Cisco CLI Commands Reference for CCNA Exam Preparation

Mastering the Cisco Command-Line Interface (CLI) is non-negotiable for both the CCNA certification exam and a career in networking. The exam rigorously tests your ability to navigate, configure, and troubleshoot devices using the Cisco Internetwork Operating System (IOS) syntax. Building speed and accuracy with these commands transforms theoretical knowledge into practical skill, directly impacting your exam score and real-world problem-solving efficiency.

Mastering CLI Navigation and the Command Hierarchy

Before issuing any specific command, you must understand how to move through the CLI efficiently. The IOS operates on a command hierarchy, where each mode offers a specific set of available commands. You start in user EXEC mode (indicated by the > prompt), which has limited, view-only privileges. To make configuration changes, you must enter privileged EXEC mode by typing enable, which changes the prompt to #. From there, you enter global configuration mode with configure terminal (often shortened to conf t).

Navigation within this hierarchy is governed by context. For example, to configure an interface, you move from global configuration mode into interface configuration mode using interface [type] [number]. To return to a higher mode, you use exit; to jump back to privileged EXEC from any configuration mode, you use end or press Ctrl+Z. For the exam, you must instantly recognize which mode a command belongs to, as a misplacement will generate an error. Building speed relies on command shortcuts and tab completion. IOS allows you to abbreviate commands to the fewest unique characters, such as sh run for show running-config. Pressing Tab auto-completes a command, while ? provides context-sensitive help, which is invaluable for discovering syntax during the exam's simulation questions.

Essential Show Commands for Network Verification

The show command family is your primary tool for verifying configuration and operational status. CCNA exam scenarios often present a network diagram or problem description, and your task is to identify which show command will reveal the necessary information. The show running-config command displays the current, active configuration in RAM. Contrast this with show startup-config, which shows the configuration saved in NVRAM that will load on reboot—a critical distinction for troubleshooting.

For layer 3 connectivity, show ip route displays the router's routing table, allowing you to verify learned routes via protocols like OSPF or static entries. At layer 2, show vlan brief provides a concise overview of all configured VLANs and which switch ports are assigned to them. To quickly assess the IP addressing and status of all interfaces, show ip interface brief is indispensable; it gives a one-line summary showing the IP address, and the administrative and line protocol status (up/up, down/down, etc.). Other vital show commands include show cdp neighbors for discovering directly connected Cisco devices and show interfaces for detailed per-interface statistics. In exam simulations, you will use these commands to diagnose issues like missing VLAN assignments, incorrect IP addresses, or OSPF adjacency problems.

Configuration Commands: From Interfaces to Security

Configuration commands modify the device's behavior. They are typically entered from global configuration mode or a specific sub-configuration mode. A foundational task is interface configuration. For a router's GigabitEthernet0/0 interface, you would use:

Router# configure terminal
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# no shutdown

The no shutdown command activates the interface, changing its administrative state to up.

VLAN configuration on a switch involves two steps: creating the VLAN in the global VLAN database and assigning access ports to it.

Switch(config)# vlan 10
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit
Switch(config)# interface FastEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

For Open Shortest Path First (OSPF) configuration, you enable the routing protocol, define the network statements, and optionally set the router ID.

Router(config)# router ospf 1
Router(config-router)# network 192.168.1.0 0.0.0.255 area 0

Access Control Lists (ACLs) are crucial for security. Standard ACLs filter based on source IP, while extended ACLs can filter on source/destination IP, protocol, and port. An example extended ACL denying Telnet from any host to a specific network is:

Router(config)# ip access-list extended BLOCK_TELNET
Router(config-ext-nacl)# deny tcp any 10.1.1.0 0.0.0.255 eq 23
Router(config-ext-nacl)# permit ip any any
Router(config-ext-nacl)# exit
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip access-group BLOCK_TELNET in

Remember, ACLs have an implicit deny any at the end, so a permit statement is often needed.

Advanced Operations: Debug, Copy, and Privilege Levels

Beyond viewing and configuring, you must manage the device and perform advanced troubleshooting. Debug commands provide real-time diagnostic output for protocols and events, such as debug ip ospf events. However, they are processor-intensive and should be used sparingly on production networks. Always turn off debugging with undebug all or no debug all after use. For the exam, know that debug commands are executed from privileged EXEC mode and that their output can be filtered.

Copy commands manage configuration and IOS image files. The most critical is copy running-config startup-config (or write memory), which saves your changes. Failure to do this is a common exam trap—a device reboot will lose all unsaved configuration. Another essential command is copy tftp flash, used to upgrade the IOS by copying an image from a TFTP server to the device's flash memory.

Privilege levels define what commands a user can execute. By default, level 1 is user EXEC, and level 15 is privileged EXEC. You can customize these levels for granular access control. For instance, to assign the show running-config command to a custom privilege level 5, you would use:

Router(config)# privilege exec level 5 show running-config

Understanding this hierarchy is key for questions about role-based access control on the CCNA exam.

Common Pitfalls

1. Forgetting to Save Configurations: A classic mistake is making extensive changes in running-config but neglecting to use copy run start. The exam will test this by presenting a scenario where a device reboots and loses its configuration. Always verify with show startup-config that your changes are preserved.
2. Misapplying ACLs or VLAN Commands: Placing an ACL on the wrong interface direction (in/out) or assigning a switch port to a VLAN that hasn't been created yet will fail silently. For VLANs, remember to create the VLAN globally before assigning ports. For ACLs, ensure the protocol and port numbers in your deny or permit statements match the traffic you intend to filter.
3. Using Debug inappropriately: In a simulation, turning on a broad debug like debug ip packet could generate excessive output and crash the device. The exam may test your knowledge by offering debug as a troubleshooting step; the correct approach is to use specific, targeted debug commands and to always disable them after.
4. Ignoring Command Context: Attempting to enter interface configuration commands from global configuration mode without first specifying the interface (e.g., typing ip address directly under config#) will result in an error. Pay close attention to the prompt in exam simulations to ensure you are in the correct mode.

Summary

• CLI Proficiency is Foundational: Success hinges on navigating the command hierarchy (user EXEC, privileged EXEC, global config) and using shortcuts (Tab, ?, abbreviations) to work quickly under exam time pressure.
• Verification Before Configuration: Use show commands like show running-config, show ip route, and show vlan brief to establish a network baseline and verify changes, a frequent requirement in exam troubleshooting questions.
• Configuration Commands Build the Network: You must be able to sequentially configure interfaces, VLANs, OSPF, and ACLs using the correct syntax and sub-configuration modes.
• Manage and Secure the Device: Always save configurations with copy run start, use debug commands judiciously, and understand how privilege levels control administrative access.
• Avoid Classic Traps: Remember to save configurations, apply ACLs in the correct direction, create VLANs before assigning ports, and always note your command mode to avoid syntax errors.