CCNA Exam Cost

Cisco Certified Network Associate (CCNA)

Certification summary:
CCNA validates the ability to install, configure, operate, and troubleshoot medium-size route and switched networks, including implementation and verification of connections to remote sites in a WAN. CCNA curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs).

Initial requirements:
You must pass the CCNA exam ($250) or pass both the Interconnecting Cisco Networking Devices Part 1 exam ($125) and the Interconnecting Cisco Networking Devices Part 2 exam ($125). Training is available but not required.

CCNA Exam Cost
We get a lot of emails asking how much it costs to sit the CCNA exam. To find out how much the Cisco CCNA exam will cost in your country you can look at the Cisco price list on the Pearson VUE website. Find your country in the list and look for the correct CCNA exam code, currently 640-802.

How To Reset Your Router’s Password

You would want to connect a PC to the console port.   Power cycle the router, break the boot sequence, and modify the configuration register.

Here is a video tutorial to walk you through it:

 How To Reset Your Routers Password

Here is the link for the password recovery process from Cisco:

Select the model you are doing password recovery for, and it will give the exact steps.

Password recovery is an important skill for the real world.

No Confusion With IP NAT Terms: Inside Outside Local Global

When you are trying to figure out the name for an IP address, Inside Local / Inside Global / Outside Local / Outside Global. Just keep this in mind:

1. Local or Global refers to the current location of the packet.
2. Inside or Outside refers to the location of the device.

Refer to the diagram below:

 No Confusion With IP NAT Terms: Inside Outside Local Global
For any packet that is transmitted between pc0 and pc1:

when it is being transimitted on the local network, it has ip addresses 1: and 2:
(Imagine you are looking at the packet which is being transmitted on the cable between pc0 and the router, you can see these 2 ip addresses in the packet)

when it is being transimitted on the global network, it has ip addresses 3: and 4:
(Imagine you are looking at the packet which is being transmitted on the cable between pc1 and the router, you can see these 2 ip addresses in the packet)

Now , let’s give these ip addresses names:

For ip 1:
what is the location of packet ? Local
what is the location of device ? device is pc0, location is Inside
so it is Inside Local
Interpret like this: Inside device’s Locally viewed address

For ip 2:
what is the location of packet ? Local
what is the location of device ? device is pc1, location is Outside
so it is Outside Local
Interpret like this: Outside device’s Locally viewed address

For ip 3:
what is the location of packet ? global
what is the location of device ? device is pc0 (not the router, because this address stands for pc0), location is Inside
so it is Inside Global
Interpret like this: Inside device’s Globally viewed address

For ip 4:
what is the location of packet ? global
what is the location of device ? device is pc1, location is Outside
so it is Outside Global
Interpret like this: Outside device’s Globally viewed address

You can verify the above theory with the output below:

 No Confusion With IP NAT Terms: Inside Outside Local Global

By David Rupu Xiao CCIE #24177

Cisco Discovery Protocol (CDP)

The Cisco Discovery Protocol (CDP) is a media- and network protocol independent layer 2 protocol that is used to discover information about neighboring network devices. Because CDP operates at the Data Link layer, it doesn’t need a network layer protocol, such as IP or IPX, to transfer information. CDP devices send out periodic advertisements to the MAC multicast address 0100.0ccc.cccc, every 60 seconds by default. The holdtime is 180 seconds by default, when exceeded without receiving advertisements the CDP entry is removed from the CDP table.

CDP runs on all Cisco equipment including routers, switches, bridges and access servers. It gathers information about neighboring devices such as the type of device, software version, and network layer addresses, if configured. This information is stored in a table in the device’s RAM.

CDP is enabled by default, use the following command in global configuration mode to disable CDP for the entire router:
Router(config)# no cdp run

To see if CDP is enabled for the router, and display the current CDP timers, use the following command:
Router> show cdp

To disable CDP on a particular interface, use the following command in interface configuration mode:
Router(config-if)# no cdp enable

One of the most important commands regarding CDP is the show cdp neighbors command. It displays the following information:

* type of device that is discovered
* name of the device
* number and type of the local interface (port)
* number of seconds the CDP advertisement is valid for the port
* device type
* device product number
* port ID

Router02> show cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge S – Switch, H – Host, I – IGMP, r – Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
Router01 Ser 0 154 R 2500 Ser 0

When the detail option is added to the command, it will display the following additional information per discovered device:

* Network layer addresses (IP, IPX, AppleTalk, etc.)
* IOS version

Router02> show cdp neighbors detail
Device ID: Router01
Entry address(es):
IP address:
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 126 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-D-L), Version 12.0(9), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 20-Oct-2003 07:29 by jhiemstra

Besides using the built-in IOS commands to display the information gathered by CDP, CDP can also be used in combination with SNMP and a Network Management Station to gather and store information.

The following commands are most probably not part of the CCNA exam(s) but are included for completeness.

Router> show cdp entry [* | ID]
Displays all entries or a specific entry of the CDP table. The show cdp entry * results in the same output as the show cdp neighbors detail command. Specify the Device ID to display a specific entry. Mind that the Device ID is case sensitive.

The show cdp interface command displays the interfaces for which CDP is enabled including the encapsulation type and CDP timers.

The following command displays the CDP counters regarding CDP packets sent and received as well as error statistics:
Router02> show cdp traffic
CDP counters :
Packets output: 48, Input: 36
Hdr syntax: 0, Chksum error: 0, Encaps failed: 6
No memory: 0, Invalid packet: 0, Fragmented: 0

The default update timer of 60 seconds can be changed using the cdp timer command in global configuration mode. For example, the following commands will configure the router to send CDP advertisements every 90 seconds:
Router(config)# cdp timer 90

The default holdtime of 180 seconds can be changed using the cdp holdtime command in global configuration mode:
Router(config)# cdp holdtime 270

To disable CDP globally on a Catalyst 1900 switch (not relevant for CCNA), use the following command:
Console> (enable) set cdp disable

Alternatively, CDP can be disabled on a particular interface. In the following example CDP is disabled for the port 12 on a module 1:
Console> (enable) set cdp disable 1/12

Author: Johan Hiemstra

Basic Cisco Router Configuration and Management


Random-Access Memory similar to the function as RAM in PCs. This is where the IOS runs its processes. It also contains the running configuration, routing and other tables as well as packet buffers.

This Read-Only Memory stores a older ‘lite’ IOS used to boot the router for the very first time, or when the Flash memory is erased or corrupted.

This piece of ‘flash-able’ memory stores the IOS image, the operating system of the router.

In contradiction to normal RAM, Non-Volatile Random-Access Memory is a special type of memory that doesn’t lose its content when the router’s power is turned off. It stores the startup configuration and the configuration register.

Config register
The NVRAM has a special location that contains the 16-bit configuration register. Every time the router boots it reads this value. The config-register value is a hexadecimal value ranging from from 0x0000 to 0xFFFF and can be set byusing the config-register command. The most important portion of the configuration register to understand for the exam is the boot field (bit 0 through 3, hexadecimal range 0x0000-0x000F). The boot field value is used to specify from which location the IOS image should be loaded or bypassed even during startup.

  • Boot field Meaning
  • 0x0 The router will enter ROM monitor mode and remain at the system bootstrap prompt.
  • 0x1 The IOS image stored in ROM will be loaded.
  • 0x2-0xF The router will boot as normal and load the default IOS image stored in Flash and enables boot system commands.

The remaining 12 bits of the configuration register are used for various functions such as enabling/disabling the Break function, setting the Console line speed, bypassing NVRAM, and controlling the broadcast address. To change the configuration register you have to enter be in global configuration mode. Use the command configure terminal often abbreviated to conf t in privileged EXEC mode to enter global config mode. You can enter privileged EXEC mode using the enable command. When you enter the correct password the prompt will change to Router# (where “Router” is the hostname of the router).

Once you are in global config mode use the following command to change configuration register value:
Router(config)#config-register 0x2102
where 0x2102 is an example of a config-register value.

You can view the current configuration setting by using the Router#show version command. The last line of the output will display the current value and if it is different, the value after reboot:
Configuration register is 0x2142 (will be 0x2102 at next reload)

Router start-up sequence

A router boots similar to a regular computer as it first performs a power on self test (POST) for the hardware, next loads bootstrap code from ROM, loads the IOS image from Flash into RAM, performs a hardware inventory, and finally the router locates and loads a configuration file. You can reboot a router by using the power switch or the reload command.

