Escolar Documentos
Profissional Documentos
Cultura Documentos
Undocumented IOS
Commands
Sobhan Sadeghi
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
and www.tripod.com
enjoy more !
info@ipsecurity.ir
[no] ip spd queue {min-threshold | max-threshold} <n> show banff-reset (XID/CatOS, Catalyst 5000 series with NFFC)
(IOS)
[no] spd enable (IOS)
aaa pod server [port <port number>] [auth-type {any | show epc (IOS)
all | session-key}] server-key <string> (IOS (>=
11.3(7)AA))
show epc acl lookup {in|out} (IOS (Cat 2948G-L3, 4908GL3, 8540))
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ais-enable (IOS)
csim (IOS)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
gdb {kernel | pid <pid-num> | {examine | debug} <pid- show mls nfde (XID/CatOS)
num>} (IOS)
h323 h245 tunnel defer (IOS)
ip cache-invalidate-delay <minimum-delay>
show msfc (IOS (Cat 6k hybrid))
<maximum-delay> <quit-interval> (IOS (>=10.3(8) and
>=11.0(3)))
ip ospf interface-retry <retries> (IOS)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
priv ()
ps -c (XDI/CatOS)
radius send service-type call-check (IOS (>= 12.1(4)T)) test aim eeprom slot <n> (IOS)
radius-server authorization default Framed-Protocol
ppp (IOS)
tx-queue-limit (IOS)
Command Name
Configuration
Mode
Platform / Software
config
IOS
config
IOS
config
IOS
config
Sets lower and upper ip process-level queue thresholds for SPD. With SSE
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
based SPD, lower precedence packets are randomly dropped when the queue size
hits min-threshold. The drop probability increases linearly with the queue
size until max-threshold is reached, at which point all lower precedence
packets are dropped. For regular SPD, lower precedence packets are dropped
when the queue size reaches min-threshold. Defaults are 50 and 75,
respectively. These values were not based on real life experience and may
need some tuning.
Reference: Cisco ISP Esssentials
aaa pod server [port <port number>] [auth-type {any | all | session-key}] serverkey <string>
config
Syntax Description
port <port number>(Optional) The network access server port to use for POD requests. If no
port is specified, port 1700 is used.
allOnly a session that matches all four key attributes is disconnected. All
is the default.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
<string>The secret text string that is shared between the network access server
and the client workstation. This secret string must be the same on
both systems.
This command is now documented as of 12.2(8)T.
Reference:
ais-enable
config-if
IOS
config
IOS
that re-appear:Modem CD dropped unexpectedly. User exceeded timelimit ARAP connection was terminated. v42_input running (may be
low memory) v42_output running (may be low memory) Force Quit pak v42bisflush C Carrier dropped during startup
Reference: CSCdi68276, CSCdi57713
bgp common-administration
config-router bgp
IOS
Reference:
config-router bgp
IOS
config-router bgp
IOS
config-if
IOS
privileged exec
IOS
privileged exec
IOS
config-controller
IOS
exec
IOS
bgp redistribute-internal
Normally redistributing BGP into another protocol only redistributes EBGP
routes. Using this command will also redistribute IBGP routes. Hidden
in IOS versions prior to 12.1.
