| Command Name |
Configuration Mode |
Platform / Software |
|
[no] ip spd queue {min-threshold |
max-threshold} <n> |
config |
IOS |
| Sets lower and upper ip process-level queue thresholds for
SPD. With SSE based SPD, lower precedence packets are randomly dropped when
the queue size hits min-threshold. The drop probability increases linearly
with the queue size until max-threshold is reached, at which point all lower
precedence packets are dropped. For regular SPD, lower precedence packets
are dropped when the queue size reaches min-threshold. Defaults are 50 and
75, respectively. These values were not based on real life experience and
may need some tuning. |
| Reference: Cisco ISP Esssentials
|
|
|
|
[no] spd enable |
config |
IOS |
| Enable or disable the selective packet discard (SPD)
feature. Command is called "ip spd enable" in 11.1CC.
|
| Reference: Cisco ISP Esssentials, CSCdk31898
|
|
|
|
aaa accounting delay-start |
config |
IOS |
| If you want to see IP addresses in the AAA start records,
then you will want "aaa accounting delay-start" which is hidden but
universally used. |
| Reference:
|
|
|
|
aaa authorization console |
config |
IOS (>= 12.1(10.6)) |
| This hidden commands enables authorization for the console
port. Otherwise authorization on the console ports always succeeds. Aaron
Leonard submitted CSCdp33836 and CSCdp33841 to get this command documented.
|
| Reference: Dennis Peng <dpeng@cisco.com>,
<20010510092606.I19846@sj-cse-320.cisco.com> and Aaron Leonard <aaron@cisco.com>,
<20010510094014.K19846@sj-cse-320.cisco.com> on cisco-nas, as well as
CSCdi82030 |
|
|
|
aaa pod server [port <port number>] [auth-type
{any | all | session-key}] server-key <string> |
config |
IOS (>= 11.3(7)AA) |
Syntax Description
- port <port number>
(Optional) The network access server port to use for POD requests. If
no port is specified, port 1700 is used.
- auth-type
(Optional) The type of authorization required for disconnecting
sessions.
- any
Session that matches all of the attributes sent in the POD packet is
disconnected. The POD packet may contain one or more of four key
attributes (user-name, framed-IP-address, session-ID, and session-key).
- all
Only a session that matches all four key attributes is disconnected.
All is the default.
- session-key
Session with a matching session-key attribute is disconnected. All
other attributes are ignored.
- <string>
The secret text string that is shared between the network access server
and the client workstation. This secret string must be the same on both
systems.
This command is now documented as of 12.2(8)T.
|
| Reference:
|
|
|
|
ais-enable |
config-if |
IOS |
| IOS version 12.0(7.1) includes a hidden command to enable
generation of AIS alarm on tx line when LOS is detected on rx line. This is
a kludge to workaround other vendor's ATM switches (Newbridge) that don't
generate F4/F5 OAM AIS cells when F3 RDI is received. This command is only
supported on the PA-A3 port adapter. The hidden interface command "ais-enable"
will enable AIS alarm assertion when an LOS alarm occurs. |
| Reference: CSCdm37634
|
|
|
|
arap logging debug-extensions |
config |
IOS |
This DDTS adds a hidden command, "arap logging
debug-extensions" which effectively negates the changes from CSCdi57713.
Messages that re-appear:
Modem CD dropped unexpectedly.
User exceeded timelimit
ARAP connection was terminated.
v42_input running (may be low memory)
v42_output running (may be low memory)
Force Quit pak v42bisflush C
Carrier dropped during startup
|
| Reference: CSCdi68276, CSCdi57713
|
|
|
|
bgp common-administration |
config-router bgp |
IOS |
|
|
| Reference:
|
|
|
|
bgp maxas-limit <1 - 2000> |
config-router bgp |
IOS |
| This command should be used in router configuration mode; by
default there is no limit. If the number of ASes in the AS_PATH exceeds the
limit, the UPDATE will be stored in the BGP table, but not used in the
bestpath selection or propagated. |
| Reference: CSCdr54230, CSCdu00679
|
|
|
|
bgp redistribute-internal |
config-router bgp |
IOS |
| Normally redistributing BGP into another protocol only
redistributes EBGP routes. Using this command will also redistribute IBGP
routes. Hidden in IOS versions prior to 12.1. |
| Reference:
|
|
|
|
bridge-group <bridge-num>
subscriber-loop-control |
config-if |
IOS |
| Bridge between two machines on the same subinterface.
|
| Reference:
|
|
|
|
clear ip eigrp [<as>] events |
privileged exec |
IOS |
| Clear IP EIGRP event logs.
|
| Reference:
|
|
|
|
clear ip eigrp [<as>] logging |
privileged exec |
IOS |
| Stop IP EIGRP event logging.
|
| Reference:
|
|
|
|
clock source free-running|line primary |
config-controller |
IOS |
| Generate or sample clock rate from the line.
|
| Reference:
|
|
|
|
csim |
exec |
IOS |
| With the command csim you can emulate a voice call. It's
like sombody calls the specified number. Usefull, if you don't have
physically access to the telephone:
Sucessfull call:
wg1r1#csim start 089150
csim: called number = 089150, loop count = 1 ping count = 0
csim err csimDisconnected recvd DISC cid(21)
csim: loop = 1, failed = 1
csim: call attempted = 1, setup failed = 1, tone failed = 0
Call to an undefined number:
wg1r1#csim start 089151
csim: called number = 089151, loop count = 1 ping count = 0
csim err:csim_do_test Error peer not found
|
| Reference:
|
|
|
|
debug buffer |
privileged exec |
IOS |
| Debug buffer management.
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
debug crypto isakmp detail |
privileged exec |
IOS |
| Crypto ISAKMP internals debugging.
Example output during ISAKMP SA establishment:
6w3d: ISAKMP cookie gen for src 62.245.147.66 dst 195.244.119.2
6w3d: ISAKMP cookie B5FCAD89 B2BD7BFF
6w3d: ISAKMP: find_me
a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 B2BD7BFF
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b 00000000 00000000
6w3d: ISAKMP: compare
a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 9BEC22F8
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b DB28B716 6D61AE4F
6w3d: ISAKMP cookie gen for src 195.244.119.2 dst 62.245.147.66
6w3d: ISAKMP cookie 10FA17FE 2C76366D
6w3d: ISAKMP: find_me
a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b 10FA17FE 2C76366D
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b 00000000 00000000
6w3d: ISAKMP: compare
a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 9BEC22F8
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b DB28B716 6D61AE4F
|
| Reference:
|
|
|
|
debug crypto isakmp packet |
privileged exec |
IOS |
| Crypto ISAKMP packet debugging.
Example output during ISAKMP SA establishment:
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809F0880 809F8A34
809F301C 809F33DC 809F5228 801710CC
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809F8494 809F87C0
809F8C20 809F301C 809F33DC 809F5228 801710CC
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d: SA payload
6w3d: PROPOSAL
6w3d: TRANSFORM
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d: SA payload
6w3d: PROPOSAL
6w3d: TRANSFORM
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809FF460 80A00E0C
80A01070 809FBEBC 809F99B8 809F468C 809F51C8 801710CC
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 204):
6w3d: KE payload
6w3d: NONCE payload
6w3d: VENDOR payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_SA_SETUP
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_SA_SETUP
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 184):
6w3d: KE payload
6w3d: NONCE payload
6w3d: ISAKMP: Main Mode packet contents (flags 1, len 64):
6w3d: ID payload
6w3d: HASH payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_KEY_EXCH
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_KEY_EXCH
6w3d: ISAKMP: Main Mode packet contents (flags 1, len 68):
6w3d: ID payload
6w3d: HASH payload
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 168):
6w3d: HASH payload
6w3d: SA payload
6w3d: PROPOSAL
6w3d: TRANSFORM
6w3d: NONCE payload
6w3d: ID payload
6w3d: ID payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) QM_IDLE
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) QM_IDLE
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 172):
6w3d: HASH payload
6w3d: SA payload
6w3d: PROPOSAL
6w3d: TRANSFORM
6w3d: NONCE payload
6w3d: ID payload
6w3d: ID payload
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 52):
6w3d: HASH payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) QM_IDLE
|
| Reference:
|
|
|
|
debug dialer detailed |
privileged exec |
IOS |
| Enable some additional debugging for the DDR subsystem.
|
| Reference:
|
|
|
|
debug dialer holdq |
privileged exec |
IOS |
Activate debugging output for dialer hold queue events.
Jan 13 14:56:03.240: Se0/1:15 DDR: Creating holdq 626B1B9C
Jan 13 14:56:03.240: DDR: Assigning holdq 626B1B9C to 627923F8
Jan 13 14:56:09.208: DDR: Assigning holdq 626B1B9C to 61B667F4
Jan 13 14:56:09.208: DDR: freeing dialer holdq 626B1B9C (Ref ptr 61B667F4)
Jan 13 14:56:09.208: DDR: Dialing failed, 0 packets unqueued and discarded
Jan 13 14:56:09.208: : 2 packets unqueued and discarded
|
| Reference:
|
|
|
|
debug ip ospf monitor |
privileged exec |
IOS |
| OSPF SPF monitoring debugging. Hmm, seems to show
synchronization between OSPF routing process and routing table. Furthermore
it shows LSA changes and so can be used to debug why a link marked as OSPF
demand circuit is brought up for example. |
| Reference:
|
|
|
|
debug ip packet [detail] [<access-list>] dump |
privileged exec |
IOS |
| Dumps packets contents for process switched packets.
|
| Reference:
|
|
|
|
debug isdn q931 l3 |
privileged exec |
IOS |
| This command will show additional information on ISDN Layer
3, i.e. the corresponding call reference number in all ISDN messages.
|
| Reference: Project DOTU
|
|
|
|
debug mica {tx|rx} <slot>/<port> |
privileged exec |
IOS |
| Dump data from a MICA digital modem. Probably only supported
on the Cisco Access Server series (e.g. AS5300). |
| Reference:
|
|
|
|
debug modem csm |
privileged exec |
IOS |
| Modem Management Call Switching Module debugging.
|
| Reference:
|
|
|
|
debug oir |
privileged exec |
IOS |
Activate OIR debugging.
ctalkb#debug oir
Online Insertion and Removal debugging is on
2w3d: OIR: Process woke, 'Event', stall=2, usec=0xB6835B36
-Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Shutdown pulled interface for Serial5/0
-Traceback= 600E30C4 60409204 604096C8 603B6D2C 603B6D18
2w3d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled
-Traceback= 60409748 603B6D2C 603B6D18
2w3d: OIR: Remove hwidbs for slot 5
-Traceback= 60409368 60409750 603B6D2C 603B6D18
2w3d: OIR: Process woke, 'Event(max not running)', stall=3, usec=0xD0115C9E
-Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Process woke, 'Timer(max running)', stall=3, usec=0xDDBB56D6
-Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: (Re)Init card 5, retry_count=3
-Traceback= 60409894 603B6D2C 603B6D18
2w3d: %OIR-6-INSCARD: Card inserted in slot 5, interfaces administratively shut down
-Traceback= 604098BC 603B6D2C 603B6D18
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
debug parser mode |
privileged exec |
IOS |
Aug 7 21:58:44.207 MEST: Look up of parser mode 'route-map' succeeded
Aug 7 21:58:45.923 MEST: Look up of parser mode 'configure' succeeded
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
debug sanity |
privileged exec |
IOS |
| With this command every buffer that is used in the system is
sanity-checked when it is allocated and when it is freed. This can sometimes
be used to pinpoint memory corruption problems when analyzing a core dump
which was generated with this debug option in effect. |
| Reference:
|
|
|
|
dialer disable-multiencaps |
config-if |
IOS |
| Revert to premultiencapsulation on the dialer profile.
|
| Reference: CSCdp95164
|
|
|
|
dialer mult-map-same-name |
config-if |
IOS |
| If distinct dialer maps to different destinations share the
same remote name, traffic will fail to pass on the 2nd and subsequent
sessions. This ability is implemented 1n 12.0T as a hidden command. dialer
mult-map-same-name allows 2 users to dial in to the dialer with the same ppp
user_name. It's behaviour with other dialer features is currently
unpredictable and should be used with caution. |
| Reference: CSCdk28459 - allow multi users w/ same name
|
|
|
|
eigrp event-log-site <n> |
config-router eigrp |
IOS |
| Set size of event log. Setting it to zero deletes event log
buffers. Default log buffer size is 500 events. |
| Reference:
|
|
|
|
eigrp event-logging |
config-router eigrp |
IOS |
| Controls logging of EIGRP events.
|
| Reference:
|
|
|
|
eigrp kill-everyone |
config-router eigrp |
IOS |
| Kill all adjacencies on an SIA or a neighbor down event.
|
| Reference:
|
|
|
|
eigrp log-event-type [dual] [xmit] [transport] |
config-router eigrp |
IOS |
| Configure the set of EIGRP event types to log.
|
| Reference:
|
|
|
|
enable engineer |
exec |
XDI/CatOS |
| Catalyst 5000 series with Supervisor Engine I:
You will be prompted for a password. It has the following format:
That is, the VTY password followed by the VTY password again, followed by
the hardware version, followed by the software version(no spaces, do not
type the dots in the versions).
Catalyst 5000 series with Supervisor-Engine II and III and Catalyst 6000
series with Supervisor I and II:
Format for the password is:
That is, the VTY password followed by the VTY password again, followed by
the hardware version, followed by the software version (no spaces, do not
type the dots in the versions).
|
| Reference:
|
|
|
|
frame-relay fecn-create |
config-map-class |
IOS |
| This hidden command enables setting the FECN bit in all
outgoing packets that have been delayed due to traffic shaping.
|
| Reference:
|
|
|
|
gdb {kernel | pid <pid-num> | {examine | debug}
<pid-num>} |
privileged exec |
IOS |
| Seems to activate some internal debugger. Maybe for access
via remote gdb. Probably only useful with a symbol table and an IOS image
compiled for debugging. |
| Reference: Phrack, Volume 0xa, Issue 0x38; Project DOTU
|
|
|
|
h323 h245 tunnel defer |
voice service voip |
IOS |
|
|
| Reference:
|
|
|
|
if-console <slot-num> [console|debug] |
privileged exec |
7000/7500 Series, IOS |
| Open connection to the VIP console. Lots of useful commands
there, especially showing memory and cpu usage. |
| Reference:
|
|
|
|
ip cache-ager <secs-between-runs>
<fraction-low-memory> <fraction> |
config |
IOS (>=10.3(8) and >=11.0(3)) |
It's hidden, and you have to configure "service internal" in
order to bring it into existence.
- <secs-between-runs> is 0-2147483 number of seconds between ager runs,
default = 60 seconds. If the period between ager invalidation runs is set
to 0, the ager process is disabled entirely.
- <fraction-low-memory> is 2-50 1/<fraction-low-memory> of cache to age
per run (low memory), default = 4.
- <fraction> is 3-100 1/<fraction> of cache to age per run (normal),
default = 20.
Configures the ager of the fast switching cache. Aaron Leonard <Aaron@cisco.com>
recommended "20 3 3" on cisco-nas in the light of recent CodeRed attacks,
i.e. make the ager more aggressive to prevent excessive cache growth.
|
| Reference: <01K7Y45PW1PA9KWFH9@Cisco.COM> and http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
|
|
|
|
ip cache-invalidate-delay <minimum-delay>
<maximum-delay> <quit-interval> |
config |
IOS (>=10.3(8) and >=11.0(3)) |
Requires "service internal".
- <minimum-delay> is 0-300 seconds.
- <maximum-delay> is 1-300 seconds.
- <quiet-interval> is 1-600 seconds.
Use "no ip cache-invalidate-delay" to disable the delay altogether. See
this posting from cisco-nas:
Date: Fri, 28 Apr 2000 10:07:03 -0700 (PDT)
From: Aaron Leonard <Aaron@cisco.com>
Subject: Re: CN: telnet DoS (CSCdm70743)
To: Cisco-NAS@datasys.net
Message-id: <01JORKP9PBPIA2AL39@Cisco.COM>
References: <01JOHR9QY432A2AAVQ@Cisco.COM>
Reply-To: Cisco-NAS@datasys.net
It's hidden, and you have to configure "service internal" in order
to bring it into existence. I.e.
as5300-1(config)#service internal
as5300-1(config)#no ip cache-invalidate-delay
It's generally recommended for systems running 12.0T/12.1 code if
they have lots of interfaces (>300) and are not doing CEF.
|
| Reference: <01JORKP9PBPIA2AL39@Cisco.COM> and http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
|
|
|
|
ip ospf interface-retry <retries> |
config-if |
IOS |
| From Cisco DE (slightly edited):
The motivation for this command is a timing problem where OSPF fails to
determine the state of an interface. The solution was for OSPF to poll the
interface for a while to verify its state. The hidden command allows us to
lengthen the polling period on routers that have a large number of
interfaces. The polls occur every 10 seconds and the command controls the
number of polls that will be done. With a setting of 0 retries there will be
no extra polling.
Default number of retries is 10.
|
| Reference:
|
|
|
|
ip route profile |
config |
IOS |
As disclosed by Aaron Leonard from Cisco on cisco-nas:
Date: Thu, 11 Sep 2003 09:34:53 -0700 (PDT)
From: Aaron Leonard <Aaron@cisco.com>
Subject: Re: [cisco-nas] IP Route Profile
In-reply-to: "Your message dated Wed, 10 Sep 2003 22:21:02 -0500"
<10e701c37813$bad83870$5370cd41@dellbert>
To: "Beprojects.com" <info@beprojects.com>
Cc: cisco-nas@puck.nether.net
[...]
"ip route profile" was implemented way back in late '96 by CSCdi76662.
However we have historically refrained from documenting this (CSCdk01634,
CSCdz19775) as this has been declared to be a hidden command that "should
not be used by customers".
However, in fact this is NOT a hidden command ... so I've just now
gone ahead and reopened CSCdz19775.
Introduction
The Route Table Profiling feature was developed to assist network engineers
in monitoring routing table fluctuations, which may be the result of route
flapping, network failure, or network service restoration. This feature was
added in CSCdi76662 to the 11.1CC train of Cisco IOS.
The Route Table Profiling feature is an undocumented and unsupported
feature. There is no MIB support provided.
Configuration
The Route Table Profiling feature is enabled globally. The command is "ip
route profile" in global configuration mode. This feature can be disabled
with the command "no ip route profile" in global configuration mode.
Routing table change statistics can be viewed with the "show ip
route profile" command in exec mode.
|
| Reference: CSCdi76662
|
|
|
|
ipc-console <slot-num> <cpu> |
privileged exec |
Catalyst 6000/6500 Series, IOS |
| Open connection to the FlexWAN console. FlexWANs contain two
CPUs so you can connect to either CPU 0 or CPU 1. |
| Reference:
|
|
|
|
ipx sap-interval {<n>|passive} |
config-if |
IOS (>=11.2) |
| Set the IPX SAP advertising interval to n or to passive
mode. |
| Reference:
|
|
|
|
ipx server-split-horizon-on-server-paths |
config |
IOS |
| This global configuratiom command specifies that split
horizon SAP occurs on server paths.
