Open In App
Related Articles

CCNA Cheatsheet

Like Article
Save Article
Report issue

A CCNA certification proves you have the competencies needed to navigate an ever-changing IT landscape. CCNA exams cover network fundamentals, IP services, security fundamentals, automation, and programmability. Designed for agility and versatility, CCNA proves you have the skills needed to manage and optimize today’s most advanced networks. CCNA training courses and exams are the foundation for advancing your career in any direction. A Cisco certification is living proof of the standards and rigor your organization recognizes and trusts to meet and exceed market demands. Here is a cheat sheet for CCNA Examination.

Network Fundamentals:

Networking Devices Used in CCNA: 

Names of devices use in CCNADescription

A router is a network device that forwards data packets between computer networks. A router receives a packet from an input port, checks its header, performs  basic functions such as checksum checking, looks up the appropriate output port’s routing table, drops the packet, and so on. Forward the packet to the output port.


A switch is a network device used to divide a network into different subnets called subnets or LAN segments. Filters and forwards packets between LAN segments based on MAC address. A switch establishes a temporary connection between a source and destination for communication and terminates the connection when the conversation ends. It also provides full bandwidth for network traffic going to and from devices at the same time, reducing collisions.


A firewall is a hardware or software-based network security device that monitors all incoming and outgoing traffic and accepts, denies, or drops specific traffic based on a defined set of security rules.


Intrusion prevention systems are also known as intrusion detection and prevention systems. This is a network security application that monitors network or system activity for malicious activity. The main function of an intrusion prevention system is to identify malicious activity, collect and report information about that activity,  and attempt to block or stop it.

Access points

This is a network device that allows your device to connect to a wired network.  Access points are used to build WLANs (Wireless Local Area Networks). It is commonly used in large offices and buildings with growing businesses.


the network controller is a centralized programmable automation point that enables you to manage, configure, monitor, and troubleshoot your virtual network infrastructure, in addition to manually configuring network devices. An extensible server role that provides Run the service. It acts as an interface between your store and your network infrastructure.


Endpoint Security Control is a software technology that facilitates the recognition and operation of personal laptops to gain access to the corporate community. This allows community admins to restrict positive websites to specific customers, thus adhering to their organization’s rules and requirements regarding the additive in question. Endpoint security control structures include digital private VPN clients, operating systems, and up-to-date antivirus software.


Servers are computers dedicated to a specific purpose, and unlike desktop computers, these computers are built to be durable, long-lived, and long-running compared to desktop PCs.

Network Topology Architectures:

Characteristics of network topologyDescription

LAN stands for Local Area Network. This is a computer network that covers a relatively small area. B. Inside a building or campus up to several kilometers in size.


MAN stands for Metropolitan Area Network. It is a computer network that connects many LANs into a larger network so that computer resources can be shared. This type of network covers a larger area than a LAN but is smaller than a WAN  designed to span an entire city.


WAN stands for Wide Area Network. It is a computer network consisting of two or more LANs or MANs covering a large geographical area.


A spine-leaf architecture is a data center network topology that consists of two switching layers: spine and leaf.

Small office/home office (SOHO)

SOHO stands for Small Office/Home Office Network. Today, many aspiring entrepreneurs and small business owners prefer to work from home or maintain a small office.

Cloud storage

Cloud storage simply stores data over the internet on cloud-based servers. Once your data is stored in the cloud, you can access it anywhere over the internet from multiple devices.

Physical Interface and Cabling Types:

Interfaces and cablingDescription
Single-mode fiber cable

SMF (Single-Mode Fibers) are fiber cables designed to carry only single-mode light, which is the transverse mode. They are used for long-distance transmission of signals.

multi-mode fiber cable

Multimode fiber optic cable is a type of fiber optic cable that transmits data through a larger diameter core, allowing the average single-mode transceiver to carry multiple modes of light.

copper wire

Copper cables use electrical signals to transmit data between networks. There are three types of copper cable: coaxial cable, unshielded twisted pair, and shielded twisted pair. Coax degrades over long distances


Ethernet is the most widely used LAN technology defined by the IEEE 802.3 standard. The reason for its wide applicability is that Ethernet is easy to understand, easy to implement and maintain, and enables inexpensive network implementation. Additionally, Ethernet offers flexibility in terms of allowed topologies.


Power Over Ethernet (POE) is a technique used for building wired Ethernet local area networks (LANs) which use Ethernet data cables instead of normal electrical power cords and wiring to carry the electrical current required to operate each device.

IP Addressing:

Classes of IP Addresses:

ClassFirst 5 bits in binaryFirst Octet range
A0xxxx0-127 (actually 1-126 because 0 and 127 are reserved

Reserved IP Addresses:

AddressWhat it representsWhere can it be used
Network address of all 0s

Stands for “this network”. For example,

Send a broadcast message to the network.

Network address of all 1s

Represents “all networks”.

Send a broadcast message to all networks.

Node address of all 0s

Represents a network address or all hosts on a network. Example or

Routers route traffic based on network addresses.

Node address of all 1s

It represents all hosts on the network and is also called the broadcast address. Example or

Used to send broadcasts to all hosts on the network.

Entire address of 0s

Stands for “any network”.

Used by routers to set a default route.

Entire IP set to all 1s.

Stands for all hosts in network.

Used to deliver/broadcast messages

Stands for loopback address which is essentially the host itself

Send traffic from the host to itself. Use this address in your browser to connect to the web server running on the host itself.

Valid Hosts Addresses in Each Subnet:

Network AddressValid Host addressesBroadcast Address – 30192.168.10.31 – 62192.168.10.63 – 94192.168.10.95 – 126192.168.10.127 – 158192.168.10.159 – 190192.168.10.191 – 222192.168.10.223 – 254192.168.10.255

Variable Length Subnet Mask (VLSM):


Troubleshooting IP Addressing:

Packet Internet Grouper (PING)

Ping is one of the most commonly used utilities for troubleshooting addressing and connectivity problems. This utility is available for most operating systems, including Cisco devices, and can be accessed through the command line interface using the ping command. Checks if the target host is up using the ICMP protocol.


Traceroute is another popular utility  available on all operating systems. On some operating systems, the utility can be accessed using the tracert or traceroute commands in the CLI. It is used to find each hop between a source host and a destination host, helping to see the path taken by a packet.

IP config

On Windows machines, all this information is displayed in the output of the ipconfig /all command. On Unix-based systems, this information can be viewed using the ifconfig command.

ARP Tables

This table contains the MAC and IP address associations learned by the system. On most operating systems, the ARP table can be viewed with the arp –a command. On  Cisco devices, you can view the arp table  using the show ip arp command.

Port Security:

Switches learn MAC addresses as frames are forwarded through switch ports. Port security allows you to limit the number of MAC addresses that can be learned on a port, configure static MAC addresses, and set penalties if that port is used by unauthorized users. Users can restrict, shutdown, or protect port security commands.

(config-if)# switchport mode {access, trunk}                     Null
(config-if)# [no] switchport port-securityTo disable port-security
(config-if)# switchport port-security maximum 1Max no. of allowed MACs.
(config-if)# switchport port-security mac-address 1234.5678.9abcTo allow a MAC on this port.
(config-if)# switchport port-security mac-address stickyTo allow learning of connected macs until MAC Address reached.
(config-if)# switchport port-security violation shutdownTo shutdown port when other device gets connected.
(config-if)# shutdown (config-if)# no shutdownenable again if after port-security violation.
(config)# errdisable recovery cause psecure-violationenable again if automatically after problem is fixed.
(config)# errdisable recovery interval 42Recheck every 42 seconds.

Port-Security Terms of Violation:

protectTo Drops packets with no alert
restrictTo Drops packets and increment security-violation count
shutdownTo Shuts down the port (default)

Troubleshooting Port Security:

# show port-security [interface g1/1]port status, violation mode, max/total MACs,…
# show port-security addressSecure MACs on ports.
# show errdisable recoveryCheck if auto recovery is enabled. Disabled by default.

Configure VLANs:

Virtual LAN (VLAN) is a concept that allows devices to be logically partitioned at layer 2 (data link layer). Layer 3 devices typically share a broadcast domain, but the concept of VLANs can be used to divide the broadcast domain with switches.

Layer2 Switch VLAN Config:

(config)# [no] vlan 23To [delete vlan or] create vlan and enter config-vlan mode
(config-vlan)# name TelephoneSanitizerName this vlan TelephoneSanitizer
(config)# int g1/1                                     NULL
(config-if)# switchport mode accessMake frames out this port untagged
(config-if)# switchport access vlan 23                                     NULL
(config)# int g1/2                                     NULL
(config-if)# switchport mode trunkMake frames out this port tagged by default
(config-if)# switchport trunk encapsulation dot1qSometimes the default is ciscos old isl.
(config-if)# switchport trunk native vlan 256Except for vlan 256, which is still untagged.
(config-if)# switchport nonegotiateDisable DTP

Layer3 Switch VLAN Config:

(config)# interface VLAN 23enter interface config mode
(config-if)# IP address device IP in VLAN 23
(config-if)# no shutdownvirtual interfaces are disabled by default
(config-if)# int g                                     NULL
(config)# no VLAN 23delete VLAN 23

Router (on a Stick) VLAN Config:

(config)# interface g1/1.10Create subinterface g1/1.10 on g1/1
(config-subif)# encapsulation dot1q 10enable IEEE 802.1Q VLAN tagging with VLAN 10 on the subinterface
(config-subif)# ip address                                     NULL
# show vlansShow VLANs and their trunk interfaces

Troubleshoot VLANs on a Switch:

# show vlan [{id 23, name TelephoneSanitizer}] [brief]Show VLAN settings for all switch ports
# show interfaces g1/1 switchportVerify mode and VLAN of g1/1
# show interfaces g1/1 trunkShow trunk settings and state
# show run interface VLAN 1A quick way to search the running config.
# show interface statusShow trunk mode/access VLAN
# show dtp interface g1/1Show current DTP mode for g1/1


(config)# vtp mode [server, client, transparent]
(config)# vtp domain
(config)# vtp password
(config)# vtp pruning

STP (Spanning Tree Protocol):

Spanning Tree Protocol (STP) prevents frame loops by putting interfaces on a switch into a forwarding or blocking states.

(config)# spanning-tree vlan 1 root {primary, secondary}Device the primary/secondary root bridge.
(config)# spanning-tree portfast bpduguard defaultTo Enable bpdu guard for all portfast enable interfaces
(config)# spanning-tree portfast defaultTo Enable portfast for all non-trunk interfaces
(config-if)# spanning-tree bpduguard enableTo Enable gpduguard on this interface
(config-if)# spanning-tree portfastTo Enable portfast on this interface
(config-if)# spanning-tree guard rootTo Enable root guard on this interface

Troubleshoot STP:

# show spanning-tree [vlan 1]
# show spanning-tree summary
# show running-config interface g1/1
# show spanning-tree interface g1/1 portfast


EtherChannel is a port link aggregation technology that groups multiple physical port links into one logical link. Used to provide high-speed connectivity and redundancy. Up to eight links can be aggregated into one logical link.

(config)# interface range g1/1 – 2To configure g1/1 and g1/2 at the same time
(config-if-range)# channel-group 1 mode {auto, desirable}To Add both interfaces to EtherChannel 1 (PAgP)
(config-if-range)# channel-group 1 mode {active, passive}To Add both interfaces to EtherChannel 1 (LACP)
(config-if-range)# channel-group 1 mode onTo Add both interfaces to EtherChannel 1 (Static)
(config)# interface port-channel 1To Configure virtual interface for EtherChannel 1
(config-if)# switchport mode trunkTo Put EtherChannel 1 in trunk mode
(config-if)# switchport trunk allowed vlan 10,20,30To Add tagged VLANs 10,20,30 on EtherChannel 1

Troubleshoot Etherchannel:

# show interface port-channel 1Combined bandwidth and members as extra info.
# show etherchannel summaryTo Show EtherChannel protocols and members as a list
# show etherchannel port-channel 1To Show per member state and stats

Configure a Serial:

The speed of the Layer 1 connection is determined by the CSU/DSU. DTE (Data Terminal Equipment)  and DCE (Data Communications Equipment) cables are used in labs without an external CSU/DSU.

(config)# interface serial 1/0To Configure interface serial 1/0
(config-if)# clock rate 128000To Set clock rate for DCE router side to 128 kbps
(config)# show controllers serial 1/0To Verify clock rate on serial interface 1/0

Access Control Lists (ACLs):

Default mask for default ACL:

(config)# access-list 23 permit []To Create ACL #23 or append a rule to ACL #23, allow 1.2.x.x
(config)# no access-list 23To Delete entire ACL #23
(config)# ip[v6] access-list resequence local_only 5 10To Renumber ACL Rules, put first on #5, increment by 10.
(config)# ip access-list {standard, extended} 23To Create ACL and/or enter config mode for ACL #23
(config)# ip access-list {standard, extended} local_onlyTo Create ACL and/or enter config mode for ACL ‘local_only’
(config-std-nac1)# permit Append rule to standard ACL ‘local_only’
(config-std-nac1)# 5 permit Append rule to ACL at sequence number 5.
(config-std-nac1)# no <sequence#>To Remove rule with sequence# from ACL
(config-ext-nac1)# deny tcp any any                                     NULL
(config-ext-nac1)# permit udp host any lt 1024                                     NULL
(config-ext-nac1)# permit udp host any eq dns                                     NULL
(config-ext-nac1)# deny udp host any                                     NULL
(config-ext-nac1)# permit ip any any                                     NULL

Interface ACLs:

(config)# inter g1/1To Enter if-config mode for g1/1
(config-if)# ip access-group 23 outTo Apply ACL #23 to outgoing packets, not sent by the router
(config-if)# ip access-group 42 inTo Apply ACL #42 to incoming packets
(config-if)# ip access-group local_only inTo Overwrite the used ACL, only one ACL per if + proto + direction!
(config-if)# ipv6 traffic-filter 23 outTo The v6 syntax of course differs…
# show ip interface g1/1 | incl access listTo Show ACLs on g1/1 (When none set shows not set for v4 and nothing for v6)

Troubleshooting ACLs:

# show [ipv6] access-listsTo Show, all configured ACLs
# show access-list 10To Display all rules in ACL #10 and how often they matched

Network Address Translation (NAT):

Network Address Translation (NAT) is the process of translating one or more local IP addresses into one or more global IP addresses, or vice versa, in order to provide Internet access to local hosts. It also performs port number translation. H. Mask the host’s port number with another port number in packets routed to the destination.

inside localIP addresses assigned to hosts in the network are not routable
inside globalA routable IP address assigned by your Network Information Center or ISP
outside localThe IP address of the remote host seen on the network is not routable
outside globalThe owner-assigned IP address of the remote host, routable
(config)# int g1/1To Enter if-config mode for g1/1
(config-if)# ip address configure on g1/1
(config-if)# ip nat outsideTo Packets going out, need to change their src, incoming their dest ip.
(config)# int g1/2To Enter if-config mode for g1/2
(config-if)# ip address configure on g1/2
(config-if)# ip nat insideTo Packets going out, need to change their dest, incoming their src ip.


SNAT, as the name suggests, is a technique for generally translating the source IP address when connecting from a private IP address to a public IP address. Maps the originating client IP address in the request to a transform defined on the BIG-IP device. This is the most common form of NAT and is used when internal hosts need to initiate sessions with external or public hosts.

(config)# ip nat inside source static – Static mapping of internal IPs to external IPs 1:1.


DNAT, as the name proposes, is a technique for mostly translating destination IP addresses when connecting from a public IP address to a private IP address. It is typically used to redirect packets destined for a specific IP address on one host or a specific port on an IP address to another address (most likely another host).

(config)# access-list 42 permit Create an ACL identifying 10.10.23/24
(config)# ip nat pool POOL netmask Create an IP Address Pool for NATing
(config)# ip nat inside source list 42 pool POOLTo DNAT IPs matching ACL #42 1:1 with IPs from nat pool ‘POOL’.

Port Address Translation (PAT):

Port address translation is implemented in routers. So the IP packet received by the router contains a private IP and a port number (provided by the computer), so the router replaces the private IP with the public IP of the router and a specific port is assigned to this connecting device.

(config)# access-list 10 permit Create an ACL identifying 10.10/16
(config)# ip nat inside source list 10 interface g1/1 overloadTo PAT IPs matching ACL #10 many:1 with g1/1s public IP

DHCP (Dynamic Host Control Protocol):

Dynamic Host Configuration Protocol (DHCP) is an application layer protocol used to provide:

  1. Subnet Mask (Option 1 – e.g.,
  2. Router Address (Option 3 – e.g.,
  3. DNS Address (Option 6 – e.g.,
  4. Vendor Class Identifier (Option 43 – e.g., ‘unifi’ = ##where unifi = controller)
(config)# ip dhcp excluded-address not distribute these IPs in leases
(config)# ip dhcp pool PCsCreate and/or enter DHCP config for pool ‘PCs’
(dhcp-config)# network /24To define pool addresses
(dhcp-config)# default-router define default gateway to be distributed in the leases
(dhcp-config)# dns-server                               NULL
(dhcp-config)# domain-name                               NULL
(dhcp-config)# leaseTo lease validity time
(config)# int g1/1To Enter interface config mode on client-facing interface
(config-if)# ip helper-address Relay DHCP Requests to this host

Troubleshooting DHCP:

# debug ip dhcp server packet                               NULL
# show dhcp leaseTo Show DHCP lease information
# show ip dhcp poolTo Show pool size and addresses in use
# show ip dhcp bindingTo Show which mac got which ip
# sh run | section dhcpTo See if IP DHCP exclude-address / pool stuff is wrong.
# sh run int g1/1To See if IP helper address is wrong.

HSRP (Hot Standby Router Protocol):

HSRP (Hot Standby Router Protocol) is a CISCO proprietary protocol that provides redundancy for a local subnet. In HSRP, two or more routers create the illusion of a virtual router.

(config-if)# standby [group-number] ipTo Join HSRP Group
(config-if)# standby [group-number] priorityTo Set prio of this router.
(config-if)# standby [group-number] preemptTo Preempt other routers when this router becomes active
(config-if)# standby {1,2}To Set HSRP Version

Troubleshooting HSRP:

# show standbyHSRP Groups, their VIPs, state, active router, standby router, preemption.

Service Level Agreements (SLAs):

Service Level Agreements (SLAs) are performance constraints negotiated between the cloud service provider and the customer. Previously, in cloud computing, all service level agreements were negotiated between the customer and the consumer of the service. Today, with the advent of major utility-style cloud providers, most service level agreements are standardized until customers become major consumers of cloud services. cloud.

(config)# ip sla 23Create IP sla test #23 and enter its config mode.
(config-ip-sla)# icmp-echo icmp-echo test.
(config-ip-sla)# frequency 42frequency in seconds.
(config)# ip sla schedule 23 life {forever, seconds} start-time nowStart test #23 now and until manually stopped.

Troubleshooting SLAs:

# show ip sla configurationShow all configured IP SLA configs
# show ip sla statisticsShow sla results

Telnet / Console:

TELNET stands for Terminal Network. It is a type of protocol that allows a computer to connect to a local computer. It is used as the standard TCP/IP protocol for the virtual terminal service provided by ISO. The computer that initiates the connection is called the local computer. 

(config)# banner login “Insert snarky banner.”To Make sure that the device includes legal terms to sound smart.
(config)# banner motd “Insert snarky banner.”To Set Login Banner.
(config)# line vty 0 4To Enter config mode for vty 0 to 4 (up to 15 allowed).
(config)# line console 0To Enter config mode for the console port
(config-line)# loginTo Require login on telnet/console connection.
(config-line)# passwordTo Enable Telnet and set vty login password.
(config-line)# access-class 10 inTo Set ACL to limit inbound IPs allowed to access vty
(config-line)# access-class 42 inTo Overwrite the used ACL, only one ACL per vty + direction!
(config-line)# exec-timeout 10To Autologout after 10 Minutes
(config-line)# login localTo Require login on telnet/console connection via local users.
(config)# username h.acker secret C1sco123To Create a local user with an encrypted password.


SSH (Secure Shell) is an access identifier used in the SSH protocol. In other words, it is a cryptographic network protocol used to transmit encrypted data over a network. It allows you to connect to a server or servers without having to remember or enter your password for each system that needs to connect remotely from one system to another.

(config)# hostname FoobarTo generate SSH keys.
(config)# ip domain-name example.comTo Required to generate SSH keys.
(config)# crypto key generate RSA modulus 2048To Generate keys like it’s 1995! Potentially takes forever.
(config)# ip ssh version 2To Force SSHv2
(config-line)# transport input sshTo Force ssh, disable telnet.
# show ip sshTo Know SSH version, timeout time, and auth retries.
# show sshTo List active connections

TACACS+ Protocol:

TACACS+, which stands for Terminal Access Controller Access Control Server, is a security protocol used within the AAA framework to provide centralized authentication for users who wish to access the network.


(config)# username password

To view Local backup users.

(config)# aaa new-model

To Enable aaa services.

(config)# tacacs server

To Add and define TACACS conf.

(config-server-tacacs)# address ipv4


(config-server-tacacs)# [port ]


(config-server-tacacs)# key


(config)# aaa group server tacacs+

Multiple possible.