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
csim
With the command csim you can emulate a voice call. Its like sombody calls
the specified number. Usefull, if you dont have physically access to the
telephone:Sucessfull call:wg1r1#csim start 089150 csim: called number = 089150, loop count = 1 ping count = 0 csim err
csimDisconnected recvd DISC cid(21) csim: loop = 1, failed = 1 csim: call attempted = 1, setup failed = 1, tone failed = 0Call to an
undefined number:
wg1r1#csim start 089151 csim: called number = 089151, loop count = 1 ping count = 0 csim err:csim_do_test Error peer not found
Reference:
debug buffer
privileged exec
IOS
privileged exec
IOS
Crypto ISAKMP internals debugging.Example output during ISAKMP SA establishment:6w3d: ISAKMP cookie gen for src 62.245.147.66
dst 195.244.119.2 6w3d: ISAKMP cookie B5FCAD89 B2BD7BFF 6w3d: ISAKMP: find_me a=(src 62.245.147.66 dst 195.244.119.2 state 0,
init 1) b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0) 6w3d: my_cookie a B5FCAD89 9BEC22F8 6w3d: my_cookie b B5FCAD89 B2BD7BFF
6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b 00000000 00000000 6w3d: ISAKMP: compare a=(src 62.245.147.66 dst
195.244.119.2 state 0, init 1) b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 6w3d: my_cookie a B5FCAD89 9BEC22F8 6w3d:
my_cookie b B5FCAD89 9BEC22F8 6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b DB28B716 6D61AE4F 6w3d: ISAKMP
cookie gen for src 195.244.119.2 dst 62.245.147.66 6w3d: ISAKMP cookie 10FA17FE 2C76366D 6w3d: ISAKMP: find_me a=(src
62.245.147.66 dst 195.244.119.2 state 0, init 1) b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0) 6w3d: my_cookie a B5FCAD89 9BEC22F8 6w3d:
my_cookie b 10FA17FE 2C76366D 6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b 00000000 00000000 6w3d: ISAKMP:
compare a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 6w3d: my_cookie a
B5FCAD89 9BEC22F8 6w3d: my_cookie b B5FCAD89 9BEC22F8 6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b
DB28B716 6D61AE4F
Reference:
privileged exec
IOS
Crypto ISAKMP packet debugging.Example output during ISAKMP SA establishment:6w3d: -Traceback= 80A36FE0 80A3A5C0
80A3D41C 809F0880 809F8A34 809F301C 809F33DC 809F5228 801710CC 6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C
809F8494 809F87C0 809F8C20 809F301C 809F33DC 809F5228 801710CC 6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d: SA payload 6w3d: PROPOSAL 6w3d: TRANSFORM 6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_NO_STATE 6w3d: ISAKMP: Main Mode packet contents (flags 0, len
72): 6w3d: SA payload 6w3d: PROPOSAL 6w3d: TRANSFORM 6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809FF460
80A00E0C 80A01070 809FBEBC 809F99B8 809F468C 809F51C8 801710CC 6w3d: ISAKMP: Main Mode packet contents (flags 0, len
204): 6w3d: KE payload 6w3d: NONCE payload 6w3d: VENDOR payload 6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
MM_SA_SETUP 6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_SA_SETUP 6w3d: ISAKMP: Main Mode packet
contents (flags 0, len 184): 6w3d: KE payload 6w3d: NONCE payload 6w3d: ISAKMP: Main Mode packet contents (flags 1, len 64): 6w3d:
ID payload 6w3d: HASH payload 6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_KEY_EXCH 6w3d: ISAKMP (0:1):
received packet from 195.244.119.2 (I) MM_KEY_EXCH 6w3d: ISAKMP: Main Mode packet contents (flags 1, len 68): 6w3d: ID payload
6w3d: HASH payload 6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 168): 6w3d: HASH payload 6w3d: SA payload 6w3d:
PROPOSAL 6w3d: TRANSFORM 6w3d: NONCE payload 6w3d: ID payload 6w3d: ID payload 6w3d: ISAKMP (0:1): sending packet to
195.244.119.2 (I) QM_IDLE 6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) QM_IDLE 6w3d: ISAKMP: Quick Mode packet
contents (flags 1, len 172): 6w3d: HASH payload 6w3d: SA payload 6w3d: PROPOSAL 6w3d: TRANSFORM 6w3d: NONCE payload
6w3d: ID payload 6w3d: ID payload 6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 52): 6w3d: HASH payload 6w3d: ISAKMP
(0:1): sending packet to 195.244.119.2 (I) QM_IDLE
Reference:
privileged exec
IOS
privileged exec
IOS
Activate debugging output for dialer hold queue events.Jan 13 14:56:03.240: Se0/1:15 DDR: Creating holdq 626B1B9C Jan 13
14:56:03.240: DDR: Assigning holdq 626B1B9C to 627923F8 Jan 13 14:56:09.208: DDR: Assigning holdq 626B1B9C to 61B667F4 Jan 13
14:56:09.208: DDR: freeing dialer holdq 626B1B9C (Ref ptr 61B667F4) Jan 13 14:56:09.208: DDR: Dialing failed, 0 packets unqueued and
discarded Jan 13 14:56:09.208: : 2 packets unqueued and discarded
Reference:
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
debug oir
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Activate OIR debugging.ctalkb#debug oir Online Insertion and Removal debugging is on 2w3d: OIR: Process woke, Event, stall=2,
usec=0xB6835B36 -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR: Shutdown pulled interface for Serial5/0 -Traceback=
600E30C4 60409204 604096C8 603B6D2C 603B6D18 2w3d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled Traceback= 60409748 603B6D2C 603B6D18 2w3d: OIR: Remove hwidbs for slot 5 -Traceback= 60409368 60409750 603B6D2C
603B6D18 2w3d: OIR: Process woke, Event(max not running), stall=3, usec=0xD0115C9E -Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Process woke, Timer(max running), stall=3, usec=0xDDBB56D6 -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR:
(Re)Init card 5, retry_count=3 -Traceback= 60409894 603B6D2C 603B6D18 2w3d: %OIR-6-INSCARD: Card inserted in slot 5, interfaces
administratively shut down -Traceback= 604098BC 603B6D2C 603B6D18
Reference: Phrack, Volume 0xa, Issue 038
privileged exec
IOS
Aug 7 21:58:44.207 MEST: Look up of parser mode route-map succeeded Aug 7 21:58:45.923 MEST: Look up of parser mode configure
succeeded
Reference: Phrack, Volume 0xa, Issue 038
debug sanity
privileged exec
IOS
config-if
IOS
config-if
IOS
With this command every buffer that is used in the system is sanity-checked
when it is allocated and when it is freed. This can sometimes be used to
pinpoint memory corruption problems when analyzing a core dump which was
generated with this debug option in effect.
Reference:
dialer disable-multiencaps
Revert to premultiencapsulation on the dialer profile.
Reference: CSCdp95164
dialer mult-map-same-name
If distinct dialer maps to different destinations share the same remote
name, traffic will fail to pass on the 2nd and subsequent sessions. This
ability is implemented 1n 12.0T as a hidden command. dialer
mult-map-same-name allows 2 users to dial in to the dialer with the same ppp
user_name. Its behaviour with other dialer features is currently
unpredictable and should be used with caution.
Reference: CSCdk28459 allow multi users w/ same name
Set size of event log. Setting it to zero deletes event log buffers.
Default log buffer size is 500 events.
Reference:
eigrp event-logging
eigrp kill-everyone
enable engineer
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
exec
XDI/CatOS
Catalyst 5000 series with Supervisor Engine I:You will be prompted for a password. It has the following format:
VTY
VTY
HW
FW
SW
That is, the VTY password followed by the VTY password again, followed by
the hardware version, followed by the software version(no spaces, do not
type the dots in the versions).
Catalyst 5000 series with Supervisor-Engine II and III and Catalyst 6000
series with Supervisor I and II:
Format for the password is:
VTY
HW
FW
SW
VTY
That is, the VTY password followed by the VTY password again, followed by
the hardware version, followed by the software version (no spaces, do not
type the dots in the versions).
Reference:
frame-relay fecn-create
config-map-class
IOS
privileged exec
IOS
IOS
privileged exec
config
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
config
config-if
IOS
From Cisco DE (slightly edited):The motivation for this command is a timing problem where OSPF fails to
determine the state of an interface. The solution was for OSPF to poll the
interface for a while to verify its state. The hidden command allows us to
lengthen the polling period on routers that have a large number of
interfaces. The polls occur every 10 seconds and the command controls the
number of polls that will be done. With a setting of 0 retries there will be
no extra polling.Default number of retries is 10.
ip route profile
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
config
IOS
As disclosed by Aaron Leonard from Cisco on cisco-nas:Date: Thu, 11 Sep 2003 09:34:53 -0700 (PDT) From: Aaron Leonard
<Aaron@cisco.com> Subject: Re: [cisco-nas] IP Route Profile In-reply-to: Your message dated Wed, 10 Sep 2003 22:21:02 -0500
<10e701c37813$bad83870$5370cd41@dellbert> To: Beprojects.com <info@beprojects.com> Cc: cisco-nas@puck.nether.net [...] ip
route profile was implemented way back in late 96 by CSCdi76662. However we have historically refrained from documenting this
(CSCdk01634, CSCdz19775) as this has been declared to be a hidden command that should not be used by customers. However, in fact
this is NOT a hidden command so Ive just now gone ahead and reopened CSCdz19775. Introduction The Route Table Profiling feature
was developed to assist network engineers in monitoring routing table fluctuations, which may be the result of route flapping, network
failure, or network service restoration. This feature was added in CSCdi76662 to the 11.1CC train of Cisco IOS. The Route Table Profiling
feature is an undocumented and unsupported feature. There is no MIB support provided. Configuration The Route Table Profiling feature is
enabled globally. The command is ip route profile in global configuration mode. This feature can be disabled with the command no ip
route profile in global configuration mode. Routing table change statistics can be viewed with the show ip route profile command in exec
mode.
