← All Learning Pathways

Full Guide for All IOS Commands

Cisco IOS routing and configuration covering OSPF, EIGRP, BGP, ACLs, NAT, IPsec/GRE, IPv6, IS-IS, RIP, plus device hardening, file management, logging, and path control. Sourced from the comprehensive CCNA/CCNP routing reference.

18 articles • follow them in order

  1. 1
    Networking

    Configure OSPFv2 on Cisco IOS: From Single Area to Multi-Area

    Working reference for OSPFv2 on Cisco IOS - the cost metric, hello/dead timers, the six LSA types, the five area types (Backbone, Normal, Stub, TSA, NSSA), router roles (ABR, ASBR, IR), basic configuration with both the network statement and ip ospf interface command, multi-area design, summarization at the ABR (area range vs summary-address), virtual links, MD5 authentication, the five verification commands, and the pitfalls (reference bandwidth mismatch, wildcard vs subnet mask, EXSTART MTU loops, implicit router-id changes).

    12 min Read step 1 →
  2. 2
    Networking

    Cisco IOS Access Control Lists: Standard, Extended, Named, Reflexive, Time-Based

    Working reference for the five Cisco IOS ACL types. How an ACL processes a packet (top-down, first-match-wins, implicit deny), where the order of operations relative to NAT matters (in: ACL before NAT, out: NAT before ACL), Standard vs Extended vs Named ACLs with full configuration examples, Reflexive ACLs for basic return-traffic state, Time-based ACLs with absolute and periodic schedules, application to interfaces vs VTY lines (ip access-group vs access-class), placement rules (Standard close to destination, Extended close to source), and the pitfalls (implicit deny, numbered-ACL edit gotcha, wildcard vs subnet mask, NAT-order trap, missing VTY restriction).

    8 min Read step 2 →
  3. 3
    Networking

    Cisco IOS NAT and PAT: Static, Dynamic, and Overload Configuration

    Working reference for the four NAT modes on Cisco IOS. The inside-local / inside-global / outside-global vocabulary that confuses everyone the first time, the ip nat inside / ip nat outside interface markings (most common cause of broken NAT), Static NAT with full IP and port-specific variants, Dynamic NAT with a public pool, PAT (overload) with the WAN interface IP and with a pool, the show ip nat translations and statistics commands, clear ip nat translation, and the pitfalls (missing markers, ACL gaps, PAT port exhaustion, NAT/IPsec interaction).

    7 min Read step 3 →
  4. 4
    Networking

    Configure EIGRP on Cisco IOS: Metrics, DUAL, Stub, and Authentication

    Working reference for EIGRP on Cisco IOS. The composite metric (bandwidth + delay, with K-values), DUAL and the feasibility condition (Successor and Feasible Successor for sub-second convergence), basic configuration with no auto-summary and explicit router-id, passive-interface default + selective unpassive pattern, per-interface summarization, EIGRP stub for branch routers (bounding query scope and avoiding Stuck-In-Active), MD5 authentication via key-chain, the five verification commands, and the pitfalls (auto-summary trap, K-value mismatches, SIA, AS-number agreement).

    8 min Read step 4 →
  5. 5
    Networking

    Configure BGP on Cisco IOS: Peering, Path Selection, and Route Manipulation

    Working reference for BGP on Cisco IOS. eBGP vs iBGP and the iBGP full-mesh problem, peering setup over physical interfaces vs loopbacks (with update-source and next-hop-self), the network statement and its requirement that the prefix be in the IP routing table, the nine-step path-selection process (Weight - Local Pref - AS-Path - Origin - MED - eBGP/iBGP - IGP cost - Router ID), the four most-used manipulations (local-pref for outbound preference, AS-Path prepend for inbound, MED for same-peer multilink, communities for ISP-coordinated traffic engineering), prefix-list filtering on all neighbors, peer groups, soft vs hard reset, and pitfalls (missing IP route, iBGP next-hop, communities not sent, outbound prefix-list omitted).

    9 min Read step 5 →
  6. 6
    Networking

    Cisco IOS Site-to-Site IPsec VPN with GRE: Full Configuration Walkthrough

    Working reference for a GRE-over-IPsec site-to-site VPN on Cisco IOS. Why GRE-inside-IPsec instead of plain IPsec (multicast and routing-protocol support), the two-phase IKE/IPsec negotiation (Phase 1 ISAKMP - authentication / encryption / hash / DH group / lifetime; Phase 2 - transform-set / interesting traffic / lifetime), full symmetric configuration on both endpoints (isakmp policy, pre-shared key, transform-set, ACL for interesting traffic that matches GRE between tunnel endpoints, crypto map applied to physical interface NOT tunnel, GRE Tunnel0 with MTU and TCP-MSS clamping), running EIGRP through the tunnel, and the verification order (show crypto isakmp sa, show crypto ipsec sa, show crypto map, tunnel ping, routes). Pitfalls: crypto map on wrong interface, ACL points at LANs instead of GRE, MTU not lowered, NAT-T not allowed, asymmetric configuration.

    7 min Read step 6 →
  7. 7
    Networking

    Cisco IOS IPv6: Addressing, Routing Protocols, and Tunneling

    Working reference for IPv6 on Cisco IOS. The 128-bit address format and compression rules, the five address scopes (loopback ::1/128, link-local fe80::/10 - automatic on every interface, ULA fc00::/7, GUA 2000::/3, multicast ff00::/8), the ipv6 unicast-routing global enable, three ways to set an interface address (manual, EUI-64 derived from MAC, SLAAC), static routing with ipv6 route, the four IPv6 routing protocols (OSPFv3 with the IPv4-format router-id quirk, EIGRPv6 which stays shutdown by default, RIPng, MP-BGP with its activate-in-address-family pattern), tunneling options (manual, GRE, 6to4, ISATAP), and the differences from IPv4 (no NAT, no ARP - replaced by NDP - no broadcast, multiple addresses per interface). Pitfalls: forgetting ipv6 unicast-routing, EIGRPv6 shutdown by default, missing BGP activate, routing protocols using link-locals you don't expect.

    8 min Read step 7 →
  8. 8
    Networking

    Cisco IOS CLI & ROMMON: Modes, Shortcuts, and Password Recovery

    Working reference for the Cisco IOS command-line. The mode hierarchy (User EXEC -> Privileged EXEC -> global config -> interface/router/line config), tab-complete and command abbreviation, the navigation shortcuts (Ctrl-A/E/W/U/R), output filtering with pipe (include / exclude / begin / section / redirect), the seven ping result codes, ROMMON access via terminal break sequence, and the standard four-step password recovery procedure (confreg 0x2142 - reset - copy startup to running - enable secret - config-register 0x2102). Pitfalls: forgetting to restore config-register, break sequence not transmitting, console baud-rate mismatches in ROMMON.

    5 min Read step 8 →
  9. 9
    Networking

    Cisco IOS Basic Configuration: Interfaces, Sub-interfaces, DHCP, CDP, and Banners

    Working reference for baseline Cisco IOS configuration. The hostname / domain / no ip domain-lookup trio (the latter saves 20 seconds per typo), Layer 3 interfaces with description / ip address / no shutdown, sub-interfaces for router-on-a-stick with encapsulation dot1Q including the native keyword, loopback interfaces for management and router-id, the Null0 bit-bucket, clock rate / bandwidth on serial, full DHCP server config (excluded-address, pool, default-router, dns-server, lease) and ip helper-address for relay, CDP enable/disable per-interface, MOTD/login/exec banners, clock + NTP, disabling the HTTP server, and the baseline template every new router should start from.

    6 min Read step 9 →
  10. 10
    Networking

    Cisco IOS File Management & Maintenance: Backup, Archive, Rollback

    Working reference for Cisco IOS file management. The running vs startup config distinction (RAM vs NVRAM) and copy run start as the most-forgotten command, backing up to TFTP / FTP / SCP including credential setup, the file system layout (flash, nvram, system, tftp:, scp:, usbflash0), running the router itself as a TFTP server, the archive feature for automatic config snapshots with path / write-memory / time-period, configure replace for non-disruptive rollback (it computes the diff vs copy which is additive only), archive log config for audit logging with hidekeys redaction, verify /md5 for IOS image integrity, and the pitfalls (TFTP file-must-exist trap, plaintext FTP creds, insufficient flash before image upgrade).

    4 min Read step 10 →
  11. 11
    Networking

    Cisco IOS Logging, SNMP, and EEM: Syslog Levels, Traps, and Automation

    Working reference for Cisco IOS visibility and automation. The 8 syslog severity levels (Emergency 0 through Debug 7) and how to threshold each destination, syslog config (buffered / console / host / source-interface Loopback0 for stable identity), service timestamps log datetime msec for correlation, SNMP v2c with ACL-restricted community strings vs SNMPv3 with auth+priv security level, EEM applets for event-driven automation (syslog pattern matching, time-based cron schedules, counters), example applets for interface-down alerting and auto-saving config, and the pitfalls (console at debug, missing source-interface, community without ACL, EEM runaway loops, no timestamps).

    5 min Read step 11 →
  12. 12
    Networking

    Cisco IOS Device Hardening: AAA, SSH, RADIUS, NTP, and Privilege

    Working reference for Cisco IOS device-access hardening. The bare-minimum local-auth setup (enable secret, login local, transport input ssh, access-class on VTY, service password-encryption, security passwords min-length), SSH config (2048-bit RSA, ip ssh version 2, public-key auth via pubkey-chain), brute-force defense with login block-for, full AAA stack with RADIUS and the critical local fallback, NTP with authentication and Loopback source-interface, privilege levels vs the modern parser-view RBAC alternative, and the 10-item hardening checklist (no Telnet, weak keys, missing fallback, default communities, etc.).