(config-sg-tacacs+)# server name


(config)# aaa authentication login group local

Allow that group and local users in.

Simple Network Management Protocol (SNMP):

SNMP is an application layer protocol that uses UDP port number 161/162. SNMP is used to monitor the network, detect network failures, and sometimes even to configure devices remotely.

(config)# snmp-server contact admin@example.comTo Contact email
(config)# snmp-server location RZ-HamburgTo Where is the device
(config)# snmp-server community [ro, rw]To Add community
(config)# snmp-server host SNMP notifications recipient

CDP – Cisco Discovery Protocol:

CDP allows users to use a number of display commands that allow them to view connected device information such as local port information, remote port information, hostname, device platform, etc.

# [no] cdp runTo Enables cdp globally and on all interfaces (default)
# (config-if)# [no] cdp enableTo Enable cdp on an interface
# show cdp neighbors [detail]To List connected cisco devices (name, local/remote port, [ip])
# show cdp entry *                               NULL

Link Layer Discovery Protocol (LLDP):

It is an open layer 2 protocol compliant with the IEEE (802.1AB) standard. LLDP is an open source alternative to CDP (Cisco Discovery Protocol), which is also a device discovery protocol that runs only on layer 2 (data link layer)  on Cisco-manufactured devices (routers). routers, bridges, access servers, and switches).

# [no] lldp runTo enable lldp globally and on all interfaces
(config-if)# [no] lldp transmitTo Enable lldp packet transmission on interface
(config-if)# [no] lddp receiveTo Enable lldp packet reception on the interface

Point-to-Point Protocol (PPP):

Point-to-Point Protocol (PPP) is basically a set of asymmetric protocols for different connections or links that do not provide frames, i.e., raw bit pipes. PPP also wants other protocols to establish connections, authenticate users, and also transport network layer data. PPP is not a single protocol, but a set of protocols consisting of simple protocols that address various aspects of Layer 2 point-to-point communication.

(config)# username fnord password passTo Create users for pap auth.
(config)# interface S0/0/0                               NULL
(config-if)# clock rate 125000To rate Only on DCE cable!
(config-if)# bandwidth 125For Logical speed used for routing cost calc, RSVP…
(config-if)# encapsulation pppTo set Default HDLC
(config-if)# ppp authentication papTo show Required remote to authentication via pap
(config-if)# ppp pap sent-username fnord password passAuthenticate to remote pap
(config)# hostname routy1Required for CHAP, used as chap client username
(config)# username routy2 password foobarCreate users for chap auth for routy2
(config)# interface S0/0/0                               NULL
(config-if)# no ppp authentication papRemove in favor of chap
(config-if)# no ppp pap sent-username fnord password passRemove in favor of chap
(config-if)# ppp authentication chapRequire remote to authenticate via chap

Troubleshooting PPP:

# show controllers S0/0/0To Show interface, connected type of cable, clock rate
# show interfacesTo Show encapsulation, logical bandwidth
# show ppp allTo Show session state, auth type, peer ip and name
# debug ppp authenticationTo Debug PPP authentication


Routing Information Protocol (RIP) is a dynamic routing protocol that uses hop count as a routing metric to find the best path between source and destination networks. It is a distance vector routing protocol with an AD value of 120 and operates on the network layer of the OSI model. RIP uses port number 520.

(config)# router ripTo Enable RIP and enter its config mode
(config-router)# version 2To Set RIPv2, which is Classless
(config-router)# network Advertise connected networks which are within.
(config-router)# network Advertise all connected networks.
(config-router)# timers basicTo Show timers
(config-router)# no auto-summaryStop summarizing a smaller subnet route in a bigger one.
(config-router)# passive-interface g1/1Stop sending RIP updates out this interface
(config-router)# passive-interface defaultStop sending RIP updates on any if by default
(config-router)# no passive-interface g1/2To Overwrite the passive-interface default
(config-router)# default-information originateTo Advertise the default route.

Troubleshooting RIP:

# show ip[v6] protocolsShow rip timers, interfaces, networks,
# show ip rip databaseRoutes learned by rip were used to compile the routing table
# show ip routeShow learned routes
# clear ip route *Get rid of all routes


EIGRP (Enhanced Interior Gateway Routing Protocol) is a dynamic routing protocol used to find the best path between any two Layer 3 devices for packet delivery. EIGRP works on top of the network layer protocol of the OSI model and uses protocol number 88. It uses metrics to find the best path between two Layer 3 devices (Layer 3 routers or switches). using EIGRP.

