Scribd
Upload
10 views26 pages

CCNA Cheat Sheet-1

The CCNA Cheat Sheet provides a comprehensive overview of essential networking concepts, configurations, and troubleshooting commands for Cisco devices. It covers topics such as VLANs, STP, port security, NAT, DHCP, and various routing protocols, along with specific commands for configuration and troubleshooting. This document serves as a quick reference guide for network professionals preparing for the CCNA certification exam.

Uploaded by

Jose Matos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views26 pages

CCNA Cheat Sheet-1

The CCNA Cheat Sheet provides a comprehensive overview of essential networking concepts, configurations, and troubleshooting commands for Cisco devices. It covers topics such as VLANs, STP, port security, NAT, DHCP, and various routing protocols, along with specific commands for configuration and troubleshooting. This document serves as a quick reference guide for network professionals preparing for the CCNA certification exam.

Uploaded by

Jose Matos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

ccna sheat sheet.

md 2025-08-23

CCNA Cheat Sheet

Table of Contents
Configure basic Networking
Troubleshoot basic Networking
Troubleshoot networks with SPAN
Port Security
Troubleshooting Port Security
Configure vlans
Layer2 Switch Vlan Config
Layer3 Switch Vlan Config
Router (on a Stick) Vlan Config
Troubleshoot Vlans on a switch
VTP
Troubleshoot VTP
STP
Troubleshoot STP
RSTP
Etherchannel (Link Aggregation)
Troubleshoot Etherchannel (Link Aggregation)
Configure a Serial
ACLs
Interface ACLs
Troubleshooting ACLs
NAT
SNAT
DNAT
PAT
Troubleshooting NAT
DHCP Server
Troubleshooting DHCP
HSRP
Troubleshooting HSRP
SLAs
Troubleshooting SLAs
Device Management
Firmware Management
License Management
Reset Password
Telnet / Console
SSH
Clock
Disable unused services

1 / 26
ccna sheat sheet.md 2025-08-23

Radius
TACACS+
Syslog
SNMP
CDP - Cisco Discovery Protocol
LLDP - Link Layer Discovery Protocol
PPP
Troubleshooting PPP
MLP
Troubleshooting MLP
PPPoE
Troubleshooting PPPoE
GRE
Troubleshooting GRE
RIPv2
Troubleshooting RIPv2
EIGRP
EIGRP with ipv6
OSPF
Router Types
OSPF with ipv6 (OSPFv3)
Troubleshooting OSPF
BGP
CLI
Default Behavior
Modes
Filters
Navigation
Packet Types
Ethernet Frame
IPv4 Header
TCP Segment
UDP Segment
To Sort and Misc

Configure basic Networking


Command Description

(config)# interface g1/0 Enter their interface config mode

(config-if)# description Link to Somehost Human readable link description

(config-if)# ip address 10.23.42.5 255.255.0.0 Add IPv4 address to interface.

(config-if)# mac address 1234.5678.90AB Overwrite MAC address.

(config-if)# no mac address Remove MAC overwrite.

2 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config-if)# ipv6 address 2001:41d0:8:e115::ccc/64 Add IPv6 address to interface.

(config-if)# ipv6 address 2001:41d0:8:e115::/64 eui-64 Add IPv6 address based on MAC to interface.

(config-if)# ip address dhcp Get IPv4 address via dhcp.

Get IPv6 address [and default route] via


(config-if)# ipv6 address autoconfig [default]
autoconfig

(config-if)# ip dhcp client client-id asccii SW2 Set hostname transmitted as dhcp client to SW2

(config)# interface g1/0 - 2 Configure both interfaces at once.

En- or Disable interface. Often shutdown is the


(config-if)# [no] shutdown
default.

(config)# ip default-gateway 10.23.42.1 Set 10.23.42.1 as the default gateway

(config)# ip route 10.20.30.0 255.255.255.0


Add static route via next hop or interface
{1.2.3.4,e0/0} [ad]

(config)# ipv6 route 2001:41d0:8:e115::/64 [g1/1] Next hop is required for Ethernet interface in
[next hop] IPv6

(config)# ip host the-space.agency 178.32.222.21 Create a static host entry on this device.

(config)# ipv6 unicast-routing Globally enable ipv6 routing.