Reference: CSCdi76662
privileged exec
config-if
IOS (>=11.2)
config
IOS
ipx server-split-horizon-on-server-paths
This global configuratiom command specifies that split horizon SAP
occurs on server paths.This command is documented in DDTS CSCdm12190. From the release note:By default, split horizon blocks
information about periodic SAPs from being
advertised by a router to the same interface on which the best route to that
SAP is learned. But in the case where the SAP may be learned from
interfaces other than (or in addition to) the interface on which the best
route to that SAP is learned, enabling ipx
server-split-horizon-on-server-paths will reduce unnecessary periodic SAP
updates as that SAP will not be advertised to the interface(s) where it was
learned from; this will also prevent potential SAP loop in the network.
Reference: CSCdm12190
config
IOS (>=11.3(1.3))
config-if
privileged exec
IOS
config-router
IOS
config-if
IOS
config-router bgp
IOS
config
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
no logging snmp-authfail
Reference: CSCdv04268
no ppp microcode
config-if
IOS
config
IOS
config-if
IOS
config-if
IOS
config-if
IOS
config-if
IOS
config-if
IOS
config-if
IOS
no snmp-server sparse-tables
Fully populate all SNMP tables even if an object id
is not applicable in a specific case.
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference: CSCdk45054
Reference:
priv
ROMMON
ps -c
privileged exec
XDI/CatOS
config
From: Dennis Peng <dpeng@cisco.com> To: scott.list <scott.list@mlec.net> Cc: cisco-nas@external.cisco.com Message-ID:
<20010331195613.D28415@sj-cse-320.cisco.com> I assume you have preauthentication already configured? By default, we send
Service-Type = Outbound-User. In 12.1(4)T and later, you can configure the (hidden) command radius send service-type call-check to
change the value from Outbound-User to Call-Check. I submitted CSCdt85947 to get the command unhidden and documented. Here is the
release-note I attached: The command radius send service-type call-check is hidden. This command is available in 12.1(4)T and later and
is used to change the value of the Service-Type RADIUS attribute the access server sends when doing pre-authentication. The default is to
send Outbound-User (5). With this command configured, we will send Call-Check (10). This is useful in a multi-vendor environment as well
as when migrating an existing RADIUS database for use withe Cisco access server.
Reference: CSCdt85947
config
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
This hidden command assumes that the RADIUS Framed-Protocol attribute is PPP
when no Framed-Protocol attribute is present in a RADIUS server reply packet.
config
IOS
This hidden command seems to allow RADIUS server replies in which the
Service-Type attribute is missing.
radius-server unique-ident
config
Directly from the DDTS release note:The hidden command radius-server unique-ident can be used to try to
ensure that RADIUS session IDs are unique across IOS boots. It will have
the side effect of automatically writing the IOS configuration to NVRAM some
time after booting.When the router parses the command radius-server unique-ident it sets the
unique-ident variable to (n+1) and all accouting records have a prefix of
(n+1). When you look at the configuration or write the configuration to
NVRAM, it is also shows radius-server unique-ident.
If the box is reloaded, upon booting the router will parse radius-server
unique-ident and then set the unique-ident variable to (n+2) and all
accounting records have a prefix of (n+2). When you look at the
configuration or write the configuration to NVRAM, is will show
radius-server unique-ident.
Reference: CSCdu77149
IOS
service download-fl
config
GSR IOS
config
IOS
config
IOS
config
IOS
Force the GRP to download its own version of the Fabric Downloader to the
line card before attempting to start Cisco IOS.
Reference: http://www.cisco.com/warp/public/63/17.html
service internal
Activate some Cisco commands normally used for internal testing.
Reference:
service unsupported-transceiver
Enables the use of third-party SFP or GBIC modules on Cisco switches but note the warning
service-policy classify-per-feature
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
below.Example output:Switch(config)#service unsupported-transceiver Warning: When Cisco determines that a fault or defect can be
traced to the use of third-party transceivers installed by a customer or reseller, then, at Ciscos discretion, Cisco may withhold support
under warranty or a Cisco support program. In the course of providing support for a Cisco networking product Cisco may require that the
end user install Cisco transceivers if Cisco determines that removing third-party parts will assist Cisco in diagnosing the cause of a support
issue.
config
IOS
privileged exec
XID/CatOS
platforms.After this fix, each packet will be matched for a matching class under the
policy-map until a match is found. Matching terminates at the first matching
class and all features configured under the class act on the packet. In the
current IOS releases, matching happens across all classes under a policy
until the first matching class is found for every configured QoS feature.
