Last Updated 16.10.2016
My little Cisco IOS Helper. A CheatSheet for forgetful people.
Show
Show config
show run
Show Switch Model and IOS Version
show version
Show interfaces with status up
sh ip int bri | inc up
Show Port VLAN assignment
show vlan brief
Show Trunk Interfaces
show interfaces trunk
Show Interface information
show interface description
sh int des
Show interface information
show run int Gi1/0/1
Administration
Switch to privileged mode
enable
Switch to configure terminal mode
We need to be in privileged mode
configure terminal
config t
Descend menu, go back one step
exit
Config save
write mem
Interfaces
Configure Interface
interface Gi1/0/25
int Gi1/0/25
Change interface to access port, set vlan
switchport access vlan 3
Change interface to access port
switchport mode access
Change interface to trunk
switchport mode trunk
Change interface description
description *** My Interface ***
Configure Trunk Interface
- Edit the interface you would like to use as a trunk Interface.
- Add Encapsulation
switchport trunk encapsulation dot1q
- Change the mode
switchport mode trunk
- Add Vlans to the trunk
switchport trunk allowed vlan 2,3
Remove/Undo Settings
- Setting can be undone quite easily. Example Settings:
switchport trunk allowed vlan 22, 24
-
copy the value you would like to remove
-
Configure the interface
-
write no a blank and paste the previous copied setting
no switchport trunk allowed vlan 22,24
- Setting is now removed from the interface
VLAN
Create a new VLAN
conf t
vlan VLANNUMBER
name VLANNAME
exit
SNMP
v3 config
snmp-server group GROUPNAME v3 priv access ACCESSLISTNAME
snmp-server user USERNAME GROUPNAME v3 auth md5 AUTHPASS priv aes 128 PRIVPASS
I use md5 for authentication and aes 128bit for encryption. There ar more settings possible. see here.
Access Control List
Show all ACL
show ip access-list
Show ACL per Interface
show ip access-list interface INTERFACENAME
your get the name bye executing sh int des
Add entry to ACL List
ip access-list standard NAMEOFACCESSLIST
permit IP
ip access-list standard NAMEOFACCESSLIST
permit IP NETMASK(REVERSE)
Remove an enytry
ip access-list standard NAMEOFACCESSLIST
no permit IP
First we select the specific ACL. Then we remove the entry
Renumber the existing entries
ip access-list resequence NAMEOFACCESSLIST 10 20
Starting at number 10 increment by 20
Remove entire ACL
no ip access-list standard NAMEOFACCESSLIST
Here is a good webpage which explains it a little bit better.
Errors
Add Trunk, rejected
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Make sure you enabled the encapsulation dot1q