CCNA R&S: Cisco Commands List. Portable command guide for dummies

This posts consists of a list of important CCNA commands that you may need to use both in CCNA exams and in real world. When you start preparing for CCNA exam, you start developing concepts on various networking topics, but in the real world when you will work as a network engineer or in any other relevant position, you will need to know when and how to apply your CCNA knowledge. This posts aims to equip you with all the necessary commands with in-depth illustrations to make your familiarize with network configuration environment so that you know exactly which command to use in a particular situation.

This posts has included all the CCNA commands that an exam. candidate may need to solve CCNA simulation lab, and to solve switching and routing problems in real networks.

Router Modes:

• Router>: User mode = Limited to basic monitoring commands
• Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
• Router(config)#: global configuration mode = Commands that affect the entire system
• Router(config-if)#: interface mode = Commands that affect interfaces
• Router(config-subif)#: subinterface mode = Commands that affect subinterfaces
• Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, aux…)
• Router(config-router)#: router configuration mode

SW1(config)#ip domain-name example.com

SW1(config)#username admin password cisco

SW1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024

SW1(config)#ip ssh version 2

SW1(config-if)#switchport mode access

SW1(config-if)#switchport port-security maximum 1

SW1(config-if)#switchport port-security violation shutdown (options: shutdown, protect, restrict)

SW1(config)#vlan 10 SW1(config-vlan)#name SALES

SW1(config-if)#nonegotiate (or hardcode the port as an access port)
SW1(config-if)#switchport mode access

SW1(config)#vtp mode server (options: server, client, transparent)

SW1(config)#vtp domain EXAMPLE (case-sensitive)

SW1(config)#vtp password cisco (case-sensitive)

SW1(config)#vtp pruning (only works on VTP servers)

SW1(config)#vtp version 2

SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#spanning-tree vlan 1 root secondary
SW1(config)#spanning-tree [vlan 1] priority 8192

SW1(config)#spanning-tree mode rapid-pvst (options: mst, pvst, rapid-pvst)

SW1(config-if)#spanning-tree portfast
SW1(config-if)#spanning-tree bpduguard enable

SW1(config-if)#spanning-tree [vlan 1] cost 25

R1(config-if)#description LINK_T0_L0CAL_LAN_THR0UGH_SW1

Rl(config-if)#ip address 172.16.1.1 255.255.255.0

Rl(config)#interface serial 0/1/0

R1(config-if)#description WAN_C0NNECTI0N_T0_R2

Rl(config-if)#ip address 10.1.1.1 255.255.255.252

Rl(config-if)#clock rate 128000

Rl(config)# interface fastEthernet 0/0.10

Rl(config-subif)# encapsulation dotlq 10

Rl(config-subif)#ip address 192.168.10.1 255.255.255.0

Rl(config-subif)# interface fastEthernet 0/0.20

Rl(config-subif)# encapsulation dotlq 20

Enter OSPF router configuration mode:

Rl(config)#router ospf 10 (process ID)

Rl(config)#router eigrp 121 (AS number)

Create a key chain and give it a name:
Rl(config)#key chain MY_KEYS
– Create one or more keys giving them numbers:
Rl(config-keychain)#key 1
– Define the key value:
Rl(config-keychain-key)#key-string 1stKEY
– Define the life time of the keys (optional):
Rl(config-keychain-key)#send-lifetime [start time] [end time]
Rl(config-keychain-key)#accept-lifetime [start time] [end time]

Rl(config-if)#ip authentication mode eigrp 121 md5

– Standard ACL should be placed as close as possible to the destination of the packet.
– Identify the source IP addresses of packets as they go in the direction that the ACL is examining.

Rl(config)#access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN

– ACL uses first-match logic.
– There is an implicit deny any at the end of the ACL.
Rl(config)#access-list 2 deny 192.168.1.77
Rl(config)#access-list 2 deny 192.168.1.64 0.0.0.31
Rl(config)#access-list 2 permit 10.1.0.0 0.0.255.255
Rl(config)#access-list 2 deny 10.0.0.0 0.255.255.255
Rl(config)#access-list 2 permit any

– Named ACLs use names to identify ACLs rather than numbers, and commands that permit or deny traffic are written in a sub mode called named ACL mode (nacl).
– Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing statements of the ACL.

Rl(config)#ip access-list extended MY_EXTENDED_ACL
Rl(config-ext-nacl)#deny icmp 10.1.1.1 0.0.0.0 any
Rl(config-ext-nacl)#deny tcp host 10.1.1.0 host 10.0.0.1 eq 80
Rl(config-ext-nacl)# permit ip any any
Rl(config)#interface fastEthernet 0/1
Rl(config-if)#ip access-group MY_EXTENDED_ACL in

Rl(config)#ip dhcp pool MY_POOL

R1(dhcp-config)»network 192.168.1.0 255.255.255.0 R1(dhcp-config)»default-router 192.168.1.1

R1(dhcp-config)»dns-server 213.131.65.20 8.8.8.8

Rl(dhcp-config)lease 2 (days)

Rl(config)#hostname ALPHA

ALPHA(config)#username BETA password XYZ

Rl(config)#hostname ALPHA

ALPHA(config)#username BETA password XYZ

Rl(config)#interface serial 0/0
Rl(config-if)#ip address 1.1.1.1 255.255.255.0
Rl(config-if)#encapsulation frame-relay (ietf)

Rl(config-if)#frame-relay lmi-type ansi
(options: ansi, cisco, q933a)

Rl(config)#interface serial 0/0 Rl(config-if)#encapsulation frame-relay

Rl(config)#interface serial 0/0 Rl(config-if)#ip nat outside Rl(config)#interface FastEthernet 1/1 Rl(config-if)#ip nat inside

Rl(config)#access-list 3 permit 192.168.1.0 0.0.0.255

Rl(config)#ip nat pool PUB 200.1.1.1 200.1.1.6 netmask 255.255.255.248