# show run &#124 section eigrpTo Show EIGRP settings.
# show interfaces g1/1To Show configured/default bandwidth and delay.
(config-if)# bandwidthTo Overwrite bandwidth used for eigrp metric.
(config-if)# delayTo Overwrite display used for eigrp metric.
(config)# router eigrp 23To Add and conf EIGRP AS#23
(config-router)# network Announce routes to
(config-router)# no shutdownOn some iOS versions, it’s off by default.
(config-router)# [no] eigrp router-idTo Set Defaults to highest loopback ip
(config-router)# [no] passive-interface g1/2To Disable EIGRP here. Ignore incoming pkgs.
(config-router)# [no] passive-interface defaultTo Disable EIGRP on all ifs by default.
(config-router)# maximum-pathsTo set Default 4, must match, the number of load-balanced paths.
(config-router)# variance 4To Set Default 1, Max 4:1 variance for unequal lb.
(config-router)# no auto-summaryTo Set Don’t summarize a smaller subnet route in a big one.
# show ip[v6] eigrp neighborsTo show Neighbor address, if, hold time, uptime, queued pkgs
# show ip[v6] eigrp interfaces [if-name]To Show If, Number of peers, pending routes, queued pkgs
# show ip[v6] route [eigrp]To ShowRoutes starting with D were learned via EIGRP
# show ip[v6] eigrp topology [all-links]Topology table

EIGRP with ipv6:

(config)# ipv6 unicast-routingTo Enable v6 routing on the router
(config)# ipv6 router eigrp 23To Configure eigrp as #23
(config-rtr)# no shutdownTo Enable this eigrp routing process.
(config-if)# [no] ipv6 eigrp 23To Enable eigrp with ipv6 for as #23 on this if.


Open Shortest Path First (OSPF) is a link-state routing protocol used to find the best path between source and destination router using its own shortest path first). OSPF was developed by the Internet Engineering Task Force (IETF) as one of the Internal Gateway Protocols (IGP), i.e., a protocol aimed at moving packets within a large autonomous system or routing domain.

(config)# router ospf 11 is the pid, not the area.
(config-router)# router-id Set Defaults to highest IPv4 on lo, then other ifs.
(config-router)# network area 0To enable interfaces for OSPF with matching IPs
(config-router)# (no) passive-interface g1/1To Stop in- and egress OSPF hello packets.
(config-router)# passive-interface defaultTo Mark all ifs passive by default.
(config-router)# default-information originate (always)To Advertise default routes into a normal area
(config-router)# auto-cost reference-bandwidth <refbw in Mb/s>To Change reference bandwidth speed
(config-if)# ip ospf cost 23To Overwrite interface cost to 23
(config-if)# bandwidth <bw in kb/s>To Change interface bandwidth

Router Types:

Internal RouterList All OSPF interfaces in one area
Backbone RouterIt has one or more OSPF interfaces in the backbone
Area Boundary Router (ABR)It has at least one interface in the backbone area and at least one in another area
Autonomous System Boundary Router (ASBR)To Injects routes into OSPF via redistribution from other routing protocols

OSPF with ipv6 (OSPFv3):

(config)# ipv6 unicast-routingTo show unicast routing through ipv6
(config)# ipv6 router OSPFTo show config of ipv6 on the router
(config-router)# router-idRequired if we don’t have any v4 address configured.
(config-if)# ipv6 OSPF areaRequired for OSPFv3.

The network’s command does not exist, and non mentioned commands are the same.

Troubleshooting OSPF:

# show run | sect ospfTo run OSPF
# show ip(v6) protocolsTo show ipv6 in OSPF
# show ipv6 ospfTo show reference bandwidth, router-id, networks, interface per area
# show ip(v6) ospf neighborTo show neighbor IDs, IPs, and via the interface.
# show ip(v6) ospf neighbor detailTo show dr, bdr, timers, etc.
# show interface briefTo show admin downlink
# show ip(v6) ospf interface briefTo show OSPF enabled interfaces
# show ip(v6) ospf interface g1/1To show OSPF related Infos for g1/1, passive?
# show ip(v6) route (ospf)To show OSPF routes are marked O, show route ad and cost 

Last Updated : 07 Oct, 2022
Like Article
Save Article
Share your thoughts in the comments
Similar Reads