This command is documented in DDTS CSCdm12190. From the release note:
By default, split horizon blocks information about periodic SAPs from
being advertised by a router to the same interface on which the best route
to that SAP is learned. But in the case where the SAP may be learned from
interfaces other than (or in addition to) the interface on which the best
route to that SAP is learned, enabling "ipx
server-split-horizon-on-server-paths" will reduce unnecessary periodic SAP
updates as that SAP will not be advertised to the interface(s) where it was
learned from; this will also prevent potential "SAP loop" in the network.
|
| Reference: CSCdm12190
|
|
|
|
ipx update interval {rip | sap} passive |
config |
IOS (>=11.3(1.3)) |
| The undocumented passive keyword specifies to listen but not
send normal periodic SAP or RIP updates nor flash update caused by changes.
Queries will still be replied to. The update interval is set to the same
interval as changes-only.
See also "ipx sap-interval".
|
| Reference: CSCdj59918
|
|
|
|
isdn incoming progress [validate|accept] |
config-if |
IOS (>= 12.1(3.3)T) |
| Controls whether IOS sends an INVALID information element
message when it receives an invalid PROGRESS IE. |
| Reference: CSCdt12611
|
|
|
|
modem-mgmt csm debug rbs |
privileged exec |
IOS |
| Debug RBS trunks. Only available if "service internal"
configured. Equivalent to "debug cas" on later IOS versions (>= 12.0(7)T).
|
| Reference:
|
|
|
|
mpls traffic-eng multicast-intact |
config-router |
IOS |
| Use hop-by-hop routing instead of MPLS TE tunnels to
transport multicast traffic. See CSCdm63234 for details. |
| Reference: CSCdm63234
|
|
|
|
multilink queuing bypass-fifo |
config-if |
IOS |
|
|
| Reference:
|
|
|
|
neighbor <ip-address> don't-capability-negotiate |
config-router bgp |
IOS |
| Turns off CAPABILITY parameters in BGP Open message.
|
| Reference:
|
|
|
|
no logging snmp-authfail |
config |
IOS |
| Turn off the %SNMP-3-AUTHFAIL message.
See CSCdv04268 for availability information.
|
| Reference: CSCdv04268
|
|
|
|
no ppp microcode |
config-if |
IOS |
| On a cisco 805, "ip tcp header-compression" configured on
the serial async interface and on the dialer interface linked to it, results
in VERY long response time for TCP sessions. Workaround: Remove "ip tcp
header-compression" or enable the hidden command "no ppp microcode" on the
serial interface or configure IP directly on the serial interface (no dialer
interface). |
| Reference: CSCdp32980
|
|
|
|
no snmp-server sparse-tables |
config |
IOS |
| Fully populate all SNMP tables even if an object id is not
applicable in a specific case. |
| Reference:
|
|
|
|
ppp dnis <number> [<number> ...] |
config-if |
IOS |
| Skip authentication entirely for PPP per DNIS.
|
| Reference: CSCdk45054
|
|
|
|
ppp ipcp accept-address |
config-if |
IOS |
| It is possible to revert to the previous operation using the
hidden interface command ppp ipcp accept-address. When enabled the peer IP
address will be accepted but is still subject to AAA verification, it will
have precedence over any local address pool however. |
| Reference: CSCdj04128
|
|
|
|
ppp ipcp dns|wins {accept | a.b.c.d [e.f.g.h]
[accept]} |
config-if |
IOS |
|
|
| Reference: CSCdm62097, CSCdk01128
|
|
|
|
ppp ipcp ignore-map |
config-if |
IOS |
| Don't assign same IP address to peers with the same name.
Instead get a fresh address. |
| Reference: CSCdm18764 - don't assign peer IP addr from map
|
|
|
|
ppp ipcp unique-address |
config-if |
IOS |
| Assigns a unique IP address even if the same user
(identified by the username) has multiple links open. Standard behaviour is
to assigned the same IP address. See "dialer mult-map-same-name", too.
|
| Reference:
|
|
|
|
ppp max-configure <num> |
config-if |
IOS |
| Maximum number if configure requests to send.
|
| Reference:
|
|
|
|
priv |
ROMMON |
|
| Enable private commands in the ROMMON. Sometimes a password
is required. |
| Reference:
|
|
|
|
ps -c |
privileged exec |
XDI/CatOS |
| Show process listing and CPU usage.
|
| Reference:
|
|
|
|
radius send service-type call-check |
config |
IOS (>= 12.1(4)T) |
From: Dennis Peng <dpeng@cisco.com>
To: "scott.list" <scott.list@mlec.net>
Cc: cisco-nas@external.cisco.com
Message-ID: <20010331195613.D28415@sj-cse-320.cisco.com>
I assume you have preauthentication already configured? By default, we
send Service-Type = Outbound-User. In 12.1(4)T and later, you can
configure the (hidden) command "radius send service-type call-check"
to change the value from Outbound-User to Call-Check. I submitted
CSCdt85947 to get the command unhidden and documented. Here is the
release-note I attached:
The command "radius send service-type call-check" is hidden. This
command is available in 12.1(4)T and later and is used to change the
value of the Service-Type RADIUS attribute the access server sends
when doing pre-authentication. The default is to send Outbound-User
(5). With this command configured, we will send Call-Check (10). This
is useful in a multi-vendor environment as well as when migrating an
existing RADIUS database for use withe Cisco access server.
|
| Reference: CSCdt85947
|
|
|
|
radius-server authorization default
Framed-Protocol ppp |
config |
IOS |
| This hidden command assumes that the RADIUS Framed-Protocol
attribute is PPP when no Framed-Protocol attribute is present in a RADIUS
server reply packet. |
| Reference: Dennis Peng <dpeng@cisco.com>,
<20020404165144.GE5919@sj-cse-320.cisco.com> on cisco-nas |
|
|
|
radius-server authorization permit missing
Service-Type |
config |
IOS |
| This hidden command seems to allow RADIUS server replies in
which the Service-Type attribute is missing. |
| Reference: Dennis Peng <dpeng@cisco.com>,
<20020404165144.GE5919@sj-cse-320.cisco.com> on cisco-nas |
|
|
|
radius-server unique-ident |
config |
IOS |
| Directly from the DDTS release note:
The hidden command "radius-server unique-ident" can be used to try to
ensure that RADIUS session IDs are unique across IOS boots. It will have the
side effect of automatically writing the IOS configuration to NVRAM some
time after booting.
When the router parses the command "radius-server unique-ident" it sets
the unique-ident variable to (n+1) and all accouting records have a prefix
of (n+1). When you look at the configuration or write the configuration to
NVRAM, it is also shows "radius-server unique-ident".
If the box is reloaded, upon booting the router will parse "radius-server
unique-ident" and then set the unique-ident variable to (n+2) and all
accounting records have a prefix of (n+2). When you look at the
configuration or write the configuration to NVRAM, is will show
"radius-server unique-ident".
|
| Reference: CSCdu77149
|
|
|
|
service download-fl |
config |
GSR IOS |
| Force the GRP to download its own version of the Fabric
Downloader to the line card before attempting to start Cisco IOS.
|
| Reference: http://www.cisco.com/warp/public/63/17.html
|
|
|
|
service internal |
config |
IOS |
| Activate some Cisco commands normally used for internal
testing. |
| Reference:
|
|
|
|
service log backtrace |
config |
IOS |
| Supply a backtrace with every messaged logged. Probably to
find out where a certain message is generated. |
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
service unsupported-transceiver |
config |
IOS |
| Enables the use of third-party SFP or GBIC modules on Cisco
switches but note the warning below.
Example output:
Switch(config)#service unsupported-transceiver
Warning: When Cisco determines that a fault or defect can be traced to
the use of third-party transceivers installed by a customer or reseller,
then, at Cisco's discretion, Cisco may withhold support under warranty or
a Cisco support program. In the course of providing support for a Cisco
networking product Cisco may require that the end user install Cisco
transceivers if Cisco determines that removing third-party parts will
assist Cisco in diagnosing the cause of a support issue.
|
| Reference: Saku Ytti on cisco-nsp
|
|
|
|
service-policy classify-per-feature |
config |
IOS |
| From CSCds43683:
Packets should be treated consistently on all platforms for a given
configuration. This fix addresses the consistency issue when QoS Mod CLI is
configured via the "service-policy" command on the 7500 vs the other IOS
platforms.
After this fix, each packet will be matched for a matching class under
the policy-map until a match is found. Matching terminates at the first
matching class and all features configured under the class act on the
packet. In the current IOS releases, matching happens across all classes
under a policy until the first matching class is found for every configured
QoS feature.
To maintain backward compatibility a hidden knob called "service-policy
classify-per-feature" knob is introduced. When configured, the behaviour
reverts to the current existing behaviour. By way of this fix, the default
behaviour will be common for all platforms. This fix is going to affect 7200
and other non-distributed platforms only.
|
| Reference: CSCds43683
|
|
|
|
set trace <category> <level> |
privileged exec |
XID/CatOS |
| Enable tracing of the specified subsystem.
Possible category names (most certainly depending on CatOS version):
acct, acl, all, bdd, cdp, config, dhcp, diag, dns, dot1x, drip, dtp,
dupflash, dupnvram, dynvlan, earl, envmon, eobc, epld, essr, evmgr, fabric,
fcp, fddi, fib, filesys, fpoe, garp, gvrp, hamgr, http, inband, ipc,
kerberos, l3age, l3sup, lane, ld, llc, ltl, mbuf, mcast, mdg, memdbg, mls,
mlsm, modport, ntp, nvsync, oob, pagp, protfilt, pruning, privatevlan, qde,
qos, radius, redundancy, rsfc, rsvp, rtios, rtipc, rticc, runtimecfg, scp,
security, slp, snmp, span, spantree, ssh, syncmgr, synfig, syslog, tacacs,
test, tftp, tftpd, udld, verb, vlanmgr, vmps, vtp.
