The CCENT is the new entry-level Cisco certification and acts as a prerequisite for every other Cisco certification path. Since it’s meant to be an introductory certification, it doesn’t go into much depth about administering IOS devices, but remembering every command can be quite a challenge anyway, especially if it’s the first time you are dealing with the configuration of Cisco devices.

This post wants to be the first one in a series of IOS short command references for those preparing for the CCENT certification. I will include the most useful IOS commands you are likely to need when working on your virtual/physical lab, together with some short “recipes” of configurations you must know in order to achieve a decent level of familiarity with Cisco IOS.

The idea is that remembering the commands alone is not enough: you need to be able to use them in the right places and in the right order. So for example, remembering how to enable trunking on an interface will be pretty much useless in itself, if you forget to use it when you are configuring VLANs.


Disclaimer: this series is not meant to be a replacement for your own testing or for the recommended documentation and training material. It just aims at offering a quick reference for some of the most important tasks you might have to engage with when preparing for the exam. For a comprehensive list of commands and related explanations, please use the official Cisco documentation.


This first post will focus on commands that can be used to configure both switches and routers. It will include commands necessary to perform the first very basic device configuration, together with those commands that you will use at any level during your troubleshooting and debugging activities.

Change the hostname

configure terminal
hostname $hostname

Save the current device configuration

By default, the current device configuration is only saved in RAM. This means that if you reboot the device, every change you have applied starting from the default configuration will be lost, unless you remembered to save it on non-volatile memory with this command:

copy running-config startup-config

Disable automatic name lookup

By default, IOS devices have a very, very annoying behaviour: every command you enter that is not recognized as an IOS command is treated as a hostname. This means that if, for example, you enter the word configur instead of configure, IOS will try to resolve the hostname configur, obviously timing out. To get rid of this annoying behaviour, run this command:

configure terminal
no ip domain-lookup

Configure a password for enable mode

By default, no password is necessary to enter privileged mode. It goes without saying that this should be one of the first things you change on your IOS device.

configure terminal
enable secret $secret

Securing the device with local username and password authentication

The following commands should be run for each connection method you are planning to secure (console and vty). Therefore, all of these command groups should follow either a line console 0 or line vty 0 15 command.

# Authentication with simple passwords
# There is only one password for every user
secret $secret

# With username and password, using the local user database
configure terminal
username $username secret $secret
line console 0
login local

Note that the username and password combinations must be entered in global configuration mode rather than in interface configuration mode.

Configure SSH

line vty 0 15
login local
username $username secret $secret
ip domain-name
crypto key generate rsa
ip ssh version 2

To check the current SSH configuration:

show ip ssh

Disable Telnet

For security reasons you should also disable Telnet and only connect remotely using SSH:

line vty 0 15
transport input ssh