Troubleshoot basic Networking

Command Description

# show interfaces [if-name] Show interfaces mac, bandwidth, mtu, packet stats...

# show ip[v6] route [static] Show routes and how they were learned.

# show ip[v6] interface [if-name] Show interfaces ip/arp/icmp/nd... configuration

# show ip[v6] interface brief [if-name] Only show ip, status and operational status

# show protocols [if-name] Much like show ip int brief, w/ cidr, w/o ok/method

# show mac address-table Show the mac address table of a switch.

# clear mac address-table [dynamic] Clear the dynamically learned mac address table entries.

# show arp Show {ip,ipx,appletalk}-mac bindings

# show ip arp [{ip, mac, if-name}] Show ip-mac bindings

# clear [ip] arp 192.168.1.1 Remove arp entry for ip

# debug arp Show debug messages when receiving/sending arp packets

# undebug all Disable all previously enabled debugs

3 / 26
ccna sheat sheet.md 2025-08-23

Command Description

# show ipv6 neighbors Show neighbor discovery table cache

# ping 1.2.3.4 [source g1/1]

# traceroute 1.2.3.4 [source g1/1]

# show control-plane host open-ports netstat -tulpn on this cisco device, basically

Troubleshoot networks with SPAN

Command Description

(config)# monitor session 23 source interface g1/1 {rx,tx,both} Define SPAN #23 input as g1/1

(config)# monitor session 23 destination interface g1/2 Define SPAN #23 output as g1/2

# show monitor Show all configured SPANs

Port Security
Command Description

(config-if)# switchport mode {access, trunk}

(config-if)# [no] switchport port-security En/Disable port-security

(config-if)# switchport port-security maximum 1 Number of allowed MACs.

(config-if)# switchport port-security mac-address


Manually allow a MAC on this port.
1234.5678.9abc

Allow learning of connected macs until mac


(config-if)# switchport port-security mac-address sticky
reached.

Shutdown port when other device gets


(config-if)# switchport port-security violation shutdown
connected.

(config-if)# shutdown (config-if)# no shutdown Reenable if after port-security violation.

Reenable if automatically after problem is


(config)# errdisable recovery cause psecure-violation
fixed.

Recheck every 42 seconds. (min 30, default


(config)# errdisable recovery interval 42
300)

Port-security violation terms

Term Definition

protect Drops packets, no alert

restrict Drops packets, increments security-violation count

shutdown Shuts down the port (default)

4 / 26
ccna sheat sheet.md 2025-08-23

Troubleshooting Port Security

Command Description

# show port-security [interface g1/1] port status, violation mode, max/total MACs,...

# show port-security address Secure MACs on ports.

# show errdisable recovery Check if autorecovery is enabled. Disabled by default.

Configure vlans
Note: Even when a switch port is changed from access to trunk, its access vlan is maintained in the config.
When automatic trunk negotiation fails (e.g. because I unplug a link between to switches and put it into my
laptop) the configured access vlan becomes active once again and I might be able to reach network parts I'm
not supposed to. Always disable DTP / trunk auto negotiation.

Layer2 Switch Vlan Config

Command Description

[delete vlan or] create vlan and enter config-vlan


(config)# [no] vlan 23
mode

(config-vlan)# name TelephoneSanitizer Name this vlan TelephoneSanitizer

(config)# int g1/1

(config-if)# switchport mode access Make frames out this port untagged

(config-if)# switchport access vlan 23

(config)# int g1/2

(config-if)# switchport mode trunk Make frames out this port tagged by default

(config-if)# switchport trunk encapsulation


Sometimes the default is ciscos old isl.
dot1q

(config-if)# switchport trunk native vlan 256 Except for vlan 256, which is still untagged.

(config-if)# switchport nonegotiate Disable DTP

Layer3 Switch Vlan Config

Command Description

(config)# interface vlan 23 enter interface config mode

(config-if)# ip address 1.2.3.4 255.255.255.0 set device ip in vlan 23

(config-if)# no shutdown virtual interfaces are disabled by default

(config-if)# int g

(config)# no vlan 23 delete vlan 23

5 / 26
ccna sheat sheet.md 2025-08-23

Router (on a Stick) Vlan Config

Command Description

(config)# interface g1/1.10 Create subinterface g1/1.10 on g1/1

enable ieee 802.1Q vlan tagging with vlan 10 on the


(config-subif)# encapsulation dot1q 10
subinterface

(config-subif)# ip address 10.0.10.1


255.255.255.0

# show vlans Show vlans and their trunk interfaces

Troubleshoot Vlans on a switch

Command Description

# show vlan [{id 23, name TelephoneSanitizer}] [brief] Show vlan settings for all switch ports

# show interfaces g1/1 switchport Verify mode and vlan of g1/1

# show interfaces g1/1 trunk Show trunk settings and state

# show run interface vlan 1 Quick way to search the running config.

# show interface status Show trunk mode / access vlan

# show dtp interface g1/1 Show current DTP mode for g1/1

VTP

Command Description

(config)# vtp mode [server, client, transparent]

(config)# vtp domain

(config)# vtp password

(config)# vtp pruning

Troubleshoot VTP

Command Description

show vtp status show vtp domain, pruning, mode and more

show vtp password

STP
Spaning Tree Protocol (802.1D) blocks ports with redundant links to prevent layer 2 loops and broadcast
storms.

6 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config)# spanning-tree vlan 1 root {primary, Make this device the primary/secondary root
secondary} bridge.

Enable bpdu guard for all portfast enable


(config)# spanning-tree portfast bpduguard default
interfaces

(config)# spanning-tree portfast default Enable portfast for all non-trunk interfaces

(config-if)# spanning-tree bpduguard enable Enable gpduguard on this interface

(config-if)# spanning-tree portfast Enable portfast on this interface

(config-if)# spanning-tree guard root Enable root guard on this interface

Troubleshoot STP

Command Description

# show spanning-tree [vlan 1] Who's the root and how do I get there?

# show spanning-tree summary Is global portfast/bpduguard configured?

# show running-config interface g1/1 Is portfast/bpduguard configured on this interface?

# show spanning-tree interface g1/1 portfast Is portfast active on this interface?

RSTP

Rapid Spanning Tree Protocol (802.1w) reduces convergence time after a topology change compares to STP.

Command Description

(config)# spanning-tree mode rapid-pvst Change spanning-tree mode to RSTP

Etherchannel (Link Aggregation)


How to set LACP? TODO: Look at modes again

Command Description

(config)# interface range g1/1 - 2 configure g1/1 and g1/2 at the same time

(config-if-range)# channel-group 1 mode {auto, desirable} Add both interfaces to etherchannel 1 (PAgP)

(config-if-range)# channel-group 1 mode {active, passive} Add both interfaces to etherchannel 1 (LACP)

(config-if-range)# channel-group 1 mode on Add both interfaces to etherchannel 1 (Static)

(config)# interface port-channel 1 Configure virtual interface for etherchannel 1

(config-if)# switchport mode trunk Put etherchannel 1 in trunk mode

(config-if)# switchport trunk allowed vlan 10,20,30 Add tagged vlans 10,20,30 on ethercahnnel 1

7 / 26
ccna sheat sheet.md 2025-08-23

Troubleshoot Etherchannel (Link Aggregation)

Command Description

# show interface port-channel 1 Has the combined bandwidth and members as extra info.

# show etherchannel summary Show etherchannel protocols and members as a list

# show etherchannel port-channel 1 Show per member state and stats

Configure a Serial
Layer 1 link speed is dictated by a CSU/DSU, in a lab without an external CSU/DSU a DTE (Data Terminal
Equipment) cable and DCE (Data Communications Equipment) cable are used.

Command Description

(config)# interface serial 1/0 Configure interface serial 1/0

(config-if)# clock rate 128000 Set clock rate on DCE router side to 128 kbps

(config)# show controllers serial 1/0 Verify clock rate for serial interface 1/0

ACLs
#1-#99, #1300-#1999: Standard IPv4 ACL

#100-#199, #2000-#2699: Extended IPv4 ACL

Default mask for standard ACLs: 0.0.0.0

Command Description

Create ACL #23 or append a rule to ACL #23, allow


(config)# access-list 23 permit 1.2.3.4 [0.0.255.255]
1.2.x.x

(config)# no access-list 23 Delete entire ACL #23

(config)# ip[v6] access-list resequence local_only 5 Renumber ACL Rules, put first on #5, increment by
10 10.

(config)# ip access-list {standard, extended} 23 Create ACL and/or enter config mode for ACL #23

(config)# ip access-list {standard, extended} Create ACL and/or enter config mode for ACL
local_only 'local_only'

(config-std-nac1)# permit 10.20.30.0 0.0.0.255 Append rule to standard ACL 'local_only'

(config-std-nac1)# 5 permit 10.20.30.0 0.0.0.255 Append rule to ACL at sequence number 5.

(config-std-nac1)# no <sequence#> Remove rule with sequence# from ACL

(config-ext-nac1)# deny tcp any any

8 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config-ext-nac1)# permit udp host 10.20.30.40 any


lt 1024

(config-ext-nac1)# permit udp host 10.20.30.40 any


eq dns

(config-ext-nac1)# deny udp host 10.20.30.40 any

(config-ext-nac1)# permit ip any any

Interface ACLs

Command Description

(config)# inter g1/1 Enter if-config mode for g1/1

(config-if)# ip access-group 23 out Apply ACL #23 to outgoing packets, not send by the router

(config-if)# ip access-group 42 in Apply ACL #42 to incoming packets

(config-if)# ip access-group
Overwrite the used ACL, only one ACL per if + proto + direction!
local_only in

(config-if)# ipv6 traffic-filter 23 out The v6 syntax of course differs...

# show ip interface g1/1 | incl Show ACLs on g1/1 (When none set shows not set for v4 and
access list nothing for v6)

Troubleshooting ACLs

Command Description

# show [ip[v6]] access-lists Show all configured ACLs

# show access-list 10 Display all rules in ACL #10 and how often they matched.

NAT
Local addresses are any address as it appears inside the network. Global addresses are any address as it
appears outside the network.

Term Definition

inside local IP address assigned to a host inside the network, non-routable

inside global IP address assigned by Network Information Center or ISP, routable

outside local IP address of a remote host as it appears inside the network, non-routable

outside global IP address of a remote host assigned by the host owner, routable

Command Description

9 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config)# int g1/1 Enter if-config mode for g1/1

(config-if)# ip address 1.2.3.4


configure 1.2.3.4/28 on g1/1
255.255.255.240

Packets going out, need to change their src, incoming their


(config-if)# ip nat outside
dest ip.

(config)# int g1/2 Enter if-config mode for g1/2

(config-if)# ip address 10.10.23.1


configure 10.10.23.1/24 on g1/2
255.255.255.0

Packets going out, need to change their dest, incoming their


(config-if)# ip nat inside
src ip.

SNAT

Command Description

(config)# ip nat inside source static 10.10.23.2 SNAT - statically map an internal ip 1:1 to an external
1.2.3.5 ip.

DNAT

Command Description

(config)# access-list 42 permit 10.10.23.0 0.0.0.255 Create an ACL identifying 10.10.23/24

(config)# ip nat pool POOL 1.2.3.5 1.2.3.10 netmask


Create an IP Address Pool for NATing
255.255.255.240

DNAT IPs matching ACL #42 1:1 with IPs from nat
(config)# ip nat inside source list 42 pool POOL
pool 'POOL'.

Note the missing overload.

PAT

The overload keyword means, that one or a couple of external IPs are to be used for multiple internal IPs.
Higher level information like connection port numbers are used to identify the correct internal destination for
incoming packets. Cisco calls this PAT, while this is what your average joes home router would call NAT.

Command Description

(config)# access-list 10 permit 10.10.0.0 0.0.255.255 Create an ACL identifying 10.10/16

(config)# ip nat inside source list 10 interface g1/1 PAT IPs matching ACL #10 many:1 with g1/1s
overload public IP

Troubleshooting NAT
10 / 26
ccna sheat sheet.md 2025-08-23

Command Description

# show ip nat translations Show nat table entries if any

Show translations are actually used and interfaces are marked in/out
# show ip nat statistics
correctly.

# clear ip nat translation {ip,


Clear dynamic translations. Doesn't mess with SNAT!
*}

# debug ip nat [detailed]

Is the ACL correct? Is there a route to the address? Note: NAT Table entries are kept for 24h after the last use
by default.

DHCP Server
Command Description

(config)# ip dhcp excluded-address 10.30.4.1


Don't distribute these IPs in leases
10.30.4.100

(config)# ip dhcp pool PCs Creat and/or enter dhcp config for pool 'PCs'

(dhcp-config)# network 10.30.4.0 /24 define pool addresses

define default-gateway to be distributed in the


(dhcp-config)# default-router 10.2.1.1
leases

(dhcp-config)# dns-server 10.30.4.1

(dhcp-config)# domain-name acme.com

(dhcp-config)# lease lease validity time

Enter interface config mode on client facing


(config)# int g1/1
interface

(config-if)# ip helper-address 192.168.1.1 Relay DHCP Requests to this host

Troubleshooting DHCP

Command Description

# debug ip dhcp server packet

# show dhcp lease Show dhcp lease information

# show ip dhcp pool Show pool size and addresses in use

# show ip dhcp binding Show which mac got which ip

# sh run | section dhcp See if ip dhcp exclude-address / pool stuff is wrong.

# sh run int g1/1 See if ip helper-address is wrong.

11 / 26
ccna sheat sheet.md 2025-08-23

HSRP
Command Description

(config-if)# standby [group-number] ip Join HSRP Group

(config-if)# standby [group-number]


(optional) Set prio of this router.
priority

(config-if)# standby [group-number] (optional) Preempt other routers when this router becomes
preempt active

(config-if)# standby {1,2} (optional) Set HSRP Version

Troubleshooting HSRP

Command Description

# show standby HSRP Groups, their VIPs, state, active router, standby router, preemption.

SLAs
Command Description

Create ip sla test #23 and enter its config


(config)# ip sla 23
mode.

(config-ip-sla)# icmp-echo 1.2.3.4 Define icmp-echo test.

(config-ip-sla)# frequency 42 frequency in seconds.

(config)# ip sla schedule 23 life {forever, seconds} start- Start test #23 now and until manually
time now stopped.

Troubleshooting SLAs

Command Description

# show ip sla configuration Show all configured ip sla configs

# show ip sla statistics Show sla results

Device Management
Command Description

(config)# hostname R1 Set hostname to R1

(config)# enable password Set enable passwort.

(config)# enable secret Same, but with hashing.

