IOS Cheat Sheet

Cisco Switch IOS Commands

A few notes on commands that I occasionally use… Because I have a mind like a steel trap — it often mangles what enters it.

Note: This is not intended to be a complete command reference, mostly just useful stuff that I don’t use often enough to remember every time. Also, most of my switch infrastructure is Cisco 2960. Most of the commands work across the Cisco line, but I haven’t tested against other models (unless specifically noted).

A complete IOS command reference can be found here.

Schedule a Reload

Schedule a reload. Need to reboot a Cisco switch or router (or even Lightweight APs, if you have ssh access) after everyone has gone home? You can schedule a reload to occur in a specific number of hours or minutes or on a specific time and date. Note: when you enter the command you will be prompted with “Proceed with reload? [confirm]“. Go ahead and confirm – it only sets the reload time.

To reload in a specific number of hours and/or minutes:

#reload in hh:mm

To reload at a specific time (24-hour clock) and date (date is optional and must occur within 24 days):

#reload at hh:mm [month day]
   examples:  #reload at 14:00
             #reload at 03:35 mar 29

To cancel a scheduled reload, use the following command:

#reload cancel

To check the status of the scheduled reload, enter:

#sh reload
Warm Reboot

Warm Reboot. A warm reboot of a switch or router will allow a reload without reloading the IOS images, thus significantly decreasing the reload time.

# reload warm

This command can be combined with a scheduled reload. For example:

# reload warm at 14:00

Show attached switches/routers

Show attached switches. Need to see what switches are attached to the one you are on? Use this command.

#sh cdp neighbors detail
Delete a Directory

Delete a directory (and all of its contents) from flash memory. (Note: if you are using a stack of switches you will need to define which physical device you are deleting from by using flash1: flash2: flash3: etc.)

delete /force /recursive flash:directory_name
Delete a file from flash momory

Delete a file from flash memory. (Note: if you are using a stack of switches you will need to define which physical device you are deleting from by using flash1: flash2: flash3: etc.)

#delete /force flash:file_name
Configure File Transfer via FTP Server

Configure FTP server to allow file transfers.

# conf t 
(config)# ip ftp username ftp_username
(config)# ip ftp password
Copy File from FTP Server to Flash

Copy file from FTP server to flash memory. (Be sure to set up the server as shown above first.)

# copy ftp://<ftp_ip_address/filename> flash:<filename>
Add or Remove VLAN on an Existing Port Channel

NOTE:

Always add and remove VLANs to the Port Channel NOT to the associated physical interfaces. When you apply the change to the Port Channel, the physical interfaces will automatically reflect the change.

Add a VLAN to an existing Port Channel. (For this example I will assume the Port Channel is po1).

# conf t 
(config)# int po1
(config-if)# switchport trunk allowed vlan add <vlan_#>
(config-if)# end
# wr

Remove a VLAN from an existing Port Chanel. (Let’s undo what we did above)

# conf t 
(config)# int po1
(config-if)# switchport trunk allowed vlan remove <vlan_#>
(config-if)# end
# wr
Change Switch Stack Number Assignment

I ran into a problem when attempting to reuse a switch that had been a member of a previous stack for a member in a new stack. While I was configuring, I noticed that the switch continued to identify itself as switch 2 even though it was not yet a part of a stack. In this example, I am renumbering the switch from 2 to 1.

# conf t 
(config)# switch 2 renumber 1
(config)# end
# wr
Remove a Provisioned Switch

After renumbering, some switches will leave the old switch number provisioned, which screws up the numbering for any switch added to the stack. In this example, I will assume that switch 2 from above has remained provisioned.

# conf t 
(config)# no switch 2 provision
(config)# end
# wr
View MAC Addresses of Attached Devices

Need to find what port a device is attached to? If you know the MAC address, you can find it in the MAC table.

# show mac address-table

View MAC address of a device attached to a specific port.

# show mac address-table int gig s#/m#/p#

To view all MAC addresses on a specific VLAN (I will use VLAN 10 for this example):

# show mac address-table vlan 10

If you want to look for a specific MAC address, you can add an output modifier to the above example (Note:format of the MAC address needs to be: 0000.0000.0000 not 00:00:00:00:00:00).

# show mac address-table | include 0000.0000.0000
Replace Missing “write mem” Command on Nexus Switches

I’m not sure why Cisco has chosen to deprecate the write mem command (which I normally abbriviate to just wr) in favor of copy running-config startup-config, but the old standby is completely missing from Nexus switches. Fortunately, using an alias, you can (sort of) replace it or even create new cli commands. The alias needs to be one word so, for example, you could use wr, wrimem, wr_mem, etc.

# conf t 
(config)# cli alias name wr copy running-config startup-config
(config)# end
# wr
Shut Down PoE, but Leave Port Active

When you need to turn off power, but leave the port active (for example, when a device is misidentified as a PoE device) use the following:

# conf t 
(config)# interface gig s#/m#/p#
(config-if)# power inline never
View, Add, or Remove a VLAN Helper Address

There are two similar commands used to add a helper-address. First, take a look at the interface to see any existing helper addresses.

# show run int vlan<vlan#>

The first option limits the address to only DHCP packets:

# conf t  
(config)# int vlan <vlan_number>
(config-if)# ip dhcp relay address <ip_address>
(config-if)# end
# wr

The second option allows DHCP and several other protocols:

 # conf t   
(config)# int vlan <vlan_number>
(config-if)# ip helper-address <ip_address>
(config-if)# end
# wr

To remove a helper address from an interface:

 # conf t   
(config)# int vlan <vlan_number>
(config-if)# no ip helper-address <ip_address>
(config-if)# end
# wr

Generally, the ip helper-address command is preferred unless there is a reason to limit protocols.

Configure QoS for VoIP Trunk Interface

This is kind of an odd one. Recently, our campus began replacing our old telephone infrastructure. As a part of that project, we installed equipment to allow voice traffic to satellite locations to be trunked over the fiber and VPN connections used for data allowing us to eliminate the old T1 lines.

While the bandwidth requirements are modest, port settings are very specific and voice traffic has to be prioritized. The following sets up an access port as 100 Mbps, full duplex and allows the QoS level to be determined by the connected equipment.

# conf t 
(config)# int gig s#/m#/p#
(config-if)# shut
(config-if)# switchport access vlan
(config-if)# switchport mode access
(config-if)# speed 100
(config-if)# duplex full
(config-if)# mls qos trust dscp
(config-if)# no shut
(config-if)# end
Show trunk ports

To show which ports are trunk ports there are a couple of options:

To view trunking ports (includes Port Channels, Standard Trunks, the association of interfaces and lots of other information):

# sh int trunk

To view trunk ports, physical ports that are part of an EtherChannel, and see the current status:

# sh int status | inc trunk

Leave a Reply

Your email address will not be published. Required fields are marked *