Initial router configuration

As mentioned earlier, the router configuration is stored in NVRAM. This is the place where the router will search for a configuration file. Alternatively, you can configure the router to load a configuration file from a TFTP server. If the router cannot locate a configuration file (on a new router for example) it will start setup and it will ask if you want to enter the initial configuration dialog. If you answer with No, you’ll be taken to the command prompt and you’ll be able to configure the router manually. If you answer with Yes, you’ll be taken through a list of questions allowing you to configure the router e.g. set a hostname and enable password and secret, configure routed and routing protocols, and assign addresses to interfaces. You can initiate this configuration dialog at any time by using the setup command.

Manage configuration files

A Cisco router contains two configurations: the startup configuration (usually stored in NVRAM) and the running configuration (stored in RAM). When you makes changes to the router configuration by entering global configuration mode by using the config terminal command, the changes are made to the running configuration.

To copy the currently running active configuration to NVRAM, i.o.w. to save a changed running configuration to the startup configuration so it will be used the next time you reload the router, use the following command:
Router#copy running-config startup-config

The following command loads the startup configuration stored in NVRAM into RAM and makes it the active running configuration.
Router#copy startup-config running-config

You can also copy the running configuration to a TFTP server using the following command:
Router#copy running-config tftp
This can be done with the startup configuration as well:
Router#copy startup-config tftp

You can view the running configuration using the command:
Router#show running-config
And view the startup config using the command:
Router#show startup-config

You can use the erase command to delete the content of NVRAM:
Router#erase startup-config

Load, backup, and upgrade IOS

Instead of using the IOS stored in flash, you can load it from a TFTP server, or you can load the limited IOS from ROM. This can be configured in the configuration file using the following commands in global configuration mode:

To load Cisco IOS software from Flash memory use the following command:
Router(Config)#boot system flash
Although this is default behavior, using this command can be useful especially when you have multiple IOS images stored in FLASH. If you do not specify a filename, the first locatedimage will be loaded.

To load Cisco IOS software from a TFTP server use the following command:
Router(Config)#boot system tftp

To load Cisco IOS software from ROM use the following command:
Router(Config)#boot system rom
Note that this will load the limited IOS version and will likely prevent normal operation.

You can use a combination of these commands to provide some redundancy. You can even specify multiple TFTP servers. Make sure you place them in the correct order, flash first, tftp as backup, and rom as last resort. The configuration register’s boot field must be set to 0x2 through 0xF, in order for the router to check the configuration file in NVRAM for boot system commands.

To backup the IOS stored in Flash to an TFTP server use the following command:
Router#copy flash tftp c2600-js-l_121-5.bin

To upgrade the IOS stored in Flash use the following command:
Router#copy tftp flash

You will be prompted for an IP address of the TFTP server (defaults to the broadcast address and a filename.

To delete the content stored in Flash use the command:
Router#erase flash

There are multiple ways to establish connectivity to a router to perform configuration tasks:

- Console port
Cisco routers are equipped with a Console port, which is an RJ-45 port on most routers but on some high-end routers it’s a DB-25 connector. You can connect a terminal (a notebook or a PC for example) to the console port using a RJ-45 roll-over cable with RJ-45, DB-9, or DB-25 connectors on the ends. A common example is a cable with a RJ-45 connector connecting to the router’s console port and a DB-9 connector on the other end connecting to the PC’s COM port. When you connect a PC to the router’s console port you can use a terminal emulator to configure the router. When you start a session the following should appear:

Router con0 is now available.
Press RETURN to get started

- Auxilary port
Many Cisco routers are also equipped with an Auxilary port, which can be used to connect a modem and allow for remote adminstration of the router.

Managing a router using the ports mentioned above is called out-of-band management.
For more information about how to physically connect to the Console and Auxilary port check the Cabling Guide for Console and AUX Ports and Configuring a Modem on the AUX Port for EXEC Dialin Connectivity at

- Telnet
Once your router is configured with an IP address, a Telnet connection is the most common way to connect to a router to manually configure and monitor it. Cisco IOS, the router’s operating system, has a build-in Telnet server and a Telnet client. This allows you to connect to a router using a telnet client from a PC but from another Cisco router as well. This type of connection using the same network the router operates in is also known as in-band management. Telnet sends username and password credentials in clear text and should be replaced with SSH connections if supported.