(config)# service password-


Very weak encryption of passwords passwords.
encryption
12 / 26
ccna sheat sheet.md 2025-08-23

Command Description

Copy something from flash to tftp. Wizard asks for details. Works
# copy flash0: tftp:
both ways.

# write # copy running-config startup-config

# write erase # erase startup-config

# reload restart the device and load the startup-config

# copy running-config tftp: copy running-config to an tftp server. (interactive)

# copy running-config Merge source config into the running config.

# setup initial configuration dialog

# show version ios, bootloader and hardware infos, uptime, configuration register

# show {running,startup}-config

Firmware Management

Note: flash: is the main flash memory on all iOS devices

Command Description

(config)# boot system flash:filename.bin Boot filename.bin from flash memory.

(config)# boot system


Boot filename.bin from tftp.
tftp://10.20.30.40/filename.bin

(config)# boot system rom Boot ROM monitor as a backup.

Set the 16bit Configuration Register value used after


(config)# config-register 0x2342
reboot.

# show file systems Lists available file systems

# show flash0: List fs content and free space.

License Management

Command Description

# license save flash:licenses.lic Save a copy of all licenses.

# license install flash0:license.xml Install a license.

(config)# license boot module technology-package active a evaluation right-to-use license.

Reboot to activate the package and right to use


# reload
license.

13 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config)# license boot module technology-package


deactive a technology-package.
disable

# reload Reboot without that technology-package.

# license clear Remove license from the license storage.

(config)# no license boot module technology-package Remove the no longer needed line from the
disable config.

# reload I don't even know why this is needed. Fu cisco.

# show license active licenses

technology packe and feature licenses


# show license feature
supported.

product id and serial number needed to order


# show license udi
licenses

Reset Password

Command Description

> confreq Show the configuration register in rom monitor

> confreq 0x2142 Set the configuration register in rom monitor to not load startup-conf

> reset Reboot in rom monitor

# copy startup running

(config)# enable secret foobar Overwrite forgotten password

(config)# config-register 0x2102 Do load startup-config after boot again.

# save

Telnet / Console

Command Description

(config)# banner login "Insert snarky banner." Make sure to include legal terms to sound smart.

(config)# banner motd "Insert snarky


Set Login Banner.
banner."

(config)# line vty 0 4 Enter config mode for vty 0 to 4 (up to 15 allowed).

(config)# line console 0 Enter config mode for the console port

(config-line)# login Require login on telnet/console connection.

(config-line)# password Enable Telnet and set vty login password.

14 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config-line)# access-class 10 in Set ACL to limit inbound IPs allowed to access vty

(config-line)# access-class 42 in Overwrite the used ACL, only one ACL per vty + direction!

(config-line)# exec-timeout 10 Autologout after 10 Minutes

Require login on telnet/console connection via local


(config-line)# login local
users.

(config)# username h.acker secret C1sco123 Create local user with encrypted password.

SSH

Command Description

(config)# hostname Foobar Required to generate SSH keys.

(config)# ip domain-name example.com Required to generate SSH keys.

(config)# crypto key generate rsa modulus 2048 Generate keys like it's 1995! Potentially takes forever.

(config)# ip ssh version 2 Force SSHv2

(config-line)# transport input ssh Force ssh, disable telnet.

# show ip ssh SSH version, timeout time, auth retries..

# show ssh List of active connections

Clock

Command Description

# show clock Show time and date

(config)# clock set 23:50:42 10 Jan 2017 Update clock

(config)# clock timezone EST 0 Update timezone to EST

(config)# ntp server 10.20.30.40 Configure upstream ntp server.

(config)# ntp master [stratum] Enable ntp server.

# show ntp associations ntp connections.

# show ntp status synchronized?, statum, ...

Disable unused services

Command Description

# show control-plane host open-ports Show open ports

(config)# no ip http server Stop the http server (but not https).

15 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config)# no cdp enable Stop CDP

# auto secure

Radius

Command Description

(config)# username password Local backup user.

(config)# aaa new-model Enable aaa services.

(config)# radius server Add and define Radius conf.

(config-radius-server)# address ipv4 [auth-port ] Use this hostname/ip of server.

(config-radius-server)# key Radius PSK

(config)# aaa group server radius Create authentication group.

(config-sg-radius)# server name Using the radius config.

(config)# aaa authentication login group local Allow that group and local users in.

TACACS+

Command Description

(config)# username password Local backup user.

(config)# aaa new-model Enable aaa services.

(config)# tacacs server Add and define TACACS conf.

(config-server-tacacs)# address ipv4

(config-server-tacacs)# [port ]

(config-server-tacacs)# key

(config)# aaa group server tacacs+ Multiple possible.

(config-sg-tacacs+)# server name

(config)# aaa authentication login group local Allow that group and local users in.

