You are on page 1of 102

CCNA Commands Essentials with Examples

(A list of essential CCNA commands.)


Version 1.0 (Last Updated: March 7, 2015)
CCNA Commands Essential and Applications
Copyright: Kazi Syras Al Mamun
Published: 6th March 2015
Publisher: Amazon

All rights reserved. No part of this book may be reproduced, stored in retrieval system, copied in any form or by any means,
electronic, mechanical, photocopying, recording or otherwise transmitted without written permission from the publisher. You
must not circulate this book in any format.

Introduction
This book consists of a list of important CCNA commands that you may need to use both in CCNA exams and in real world.
When you start preparing for CCNA exam, you start developing concepts on various networking topics, but in the real world
when you will work as a network engineer or in any other relevant position, you will need to know when and how to apply
your CCNA knowledge. This book aims to equip you with all the necessary commands with in-depth illustrations to make your
familiarize with network configuration environment so that you know exactly which command to use in a particular situation.
Read this book in PC: Download Kindle for PC (free software) from Amazon, and read it in your PC. This book will be
delivered to your Kindle for PC when you buy this from Amazon.
Link: http://www.amazon.com/gp/kindle/pc/download

3 Reasons You Need This Book?


1.

This book has included all the CCNA commands that an exam. candidate may need to solve CCNA simulation lab, and
to solve switching and routing problems in real networks.
2. Sometime, the beginners find it difficult to realize the bigger picture of the network and the impact a command can
make when applied to a router. That is why a number of useful configuration examples with network diagrams have been
included in this book so that you can visualize the network and develop clear understanding about where and why you
need to use these commands. Static routing, OSPF, EIGRP, ACL, NAT, BGP have been presented with clean network
diagram and configuration examples.
3. You can revise your CCNA syllabus within a few hours by reading this book, which will help you develop confidence
in the subject matter and will also help you to use it as a quick reference when configuring simple networks. Finally, you
can expect to receive regular updates of this book so that you can stay up-to-date with changes in CCNA syllabus.

TABLE OF CONTENTS
Cisco Router Management Commands
Console Commands
Telnet Command
Show Telnet Users
Checking the number of Telnet sessions
SSH Command
Password Set Up in a Cisco Router
Enable command
Enable secret command
Password Encryption Command
Configuration Saving Commands
Erasing Startup-Config
Reload Router
Boot System Commands
TFTP Command (to backup configuration file)
Restore configuration from Backup Server (TFTP)
Password Recovery Command and Process
Checking IOS version and Config register value
Terminal Command
Display Command History
To check the amount of flash memory

To delete a particular ISO image in Flash


Check Contents of NVRAM
Check Contents of RAM
Check Contents of Flash
Changing Register Configuration
Router Directory Status and Memory Test
File System Status
Router Hardware Information
Verify default directory
Verify Directory Contents
Using CDP to gather Neighbour Information
Set an IP in Router Interface
Interface Speed Change
Interface Status Command
Physical Interface Problem Verification
Command to Use When Router Stops Responding
Static Routing Command & Example
Set a Static Route to a Remote Destination Network
Default Routing Command
Administrative Distance Modification
Routing Table Diagnostic Commands
Anatomy of Show IP Route Command
OSPF Commands
OSPF Basic Configuration
OSPF Status Check
OSPF IPV6 Command
How to Enable OSPF in an Interface
OSPF Process Redistribution in the Same Router
OPSF Database Command
OSPF Interface Status Command
Restart OSPF Process Without Restarting The Router
OSPF Network Type
OSPF Router Priority Change Command
List of Useful OSPF Commands
OSPF Troubleshooting Commands
RIP Commands
Default Route in RIP
Disable RIP In A Particular Interface
Verify RIP Route
EIGRP Commands
Configure EIGRP
EIGRP Passive Interface

BGP Commands
BGP Network Configuration Example
BGP Neighbour Configuration Example
Access List Commands
Standard Access Control list Configuration
Allow IP Traffic From A Specific Host
Extended Access List
Named Access List
NAT Commands
Dynamic NAT
PAT or Port Address Translation (Overload) Commands
IPV6 Command
IP Services
DHCP Configuration
DNS Configuration Commands
Switching Commands
VLAN Commands
Inter-VLAN Routing
VTP(VLAN Trunking Protocol)
VTP Pruning
VTP Status Check Command
Port Security Commands
MAC Address List
Spanning Tree command
RSTP(Per-Vlan rapid spanning tree mode)
PVST(Per-Vlan spanning tree mode)
Spanning tree root bridge and priority check
EtherChannel
EtherChannel Configuration
WAN commands
PPP Configuration Commands
Frame Relay
Frame Relay commands
Description
Useful Commands to Disable Unnecessary Network Services
Command Customization Tricks

Cisco Router Management Commands


Before start learning about Cisco routing and switching commands, you may have a look at the following screenshot to refresh
your memory about the commonly used Cisco command modes:

Command line cursor help


CTRL+w
CTRL+u
CTRL+a
CTRL+e
ESC+f
ESC+b
CTRL+p or
CTRL+n or
TAB
CTRL+c

CTRL+z

erases a word.
erases a line.
moves to start of line.
moves to end of line.
moves forward one word.
moves back one word.
recalls previous command
from history.
steps forward to next newer
command in history.
completes partial
commands.
breaks off long data
displays.
ends any configuration
mode.
and returns to privileged
exec mode.

CTRL+SHIFT+6

pauses some running


processes (e.g. Telnet
sessions)
Display all possible options
that follow a command

Console Commands
When you need to configure a brand new Cisco router, you need to access it using console port because most Cisco routers are
not shipped with default interface IP. In the absence of an interface IP or if you do not know interface IP, you can access the
routers configuration mode using the console port.
At first, install PuTTY (SSH and Telnet client software) in your Windows computer. You can download PuTTy from
http://putty .com. Next connect the console cable to the routers console port. Next, check the COM port number from the
device manager in your computer.
Finally open putty and select the COM port number that you have seen in the device manager. Press Enter and staring
configuring your router.
You will see the following message. Type no in order to enter the user EXEC mode.
Would you like to enter the initial configuration dialog? [yes/no]: no
Setting console password

R1 (config) #line console 0


R1 (config-line) #password cisco
R1 (config-line) #login
By default, the console login session get time-out within 10 minutes. If you want to remove the time-out limitations, use the
following command:

R1 (config) #exec-timeout 0 0
While typing commands in the router from your computer using console port, you may see a number of pop up messages which
is quite annoying when you configure your router. If you use the following command you will still see the pop up messages, but
your command prompt will be back into configuration mode automatically, without losing the already typed commands in the
prompt.