User EXEC mode

This is the mode you enter once you are connected, and if required, logged on to the router. In this mode you can perform non-disruptive troubleshooting, for example, view the routing table and status of components. You can NOT view or modify the configuration in User EXEC mode.

When you connect to the router and press the key (Press RETURN to get started) you’ll be prompted for a password:

User Access Verification

When you enter the correct console, telnet or AUX password password (depending on how you connect to the router) and press the User EXEC mode command prompt will appear.


“Router” is the default hostname for all Cisco routers. The > indicates you are in User EXEC mode.

To exit User EXEC mode and quit the session with the command-line executive use one of the following commands:

Privileged EXEC mode

This is similar to logging on as an adminstrator in Windows 2000 for example. When you are in this mode, you can view and modify the configuration.


After submitting the correct enable password (or enable secret, which we’ll discuss later on) and pressing the key the command prompt will change again:


The # indicates you are in Privileged EXEC mode.

To exit Privileged EXEC mode and return to User EXEC mode use the following command:

To exit Privileged EXEC mode and quit the session with the router, use one of the following commands:

Global Configuration mode

To actually change the running configuration, you’ll have to enter global configuration mode by using the command configure terminal (to configure the running configuration), or the command configure memory (to configure the startup config) in Privileged EXEC mode. Global configuration mode allows you to configure settings that affect the entire router, hence its name ‘global’. To show you how this works we are going to change the hostname of the router as an example:

Router#configure terminal (usually abbreviated to conf t)
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Rnewyork1

As you can see the change immediately takes effect by looking at the prompt, which now reflects the new name.

To exit global configuration mode and return to User EXEC mode use one of the following commands:
Or use the key combination CTRL-Z

You can use the following command to save the configuration to NVRAM so it will be used next time the router starts:
Rnewyork1#copy running-config startup

Interface Configuration mode

You need to enter interface configuration mode when you want to configure settings specific to an interface, such as assigning an IP address. To enter interface configuration mode you must use the interface command and provide the name and number of an existing interface. Following are some examples:

Router(config)#interface ethernet 0

Router(config)#interface serial 2

As you can see in the first example, the first possible interface is 0, the second Ethernet interface on a router would be Ethernet 1, also noticable is the change in the prompt.
These commands are usually abbreviated, for example to int e1 or int s0

To exit interface configuration mode and return to global configuration mode, enter the following command:

To exit interface configuration mode and return to Privileged EXEC mode, use the key combination CTRL-Z

Other configuration modes include:
Sub-interface configuration mode Router(config-subif)
Router configuration mode Router(config-router)
Line configuration mode Router(config-line)


This section decribes the four main passwords that are directly related to managing and configuring the router.

Console password
Use the following commands to configure the console password. The first command is used to enter Line configuration mode. The second configures the password “cisco123″, and the third command configures the console line to require a login.

Router(config)#line con 0
Router(config-line)#password cisco123

Telnet password
Use the following commands to configure a password for Telnet access:

Router(config)#line vty 0 4
Router(config-line)#password cisco123

Auxilary password
Use the following commands to configure the auxilary port password:

Router(config)#line aux 1
Router(config-line)#password cisco123

Enable password and enable secret

The enable password and enable secret are local passwords used to control access to Privileged EXEC mode. The difference between these two is that the enable password is stored in clear-text in the configuration file, and the enable secret is encrypted using irreversible MD5 encryption.
For example, in the configuration file an enable password could be:
enable password cisco123
and and enable secret could be:
enable secret 5 $1$iSuI$i7TiENAn69392tYvh5wwZ1

The enable secret password overrides the regular enable password, except when and old IOS image is used that doesn’t support the encrypted enable secret.

To configure an enable password, go to global config mode and issue the following command:
Router(config)#enable password cisco123
where cisco123 is just an example for a password.

To configure an enable secret, go to global config mode and issue the following command:
Router(config)#enable secret cisco456
where cisco456 is just an example for a password.

If you do not set an enable password or enable secret, you don’t have to enter a password when you type the enable command, but you will end up having problems connecting to the router using telnet for example, you won’t be able to enter Privileged EXEC mode.

By default all password except the enable secret are stored as clear-text in the configuration file. When you have backups on TFTP servers or floppy disks even, this might be an important issue. This can be solved using the following command to provide some encryption the passwords:
Router(config)#service password-encryption
The irreversible MD5 encryption used to encrypt the enable secret is much stronger than the rather simple encryption used by the service password-encryption, which can be decrypted by publicly available tools.

Context-sensitive help facility

An IOS feature that helps with using the correct command syntax. For example, when you type a command but you do not know the full syntax, you can type a ? behind it and a list with possible options (in that particular mode) will appear:

Router#show ?
access-expression List access expression
access-lists List access lists
accounting Accounting data for active sessions
aliases Display alias commands
appletalk AppleTalk information
arap Show Appletalk Remote Access statistics
arp ARP table
async Information on terminal lines used as router interfaces
backup Backup status
bridge Bridge Forwarding/Filtering Database [verbose]
buffers Buffer pool statistics
cdp CDP information
clock Display the system clock
compress Show compression statistics
configuration Contents of Non-Volatile memory
controllers Interface controller status
debugging State of each debugging option
decnet DECnet information
dhcp Dynamic Host Configuration Protocol status
dialer Dialer parameters and statistics
dnsix Shows Dnsix/DMDP information
dxi atm-dxi information
entry Queued terminal entries

You don’t need to press the key after the ?, and when the end of the list is reached the command will be after the prompt again without the ? so you can continue typing the correct option. (When a list like this does not fit in the maximum allowed lines, –More– will be displayed on the last line, press the key to scroll down per line or the to scroll down to the next screen.)

When you type a single ? or just the command help a list with all possible commands will be displayed.

Command history and editing features

This refers to another set of useful features which are meant to make working with the command line interface a little bit more convinient.

By default the 10 previously issued commands are remembered. These commands can be retrieved to use them again by pressing CTRL-P or the up arrow key. You can modify the command- lines history buffer size using the following command:
Router#terminal history size 25
This will set the amount to 25.

You can view the history using the following command:
Router#show history

Some other useful key combinations:
CTRL-P (or UP arrow key) Displays the previous command in the history buffer.
CTRL-N (or DOWN arrow key) Displays the next command in the history buffer.
CTRL-A Jumps to the beginning of the command line.
CTRL-E Jumps to the end of the command line.
CTRL-B (or LEFT arrow key) Moves the cursor back one character.
CTRL-F (or RIGHT arrow key) Moves the cursor forward one character.
Ctrl-W Deletes the last word typed.

The arrow keys function only on ANSI-compatible terminals such as VT100s. You can configure your terminal emulator to use VT100 emulation.

Another useful feature to assist with the command syntax is auto-complete. For example, when you type a command partly but you don’t know how to spell a particular option, you can let IOS complete it by pressing the TAB key:

Router#show cdp nei<TAB>
Router#show cdp neighbors

This only works when the given part is enough to determine a single particular option. For example, the command Router#show access does not result in because it could be Router#show access-expressionRouter#show access-lists as well.

These enhanced editing features are enabled by default. If you wish to disable them, use the following command:
Router(config)#no terminal editing

Author: Johan Hiemstra

8 Great Ways to Prepare for the Cisco CCNA 640-802

With so many different textbooks, study guides, cram sheets, and other exam prep material out there, many CCNA candidates become fixated on only one or two study methods. While there are comprehensive, one-stop study tools available, the best prepared candidates will look to use multiple forms of media and practice to ace the 640-802 examination. Here’s a look at some of the ways you can prepare for the CCNA 640-802 exam:

  1. CCNA 640-802 Simulators: Hands-on training and practice are great ways to prepare for the 640-802 Cisco CCNA exam, but Cisco routers and other equipment are expensive and usually out of budget for most candidates. Simulation products allow candidates to practice working with Cisco equipment by simulating only the components of IOS that appear on the examination. Plus, simulators are way cheaper (typically in the $30 – $60 range) and have been proven as an effective means to study for the CCNA.
  2. Practice Tests: You wouldn’t jump into the deep end of the pool without making sure you can swim in the shallow end, so why risk taking the 640-802 before taking a few practice tests? Take a look at SemSim CCNA exam simulation software or search for the many other practice tests available on the Internet and avoid the risk of cold feet on exam day.
  3. Flashcards: This isn’t grade school, but it sure seems close – still, old-fashioned flashcards or similar memory tools will help you retain the key facts and details on the exam. Handwritten flashcards are great for studying on the go or with a small block of free time. Flashcards are also freely available online and can prove to be an extremely efficient way of quick study on your PC. Either way, this old-school method of study can provide great results.
  4. DIY: The best study guides are often the ones you create on your own. When you write your own study guide, you can focus on the points that are unclear or difficult for you while skimming over information that you already know very well. Of course, writing your own guide is not the only way you should be preparing for the 640-802, but combined with traditional study methods, doing it yourself can be highly rewarding.
  5. Cisco CCNA 640-802 Exam Objectives: The exam objectives are by no means detailed, but they are comprehensive. The nice thing about studying for the exam based on the objectives is that you know that you are covering exactly what is on the test – nothing more, and nothing less. The downside, of course, is that you will have to find the information on your own. Try this in conjunction with writing your own guide and you’ll have a winner.
  6. Forums: Message boards and other online communities will often have valuable, insider tips on the exam that you really can’t find anywhere else. More importantly, they give you a chance to access and communicate with other test takers who may have valuable experience to share.
  7. Back to the Basics: This means reading up on networking basics and even reviewing study materials for other, easier networking exams such as the CompTIA Network+ examination. It’s the opposite of studying exam objectives but reviewing networking fundamentals can really help you on all facets of the 640-802 as it is a networking exam. So, go ahead and review your TCP/IP, NAT, DHCP, and your other favorite networking initials.
  8. Study Guides: We know how valuable study guides are, so why list them last? The truth is that while study guides can be great ways to learn all of the facts you need for the exam, they range widely in depth and comprehensiveness. In other words, one size does not fit all. We recommend that you use at least one study guide in your preparation for the CCNA 640-802, but please make sure you take a look at the other seven options above along with practice from an effective study guide.

Suggested Books And Equipment For CCNA

In order to help more easily answer the questions members most often have regarding Equipment and books for CCNA study, I thought I would start a consolidated thread here of what people who have taken and passed the CCNA recommend…to begin with, I’ll start by summarizing what I think works well and I encourage others to share any differing opinions or experiences.

Cisco Press Exam Guides by Wendell Odom – If I could only buy one set of books to study for CCNA with, this would be they.
Sybex Book by Todd Lammle – A very good second source for study with some good real life tidbits.

Here I must defer to the great Wendell Odom himself and the awesome posts he make on regarding lab configurations for CCNA. He even lists different price ranges –
As far as actually buying the hardware, I think most of us have used either ebay, , or some combination.

This seems to be a rather controversial topic for some. I personally recommend them for people who do not plan on continuing past the CCNA or aren’t sure since they tend to turn out cheaper than buying a whole lab and do give you hand’s on time with the IOS. However, they are not a full replacement for practice with real hardware and most students planning on going on to CCNP and beyond will actually save money in the long run since they can use most of the equipment they buy for CCNA down the road. If you do go the sim route, I would have to say there are 2 options that I have tried and really liked.

Boson Netsim – This is not as full-featured as the real thing, but does include some good labs
Dynamips/GNS3 – This is a sim that uses the actual IOS images…the downside is that it only works to emulate routers and it probably is best for those with some previous Cisco experience. The upside is that it is free.

There are too many helpful ones to make a full list here and most are in webschool if you do a search for CCNA. Worth mentioning, though, is that the Cisco website itself has a pretty good study area complete with games.

I hope this helps those headed for their CCNA…it really is a very rewarding certification to go for and can really get your resume more attention. Good luck and be sure to share your experiences with different study materials as well!



