Cisco IOS Commands

Accessing the Router

User EXEC mode :- Router >

Privilege EXEC mode :- Router > enable

Router #

Disabling Privilege EXEC mode :- Router # disable

Router >

Global Configuration mode :- Router # configure terminal

Router (config) #

Exit from Global config mode :- Router (config) # exit

Router #

Basic Configuration

Change Hostname :- Router (config) # hostname [hostname]

Router (config) # hostname R1
R1 (config) #

Disable Hostname :- R1 (config) # no hostname

Router (config) #

Insert a Banner :- R1 (config) # banner motd #[banner]#

R1 (config) # banner motd #Authorized Personal Only#

Removing a Banner :- R1 (config) # no banner motd

R1 (config) # no ip domain-lookup

R1 (config) # line console 0 / vty 0 4

R1 (config-line) # logging synchronous
R1 (config-line) # exit

History :- R1 # terminal history R1 # terminal no history

R1 # terminal history size 50 R1 # terminal no history size

R1 # show history

Changing History Size :- S1 (config) # line console 0 / vty 0 4

S1 (config-line) # history size [no.]
S1 (config-line) # history size 35
S1 (config-line) # exit

Configure Clock :- S1 # clock set hh:mm:ss day(1-31) month year

S1 # clock set 12:12:12 1 jan 2010

CDP (Cisco Discovery Protocol)

R1 # show cdp neighbors
R1 # show cdp neighbors detail
Dumidu Darshika Senanayake
Page 1 of 17
Cisco IOS Commands

Disable: R1 (config) # no cdp run Enable: R1 (config) # cdp run

Router Security

Router access password :- Remove password :-

R1 (config) # line console 0 / vty 0 4
R1 (config-line) # password [password]
R1 (config-line) # password cisco R1 (config-line) # no password
R1 (config-line) # login
R1 (config-line) # exit

Configure SSH :- S1 (config) # username [name] password [password]

S1 (config) # username ccna password cisco
S1 (config) # ip domain-name [domain name]
S1 (config) # ip domain-name mydomain.com
S1 (config) # crypto key generate rsa

S1 (config) # line vty 0 4

S1 (config-line) # transport input [ssh, telnet, all]
S1 (config-line) # transport input ssh
S1 (config-line) # login local
S1 (config-line) # exit

S1 (config) # ip ssh version 2 (optional)

S1 (config) # ip ssh time-out 60
S1 (config) # ip ssh authentication-retries 3

Encrypting Passwords :- R1 (config) # service password-encryption

Privilege EXEC mode password :- R1 (config) # enable password [password] (no encryption)
R1 (config) # enable password cisco

R1 (config) # enable secret [password] (heavy encryption)

R1 (config) # enable secret cisco

Removing enable password :- R1 (config) # no enable password

R1 (config) # no enable secret

Pre configuration for Cisco SDM

S1 (config-line) # privilege level 15
Configure HTTP Server :-
S1 (config) # ip http authentication enable
S1 (config) # ip http server
S1 (config) # ip http secure-server

ACL (Access Control List)

Wildcard mask: 0 bit - check 1 bit - ignore
A single host: 192.168.10.5 0.0.0.0 / host 192.16.10.5

Standard ACL: [1-99] [1300-1999] implemented close to the destination of the traffic
Dumidu Darshika Senanayake
Page 2 of 17
Cisco IOS Commands

R1 (config) # access-list [ACL no.] [permit / deny] [source ip add.] [wildcard mask]
R1 (config) # access-list 10 deny 192.168.10.0 0.0.0.255

Extended ACL: [100-199] [2000-2699] implemented close to source of the traffic

R1 (config) # access-list [ACL no.] [permit / deny] [protocol] [source network add. wildcard
mask] [destination network add. wildcard mask] eq [service]
R1 (config) # access-list 110 deny tcp 192.168.10.0 0.0.0.255 any eq telnet

Activating an ACL: R1 (config-if) # ip access-group [no.] [in / out]

