1.

Basic Setup and Navigation

Command Mode Description

enable User EXEC Enters privileged EXEC mode.

Privileged
disable Exits back to user EXEC mode.
EXEC

Privileged
configure terminal Enters global configuration mode.
EXEC

Moves back one mode (e.g., from

exit Any
interface config to global config).

Exits all configuration modes back

end or Ctrl+Z Any
to privileged EXEC mode.

Privileged Displays the current active

show running-config
EXEC configuration in RAM.

Privileged Displays the saved configuration in

show startup-config
EXEC NVRAM.

copy running-config Privileged

Saves the current config to NVRAM.
startup-config EXEC

Privileged Older command to save the config

write memory (wr)
EXEC (same as copy run start).

Privileged
reload Reboots the switch/router.
EXEC

hostname <NAME> Global Sets the device's hostname.

Command Mode Description

Config

enable secret Global Sets an encrypted privileged EXEC

<PASSWORD> Config password.

enable password Global Sets a plaintext privileged EXEC

<PASSWORD> Config password (less secure).

service password- Global Encrypts all plaintext passwords in

encryption Config the configuration.

banner motd Global Sets a "Message of the Day"

#<MESSAGE># Config banner. # is a delimiter.

2. Interface Configuration (Crucial for Labs)

Command Mode Description

interface
Global Enters interface configuration
<type><slot>/<port>
Config mode.
(e.g., int g0/0, int fa0/1)

ip address <IP> Interface Assigns an IP address to the

<SUBNET_MASK> Config interface.

Interface Configures the interface as a

ip address dhcp
Config DHCP client.

Interface Administratively enables the

no shutdown
Config interface.
Command Mode Description

Interface Administratively disables the

shutdown
Config interface.

Interface Adds a description for the

description <TEXT>
Config interface.

Interface Sets the duplex mode

duplex auto/full/half
Config (usually auto).

Interface
speed auto/10/100/1000 Sets the speed (usually auto).
Config

Privileged Shows status and statistics for all

show interfaces
EXEC interfaces.

Privileged Essential: Shows a brief status

show ip interface brief
EXEC and IP address of all interfaces.

3. Layer 2 Switching Commands (for Switches)

Command Mode Description

Global Creates a VLAN and enters VLAN

vlan <VLAN_ID>
Config config mode.

VLAN
name <VLAN_NAME> Names the VLAN.
Config

Interface Sets a switch port to access mode

switchport mode access
Config (for end devices).
Command Mode Description

switchport access vlan Interface Assigns the access port to a

<VLAN_ID> Config specific VLAN.

Interface Sets a switch port to trunk mode

switchport mode trunk
Config (for switch-to-switch/router).

switchport trunk Interface On older switches: Sets trunk

encapsulation dot1q Config encapsulation to 802.1Q.

switchport trunk native Interface Sets the native VLAN for the
vlan <VLAN_ID> Config trunk.

show vlan or show vlan Privileged Displays VLAN information and

brief EXEC port assignments.

Privileged Displays the MAC address table

show mac address-table
EXEC (forwarding table).

Privileged Displays Spanning Tree Protocol

show spanning-tree
EXEC (STP) information.

4. Layer 3 Routing Commands

Command Mode Description

ip route <NETWORK>
<MASK> <NEXT_HOP> Global
Configures a static route.
(e.g., ip route 192.168.2.0 Config
255.255.255.0 192.168.1.1)

ip route 0.0.0.0 0.0.0.0 Global Configures a default static

<NEXT_HOP> Config route.

Enables the RIP routing

Global
router rip process (old, but good for
Config
labs).

Router Sets RIP to version 2 (sends

version 2
Config subnet masks).

Router Disables automatic network

no auto-summary
Config summarization.

Router
network <NETWORK> Advertises a network in RIP.
Config

Global Enables the OSPF routing

router ospf <PROCESS_ID>
Config process.

network <NETWORK> Router

Advertises networks in OSPF.
<WILDCARD> area <AREA> Config

Global Enables the EIGRP routing

router eigrp <AS_NUMBER>
Config process.

network <NETWORK> Router

Advertises networks in EIGRP.
<WILDCARD> Config
Command Mode Description

Privileged Essential: Displays the routing

show ip route
EXEC table.