- <level> = 0..15, 0 to disable, default is 1
- <level> = 0..255 for inband only
A level of 6 is normally a good start.
Warning: Can produce losts of output depending on your configuration and
the level chosen.
|
| Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
|
|
|
|
set trace monitor {enable|disable} |
privileged exec |
XID/CatOS |
|
|
| Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
|
|
|
|
show acl stats |
privileged exec |
XID/CatOS |
| Comment by Francois on this command:
Displays various statistics about the ACL subsystem and associated
hardware components. There are some interesting counters like compilation
errors and also usage counters for various tables (different masks, subnets,
etc). Useful when you can't commit your ACL with a TCAM error message.
ACL: local stats table
Messaging
----------------------------------------------------------
rxScpMsg: 0
rxScpMsgAbort: 0
rxAclMsg: 1257
rxAclMsgAbort: 0
aclMsgUnknownType: 0
outOfSequence: 0
appIdMisUse: 0
intfConfError: 0
msgSendFailed: 1
appIdDifferAfterSwover:0
ignoreRaclOverride: 1
draco-id: 65535-ffffffff-ffffffff
draco-id: 33-ffffffff-ffffffff
Resources
----------------------------------------------------------
ACL malloc fail: 0
noLou: 0
noMask: 0
noCapmap: 0
tcamFull: 0
compilerErr: 18
noLabel: 0
louExpandGt: 0
louExpandLt: 0
louExpandNeq: 0
louExpandRange: 0
freeListRebuild: 0
Acl engine stats
----------------------------------------------------------
perseusL3Parity: 0
perseusSequenceErr: 0
perseusLabelOverflow: 0
perseusCamLookupErr: 0
perseusDbusErr: 0
perseusCpuParityErr: 0
perseusIPChecksumErr: 1
perseusShortPacketErr: 0
perseusCpuTmout: 0
**lookup fifo undeflow:0
Hardware resource usage for ACL Tcam: label:3.73%, lou:20.31%,
mask:11.86%, value:4.4%
Acl manager stats
----------------------------------------------------------
aclRestarted: F
Sec vacl restore done: T
Lda vacl restore done: T
Qos acl restore done: T
Feature intf count: 0
HA stats
----------------------------------------------------------
activeHaCopyFail: 0
Gsync_count: 1
Sleep on gsync Gsync done Wakeup on gsync
14:58:43 14:58:45 14:58:45
00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
000:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00
|
| Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
|
|
|
|
show alignment |
privileged exec |
IOS |
| Displays statistics about spurious memory accesses and
aligment errors. Also includes stack tracebacks. |
| Reference:
|
|
|
|
show banff-reset |
privileged exec |
XID/CatOS, Catalyst 5000 series with NFFC |
| There is a quiet recall on some Catalyst 5000 series
switches that have the EARL 1 chip NFFC and a data rate that exceeds 80MBS
across the backplane because of a defect that causes the ECB to reset
continuously. Usually users will report a network slowdown.
This command will display the number of times the ECBs have reset since
last power on, a number of 1 for each ECB is normal. Numbers in the hundreds
or thousands mean you need to call Cisco for replacement boards.
|
| Reference: From Heinz Ulm's web site
|
|
|
|
show caller |
exec |
IOS |
| Show a lot of information about calls in a NAS environment.
Lots of subcommands here. |
| Reference:
|
|
|
|
show chunk [summary] |
privileged exec |
IOS |
| There is the traditional malloc/free memory management in
place on the cisco. there is also chunk allocation. the main benefit of
chunk allocation over its predecessor is that memory overhead is only paid
by the large chunk (which is then carved up into smaller pieces) instead of
by each individual malloced block. |
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show controller switch |
exec |
Cat 2900XL/3500XL, IOS |
The show controller switch command provides indicative
information regarding the total switch utilization. An example is presented
below:
Switch#sh controller switch
Switch registers:
Device Type : 0x00040273
Congestion Threshold : 0x00000E95
Peak Total Allocation : 0x0000001A
Total Allocation : 0x00000000
Peak Total Bandwidth : 0x00000020
Total Bandwidth : 0x00000000
Total Bandwidth Limit : 0x000003DE
Lower Bandwidth Limit : 0x000003DE
Switch Mode : 0x00040000
Switch#
The Total Bandwidth Limit varies between different 2900XL and 3500XL
models. When the Total Bandwidth reaches the Total Bandwidth Limit value,
the switch has reached its full bandwidth capacity and begins to drop
packets. The Peak Total Bandwidth is the highest value attained by the Total
Bandwidth since the last time the show controller switch command was
executed. Note, the values for the above parameters are in hexadecimal.
The Congestion Threshold value is used as conservative value for the
maximum global buffer utilization. When the buffer utilization noted by
Total Allocation reaches this value, the switch may drop frames. The Peak
Total Allocation value shows the highest value attained by the Total
Allocation since the last time the show controller switch command was
executed. It is possible for the Peak Total Allocation and/or the Total
Allocation to be greater than Congestion Threshold. If the Total Allocation
reaches or is over the Congestion Threshold amount, the switch is
experiencing considerable network activity near its full capacity.
The global buffer utilization may be adversely effected by several
configuration issues, described below:
1.Speed mismatch between an ingress and egress port; for example, several
100 megabit clients transferring files to a server connected to the switch
at 10 megabits, half-duplex.
2.Multiple input ports feeding a single output port.
3.Duplex mismatch on multiple ports.
4.Numerous ports that are experiencing collisions and/or output errors
due to half-duplex configuration or over-subscription of a slow link.
|
| Reference: http://www.cisco.com/warp/customer/473/19.html
|
|
|
|
show epc ... |
privileged exec |
IOS |
From a Catalyst 2048G-L3 (also applies to the Catalyst
4908G-L3 and probably in parts to the Catalyst 8500 series):
gepard#show epc ?
E-PAM show comands:
IF-entry IF Entry in IF-Table
VC-entry VC Entry in VC-Table
VLAN-entry VLAN Entry in VLAN-Table
aal5 aal5 statistics
acl ACL FPGA related debug commands
adm Show contents of ADM in IOS
age-timer Aging Timer
atm-debug-status ATM debug statistics
atmup_ipmcast Show Multicast VC leg to external VC mapping
caller-stats Caller Stats at a merge-point
caller-tags Caller Tags
cam Show contents of E-PAM CAM
card Show information managed by CARD
coredb show coredb
counters Counters of all epif-ports
discards discard statistics
exvc-entry External VC Entry in VC-Table
fe-channel FE-Channel Membership Information
fpga Access ACL FPGA resources
freecam Free space in CAM
ifmapping Interface mapping to CAM IF number
ip-address Show adjacency entries in line cards
ip-prefix Show IP prefix entries (compare to CEF output)
ipmcast Show IP Multicast table in E-PAM CAM
ipx-node Show IPX node entry in E-PAM CAM
ipx-prefix Show IPX prefix in E-PAM CAM
jaguar-fpga-epld Access ACL2 EPLD Addresses with WID=2
lec-ipx Show LEC Local IPX Information
lsipc Show LSIPC information
mac Show MAC address in E-PAM
macfilter Show MAC filter address database
mailbox Read the mailbox value
mem Show contents of packet memory in E-PAM
patricia Show Patricia tree in E-PAM CAM
port-qos Show current port qos configuration
queuing queueing statistics
register print contents of EPIF register
ri-register Show last reported contents of EPIF RI register
sm Show 1483 Local static map information
spd selective packet drop statistics
status Status of all epif-ports
switching VC switching statistics
tcam TCAM related commands
ucode uCode images on all epif-ports
udp-flood Show LS UDP-flooding information
Some of these commands are documented as part of the Catalyst 8540
documentation but are also useful on the Catalyst 2948G-L3 which seems to be
based (at least partly) on the same hardware platform as the Catalyst 8540.
See: http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/11_ey/trouble/l3_net.htm
|
| Reference:
|
|
|
|
show epc acl lookup {in|out} ... |
privileged exec |
IOS (Cat 2948G-L3, 4908G-L3, 8540) |
| Displays whether the ACL would permit or deny a specific IP
packet on a particular interface. |
| Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
|
|
|
|
show epc acl tcam2acl interface <interface> {in|out} |
privileged exec |
IOS (Cat 2948G-L3, 4908G-L3, 8540) |
| Displays the ACL entries programmed in the TCAM for a
particular interface. |
| Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
|
|
|
|
show epc ip-address interface <interface>
all-entries |
privileged exec |
IOS (Cat 2948G-L3) |
Shows the IP adjacencies installed in the CAM hardware:
gepard#show epc ip-address interface FastEthernet 1 all-entries
IPaddr: 192.168.60.116 MACaddr: 0090.27b7.24d7 FastEthernet14(17)
IPaddr: 192.168.60.117 MACaddr: 0090.27d1.d47a FastEthernet15(18)
IPaddr: 192.168.60.112 MACaddr: 00d0.b720.6fc9 FastEthernet10(13)
IPaddr: 192.168.60.113 MACaddr: 00d0.b720.750f FastEthernet11(14)
IPaddr: 192.168.60.114 MACaddr: 00d0.b720.7357 FastEthernet12(15)
IPaddr: 192.168.60.115 MACaddr: 00d0.b720.755e FastEthernet13(16)
IPaddr: 192.168.60.125 MACaddr: 0050.0457.edbf FastEthernet19(22)
IPaddr: 10.232.4.202 MACaddr: 0009.b7b4.0700 Port-channel1.2(60)
IPaddr: 192.168.60.120 MACaddr: 0090.27c3.f042 FastEthernet5(8)
IPaddr: 192.168.60.100 MACaddr: 0002.b3ac.5470 GigabitEthernet50(53)
IPaddr: 192.168.60.101 MACaddr: 0002.b3ac.5470 GigabitEthernet50(53)
IPaddr: 192.168.60.102 MACaddr: 0090.27d1.88bf FastEthernet4(7)
IPaddr: 192.168.60.103 MACaddr: 0090.27d1.88bf FastEthernet4(7)
IPaddr: 192.168.60.99 MACaddr: 6080.0f3c.0000
IPaddr: 192.168.60.110 MACaddr: 0090.27dd.f9a6 FastEthernet8(11)
IPaddr: 192.168.60.111 MACaddr: 00d0.b708.adb3 FastEthernet9(12)
IPaddr: 192.168.61.21 MACaddr: 0800.20ee.4ead FastEthernet46(49)
IPaddr: 192.168.60.20 MACaddr: 0030.6e11.0157 FastEthernet37(40)
IPaddr: 192.168.60.21 MACaddr: 0030.6e11.139f FastEthernet38(41)
IPaddr: 192.168.60.22 MACaddr: 0002.b3ac.5454 GigabitEthernet49(52)
IPaddr: 192.168.61.22 MACaddr: 0800.20ec.6709 FastEthernet46(49)
IPaddr: 192.168.60.23 MACaddr: 0002.b3ac.53f5 FastEthernet43(46)
IPaddr: 192.168.60.30 MACaddr: 00e0.18c2.baf9 FastEthernet21(24)
IPaddr: 192.168.60.25 MACaddr: 0030.6e12.099a FastEthernet39(42)
IPaddr 192.168.60.26 missing
[...]
Total number of IP adjacency entries: 46
Missing IP adjacency entries: 1
|
| Reference: http://www.cisco.com/warp/public/473/48.html
|
|
|
|
show epc patricia <ingress-interface> ipucast
detail |
privileged exec |
IOS |
| Seems to show the FIB stored in the CAM memory of a specific
ingress port.
Example output provided by Hank:
cs-c2948gl3-13a#sh epc patricia interface FastEthernet 3 ipucast detail
1# Synthetic entry: CAM location: 0x202B NAP location: 0x202C
IP Prefix:224.0.0.0 MySubnet LB:Disabled Network Entry:Valid
2# Synthetic entry: CAM location: 0x2038 NAP location: 0x0000
3# Synthetic entry: CAM location: 0x202F NAP location: 0x2035
IP Prefix:192.168.128.255 MySubnet LB:Disabled Network Entry:Valid
4# HOST Entry CAM location: 0x2030 NAP location: 0x0000
IP addr:192.168.128.2 Host IF Number:6 Entry:Valid
Mac Addr:0090.a65c.63ff
5# Synthetic entry: CAM location: 0x2050 NAP location: 0x2032
IP Prefix:192.168.128.0 MySubnet LB:Disabled Network Entry:Valid
IP Prefix:192.168.128.1 MySubnet LB:Disabled Host Entry:Valid
6# Synthetic entry: CAM location: 0x203C NAP location: 0x2037
IP Prefix:192.168.105.0 MySubnet LB:Disabled Network Entry:Valid
IP Prefix:192.168.128.0 MySubnet LB:Disabled Network Entry:Valid
7# Synthetic entry: CAM location: 0x203F NAP location: 0x203E
IP Prefix:192.168.105.255 MySubnet LB:Disabled Network Entry:Valid
8# HOST Entry CAM location: 0x2046 NAP location: 0x0000
IP addr:192.168.105.8 Host IF Number:5 Entry:Valid
Mac Addr:0001.968e.33b0
9# Synthetic entry: CAM location: 0x2045 NAP location: 0x2040
IP Prefix:192.168.105.2 LB:Disabled Network Entry:Valid
Nexthop CAM locations: 0x2046 0x0000
Nexthop 1:
IP addr:192.168.105.8 Host Entry:Valid FastEthernet2 (5)
Mac Addr:0001.968e.33b0
10# Synthetic entry: CAM location: 0x2033 NAP location: 0x203D
IP Prefix:192.168.105.0 MySubnet LB:Disabled Network Entry:Valid
IP Prefix:192.168.105.1 MySubnet LB:Disabled Host Entry:Valid
11# CAM location: 0x201B ROOT
IP Patricia Tree Summary:
Number of IP entries: 18
Number of Host Entries: 2
Number of Network Entries: 10
Number of Good Synthetic entries: 7
Number of Dirty Synthetic entries: 1
|
| Reference: Contributed by Hank Nussbacher <hank@att.net.il>
|
|
|
|
show epc patricia <interface> mac |
privileged exec |
IOS (Cat 2948G-L3, 4908G-L3) |
| Layer 2 forwarding table entries for a given MAC address in
a bridge group are viewed using the show bridge bridge-group-number command.
However, bridge table entries on the Catalyst 2948G-L3 and 4908G-L3
switches are actually formed internally of at least two entries, one on the
source interface (where the device with that MAC resides) and one on each
destination interface (the interface where, based on the destination MAC in
the frame, the traffic sourced from that MAC is destined). This is because
the learning process for populating the bridging tables on the Catalyst
2948G-L3 and 4908G-L3 switches is actually distributed on a per-port basis
rather than on a switch-wide basis.
gepard#show epc patricia interface FastEthernet 9 mac
1# MAC addr:0000.0000.0000 VC:0 Entry:
2# MAC addr:0900.2b01.0001 MyMAC
3# MAC addr:0180.c200.0000 MyMAC
4# MAC addr:0100.5e00.0006 MyMAC
5# MAC addr:0100.5e00.0005 MyMAC
6# MAC addr:0100.5e00.0002 MyMAC
7# MAC addr:0100.0ccc.cccd MyMAC
8# MAC addr:0100.0ccc.cccc MyMAC
9# MAC addr:00e0.18c2.baf9 IF Number:24 Entry:Remote
10# MAC addr:00d0.b720.755e IF Number:16 Entry:Remote
11# MAC addr:00d0.b720.7357 IF Number:15 Entry:Remote
12# MAC addr:00d0.b720.6fc9 IF Number:13 Entry:Remote
13# MAC addr:00d0.b720.750f IF Number:14 Entry:Remote
14# MAC addr:0090.27dd.f9a6 IF Number:11 Entry:Remote
15# MAC addr:0090.27d1.d47a IF Number:18 Entry:Remote
16# MAC addr:0090.27c3.f042 IF Number:8 Entry:Remote
17# MAC addr:0090.27b7.24d7 IF Number:17 Entry:Remote
18# MAC addr:00d0.b708.adb3 IF Number:12 Entry:Local
19# MAC addr:0030.6e12.099b IF Number:59 Entry:Remote
[...]
29# MAC addr:0002.b3ac.5474 IF Number:59 Entry:Remote
30# MAC addr:0003.9f17.980f HsrpMAC
31# MAC addr:0001.428b.d280 IF Number:4 Entry:Remote
32# MAC addr:0000.0c07.ac00 HsrpMAC
Total number of MAC entries: 32
|
| Reference: http://www.cisco.com/warp/public/473/47.html
|
|
|
|
show idb |
privileged exec |
IOS |
Show list of assigned software und hardware Interface
Descriptor Blocks (IDBs). Later IOS versions show the maximum number of
software IDBs, too.
vxr15#sh idb
Maximum number of IDBs 3000
26 SW IDBs allocated (2368 bytes each)
22 HW IDBs allocated (4064 bytes each)
HWIDB#1 1 FastEthernet0/0 (HW IFINDEX, Ether)
...
|
| Reference:
|
|
|
|
show inband |
privileged exec |
XID/CatOS |
| Comment by Francois:
This command outputs statistics about the internal Catalyst 6000 memory
channel (interface between two supervisors in a redundant configuration).
Can help to diagnose this kind of error: 'InbandPingProcessFailure:Module 1
not responding over inband'.
Inband FX1000 Control Information
General Ctrl Regs:
RegsBase: 42000000
DevCtrl: 003C0001 DevStatus: 0000000F
TxCtrl: 000400FA RxCtrl: 0000821E
Tx Ctrl Regs:
TxDBase: 019AF000 TxDSize: 00002000
TxDHead: 383 TxDTail: 383
TxIpg: 00A00810
Rx Ctrl Regs:
RxDBase: 019AA000 RxDSize: 00004000
RxDHead: 993 RxDTail: 990
Inband PCI Information
DeviceID: 1000 VendorID: 8086
Status: 0200 Command: 0116
ClassCode: 020000 Revision: 03
Latency: FC CacheLine: 08
BaseAddr: 42000004
NonSwapAddr: 00000000 SwapAddr: 02000000
Inband Driver Information
Transmit:
FirstTxD: A19AF000( 0) LastTxD: A19B0FF0( 511)
TxHead: A19B0850( 389) TxTail: A19B0850( 389)
FreeTxDs: 00000512
Receive:
FirstRxD: A19AA000( 0) LastRxD: A19ADFF0(1023)
RxHead: A19ADDF0( 991) RxTail: A19ADDE0( 990)
FreeRxDs: 00001023
System:
SpurIntrs: 00000000 OutofMbufs: 00000000
TotalMbufs: 00013088 TotalMCls: 00005536
FreeMbufs: 00011532 FreeMCls: 00004043
MacAddr: 00D0017957FF Resynch: 00000000
Inband FX1000 Statistics
Transmit:
TxPkts: 61337989 TxBytes: 2412393989
Inband Stuck Count: 00000000
Pkts/Sec: 00000000 QueuedPkts: 00000000
LateColl: 00000000 ExcessColl: 00000000
Ovfl: 00000000 OvflRate: 00000000
JmboPktDrp: 00000000 MaxPktRcvd: 00000000
Detail Tx Pkt Info (clear on read)
64: 00000000 65-127: 50108072
128-255: 04559900 256-511: 00910493
512-1023: 00000600 1024-1522: 00988696
Bcast: 00000000 Mcast: 00000033
# pkts: 56567761
Receive:
RxPkts: 43941855 RxBytes: 2483893904
Pkts/Sec: 00000000 SeqErrInt: 00000000
Ovfl: 00000000 OvflRate: 00000000
OvInt: 00000000 OvIntRate: 00000000
CrcErrs: 00000000 SymbErrs: 00000000
ISLCrcErrs: 00000000 SeqErrs: 00000000
DescOv: 00000000 DescOvRate: 00000000
LenErrs: 00314103 DefrPkts: 00000000
Detail Rx Pkt Info (clear on read)
64: 00000000 65-127: 17144848
128-255: 25105957 256-511: 00849533
512-1023: 00497913 1024-1522: 00029504
Bcast: 00000000 Mcast: 00840799
Good pkt: 43627755 Undersize: 00000000
NoBuff: 00000000 Frags: 00000000
Oversize: 00314103 Jabber: 00000000
# pkts: 43941858
|
| Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
|
|
|
|
show interface cable <x>/0 privacy statistic |
privileged exec |
IOS |
| This hidden command may be used to view statistics on the
number of SIDs using baseline privacy on a particular cable interface.