Syslog

Command Description

# logging 10.20.30.40 Log to this syslog server (name or ip)

# logging trap informational Only log messages with min. informational sev.

16 / 26
ccna sheat sheet.md 2025-08-23

service sequence-number | Needed for seqence number in syslog messages service time stamps log
[datetime, log] | Needed for date and time in syslog messages

Command Description

# show logging syslog status, local logging buffer

SNMP

Command Description

(config)# snmp-server contact [email protected] Contact email

(config)# snmp-server location RZ-Hamburg Where is the device

(config)# snmp-server community [ro, rw] Add community

(config)# snmp-server host 10.20.30.40 SNMP notifications recipient

Command Description

# show snmp community

# show snmp location

# show snmp contact

# show snmp host

CDP - Cisco Discovery Protocol

Command Description

# [no] cdp run Enables cdp globaly and on all interfaces (default)

# (config-if)# [no] cdp enable Enable cdp on an interface

# show cdp neighbors [detail] List connected cisco devices (name, local/remote port, [ip] ..)

# show cdp entry *

LLDP - Link Layer Discovery Protocol

Command Description

# [no] lldp run Enables lldp globaly and on all interfaces

(config-if)# [no] lldp transmit Enable lldp packet transmission on interface

(config-if)# [no] lddp receive Enable lldp packet reception on interace

PPP
Command Description

17 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config)# username fnord password pass Create users for pap auth.

(config)# inteface S0/0/0

(config-if)# clock rate 125000 Baud rate. Only on DCE cable!

Logical speed used for routing cost calc,


(config-if)# bandwidth 125
RSVP...

(config-if)# encapsulation ppp Default is HDLC

(config-if)# ppp authentication pap Require remote to authenticate via pap

(config-if)# ppp pap sent-username fnord password


Authenticate to remote pap
pass

Required for CHAP, used as chap client


(config)# hostname routy1
username

(config)# username routy2 password foobar Create users for chap auth for routy2

(config)# inteface S0/0/0

(config-if)# no ppp authentication pap Remove in favor of chap

(config-if)# no ppp pap sent-username fnord password


Remove in favor of chap
pass

(config-if)# ppp authentication chap Require remote to authenticate via chap

Note: When routy1 connects to routy2 it looks in it's local user database for a user named routy2 and uses
that users password. This means the passwords have to be the same on both sides and the usernames must
be the other sides hostname.

Troubleshooting PPP

Command Description

# show controllers S0/0/0 interface, connected type of cable, clock rate

# show interfaces encapsulation, logical bandwidth

# show ppp all session state, auth type, peer ip and name

# debug ppp authentication

MLP

Command Description

(config)# interface Multilink23 Create and configure virtual if

(config-if)# ip address 10.20.30.40 255.255.255.0

18 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config-if)# ppp multilink Enable mlp

(conifg-if)# ppp multilink group 23 Make phys ifs with mlp #23 join.

(config)# interface s0/0/0 Configure phys ifs

(config-if)# no ip address Remove ip addrs.

(config-if)# encapsulation ppp

(config-if)# ppp multilink

(config-if)# ppp multilink group 23 Join mlp group #23.

Troubleshooting MLP

Command Description

show ppp multilink Physical IFs,

PPPoE

Command Description

(config)# interface Dialer23 Create and configure virtual dialer interface.

(config-if)# ip address negotiated Get IP via PPP/IPCP

(config-if)# encapsulation ppp

(config-if)# dialer pool 23 The dialer interface is a member of one dialer pool...

(config)# interface s0/0/0

(config-if)# no ip address

(config-if)# pppoe-client dial-pool-number 23 ... the pool is a group of one or more physical interfaces.

Troubleshooting PPPoE

Command Description

# show ip interface brief is the dialer if up? Does the dialer have an IP via IPCP?

# show pppoe session Are PPPoE sessions established? Which ports.

GRE
Note: We can run OSPF and other routing protocols through this gre tunnel, as gre supports multicast.

Command Description

(config)# interface tunnel23

19 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config-if)# ip address 192.168.1.1 255.255.255.0 transit net

(config-if)# tunnel source 10.20.30.40 local, can be linklocal

(config-if)# tunnel destination 6.5.4.3 remote, can be linklocal

tunnel mode gre ip ip mtu

Troubleshooting GRE

Command Description

# show ip interface brief tunnel23 Line hould be up, given a route to the destination.

# show inteface tunnel23 Tunnel source, dest, protocol

# show ip route Should include the transit net as directly connected.

RIPv2
Command Description

(config)# router rip Enable RIP and enter it's config mode

(config-router)# version 2 Set RIPv2, which is Classless

(config-router)# network 192.168.0.0 Advertise connected networks which are within .

(config-router)# network 0.0.0.0 Advertise all connected networks.

(config-router)# timers basic

(config-router)# no auto-summary Don't summarize a smaller subnet route in a bigger one.