Privileged Shows information about

show ip protocols
EXEC active routing protocols.

5. Verification and Troubleshooting

Command Mode Description

User/Privileged
ping <IP> Tests IP connectivity to a destination.
EXEC

traceroute User/Privileged Shows the path packets take to reach a

<IP> EXEC destination.

show ip
interface Privileged EXEC Checks interface status and IP addresses.
brief

show
running- Privileged EXEC Verifies your current configuration.
config

Shows device hardware and software

show version Privileged EXEC
information.

show cdp CDP is enabled by default. Shows

Privileged EXEC
neighbors directly connected Cisco devices.
Command Mode Description

show cdp
Shows detailed info about neighbors
neighbors Privileged EXEC
(including IP addresses).
detail

Use with extreme caution in labs! Starts

real-time debugging. (e.g., debug ip
debug ... Privileged EXEC
rip, debug ip ospf events). Always
use undebug all to turn off.

terminal Sends debug/output to your current

Privileged EXEC
monitor terminal session.

6. Security and Access (ACLs, SSH)

Command Mode Description

username <NAME> Global

Creates a local user account.
secret <PASSWORD> Config

Global Enters console line configuration

line console 0
Config mode.

password <PASSWORD> Line Config Sets the console password.

Enables password checking for

login Line Config
the console.

Global Enters VTY (Telnet/SSH) line

line vty 0 4
Config configuration mode.
Command Mode Description

password <PASSWORD> Line Config Sets the VTY password.

Uses the local user database for

login local Line Config
login.

Crucial for security: Allows only

transport input ssh Line Config
SSH connections.

ip domain-name Global Required for SSH: Sets the domain

<DOMAIN> Config name.

Global Generates RSA keys (required to

crypto key generate rsa
Config enable SSH).

access-list <ACL#> Global Creates a numbered Standard (1-

permit/deny ... Config 99) or Extended (100-199) ACL.

ip access-group <ACL#> Interface

Applies an ACL to an interface.
in/out Config

Privileged Shows all configured ACLs and

show access-lists
EXEC their hit counts.

7. Useful Labs & Scenarios

Lab 1: Basic Switch Configuration (VLANs & Trunking)

bash
Switch> enable
Switch# configure terminal
Switch(config)# hostname SW1
SW1(config)# enable secret cisco
SW1(config)# vlan 10
SW1(config-vlan)# name SALES
SW1(config-vlan)# exit
SW1(config)# vlan 20
SW1(config-vlan)# name ENGINEERING
SW1(config-vlan)# exit
SW1(config)# interface range fastEthernet 0/1 - 4
SW1(config-if-range)# switchport mode access
SW1(config-if-range)# switchport access vlan 10
SW1(config-if-range)# no shutdown
SW1(config-if-range)# exit
SW1(config)# interface gigabitEthernet 0/1
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk native vlan 99
SW1(config-if)# no shutdown
SW1(config-if)# end
SW1# copy running-config startup-config
SW1# show vlan brief
SW1# show interfaces trunk

Lab 2: Router-on-a-Stick (Inter-VLAN Routing)

bash
# On the Switch (connected to router)
Switch(config)# interface g0/1
Switch(config-if)# switchport mode trunk

# On the Router
Router> enable
Router# configure terminal
Router(config)# hostname R1
R1(config)# interface gigabitEthernet 0/0.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 192.168.10.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface gigabitEthernet 0/0.20
R1(config-subif)# encapsulation dot1Q 20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface gigabitEthernet 0/0
R1(config-if)# no shutdown
R1(config-if)# end
R1# show ip interface brief

Lab 3: Basic OSPF Configuration

bash
Router> enable
Router# configure terminal
Router(config)# hostname R1
R1(config)# router ospf 1
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0
R1(config-router)# network 10.0.0.0 0.255.255.255 area 0
R1(config-router)# end
R1# show ip ospf neighbor
R1# show ip route