· Config# ip address

· Config# ip default-gateway


· Config# interface Ethernet 0/5 – “fastethernet” for 100 Mbps ports

· Config-if# duplex full – also, half | auto | full-flow-control


· Config# switching-mode store-and-forward – also, fragment-free


· Config# mac-address-table permanent aaab.000f.ffef e0/2 – only this mac will work on this port

· Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security

· Config-if# port secure max-mac-count 5 – allows only 5 mac addresses mapped to this port


· Config# vlan 10 name FINANCE

· Config# interface Ethernet 0/3

· Config-if# vlan-membership static 10


· Config-if# trunk on – also, off | auto | desirable | nonegotiate

· Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port


· Config# delete vtp – should be done prior to adding to a network

· Config# vtp server – the default is server, also client and transparent

· Config# vtp domain Camp – name doesn’t matter, just so all switches use the same

· Config# vtp password 1234 – limited security

· Config# vtp pruning enable – limits vtp broadcasts to only switches affected

· Config# vtp pruning disable


· Config# copy tftp:// opcode – “opcode” for ios upgrade, “nvram” for startup config


· Config# delete nvram

Cisco IOS Cheat Sheet – SHOW COMMANDS

· Show access-lists – all access lists on the router

· Show cdp – cdp timer and holdtime frequency

· Show cdp entry * – same as next

· Show cdp neighbors detail – details of neighbor with ip add and ios version

· Show cdp neighbors – id, local interface, holdtime, capability, platform portid

· Show cdp interface – int’s running cdp and their encapsulation

· Show cdp traffic – cdp packets sent and received

· Show controllers serial 0 – DTE or DCE status

· Show dialer – number of times dialer string has been reached, other stats

· Show flash – files in flash

· Show frame-relay lmi – lmi stats

· Show frame-relay map – static and dynamic maps for PVC’s

· Show frame-relay pvc – pvc’s and dlci’s

· Show history – commands entered

· Show hosts – contents of host table

· Show int f0/26 – stats of f0/26

· Show interface Ethernet 0 – show stats of Ethernet 0

· Show ip – ip config of switch

· Show ip access-lists – ip access-lists on switch

· Show ip interface – ip config of interface

· Show ip protocols – routing protocols and timers

· Show ip route – Displays IP routing table

· Show ipx access-lists – same, only ipx

· Show ipx interfaces – RIP and SAP info being sent and received, IPX addresses

· Show ipx route – ipx routes in the table

· Show ipx servers – SAP table

· Show ipx traffic – RIP and SAP info

· Show isdn active – number with active status

· Show isdn status – shows if SPIDs are valid, if connected

· Show mac-address-table – contents of the dynamic table

· Show protocols – routed protocols and net_addresses of interfaces

· Show running-config – dram config file

· Show sessions – connections via telnet to remote device

· Show startup-config – nvram config file

· Show terminal – shows history size

· Show trunk a/b – trunk stat of port 26/27

· Show version – ios info, uptime, address of switch

· Show vlan – all configured vlan’s

· Show vlan-membership – vlan assignments

· Show vtp – vtp configs



· Config# terminal editing – allows for enhanced editing commands

· Config# terminal monitor – shows output on telnet session

· Config# terminal ip netmask-format hexadecimal|bit-count|decimal – changes the format of subnet masks


· Config# hostname ROUTER_NAME


· Config# banner motd # TYPE MESSAGE HERE # – # can be substituted for any character, must start and finish the message


· Config# description THIS IS THE SOUTH ROUTER – can be entered at the Config-if level


· Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy – Example: clock set 14:35:00 25 August 2003


· Config# config-register 0x2100 – ROM Monitor Mode

· Config# config-register 0x2101 – ROM boot

· Config# config-register 0x2102 – Boot from NVRAM


· Config# boot system tftp FILENAME SERVER_IP – Example: boot system tftp 2600_ios.bin

· Config# boot system ROM

· Config# boot system flash – Then – Config# reload


· Config# cdp run – Turns CDP on

· Config# cdp holdtime 180 – Sets the time that a device remains. Default is 180

· Config# cdp timer 30 – Sets the update timer.The default is 60

· Config# int Ethernet 0

· Config-if# cdp enable – Enables cdp on the interface

· Config-if# no cdp enable – Disables CDP on the interface

· Config# no cdp run – Turns CDP off


· Config# ip host ROUTER_NAME INT_Address – Example: ip host lab-a

· Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 – Example: ip host lab-a – (for e0, s0, s1)


