Category - commands

Cisco Discovery Protocol

  1. Proprietary Cisco Layer 2 protocol that uses multicast to gather hardware and protocol information about directly connected devices.
  2. Network layer protocol and media independent.
  3. Enabled by default on all Cisco devices, but can be disabled globally:

Router(config)#nocdp run

or can be disabled on interface-by-interface basis:

Router(config-if)#nocdp enable

  • To learn the remote device’s Layer 3 address and IOS version

Router>showcdp neighbor detail


Router>showcdp entry *


Telnet enables a virtual terminal connection to a remote device’s IP address using the Application layer protocol called Telnet (TCP port 23 at the Transport layer).

To Telnet from IOS, enter the keywordtelnetfollowed by the IP address or hostname. If youenter only an IP address or hostname in user or privileged EXEC, IOS automatically assumes that you are Telnetting. To Telnet to a Cisco device, the vty passwords must be set, or you receive the “Password required, but none set” error. To access Privileged EXEC in a Telnet session, you must have enable password set, or you receive the “% No password set” error.

  • To suspend the Telnet session, press Ctrl+Shift+6, x.
  • To see a list of the active sessions in the originating router, use the show sessions command.
  • To resume a suspended session, press the Enter key from user EXEC or privileged EXEC mode, or enter resume followed by the session number.
  • To close a Telnet session from the device you are Telnetted into, enter exitor logout from user EXEC or privileged EXEC mode.
  • To close a Telnet session from the originating device, enter disconnect followed by the session number.
  • To see log messages in your Telnet session, use the privileged EXEC mode command terminal monitor in the device that you are Telnetted into.


Your Cisco device can act as a DHCP server and respond to DHCP requests on a segment. To configure the Cisco device as a DHCP server, you must first enable the interface that will receivethe DHCP requests and assign an IP address to it. After the interface is enabled, you define theDHCP address pool with theip dhcp pool poolname global configuration command. Indhcp – configmode, you can define the DHCP address scope with thenetwork command followed bythe IP subnet to be assigned. You can also define additional paramvcers such as the default gate-way, DNS server, domain name, and length of the IP lease. To exclude IP addresses from being assigned (such as if you have statically assigned them to specific devices), use the ip dhcp excluded -address ip-addresscommand to remove the IP(s) from the scope.

To verify the devices that have been assigned IP addresses from the DHCP address scope, use the show dhcp bindings command.


Switches have the following functions:

  • Segment LANs into multiple collision domains.
  • Learn MAC addresses by examining the source MAC address of each frame received and store them in a CAM table.
  • Base their forwarding decisions based on the destination MAC address of an Ethernet frame.
  • Flood broadcast, multicast, and unknown unicast frames out all ports except the one it was received.

A switch has three methods of forwarding frames:

Store-and-forward: Latency varying transmission method that buffers the entire frame and calculates the CRC before forwarding the frame.

Cut-through: Only looks at the destination MAC address in an Ethernet frame and forwards it.

Fragment-free: Checks the first 64 bytes for frame fragments (due to collisions) before forwarding the fame.


Duplex Connections

  • Half-duplex interfaces have one-way communication with suboptimal throughput because they operate in a collision domain in which CSMA/CD must be enabled. When connected to a hub, they must run half duplex.
  • Full-duplex interfaces simultaneously send and receive, allowing higher throughput because CSMA/CD is disabled. Connections to other switches or devices can be full duplex.

Spanning Tree Protocol IEEE 802.1d

STP is a Layer 2 protocol that is used to prevent switching loops in networks with redundant switched paths.

TABLE  STP Port States
State Function Transition Time
Disabled The interface is administratively shut downor disabled from port violation. NA
Blocking Does not forward any user data. All ports start out in this state.Does not send, but still can receive BPDUs to react to topology changes. 0 to 20 seconds
ListeningLearning Begins to transition to a forwarding state by listening and sending BPDUs.No user data sent.Begins to build MAC addresses learned on the interface. No user data sent. 15 seconds15 seconds
Forwarding User data forwarded.


STP elects root bridge/switch by dvcermining which switch has the lowest Bridge ID in the topology learned from sending and receiving BPDUs. Bridge ID is a combination of Priority and MAC address.

All nonroot switches dvcermine root port based on the fastest (lowest cumulative cost) path back to root switch. If a tie occurs, the Bridge ID followed by port priority and port number are the tie breakers.

On each segment, the switch advertising the fastest way back to the root switch is the desig­nated port for that segment.

If port is not a root or a designated port, it is blocking.


Port Cost Values
Interface Cost
10Gbps 2
1Gbps 4
100Mbps 19
10Mbps 100

Global Configuration Commands

Global Configuration Commands

Command                                          Description

config-registerregister                     Alters the configuration register.

boot system location                       Specifies location to load IOS.

hostname hostname                         Changes the name of the Cisco router or switch.

banner motd char banner char           Creates a message of the day login banner.

ip host name ipaddress                    Configures a static mapping of a hostname to an IP address.

ip name-server ip                            Specifies a DNS server IP address for dynamic name resolution.

ip domain-lookup                                      Enables automatic name resolution.

ip domain-name                                        Assigns a domain name to a Cisco device.

global configuration commands

Securing the IOS

First and foremost, ensure that you physically secure access to your Cisco devices so that there are no intentional or unintentional disruptions or access to the device itself.

