Lots of random little things I’ve collected over the years.
Erasing a switch:
Erase the config, vlans, and crypto:
Switch# write erase Switch# del flash:vlan.dat Switch# crypto key zeroize rsa
Switch stack commands:
View Switches Currently Connected or Provisioned
Switch# show switch
Renumber a Switch
Switch(config)# switch {CURRENT#} renumber {NEW#}
Prioritize a Switch (15=Master)
(NOTE: Higher priority value = Higher priority)
Switch(config)# switch {SWITCH#} priority {PRIORITY#}
Remove (Deprovision) a Switch
Switch(config)# no switch {CURRENT#} provision {NEW#}
Stack power commands:
Show Environmental Facilities (Power Supplies, etc.)
Switch# show env all
Show Available, Budgeted, and Consumed Power
Switch# show power inline
Configure Power-Stack Switch Power Parameters
Switch# stack-power switch {NUMBER} Switch# power-priority switch {1-9} Switch# power-priority high {10-18} Switch# power-priority low {19-27}
(NOTE: Lower priority value = higher priority)
Set Access Port Power Priority
Switch(config-if)# power inline port priority {High | Low}
Enable/Disable Stack-Power Port
Switch# stack-pow switch 1 port 1 {Enable | Disable}
Find a device by IP:
*** SSH into the gateway IP of the IP address in question ***
EXAMPLE: If the IP = 192.168.78.221 SSH into = 192.168.78.1
1. Search the ARP table for the IP:
Router# show ip arp | i 192.168.78.221
2. Search the MAC address table for the given MAC:
Router# show mac address-table | i 0013.c39d.6bc1
3. View the device/switch on the given port:
Router# show cdp neighbor t3/5 detail
**SSH into the given device**
4. Repeat steps 2 and 3 until you reach an end user switchport.
Access list modification:
Showing an Access List with its sequence numbers
Switch# show ip access-lists
Resequence an Access List
Switch(conf)# ip access-list resequence {ACL} 10 10
Add to an Access List – Add the new line with appropriate sequence number:
Switch# ip access-list {ACL_TYPE} {ACL_NAME} Switch# {SEQUENCE#} permit {IP_ADDRESS}
Remove from an Access List – Remove a line by using its sequence number:
Switch# ip access-list {ACL_TYPE} {ACL_NAME} Switch# no {SEQUENCE#}
Find all applied Access Lists
Switch# show ip int | i line protocol|access list
DHCP Setup
Exclude any addresses that should not be leased
Switch(config)# ip dhcp exclude {FIRST_IP} {LAST_IP}
Start the DHCP Service
Switch(config)# service dhcp
Create your Pool of addresses
Switch(config)# ip dhcp pool {POOL_NAME} Switch(dhcp-config)# network {NET_IP} {SUBNET_MASK}
Set a Default Router
Switch(dhcp-config)# ip default-router {IP}
Throughput Test – TTCP
Setup a server to receive
Router# ttcp receive
Setup a server to transmit
Router# ttcp transmit {RECEIVE_ROUTER_IP}
Generate Some Traffic
Start the “tcp-small-servers” Service
Switch1(config)# service tcp-small-servers
Telnet to port 19
Switch2# telnet {END_DEVICE_IP} 19
SSH Options
Set the Source Interface or VLAN
Switch(config)# ssh source-ip {SOURCE}
Use a Different Username to Login
Switch# ssh –l {USERNAME} {IP}
Reloading Cisco Devices
*** NOTE: These are very useful for making changes to a switch that could potentially block your access. ***
Set a Time for Reload
Switch# reload at {HH:MM}
Set a Delay for Reload
Switch# reload in {NUMBER_OF_MINUTES}
Cancel a Reload
Switch# reload cancel
Cisco VoIP Phones
Automatically Setup QoS for VoIP
***NOTE: This should be entered on the range of interfaces that will have Cisco IP Phones connected.**
Switch(config-if-range)# auto qos voip cisco-phone
Reset a Cisco IP Phone
1. Remove power from the phone and plug it back in.
2. Immediately press and hold #
3. When buttons/lights flash in sequence, Press:
123456789*0#
Lock and Unlock Settings
Press **# to unlock and press it again to lock.