(config-router)# passive-interface g1/1 Don't send RIP updates out this interface

(config-router)# passive-interface default Don't send RIP updates on any if by default

(config-router)# no passive-interface g1/2 Overwrite passive-interface default

(config-router)# default information originate Advertise the default route.

(config-if)# no ip rip advertise 123

Troubleshooting RIPv2

Command Description

# show ip[v6] protocols Show rip timers, interfaces, networks,

# show ip rip database Routes learned by rip, used to combile the routing table

# show ip route Show learned routes

# clear ip route * Get rid of all routes

20 / 26
ccna sheat sheet.md 2025-08-23

EIGRP
Note: The network command enables any interface with an ip in that net to send and receive EIGRP updates.
Also it enables routes to this nets to start beeing advertised.

Command Description

# show run &#124 section eigrp Show EIGRP settings.

# show interfaces g1/1 Show configured/default bandwith and delay.

(config-if)# bandwidth Overwrite bandwidth used for eigrp metric.

(config-if)# delay Overwrite deplay used for eigrp metric.

(config)# router eigrp 23 Add and conf EIGRP AS#23

(config-router)# network 10.20.30.0 0.0.0.255 Announce routes to 10.20.30.0/24

(config-router)# no shutdown On some iOS versions it's off by default.

(config-router)# [no] eigrp router-id Defaults to highest loopback ip

(config-router)# [no] passive-interface g1/2 Disable EIGRP here. Ignore incoming pkgs.

(config-router)# [no] passive-interface default Disable EIGRP on all ifs by default.

(config-router)# maximum-paths Default 4, must match, number of loadbalanced paths.

(config-router)# variance 4 Default 1, Max 4:1 variance for unequal lb.

(config-router)# no auto-summary Don't summarize a smaller subnet route in a big one.

# show ip[v6] eigrp neighbors Neighbor addr, if, hold time, uptime, queued pkgs

# show ip[v6] eigrp interfaces [if-name] If, Number of peers, pending routes, queued pkgs

# show ip[v6] route [eigrp] Routes starting with D were learned via EIGRP

# show ip[v6] eigrp topology [all-links] Topology table, as#, router-id

EIGRP with ipv6

Command Description

(config)# ipv6 unicast-routing Enable v6 routing on the router

(config)# ipv6 router eigrp 23 Configure eigrp as #23

(config-rtr)# no shutdown Enable this eigrp routing process.

(config-if)# [no] ipv6 eigrp 23 Enable eigrp with ipv6 for as #23 on this if.

OSPF
cost = reference bandwidth / interface bandwidth

The default reference bandwith is 100Mbps. Everything faster has a cost of 1.


21 / 26
ccna sheat sheet.md 2025-08-23

Command Description

(config)# router ospf 1 1 is the pid, not the area.

Defaults to highest IPv4 on lo, then other


(config-router)# router-id 1.2.3.4
ifs.

enable interfaces for ospf with matching


(config-router)# network 10.20.30.0 0.0.0.255 area 0
IPs

(config-router)# (no) passive-interface g1/1 Stop in- and egress ospf hello packets.

(config-router)# passive-interface default Mark all ifs passive by default.

Advertise default routes into a normal


(config-router)# default-information originate (always)
area

(config-router)# auto-cost reference-bandwidth <refbw in


Change reference bandwidth speed
Mb/s>

(config-if)# ip ospf cost 23 Overwrite interface cost to 23

(config-if)# bandwidth <bw in kb/s> Change interface bandwidth

Router Types

Term Definition

Internal Router All OSPF interfaces in one area

Backbone Router Has one or more OSPF interfaces in the backbone

Has at least one interface in the backbone area and at least one in
Area Boundary Router (ABR)
another area

Autonomous System Boundary Injects routes into OSPF via redistribution from other routing
Router (ASBR) protocols

OSPF with ipv6 (OSPFv3)

Command Description

(config)# ipv6 unicast-routing

(config)# ipv6 router ospf

(config-router)# router-id Required if we don't have any v4 addrs configured.

(config-if)# ipv6 ospf area Required for OSPFv3.

The networks command does not exist, non mentioned commands are the same.

Troubleshooting OSPF

Command Description

22 / 26
ccna sheat sheet.md 2025-08-23

Command Description

# show run | sect ospf

# show ip(v6) protocols Other protocols with lower AD?

# show ipv6 ospf reference bandwidth, router id, networks, interface per area

# show ip(v6) ospf neighbor neighbor IDs, IPs and via interface.

# show ip(v6) ospf neighbor detail dr, bdr, timers, ...

# show interface brief admin down? link?

# show ip(v6) ospf interface brief ospf enabled interfaces

# show ip(v6) ospf interface g1/1 ospf related infos for g1/1, passive?

# show ip(v6) route (ospf) ospf routes are marked O, show route ad and cost

BGP
Note: In other routing protocols the network statement is used to determin the interfaces over which the
protocol should talk to its neighbors. In BGP it indicates only which routes should be advertised to the BGP
neighbors. The network needs to match an exact route in the routing table or it will still not be announced.