· Config# ip domain-lookup – Tell router to lookup domain names

· Config# ip name-server – Location of DNS server

· Config# ip domain-name – Domain to append to end of names


· # clear interface Ethernet 0 – Clears counters on the specified interface

· # clear counters – Clears all interface counters

· # clear cdp counters – Clears CDP counters


· Config# ip route Net_Add SN_Mask Next_Hop_Add – Example: ip route

· Config# ip route Next_Hop_Add – Default route

· Config# ip default-network Net_Add – Gateway LAN network


· Config# ip routing – Enabled by default

· Config# router rip

· Config# router igrp 100

· Config# interface Ethernet 0

· Config-if# ip address

· Config-if# no shutdown


· Config# ipx routing

· Config# interface Ethernet 0

· Config# ipx maximum-paths 2 – Maximum equal metric paths used

· Config-if# ipx network 222 encapsulation sap – Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial

· Config-if# no shutdown


IP Standard 1-99

IP Extended 100-199

IPX Standard 800-899

IPX Extended 900-999

IPX SAP Filters 1000-1099


· Config# access-list 10 permit – allow all src ip’s on network

· Config# access-list 10 permit host – specifies a specific host

· Config# access-list 10 permit any – allows any address

· Config# int Ethernet 0

· Config-if# ip access-group 10 in – also available: out


· Config# access-list 101 permit tcp eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)

· Config# access-list 101 deny tcp any host eq www

· Config# access-list 101 permit ip any any

· Config# interface Ethernet 0

· Config-if# ip access-group 101 out


· Config# access-list 801 permit 233 AA3 – source network/host then destination network/host

· Config# access-list 801 permit -1 -1 – “-1” is the same as “any” with network/host addresses

· Config# interface Ethernet 0

· Config-if# ipx access-group 801 out


· Config# access-list 901 permit sap 4AA all 4BB all
– Permit protocol src_add socket dest_add socket
-“all” includes all sockets, or can use socket numbers

· Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere

· Config# interface Ethernet 0

· Config-if# ipx access-group 901 in


· Config# access-list 1000 permit 4aa 3 – “3” is the service type

· Config# access-list 1000 permit 4aa 0 – service type of “0” matches all services

· Config# interface Ethernet 0

· Config-if# ipx input-sap-filter 1000 – filter applied to incoming packets

· Config-if# ipx output-sap-filter 1000 – filter applied to outgoing packets


· Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list

· Config# permit any

· Config-if# ip access-group LISTNAME in
-use the list name instead of a list number
-allows for a larger amount of access-lists


· Config-if# encapsulation ppp

· Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated

· Config-if# exit

· Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect

· Config-if# ppp chap hostname ROUTER

· Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration


· Config# isdn switch-type basic-5ess – determined by telecom

· Config# interface serial 0

· Config-if# isdn spid1 2705554564 – isdn “phonenumber” of line 1

· Config-if# isdn spid2 2705554565 – isdn “phonenumber” of line 2

· Config-if# encapsulation PPP – or HDLC, LAPD

DDR – 4 Steps to setting up ISDN with DDR

1. Configure switch type
Config# isdn switch-type basic-5ess – can be done at interface config
2. Configure static routes
Config# ip route – sends traffic destined for to
Config# ip route bri0 – specifies how to get to network (through bri0)
3. Configure Interface
Config-if# ip address
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 – applies dialer-list to this interface
Config-if# dialer map ip name Lab-b 5551212
connect to lab-b at 5551212 with ip if there is interesting traffic
can also use “dialer string 5551212” instead if there is only one router to connect to
4. Specify interesting traffic
Config# dialer-list 1 ip permit any
Config# dialer-list 1 ip list 101 – use the access-list 101 as the dialer list
5. Other Options
Config-if# hold-queue 75 – queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120


· Config# interface serial 0

· Config-if# encapsulation frame-relay – cisco by default, can change to ietf

· Config-if# frame-relay lmi-type cisco – cisco by default, also ansi, q933a

· Config-if# bandwidth 56

· Config-if# interface serial 0.100 point-to-point – subinterface

· Config-if# ip address

· Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end

· Config-if# interface serial 1.100 multipoint

· Config-if# no inverse-arp – turns IARP off; good to do

· Config-if# frame-relay map ip 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional

· Config-if# frame-relay map ip 54 broadcast