Upload
damog
View
41
Download
0
Embed Size (px)
DESCRIPTION
CCNA Cisco CLI Command Line for Cisco Router and Switch
Citation preview
www.facebook.com/ahmedclipearth - www.clipearth.com
1
Cisco CLI command line for cisco Router
Command(s) Description
Router#clock set 14:45:05 June 18 2013 Set the Time of Day clock on the router.
Router>ping Basic ICMP ping function from within EXEC mode.
Router#ping {ip address} A more detailed ICMP ping from within Privileged EXEX
mode.
Router#traceroute {ip address} Performs a traceroute for a given IP address
Router#configure terminal Enters the Global Configuration Mode for higher level
configuration
Router(config)#hostname RouterName Sets the hostname of the router
Router(config)#ip route network-address
subnet-mask {next-hop IP or exit-interface}
Adds a static route the routing table. (Remember to add in
pairs to communicating router pair)
Router#copy running-config startup-config Copies the current configuration into the register, for
retrieval upon boot
Router(config)#line console 0 Router(config-
line)#logging synchronous
Overcomes line interruption from router prompts, whilst
typing commands.
CNTRL+SHIFT+6 Exit process
DHCP Configuration
Router(config)#ip dhcp pool {name} Create a DHCP Pool on the router.
Router(dhcp-config)#network {net address}
{submask} Set the network on which to act as a DHCP server.
Router(config)#ip dhcp excluded-address {start
IP} {end IP} Set a range of address to be excluded from the DHCP pool.
Router(dhcp-config)#dns-server {net address} Set the address of the DNS server to be issued to clients.
Router(dhcp-config)#default-router {netaddress} Set the default gateway to be issued to clients.
www.facebook.com/ahmedclipearth - www.clipearth.com
2
Router(config-if)#ip helper-address {network
address}
Set this on an intermediary router. Instructs router to
forward DHCP requests to a specified address.
Router#show ip dhcp binding Shows DHCP lease information.
Router#show ip dhcp pool Displays pool utilisation statistics.
NAT & PAT Configuration
Network Address Translation
Router(config)#ip nat inside source static {inside
local} {outside global}
Create a static NAT mapping between an inside local address
and an outside global address.
Router(config-if)#ip nat outside
Router(config-if)#ip nat inside
Router(config)#ip nat pool {name} {inside local}
{inside Global} netmask {submask} Create a NAT pool on the router.
Router(config)#ip nat inside source list {ACL
name} pool {pool name} Control NAT operations with an access control list.
Router(config)#ip nat inside source list {NAT}
pool {MY-NAT-POOL}
Specify a NAT pool to translate to hosts permitted by an
Access Control List.
Router#clear ip nat translation * Deletes all current dynamic NAT mappings.
Router#show ip nat translations Shows the active NAT mappings on the router.
Router#show ip nat statistics Shows various statistics associated with NAT.
NAT Overload / Port Address Translation
Router(config)#ip nat inside source list {ACL
name} interface {int name} overload
Configure NAT to work in overload mode on the specified
interface and apply an access control list. I.e. to a single
inside global IP address.
Security Configuration
Router(config)#no cdp run Disable Cisco Discovery Protocol functionality, for security
reasons.
Router(config-line)#exec-timeout {minutes}
[seconds]
Controls the amount of time a console or virtual session can
be idle before termination. Set to 00 for infinite, use only for
labs!
www.facebook.com/ahmedclipearth - www.clipearth.com
3
Router(config)# banner login & message & Create a login message. End this with a delimiting character
like # or &
Router(config)#banner motd & message Create a banner message. End with an &
Router(config)#no ip domain-lookup Prevents DNS look-up for lab setups
Router(config)#no enable password Removes the enable password, often used in favour of
enable secret password.
Router(config)#enable secret {password} Provides better security by encrypting an enable password.
It is separate to the line password!
Router(config)#service password-encryption Obscures the passwords within the config on the device.
Router(config)#line console 0 Router(config-
line)#password cisco Router(config-line)#login
Router(config-line)#exit
Configures the console password.
Router(config)#line vty 0 4 Router(config-
line)#password cisco Router(config-line)#login
Router(config-line)#exit
Configures the password for virtual terminal lines
Router(config-line)#no transport
inputRouter(config-line)#transport input {telnet
| ssh | etc}
Set the VTY lines to deny any input but the methods
specified.