Command Description

(config)# router bgp Create routing process.

(config)# neighbor remote-as BGP does not auto discover neighbors.

(config)# network [mask ] Advertise this network.

Command Description

# show run | sect bgp

# show ip bgp summary neighbors IPs, ASs and session states, bgp version

# show ip bgp neighbors [peer-ip] tcp sessions and timers, bgp parameters

# show ip bgp routing infos received from all peers

CLI
Default Behavior

Here I'll collect crazy default behaviors and how to fix them, I guess..

Command Description

(config)# no ip domain-lookup Don't try to telnet unknown single word commands

Modes

23 / 26
ccna sheat sheet.md 2025-08-23

Mode Prompt enter

User > N/A

Exec # > enable

Config (config)# # configure terminal

Interface (config-if)# (config)# interface g1/0

Line (config-line)# (config)# line vty 0 4

DHCP (dhcp-config)# (config)# ip dhcp pool Foobar

Filters

Name Function

include hostname find a line including 'hostname'

section interface find a section including 'interface'

begin interface Show remaining config starting with the first line containing 'interface'

exclude ! exclude all line containing ! (comments)

Navigation

Sequence Function

Ctrl-Shfit-6 Kill many commands

Ctrl-Shift-6 x Move telnet session to background

Esc-B Ctrl-Left arrow

Esc-F Ctrl-Right arrow

Ctrl-R Redraw the current line

Ctrl-U Erase line

Ctrl-W Delete the word left of the cursor

Ctrl-C Drop back to Exec, does not kill processes..

Ctrl-A Move Cursor to the beginning of the line

Ctrl-E Move Cursor to the end of the line

Tab Autocompletion

? Help, can be entered mostly everywhere

Packet Types
Ethernet Frame

24 / 26
ccna sheat sheet.md 2025-08-23

Field
Field Description
Length

Preamble 8 bytes Alternating 1s and 0s used to synchronize

Destination MAC (DA) 6 bytes MAC of recipient

Source MAC (SA) 6 bytes MAC of sender

Optional vlan tag. Starts with 0x8100 to mark 802.1Q mode in


802.1Q tag (optional) 4 bytes
type location.

Type or Length 2 bytes Layer three type OR length if smaler then 1536 bytes.

46 - 1500
Data Payload
bytes

Frame check sequence


4 bytes 32 bit CRC Checksum
(FCS)

IPv4 Header

Field Field Length Description

Version 4 bits IP Version, always four

Internet Header Length (IHL) 4 bits Length of the header

Service Type 8 bits Desired QOS information (DSCP and ECN)

Total Length 2 bytes Packet length, including this header

Identification 2 bytes A unique ID

Flag 3 bits fragmentation behaviour

Fragment Offset 13 bits

TTL 1 byte TTL, decreased by every router by one.

Protocol 1 byte Layer four type

Header Checksum 2 bytes

Options (optional) 16 bytes

Padding max. 31 bits Pad to the nearest 32 bit boundary

TCP Segment

Field
Field Description
Length

Source Port 2 bytes

Destination Port 2 bytes

25 / 26
ccna sheat sheet.md 2025-08-23

Field
Field Description
Length

Squence Number 4 bytes Unique Number for this Segment

Acknowledgement Next expected sequence number, acknowledge all prior


4 bytes
Number Segments.

Header size in multiples of 4 bytes, sometimes also called Data


Header Lenght 4 bits
Offset.

Reserved 3 bits N/A

Control Flags like SYN, ACK, FIN, RST and Flags for congestion
Flags 9 bits
control.

Window size 2 bytes bytes sender is currently willing to receive

Checksum 2 bytes Header Checksum

Points to the last 'urgent' byte in the Segment, used when URG
Urgent Pointer 2 bytes
flag is set.

Options 0 - 320 bits The Size is determined by Header length. TODO:

Data variable

UDP Segment

Field Field Length Description

Source Port 2 bytes

Destination Port 2 bytes

Length 2 bytes Length of the whole Segment

Checksum (optional) 2 bytes Checksum of the whole Segment

Data variable

To Sort and Misc


Command Description

# telnet 1.2.3.4 23 Telnet to 1.2.3.4 using port 23

# disconnect Disconnect background telnet session

# ssh -l h.acker 1.2.3.4 SSH to 1.2.3.4 using h.acker user

(config-if)# duplex {full, auto} Set duplex mode or set it to autonegotiation.

(config-if)# speed {100, auto} Set speed or set it to autonegotiation.

26 / 26

You might also like