To secure user EXEC access to your console port:

Router(config)#lineconsole 0

Router ( conf ig – line )#login



To secure user EXEC access to your aux port:

Router(config)#lineaux 0 Router ( conf ig – line )#login Router(config-line)#passwordpassword

To secure user EXEC access to all five Telnet lines:

Router(config)#linevty 0 4

Router ( conf ig – line )#login


To secure access to privileged EXEC mode:

Router(config)#enablesecret password Router(config)#enablepassword password

Theenable secret global configuration command encrypts the password using a MD5 hash.If theenable secret andenable password commands are used at the same time, theenable secret password is used.

To encrypt the enable password and the line passwords, use the service password-encryptioncommand.

configuration commands


To secure terminal access to the Cisco device, use SSH over Telnet. The steps to configure SSH are as follows:

  1. Configure a hostname on the device other than the default hostname.
  2. Configure a domain name for the Cisco device.
  3. Generate an RSA key (recommended to be at least 1024 bits) with the crypto key generate command.
  4. Create a username/password combination with the username username password password command.
  5. (Optional) Limit the vty lines to allow SSH with only the transportinput SSH command.


Interface Configuration Commands


Command                             Description

ip address ipsubnetmask    Assigns an IP address to an interface.

no shutdown                            Administratively enables an interface.


clock rate speed                     Sets the timing speed of the network on a DCE interface in bps.

bandwidth speed                   Sets the logical bandwidth setting for routing protocols in Kbps. ip address dhcp

Switch Commands

 Switch Configuration Commands

Command                                 Description

interface range media range Configures several interfaces with the same paramvcers.

ip address ipaddress               Assigns an IP address to a VLAN interface.

ip default -gateway ip Sets the gateway of last resort for a Layer 2 switch. Changes the speed of an autosensing link in Mbps. Sets the duplex of a switchport.

The copy Command

Thecopy command is used to copy files from one location to another. For example, to save the current configuration, we copy the running-config in RAM to the startup-config in NVRAM using the copy running-configstartup-configcommand.

Thecopy command is used to copy files between our device and a TFTP server. For instance,copy flashtftpbacks up the IOS in flash to a TFTP server.copy flashtftpcan be usedto upgrade, downgrade, or restore an IOS back onto our device. Before copying to a TFTP server, follow these steps:

  1. The TFTP server must have the TFTP service running.
  2. Our device must be cabled correctly. If a switch, plug the TFTP server into the switch with a straight-through Ethernet cable. If going directly between a router and the TFTP server, use a cross-over cable.
  3. You must have IP connectivity to the server.
  4. There must be enough room on the TFTP server and your device’s memory to store these files.


The show Command

  General show Commands
Command                                  Mode Output
show running-config              Privileged Current active configuration in RAM.
show startup-config               Privileged Configuration stored in NVRAM that is loaded on reboot.
show interfaces              User and privileged Status of the interfaces as well as physical and logicaladdress, encapsulation, bandwidth, reliability, load,MTU, duplex, broadcasts, collisions, and frame errors.

Status of the interfaces and their logical addresses.

Microcode of the interface including DCE/DTE cable

show ipinterfacebriefUser and privilegedshow controller               User and privileged
show flash                      User and privileged Filenames and sizes of IOS files stored in flash memory.
show version                  User and privileged IOS version, system uptime, amount of RAM, NVRAM,flash memory, and configuration register.


Interface Status

  Interface Status Values
Layer 1 Layer 2 (Line Protocol) Possible Symptoms
UpUp UpDown None. Interface is functional.Encapsulation mismatch, lack of clocking on serial
Down Down Cable is disconnected or attached to a shutdown inter‑face on the far-end device.
Administratively down Down Local interface was not enabled with the no shutdown


How to TCP Trace

TCP trace is a utility by which you can trace a destination for a specific TCP port. It is a built in utility in Linux but for Windows it is installed additionally.tcp trace For TCP trace first install WINCAP then copy TCP trace software at C drive and un-compress it. Then run it from command prompt as follows.

C:\>tracetcp “destination IP” -r 6660 6660

Here 6660 is the port for which you want to take trace.

How to run TCP trace:

Step 1 – Notebook or PC should have Admin rights.

Step 2 – Run the utility

Step 3 – Run command prompt as administrator

Step 4 – On C Drive go to Windows, then System32,then go to that directory or folder in which its installed for e.g>>> (C:\>Windows>system32>tracetcp>tracetcp )

Step 5 – Run here with Destination IP address with port numbers placing –r in between destination ip and port # (C:\>tracetcp “destination IP” -r “port #” “port #” ) (C:/>tracetcp -r 6660 6660)

Step 6 – You will get the desire results

Port 6660 6660

Results will be like this:




Copyright ©2010 - 2022 | Privacy Policy | Terms & Conditions