The top CCNA commands to know are variations of the ‘show’ command. Common questions present you with a set of configured devices and ask you to find information about these devices. You must know how to search through a router or switch and find the relevant information. Knowing these commands will not only help you succeed at the CCNA but will be immensely helpful when working with a router whose configuration you have not documented or memorized.
Check out our recommendations for the best CCNA study guides.
Without further ado, the most useful Cisco commands are:
The ‘show run’ command is by far the most useful ‘show’ command you will come across. It gives you a page-by-page report on the current device’s setup. This includes interface information such as the IP address, if the interface is shutdown, etc. You can also see the device-wide information, such as which passwords are set, if SSH or telnet is set up and ready for login, etc. You can see when the configuration was last updated and saved, along with VLAN information. Basically, if there is a piece of information you do not know and are unsure how to find that information, start with the ‘show running-configuration’ command. There is a good chance it will have what you are looking for.
This command will show you detailed information about the interfaces on the device. The command ‘show int’ alone will display information about each interface on the device, one after the other. If you are looking for information on a specific interface, you can input the type and number of the interface to get information about only that one interface. For example, ‘show int fa 0/1’ will only show information about FastEthernet 0/1.
The output of this command includes the MTU size, the bandwidth label, the mac-address, the IP address, the subnet mask, and the errors on the interface. The detailed error report from ‘show interfaces’ makes this the go-to command when you are having routing issues. You will see not only the number of errors but the specific type of error, such as giants or collisions, or runts, and this will allow you to have an idea of where the problem may be coming from. If you see connection issues, try the ‘show int’ command.
show ip route
The ‘show ip route’ will display the routing table, which is used to find where to send data. You would use this to see the next hop for every packet. This is a Layer 3 command. It shows which interface will send out a packet destined for a certain IP address. This command will also tell you how the device learned of that route. You can determine if the route is directly connected, static, or learned through a routing protocol such as OSPF or RIP. You can be most specific with this command by including the protocol you are interested in. For example, ‘show ip route ospf’ will display OSPF routes. Use this command if you ever need to know which interface is responsible for reaching a certain network.
show ip interface
The ‘show ip int’ command will give a detailed layer-3 report of an interface. Like the ‘show interfaces’ command, you can specify a specific interface to look at, such as ‘show ip int g 0/2’, and the information about the specified interface will be shown. This command will show information such as the incoming and outgoing access list, the IP addresses, and the network mask. The command ‘show ip interface brief’ is also extremely useful for quickly seeing which interfaces are up and what IP address is assigned to each interface. This is a quick and concise way to see the basic interface status.
This command will display the access lists on the device. This includes every line of the access list but does not display which interface that access list is applied to. You will want to run the ‘show ip interface’ or ‘show run’ commands to see where an access-list is applied. Note that the ‘show access-list’ command shows access lists for all protocols, whereas ‘show ip access-list’ only shows IPv4 access lists and may exclude other existing access lists, such as IPv6 access lists. Remember that each access list has an unstated last command of ‘deny any’. Use the ‘show access-list’ command to see exactly what an access list does.
show cdp neighbor detail
The ‘show cdp neighbor detail’ command will display information about the directly connected Cisco devices. It is a Layer 2 command, so the output includes information about switches and even phones. CDP is a Cisco proprietary protocol, so the command only shows information about Cisco devices. The information includes the remote device type, the remote IP address, the remote interface connected to the device you are on, and the remote device ID. This is a great command for figuring out what other types of devices you are connected to.
Say you find a switch in a closet somewhere and don’t know where all the cables from that switch go. You can type ‘show cdp neighbor detail’ and see what type of device each interface is connected to. No need to go tracing wires throughout the building. The ‘show cdp neighbor’ command will show much (but not all) of the same information in a more concise format.
The display from this command will show you the information and status of VLANs on the device. This includes the VLAN names, numbers, and the interfaces on which each VLAN can be found. If a certain interface is not listed in this command, that interface is a trunk. Use this command to see which VLANs are active and on which ports.
show interface trunk
Use the ‘show interface trunk’ command to view all the trunk ports on the device. The display will include information on which VLANs are allowed on which trunk and what the native VLAN is. Use this command to see which ports are used for trunking and which VLANs are allowed to pass through those trunks.
show ip protocols
This command displays information about Layer 3 routing protocols on the Cisco device. These include RIP, OSPF, and EIGRP. While these protocols have their own specific show commands, the ‘show ip protocols’ gives a large amount of detail on all running protocols at once. It includes routing information and is often the first Cisco command to run when troubleshooting routing problems due to Network Layer protocols’ misconfiguration. For IPv6, use ‘show ipv6 protocols’.
The above basic configuration verification commands should be enough to find the most details on what a networking device is doing and how it is set up. These are obviously not the only commands you should know, and the CCNA is not limited to only ‘show’ commands. The above commands are a great start to any kind of troubleshooting you may need and will often be some of the first commands you will run. The show commands are entered in the privileged exec mode. Still, they can also be entered in the higher hierarchy modes, such as in the global configuration mode and interface configuration mode, using the ‘do’ keyword before the show command.
Download our Subnet Cheat Sheet for all the essential information you need to quickly perform subnet calculations in your head.If you want to learn more about networking and get the Cisco CCNA certification, we highly recommend the Cisco CCNA Gold Bootcamp as your CCNA training course. The CCNA is by far the most in-demand networking certification by employers, and the Gold Bootcamp is the highest rated Cisco course online. It has an average rating of 4.8 from over 30,000 public reviews: