination remote vlan rspan-vlan-id

Configure an RSPAN session on the destination switch.
Switch(config)# monitor session session-number source remote vlan rspan-vlan-id
Switch(config)# monitor session session-number destination interface type member/mod/num [ encapsulation replicate]

Display active SPAN sessions.
Switch# show monitor [ session { session-number | all | local | range range-list | remote }] [ detail ]

Delete SPAN sessions.
Switch(config)# no monitor session { session | range sessionrange } | local | all }

Supervisor Redundancy Configuration Commands

Enable supervisor redundancy.
Switch(config)# redundancy

Set the supervisor redundancy mode.
Switch(config-red)# mode { rpr| rpr-plus| sso}

Display supervisor redundancy states.
Switch# show redundancy states

Enable supervisor redundancy synchronization.
Switch(config-red)# main-cpu
Switch(config-r-mc)# auto-sync { startup-config | config-register| bootvar}

HSRP Configuration Commands Task Command Syntax

Set the HSRP priority.
Switch(config-if)# standby group priority priority

Set the HSRP timers.
Switch(config-if)# standby group timers hello holdtime

Allow router preemption.
Switch(config-if)# standby group preempt [ delay seconds ]

Use group authentication.
Switch(config-if)# standby group authentication string

Adjust priority by tracking an interface.
Switch(config-if)# standby group track type member/module/number decrementvalue

Assign the virtual router address.
Switch(config-if)# standby group ip ip address [ secondary ]

VRRP Configuration Commands Task Command Syntax

Assign a VRRP router priority (default 100).
Switch(config-if)# vrrp group priority level

Alter the advertisement timer (default 1 second).
Switch(config-if)# vrrp group timers advertise [ msec ] interval

Learn the advertisement interval from the master router.
Switch(config-if)# vrrp group timers learn

Disable preempting (default is to preempt).
Switch(config-if)# no vrrp group preempt

Change the preempt delay (default 0 seconds).
Switch(config-if)# vrrp group preempt [ delay seconds ]

Use authentication for advertisements.
Switch(config-if)# vrrp group authentication string

Assign a virtual IP address.
Switch(config-if)# vrrp group ip ip-address [ secondary ]

GLBP Configuration Commands Task Command Syntax

Assign a GLBP priority.
Switch(config-if)# glbp group priority level

Allow GLBP preemption.
Switch(config-if)# glbp group preempt [ delay minimum seconds ]

Define an object to be tracked.
Switch(config)# track object-number interface type member/module/number { line-protocol | ip routing }

Define the weighting thresholds.
Switch(config-if)# glbp group weighting maximum [ lower lower ] [ upper upper ]

Track an object.
Switch(config-if)# glbp group weighting track object-number [ decrement value ]

Choose the load-balancing method.
Switch(config-if)# glbp group loadbalancing [ round-robin | weighted | hostdependent ]

Assign a virtual router address.
Switch(config-if)# glbp group ip [ ip-address [ secondary ]]

Port Security Configuration Commands Task Command Syntax

Enable port security on an interface.
Switch(config-if)# switchport port-security

Set the maximum number of learned addresses.
Switch(config-if)# switchport port-security maximum max-addr

Define a static MAC address.
Switch(config-if)# switchport port-security macaddress mac-addr

Define an action to take.
Switch(config-if)# switchport port-security violation {shutdown | restrict | protect}

Display port security status.
Switch# show port-security [ interface type member/module/number ]

Port-Based Authentication Configuration Commands Task Command Syntax

Define a method list for 802.1X.
Switch(config)# aaa authentication dot1x default group radius

Globally enable 802.1X.
Switch(config)# dot1x system-auth-control

Define the 802.1X behavior on a port.
Switch(config-if)# dot1x port-control {forceauthorized | force- unauthorized | auto }

Support more than one host on a port.
Switch(config-if)# dot1x host-mode multi-host

Display 802.1X interface status.
Switch# show dot1x [ all ] [ interface type member/ module/number ]

Storm Control Configuration Commands Task Command Syntax

Enable a Storm Control threshold on an interface.
Switch(config-if)# storm-control { broadcast | multicast | unicast } level { level [ level-low ] | bps bps [ bps-low ] | pps pps [ pps-low ]}

Define an action for Storm Control. (By default, frames are dropped if this command is not present.)
Switch(config-if)# storm-control action { shutdown | trap }

Display Storm Control status.
Switch# show storm-control [ interface-id ] [ broadcast | multicast | unicast ]

VLAN ACL Configuration Commands Task Command Syntax

Define a VACL.
Switch(config)# vlan access-map map-name [ sequencenumber ]

Define a matching condition.
Switch(config-access-map)# match {ip address { acl-number | acl-name }} | { mac address acl-name }}

Define an action.
Switch(config-access-map)# action { drop | forward [ capture ] | redirect type mod/num }