    5 min Read step 12 →
  13. 13
    Networking

    Cisco IOS Legacy WAN: HDLC, PPP, Frame Relay, and PPPoA

    Working reference for legacy Cisco WAN encapsulations. HDLC as the Cisco-only proprietary default with no authentication, PPP as the standards-based alternative with PAP and CHAP authentication (cross-username pattern, challenge-response hash for CHAP), PPP compression and multilink, PPPoA for DSL access. Frame Relay configuration with DLCI / LMI / map statements, the multipoint vs point-to-point sub-interface decision (sub-interfaces sidestep split-horizon issues), Frame Relay verification commands. Pitfalls: HDLC mismatch with non-Cisco peers, CHAP password mismatch, Frame Relay split-horizon on multipoint, missing Inverse ARP, DCE clocking on lab serials, LMI type mismatch.

    5 min Read step 13 →
  14. 14
    Networking

    Cisco IOS Static and Default Routes: AD, Floating, Null0

    Working reference for static routing on Cisco IOS. The three forms (recursive next-hop, interface-only for point-to-point, fully-specified for multi-access), default routes (0.0.0.0/0), administrative distance values across sources (Connected 0, Static 1, eBGP 20, EIGRP 90, OSPF 110, IS-IS 115, RIP 120, EIGRP-external 170, iBGP 200, Unknown 255), floating static routes for backup paths (AD set higher than protocol), the permanent keyword and why you usually shouldn't use it, the Null0 trick for black-holing and for keeping summary advertisements alive in BGP, ODR for hub-and-spoke. Pitfalls: ARP pressure from recursive routes on Ethernet, floating AD set too low, wrong default-route gateway, longest-prefix-match surprises.

    5 min Read step 14 →
  15. 15
    Networking

    Cisco IOS Path Control: PBR, IP SLA, and Offset Lists

    Working reference for Cisco IOS path-control. Policy-Based Routing (PBR) with route-maps and ACLs to override the routing table for specific traffic on inbound interfaces, locally-originated PBR via ip local policy. IP SLA active measurement with icmp-echo / tcp-connect / http probes plus the schedule command. Track objects bound to IP SLA reachability or interface line-protocol, with delay debouncing to prevent flapping. Tying a static route to a track for automatic dual-WAN failover. Offset lists to add/subtract from routing protocol metrics. The combined PBR + IP SLA + floating static pattern for resilient dual-WAN. Pitfalls: PBR applied outbound, missing fallthrough, IP SLA without schedule, track delay too short, set ip next-hop without verify-availability.

    6 min Read step 15 →
  16. 16
    Networking

    Cisco IOS Route Filtering: Distribution Lists, Prefix Lists, Route-Maps

    Working reference for the three Cisco IOS route-filtering tools. Distribution lists with ACL or prefix-list reference for inbound/outbound filtering at the routing process boundary. Prefix lists with ge/le qualifiers for prefix-length range matching, common patterns (default route only, any prefix, host routes, /24-/28 of a /8). Route-maps with sequenced clauses, the implicit final deny and the explicit permit-anything-else fallthrough, the menu of match conditions (ip address, next-hop, route-source, interface, metric, tag, as-path, community) and set actions (next-hop, metric, local-preference, community, as-path prepend, tag, weight). Where route-maps plug in: BGP neighbors, redistribution, PBR. Route tags as the glue between protocols to prevent redistribution loops. Pitfalls: missing fallthrough, prefix-list ge/le defaults, OSPF flood-can't-be-filtered, redistribution loops without tags.

    5 min Read step 16 →
  17. 17
    Networking

    Cisco IOS RIP Configuration: RIPv2, Authentication, Timers

    Working reference for RIPv2 on Cisco IOS. The protocol basics (distance-vector, hop-count metric max 15, UDP 520, multicast 224.0.0.9, AD 120, 30s/180s/180s/240s timer model), why RIP is mostly retired (15-hop max, slow convergence, routing-by-rumor) and where it still fits (tiny stub networks, legacy gear). Basic configuration with the essential version 2 + no auto-summary commands, network statement (classful, no wildcard mask), passive-interface default + selective unpassive, default-information originate, MD5 authentication via key-chain, timer tuning. Loop prevention (split horizon, route poisoning, holddown), the no ip split-horizon trick on Frame Relay multipoint, RIPng per-interface enablement for IPv6. Pitfalls: forgetting version 2, no auto-summary, mismatched timers, MD5 key-id mismatch.

    4 min Read step 17 →
  18. 18
    Networking

    Cisco IOS IS-IS Configuration: NET, Levels, and Backbone Routing

    Working reference for IS-IS on Cisco IOS. What makes IS-IS different (runs on Layer 2 / CLNS not IP, doesn't need IP addresses to form adjacencies, carries multiple address families in one process). The NET address breakdown (AFI, area, system-id, SEL) and convention of deriving System ID from loopback. Levels: L1 intra-area, L2 backbone, L1/L2 ABR-equivalent routers, with circuit-type per-interface control. Basic configuration (net, is-type, ip router isis on interface), loopback inclusion for /32 propagation, default cost of 10 and metric-style wide for headroom, MD5 authentication. Verification (show isis neighbors / topology / database, show clns commands). IS-IS vs OSPF comparison. Pitfalls: wrong NET, circuit-type mismatch, narrow metric overflow, missing ip router isis, discontiguous L2 backbone.

    5 min Read step 18 →