Host and IOS Commands

Host and IOS Commands


This topic use host and IOS commands to acquire information about the devices in a network. Start learning CCNA 200-301 for free right now!!

Note: Welcome: This topic is part of Chapter 17 of the Cisco CCNA 1 course, for a better follow up of the course you can go to the CCNA 1 section to guide you through an order.

IP Configuration on a Windows Host

If you have used any of the tools in the previous topic to verify connectivity and found that some part of your network is not working as it should, now is the time to use some commands to troubleshoot your devices. Host and IOS commands can help you determine if the problem is with the IP addressing of your devices, which is a common network problem.

Checking the IP addressing on host devices is a common practice in networking for verifying and troubleshooting end-to-end connectivity. In Windows 10, you can access the IP address details from the Network and Sharing Center, as shown in the figure, to quickly view the four important settings: address, mask, router, and DNS.

IP Configuration Windows Host
IP Configuration Windows Host

However, network administrators typically view the IP addressing information on a Windows host by issuing the ipconfig command at the command line of a Windows computer, as shown in the sample output.

C:\Users\PC-A> ipconfig
Windows IP Configuration
(Output omitted)
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :
(Output omitted)

Use the ipconfig /all command to view the MAC address, as well as a number of details regarding the Layer 3 addressing of the device, as shown in the example output.

C:\Users\PC-A> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC-A-00H20
Primary Dns Suffix . . . . . . . : cisco.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cisco.com
(Output omitted)
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265
Physical Address. . . . . . . . . : F8-94-C2-E4-C5-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16(Preferred) 
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Lease Obtained. . . . . . . . . . : August 17, 2019 1:20:17 PM
Lease Expires . . . . . . . . . . : August 18, 2019 1:20:18 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 100177090
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-F3-76-75-54-E1-AD-DE-DA-9A
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

If a host is configured as a DHCP client, the IP address configuration can be renewed using the ipconfig /release and ipconfig /renew commands, as shown in the sample output.

C:\Users\PC-A> ipconfig /release
(Output omitted)
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16
Default Gateway . . . . . . . . . :
(Output omitted)
C:\Users\PC-A> ipconfig /renew
(Output omitted)
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :
(Output omitted)

The DNS Client service on Windows PCs also optimizes the performance of DNS name resolution by storing previously resolved names in memory. The ipconfig /displaydns command displays all of the cached DNS entries on a Windows computer system, as shown in the example output.

C:\Users\PC-A> ipconfig /displaydns
Windows IP Configuration
(Output omitted)
Record Name . . . . . : netacad.com
Record Type . . . . . : 1
Time To Live . . . . : 602
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . :
(Output omitted)

IP Configuration on a Linux Host

Verifying IP settings using the GUI on a Linux machine will differ depending on the Linux distribution (distro) and desktop interface. The figure shows the Connection Information dialog box on the Ubuntu distro running the Gnome desktop.

IP Configuration Linux Host
IP Configuration Linux Host

On the command line, network administrators use the ifconfig command to display the status of the currently active interfaces and their IP configuration, as shown in the output.

[analyst@secOps ~]$ ifconfig
enp0s3 Link encap:Ethernet HWaddr 08:00:27:b5:d6:cb 
inet addr: Bcast: Mask:
inet6 addr: fe80::57c6:ed95:b3c9:2951/64 Scope:Link
RX packets:1332239 errors:0 dropped:0 overruns:0 frame:0
TX packets:105910 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:1855455014 (1.8 GB) TX bytes:13140139 (13.1 MB)
lo: flags=73 mtu 65536
inet netmask
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

The Linux ip address command is used to display addresses and their properties. It can also be used to add or delete IP addresses.

Note: The output displayed may vary depending on the Linux distribution.

IP Configuration on a macOS Host

In the GUI of a Mac host, open Network Preferences > Advanced to get the IP addressing information, as shown in the figure.

IP Configuration macOS Host
IP Configuration macOS Host

However, the ifconfig command can also be used to verify the interface IP configuration a shown in the output.

MacBook-Air:~ Admin$ ifconfig en0
en0: flags=8863 mtu 1500
ether c4:b3:01:a0:64:98
inet6 fe80::c0f:1bf4:60b1:3adb%en0 prefixlen 64 secured scopeid 0x5
inet netmask 0xffffff00 broadcast
nd6 options=201
media: autoselect
status: active
MacBook-Air:~ Admin$

Other useful macOS commands to verify the host IP settings include networksetup -listallnetworkservices and the networksetup -getinfo <network service>, as shown in the following output.

MacBook-Air:~ Admin$ networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
iPhone USB
Bluetooth PAN
Thunderbolt Bridge
MacBook-Air:~ Admin$ 
MacBook-Air:~ Admin$ networksetup -getinfo Wi-Fi
DHCP Configuration
IP address:
Subnet mask:
Client ID:
IPv6: Automatic
IPv6 IP address: none
IPv6 Router: none
Wi-Fi ID: c4:b3:01:a0:64:98
MacBook-Air:~ Admin$

The arp Command

The arp command is executed from the Windows, Linux, or Mac command prompt. The command lists all devices currently in the ARP cache of the host, which includes the IPv4 address, physical address, and the type of addressing (static/dynamic), for each device.

For instance, refer to the topology in the figure.

The arp Command
The arp Command

The output of the arp -a command on the Windows PC-A host is displayed.

C:\Users\PC-A> arp -a
Interface: --- 0xc
Internet Address Physical Address Type d0-67-e5-b6-56-4b dynamic 78-48-59-e3-b4-01 dynamic 00-21-b6-00-16-97 dynamic 00-15-99-cd-38-d9 dynamic

The arp -a command displays the known IP address and MAC address binding. Notice how IP address is not included in the list. This is because the ARP cache only displays information from devices that have been recently accessed.

To ensure that the ARP cache is populated, ping a device so that it will have an entry in the ARP table. For instance, if PC-A pinged, then the ARP cache would contain an entry for that IP address.

The cache can be cleared by using the netsh interface ip delete arpcache command in the event the network administrator wants to repopulate the cache with updated information.

Note: You may need administrator access on the host to be able to use the netsh interface ip delete arpcache command.

Common show Commands Revisited

In the same way that commands and utilities are used to verify a host configuration, commands can be used to verify the interfaces of intermediary devices. The Cisco IOS provides commands to verify the operation of router and switch interfaces.

The Cisco IOS CLI show commands display relevant information about the configuration and operation of the device. Network technicians use show commands extensively for viewing configuration files, checking the status of device interfaces and processes, and verifying the device operational status. The status of nearly every process or function of the router can be displayed using a show command.

Commonly used show commands and when to use them are listed in the table.

Click the buttons to see example output from each of these show commands.Note: The output of some commands has been edited to focus on pertinent settings and reduce content.

Verifies the current configuration and settings

R1# show running-config
(Output omitted)

version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname R1
interface GigabitEthernet0/0/0
description Link to R2
ip address
negotiation auto
interface GigabitEthernet0/0/1
description Link to LAN
ip address
negotiation auto
router ospf 10
network area 0
network area 0
banner motd ^C Authorized access only! ^C
line con 0
password 7 14141B180F0B
line vty 0 4
password 7 00071A150754
transport input telnet ssh

Verifies the interface status and displays any error messages

R1# show interfaces
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140)
Description: Link to R2
Internet address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:21, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5127 packets input, 590285 bytes, 0 no buffer
Received 29 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 5043 multicast, 0 pause input
1150 packets output, 153999 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/0/1 is up, line protocol is up
(Output omitted)

Verifies the Layer 3 information of an interface

R1# show ip interface
GigabitEthernet0/0/0 is up, line protocol is up
Internet address is
Broadcast address is
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined:
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/0/1 is up, line protocol is up
(Output omitted)

Verifies the list of known hosts on the local Ethernet LANs

R1# show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet - a0e0.af0d.e141 ARPA GigabitEthernet0/0/1
Internet 95 c07b.bcc4.a9c0 ARPA GigabitEthernet0/0/1
Internet - a0e0.af0d.e140 ARPA GigabitEthernet0/0/0
Internet 138 a03d.6fe1.9d90 ARPA GigabitEthernet0/0/0

Verifies the Layer 3 routing information

R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is to network
O*E2 [110/1] via, 02:19:50, GigabitEthernet0/0/0 is subnetted, 1 subnets
O [110/3] via, 02:05:42, GigabitEthernet0/0/0 is variably subnetted, 2 subnets, 2 masks
C is directly connected, GigabitEthernet0/0/1
L is directly connected, GigabitEthernet0/0/1 is variably subnetted, 3 subnets, 2 masks
C is directly connected, GigabitEthernet0/0/0
L is directly connected, GigabitEthernet0/0/0
[110/2] via, 02:07:19, GigabitEthernet0/0/0

Verifies which protocols are operational

R1# show protocols
Global values:
Internet Protocol routing is enabled
GigabitEthernet0/0/0 is up, line protocol is up
Internet address is
GigabitEthernet0/0/1 is up, line protocol is up
Internet address is
Serial0/1/0 is down, line protocol is down
Serial0/1/1 is down, line protocol is down
GigabitEthernet0 is administratively down, line protocol is down

Verifies the memory, interfaces, and licences of the device

R1# show version
Cisco IOS XE Software, Version 03.16.08.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Wed 08-Aug-18 10:48 by mcpre
(Output omitted)

R1 uptime is 2 hours, 25 minutes
Uptime for this control processor is 2 hours, 27 minutes
System returned to ROM by reload
System image file is "bootflash:/isr4300-universalk9.03.16.08.S.155-3.S8-ext.SPA.bin"
Last reload reason: LocalSoft
(Output omitted)

Technology Package License Information:
Technology Technology-package Technology-package
Current Type Next reboot
appxk9 appxk9 RightToUse appxk9
uck9 None None None
securityk9 securityk9 Permanent securityk9
ipbase ipbasek9 Permanent ipbasek9
cisco ISR4321/K9 (1RU) processor with 1647778K/6147K bytes of memory.
Processor board ID FLM2044W0LT
2 Gigabit Ethernet interfaces
2 Serial interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3207167K bytes of flash memory at bootflash:.
978928K bytes of USB flash at usb0:.
Configuration register is 0x2102

The show cdp neighbors Command

There are several other IOS commands that are useful. The Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol that runs at the data link layer. Because CDP operates at the data link layer, two or more Cisco network devices, such as routers that support different network layer protocols, can learn about each other even if Layer 3 connectivity has not been established.

When a Cisco device boots, CDP starts by default. CDP automatically discovers neighboring Cisco devices running CDP, regardless of which Layer 3 protocol or suites are running. CDP exchanges hardware and software device information with its directly connected CDP neighbors.

CDP provides the following information about each CDP neighbor device:

  • Device identifiers – The configured host name of a switch, router, or other device
  • Address list – Up to one network layer address for each protocol supported
  • Port identifier – The name of the local and remote port in the form of an ASCII character string, such as FastEthernet 0/0
  • Capabilities list – For example, whether a specific device is a Layer 2 switch or a Layer 3 switch
  • Platform – The hardware platform of the device–for example, a Cisco 1841 series router.

Refer to the topology and the show cdp neighbor command output.

The show cdp neighbors Command
The show cdp neighbors Command
R3# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
S3 Gig 0/0/1 122 S I WS-C2960+ Fas 0/5
Total cdp entries displayed : 1

The output displays that the R3 GigabitEthernet 0/0/1 interface is connected to the FastEthernet 0/5 interface of S3, which is a Cisco Catalyst 2960+ switch. Notice that R3 has not gathered information about S4. This is because CDP can only discover directly connected Cisco devices. S4 is not directly connected to R3 and therefore is not listed in the output.

The show cdp neighbors detail command reveals the IP address of a neighboring device, as shown in the output. CDP will reveal the IP address of the neighbor regardless of whether or not you can ping that neighbor. This command is very helpful when two Cisco routers cannot route across their shared data link. The show cdp neighbors detail command will help determine if one of the CDP neighbors has an IP configuration error.

As helpful as CDP is, it can also be a security risk because it can provide useful network infrastructure information to threat actors. For example, by default many IOS versions send CDP advertisements out all enabled ports. However, best practices suggest that CDP should be enabled only on interfaces that are connecting to other infrastructure Cisco devices. CDP advertisements should be disabled on user-facing ports.

Because some IOS versions send out CDP advertisements by default, it is important to know how to disable CDP. To disable CDP globally, use the global configuration command no cdp run. To disable CDP on an interface, use the interface command no cdp enable.

The show ip interface brief Command

One of the most frequently used commands is the show ip interface brief command. This command provides a more abbreviated output than the show ip interface command. It provides a summary of the key information for all the network interfaces on a router.

For example, the show ip interface brief output displays all interfaces on the router, the IP address assigned to each interface, if any, and the operational status of the interface.

R1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 YES manual up up
GigabitEthernet0/0/1 YES manual up up
Serial0/1/0 unassigned NO unset down down
Serial0/1/1 unassigned NO unset down down
GigabitEthernet0 unassigned YES unset administratively down down

Verify Switch Interfaces

The show ip interface brief command can also be used to verify the status of the switch interfaces, as shown in the output.

S1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlanl YES manual up up
FastEthernet0/l unassigned YES unset down down
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset up up

The VLAN1 interface is assigned an IPv4 address of, has been enabled, and is operational.

The output also shows that the FastEthernet0/1 interface is down. This indicates that either no device is connected to the interface or the device that is connected has a network interface that is not operational.

In contrast, the output shows that the FastEthernet0/2 and FastEthernet0/3 interfaces are operational. This is indicated by both the status and protocol being shown as up.

Video – The show version Command

The show version command can be used to verify and troubleshoot some of the basic hardware and software components used during the boot process. Click Play to view a video from earlier in the course, which reviews an explanation of the show version command.

Packet Tracer – Interpret show Command Output

This activity is designed to reinforce the use of router show commands. You are not required to configure, but rather examine, the output of several show commands.

Glossary: If you have doubts about any special term, you can consult this computer network dictionary.

Ready to go! Keep visiting our networking course blog, give Like to our fanpage; and you will find more tools and concepts that will make you a networking professional.