Skip to main content

Cisco IOS CLI Cheat Sheet 2026 — Quick CLI Command Reference

4 min read

Cisco IOS CLI Cheat Sheet 2026 — Quick Command Reference

Cisco IOS CLI Cheat Sheet is the complete quick-reference of Cisco IOS CLI commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

Basic Configuration

Action Command Useful flags
Enter global configuration mode 
configure terminal
Set device hostname 
hostname <hostname>
Enter interface configuration mode 
interface <type> <number>
Assign IP address to interface 
ip address <ip-address> <subnet-mask>
 -address -mask
Encrypt plaintext passwords 
service password-encryption
 -encryption

VLANs & Switching

Action Command Useful flags
Create a VLAN in global config 
vlan <vlan-id>
 -id
Display a brief summary of all VLANs 
show vlan brief
Show trunk interfaces and their status 
show interfaces trunk

Routing (OSPF, EIGRP, BGP)

Action Command Useful flags
Start OSPF configuration 
router ospf <process-id>
 -id
Enable OSPF on network 
network <network> <wildcard> area <area-id>
 -id
Show OSPF neighbors 
show ip ospf neighbor
Start EIGRP configuration 
router eigrp <as-number>
 -number
Show EIGRP neighbors 
show ip eigrp neighbors
Define BGP neighbor 
neighbor <ip-address> remote-as <as-number>
 -address -as -number
Show BGP neighbor summary 
show ip bgp summary

ACLs & Security

Action Command Useful flags
Apply ACL to an interface 
ip access-group <acl-number> in
 -group -number
Create named standard ACL 
ip access-list standard <name>
 -list
Create named extended ACL 
ip access-list extended <name>
 -list
Enable password encryption globally 
service password-encryption
 -encryption

NAT & PAT

Action Command Useful flags
Mark interface as NAT inside 
ip nat inside
Mark interface as NAT outside 
ip nat outside
Configure static NAT 
ip nat inside source static <inside-local> <inside-global>
 -global -local
Configure static PAT (port forwarding) 
ip nat inside source static tcp <local-ip> <local-port> <global-ip> <global-port>
 -ip -port
Configure PAT with access list 
ip nat inside source list <acl-number> interface <interface> overload
 overload
Define NAT pool 
ip nat pool <name> <start-ip> <end-ip> netmask <mask>
 netmask
Display active NAT translations 
show ip nat translations

VPN & Tunnels

Action Command Useful flags
Show IKE SAs 
show crypto isakmp sa
Show IPsec SAs 
show crypto ipsec sa
Create tunnel interface 
interface tunnel <tunnel-id>
 -id

Spanning Tree (STP)

Action Command Useful flags
Display spanning-tree status for all VLANs 
show spanning-tree
 -tree
Display spanning-tree for a specific VLAN 
show spanning-tree vlan <vlan-id>
 -id -tree

Diagnostics & Show

Action Command Useful flags
Display interface status and statistics 
show interfaces
Display IP interface summary 
show ip interface brief
Show active configuration 
show running-config
 -config
Display system hardware and software version 
show version
Display IP routing table 
show ip route
Display ARP cache 
show arp
Display VLAN summary 
show vlan brief
Display MAC address table 
show mac address-table
 -table

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action Command Warning
⚠️ Destroy ⚠️ 
terraform destroy -auto-approve
 Irreversible — verify the target before running
⚠️ Delete 
kubectl delete namespace production
 Irreversible — verify the target before running
⚠️ Prune ⚠️ 
docker system prune -af --volumes
 Irreversible — verify the target before running
⚠️ Delete 
pvesh delete /nodes/{node}/qemu/{vmid}
 Irreversible — verify the target before running
⚠️ Delete 
az group delete --name MyResourceGroup --yes
 Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between Basic Configuration and VLANs & Switching?

Each group in this Cisco IOS CLI cheat sheet covers a distinct area. Basic Configuration focuses on its specific scope, while VLANs & Switching and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed Cisco IOS CLI version?

Run the version command (usually show version or show --version). The output shows the client and, when applicable, the server version.

Why does Cisco IOS CLI return ‘permission denied’?

A ‘permission denied’ error in Cisco IOS CLI usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter Cisco IOS CLI output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON: 

show list | grep RUNNING

What is the fastest way to debug a Cisco IOS CLI error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories: