Cisco Configuration Reference Guide

Purchase Options:

New Update: Version 4.1.7 – in this update to the Cisco Configuration Guide we completed the following updates: (1) Control Plane Policing. (2) Hierarchical Class-Based Weighted Fair Queuing. (3) 802.1Q Tunneling also called Q-in-Q Tunneling. (4) IPv6 IPSec VPN VTI. (5) We also made other general updates, additional images added, to error corrections discovered during editing.

Reference hundreds of quick sample Cisco configuration for many services and solutions in one comprehensive guide. The largest collaboration of CLI configuration in one place ever released on the Internet. Our packages in our collection focus on the details, design, and further explanation of the configuration. The reference guide provides a quick method to access working configuration to apply and use when needed.

All of the configuration topics in alphabetical order for easy access to find the sample configuration that you need. For example, if you want to find a quick configuration for OSPF summarization you would go to ‘O’ then ‘OSPF’ and find that specific topic of your choice. With this reference guide you can view a sample network picture along with the sample configuration. Simply use that sample configuration for creating your own configuration. This is what we reference for many configurations for our clients today! We have many plans and updates scheduled providing continued value to this reference guide aimed for Network Engineers and Consultants.

Workbook (PDF): 526 pages ; Updated: v4.1.7 (October 2016)

Below is the current list of sample configuration that exist in the document today:
  • Core Network Services
    • IP Routing
    • LAN Switching
    • Multicast
    • IPv6
    • First Hop Redundancy Protocol (FHRP)
    • Network Management (SNMPv2, SNMP3, Netflow, Logging)
    • General and IP Services (NAT, IP SLA, PBR, DHCP)
  • Security Services
    • Cisco Firewalls using Cisco IOS
    • Virtual Private Network (VPN)
    • Content Filtering
    • Services
  • Tunneling Services
    • L3VPN (Basic Tunneling, MPLS, VRF-lite)
    • L2VPN (EoMPLS, L2TPv3, VPLS)
  • Voice and Unified Communications
    • Voice Gateway
    • Cisco CallManager Express (CME)
    • Cisco Unity Express (CUE)
  • Wireless Services
    • Cisco IOS Wireless
  • Hardware
    • General
    • Cisco ASA 5500 / PIX 500 / FWSM — using OS 8.2(3)
    • Cisco PIX 500 — using OS 6.x or Earlier
    • Cisco Catalyst 6500 Series (SSO, NSF, FWSM)
    • Cisco Catalyst 4500 Series (SSO, QoS)
    • Cisco Nexus Series (NX-OS)
    • Cisco ACE Series (Cisco ACE 4710)
  • WAN and Internet Edge
    • Access Connection
    • Access Protocols
  • Templates and Base Configuration
    • Base Configuration
    • Templates


Recent Updates (version 4.0.6) ; May 2014

  • Cisco Catalyst 6500/6800 using FlexWAN and IPSec VPN Service Modules
  • MD5 File Validation
  • Bi-Directional Forwarding Decision (BFD)
  • Verifying the CEF Route Path
  • SIP: Call Transfer
  • Adaptive Traffic Shaping & BECN/FECN Integration

Past Updates:

  • GOLD (updates)
  • Disabling ISAKMP Aggressive Mode
  • how to set time server on Windows 8 from CLI
  • Using HSRP with Multiple IP Addresses and Unique MAC Addresses
  • QoS Pre-Classification on IPSec VPN
  • Scheduler
  • RIPng
  • IPSec VPN using RSA Signatures (CA) on IOS
  • Wireless on Cisco ISR WIFI Models (e.g. Cisco ISR 871W) series
  • IP SLA and NAT using Two ISPs (Update)
  • LLDP
  • Deleting a directory in flash
  • QoS Policy for WAN Branch Router
  • Viewing Configuration Differences
  • Cisco ASA Active/Passive Failover (minor update) ; [C] – Cisco ASA/PIX/FWSM Series
  • Copying a Config from Flash to DRAM ; [C] – Copy
  • Cisco IOS router as TFTP server ; [T] – TFTP
  • Clearing DHCP lease on WLC ; [W] – Wireless
  • ASA, PIX, FWSM ; Troubleshooting & PPTP (minor update) ; [C] – Cisco ASA/PIX/FWSM Series
  • Port Security using Sticky ; [P] – Port Security
  • SSH (minor update) ; [S] – SSH
  • Unlock configuration on a Cisco IP 7900 Series Phone ; [C] – Cisco IP Phones
  • WCCP on Bluecoat (update) ; [W] – WCCP
  • Cisco Catalyst 6500: Power Supplies (Combined) ; [C] – Cisco Catalyst 6500 Series
  • QoS on Wireless AP ; [W] – Wireless
  • Storm Control (minor update) ; [S] – Storm Control
  • ACL Merge Tuning and Configuration ; [C] – Cisco Catalyst 6500 Series
  • Protected Ports ; [P] – Protected Ports
  • EIGRP on ASA ; [C] – Cisco ASA/PIX/FWSM Series
  • Nexus 7K: QoS for 48 port GE (1P3Q4T) ; [C] – Cisco Nexus Series
  • ADSL on Cisco 877 (ATM) ; [A] – ADSL
  • ATM/DS-3 interface Configuration Examples ; [D] – DS-3
  • Correction: Systems and Other Services – msconfig
  • T-1 > Serial T-1 (ii) (update)
  • Major Updates for SIP Trunk to SIP Provider (using IOS 15.1)
  • IPX and EIGRP
  • Cisco Catalyst 2900/3500XL Clustering
  • Dynamic NAT Pool
  • PPPoE Server & Client (on Cisco IOS)
  • IPv6 – ISATAP (Server and Client)
  • Update: IPSec Tunnel End-Point Discovery (TED) added to One-Way Site VPN
  • Update: Multicast Security network diagram
  • IGMP Filter
  • Port Channel on Router (e.g. 3845)
  • T1-CAS
  • Updates: Frame Relay with P2P sub-interfaces using OSPF
  • Updates: OSPF using Frame Relay with P2M interfaces
  • C3750 Stack Master
  • Class of Restrictions (CoR)
  • CME: MWI Line
  • Backlight on Cisco 7965, 7970 and other backlit IP Phones
  • Update: NX-OS and VTP
  • Update: Monitoring Alias configuration
  • Terimal Server Router
  • Flow Control on GE interfaces
  • DMVPN with IPSec Tunnels
  • Added new section for Hardware: Cisco Catalyst 6500 (Monitor)
  • Updated various categories and sections
  • Added Best Practice section
  • Cisco IOS SLB
  • NAT Port Redirect using Dedicated IP (update)
  • AppleTalk
  • Port Security using MAC Address
  • Voice Switch Port: NEC Phone System
  • IP Unicast RPF (uRPF)
  • Cisco ASA: RADIUS
  • Multicast (updates)
  • Multicast: ROGUE SOURCE PROTECTION (update)
  • Interface – L2 BP
  • Interface – L3 BP
  • QoS: Policing
  • Control Plane Policing (CoPP)
  • User-Based Rate Limiting (UBRL)
  • User-Based Rate Limiting (UBRL) – Bi-Directional
  • Power Supplies ; C4500, C6500
  • Mac: static route
  • IP SLA (update)
  • QoS on C4500 (update)
  • PIX : Base Configuration (Update)
  • MGCP (update)
  • HW and Transcoding (Update)
  • VSS Configuration on Cisco Catalyst 6500
  • Enhanced Fast Software Upgrade (eFSU)
  • Macros
  • Corrections: Updated Cisco Switch and Router baseline templates
  • Corrections: Updated Cisco Standalone Access Point
  • Updated: EIGRP Stub
  • Updated: OSPF Area Summarization to include the Cost
  • Updated: OSPF SPF Throttle timers
  • Updated: EIGRP Distribution Lists
  • SSHv2
  • Link Debounce and Carrier-Delay
  • IP Event Dampening
  • Cisco WLC Switch Ports
  • Cisco UCM and Microsoft OCS Integration on VGW
  • Advanced Scenario using BGP and PBR
  • BGP on a Foundry Fastiron L3 Switch
  • SonicWALL SonicPoint Cisco Switch Ports
  • STP Link type
  • Standalone AP Base Config
  • IP Source Guard
  • Updates: DHCP snooping, Dynamic ARP Inspection