R1 (config-if) # ip access-group 10 out

R1 (config) # line vty 0 4

R1 (config-line) # ip access-group 10 in

Named ACL: R1 (config) # ip access-list standard [name]

R1 (config) # ip access-list standard NO_ACCESS
R1 (config-std-nacl) # [permit / deny] [source ip add.] [wildcard mask]
R1 (config-std-nacl) # deny 192.168.10.0 0.0.0.255
R1 (config-std-nacl) # exit

R1 (config) # ip access-list extended [name]

R1 (config) # ip access-list extended SURFING
R1 (config-exd-nacl) # [permit / deny] [protocol] [source network add. wildcard mask]
[destination network add. wildcard mask] eq [service]
R1 (config-exd-nacl) # permit tcp 192.168.10.0 0.0.0.255 any eq telnet
R1 (config-exd-nacl) # exit

Activating a named ACL: R1 (config-if) # ip access-group [name] [in / out]

R1 (config-if) # ip access-group NO_ACCESS in

R1 # show access-lists

Configuring Interfaces
Configure Ethernet Ports :-

R1 (config) # interface [interface]

R1 (config) # interface f0/0
R1 (config-if) # ip address [ip add.] [subnet mask]
R1 (config-if) # ip address 192.168.1.1 255.255.255.0
R1 (config-if) # description [description]
R1 (config-if) # description Link to PC1
R1 (config-if) # no shutdown
R1 (config-if) # exit

Configuring Sub Interface :- (inter VLAN routing)

R1 (config) # interface f0/0.[vlan no.]

R1 (config) # interface f0/0.99
R1 (config-subif) # encapsulation dot1Q [vlan no.] native
R1 (config-subif) # encapsulation dot1Q 99 native
Dumidu Darshika Senanayake
Page 3 of 17
Cisco IOS Commands

R1 (config-subif) # ip address 172.17.99.1 255.255.255.0

R1 (config-subif) # exit

R1 (config) # interface f0/0.10

R1 (config-subif) # encapsulation dot1Q 10
R1 (config-subif) # ip address 172.17.10.1 255.255.255.0
R1 (config-subif) # exit

Only type no shutdown on main interface

Configure Serial Ports :-

R1 (config) # interface s0/0/0

R1 (config-if) # ip address 192.168.2.1 255.255.255.0
R1 (config-if) # clock rate [clock rate] (only for DCE)
R1 (config-if) # clock rate 64000
R1 (config-if) # description Link to R2
R1 (config-if) # no shutdown
R1 (config-if) # exit

Configuring a loopback interface :-

R1 (config) # interface loopback 0

R1 (config-if) # ip address 172.16.10.1 255.255.255.0
R1 (config-if) # description Loopback interface 1
R1 (config-if) # no shutdown
R1 (config-if) # exit

Modify a link
Bandwidth R1 (config-if) # bandwidth [Kilobits]
R1 (config-if) # bandwidth 1544 R1 (config-if) # no bandwidth

Mode S1 (config-if) # duplex [auto / full / half]

Speed S1 (config-if) # speed [no.]

S1 (config-if) # speed 100

Removing ip address & disabling the port

R1 (config) # interface f0/0

R1 (config-if) # no ip address
R1 (config-if) # shutdown

R1 # show ip interface brief

R1 # show interface s0/0/0
R1 # show controllers

Configure Routing Protocols

Static Route :-
AD = 1
R1 (config) # ip route [network add.] [subnet mask] [next hop IP add. / exit interface]
Dumidu Darshika Senanayake
Page 4 of 17
Cisco IOS Commands

R1 (config) # ip route 192.168.3.0 255.255.255.0 192.168.2.2 (next hop IP add.)

