Skip to main content

Cisco IOS CLI Cheat Sheet 2026 — Quick CLI Command Reference

3 min read

Cisco IOS CLI Cheat Sheet 2026 — Quick Command Reference

Cisco IOS CLI Cheat Sheet is the complete quick-reference of Cisco IOS CLI commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

Basic Configuration

Action Command Useful flags
Configuration 
Interface configuration
Set hostname 
hostname <name>
Enable password encryption 
service password-encryption
 -encryption

VLANs & Switching

Action Command Useful flags
Show VLAN summary 
show vlan brief
Show trunk interfaces 
show interfaces trunk
Show switchport configuration 
show interfaces switchport
Create VLAN 
vlan <vlan-id>
 -id
Enter interface configuration mode 
interface <type> <mod/port>
Show spanning-tree info 
show spanning-tree
 vlan detail brief
Show interface VLAN info 
show interfaces vlan <vlan-id>
 -id

Routing (OSPF, EIGRP, BGP)

Action Command Useful flags
Ip ospf 
show ip ospf neighbor
Ip ospf 
show ip ospf database
Show OSPF interfaces 
show ip ospf interface
 brief
Show routing protocols 
show ip protocols
Show OSPF routes 
show ip route ospf
Show EIGRP routes 
show ip route eigrp

ACLs & Security

Action Command Useful flags
No commands detected for this group.

NAT & PAT

Action Command Useful flags
Configure static NAT 
ip nat inside source static <inside-local> <inside-global>
 -global -local
Configure PAT (overload) on interface 
ip nat inside source list <acl> interface <interface> overload
 overload
Configure dynamic NAT with pool 
ip nat inside source list <acl> pool <pool-name>
 -name
Set interface as inside NAT 
ip nat inside
Static NAT with route map 
ip nat inside source static <inside-local> <inside-global> route-map <route-map-name>
 route-map
TCP port forwarding static NAT 
ip nat inside source static tcp <inside-local> <local-port> <inside-global> <global-port> extendable
 tcp extendable
Static NAT with HSRP redundancy 
ip nat inside source static <inside-local> <inside-global> redundancy <group-number>
 redundancy
VRF-aware static NAT 
ip nat inside source static <inside-local> <inside-global> vrf <vrf-name>
 vrf

VPN & Tunnels

Action Command Useful flags
No commands detected for this group.

Spanning Tree (STP)

Action Command Useful flags
Spanning-tree: 
Show Spanning-Tree:
 -Tree

Diagnostics & Show

Action Command Useful flags
Version 
show version
Ip ospf 
show ip ospf neighbor
Ip ospf 
show ip ospf database
Ip route 
show ip route
Running-config 
show running-config
 -config
Running-config interface 
show running-config interface
 -config
Ip interface 
show ip interface

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action Command Warning
⚠️ Destroy ⚠️ 
terraform destroy -auto-approve
 Irreversible — verify the target before running
⚠️ Delete 
kubectl delete namespace production
 Irreversible — verify the target before running
⚠️ Prune ⚠️ 
docker system prune -af --volumes
 Irreversible — verify the target before running
⚠️ Delete 
pvesh delete /nodes/{node}/qemu/{vmid}
 Irreversible — verify the target before running
⚠️ Delete 
az group delete --name MyResourceGroup --yes
 Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between Basic Configuration and VLANs & Switching?

Each group in this Cisco IOS CLI cheat sheet covers a distinct area. Basic Configuration focuses on its specific scope, while VLANs & Switching and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed Cisco IOS CLI version?

Run the version command (usually cisco version or cisco --version). The output shows the client and, when applicable, the server version.

Why does Cisco IOS CLI return ‘permission denied’?

A ‘permission denied’ error in Cisco IOS CLI usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter Cisco IOS CLI output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON: 

cisco list | grep RUNNING

What is the fastest way to debug a Cisco IOS CLI error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories: