Skip to content

Basic Maintenance

Terminal window
ipconfig /all # Show all network adapter info (IP, MAC, DNS, DHCP)
arp -a # Display the ARP cache (IP-to-MAC mappings)
ping <destination> # Test connectivity to a host or IP address
ipconfig /release # Release current DHCP lease
ipconfig /renew # Request new IP address from DHCP server
ipconfig /flushdns # Clear DNS resolver cache
tracert <destination> # Trace the route packets take to destination
netstat -ano # Display active connections and listening ports
Terminal window
# show ip interface brief # Quick interface status overview
# show interfaces # Detailed interface statistics
# show interfaces status # Port status, VLAN, duplex, speed
Terminal window
# show ip route # Display routing table
# show ip protocols # Show routing protocol info
# show running-config | section router # Show routing protocol config
Terminal window
# show running-config # Current active configuration
# show startup-config # Saved configuration in NVRAM
# show version # IOS version, uptime, hardware info
Terminal window
# show mac address-table # Display MAC address table
# show vlan brief # VLAN summary
# show spanning-tree # STP information
Terminal window
# show cdp neighbors # Directly connected Cisco devices
# show cdp neighbors detail # Detailed neighbor information
# show arp # Display ARP table
# show logging # View system logs
Terminal window
(config)# hostname <name>
(config)# banner motd #<message>#

The banner message appears when users log in to the device.

Configure password protection and timeout for the console port:

Terminal window
(config)# line console 0
(config-line)# password <password>
(config-line)# login
(config-line)# logging synchronous
(config-line)# exec-timeout 5 0
  • logging synchronous: Prevents log messages from interrupting command input
  • exec-timeout 5 0: Logout after 5 minutes of inactivity
Terminal window
(config)# interface <type> <number>
(config-if)# ip address <IP> <mask>
(config-if)# description <text>
(config-if)# no shutdown

Example:

Terminal window
(config)# interface gigabitEthernet 0/0
(config-if)# ip address 192.168.1.1 255.255.255.0
(config-if)# description WAN Link to ISP
(config-if)# no shutdown

Configure a static route to a specific network:

Terminal window
(config)# ip route <dest_network> <mask> <next_hop_IP>

Configure a default route (gateway of last resort):

Terminal window
(config)# ip route 0.0.0.0 0.0.0.0 <gateway_IP>

Example:

Terminal window
(config)# ip route 10.0.0.0 255.255.255.0 192.168.1.254
(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1
Terminal window
(config)# vlan <vlan_number>
(config-vlan)# name <vlan_name>
(config-vlan)# exit

Example:

Terminal window
(config)# vlan 10
(config-vlan)# name SALES
(config-vlan)# exit

Access ports belong to a single VLAN and connect to end devices:

Terminal window
(config)# interface <interface>
(config-if)# switchport mode access
(config-if)# switchport access vlan <vlan_number>

Example:

Terminal window
(config)# interface fastEthernet 0/1
(config-if)# switchport mode access
(config-if)# switchport access vlan 10

Trunk ports carry traffic for multiple VLANs between switches:

Terminal window
(config)# interface <interface>
(config-if)# switchport mode trunk
(config-if)# switchport trunk allowed vlan <vlan_list>
(config-if)# switchport trunk native vlan <vlan_number>

Example:

Terminal window
(config)# interface gigabitEthernet 0/1
(config-if)# switchport mode trunk
(config-if)# switchport trunk allowed vlan 10,20,30
(config-if)# switchport trunk native vlan 99
Terminal window
enable
config terminal
(config)# hostname <hostname>
(config)# interface <interface_name>
(config-if)# ip address <IP> <subnet>
(config-if)# no shutdown
(config-if)# exit

Example:

Terminal window
(config)# hostname Router1
(config)# interface vlan 1
(config-if)# ip address 192.168.1.1 255.255.255.0
(config-if)# no shutdown
(config-if)# exit
Terminal window
(config)# username <username> secret <password>
(config)# enable secret <privileged_mode_password>
(config)# service password-encryption
  • username/secret: Creates local user accounts
  • enable secret: Password for privileged EXEC mode
  • service password-encryption: Encrypts passwords in the configuration file

SSH requires a domain name and RSA key pair:

Terminal window
(config)# ip domain-name cisco.com
(config)# crypto key generate rsa general-keys modulus 1024
(config)# ip ssh version 2
  • ip domain-name: Required for RSA key generation
  • modulus 1024: Key size (use 2048 for better security)
  • ip ssh version 2: Enforces SSHv2 (more secure than v1)
Terminal window
(config)# line con 0
(config-line)# login local
(config-line)# logging synchronous
(config-line)# exit
  • login local: Uses the local username/password database
Terminal window
(config)# line vty 0 4
(config-line)# login local
(config-line)# transport input ssh
(config-line)# logging synchronous
(config-line)# login block-for 30 attempts 2 within 120
(config-line)# exit
  • line vty 0 4: Configures 5 simultaneous SSH sessions (0-4)
  • transport input ssh: Blocks Telnet, allows only SSH
  • login block-for: Blocks login for 30 seconds after 2 failed attempts within 120 seconds
Terminal window
(config)# exit
# copy running-config startup-config
Terminal window
# erase startup-config

The device will prompt: "Erase of nvram: complete"

Reboot to start with a blank configuration:

Terminal window
# reload

The device will prompt: "Proceed with reload? [confirm]"

Terminal window
# copy tftp: flash:

You will be prompted for:

  • TFTP server IP address
  • Source filename (on the TFTP server)
  • Destination filename (on the device flash)
Terminal window
# dir flash:
# show flash:
Terminal window
# boot system flash:/<filename>
# copy running-config startup-config

Example:

/c2900-universalk9-mz.SPA.151-4.M4.bin
# copy running-config startup-config
Terminal window
Router> enable
Router# show version

Note the Configuration Register value (usually 0x2102)

  1. Power cycle the router
  2. Press Ctrl+Break or Ctrl+C within 60 seconds
  3. This drops you into ROM Monitor Mode (ROMMON)

Modify the register to ignore the startup configuration:

Terminal window
rommon 1 > confreg 0x2142
Terminal window
rommon 2 > reset

The router boots without loading the previous configuration.

Terminal window
Router> enable
Router# configure terminal

Set the configuration register back to normal:

Terminal window
Router(config)# config-register 0x2102
Router(config)# exit

Load the old configuration (includes interfaces, ACLs, etc.):

Terminal window
Router# copy startup-config running-config
Terminal window
Router# configure terminal
Router(config)# enable secret <NEW_SECURE_PASSWORD>
Router(config)# username <USER> secret <NEW_USER_PASSWORD>
Terminal window
Router(config)# end
Router# copy running-config startup-config
Router# reload
  1. Power cycle the switch
  2. Immediately hold down the MODE button
  3. Release the MODE button after the System LED stops flashing amber
Terminal window
switch: flash_init

Delete the startup configuration:

Terminal window
switch: del flash:config.text

Delete the VLAN database (ensures full factory reset):

Terminal window
switch: del flash:vlan.dat
Terminal window
switch: boot

The switch will boot without saved configuration and enter the setup dialogue.

Save the current running configuration to NVRAM:

Terminal window
# copy running-config startup-config

Backup configuration to a TFTP server:

Terminal window
# copy running-config tftp:
# copy startup-config tftp:

You will be prompted for:

  • TFTP server IP address
  • Destination filename

Load configuration from TFTP to running memory:

Terminal window
# copy tftp: running-config

Restore configuration to NVRAM:

Terminal window
# copy tftp: startup-config

Compare running configuration vs startup configuration:

Terminal window
# show archive config differences

For logging, it is recommended to run terminal length 0 in Privileged EXEC mode (#). This disables screen pausing features, making it easy to copy large outputs quickly.

Terminal window
# terminal length 0
  1. Go to Session in PuTTY
  2. Click Logging
  3. Select Log all Session output
  4. Select Browse and choose a location and name the file appropriately (e.g., config.txt)
  5. Connect PuTTY Session
  6. Run relevant commands

The community string acts as a password for SNMP access:

Terminal window
# snmp-server community <name> <ro/rw>
  • RO (Read Only): SNMP manager can only read device information
  • RW (Read Write): SNMP manager can read and modify device configuration

Example:

Terminal window
# snmp-server community PUBLIC ro
# snmp-server community PRIVATE rw

Point the device to send SNMP traps (alerts) to a management station:

Terminal window
# snmp-server host <host_ip> version <1,2c,3> <community_string>

The community string for traps must match on both the device and the SNMP manager.

Example:

Terminal window
# snmp-server host 192.168.1.100 version 2c TRAPCOMM

Enable all SNMP trap notifications (SNMPv2c):

Terminal window
# snmp-server enable traps

To enable only specific trap types (such as link up/down events):

Terminal window
# snmp-server enable traps <trap-type> <community_string>

Common trap types:

  • link: Interface up/down events
  • config: Configuration changes
  • snmp: SNMP-specific traps
  • cpu: CPU threshold violations

Example:

Terminal window
# snmp-server enable traps link TRAPCOMM
Terminal window
# snmp-server community PUBLIC ro
# snmp-server community PRIVATE rw
# snmp-server host 192.168.1.100 version 2c TRAPCOMM
# snmp-server enable traps

Point the device to synchronize with an NTP server:

Terminal window
(config)# ntp server <server_IP>

Example:

Terminal window
(config)# ntp server 129.6.15.28
(config)# ntp server 132.163.96.1
Terminal window
(config)# ntp authenticate
(config)# ntp authentication-key <1-4294967295> md5 <password>
(config)# ntp trusted-key <key_number>

Example:

Terminal window
(config)# ntp authenticate
(config)# ntp authentication-key 1 md5 MySecretKey
(config)# ntp trusted-key 1
(config)# ntp server 192.168.1.1 key 1

Make the device an authoritative time source:

Terminal window
(config)# ntp master <stratum>

Example:

Terminal window
(config)# ntp master 3

Check NTP synchronization status:

Terminal window
# show ntp status

View NTP peer relationships:

Terminal window
# show ntp associations

NTP Packet Tracer Setup