R1 (config) # ip route 192.168.3.0 255.255.255.0 s0/0/0 (exit interface)

Removing a Static Route :- R1 (config) # no ip route 192.168.3.0 255.255.255.0 s0/0/0

Dynamic Routing Protocols :-

Use the adjacent networks network address
[1 / 0] = [Administrative distance / Metric]

RIP v1 (Routing Information Protocol) broadcast AD = 120

R1 (config) # router rip

R1 (config-router) # network [network add. of adjacent networks]
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit

RIP v2 R1 (config) # router rip multicast: 224.0.0.9

R1 (config-router) # version 2
R1 (config-router) # no auto-summary
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit

R1 # debug ip rip undebug all

EIGRP (Enhanced Interior Gateway Routing Protocol) AD = 90

multicast: 224.0.0.10
R1 (config) # router eigrp [as no.] [Autonomous System no. 1 65535]
R1 (config) # router eigrp 1
R1 (config-router) # network 192.168.2.0
R1 (config-router) # network [network add.] [wildcard mask] (specific range)
R1 (config-router) # network 192.168.1.0 0.0.0.3
R1 (config-router) # exit

R1 (config-if) # ip summary-address eigrp [as no.] [network add.] [subnet mask]

R1 (config-if) # ip summary-address eigrp 1 192.168.0.0 255.255.252.0

R1 (config-if) # ip bandwidth-percent eigrp [as no.] [percent]

R1 (config-if) # ip bandwidth-percent eigrp 1 50
R1 (config-if) # ip hello-interval eigrp [as no.] [seconds]

R1 (config-if) # ip hold-time eigrp [as no.] [seconds]

R1 # show ip eigrp neighbors

R1 # show ip eigrp topology

OSPF (Open Shortest Path First) multicast: 224.0.0.5 AD = 110

Make sure to configure the loopback interfaces for network stability

Dumidu Darshika Senanayake

Page 5 of 17
Cisco IOS Commands

R1 (config) # router ospf [process ID] [Process ID 1 65535]

R1 (config) # router ospf 1
R1 (config-router) # network [network add.] [wildcard mask]area [area ID]
R1 (config-router) # network 192.168.1.0 0.0.0.3 area 0
R1 (config-router) # exit

Modifying router ID :- R1 (config-router) # router-id [ip add.]

R1 (config-router) # router-id 192.168.1.1

Modifying OSPF cost of a link :- R1 (config-if) # ip ospf cost [cost]

R1 (config-if) # ip ospf cost 1562

Interface priority :- R1 (config-if) # ip ospf priority [1-255]

R1 (config-if) # ip ospf priority 1

Changing reference bandwidth value :-

R1 (config-router) # auto-cost reference-bandwidth 10000

Modifying OSPF timers :- R1 (config-if) # ip ospf hello-interval [seconds]

R1 (config-if) # ip ospf dead-interval [seconds] (hello x 4)

Simple Authentication :-
enables authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication

R1 (config-if) # ip ospf authentication-key [password]

R1 (config-if) # ip ospf authentication-key cisco123

enables authentication for specific interface

R1 (config-if) # ip ospf authentication
R1 (config-if) # ip ospf authentication-key [password]
R1 (config-if) # ip ospf authentication-key cisco123

md5 (message-digest) Authentication :-

enables md5 authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication message-digest

R1 (config-if) # ip ospf message-digest-key 1 md5 [password]

R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123

enables md5 authentication for specific interface

R1 (config-if) # ip ospf authentication message-digest
R1 (config-if) # ip ospf message-digest-key 1 md5 [password]
R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123

R1 # show ip ospf
R1 # show ip ospf interface
R1 # show ip ospf neighbor
R1 # clear ip ospf process

Configuring Passive interface :- R1 (config-router) # passive-interface [interface]

R1 (config-router) # passive-interface f0/0

Dumidu Darshika Senanayake

Page 6 of 17
Cisco IOS Commands

Distributing (Default) Static route through RIP, EIGRP, OSPF

01). R1 (config) # ip route 0.0.0.0 0.0.0.0 209.165.200.225 (next hop ip)

R1 (config-router) # default-information originate

02). R1 (config) # ip route 192.168.0.0 255.255.0.0 s0/0/1

R1 (config-router) # redistribute static

R1 # show ip route
R1 # show ip protocol
R1 # debug ip routing

WAN Configuration
WAN configuration only performed on serial interfaces.

HDLC (High-level Data Link Control)

R1 (config-if) # encapsulation hdlc

PPP (Point to Point Protocol)

R1 (config-if) # encapsulation ppp

Compression: R1 (config-if) # compress [predictor / stac]

Link quality: R1 (config-if) # ppp quality [percentage]
Load balancing: R1 (config-if) # ppp multilink

Authentication:-
R1 (config) # username [remote-host] password [remote-password]
R1 (config) # username R2 password cisco123

Configuring PAP (PPP Authentication Protocol)

R1 (config-if) # ppp authentication pap
R1 (config-if) # ppp pap sent-username [local-host] password [local-host-password]
R1 (config-if) # ppp pap sent-username R1 password cisco123

Configuring CHAP (Challenge Handshake Authentication Protocol)

R1 (config-if) # ppp authentication chap

Troubleshooting PPP Debug ppp authentication

Debug ppp chap
Debug ppp error
Debug ppp negotiation
Debug ppp packet

Frame Relay

Dumidu Darshika Senanayake

Page 7 of 17
Cisco IOS Commands

Basic Frame Relay configuration

R1 (config-if) # encapsulation frame-relay [cisco / ietf] ietf for non-Cisco products

Static Frame Relay Mapping

R1 (config-if) # frame-relay map [protocol] [ip add. of neighbor] [dlci] broadcast
R1 (config-if) # frame-relay map ip 192.168.10.20 120 broadcast
R1 (config-if) # frame-relay map ip 192.168.10.30 130 broadcast

LMI (Local Management Interface) is default autosense

R1 (config-if) # frame-relay lmi-type [cisco / ansi / q933a]

Configuring Frame-Relay sub-interfaces

R1 (config) # interface s0/0/0
R1 (config-if) # encapsulation frame-relay
R1 (config-if) # no shutdown
R1 (config-if) # exit

R1 (config) # interface [serial int.].[dlci] [point-to-point / multipoint]

R1 (config) # interface s0/0/0.120 point-to-point
R1 (config-subif) # ip address 192.168.10.1 255.255.255.0
R1 (config-subif) # frame-relay interface-dlci [dlci]
R1 (config-subif) # frame-relay interface-dlci 120
R1 (config-subif) # exit

R1 (config) # interface s0/0/0.130 point-to-point

R1 (config-subif) # ip address 192.168.20.1 255.255.255.0
R1 (config-subif) # frame-relay interface-dlci 130
R1 (config-subif) # exit

Configure on main router. Only type no shutdown on main interface.

Branch routers encapsulation frame-relay
frame-relay lmi-type [cisco / ansi / q933a]

Configuring Frame-Relay switch

FR-Switch (config) # frame-relay switching

FR-Switch (config-if) # encapsulation frame-relay

Dumidu Darshika Senanayake

Page 8 of 17
Cisco IOS Commands

FR-Switch (config-if) # frame-relay intf-type dce

FR-Switch (config-if) # frame-relay route 102 interface serial 0/0/1 201

no frame-relay inverse-arp
no ip split-horizon

R1 # show frame-relay map

R1 # show frame-relay pvc / show frame-relay pvc [dlci]
R1 # show frame-relay lmi

R1 #debug frame-relay lmi

DHCP (Dynamic Host Configuration Protocol)

Step1: Exclude an address range

R1 (config) # ip dhcp excluded-address [low add.] [high add.]
R1 (config) # ip dhcp excluded-address 192.168.1.1 192.168.1.9

Step2: Create DHCP pool

R1 (config) # ip dhcp pool [pool name]
R1 (config) # ip dhcp pool SALES
R1 (config-dhcp) #

Step3: define the pool address

R1 (config-dhcp) # network [network add. mask / prefix]
R1 (config-dhcp) # network 192.168.1.0 255.255.255.0

R1 (config-dhcp) # default-router [ip add.]

R1 (config-dhcp) # default-router 192.168.1.1

R1 (config-dhcp) # dns-server [ip add.]

R1 (config-dhcp) # dns-server 192.168.20.254

R1 (config-dhcp) # netbios-name-server [ip add.]

R1 (config-dhcp) # netbios-name-server 192.168.20.254

R1 (config-dhcp) # domain-name [name]

R1 (config-dhcp) # domain-name mydomain.com

R1 (config-dhcp) # lease {days hours minutes / infinite}

R1 (config-dhcp) # lease 7

DHCP Relay

R1 (config) # interface f0/0

R1 (config-if) # ip helper-address [dhcp server ip add.]
R1 (config-if) # ip helper-address 192.168.10.5

Dumidu Darshika Senanayake

Page 9 of 17
Cisco IOS Commands

R1 (config) # ip forward-protocol udp [port no.]

R1 (config) # ip forward-protocol udp 161

R1 # show ip dhcp binding

R1 # show ip dhcp server statistics
R1 # show ip dhcp pool
R1 # show ip address conflicts

R1 # debug ip dhcp events

R1 # debug ip dhcp server
R1 # debug ip dhcp packet detail

NAT (Network Address Translation)

ISP static route ISP (config) # ip route 209.165.200.0 255.255.255.0 209.165.100.225

Static NAT (Public address given by ISP 209.165.200.254)

Step1: specify static translation between an inside local and inside global address
R1 (config) # ip nat inside source static [local ip] [global ip]
R1 (config) # ip nat inside source static 192.168.20.10 209.165.200.254

Step2: mark the router interface as an inside or outside interface

R1 (config-if) # ip nat [inside / outside]

R1 (config) # interface f0/0 R1 (config) # interface s0/0/0

R1 (config-if) # ip nat inside R1 (config-if) # ip nat outside

Dynamic NAT (Public address range from ISP 209.165.200.11 209.165.200.20 /24)
Step1: define a named address pool of outside addresses
R1 (config) # ip nat pool [name] [ip range] netmask [mask]
R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 netmask 255.255.255.0

Step2: define an access list to specify those inside address

R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255

Dumidu Darshika Senanayake

Page 10 of 17
Cisco IOS Commands

Step3 *: Specify dynamic translation

R1 (config) # ip nat inside source list [ACL no.] pool [name]
R1 (config) # ip nat inside source list 1 pool NAT1

Step4: R1 (config-if) # ip nat [inside / outside]

PAT (Port Address Translation)

Single public address

Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Step2 *: R1 (config) # ip nat inside source list 1 interface s0/0/0 overload
Step3: R1 (config-if) # ip nat [inside / outside]

Multiple public address

Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255
Step2: R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20
Step3 *: R1 (config) # ip nat inside source list 1 pool NAT1 overload
Step4: R1 (config-if) # ip nat [inside / outside]

R1 # show ip nat translation

R1 # show ip nat translation verbose
R1 # show ip nat statistics

R1 # debug ip nat

R1 # clear ip nat translation

IPv6

2002:c0a8:0101:0000:0000:0000:0000:0042 2002:c0a8:101::42

Classful / Classless Routing Behavior

R1 (config) # ip classless R1 (config) # no ip classless

Saving Configuration :- R1 # copy running-config startup-config

Backup Startup-config to flash :- R1 # copy startup-config flash:config.bak1

R1 # copy system:running-config tftp://172.16.2.155/tokyo-config

R1 # copy startup-config tftp

[tftp server ip add.]

