I’ve collected some useful command lists of Cisco and wanted publishing on my blog. This article will be updated when I see some new commands related to Cisco.
Switch(config)#hostname SW1
SW1(config)#enable secret cisco
SW1(config)#enable password notcisco
SW1(config)#line con 0
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config)#line vty 0 4
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config)#banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
SW1(config)#interface VLAN 1
SW1(config-if)#ip address 172.16.1.11 255.255.255.0 (or dhcp)
SW1(config-if)#shutdown
SW1(config)#ip default-gateway 172.16.1.1
SW1#copy running-config startup-config
Destination filename [startup-config]? [OK]
or
SW1#wr [OK]
(name lookup, history, exec-timeout and logging behavior)
SW1(config)#no ip domain-lookup
SW1(config)#line vty 0 4
SW1(config-line)#history size 15
SW1(config-line)# exec-timeout 10 30
SW1(config-line)#logging synchronous
1. Configure DNS domain name:
SW1(config)#ip domain-name example.com
2. Configure a username and password:
SW1(config)#username admin password cisco
3. Generate encryption keys:
SW1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
4. Define SSH version to use:
SW1(config)#ip ssh version 2
5. Enable vty lines to use SSH:
SW1(config)#line vty 0 4
SW1(config-line)#login local
SW1(config-line)#transport input telnet ssh
SW1(config)#alias exec c configure terminal
SW1(config)#alias exec s show ip interface brief
SW1(config)#alias exec sr show running-config
SW1(config)#interface fastEthernet 0/1
SW1(config-if)#description LINK TO INTERNET ROUTER
SW1(config-if)#speed 100 (options: 10, 100, auto)
SW1(config)#interface range fastEthernet 0/5 – 10
SW1(config-if-range)#duplex full (options: half, full, auto)
SW1#show version
Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
SW1#show running-config
Shows the current configuration file stored in DRAM.
SW1#show startup-config
Shows the configuration file stored in NVRAM which is used at the first boot process.
SW1#show history
Lists the commands currently held in the history buffer.
SW1#show ip interface brief
Shows an overview of all interfaces, their physical status, protocol status, and IP address if assigned.
SW1#show interface VLAN 1
Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic.
SW1#show interfaces description
Shows the description of all interfaces
SW1#show interfaces status
Shows the status of all interfaces like connected or not, speed, duplex, trunk, or access VLAN.
SW1#show crypto key mypubkey RSA
Shows the public encryption key used for SSH.
SW1#show DHCP lease
Shows information about the leased IP address (when an interface is configured to get an IP address via a DHCP server)
The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently connected hosts.
1. Make the switch interface as access port:
SW1(config-if)#switchport mode access
2. Enable port security on the interface:
SW1(config-if)#switchport port-security
3. Specify the maximum number of allowed MAC addresses:
SW1(config-if)#switchport port-security maximum 1
4. Define the action to take when a violation occurs:
SW1(config-if)#switchport port-security violation shutdown (options: shutdown, protect, restrict)
5. Specify the allowed MAC addresses:
SW1(config-if)#switchport port-security mac-address 68b5.9965.1195 (options: H.H.H, sticky)
SW1#show mac-address-table
Shows the entries of the mac address table
SW1#show port-security
Overview of port security of all interfaces
SW1#show port-security interface fa0/5
Shows detailed information about port security on the specified interface
1. Create a new VLAN and give it a name:
SW1(config)#vlan 10
SW1(config-vlan)#name SALES
2. Assign an access interface to access a specific VLAN:
SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access VLAN 10
Accessing vlan 10 (data) and 12 (VoIP)
SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport access vlan 10
SW1(config-if)#switchport voice vlan 12
SW1(config)#interface fastEthernet 0/1
SW1(config-if)#switchport mode trunk
(options: access, trunk, dynamic auto, dynamic desirable)
SW1(config-if)#switchport trunk allowed vlan add 10
(options: add, remove, all, except)
1. Administratively disable unused interfaces:
SW1(config-if)#shutdown
2. Prevent trunking by disabling auto-negotiation on the interface:
SW1(config-if)#nonegotiate (or hardcode the port as an access port)
SW1(config-if)#switchport mode access
3. Assign the port to an unused VLAN:
SW1(config-if)#switchport access VLAN 222
Thanks reading the cisco commands article.