The CCENT is the new entry-level Cisco certification and acts as a prerequisite for every other Cisco certification path. Since it’s meant to be an introductory certification, it doesn’t go into much depth about administering IOS devices, but remembering every command can be quite a challenge anyway, especially if it’s the first time you are dealing with the configuration of Cisco devices.
This post wants to be the first one in a series of IOS short command references for those preparing for the CCENT certification. I will include the most useful IOS commands you are likely to need when working on your virtual/physical lab, together with some short “recipes” of configurations you must know in order to achieve a decent level of familiarity with Cisco IOS.
The idea is that remembering the commands alone is not enough: you need to be able to use them in the right places and in the right order. So for example, remembering how to enable trunking on an interface will be pretty much useless in itself, if you forget to use it when you are configuring VLANs.
Disclaimer: this series is not meant to be a replacement for your own testing or for the recommended documentation and training material. It just aims at offering a quick reference for some of the most important tasks you might have to engage with when preparing for the exam. For a comprehensive list of commands and related explanations, please use the official Cisco documentation.
This first post will focus on commands that can be used to configure both switches and routers. It will include commands necessary to perform the first very basic device configuration, together with those commands that you will use at any level during your troubleshooting and debugging activities.
Change the hostname
enable configure terminal hostname $hostname
Save the current device configuration
By default, the current device configuration is only saved in RAM. This means that if you reboot the device, every change you have applied starting from the default configuration will be lost, unless you remembered to save it on non-volatile memory with this command:
copy running-config startup-config
Disable automatic name lookup
By default, IOS devices have a very, very annoying behaviour: every command you enter that is not recognized as an IOS command is treated as a hostname. This means that if, for example, you enter the word
configur instead of
configure, IOS will try to resolve the hostname
configur, obviously timing out. To get rid of this annoying behaviour, run this command:
configure terminal no ip domain-lookup
Configure a password for enable mode
By default, no password is necessary to enter privileged mode. It goes without saying that this should be one of the first things you change on your IOS device.
configure terminal enable secret $secret
Securing the device with local username and password authentication
The following commands should be run for each connection method you are planning to secure (console and vty). Therefore, all of these command groups should follow either a
line console 0 or
line vty 0 15 command.
# Authentication with simple passwords # There is only one password for every user login secret $secret # With username and password, using the local user database enable configure terminal username $username secret $secret line console 0 login local
Note that the username and password combinations must be entered in global configuration mode rather than in interface configuration mode.
line vty 0 15 login local exit username $username secret $secret ip domain-name example.com crypto key generate rsa ip ssh version 2
To check the current SSH configuration:
show ip ssh
For security reasons you should also disable Telnet and only connect remotely using SSH:
line vty 0 15 transport input ssh