R1 (config) #logging synchronous

Telnet Command
You can Telnet to your router from a remote location or from anywhere in the network in order to manage, configure or modify
it. To be able to telnet to a router, the router must have an IP set in one of its interface. You will not be able to Telnet if there is
no IP set in a interface.

Router (config) #line vty 0


Router (config-line) #password cisco
Router (config-line) #login
Note: if you set line vty 0 only, then the router will allow only one Telnet connection at a time. If you set line vty 0 4, the
router would allow 5 simultaneous telnet connection. Remember that before you telnet your router must have an enable
password set, which you can set using enable command as shown below:

Router(config)#enable password world123


If you want only the IP 10.1.1.3 to be able to establish telnet connection with your router, use the following commands.

Router (config) #access-list 10 permit host 10.1.1.3


Router (config) #line vty 0
Router (config-line) #access-class 10 in
When you try to telnet a router from a specific IP that is not allowed to telnet, you will receive the following message:

% Connection refused by remote host

Show Telnet Users

Router # show users

Checking the number of Telnet sessions

Router #show sessions

SSH Command
If you want a secure remote connection, you may opt for SSH instead of telnet.

Steps and commands to set SSH in a router


Router (config) # hostname cisco
cisco (config) #ip domain-name mycisco.com
cisco (config) #username luke password river123
cisco (config) #crypto key generate rsa general-keys modulus ?
<360-2048> size of the key modulus [360-2048]
cisco (config) #crypto key generate rsa general-keys modulus 360
cisco (config) #line vty 0 4
cisco (config-line) #transport input ssh telnet
If we used only transport input ssh then we would be not able to telnet the router using the telnet password.

Password Set Up in a Cisco Router


If you want to restrict access to your routers privileged mode so that only the users who has password can modify the
configuration, you have to set a password. There are two ways you can set password: using enable command and using
enable secret command.
You can use any of the two commands to set password. But you need to remember that the password set using enable secret
will be much more secure than that set using enable command because enable secret command generates a MD5 hash, and it
does not show the password in clear text when you use show run command to see router configuration.
Enable command
Router(config)#enable password cisco123#
Enable secret command
Router(config)#enable secret cisco13#
Note: here we have set cisco123# as a password. Use any of the two commands to set password in your router. Remember
that enable secret is more secure than enable password. If you have already set an enable password, and have decided to
set enable secret password, you can do so. Remember when you will set enable secret password, it will override enable
password.

Password Encryption Command


Cisco routers show all the password in clear text when you run a show run command, except enable secret password. If you
want that the passwords be shown in encrypted format, use the following command in the global configuration mode.

Router (config) # service password encryption

Configuration Saving Commands


To save running configuration to start-up configuration use:

Router#copy running-config startup-config


After typing the above command , you will be shown the following message:
Destination filename [startup-config]?
Just press Enter to save your running configuration.
To bring startup-config to the running config, use the following command. Remember that after using the following command
your current configuration will be replaced by the startup-config file.

Router (config) # copy startup-config running-config

Erasing Startup-Config

Router (config) # erase startup-config


Note: dont forget to take backup of your startup configuration file before erasing it because after erasing startup configuration
file your router will have no configuration file and your cannot roll back to previous configuration unless you have a backup
copy.

Reload Router

Router (config) # reload

Boot System Commands


In normal condition, Cisco routers boot from its ISO image located in its hard disk. Think about a situation when your routers
IOS image is corrupted, and you cannot enter the configuration mode. Fortunately, there are commands to tell the router to boot
from another IOS located in a different location such as in a TFTP server.

Note: normally, a router boots from the first image file found in the flash memory.
For example, you want to your router to boot from a specific image file (c2600nm-advsecurityk7-mz.124-12.bin ) of your
flash. Use the following command

Router(config)#boot system flash c2600nm-advsecurityk7-mz.124-12.bin


When you want your router boot from the image located in a TFTP server with IP 10.10.10.10, use the following command
format:

Router(config)#boot system tftp c2600nm-advsecurityk7-mz.124-12.bin 10.10.10.10

TFTP Command (to backup configuration file)


To save the running configuration from the router to the TFTP server:

Router (config) # copy running-config tftp:


Address or name of remote host []? (here type the IP of the TFPT server and press
enter)
If you want your configuration file to be saved in the TFTP server with default file name, then no need to type anything after
Destination filename [Router-confg]? .Press the Enter key. Otherwise, just type a suitable name.

Restore configuration from Backup Server (TFTP)


To load a running-configuration from the TFTP server to the router, use the command:

Router (config) # copy tftp: startup-config


Address or name of remote host []? (Type the IP of TFTP server)
Next, type the name of the config file that is in your TFTP server. For example, the name of the configuration file in the TFTP
server is router-config, then type that name as shown in the screenshot given below:
Note: no need to type anything in the destination, just press Enter and your current startup-config will be replaced by the
configuration file stored in the TFTP server.

Password Recovery Command and Process


1. Switch on your router.
2. Press Break key a number of times while loading to enter the rommon.
3. type confreg 0x2142 at the rommon.
4. Type reset.
5. Type no or press ctrl+c.
6. Type enable
7. Type configure memory or copy startup-config running-config.
8. Type show running-config.
9. Type enable secret password.
10.
Type config-register.
11.
Next, type config-register 0x2102. The will make the router boot from the startup-config of the NVRAM.
12.
Save the config by typing copy run start.
13.
Reload the router using reload command.

Checking IOS version and Config register value

Router (config) #show version

Terminal Command

Router#show terminal

Display Command History

Router#show history

To check the amount of flash memory

Router (config) #show flash

To delete a particular ISO image in Flash

R1#delete flash:c2600-ipbase-mz.124-1c.bin

Check Contents of NVRAM

Router#cd nvram:
Router#pwd
Router#dir
Note: pwd is used to see the current directory name.

Check Contents of RAM

Router#cd system:
Router#pwd
Router#dir

Check Contents of Flash

Router#cd flash:
Router#pwd
Router#dir

Changing Register Configuration

Router (config) #config-register 0x2101


Router (config) #exit
Router#show version

Router Directory Status and Memory Test


File System Status

Router#show file systems

Router Hardware Information

Router#show hardware

Verify default directory

Router#pwd

Verify Directory Contents

Router#dir

Using CDP to gather Neighbour Information

Commands

Router#show cdp
neighbors
Router#show cdp
neighbors detail

Show cdp neighbours.

Show cdp neighbour details.

R2#show cdp entry *


protocol

Shows all CDP neighbour


entries.
Show cdp protocol entries
including IP address of the
neighbours.

R2#show cdp interface

Show all CDP interfaces.

R2(config)#cdp run

To enable CDP in a router.

R2(config)#no cdp run

To disable CDP in a router.

Router(config)#interface
fastEthernet 0/0
Router(config-if)#cdp
enable

To enable CDP in an
interface if it is not enabled.

Router(config)#interface
fastEthernet 0/0
Router(config-if)#no
cdp enable

To disable CDP in a
particular interface.

Router(config)#cdp
holdtime (10-255)

Specify CDP packet hold


time in seconds.

Router(config)#cdp
timer <5-254>

Specify the rate at which


CDP packets are sent in
second

R2#show cdp entry *

Set an IP in Router Interface


1. Access the interface mode.
2. Type ip address (ip address) (subnet mask)

Router (config) #interface fastEthernet 0/0


Router (config-if) # ip address 10.10.10.1 255.255.255.0

Interface Speed Change

Router(config)#interface fastEthernet 0/0


Router(config-if)#speed
Router(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
auto Enable AUTO speed configuration
Router(config-if)#speed 100

Interface Status Command

Router#show ip interface brief

Physical Interface Problem Verification

router# show controllers interface interface-id


router# show controllers fastEthernet 0/0

Command to Use When Router Stops Responding


When your routers command prompt does not respond or get freezed because of command typing errors , just press

Control+Shift+6 in your computer to get back to the command prompt.

Static Routing Command & Example


Set a Static Route to a Remote Destination Network

Router (config) #ip route network mask next-hop IP /interface distance


Elements of IP route
description
command
Destination network address
Network
Subnet of destination
Mask
network
IP of the next hop router to
get to the destination
Next hop IP
network
The interface that will be
used to send traffic to the
destination. If you do not set
Next hop interface
the next hop command, you
can use this command to
specify the interface.
This is optional; this
indicates that trustworthiness
of your router.
The default AD is 1 for static
route. The lower the AD the
more trustworthy the route
Administrative distance
is.so, if you do not add this
command at the end of the
static route, the router will
assign that route a default
administrative distance.

Default Routing Command


When a router does not find a route for a specific destination in its routing table, it tries to send it to the default route. The
default route configuration format:

Router (config) # ip default-network network-address


Note: routers discard packets for unknown network unless you have configured a default network.
To delete a static route, use the no command at the beginning of the route command.
Router (config) #no ip route 172.11.11.0 255.255.255.0 192.168.1.1

Administrative Distance Modification

Router (config) #ip route network-address mask next-hop-IP 5


Here, 5 is the AD. The range of AD is 0-255. A route with lower AD is always preferred over a route with higher AD.
For example, if you configure two routes with different AD for the same destination network 10.10.0.0, the route with lower
AD will be used to send traffic.

router (config) #ip route 10.10.0.0 255.255.0.0 30.1.1.1 5


router (config) #ip route 10.10.0.0 255.255.0.0 20.1.1.1 3 (this route will be preferred
because AD is 3).
Route
Default AD
Connected
0
interface
1
Static route
90
EIGRP
100
IGRP
120
RIP
110
OSPF
External EIGRP 170
255
Unknown
Note: connected interfaces are always preferred over all other routes. Normally, unreachable network is deleted from the
routeing table. If you want to keep it permanent, you can use permanent keyword at the end of the command such as

Router (config) #ip route network-address mask next-hop-IP permanent


To check status of all direct and reachable remote networks, use the show ip route command:

Router#show ip route

Routing Table Diagnostic Commands

Router#show ip route
Description: this command will show a list of routes to all the directly connected or reachable remote networks.

Router#show ip protocols
Shows ip protocol command shows: which routing protocol is in use, update frequency, time to next update, timer settings,
metric weights, max hops, load balancing, networks advertised, gateways found, and AD to each route.

Router#show protocols
It shows which protocols are enabled and the status of layer 1 and layer2 along with IP addresses of each interface.

Router#show ip protocols
This command shows which routing protocol is running in the router. For instance, if your router is running OPSF and EIGRP,
it will show you both in the output of this command.

Router#show run
or
Router#show running-config
It shows the routers running configuration. You may need to your running configuration when you troubleshoot routing
problems.

Router#debug ip rip
You can see RIP routing updates with this debug command. If you are logged on to your router with Telnet, you need to type
terminal monitor command to see the debug messages in your screen.

Anatomy of Show IP Route Command

Output of running show ip route command in router R2 has been shown below :

Note: route denoted with C means directly connected networks and S means static routes. There is only one dynamic route
in R2, denoted by O ,which means it is an OSPF route.

OSPF Commands
OSPF Basic Configuration

Router (config) # router ospf 1


Router (config-router) # network 10.10.10.0 0.0.0.255 area 0
Router (config-router) # network 172.16.1.0 0.0.0.255 area 1

OSPF Status Check

Show ip ospf
Show ip ospf statistics
Show ip ospf traffic
Show ip ospf virtual links
Show ip ospf database
Show ip ospf neighbour
Show ip ospf border routers
Show ip ospf summary address

OSPF IPV6 Command


To enable IPv6 in an OSPF router, use the following command:

Router (config) # router ospf (process id)


Note: process id can be anything from 1 to 65535.

How to Enable OSPF in an Interface


For example, you want to enable OSPF in a particular interface only. To do so use the following command:

Router (config) # interface serial 0/0/0


Router (config-if) # ip ospf 8 area 0

OSPF Process Redistribution in the Same Router


Suppose, you are running two OSPF processes in a single router and want the networks under those processes to communicate
with each other. To start communication, you need to redistribute the routes between them.