Misc Cisco Commands
Interrupt an output or process
[Ctrl]+[Shift]+[6] or [Ctrl]-[Z]
Suspend a connection (SSH, Telnet, etc.)
[Ctrl]+[Shift]+[6] [X]
Disconnect active connections
Switch# disconnect
Turn On/Off Log Messages for Current Session
Switch# terminal monitor Switch# terminal no monitor
Temperature Status and Threshold Values
Switch# show env temperature status Switch# show env alarm thresholds
Restore an interface to default configuration
Switch(config)# default interface {INTERFACE}
View the contents of a Text File
Switch# more {TEXT_FILE_NAME}
Apply an IP to a switchport
Switch(config)# no switchport
Replace the device’s entire configuration
Switch# configure replace {FILE_LOCATION}
Test a Port to See if it is Open
Switch(config)# telnet {IP_ADDRESS} {PORT_NUMBER}
View only active processes on a device (good alias)
Switch# show processes cpu | excl 0.00%__0.00%__0.00%
View transmit/receive rates for all interfaces
Switch(config)# show interfaces summary
Command Prompt and Powershell Stuff
View all MAC address on the local machine
C:\> getmac
Search DNS for IP or HOSTNAME
C:\> nslookup {COMPUTER_NAME | IP_ADDRESS}
Find MAC and NetBIOS Name by IP
C:\> nbtstat –A {IP_ADDRESS}
Find MAC and IP by NetBIOS Name
C:\> nbtstat –a {COMPUTER_NAME}
Clear ARP on the local machine
C:\> arp –d *
Clear DNS on the local machine
C:\> ipconfig /flushdns
Clear NetBIOS name cache
C:\> nbtstat –R
Display all connections and listening ports
C:\> netstat -an
802.1x (dot1x)
Set a port to Monitor Mode (remove Enforcement)
Switch(config-if)# authentication open Switch(config-if)#
View a lot of awesome dot1x information
Switch# show dot1x {all | interface} summary
Display information about current auth sessions
Switch# show authentication sessions {INTERFACE}
Clear current auth sessions
Switch# clear authentication sessions {INTERFACE}
NOTE: shut then no shut the interface after this!!!
Display IP and MAC info for connected devices
Switch# show ip device tracking {all | interface}
Find Port of failing device by MAC
Switch# show log | i MAC_ADDRESS
In cmd.exe or PowerShell: View interface auth state
C:\> netsh lan show interfaces
Port Monitoring – SPAN
**NOTE: SPAN and RSPAN are for setting up a sniffer and should only be used when you have proof of granted permission by a very high authority (a letter).
1. Clear any existing monitor sessions
Switch(config)# no monitor session all
2. Specify the Session and Source Port (repeat for each)
Switch(config)# monitor session 1 source {INTERFACE}
Or monitor an entire VLAN (careful with this!)
Switch(config)# monitor session 1 source vlan {ID}
3. Specify the Destination Port
Switch(config)# monitor session 1 dest {INTERFACE}
4. Confirm the monitoring session
Switch(config)# show monitor session 1
Port Monitoring – RSPAN
**NOTE: RSPAN is for monitoring ports on a distant switch, for monitoring on the same switch, use SPAN.
1. Create an RSPAN VLAN
Switch(config)# vlan {VLAN-ID} Switch(config)# remote-span
2. Clear any existing monitor sessions
Switch(config)# no monitor session all
3. Specify the Session and Source Port (repeat for each)
Switch(config)# monitor session 1 source {INTERFACE}
4. Specify the Session and Source Port (repeat for each)
Switch(config)# monitor session 1 source {INTERFACE}
5. Specify the Destination
Switch(config)# monitor session 1 dest {INTERFACE}
6. Confirm the monitoring session
Switch(config)# monitor session 1 source {INTERFACE}