  • Route Tagging
  • STP: MST
  • Private VLANs
  • Transfer Pattern (.T)
  • Call Forward Max Length
  • Whisper Intercom
  • After Hours
  • Enhanced Music On Hold
  • IP Phone Redundancy using HSRP
  • IP Phone Redundancy using Secondary CME
  • Redundant CME using Gatekeeper
  • Voice Monitor: Testing translations
  • Updates: ASA (Client VPN), Baseline, SNMPv3
  • SYSTEM: Change MTU on Windows 7/Vista
  • Cisco ACE 4710 Appliance (Routed Mode)
  • Wireless: EAP-LEAP
  • Wireless: EAP-FAST
  • DHCP Snooping
  • Dynamic ARP Inspection (DAI)
  • ASA and IPS
  • IPS module in Cisco ISR
  • FlexLink
  • Cisco Catalyst 6500: NAM Service Module
  • BGP: ASN Path Prepending (or Padding)
  • SSL VPN (Clientless)
  • L2TP over IPSec on ASA
  • ASA to Extreme Switch
  • Parallel Hunt Group (Call Blast)
  • Baseline updated: NTP server, SSH
  • ASA and DNS
  • Cisco Nexus Series: MAC Aging
  • Cisco Nexus Series: Static MAC Address
  • Presence on CME
  • Tag Native VLAN
  • IOS Recovery
  • Black Hole (NULL) Routing
  • AAA: Lower Case
  • Updates: FWSM (Security Context, Failover), BGP (MED), OSPF (neighbor timers, MD5 authentication), ASA (Failover), ATM PVC, Mulitcast (MSDP and Anycast), Serial T1, Cisco Catalyst 4500 (Redundancy), SSL VPN (SVC), Hardware Conferencing
  • Base Config: Cisco Switches
  • Base Config: Cisco Routers
  • GLBP
  • DDNS on Cisco IOS
  • Cellular 3G card in Cisco ISR Router
  • FXS ports connecting to FAX server (Castelle)
  • Jumbo Frames on Cisco Catalyst IOS
  • Packet over SONET (OC3, OC12)
  • Template: QoS on Internet Edge
  • Template: QoS on WAN
  • PPPoE on Cisco IOS (Ethernet)
  • PPPoE on Cisco IOS (ATM)
  • IP Tunnel (IPIP)
  • GRE Tunnel
  • Port Channel on 2900XL
  • ASA: IPsec over TCP
  • ASA: Banners
  • ASA: License
  • T-3 MUX
  • Analog Lines: Groudstart Lines
  • MoH Port on Cisco UC520
  • Montior and Watch on CME
  • Secondary IP
  • Cisco IOS HTTP
  • DHCP on WAN for Cisco IOS
  • CAR
  • OC-3 shaping
  • 802.1Q Sub-interfaces on Cisco IOS routers
  • Frame Relay Map
  • Frame Relay Point-to-Point
  • Num Exp
  • Voice Gateway & PRI
  • VGR (FXS): Analog phone
  • VGR (FXO): connect into CO/PSTN
  • SIP Trunk
  • ACL on VLAN interface (IN and OUT directions)
  • PIX: PPTP (update)
  • PPTP on Cisco IOS
  • AAA and TACACS+ (update)
  • Conferencing (update)
  • QoS on 4500 (update)
  • PIX: Failover (update)
  • Serial T1
  • Multi-link PPP
  • L2 Port Channel between Cisco & Netgear
  • NTP Server (using local clock)
  • NTP Client
  • Static Routing
  • Policy Based Routing
  • Changing Admin Distance
  • Equal Cost Paths
  • IP SLA (updated)
  • Test Call through Voice Gateway
  • Basic QoS for WAN Router
  • ACL (using random ports)
  • NAT: Stateful Failover
  • NAT Monitoring
  • VRRP
  • HSRP
    – HSRP Tracking
    – HSRP: Redirecting ICMP
    – Monitoring
  • OSPF
    – Auto Cost Reference
    – Default Routing (update)
    – DR & BDR
    – Internal and External Summerization
    – Reduce OSPF Flooding
    – Virtual Networks
    – Monitoring
    – Stub
    – Bandwidth Utilization
  • BGP
    – eBGP Multi-Hop
    – Local Preference (update)
    – Peer Groups
    – Private ASN
    – Removing Private ASN
    – Communities
    – Route Reflectors
    – Monitoring


Michel Thomatis, CCIE #6778 (15 year) – Chief Network Architect & Lead Trainer

Michel has spent the last 18 years as a network engineer/architect.  As a 15-year CCIE, Michel loves the opportunity to provide training in a wide-array of network technologies. He formerly worked at Cisco, as well as in government, banking, and non-profit organizations. He has published the “Network Design Cookbook” and a science fiction novel called “The Dark End”.  He has also published various iOS applications (virtual Network Engineer, Circlefalls) that can be found on Apple’s iOS App Store.  Other software development experience includes python and SDN.  Currently, Michel is the owner, Chief Network Architect and Lead Trainer at RouteHub Group, LLC.