Router (config) #router ospf 1


Router (config-router) #redistribute ospf 2
Router (config-router) # exit
Router (config) #router ospf 2
Router (config-router) #redistribute ospf 1
If you are using classless subnets, which is quite likely, then you have to add
redistribute command such as:

Router (config) #router ospf 1


Router (config-router) #redistribute ospf 2 subnets
Router (config) #router ospf 2
Router (config-router) #redistribute ospf 1 subnets

subnet command at the end of each

OPSF Database Command

Router (config) #show ip ospf database

OSPF Interface Status Command


Router#show ip ospf interface
Router#show ip ospf interface fastEthernet 0/0

Restart OSPF Process Without Restarting The Router

R1#clear ip ospf 1 process


Reset OSPF process? [no]: yes

OSPF Network Type

Router (config-if) # ip ospf network point-to-multipoint

OSPF Router Priority Change Command

Router (config) # interface fastEthernet 0/1


Router (config-if) # ip ospf priority 2

List of Useful OSPF Commands

OSPF Commands
show ip ospf borderrouters

Shows OSPF border routers

show ip ospf
database

Show OSPF database


summary

Show ip ospf
neighbor

Shows OSPF neighbour list

show ip ospf
statistics

Show various OSPF statistics

Show ip ospf traffic

Display OSPF related traffic


information

Show ip ospf
summary-address

Summary-address
redistribution Information

Show ip ospf
virtual-links

Shows OSPF virtual link


information

OSPF Troubleshooting Commands

OSPF debug Commands


debug ip ospf adj

OSPF adjacency events.

debug ip ospf events

OSPF events.

debug ip ospf spf

OSPF SPF calculation.

debug ip ospf hello

Display ospf hello events.

debug ip ospf flood

Ospf flooding.

debug ip ospf packet

Display ospf packet


information.

RIP Commands
To configure RIP in a router, you have to enable it at first as shown below:

Router (config) #router rip


Router (config-router) # network 172.16.0.0
Note: you do not need to add any mask to start RIP routing process in a Cisco router. You need to add all the directly connected
networks using the network command as shown above.
If you want to use RIP version 2 then, you need to mention it when you enable it in your router.

Router (config) #router rip


Router (config-router) #version 2
If you want to limit RIP broadcast traffic in a particular interface, you can do so using the passive-interface command.
Remember that when you configure passive interface command in RIP, it will only receive RIP updates from the neighbours,
but will not send any updates.
Example: suppose you can want to stop sending RIP updates through your fastEthernet 0/1.

Router (config) #router rip


Router (config-router) # passive-interface fasthEthernet 0/1
Redistribute static route into RIP
Suppose, you have created a static route in the same router that is running RIP. If you want RIP to advertise this static route to
its neighbours, you have to tell it to your router using a redistribute command. Otherwise, RIP will never propagate this static
route.

Router#configure terminal
Router (config) #ip route 200.12.2.0 255.255.255.0 172.1.1.2
Router (config) #router rip
Router (config-router) #redistribute static
Router (config-router) #end

Default Route in RIP

Router#configure terminal
Router (config) #ip route 0.0.0.0 0.0.0.0 172.16.1.1
Router (config) #router rip
Router (config-router) #version 2
Router (config-router) #default-information originate
Router (config-router) #end
An alternate way to generate a default route in RIP is using the redistribute static command.

Router#configure terminal
Router (config) #ip route 0.0.0.0 0.0.0.0 172.16.1.1
Router (config) #access-list 10 permit 0.0.0.0
Router (config) #router rip
Router (config-router) #version 2
Router (config-router) #redistribute static
Router (config-router) #distribute-list 10 out static
Router (config-router) #end
Note: in CCNA exam, you do not have to do any kind of route distribution because it is considered CCNP level topic. But you
can learn this important concept in order to visualize complex networking environments where multiple dynamic routing
protocols run in the same router.

Disable RIP In A Particular Interface

Router#configure terminal
Router (config) #access-list 10 deny any
Router (config) #router rip
Router (config-router) #version 2
Router (config-router) #passive-interface FastEthernet0/1
Router (config-router) #distribute-list 10 in FastEthernet0/1
Router (config-router) #end
Note: the distribution list command in the above statement will block any routing updates coming to the FastEthernet 0/1. If
you only used the passive-interface command, not the distribution list, your router would receive routing updates but would
not send any updates.

Verify RIP Route

To verify RIP route use show ip route and show ip roip databasecommand.

EIGRP Commands
Configure EIGRP

Router#configure terminal
Router (config) #router eigrp 10
Router (config-router) #network 172.16.0.0
Router (config-router) #network 10.0.0.0

EIGRP Passive Interface

Router (config) #router eigrp 20


Router (config-router) #passive-interface serial 0/1

BGP Commands
Step1: To enable BGP, use the following commands in global configuration mode. Use the network command to specify a
network to advertise via BGP.

Router bgp as-number

BGP Network Configuration Example

R1(config)#router bgp 100


R1(config-router)#network 192.168.0.0
R1(config-router)#network 192.168.1.0
R1(config-router)#no synchronization
Note: Autonomous system number or AS number can be anything from 1 to 65535. If you do not use no synchronization
command BGP will not advertise network 192.168.0.0 and 192.168.1.0 unless R1 learns about them from an internal routing
protocol such as OSPF.
Step 2: specify BGP neighbor router
Neighbor ip-address remote-AS

BGP Neighbour Configuration Example

R1(config-router)# neighbor 10.0.0.1 remote-as 200


R1(config-router)# neighbor 172.16.0.1 remote-as 300

The complete configuration:

R1(config)#router bgp 100


R1(config-router)#network 192.168.0.0
R1(config-router)#network 192.168.1.0
R1(config-router)# neighbor 10.0.0.1 remote-as 200
R1(config-router)# neighbor 172.16.0.1 remote-as 300
R1(config-router)#no synchronization
BGP Next Hop Configuration

RouterA(config)#router bgp 3000


RouterA(config-router)#neighbor 20.20.20.0 next-hop-self
Note: the command next-hop-self advertise to its neighbors that it is working as a next hop for the network 20.20.20.0, which
means router A is responsible for network 20.20.20.0. Therefore, if any other neighbors want to send traffic to the network
20.20.20.0, it should send forward packets to router A which in turn will pass it to that network.
Multi-Hop Neighbor
If external BGP neighbors are not directly connected, you must tell your BGP routers the maximum number of hops they may
look for to find the neighbors. For example, if the neighbor router is 2 hops( 2 routers) away from router R2 then you can use
the following command.
R2(config-router)#neighbor 10.10.10.10 ebgp-multihop 2
Note: When you change any BGP attributes, you can apply this change either by clearing BGP session or by doing a soft reset.