Here is an example output of this command.
CMTS# show interface cable 4/0 privacy statistic
CM key Chain Count : 12
CM Unicast key Chain Count : 12
CM Mucast key Chain Count : 3
|
| Reference: http://www.cisco.com/warp/public/109/docsis_bpi.shtml
|
|
|
|
show interfaces [<interface-name>] stats |
exec |
IOS |
| Show statistics on the switching path used (per interface or
all). |
| Reference:
|
|
|
|
show interfaces [<interface-name>] switching |
exec |
IOS |
| Produces detailed output on the switching paths used on a
particular interface (or on all interfaces). Also shows SPD statistics.
|
| Reference:
|
|
|
|
show ip cef [<network> [<netmask>]] internal |
privileged exec |
IOS |
Especially shows information about the CEF load sharing
logic.
router#show ip cef 141.1.0.0 255.255.0.0 internal
141.1.0.0/16, version 10758832, per-destination sharing
0 packets, 0 bytes
via 194.221.43.81, 0 dependencies, recursive
next hop 194.77.146.254, GigabitEthernet4/0/0 via 194.221.43.80/30
valid adjacency
Recursive load sharing using 194.221.43.80/30
Load distribution: 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 (refcount 48739)
Hash OK Interface Address Packets
1 Y GigabitEthernet0/0/0 195.244.119.164 0
2 Y GigabitEthernet4/0/0 194.77.146.254 0
3 Y GigabitEthernet0/0/0 195.244.119.164 0
4 Y GigabitEthernet4/0/0 194.77.146.254 0
5 Y GigabitEthernet0/0/0 195.244.119.164 0
6 Y GigabitEthernet4/0/0 194.77.146.254 0
7 Y GigabitEthernet0/0/0 195.244.119.164 0
8 Y GigabitEthernet4/0/0 194.77.146.254 0
9 Y GigabitEthernet0/0/0 195.244.119.164 0
10 Y GigabitEthernet4/0/0 194.77.146.254 0
11 Y GigabitEthernet0/0/0 195.244.119.164 0
12 Y GigabitEthernet4/0/0 194.77.146.254 0
13 Y GigabitEthernet0/0/0 195.244.119.164 0
14 Y GigabitEthernet4/0/0 194.77.146.254 0
15 Y GigabitEthernet0/0/0 195.244.119.164 0
16 Y GigabitEthernet4/0/0 194.77.146.254 0
|
| Reference: Project DOTU
|
|
|
|
show ip eigrp events [<as-num>] [<start-num>]
[<end-num>] |
privileged exec |
IOS |
| Show history of events for the EIGRP routing process.
|
| Reference:
|
|
|
|
show ip eigrp sia-event |
privileged exec |
IOS |
| Show SIA (stuck in active) events from the event history.
|
| Reference:
|
|
|
|
show ip eigrp timers [<as-num>] |
privileged exec |
IOS |
| List of timers associated with a EIGRP routing process.
|
| Reference:
|
|
|
|
show ip ospf bad-checksum |
privileged exec |
IOS |
|
|
| Reference:
|
|
|
|
show ip ospf delete-list |
privileged exec |
IOS |
|
|
| Reference:
|
|
|
|
show ip ospf events |
privileged exec |
IOS |
| Show history of events for the OSPF routing process.
|
| Reference:
|
|
|
|
show ip ospf maxage-list |
privileged exec |
IOS |
|
|
| Reference:
|
|
|
|
show ip ospf statistic |
privileged exec |
IOS |
| Show timing statistics about the SPF algorithm.
|
| Reference:
|
|
|
|
show ip route hash |
exec |
IOS |
| David writes: "The only usefulness of this seems to be to
identify the larger hash buckets and hence provide feedback to Cisco if the
hash algorithm is producing a particularly bad distribution into some
buckets."
Example output:
router#show ip route hash
nettable:
Bucket Majornets Subnettted Subnets
------------------------------------------
0 17 1 3
[...]
4095 18 0 0
supernettable:
0 16
[...]
4095 6
Routing table summary:
Total nets: 159234
Total major nets: 67731
Total super nets: 38199
|
| Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
|
|
|
|
show ip route profile |
privileged exec |
IOS |
See "ip route profile".
aspen#show ip route profile
IP routing table change statistics:
Frequency of changes in a 5 second sampling interval
-------------------------------------------------------------
Change/ Fwd-path Prefix Nexthop Pathcount Prefix
interval change add change change refresh
-------------------------------------------------------------
0 196 215 433 490 394
1 99 98 34 0 27
2 54 45 10 0 27
3 22 19 5 0 2
4 17 17 1 1 0
5 51 48 2 0 0
10 18 16 4 0 0
15 8 8 0 0 0
20 3 3 2 0 0
25 4 4 0 0 41
30 8 9 0 0 0
[...]
3905 1 1 0 0 0
7030 1 1 0 0 0
10155 0 0 0 0 0
13280 0 0 0 0 0
Overflow 5 5 0 0 0
|
| Reference: CSCdi76662
|
|
|
|
show ip spd |
config |
IOS |
Shows SPD mode, current and max size of IP process level
input queue, and status of external (SSE) SPD. SPD mode will be one of
disabled, normal, random drop, or full drop. The priority queue is where
high-precedence packets go.
labR4#show ip spd
Current mode: normal.
Queue min/max thresholds: 73/74, Headroom: 100, Extended Headroom: 10
IP normal queue: 0, priority queue: 0.
SPD special drop mode: none
|
| Reference: Cisco ISP Esssentials
|
|
|
|
show isdn memory detail |
exec |
IOS |
| Shows additional memory information.
|
| Reference:
|
|
|
|
show isdn service [<dsl> | <interface-name>]
detail |
exec |
IOS |
| Shows additional table named "Source of Service state" and
outputs the free channel mask (also shown by show isdn status).
|
| Reference: Josh Duffek <jduffek@cisco.com> on cisco-nas,
<026e01c189a1$b8229a60$4d721eac@cisco.com> |
|
|
|
show isdn status detail |
exec |
IOS |
| Shows additional status information, i.e. call reference id.
|
| Reference:
|
|
|
|
show isis private |
privileged exec |
IOS |
ctalkb#sh isis private
ISIS: FastPSNP cache (hits/misses): 0/4002
ISIS: LSPIX validations (full/skipped): 216271/490412
ISIS: LSP HT=0 checksum errors received: 0
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show isis timers |
privileged exec |
IOS |
Useful in that it provides a brief overview of execution
flow in the IS-IS process. Shows you the frequency of things like L1/L2
hello etc.
ctalkb#sh isis timers
Hello Process
Expiration Type
| 0.856 (Parent)
| 0.856 L2 Hello (Ethernet3/0)
| 6.352 L1 Hello (Ethernet3/0)
| 6.940 Adjacency
Update Process
Expiration Type
| 1.060 (Parent)
| 1.060 Ager
| 1.352 L2 CSNP (Ethernet3/0)
| 8.616 L1 CSNP (Ethernet3/0)
| 3:25.860 (Parent)
| 3:25.860 LSP refresh
| 9:02.160 LSP lifetime
| 9:24.568 LSP lifetime
| 17:16.084 LSP lifetime
| 20:58.536 Dynamic Hostname cleanup
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show isis tree |
privileged exec |
IOS |
Shows path and depth taken to get to other level 1/2
intermediate systems.
ctalkb#sh isis tree
IS-IS Level-2 AVL Tree
Current node = X.X.X.00-00, depth = 0, bal = 0
Go down left
Current node = X.X.Y.00-00, depth = 1, bal = 0
---> Hit node X.X.Y.00-00
Back up to X.X.X.00-00
Current node = X.X.X.00-00, depth = 0, bal = 0
---> Hit node X.X.X.00-00
Go down right
Current node = X.X.X.02-00, depth = 1, bal = 0
---> Hit node X.X.X.02-00
Back up to X.X.X.00-00
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show list [none] |
privileged exec |
IOS |
ctalkb#show list
List Manager:
1415 lists known, 1561 lists created
ID Address Size/Max Name
1 613EE970 11/- Region List
2 613EEE98 1/- Processor
3 613EFDE8 1/- I/O
4 613F0D38 1/- I/O-2
5 6149EDD0 0/- Sched Critical
6 6149ED90 0/- Sched High
7 6149EB00 0/- Sched Normal
ctalkb#show list none
List Manager:
1415 lists known, 1561 lists created
ID Address Size/Max Name
1 613EE970 11/- Region List
2 613EEE98 1/- Processor
3 613EFDE8 1/- I/O
4 613F0D38 1/- I/O-2
9 6149ED10 82/- Sched Idle
11 61499A50 8/- Sched Normal (Old)
12 6149CC10 1/- Sched Low (Old)
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show mbuf |
privileged exec |
XID/CatOS |
| Catalyst 5000: The main issue to observe with this command
is whether the switch is being starved for memory. Within the display,
"clusters" is the number of buffers that are available for NMP to process
incoming packets, which include any broadcast/multicast, management traffic.