Access Control Lists
One ACL per protocol, per direction, per
interface.
One very important thing to remember about ACLs is that an implicit deny all rule is placed at the end of all
ACL entries. So it is essential to make a statement for ALL intended communications, otherwise they will be
blocked.
All ACLs are parsed sequentially.
Standard ACLs
Router(config)#access-list {access-list-number}
{deny | permit} [remark] {source-IP | any}
[source-wildcard | any] [log]
Configure a Standard ACL that allows traffic to be
permitted or denied based upon the source IP address
only.Use the no prefix to remove the ACL.
www.facebook.com/ahmedclipearth - www.clipearth.com
4
Router(config)#ip access-list standard {name}
Router(config-std-nacl)#sequence-number
{permit | deny} [remark] {sourceIP} [source
wildcard] [log]
Configure a named Standard ACL for IP.
Extended ACLs
Router(config)#access-list {access-list-number}
{deny | permit} [remark] {protocol} {source}
{source-wildcard} [operand] [port port-
number/name] {destination} {destination-
wildcard} [operator operand] [port port-
number/name] [established]
Configure an Extended ACL that allows for much greater
granularity of control i.e. Protocols, Port#s, Source addresses
& Destination addresses. (Extended IP ACL numbers range
from 100 to 199), (Expanded IP ACLs range 2000 thru
2699).The optional (operand) is used to compare source
and destination ports. Possible values are: lt (less than), gt
(greater than), eq (equal to), neq (not equal to) and range
(inclusive range).The optional (established) keyword is for
TCP sessions and means that the rule will allow only TCP
communications that have the ACK bit set i.e. already
established. This rule could be used inbound, to prevent TCP
sessions being initiated from outside the network.
Router(config)#ip access-list extended {name}
Router(config-ext-nacl)#[sequence-number]
{permit | deny} [remark] {sourceIP} [source
wildcard] [log]
Router(config)#ip access-list extended {ACL
name} Router(config-extnacl)#permit ip
{network} {wildcard mask} any
Configure a named, Extended ACL for IP.
Router(config-if)#access-class {aclNumber} {in |
out} Apply a ACL to a specific interface.
R2(config-if)#ip access-group
Interface Configuration
Router#show interfaces {interface name} Displays details and the bandwidth of individual interfaces.
www.facebook.com/ahmedclipearth - www.clipearth.com
5
Router#show controllers [interface name] Displays hardware details of an interface. Useful for fault
finding serial connections.
Router#show ip interface brief Shows a condensed brief of link state and IP addresses of
attached interfaces & loopback(s)
Router(config)#interface [range] {interface ID} Enters the interface configuration mode for a given interface
or range of interfaces.
Router(config-if)#ip address {int ip address}
{subnet mask} Configure the ip address for a particular interface.
Router-on-a-stick
Router(config)#interface {interface-ID.xxxx}
Configures a logical sub-interface on a physical interface.
interfaceID.xxxx might be fa0/1.10 for FastEthernet 0/1
sub-interface#10.
Router(config-subif)#encapsulation {type} {vlan-
ID}
This is used in router-on-a-stick configurations. After
configuring a sub-interface as shown above, you must
specify the encapsulation method, such as dot1q or isl etc
Then specify the VLAN to which this sub-interface should
interact with.
Router(config-subif)#ip address {int ip address}
{subnet mask} Configure the ip address for a particular sub-interface.
WAN Link Technologies
Router(config-if)#encapsulation {type} Set the interface to use a specified protocol of encapsulation
e.g. hdlc, ppp, frame-relay etc
Point-to-Point Protocol
Router#debug ppp [packet | negotiation | error
| authentication | compression | cbcp]
Troubleshoot PPP, or use the options to troubleshoot PPP
sub-processes.
Router(config-if)#encapsulation ppp Set the interface to use PPP encapsulation method.
Router(config-if)#compress [predictor | stac]
Configure the router to use traffic compression. Optional
elements enable the use of different algorithms. Only use
with appropriate forms of traffic i.e. uncompressed.
www.facebook.com/ahmedclipearth - www.clipearth.com
6
Router(config-if)#ppp quality {%} Apply Link Quality Monitoring. Specify the LCP percentage
threshold for the link to become active.
Router(config-if)#ppp multilink Enable load balancing across multiple physical links.