Useful BGP Commands


Show ip bgp

Descriptions
Shows bgp information

Show ip bgp summary


Show ip bgp neighbors

Show ip bgp rib-failure


Clear ip bgp
Clear ip bgp * soft in
Clear ip bgp * soft out
Debug ip bgp events
Debug ip bgp ipv4 unicast

Shows summary of bgp


neighbor status
Shows detailed information
on TCP and BGP neighbor
connections
Shows bgp routes that failed
to install in the routing table
(RIB)
Clear BGP connections
Soft clear all inbound
updates
Soft reconfigure all
outbound updates
Shows all bgp events in the
router
Turn on debugging for IPv4
Unicast addresses.

Access List Commands


Standard Access Control list Configuration
Standard access lists use only source IP address in the list to filter traffic. They cannot differentiate between different types of
IP packets such as http, https, ftp, telnet. If a source IP or network IP is denied by the standard access list, then all types of IP
traffic will be restricted by the router.

ID number

Types of access
list

1 99

Stand access list

1300-1000

Standard access list


(extended)

100 199

Extended access list

200 299

Protocol Type Code

300 399

DECnet

400 499

XNS standard

500 599

XNS extended

600 699

AppleTalk

700 799

48-bit MAC Address


standard

800 899

IPXstandard

900 999

IPXextended

1000 1099

IPXSAP

1100 1199

48-bit MAC Address


extended
IPX Summary Address
extended

1200 1299

Note: remember that a standard access list is placed closest to the destination network of the traffic and an extended accesslist is placed closest to the source of the traffic.
Standard Access List Command Format:
Router(config)# access-list <1-99> <deny/permit> <source_address>

Steps to create standard access list


1. Create the access list in global configuration mode of your router
2. Apply in it in the interface
For example, you want to block all IP traffic coming from network 170.1.1.0/24 (mask 255.255.255.0) to your router A, and
permit traffic from all other networks.
Step 1(creating access list):

RouterA (config) #access-list 10 deny 170.1.1.0 0.0.0.255


RouterA (config) #access-list 10 permit any
Note: if you did not add access-list 10 permit any in the second line, your router would block all other IP traffic, no IP traffic
would be allowed to enter your router from outside.
Step2 (apply access list in an interface):

RouterA (config) #interface fastEthernet 0/0


RouterA (config) #ip access-group 10 in

Note: if you wanted to block outgoing traffic from your router, you would have to write ip access-group 10 out.

Allow IP Traffic From A Specific Host


For example, you want to allow traffic only from a specific host with Ip 172.32.16.27; you have to write the command as
follows:

Router (config) # access-list 20 permit 172.32.16.27 0.0.0.0


Note: here 0.0.0.0 wild card mask means that only that specific IP will be matched.
You can write the above command in the following way as well:

Router (config) # access-list 20 permit host 172.32.16


Note: if you use the keyword host you do not have to mention the wild card mask after the IP.
You can also create access-list with the following command as well.
R1 (config) #ip access-list standard 10
R1 (config-std-nacl) # permit 10.10.10.0 0.0.0.255
Access-List Verification Command

Show ip interfaces
Show access-list
Show access-list (access list number)

Extended Access List


The limitation of standard access list is that it cannot allow one service and block the others. For example, if you want to allow
the users to access http service, but not the FTP service from a network, you cannot do that with a standard access list because
it cannot specify the service with commands. In this case, you have to use extended access list which can allow the users from
a network to use specific service and block other services.

Router (config) #access-list id permit/deny protocol source-IP wildcard-mask


destination-IP wildcard mask.
From example, you dont want anyone open a FTP connection from the network 170.32.8.0/24 to the FTP server 192.168.23.2
located in 192.168.23.0/24 network, which means no users from the network 170.32.8.0 will be able to access the FTP server.
Users from all other networks will be allowed to FTP this FTP server.

Router (config) # access-list 120 deny tcp 170.32.8.0 0.0.0.255 192.168.23.2 0.0.0.0 eq
ftp
Router (config) # access-list 120 permit ip any any
Router (config) # interface fastEthernet 0/0
Router (config-config) #ip access-group out

Note: if you want to block http traffic you just have to write www after eq in the above command.

Named Access List


Named access list is not a new type of access list. They are either standard or extended access list. They are created and
referred in different ways in comparison to standard and extended access list. So, in brief, you can write both standard and
extended access list in a different way by giving your access list a name, which is called named access list
Note: remember that named access lists are compatible to IOS version11.2 and onwards. You can use the same name for
creating multiple access lists.
Name access-list command format

Router (config) #ip access-list extended mylist1


Router (config-extended) #permit tcp any host 120.10.10.10 eq smtp
Router (config-extended) #exit
Router (config) #interface fastEthernet 0/1
Router (config-if) # ip access-group mylist1 out
Note:here, mylist1 is the name of the named access-list.

NAT Commands
Network address translation or NAT translates a subnet or IP into another range of subnet or IP so that we can establish
communication between two different IP ranges. Before start using NAT command, you need to be familiar with the following
NAT terms:
Inside local address: an IP assigned to a local host. Here, local host means a host computer or device that is using private IP
address, and cannot communicate directly to the Internet or outside world. Therefore, in NAT terminology, a private IP address
assigned to a local host is called inside local.
Inside global: it means a public IP address assigned by the service provider. This IP can directly communicate with the
Internet. Normally, when an inside local wants to communicate with Internet or any public IP, it takes help of inside global
address.
Outside local: this is a private IP address that is assigned to a host that is outside to the local network. The purpose of NAT is
to establish communication link between the inside local addresses and the outside local addresses.
Outside global: this is, normally, a public IP address assigned to the outside interface of an outside network.
Static NAT command format:
Router (config) #ip nat inside source static inside-local-address inside-global-address

Example:

Router (config) #ip nat inside source static 10.1.1.1 172.1.1.1


Router (config) # interface fastEthernet 0/0
Router (config-if) #ip nat inside
Router (config-if) #exit
Router (config) #interface fastEthernet 0/1
Router (config-if) # ip nat outside
Note: in the above example, 10.1.1.1 is the inside local address and 172.1.1.1 is the inside global address.