Restore Configuration :- R1 # copy flash:config.bak1 startup-config

R1 # reload

Reset Router Configuration :- R1 # erase startup-config

[confirm]
R1 # reload

Boot from another image :-

Step1: configure a tftp server
Dumidu Darshika Senanayake
Page 11 of 17
Cisco IOS Commands

Step2: R1 # copy tftp flash

[ip add. of tftp server] 192.168.20.254
[new IOS image name] c1841-ipbasek9-mz.124-12.bin
Step3: R1 (config) # boot system flash: c1841-ipbasek9-mz.124-12.bin
Step4: save configuration R1 # copy run start
Step5: restart the router

c2960-lanbase-mz.122-25.SEE1.bin
c1841-ipbase-mz.123-14.T7.bin
c1841-ipbasek9-mz.124-12.bin
Platform: Cisco 2960 Cisco 1841 Cisco 1841
Feature set: lan base ip base ip base k9
File format: m (runs in RAM)
z (compressed)
Version: 12.2 (25) SEE1 12.3 (14) T7 12.4 (12)
File extinction: binary executable

Recovering a lost password :-

Step1: power cycle the router, and press [Ctrl]+[Break] key while booting. This will bring the
router to ROMmon mode.
Step2: rommon 1 > confreg 0x2142
rommon 2 > reset
Step3: after rebooting copy startup to running. Change the password
Step4: change the configuration registry back to default.
R1 (config) # config-register 0x2102
Step5: save the configuration, and power cycle the router.

0x2102 default registry value

0x2142 bypass startup configuration

Commands helpful in Troubleshooting

R1 # show running-config R1 (config) # do show run

R1 # show startup-config
R1 # show version
R1 # show flash

Dumidu Darshika Senanayake

Page 12 of 17
Cisco IOS Commands

Configuring Interfaces

Creating VLAN :- Remove a VLAN :-

S1 (config) # vlan [vlan no.]

S1 (config) # vlan 99 S1 (config) # no vlan 99
S1 (config) # name [vlan name]
S1 (config-vlan) # name Admin
S1 (config-vlan) # exit

Removing vlan database :- S1 # delete flash:vlan.dat

S1 # show vlan
S1 # show vlan brief

Configure (management) VLAN :-

S1 (config) # interface vlan [management vlan no.]

S1 (config) # interface vlan 99
S1 (config-if) # ip address [ip add.] [subnet mask]
S1 (config-if) # ip address 172.17.99.11 255.255.255.0
S1 (config-if) # no shutdown
S1 (config-if) # exit

Switch default gateway :- S1 (config) # ip default-gateway [default gateway ip add.]

S1 (config) # ip default-gateway 172.17.99.1

S1 # show interface vlan [management vlan no.]

S1 # show interface vlan 99

Assign an interface to VLAN :-

S1 (config) # interface [interface]

S1 (config) # interface range f0/18-24 f0/6, f0/11, f0/18

Configure Access Port :- S1 (config) # interface f0/18

S1 (config-if) # switchport mode access
S1 (config-if) # switchport access vlan 10
S1 (config-if) # exit

Configure Trunk port :- S1 (config) # interface f0/24

S1 (config-if) # switchport mode trunk
S1 (config-if) # switchport trunk native vlan 99
S1 (config-if) # exit

S1 (config-if) # switchport trunk allowed vlan 10, 20, 99

S1 (config-if) # switchport trunk allowed vlan all

S1 (config-if) # switchport mode dynamic auto

S1 (config-if) # switchport mode dynamic desirable

Dumidu Darshika Senanayake

Page 13 of 17
Cisco IOS Commands

Voice VLAN :- S1 (config-if) # mls qos trust cos

S1 (config-if) # switchport voice vlan 150

Dynamic Trunking Protocol :-

trunk
Dynamic auto/desirable trunk
access
Dynamic auto/desirable access
access
Dynamic auto dynamic auto
trunk
Dynamic desirable dynamic desirable
trunk
Dynamic desirable dynamic auto

Remove a VLAN & port type:- S1 (config-if) # no switchport mode access

S1 (config-if) # no switchport access vlan

S1 (config-if) # no switchport mode trunk

S1 (config-if) # no switchport trunk vlan

S1 # show interface f0/14 switchport

S1 # show interface trunk

Configure VTP (VLAN Trunking Protocol)