PPP authentication
Router(config)#aaa new-model Enable AAA with this command.
R1(config)#aaa authentication ppp default local
none
Enable AAA authentication for PPP using the locally
configured credentials.
Router(config-if)#ppp authentication {chap |
chap pap | pap chap | pap} [if-needed] [list-
name | default ] [callin]
Configuration parameters for PPP authentication. CHAP PAP
performs CHAP before PAP.[if-needed] should not be
applied alongside of PAP or CHAP used with TACACS or
XTACACS (only compatible with asynchronous
interfaces).The list-name and default are only required for
AAA/TACACS+.[callin] option is used to specify
authentication on incoming calls only.
Router(config)#username {user} password
{cisco}
Sets a local username and password for use with PPP
authentication protocols.
Router(config)#ppp pap sent-username {user}
password {password}
Set a PAP username and password for use with PPP coms
leaving the local router.
Frame Relay
Router#show frame-relay lmi Show stats for the Frame Relay, Local Management
Interface.
Router#show frame-relay pvc Show details regarding established Permanent Virtual
Circuits on the local device.
Router#show frame-relay route Displays any Frame-Relay Layer2 routes through the device.
Router#show frame-relay map Display Frame-Relay mappings known to the local device.
Router(config-if)#frame-relay lmi-type [type] Specifiy the type of LMI to be used. Either [cisco | ansi |
q933a].
www.facebook.com/ahmedclipearth - www.clipearth.com
7
Router(config)#frame-relay switching This enables a router to perform Frame Relay switching
globally on the router, by using the DLCIs instead of IP.
Router(config-if)#frame-relay route {incoming
DLCI} interface {outgoing interface-name}
{outgoing DLCI}
Sets up a PVC on a Frame-Relay switch.
Router(config-if)#encapsulation frame-relay
[encapType]
Changes the data-link layer protocol to be used on the
interface. The type of encapsulation can be set to use the
IETF standard with the [ietf] option. Default is set to auto-
negotiate.
Router(config-if)#frame-relay intf-type {dce |
dte}
Frame Relay interface types are separate to physical
interface types i.e. a physical DTE device can be assigned as
a Frame Relay DCE device. Setting an interface type as DCE,
tells the router to send LMI keepalives and route statements
on the link. Note that a PVC cannot be established between
two frame-relay DTE devices.
Router(config-if)#frame-relay interface-dlci
{number}
Manually configure the DLCI for the interface. Can be within
the range of 16-991.
Router(config)#frame-relay map {L3protocol}
{protocol-address} {DLCI value} [broadcast] [ietf]
This creates a static mapping of a Layer3 protocol address to
a DLCI on the local device. Frame-Relay is an NBMA type of
network. However, using the broadcast option, L3 broadcast
traffic destined for the mapped network can be forwarded
over the link too. Note: for the local device to be able to ping
its own interface, a static map must be created for that local
interface too.
Router(config-if)#frame-relay inverse-arp
Inverse ARP can be used to dynamically discover devices at
each end of a Frame-Relay link. Although, due to reliability
issues with Inverse ARP, best practice is to statically map IPs
to DLCIs. Inverse ARP is enabled by default, append the [no]
prefix to disable.
Frame-Relay Sub-interfaces
www.facebook.com/ahmedclipearth - www.clipearth.com
8
Router(config)#interface
{PhyIntName}.{subNumber} {point-to-point |
multipoint}
Sets up a Frame-Relay sub-interface. Note that this can only
be performed once frame-relay encapsulation has been
configured on the physical interface.
Router(config-subif)#frame-relay interface-dlci
{number}
Manually configure the DLCI for the interface. Can be within
the range of 16-991.
Dynamic Routing Protocols
Router(config-if)#bandwidth {value}
Set the metric bandwidth of a link in kbps. This value is used
to calculate the cost of a route in some dynamic protocols.
Note: This does not alter the actual level 1 bandwidth.
Router#debug ip routing Used to show modifications being made to the routing table
in real-time.
Router#show ip protocols Use to verify the dynamic routing protocol in use.
Router(config)#router ? Show which versions of dynamic routing protocol the IOS
version will support
Router(config-router)#no auto-summary Prevents auto summarization occurring at major network
boundaries.
Router(config-router)#default-information
originate
Configure router to share static route information along with
dynamic updates.
RIPv1 & v2
Router(config)#router rip Enter RIP configuration state
Router(config-router)#passive-interface
interface name To prevent RIP updates being sent from a specific interface
Router#debug ip rip Show RIP updates as they are sent and received
Router(config)#router rip Router(config-
router)#network address of directly connected
classful network
Configure RIPv1 advertisements on a specific interface.
Router(config-router)#default-information
originate
Configure router to share static route information along with
dynamic updates.
RIPv2
www.facebook.com/ahmedclipearth - www.clipearth.com
9
Router(config)#router rip Router(config-
router)#version 2 Enter RIP configuration state & configure RIPv2.
EIGRP
Router(config)#router eigrp [A.S. number] Enables EIGRP functionality on the router and allows for
further configuration.
Router(config-router)#network network address Advertise the specified network address to others
Router#show ip eigrp topology Router#show ip
eigrp topology [network address]
Displays the EIGRP topology table on a specified router.
Including a [network address] Shows more detailed topology
for a specific network.
Router(config-if)#ip summary-address eigrp
[a.s.] [network] [mask]
Apply manual network summarization to a specific interface,
to be shared with other EIGRP neighbours.
Router(config)#router eigrp [a.s.] Router(config-
router)#redistribute static
This command will share the static route of the current
router, with other EIGRP neighbours.
OSPF
Router(config)#router ospf [process-ID] Enables OSPF dynamic routing protocol, and enters
configuration mode. Default process ID is 1.
Router(config-router)#network [network
address] [wildcard mask] area [area ID]
Configures a network to be advertised by OSPF. Use 0 area
ID for labs. This must be identical to all included OSPF
routers in the same area.
Router#show ip ospf Display detailed OSPF information. Such as process and
router ID
Router#show ip ospf interface Displays detailed information about OSPF interfaces
Router#show ip ospf neighbor Show a brief list of OSPF neighbors and which interface they
are connected to on the local router.
Router(config)#interface [OSPF interface]
Router(config-if)#ip ospf message-digest-key
[key #] md5 [key value] Router(config-if)#exit
Router(config)#router ospf [process ID]
Configures an interface for use with MD5 routing update
authentication. Note: The same key must be used for an
entire area!
www.facebook.com/ahmedclipearth - www.clipearth.com
10
Router(config-router)#area [area ID]
authentication message-digest
Router(config-router)#router-id [network
address]
Manually sets the router ID for the local router. (Will require
a reload if neigbours are present).
Router#clear ip ospf process This will erase and restart the current OSPF process.
Router(config-if)#ip ospf cost [calculated value] Manually set the cost of a link. The value is calculated by 108
bandwidth of link in bps
Router(config-router)#auto-cost reference-
bandwidth [value]
This can be used to simulate different connection speeds
between routers. This must be set the same for the whole
area. 10GigEthernet is 10000.
Router(config-if)#ip ospf hello-interval [seconds] Change the hello interval from the default value: (multi-
access is 10 seconds, or 30 seconds for NBMA segments).
Router(config-if)#ip ospf dead-interval [seconds] Change the dead interval from the default value: (40
seconds).
Router(config-if)#ip ospf priority [int value]
Change the priority of an OSPF interface. This can alter
eligibility for DR & BDR election. Range from 0-255, with
Zero as lowest. Setting Zero will stop the router from
participating in DR / BDR elections.
Lesser Used Commands
Router#debug {process-name] Debug a specific process. Such as ip routing Show IP routes
being learned instantaneously (Use sparingly)
Router#undebug all Stop ALL debugging
Router#undebug {process-name} Stop a debug of a specific process.
Router(config-if)#description R1 LAN Provides a description of the interface
Router#reload Reloads IOS from the NVRAM
Router(config)#no cdp run Disables the CDP functionality that is enabled as standard.
This improves security if not required.
www.facebook.com/ahmedclipearth - www.clipearth.com
11
Router(config-if)#no cdp enable This disables CDP advertisements ONLY on the selected
interface.
Router#show version Provides a description of the version of IOS loaded and the
memory register in use
Router#copy running-config tftp: Backup Configuration Settings TO a TFTP Server
Router#copy tftp: running-configAddress or
name of remote host []? xxx.xxx.xxx.xxxSource
filename []? backup_cfg_for_my_router
Copy configuration FROM a TFTP Server
Register Configuration
Router(config)#config-register [registerValue]
Set the configuration register to a value. Standard is usually
set to: 02102.Set to 02142 to disable the router from
saving configurations.
IOS v.11 Irregularities
Router(config)#subnet-zero Router(config)#ip
classless
This is a fix to the problem encountered when attempting to
use a classless mask such as /30 with IOS v.11.
www.facebook.com/ahmedclipearth - www.clipearth.com
12
Cisco CLI command line for cisco Switch Command Description
File Management Switch# show flash Displays details of the available IOS images.
Switch# dir {directory} Displays the content and size of a specified directory. E.g. flash is one such directory.
Switch# delete flash:{subdirectory/filename}
Deletes a specific file. Can delete all files within a directory/subdirectory when an asterisk * is used.
Switch# show boot Display the boot environment variables.
Switch(config)# boot system flash:{/c2960-lanbase-mz.122-25.SEE1.bin}
Set the switch to boot from a different IOS image.
Switch# write eraseSwitch# reload Restores the configuration of the Switch to default settings. Note: Does not erase VLAN configuration.
Switch# copy running-config startup-config Save the current configuration settings.
Switch# copy startup-config tftp Copy the current version of the startup configuration TO a TFTP server.
Switch# copy flash tftp Copy a file from the flash memory TO a TFTP server.
Switch# copy tftp flash Copy a file FROM a TFTP server to the flash memory.
Switch# rename flash:/{directory/filename} flash:/{directory/newfilename}
Renames a file held within the flash memory.
General Configuration Switch# terminal history Enables the terminal history feature.
Switch# terminal history size {value} Enter a value for the number of lines to recall under the terminal history feature. 0-256 lines.
Switch# terminal no history size Restores the history size to the default value of 10 lines.
Switch# terminal no history Disables the terminal history feature.
Switch(config)# ip default-gateway {IP-address}
Configures the default gateway for the switch.
Switch(config)# ip http authentication enable
Optional authentication for securing HTTP access.
Switch(config)# ip http server Enable HTTP server on the switch enables switch configuration via TCP/IP.
www.facebook.com/ahmedclipearth - www.clipearth.com
13
Security Configuration
Switch(config)# ip dhcp snooping Enable anti-DHCP spoofing measures on catalyst switches.
Switch(config)# ip dhcp snooping vlan number {number}
Enable DHCP snooping for specific VLANs.
Switch(config-if)# ip dhcp snooping trust Set ports as trusted DHCP ports.
Switch(config)# ip dhcp snooping limit rate {value}
Set an upper limit on the number of times an attacker can send bogus DHCP requests through an untrusted port.
Switch-port Security
Switch# show port-security interface {value} Display the details of port security settings for an interface.
Switch(config-if)# switchport port-security mac-address {MAC-address}
Sets a static port security rule for an interface.
Switch(config-if)# switchport port-security maximum {value}
Sets the maximum permissible number of secure addresses allowed on a port.
Switch(config-if)# switchport port-security violation {protect | restrict | shutdown}
Define the course of remedial action to be taken by the switch if the maximum number of layer 2 addresses is reached on a port. Protect = drop | Restrict = drop, log, send SNMP trap, increment violation counter | Shutdown = set port to error-disabled state, log, send SNMP trap and increment violation counter.
Switch(config-if)# switchport port-security mac-address sticky
Enables sticky learning on a port. This will dynamically learn secure layer 2 addresses and add them to the running-config. Note that running-config must be saved after learning is complete!
SSH Configuration
Switch(config)# ip domain-name {domain-name}
Sets a host domain name for the switch, required for SSH.
Switch(config)# crypto key generate rsa Enables the SSH server on the switch and generates an RSA key pair. Recommended modulus length is 1024 bits.
Switch# ip ssh version [1 or 2] Set the version of SSH standard to run on the local SSH server. If option is left blank, the latest version will be selected.
Switch# ip ssh {timeout seconds} Set the time period for an SSH session to be established. Default is 120. Range is 0 120 seconds.
www.facebook.com/ahmedclipearth - www.clipearth.com
14
Switch# ip ssh {authentication-retries number}
Sets the number of times a client can re-authenticate within a 10 minute period. Range is 0 to 5 attempts.
Switch(config-line)#transport input {telnet | ssh | all}
Either accept just telnet or SSH or accept both.
Switch(config-line)#login local Use local usernames instead of AAA.
Switch(config)#username {username} password {Password}
Create a local set of credentials.
Interface Configuration
Switch(config)# interface range {interface prefix / number range}
Configure a group of interfaces e.g. fa0/1 5 for Fast Ethernet ports 1 thru 5.
Switch(config-if)# mdix auto
Permits the switch to use the MDIX automatic cable medium detection facility append no to disable the feature. (Command is not compatible with Catalyst 2950 or 3550).
Switch(config)# mac-address-table static {MAC address} vlan {vlan-id} interface {interface-id}
This creates a static mapping of a MAC to a specified port on the switch. Append no to remove.
Switch(config)# interface vlan {value} Enter the interface configuration mode for a VLAN of number.
Switch(config-if)# ip address {interface address} {subnet mask}
Configure a VLAN-interface IP address.
Switch(config-if)# switchport mode {type} Set the VLAN membership mode for a port access or trunk.
Switch(config-if)# switchport access vlan {number}
Assign a specific switch port to use a specified VLAN number.
Switch(config-if)# switchport trunk native vlan {native id}
Assign a specific VLAN to the switch port to be the NATIVE. This is necessary for untagged traffic on 802.1Q trunk ports.
Switch(config-if)# no switchport trunk native vlan
Reset the NATIVE VLAN back to the default of VLAN 1.
Dynamic Trunking Protocol Switch# show dtp [interface] Displays details of DTP configuration.
Switch(config-if)# switchport mode {type} Set the membership mode for a port access or trunk. This sets the port to ON if trunk mode is selected.
Switch(config-if)# switchport mode dynamic desirable
Sets the local switch port to advertise to the remote port that it would like to trunk. Will only trunk if remote port is set to ON, DESIRABLE or AUTO.
www.facebook.com/ahmedclipearth - www.clipearth.com
15
Spanning Tree Protocol
Switch(config-if)# spanning-tree cost {value} Manually set the cost of an interface for the STA to use in calculations. Between 1 and 200,000,000.
Switch(config)# spanning-tree vlan {vlan-id} root primary
Set the switch to be the lowest priority value on the network. Set to either 24576 or the next 4096 increment below the lowest already on the network.
Switch(config)# spanning-tree vlan {vlan-id} priority {value}
Allows the admin to manually set bridge priority for a specified VLAN. Used to setup load balancing between 0 and 65536 in increments of 4096. Default on Catalyst switches is 32768.
Switch(config-if)#spanning-tree portfast Enable PortFast feature on an access port to mitigate STP processes on that port. This will reduce the time taken for the link to come up.
Switch(config-vlan)# name {enter a name for the VLAN}.
Sets the name of a VLAN.
Switch(config-if)#switchport trunk native vlan {vlanNo.}
Specify the Native vlan for the Trunk.
Switch(config-if)# switchport trunk allowed vlan remove {vlanNo.}
Remove specific VLANs permitted on a trunk.
VTP
Switch(config)# vtp mode {server} Set the VTP mode for the device. Client, server or transparent. Be sure this is set first!
Switch(config)# vtp domain {name} Set the VTP domain name.
Switch(config)# vtp password {value} Set a password for the VTP domain.
Switch(config)# vtp pruning Enables VTP pruning, use on the VTP server only.
2900 Series (Legacy Commands) Switch# vlan database This accesses the VLAN database.
Switch(vlan)# vlan {id} [name] Assign an ASCI name to the VLAN.
Troubleshooting
Switch# show history Displays the terminal history if enabled (See general configuration).
Switch# show env {all} Shows the status of all hardware monitoring sensors on the device.
Switch# show interface [interface-id | vlan vlan-id | switchport]
Shows detailed information for specific interfaces, vlans or switch ports.
www.facebook.com/ahmedclipearth - www.clipearth.com
16
Switch# show interface trunk Shows detailed information about trunk ports in use on the switch.
Switch# show vlan [brief | id vlan-id | name vlan-name | summary]
Is used to display VLAN information for verification purposes.
Switch# show spanning-tree Displays details of the STP environment.
Switch# debug spanning-tree events Show notifications of STP events in real-time.
Switch# show ip ssh Shows the status of the SSH server on the switch.
Switch# show mac-address-table Displays the Media Access Control address table (CAM table) on the switch.