Dynamic NAT
In dynamic NAT, each inside local user is assigned an IP address from a pool of IP addresses, in most cases these pool consists
of public IP addresses, when they try to connect to the Internet or outside network.
Dynamic NAT command format:
1. Create a NAT Pool
Router (config) # ip nat pool (name of your pool) starting-IP-address end-IP-address
Router (config) #ip nat pool mypool1 192.16.16.2 192.16.16.254 netmask 255.255.255.0
2. Create a translation list
Router (config) #ip nat inside source list 1 pool mypool1
3. Apply the NAT inside interface
Router (config) #interface Ethernet0
Router (config-if) #ip address 10.10.10.10 255.255.255.0
Router (config-if) #ip nat inside
4. Apply the NAT in the outside interface
Router (config) #interface Serial0
Router (config-if) #ip address 170.168.2.3 255.255.255.0
Router (config) #ip nat outside
5. create an access list that will allow translation between the address pool and the inside local addresses.
Router (config) #access-list 1 permit 10.1.1.0 0.0.0.255

PAT or Port Address Translation (Overload) Commands


PAT or port address translation translates local IP addresses to a single global IP, using a unique port number to identify each
local address.
The steps for creating NAT using PAT:
1. Create a global NAT pool.
Router (config) #ip nat pool globalnat 170.168.2.1 170.168.2.1 netmask 255.255.255.0
2. Bind globalnatpool address (170.168.2.1) with the inside local address.
Router (config) #ip nat inside source list 1 pool globalnet overload
3. Enable NAT in inside interface
Router (config) #interface Ethernet0/0
Router (config-if) #ip address 10.1.1.10 255.255.255.0
Router (config-if) #ip nat inside
4. Enable NAT in outside interface
Router (config) #Router (config) #interface Serial0/0
Router (config-if) #ip address 170.168.2.1 255.255.255.0
Router (config-if) #ip nat outside
5. Create an access list specifying the inside local IP address
Router (config) # access-list 1 permit 10.1.1.0 0.0.0.255
NAT verification commands

show ip nat translations


debug ip nat
show ip nat translations
show ip nat statistics
show ip nat detailed

When you configure NAT in a router, it creates a NAT entry for every translation. To clear all translation you can use the
following command:

Router (config) #clear ip nat translation *


To delete only the dynamic translation use the following command:

Router (config) # clear ip nat translation forced

IPV6 Command
To manually assign IPv6 address in an interface, at first you need to run ipv6 unicast-routing in the global configuration
mode, which will enable IPv6 in the router.

RouterA# configure terminal


RouterA (config) # ipv6 unicast-routing
!
RouterA (config) # interface fastethernet0/0
RouterA (config-if) # ipv6 address 2001:0:aabb:1:2222:3333:4444:5555/64
RouterA (config-if) # ipv6 address 2001:0:aabb:2::1 /64

IP Services
DHCP Configuration
1. Configure the routers interface

Router# configure terminal


Router (config) # interface fastEthernet 0/0
Router (config-if) # ip address 192.168.10.1 255.255.255.0
Router (config-if) # no shutdown
Router (config-if) # exit
2. Exclude addresses from the DHCP pool (optional). You have to do it only when you want to reserve a range of
address for static IP assignment.

Router (config) # ip dhcp excluded-address 192.168.10.1 192.168.10.99


3. Create a DHCP Pool to lease addresses to client computers and routers.

Router (config) # ip dhcp pool my_dhcp_pool


Router (dhcp-config) # network 192.168.10.0 255.255.255.0
Router (dhcp-config) # default-router 192.168.10.1
Router (dhcp-config) # dns-server 192.168.1.1
Router dhcp-config) # domain-name mydomain.com
Router (dhcp-config0# lease 4 12 40
Router (dhcp-config) # end
Note: in the above configuration, both the DNS and the default-router command are optional. The default-router specifies the
default gateway for the client machine. If you want your client machine to manually configure the default-gateway, you do not
need to write this command. Both DNS and default router address will be handed over to the client when the clients request for
DHCP IP to DHCP server (in this case your router is functioning as a DHCP server). You can choose domain name to be
anything you like because it has local significance only. You can specify the lease time if you want to. The command lease 4
12 40 means you are leasing the IP for 4 days, 12 hours and 40 seconds.
Configure Cisco ROUTER as a DHCP Client
If you want a router to receive an IP address from your DHCP server, add the ip address dhcp command in the routers
interface as shown below:

Router# configure terminal


Router (config) # interface fastEthernet 0/0
Router (config-if) # ip address dhcp
Router (config-if) # no shutdown

Useful DHCP commands


show ip dhcp pool

Show information about


configured DHCP address
pool.

show ip dhcp server


statistics
show ip dhcp database
show ip dhcp conflict

ip address dhcp

Show ip dhcp binding

Shows DHCP server statistics


and messages.
Shows whether there is any IP
conflict or not.
This command is given in a
routers interface, which
specifies that the interface
should acquire IP from a
DHCP server.
Shows the mac address of the
machines that has received IP
from DHCP server and lease
expiration time.

DNS Configuration Commands


When you do not have a local DNS in your network, you may need to configure a public DNS IP in your router so as your local
machine can access the Internet. You just have to configure public DNS information in your router, and after that your users can
access Internet simply typing the URL of the site in their browser. In this case, your router will send all the DNS queries to the
public DNS server, and send back the IP of the requested site to your users computer. The two steps process to configure DNS
in a Cisco router:
1. Enable the DNS service in your router.
2. Configure the public DNS IP.
Step 1: enable DNS service
Router# configure terminal
Router (config) # ip dns server
Router (config) # ip domain-lookup
Step 2: add DND server IP
Router (config) # ip name-server 8.8.8.8
Router (config) # ip name-server 8.8.4.4
Note: here we have configured two Google DNS IP. You can configure additional DNS IP as well if you want to do so.
Usually, Cisco IOS allows configuring 6 different DNS servers IP.

Switching Commands
VLAN Commands

Switch (config) #vlan ?


<1-1005> ISL VLAN IDs 1-1005
Switch (config) #vlan 2
Switch (config-vlan) #name research
Switch (config-vlan) # exit
Switch (config) #interface vlan 2
Switch (config-if) #description * VLAN2 for research project*

Show all VLAN information


Show specific VLAN
Show vlan id
information
Show all VLAN status in
Show vlan brief
brief
Show secure port
Show port-security
information
show port-security address Show secure address
Show port-security
Show secure interface
interface (interface type)
(port)
Show interface vlan vlan- Show interface details of a
specific vlan
id
Show vlan

Inter-VLAN Routing
Create VLANs logical interface

Switch (config) # interface vlan 10


Switch (config-if) # ip address 10.10.10.10 255.255.255.0
Switch (config-if) # no shutdown
Note: you need to create only a logical VLAN interface when you want to connect to your switch from the computer for
management purpose. There is no other purpose of creating a VLAN interface other than management of the switch. Remember
that VLAN interface is also called management interface.
Creating VLANs

Switch (config) #vlan 10


Switch (config-vlan) #name
Switch (config-vlan) #name research
Switch (config-vlan) #exit
Switch (config) #vlan 20
Switch (config-vlan) #name
Switch (config-vlan) #name support-team
Switch (config-vlan) #exit
Switch (config) #vlan 30
Switch (config-vlan) #name executives
Adding Ports to VLANs
Suppose, you plan to distribute the following ports to among VLAN 10, VLAN 20 and VLAN 30

VLAN 10
VLAN 20
VLAN 30

Port 0/1- 0/9


Port 0/10- 0/20
Port 0/21- 0/23

10.10.10.0/24
20.20.20.0/24
30.30.30./24

Switch (config) #interface range fastEthernet 0/1-9


Switch (config-if-range) #switchport mode access
Switch (config-if-range) #switchport access vlan 10
Switch (config-if-range) #exit
Switch (config) #interface range fastEthernet 0/10-20
Switch (config-if-range) #switchport mode access
Switch (config-if-range) #switchport access vlan 20
Switch (config-if-range) #exit
Switch (config) #interface range fastEthernet 0/21-24
Switch (config-if-range) #switchport mode access

Switch (config-if-range) #switchport access vlan 30


Creating a trunk port in the switch

Switch (config) #interface fastEthernet 0/24


Switch (config-if) #switchport mode trunk
Router Configuration For Inter-VLAN Communications

Router (config) #interface fastEthernet 0/0


Router (config-if) #no shutdown
Router (config) #exit
Router (config) #interfaces fastEthernet 0/0
Router (config-if) #no shutdown
Router (config) #exit
Sub-interface for VLAN 10

Router (config) #interface fastEthernet 0/0.1


Router (config-subif) #encapsulation dot1Q 10
Router (config-subif) #ip address 10.10.10.254 255.255.255.0
Router (config-subif)#no shutdown
Sub-interface for VLAN 20

Router (config) #interface fastEthernet 0/0.2


Router (config-subif) #encapsulation dot1Q 20
Router (config-subif) #ip address 20.20.20.254 255.255.255.0
Router (config-subif) #no shutdown
Sub-interface for VLAN 30

Router (config) #interface fastEthernet 0/0.3


Router (config-subif) #encapsulation dot1Q 30
Router (config-subif) #ip address 30.30.30.254 255.255.255.0
Router (config-subif) #no shutdown
Note: when you connect a PC to a VLAN, make sure you have set the respective sub-interface IP as the default gateway in your
PC. For example, if you connect to VLAN 10 then the PC should have a default gateway IP of 10.10.10.254.

VTP(VLAN Trunking Protocol)


The main purpose of VTP is to reduce administrative burden in a switched environment. The network administrator needs to
configure VTP in a VTP server, and the VLAN information will be shared with all the VTP clients. By default all the catalyst
switches are VTP server. There are two methods that you can use to configure VTP .
VTP server configuration

Switch(config)#vtp mode server


Device mode already VTP SERVER.
Switch(config)#vtp domain myvtp
Switch(config)#vtp password cisco
VTP client configuration

Switch(config)#vtp mode client


Device mode already VTP SERVER.
Switch(config)#vtp domain myvtp
Switch(config)#vtp password cisco

VTP Pruning
VTP pruning is a way to save VTP bandwidth by limiting broadcast, multicast and unicast. A VTP pruned switch only sends
broadcast traffic in the trunk link.

VTP Status Check Command

Switch#show vtp status


Switch#show vtp

Port Security Commands


To make sure that no one can just plug in to your switch, and start using your network, you can configure port-security
command.

Switch#configure terminal
Switch (config) #interface fastEthernet0/1
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security maximum 1
Switch (config-if) #switchport port-security violation shutdown
The above configuration will allow only one host to the fastEthernet 0/1 port. Whenever this rule is violated, the switch will
shut down the port.
If you want a particular mac address to be permanently attached to a port, you can use the following command:

Switch #configure terminal


Switch (config) #interface fastEthernet0/1
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security maximum 1
Switch (config-if) # switchport port-security mac-address 1100.4400.3300
Switch (config-if) #switchport port-security violation shutdown
Alternative, you can make mac address to be sticked with a particular port.

Switch#configure terminal
Switch (config) #interface fastethernet0/1
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security mac-address sticky
Switch (config-if) #switchport port-security maximum 3
Switch (config-if) #switchport port-security violation shutdown
Note: the first three mac address will be attached to the port fastEthernet 0/1 for the duration of port aging time set by you. If
the users try to connect the fourth host to that port, the port will be shutdown automatically. You can set the port security aging
command in your switch from the interface mode as shown below:

Switch#configure terminal
Switch (config) #interface fastEthernet0/1
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security aging time 300
Note: here, aging time is 300 minutes

MAC Address List

Switch#show mac-address-table

Spanning Tree command


The main job of STP (spanning tree protocol) is to avoid network loops by shutting down redundant links.
To change the priority of a bridge use the following command:

Switch B (config) #spanning-tree vlan 1 priority 4096


Note: you can set priority to any value from 0 to 61440. A priority of 0 means the switch will always will be a root bridge
when it has a lower mac address in comparison to the other bridges which also have priority zero, but have higher mac
addresses. Remember that a bridge priority is always set an increment of 4096.
When you want a port to become active as soon as they are connected to the network, you can use the spanning tree port fast
command.

Switch (config) #interface fastEthernet 0/1


Switch (config-if) #spanning-tree portfast
If you want to set port fast command for a range of ports such as from ports 0/1 to 0/10, use the range keyword as
shown below:

Switch (config) #interface range fastEthernet 0/1 - 10


Switch (config-if-range) #spanning-tree portfast
Note: in a normal circumstance, when a port is connected to a network, it takes 50 seconds for that port to go into forwarding
state.