"clfree" is the number of buffers that are available for the NMP at any
given time. If this is zero then this means that NMP has no buffers to
process any incoming frames. "lowest clfree" determines the lowest watermark
that NMP has hit at any time. If this value is zero but clfree is nonzero,
then this means that at one instance NMP ran out of buffers. This can be
because of a broadcast of a multicast storm in the management VLAN.
|
| Reference:
|
|
|
|
show memory big |
privileged exec |
IOS |
R1#show memory big
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 148364 15428764 4550340 10878424 10832564 10875604
25 largest free blocks in the system (biggest to lowest)
10875604, 1424, 644, 500, 108, 36, 28, 28, 28, 24, 5897388, 52466600, 5743730,
0, 0, 0, 1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446.
Count of firstfit: 7, bestfit: 2215118, maxout1: 0 maxout2: 0
I/O 4000000 2097152 398396 1698756 1641680 1698588
25 largest free blocks in the system (biggest to lowest)
1698588, 84, 84, 0, 0, 0, 0, 0, 0, 0, 5897388, 52466600, 5743730, 0, 0, 0,
1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446.
Count of firstfit: 0, bestfit: 366, maxout1: 0 maxout2: 0
|
| Reference: Project DOTU
|
|
|
|
show mls nfde |
privileged exec |
XID/CatOS |
NDE related info:
NDE enable : TRUE
Current Export Version : 7
IP address : 192.168.212.65 UDP port: 9996
Flows in nde buffer : 0
Nde flow limit : 27
Flow sequence : 26695012
Unused flows : 3591516
Non Ip Sc : 0
Filter mismatch : 0
Packets sent : 0
Flows dropped at swover: 109788930
Comment by Francois on the output above:
This command allows to debug NetFlow data export on Catalyst 6000. 'Flows
in nde buffer' should grow until a threshold and then get flushed to the
collector ('Packets sent'). In this particular case, the Catatyst 6000
series switch is hit by a bug which renders flow exports impossible and so
the counter keeps rising.
|
| Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
|
|
|
|
show mls status |
exec |
Cat 6000 Native IOS |
| Show multilayer switching status.
|
| Reference: New product training Catalyst 6000
|
|
|
|
show mmc np5400 [config|flows|get|indications|ports|queue|registers|stat|send]
[...] |
privileged exec |
IOS (Cat 2948G-L3, 4908G-L3) |
|
|
| Reference:
|
|
|
|
show mpls interfaces internal all |
privileged exec |
IOS |
| Displays detailed information about all of the MPLS
interfaces in the router. If the used IOS image supports the MPLS Egress
NetFlow Accounting Feature then the output shows if MPLS Egress NetFlow
Accounting is enabled on the interface. |
| Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
|
|
|
|
show msfc |
privileged exec |
IOS (Cat 6k hybrid) |
On a MSFC1:
TORUMSFC1# show msfc
Network IO Interrupt Throttling:
throttle count=1149, timer count=1149
active=0, configured=1
netint usec=4000, netint mask usec=400
Interrupt Registers:
Revision: 1, Slot 1
Control : 0x1C
Enable : 0x3F
Status : 0x0
RSFC CPU IDPROM:
IDPROM image:
(FRU is 'MSFC Cat6k daughterboard')
IDPROM image block #0:
hexadecimal contents of block:
00: AB AB 01 90 12 98 01 00 00 02 60 03 00 CF 43 69 .............Ci
10: 73 63 6F 20 53 79 73 74 65 6D 73 00 00 00 00 00 sco Systems.....
20: 00 00 57 53 2D 46 36 4B 2D 4D 53 46 43 00 00 00 ..WS-F6K-MSFC...
[...]
|
| Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
|
|
|
|
show msfc |
privileged exec |
CatOS (Cat 6k hybrid) |
TORUSW6509 (enable) show msfc
MSFC Auto port state: enabled
|
| Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
|
|
|
|
show msfc nvram |
privileged exec |
IOS (Cat 6k hybrid) |
Dumps the ROMMON NVRAM portion on a MSFC1.
TORUMSFC1# show msfc nvram
000: AA 55 01 00 02 DF EF F5 78 77 FB BF 00 00 00 00 .U......xw......
010: 00 00 00 00 01 02 FE FD FE ED FA CE 00 00 00 00 ................
[...]
|
| Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
|
|
|
|
show parser modes |
privileged exec |
IOS |
ctalkb#show parser modes
Parser modes:
Name Prompt Top Alias Privilege
exec 0x60EFB294TRUE TRUE
configure config 0x60EFABACTRUE TRUE
interface config-if 0x60EF7AECTRUE TRUE
subinterface config-subif 0x60EF7AECTRUE FALSE
null-interface config-if 0x60EFB368TRUE TRUE
line config-line 0x60EF3F84TRUE TRUE
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show parser unresolved |
privileged exec |
IOS |
ctalkb#sh parser un
Unresolved parse chains:
40
40
198
198
322
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
show polaris fibmgr usage |
privileged exec |
CatOS (Cat 6k hybrid) |
| Displays some useful about the FIB TCAM and the adjacency
table when using the PFC2.
Example output:
[...]
Total FIB entries: 262144
Allocated FIB entries: 13894
Free FIB entries: 248250
FIB entries used for IP ucast: 13853
FIB entries used for IPX : 1
FIB entries used for IP mcast: 40
Total adjacencies: 262144
Allocated adjacencies: 1365
Free adjacencies: 260779
Adjacencies used for IP ucast (FIB) : 288
Adjacencies used for IPX (FIB) : 3
Adjacencies used for IP mcast (FIB) : 36
Adjacencies used for IP mcast (Netflow) : 0
Adjacencies used for Policy Routing : 1023
Adjacencies used for Feature Manager (Netflow): 0
Adjacencies used for Local Director : 0
Adjacencies used for Diagnostics : 5
Adjacencies used for FTEP : 10
[...]
|
| Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
|
|
|
|
show region |
privileged exec |
IOS |
| Displays how the memory is partitioned into different
regions.
From a cisco 7140:
maple#show region
Region Manager:
Start End Size(b) Class Media Name
0x0B800000 0x0BFFFFFF 8388608 Iomem R/W iomem2
0x20000000 0x23FFFFFF 67108864 Iomem R/W iomem
0x5B800000 0x5BFFFFFF 8388608 Iomem R/W iomem2:(iomem2_cwt)
0x60000000 0x6B7FFFFF 192937984 Local R/W main
0x60008950 0x612D4D8C 19711037 IText R/O main:text
0x612D6000 0x6137A3BF 672704 IData R/W main:data
0x6137A3C0 0x6155A57F 1966528 IBss R/W main:bss
0x6155A580 0x6B7FFFFF 170547840 Local R/W main:heap
0x70000000 0x73FFFFFF 67108864 Iomem R/W iomem:(iomem_cwt)
0x80000000 0x8B7FFFFF 192937984 Local R/W main:(main_k0)
0xA0000000 0xAB7FFFFF 192937984 Local R/W main:(main_k1)
|
| Reference: Inside Cisco IOS Software Architectures
|
|
|
|
show region address <address> |
privileged exec |
IOS |
| Show to which region a certain address belongs.
From a cisco 7140:
maple#show region address 0x6137A3BF
Address 0x6137A3BF is located physically in :
Name : data
Class : IData
Media : R/W
Start : 0x612D6000
End : 0x6137A3BF
Size : 0x000A43C0
|
| Reference: Inside Cisco IOS Software Architectures
|
|
|
|
show slip |
exec |
IOS |
alder#show slip
Async protocol statistics:
Int Local Remote Qd InPack OutPac Inerr Drops MTU
97 10.0.0.1 None 0 17593 368518 0 1071 1500
98 10.0.0.1 None 0 19774 384754 0 1995 1500
[...]
113 10.0.0.1 None 0 19107 362360 0 817 1500
114 10.0.0.1 None 0 19438 428691 0 1424 1500
Rcvd: 341389 packets, 7115582 bytes
0 format errors, 139791 checksum errors, 0 overrun
Sent: 6920660 packets, 640291923 bytes, 31864 dropped
|
| Reference:
|
|
|
|
show snmp chassis |
privileged exec |
IOS |
| Display SNMP chassis id.
|
| Reference:
|
|
|
|
show snmp community |
privileged exec |
IOS |
Shows a list of communities that IOS knows about.
oak#show snmp community
ILMI ILMI volatile active
public public volatile active
|
| Reference:
|
|
|
|
show snmp host |
privileged exec |
IOS |
| Show list of host receiving traps.
|
| Reference:
|
|
|
|
show snmp location |
privileged exec |
IOS |
| Show snmp location.
|
| Reference:
|
|
|
|
show snmp mib |
privileged exec |
IOS |
| Show list of implemented MIBs.
|
| Reference:
|
|
|
|
show snmp newcom |
privileged exec |
IOS |
|
|
| Reference:
|
|
|
|
show snmp notify |
privileged exec |
IOS |
router#show snmp notify
snmpNotifyName : trap
tag: trap type: trap
nonvolatile
|
| Reference:
|
|
|
|
show sum |
privileged exec |
IOS |
| Show current stored image checksum.
|
| Reference:
|
|
|
|
show sum |
exec |
IOS |
router>show sum
New checksum of 0xEDE08607 matched original checksum
|
| Reference:
|
|
|
|
show tcam ... |
exec |
Cat 6000 Native IOS |
cosmos#show tcam ?
and-or and-or keyword
capability-map capability-map keyword
detail detail keyword
dynamic-entries dynamic entries keyword
first first keyword [further arguments required]
label label keyword [further arguments required]
lou lou keyword
redirects redirect indices keyword
region region keyword
start start keyword
statistics statistics keyword
type type keyword [further arguments required]
vlan vlan keyword [further arguments required]
window window keyword [further arguments required]
Some of these keywords must or can have further arguments. |
| Reference: New product training Catalyst 6000
|
|
|
|
snmp-server priority {low | normal | high} |
config |
IOS |
| Global configuration command can be used to change the
priority of SNMP processes. To avoid extensive polling, the priority should
be set to low . All SNMP queries sent to a router are prioritized as either
low or medium priority, depending on the version of code run by the route
processor. This means that processes with a higher priority than the SNMP
process will be serviced before SNMP. So, regardless of SNMP polling
intensity, routing processes will generally be processed before SNMP
requests because route processes are high priority. |
| Reference:
|
|
|
|
spd headroom <n> |
config |
IOS |
| Default value is 100. Specifies how many high-precedence
packets we will enqueue over the normal input hold queue limit. This is to
reserve room for incoming high precedence packets. Is "ip spd headroom" in
11.1CC. |
| Reference: Cisco ISP Esssentials, CSCdk31898
|
|
|
|
tcam priority high|low|medium |
config-if |
Cat 6000 Native IOS |
| If TCAM is full, interfaces with a higher priority will be
prefered when loading access-lists etc. into the TCAM. |
| Reference: New product training Catalyst 6000
|
|
|
|
test aaa group radius <username> <password> |
privileged exec |
IOS |
Send a test authentication request.
alder#test aaa group radius test test
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.
alder#test aaa group radius mon mon
Attempting authentication test to server-group radius using radius
User was successfully authenticated.
Sends the following RADIUS attributes:
Wed Aug 1 21:00:19 2001
NAS-IP-Address = 194.221.19.47
NAS-Port-Type = Async
User-Name = "mon"
Timestamp = 996692419
|
| Reference:
|
|
|
|
test aim eeprom slot <n> |
privileged exec |
IOS |
cisco#test aim eeprom slot 1
AIM Slot [1]:
Use NMC93C46 ID EEPROM [y]:
AIM Slot 1 eeprom (? for help)[?]: ?
d - dump eeprom contents
e - erase all locations (to 1)
p - primitive access
q - exit eeprom test
z - zero eeprom
'c' rules of radix type-in and display apply.
AIM Slot 1 eeprom (? for help)[?]: d
Slot 1, 0x00: FF FF FF FF FF FF FF FF
Slot 1, 0x08: FF FF FF FF FF FF FF FF
Slot 1, 0x10: FF FF FF FF FF FF FF FF
Slot 1, 0x18: FF FF FF FF FF FF FF FF
Slot 1, 0x20: FF FF FF FF FF FF FF FF
Slot 1, 0x28: FF FF FF FF FF FF FF FF
Slot 1, 0x30: FF FF FF FF FF FF FF FF
Slot 1, 0x38: FF FF FF FF FF FF FF FF
Slot 1, 0x40: FF FF FF FF FF FF FF FF
Slot 1, 0x48: FF FF FF FF FF FF FF FF
Slot 1, 0x50: FF FF FF FF FF FF FF FF
Slot 1, 0x58: FF FF FF FF FF FF FF FF
Slot 1, 0x60: FF FF FF FF FF FF FF FF
Slot 1, 0x68: FF FF FF FF FF FF FF FF
Slot 1, 0x70: FF FF FF FF FF FF FF FF
Slot 1, 0x78: FF FF FF FF FF FF FF FF
|
| Reference: Contributed by Damjan Marion <Damjan.Marion@iskon.hr>
|
|
|
|
test crash |
privileged exec |
IOS |
| Trigger all kinds of crashes. Test crashinfo functionality.
Test RSP failover. |
| Reference:
|
|
|
|
test mbus power <slot> on|off |
privileged exec |
GSR IOS |
| Turn power of GSR linecard on or off.
|
| Reference:
|
|
|
|
test ppp echotimeout <interface-name> |
privileged exec |
IOS |
| Test PPP LCP echo timeout. Seems to simulate a PPP LCP echo
timeout on the router where this command is issued. After this command line
protocol changes to down, PPP parameteres are renegotiated and the line
comes up again. |
| Reference:
|
|
|
|
test transmit |
privileged exec |
IOS |
ctalkb#test transmit
interface: Ethernet3/0
total frame size [100]:
1) To this interface
2) To another interface
9) Ask for everything
Choice: 2
Encapsulation Type:
1) Ethertype
2) SAP
3) SNAP
4) SNAP (Cisco OUI)
5) SNAP (EtherV2 OUI)
6) Novell 802.3
Choice: 1
Protocol type:
1) IP
2) XNS
3) IPX
9) Ask for everything
Choice: 1
|
| Reference: Phrack, Volume 0xa, Issue 0x38
|
|
|
|
tracy_close <module> <port> |
exec |
XID/CatOS with WS-X6608-T1 or WS-X6608-E1 |
| Stops the tracing output started with "tracy_start". See "tracy_start".
|
| Reference: From Heinz Ulm's web site, originally from Martin
Gagnon, Canada |
|
|
|
tracy_start <module> <port> |
exec |
XID/CatOS with WS-X6608-T1 or WS-X6608-E1 |
| Displays tracing information useful for debugging the Cisco
6608 Gateway. The output is identical to the one produced by the Dick Tracy
debugging tool from Cisco. |
| Reference: From Heinz Ulm's web site, originally from Martin
Gagnon, Canada |
|
|
|
traffic-shape fecn-create |
config-if |
IOS |
| This hidden command enables setting the FECN bit in all
outgoing packets that have been delayed due to traffic shaping.
Requirements: GTS must be enabled and the interface has to be set to
frame-relay encapsulation.
|
| Reference:
|
|
|
|
ttcp |
privileged exec |
Cisco 7200/7500, IOS |
Start a TCP data server/receiver for TCP performance testing
between two Cisco 7500 router:
Router#ttcp
transmit or receive [receive]: transmit
Target IP address: 1.1.1.1
perform tcp half close [n]:
send buflen [8192]:
send nbuf [2048]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
buffering on writes [y]:
show tcp information at end [n]:
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp -> 1.1.1.1
%Connect failed: Destination unreachable; gateway or host down
Router#ttcp
transmit or receive [receive]:
perform tcp half close [n]:
receive buflen [8192]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
rcvwndsize [4128]:
delayed ACK [y]:
show tcp information at end [n]:
ttcp-r: buflen=8192, align=16384/0, port=5001
rcvwndsize=4128, delayedack=yes tcp
From the Open Forum:
Question: When using the Cisco hidden command ttcp (to generate traffic),
what do the following values for this command mean:
perform tcp half close [n]
send bufflen [8192]:
send nbuf [2048]
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
show tcp information at end [n]:
Answer:
Half close is regarding the tcp syn-ack; send bufflen is the size of the
packet to be sent; send nbuf is the number of packets sent; bufalign is
create a ''matrix'' of sent data in either a linear or non-linear model of
testing throughput and pattern analysis; setoffset is the offset of created
data in the packet; port is the tcp/udp port the data is sent on, and
sinkmode tells the device to ignore other network traffic or not.
|
| Reference:
|
|
|
|
tx-queue-limit |
config-if |
IOS |
| Hidden command which seems to be an alias for the documented
tx-ring-limit command. |
| Reference: CSCdk17210
|
|
|
|
virtual-template <template-num> pre-clone <num> |
config |
IOS |
| Pre-clone specified number of Virtual-Access interfaces.
Hidden in 12.1 mainline. Visible in 12.1T.
Where <template-num> is the vtemplate number and <num> is the number of
sessions you wish to pre-clone. Please note that with l2tp [by default], if
you choose to pre-clone you are limited to the number of sessions you
pre-cloned. i.e. if you pre-clone 1000 sessions, you cannot set up more then
1000 sessions for the given virtual-template.
|
| Reference:
|
|
|
|
vpdn ip udp ignore checksum |
config |
IOS |
| This command tells the router to ignore the checksum on UDP
packets used by L2TP/L2F and can be used to temporarily reduce CPU load.
This probably is per the suggestion in RFC 2661, section 8.1: "The
default for any L2TP implementation is that UDP checksums MUST be enabled
for both control and data messages. An L2TP implementation MAY provide an
option to disable UDP checksums for data messages. It is recommended that
UDP checksums always be enabled on control packets."
And Dennis Peng from Cisco added the following note (on cisco-nas):
Verification of the UDP checksum forces us into the process switching path
which will result in increased CPU usage. By default, Cisco LAC's will not
set the UDP checksum, so in a Cisco to Cisco environment, you don't need
this command. But other vendors may set the UDP checksum, so in a
multi-vendor environment, it is probably a good idea to include it. One big
vendor which sets the UDP checksum is Microsoft, their L2TP client does
this.
|
| Reference: Contributed by Ash Garg <Ash@telstra.net>
|
|
|
|
vpdn {l2f|l2tp} session table-size <size> |
config |
IOS |
| This command sets the number of buckets on the hash table
used for looking up multiplex IDs (session IDs in L2TP speak; both use a
16-bit namespace) and so finding the session control data structures. Each
tunnel has its own MID lookup table. <size> can range from 16 to 2048 but
cannot be greater than the number L2F/L2TP interfaces available (which is
platform dependent). The default number of buckets is platform dependent. If
<size> is not a power of two it is rounded down to the next power of two.
Some performance might be gained by increasing the hash table size and so
reducing the number of collisions at the expense of increased memory usage.
|
| Reference: Credits: Ash Garg <Ash@telstra.net>, Dennis Peng
<dpeng@cisco.com> |
|
|
