Every CCNA command you actually need, grouped the way you use them, on one page you can keep open while you lab. This is the reference I reach for when configuring a device from scratch or troubleshooting one that will not behave, covering the IOS commands that come up across the whole 200-301 blueprint: device setup, interfaces, VLANs, routing, OSPF, verification, and the security basics.
These are the commands I keep coming back to while labbing the CCNA topics; all run on Cisco IOS 15.x and are current as of June 2026.
Basic device setup
The first commands on any fresh switch or router. Most run from global configuration mode after enable then configure terminal.
| Command | What it does |
|---|---|
enable | Enter privileged EXEC mode |
configure terminal | Enter global configuration mode |
hostname R1 | Set the device name |
enable secret cisco123 | Set an encrypted privileged-mode password |
service password-encryption | Encrypt plaintext passwords in the config |
banner motd # text # | Set a login banner |
line console 0 | Enter console line config (then login, password) |
line vty 0 4 | Enter the virtual terminal lines for remote access |
no ip domain-lookup | Stop the device treating typos as DNS lookups |
Interfaces and IP addressing
Bringing an interface up and giving it an address. Remember a router interface is shut down by default, so no shutdown is the line people forget.
| Command | What it does |
|---|---|
interface GigabitEthernet0/0 | Enter interface configuration mode |
ip address 10.0.0.1 255.255.255.0 | Assign an IPv4 address and mask |
no shutdown | Enable the interface (bring it administratively up) |
description LINK TO SW1 | Label the interface |
interface range Gi0/1 - 2 | Configure several interfaces at once |
ipv6 address 2001:db8::1/64 | Assign an IPv6 address |
ipv6 unicast-routing | Enable IPv6 routing (global, off by default) |
show ip interface brief | One-line status and IP of every interface |
VLANs and trunking
Switch-side configuration. Access ports carry one VLAN to a host; trunks carry many between switches.
| Command | What it does |
|---|---|
vlan 10 | Create VLAN 10 and enter VLAN config |
name SALES | Name the VLAN |
switchport mode access | Set the port as an access port |
switchport access vlan 10 | Assign the access port to VLAN 10 |
switchport mode trunk | Set the port as an 802.1Q trunk |
switchport trunk allowed vlan 10,20 | Limit which VLANs the trunk carries |
show vlan brief | List VLANs and their assigned ports |
show interfaces trunk | Show trunk ports, native VLAN, allowed VLANs |
Switching: MAC table and spanning tree
| Command | What it does |
|---|---|
show mac address-table | Show learned MAC-to-port mappings |
show mac address-table dynamic | Show only dynamically learned entries |
show spanning-tree | Show STP state, root bridge, and port roles |
show spanning-tree vlan 10 | STP details for one VLAN |
spanning-tree portfast | Skip STP listening/learning on an access port |
IP routing and static routes
| Command | What it does |
|---|---|
ip routing | Enable IPv4 routing on a Layer 3 switch |
ip route 192.168.2.0 255.255.255.0 10.0.0.2 | Add a static route via a next hop |
ip route 0.0.0.0 0.0.0.0 10.0.0.2 | Add a default route |
show ip route | Show the full routing table |
show ip route static | Show only static routes |
OSPF
Single-area OSPF, the routing protocol the CCNA leans on. The wildcard mask is the inverse of the subnet mask.
| Command | What it does |
|---|---|
router ospf 1 | Start OSPF process 1 and enter router config |
network 10.0.0.0 0.0.0.255 area 0 | Advertise a network into OSPF area 0 |
router-id 1.1.1.1 | Set a stable OSPF router ID |
passive-interface Gi0/1 | Stop OSPF hellos on an interface (no neighbors there) |
show ip ospf neighbor | Show OSPF adjacencies and their state |
show ip protocols | Show running routing protocols and networks |
Verification and show commands
The commands you live in. When something is wrong, half the answer is in show running-config and show ip interface brief.
| Command | What it does |
|---|---|
show running-config | Show the active configuration in memory |
show startup-config | Show the saved configuration in NVRAM |
show version | IOS version, uptime, model, and the config register |
show interfaces | Full interface stats including error counters |
show interfaces status | Per-port link, duplex, speed, and VLAN |
show cdp neighbors | Discover directly connected Cisco devices |
show cdp neighbors detail | Add neighbor IP and IOS version |
Troubleshooting
| Command | What it does |
|---|---|
ping 10.0.0.2 | Test reachability to a host |
traceroute 10.0.0.2 | Show the hop-by-hop path to a host |
show ip interface brief | Spot down or unaddressed interfaces fast |
terminal monitor | See log and debug output over an SSH session |
debug ip ospf events | Watch OSPF activity live (turn off with no debug all) |
no debug all | Stop all debugging |
Security: SSH, ACLs, and port security
The gotcha with SSH is that it needs a hostname, a domain name, and an RSA key before the device will generate one.
| Command | What it does |
|---|---|
ip domain-name example.com | Set the domain (required before key generation) |
crypto key generate rsa | Generate the RSA key pair for SSH |
ip ssh version 2 | Force SSH version 2 |
transport input ssh | Allow only SSH on the VTY lines |
access-list 10 permit 10.0.0.0 0.0.0.255 | Standard numbered ACL entry |
ip access-list extended WEB | Create a named extended ACL |
switchport port-security | Enable port security on an access port |
switchport port-security maximum 2 | Limit the port to two learned MACs |
Save and manage the configuration
The single most important habit: save before you walk away. An unsaved config is gone on the next reload.
| Command | What it does |
|---|---|
copy running-config startup-config | Save the active config to NVRAM |
write memory | Older shorthand for the same save |
reload | Restart the device |
show flash | List files (including the IOS image) in flash |
erase startup-config | Wipe the saved config (factory reset on reload) |
Keep this open while you work through the labs and the commands stick faster than memorising them cold. When you want the why behind any of these, the CCNA 200-301 study roadmap links the full hands-on guide for every topic, and the Domain 1 practice test checks whether the fundamentals have stuck.