RSTP(Per-Vlan rapid spanning tree mode)

Router(config)#spanning-tree mode rapid-pvst


Note: if you want to take the advantage of portfast, uplinkfast and backbonefast commands, which improve convergence time,
with just one command just enable RSTP as shown above.

PVST(Per-Vlan spanning tree mode)

Switch(config)# spanning-tree mode pvst

Spanning tree root bridge and priority check

show spanning-tree
show spanning-tree vlan 1

EtherChannel
The two versions of EtherChannel negotiation protocol are Cisco and IEEE.

Each etherchannel can support upto eight compatible Ethernet interfaces.


Each interface must be at same speed.
When a link in a Etherchanel fails, the traffic of that failed link is carried by the remaining links in that channel.

EtherChannel Configuration

Switch (config)#interface port-channel ?


<1-6> Port-channel interface number
Switch (config)#interface port-channel 1
Switch (config-if)#exit
Switch (config)#interface range fastEthernet 0/1-7
Switch (config-if-range)#switchport mode trunk
Switch (config-if-range)#switchport nonegotiate
Switch (config-if-range)#channel-group 1 mode desirable
Note: the above configuration will use Cisco version of EtherChannel negotiation protocol.
If you want to use IEEE version of EtherChannel negotiation protocol, use the following commands to configure EtherChannel:

Switch (config)#interface port-channel 1


Switch (config-if)#exit
Switch (config)#interface fastEthernet 0/1-7
Switch (config-if-range)#switchport trunk encapsulation dot1q
Switch (config-if-range)#switchport mode trunk
Switch (config-if-range)#switchport nonegotiate
Switch (config-if-range)#channel-group 1 mode desirable
Note: dot1q means Interface uses only 802.1q trunking encapsulation when trunking the switch ports.
Etherchannle interface status command

Switch#show interface etherchannel

WAN commands
PPP Configuration Commands
Step 1: configure PPP encapsulation in an interface

Router#configure terminal
Router (config) #interface serial 0/0
Router (config-if) #encapsulation ppp
Step 2: set hostname, username and password

Router#configure terminal
Router (config) #hostname myrouter
myrouter (config) #username router password cisco
Step 3: choose an authentication type

myrouter#configure terminal
myrouter (config) #interface serial 0/0
myrouter (config-if) #ppp authentication chap pap
Note: in the above configuration, we have configured both chap and pap. The advantage of configuring the both is that when
PPP negotiation starts with another router, this router will use the first authentication (chap) to establish connection. The
second one (pap) will be used if only the first one fails to establish the connection.

Frame Relay
1.Encapsulation type
If you do not type anything, the default encapsulation type will be Cisco. In the following command the default encapsulation
will be Cisco.

Router (config) #interface serial 0/0


Router (config-if) #encapsulation frame-relay
If you want to ietf encapsulation, mention ietf as shown below:

Router (config) #interface serial 0/0


Router (config-if) #encapsulation frame-relay ietf
2. DLCI Number

Router (config-if) #frame-relay interface-dlci 12


3.Declare Frame Relay LMI type

Router (config-if) #frame-relay lmi-type cisco


Note: ansi and q833a are the other types of LMI that you can configure.
Frame relay sub-interface creation commands:

Router (config) #interface serial 0/0


Router (config-if) #encapsulation frame-relay
Router (config-if) #exit
RouterA (config-if) #interface serial 0/0.12 point-to-point
If you wanted to create a multi-point link you have to use the following command.

RouterA (config-if) #interface serial 0/0.12 multipoint

Frame Relay commands


show frame-relay map

Show frame-relay pvc

Description
Used to show mapping
between IP and DLCI
number.
Show information about
frame relay permanent
virtual circuits.

Useful Commands to Disable Unnecessary Network Services


Services

Commands
Router(config)#access-list
120 deny udp any any eq
snmp
Disable SNMP service
Router(config)#interface
s0/0
Router(config-if)#accessgroup 120 in
Router(config)#no service
tcp-small-servers
Router (config)#no service
udp-small-servers
Router (config)#no service
finger
Router (config)#no ip http
Disable HTTP server
server
Disable CDP in the router Router(config)#no cdp run
Disable CDP in an
Router(config-if)#no cdp
individual interface
enable
Router (config)#interface
Disable ICMP unreachable s0/0
message
Router (config-if)#no ip
unreachable
Router(config)#interface
Disable multicast ip route s0/0
caching
Router(config-if)#no ip
mroute-cache
Disable redirect message
Description: redirect message
is used to notify hosts about
optimal router, which has the
potential to expose internal
Router(config)#interface
network topology to an
s0/0
attacker.
Router(config-if)#no ip
Remember that if you disable
this service, legitimate users redirects
may not use the optimal

route because there will be


no notification to the host
machine.
Disable Proxy ARP:
Description: using proxy
ARP a computer can reach a
remote computer without
configure default gateway. If
you do not need this service,
disable it in every interface
of your router.
Disable Echo

Router (config)#interface
fa0/0
Router(config-if)#no ip
proxy-arp

Router(config)#no service
tcp-small-servers
Router(config)#no service
udp-small-servers

Disable finger
Description: it is used to
Router(config)#no service
display information about all finger
users in the network.
Router(config)#no ip boot
server
Disable BootP
Disable auto-config

Router(config)#no service
config

Command Customization Tricks


when you want to see only a portion of the running configuration that includes a specific IP such as 20.1.1.1, use the following
command.

Router# show run | include 20.1.1.1


Instead of seeing the full configuration you will see only the following output. This command customization becomes extremely
helpful when you have to deal with a large configuration file, consisting of hundreds of lines.
Sample output of show run | include 20.1.1.1 command

ip nat pool myposl1 20.10.10.1 20.10.10.12 netmask 255.255.255.0


Instead of writing the keyword include you can simply write i as shown below:

router# show run| i 20.1.1.1


If you want to see the configuration that includes the keyword route, use the following customized command:

R1#show run | i route


Sample output

router ospf 1
ip route 200.1.1.0 255.255.255.0 12.1.1.1
When you want to filter a section of output, you have to use section keyword as show below:

Router# show run | section ospf


Or

Router#show run| s ospf


Sample output

router ospf 1
log-adjacency-changes
network 200.1.0.0 0.0.255.255 area 0
If you used include keyword instead of section, you would see the following output:

router ospf 1
When you need to see the configuration lines that begins with a specific word such as route you can use begin keyword. It
will show the output starting with the keyword.

Router#show run | begin route


Or

Router#show run | b route