S1 (config) # vtp mode [server / client / transparent]

S1 (config) # vtp domain [domain name]

S1 (config) # vtp domain CCNA

S1 (config) # vtp password [password]

S1 (config) # vtp password cisco

S1 (config) # vtp version [version 1 / 2]

S1 (config) # vtp version 2

S1 (config) # vtp pruning

S1 # show vtp status

S1 # show vtp password
S1 # show vtp counters

Dumidu Darshika Senanayake

Page 14 of 17
Cisco IOS Commands

STP (Spanning Tree Protocol) activated by default

S1 # show spanning-tree
S1 # show spanning-tree active
S1 # show spanning-tree vlan 10

S1 # debug spanning-tree events

S1 (config) # spanning-tree vlan [vlan no.] priority [priority] (multiples of 4096)

S1 (config) # spanning-tree vlan 10 priority 4096 (default priority is 32769)

S1 (config) # spanning-tree vlan 10 root primary

S1 (config) # spanning-tree vlan 20 root secondary

S1 (config) # spanning-tree vlan [vlan no.] root primary diameter [value]

S1 (config) # spanning-tree vlan 10 root primary diameter 5

S1 (config-if) # spanning-tree cost [cost]

S1 (config-if) # spanning-tree cost 25 S1 (config-if) # no spanning-tree cost

S1 (config-if) # spanning-tree port-priority [priority]

S1 (config-if) # spanning-tree port-priority 112 (0 240, increments of 16)

S1 (config-if) # spanning-tree portfast

(only for ports connected to a single host edge ports)
S1 (config-if) # no spanning-tree portfast

Configure Rapid-PVST+ :- S1 (config) # spanning-tree mode rapid-pvst

S1 (config-if) # spanning-tree link-type point-to-point

S1 # clear spanning-tree detected-protocols

Configure static MAC address :-

S1 (config) # mac-address-table static [MAC add.] vlan [no.] interface [interface]
S1 (config) # mac-address-table static 0060.3edd.19a3 vlan 99 interface f0/24

S1 (config) # no mac-address-table static [MAC add.] vlan [no.] interface [interface]

S1 # clear mac-address-table dynamic

Dumidu Darshika Senanayake

Page 15 of 17
Cisco IOS Commands

S1 # show mac-address-table

Configure Static Port Security :-

S1 (config-if) # switchport port-security mac-address [MAC add.] interface [interface]
S1 (config-if) # switchport port-security mac-address 000c.7259.0a63 interface f0/4

Configure Dymanic Port Security :-

S1 (config-if) # switchport port-security
S1 (config-if) # switchport port-security maximum 1
S1 (config-if) # switchport port-security mac-address sticky
S1 (config-if) # switchport port-security violation [protect / restrict / shutdown]

S1 # show port-security
S1 # show port-security interface f0/18
S1 # show port-security address

DHCP Snooping :- S1 (config) # ip dhcp snooping

S1 (config) # ip dhcp snooping vlan [no.]
S1 (config) # ip dhcp snooping trust
S1 (config) # ip dhcp snooping limit rate [no.]

Password Recovery :- flash_init

load_helper
dir flash:
rename flash: config.text flash: config.old
boot

rename flash: config.old flash: config.text

copy flash: config.text system: running-config

This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two
ports as static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable :

Switch# configure terminal

Switch(config)# interface range gigabitethernet2/0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config-if-range)# channel-group 5 mode desirable non-silent
Switch(config-if-range)# end

This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two
ports as static-access ports in VLAN 10 to channel 5 with the LACP mode active :

Switch# configure terminal

Switch(config)# interface range gigabitethernet2/0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Dumidu Darshika Senanayake
Page 16 of 17
Cisco IOS Commands

Switch(config-if-range)# channel-group 5 mode active

Switch(config-if-range)# end

Dumidu Darshika Senanayake

Page 17 of 17