Top Cisco CCNA Commands

The top commands to know for the CCNA are variations of the ‘show’ command. Common questions present you with a set of configured devices and ask you to find information about these devices. You must know how to search through a router or switch and find the relevant information. Knowing these commands will not only help you succeed at the CCNA but will be immensely helpful when working with a router whose configuration you do not have documented or memorized.

Check out our recommendations for the best CCNA study guides.

Without further ado, the most useful Cisco commands are:

show running-configuration

The ‘show run’ command is by far the most useful ‘show’ command you will come across. It gives you a page by page report on how the current device is setup. This includes interface information such as the IP address, if the interface is shutdown, etc. You can also see the device-wide information such as which passwords are set, if SSH or telnet is set up and ready for login, etc. You can see when the configuration was last updated and saved along with VLAN information. Basically, if there is a piece of information you do not know, and are unsure how to find that information, start with the ‘show running-configuration’ command. There is a good chance it will have what you are looking for.

show interfaces

This command will show you detailed information about the interfaces on the device. The command as simply ‘show int’ alone will display information about each interface on the device, one after the other. If you are looking for information on a specific interface you can input the type and number of the interface to get information about only that one interface, for example ‘show int fa 0/1’ will only show information about FastEthernet 0/1.
The output of this command includes the MTU size, the bandwidth label, the mac-address, the IP address, the subnet mask, and the errors on the interface. The detailed error report from ‘show interfaces’ makes this the go-to command when you are having routing issues. You will see not only the number of errors, but the specific type of error, such as giants or collisions or runts, and this will allow you to have an idea of where the problem may be coming from. If you are seeing connection issues, try the ‘show int’ command.

show ip route

‘Show ip route’ will display the routing table which is used to find where to send data. This is what you would use to see the next hop for every packet. This is a layer-3 command. It shows which interface will send out a packet destined for a certain IP address. This command will also tell you how the device learned of that route. You can find out if the route is directly connect, static, or learned through a routing protocol such as OSPF or RIP. You can be most specific with this command by including the protocol you are interested in, for example ‘show ip route ospf’ will display OSPF routes. If you ever need to know which interface is responsible for reaching a certain network, use this command.

show ip interface

The ‘show ip int’ command will give a detailed layer-3 report of an interface. Like the ‘show interfaces’ command, you can specify a specific interface to look at such as ‘show ip int g 0/2’. This command will show information such as the incoming and outgoing access list, the IP address and the network mast. The command ‘show ip interface brief’ is also extremely useful for quickly seeing which interfaces are up and what IP address is assigned to each interface. This is a quick and concise way to see what the basic interface status looks like.

show access-list

This command will display the access-lists on the device. This includes every line of the access-list, but does not display which interface that access-list is applied to. To see where an access-list is applied, you will want to run the ‘show ip interface’ or ‘show run’ commands. Note that the ‘show access-list’ command shows access lists for all protocols, whereas ‘show ip access-list’ only shows IPv4 access-lists and may exclude other existing access-lists, such as IPv6 access-lists. Remember that each access list has an unstated last command of ‘deny any’. Use the ‘show access-list’ command to see exactly what an access-list is doing.

show cdp neighbor detail

‘Show cdp neighbor detail’ will display information about Cisco devices connected to the device you are on. It is a layer-2 command, so this includes information about switches and even phones. CDP is a Cisco proprietary protocol, so the command will only show information about Cisco devices. The information includes the remote device type, the remote IP address, the remote interface connected to the device you are on, and the remote device ID. This is a great command for when you need to figure out what other types of devices you are connected to. Say you find a switch in a closet somewhere and have no idea where all the cables from that switch go. You can type ‘show cdp neighbor detail’ and see what type of device each interface is connected to. No need to go tracing wires throughout the building. The ‘show cdp neighbor’ command will show much (but not all) of the same information in a more concise format.

show vlan

The display from this command will show you the information and status of VLANs on the device. This includes the VLAN names, numbers, and the interfaces on which each VLAN can be found. If a certain interface is not listed in this command, that interface is a trunk. Use this command to see which VLANs are active and on which ports.

show interface trunk

Use the ‘show interface trunk’ command to view all the trunk ports on the device. The display will include information on which VLANs are allowed on which trunk, what the native VLAN is. Use this command to see which ports are used for trunking and which VLANs are allowed to pass through those trunks.

show ip protocols

This command displays information about Layer 3 routing protocols on the Cisco device. These include RIP, OSPF and EIGRP. While these protocols have their own specific show commands, the ‘show ip protocols’ gives a large amount of detail on all running protocols at once. It includes routing information and is often the first Cisco command to run when troubleshooting routing problems due to Network Layer protocols misconfiguration. For IPv6 use ‘show ipv6 protocols’.

The above Cisco commands should be enough to find most details on what a networking device is doing and how it is set up. These are obviously not the only commands you should know and the CCNA is not limited to only ‘show’ commands. The above are a great start to any kind of troubleshooting you may need and are often going to be some of the first commands you will run.

Download our Subnet Cheat Sheet for all the essential information you need to quickly perform subnet calculations in your head.

If you want to learn more about networking and get the Cisco CCNA certification, we highly recommend the Cisco CCNA Gold Bootcamp as your CCNA training course. The CCNA is by far the most in-demand networking certification by employers, and the Gold Bootcamp is the highest rated Cisco course online. It has an average rating of 4.8 from over 30,000 public reviews:

Cisco CCNA Gold Bootcamp training course