Apply the VACL to VLANs.
Switch(config)# vlan filter map-name vlan-list vlan-list

Private VLAN Configuration Commands Task Command Syntax

Define a secondary VLAN.
Switch(config)# vlan vlan-id
Switch(config-vlan)# private-vlan { isolated | community }

Define a primary VLAN; associate it with secondary VLANs.
Switch(config)# vlan vlan-id
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan association { secondary-vlan-list | add secondary-vlan-list | remove secondary-vlan-list }

Associate ports with private VLANs.
Switch(config-if)# switchport mode private-vlan { host | promiscuous }

Associate nonpromiscuous ports with private VLANs.
Switch(config-if)# switchport private-vlan hostassociation primary-vlan-id secondary-vlan-id

Associate promiscuous ports with private VLANs.
Switch(config-if)# switchport private-vlan mapping { primary-vlan-id} {secondary-vlan-list } | { add secondary-vlan-list} | { remove secondary-vlan-list }

Associate secondary VLANs with a primary VLAN Layer 3 SVI.
Switch(config-if)# private-vlan mapping { secondaryvlan-list | add secondary-vlan-list | remove secondary-vlan-list }

DHCP Snooping Configuration Commands Task Command Syntax

Globally enable DHCP snooping.
Switch(config)# ip dhcp snooping

Define a trusted interface.
Switch(config-if)# ip dhcp snooping trust

Limit the interface DHCP packet rate.
Switch(config-if)# ip dhcp snooping limit rate rate

Display DHCP snooping status.
Switch# show ip dhcp snooping [ binding ]

IP Source Guard Configuration Commands Task Command Syntax

Define a static IP source binding entry.
Switch(config)# ip source binding macaddress vlan vlan-id ip-address interface type member/module/number

Enable IP source guard on an interface.
Switch(config-if)# ip verify source [ portsecurity ]

Display IP source guard status.
Switch# show ip verify source [ interface type member/module/number ]

Display IP source binding database.
Switch# show ip source binding [ ip-address ] [ mac-address ] [ dhcp-snooping | static ] [ interface type member/module/number ] [ vlan vlan-id ]

Dynamic ARP Inspection Configuration Commands Task Command Syntax

Enable DAI on a VLAN.
Switch(config)# ip arp inspection vlan vlanrange

Define a trusted interface.
Switch(config-if)# ip arp inspection trust

Define a static ARP inspection binding.
Switch(config)# arp access-list acl-name permit ip host sender-ip mac host sendermac [ log ]

Apply static ARP inspection bindings.
Switch(config)# ip arp inspection filter arpacl-name vlan vlan-range [ static ]

Validate addresses within ARP replies.
Switch(config)# ip arp inspection validate {[ src-mac ] [ dst-mac ] [ ip ]}

Display DAI status.
Switch# show ip arp inspection

AAA Configuration Commands Task Command Syntax

Enable AAA on a switch.
Switch(config)# aaa new-model

Use local authentication.
Switch(config)# username username password password

Define individual authentication servers.
Switch(config)# radius-server host { hostname | ip-address } [ key string ]
Switch(config)# tacacs-server host { hostname | ip-address } [ key string ]

Define a group of authentication servers.
Switch(config)# aaa group server { radius | tacacs+ } group-name
Switch(config-sg)# server ip-address

Define a list of authentication methods to try.
Switch(config)# aaa authentication login { default | list-name } method1 [ method2 … ]

Apply an authentication method list to a line.
Switch(config-line)# login authentication { default | list-name }

Define a list of authorization methods to try.
Switch(config)# aaa authorization { commands | config-commands | configuration | exec | network | reverseaccess } { default | list-name } method1 [ method2 … ]

Apply an authorization method list to a line.
Switch(config)# authorization { commands level | exec | reverse-access } { default | listname }

Define a list of accounting methods to try.
Switch(config)# aaa accounting { system | exec | commands level } {default | list- name } { start-stop | stop-only | wait-start | none } method1 [ method2… ]

Apply an accounting method list to a line.
Switch(config-line)# accounting { commands level | connection | exec } { default | listname }

Configuring NSF (by Routing Protocol)

BGP
Switch(config)# router bgp as-number
Switch(config-router)# bgp graceful-restart

EIGRP
Switch(config)# router eigrp as-number
Switch(config-router)# nsf

OSPF
Switch(config)# router ospf process-id
Switch(config-router)# nsf

IS-IS
Switch(config)# router isis [tag ]
Switch(config-router)# nsf [ cisco | ietf]
Switch(config-router)# nsf interval [minutes ]
Switch(config-router)# nsf t3 { manual [ seconds] | adjacency }
Switch(config-router)# nsf interface wait seconds

Facebook Comments

You may also like

How-to Install SSH Server on Linux 

1.- Install with apt-get command on Ubuntu: sudo