liminfo

Cisco IOS Reference

Free reference guide: Cisco IOS Reference

26 results

About Cisco IOS Reference

The Cisco IOS Reference is a searchable quick reference for network engineers, CCNA/CCNP candidates, and IT administrators who work with Cisco routers and switches daily. The Basic Commands section covers the IOS privilege hierarchy — User EXEC, Privileged EXEC (enable), and Global Configuration mode (configure terminal) — along with the essential show running-config, copy running-config startup-config (write memory), and show ip route commands that are the first tools any engineer reaches for when diagnosing a network.

The Interface and Routing sections cover the full lifecycle of a routed interface: entering interface configuration with interface GigabitEthernet0/0, assigning primary and secondary IP addresses, activating with no shutdown, adding descriptions, and verifying state with show interfaces and show ip interface brief. For routing, the reference covers static routes (including default routes via 0.0.0.0/0), OSPF process configuration with network statements and router-id, BGP AS configuration with neighbor remote-as and network advertisements, and route redistribution between protocols with the redistribute command.

The Switching and Security sections address VLAN creation and naming, access port assignment with switchport access vlan, trunk port configuration with allowed VLANs and native VLAN, Spanning Tree Protocol mode selection (rapid-pvst) and root bridge priority tuning, MAC address table inspection, and port security with sticky MAC learning and shutdown violation mode. The ACL section covers numbered standard ACLs (1–99), numbered extended ACLs (100–199), and named extended ACLs with ip access-list extended, plus how to apply them inbound or outbound on interfaces with ip access-group. This reference is indispensable for CCNA/CCNP exam preparation and daily network operations.

Key Features

  • IOS privilege modes: User EXEC, Privileged EXEC, Global Config, Interface Config
  • show running-config, show ip route, show interfaces with abbreviated forms (sh run)
  • Static routing including default route 0.0.0.0 0.0.0.0 and next-hop configuration
  • OSPF process setup with network wildcard, area 0, and router-id assignment
  • BGP AS configuration with neighbor remote-as and network advertisement
  • VLAN creation, access/trunk port modes, native VLAN, and SVI (interface vlan)
  • Spanning Tree rapid-pvst mode with root primary and manual priority tuning
  • Standard, extended, and named ACLs with ip access-group inbound/outbound

Frequently Asked Questions

What is the difference between Privileged EXEC mode and Global Configuration mode in Cisco IOS?

Privileged EXEC mode (Router#) is entered with the enable command and allows you to view the full running configuration and execute diagnostic commands like show and debug. Global Configuration mode (Router(config)#) is entered with configure terminal from Privileged EXEC and allows you to make persistent changes to the device configuration such as adding routes, creating VLANs, and configuring interfaces.

How do I save the running configuration so it persists after a reboot?

Use copy running-config startup-config (or the shorthand write memory). The running-config lives in RAM and is lost on power cycle. The startup-config is stored in NVRAM and is loaded on boot. Always save after making changes. On modern IOS, you can also use copy running-config tftp to back up to a TFTP server.

What is the difference between a standard ACL and an extended ACL?

Standard ACLs (numbered 1–99 or 1300–1999) match only on the source IP address. They should be placed as close to the destination as possible. Extended ACLs (numbered 100–199 or 2000–2699) match on source IP, destination IP, protocol (TCP/UDP/ICMP), and port numbers, giving much finer control. Extended ACLs should be placed as close to the source as possible to drop traffic early and reduce unnecessary load.

What is the difference between switchport mode access and switchport mode trunk?

Access mode assigns a port to a single VLAN and carries untagged frames for that VLAN only. It is used for end devices like PCs and servers. Trunk mode carries traffic for multiple VLANs using 802.1Q tagging, where each frame is tagged with the VLAN ID except for frames belonging to the native VLAN. Trunk ports connect switches to other switches or to routers performing inter-VLAN routing.

What is the purpose of the native VLAN on a trunk port?

The native VLAN on an 802.1Q trunk is the VLAN whose frames are sent untagged. By default it is VLAN 1. The native VLAN must match on both ends of a trunk link, or frames will be misassigned. As a security best practice, it is recommended to change the native VLAN to an unused VLAN (e.g., VLAN 99) to prevent VLAN hopping attacks that exploit the untagged native VLAN behavior.

How does OSPF determine the router-id?

OSPF selects the router-id using the following priority: (1) manually configured with router-id in the OSPF process, (2) highest IP address on any active loopback interface, (3) highest IP address on any active non-loopback interface. The router-id is chosen at process startup and does not change unless the OSPF process is reset with clear ip ospf process. Manually configuring the router-id is best practice for predictable behavior.

What does redistribute connected do in OSPF?

redistribute connected under the OSPF process injects all directly connected subnets (C routes in the routing table) into OSPF as external Type 2 (E2) routes. This is needed when an interface is not covered by an OSPF network statement but you still want remote routers to learn the subnet via OSPF. The subnets keyword is required when redistributing classful networks that have been subnetted.

How does port-security mac-address sticky work?

When sticky learning is enabled with switchport port-security mac-address sticky, the switch dynamically learns the MAC addresses of devices connecting to the port and adds them to the running configuration as if they were statically configured. If you save the running config with write memory, those learned addresses persist across reboots. If a device with a MAC address not in the secure list connects, the port takes the configured violation action (shutdown, restrict, or protect).