To maintain backward compatibility a hidden knob called service-policy
classify-per-feature knob is introduced. When configured, the behaviour
reverts to the current existing behaviour. By way of this fix, the default
behaviour will be common for all platforms. This fix is going to affect 7200
and other non-distributed platforms only.
Reference: CSCds43683
Enable tracing of the specified subsystem.Possible category names (most certainly depending on CatOS version):acct, acl, all, bdd, cdp,
config, dhcp, diag, dns, dot1x, drip, dtp,
dupflash, dupnvram, dynvlan, earl, envmon, eobc, epld, essr, evmgr,
fabric, fcp, fddi, fib, filesys, fpoe, garp, gvrp, hamgr, http,
inband, ipc, kerberos, l3age, l3sup, lane, ld, llc, ltl, mbuf, mcast,
mdg, memdbg, mls, mlsm, modport, ntp, nvsync, oob, pagp, protfilt,
pruning, privatevlan, qde, qos, radius, redundancy, rsfc, rsvp, rtios,
rtipc, rticc, runtimecfg, scp, security, slp, snmp, span, spantree,
ssh, syncmgr, synfig, syslog, tacacs, test, tftp, tftpd, udld, verb,
vlanmgr, vmps, vtp.
privileged exec
XID/CatOS
privileged exec
XID/CatOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Comment by Francois on this command:Displays various statistics about the ACL subsystem and associated hardware
components. There are some interesting counters like compilation errors and
also usage counters for various tables (different masks, subnets, etc).
Useful when you cant commit your ACL with a TCAM error message.ACL: local stats table Messaging
- rxScpMsg: 0 rxScpMsgAbort: 0 rxAclMsg: 1257 rxAclMsgAbort: 0 aclMsgUnknownType: 0 outOfSequence: 0 appIdMisUse: 0
intfConfError: 0 msgSendFailed: 1 appIdDifferAfterSwover:0 ignoreRaclOverride: 1 draco-id: 65535-ffffffff-ffffffff draco-id: 33-ffffffff-ffffffff
Resources - ACL malloc fail: 0 noLou: 0 noMask: 0 noCapmap: 0 tcamFull: 0 compilerErr: 18
noLabel: 0 louExpandGt: 0 louExpandLt: 0 louExpandNeq: 0 louExpandRange: 0 freeListRebuild: 0 Acl engine stats
- perseusL3Parity: 0 perseusSequenceErr: 0 perseusLabelOverflow: 0 perseusCamLookupErr: 0 perseusDbusErr: 0
perseusCpuParityErr: 0 perseusIPChecksumErr: 1 perseusShortPacketErr: 0 perseusCpuTmout: 0 **lookup fifo undeflow:0 Hardware
resource usage for ACL Tcam: label:3.73%, lou:20.31%, mask:11.86%, value:4.4% Acl manager stats
- aclRestarted: F Sec vacl restore done: T Lda vacl restore done: T Qos acl restore done: T Feature intf count: 0 HA stats
- activeHaCopyFail: 0 Gsync_count: 1 Sleep on gsync Gsync done Wakeup on gsync 14:58:43 14:58:45
14:58:45 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 000:00:00 00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show alignment
privileged exec
IOS
privileged exec
show banff-reset
There is a quiet recall on some Catalyst 5000 series switches that have the
EARL 1 chip NFFC and a data rate that exceeds 80MBS across the backplane
because of a defect that causes the ECB to reset continuously. Usually users
will report a network slowdown.This command will display the number of times the ECBs have reset since last
power on, a number of 1 for each ECB is normal. Numbers in the hundreds or
show caller
exec
IOS
privileged exec
IOS
exec
Show a lot of information about calls in a NAS environment. Lots of subcommands here.
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
the total switch utilization. An example is presented below:Switch#sh controller switch Switch registers: Device Type : 000040273
Congestion Threshold : 0x00000E95 Peak Total Allocation : 0x0000001A Total Allocation : 000000000 Peak Total Bandwidth :
000000020 Total Bandwidth : 000000000 Total Bandwidth Limit : 0x000003DE Lower Bandwidth Limit : 0x000003DE Switch Mode :
000040000 Switch#The Total Bandwidth Limit varies between different 2900XL and 3500XL models.
When the Total Bandwidth reaches the Total Bandwidth Limit value, the switch
has reached its full bandwidth capacity and begins to drop packets. The Peak
Total Bandwidth is the highest value attained by the Total Bandwidth since
the last time the show controller switch command was executed. Note, the
values for the above parameters are in hexadecimal.The Congestion Threshold value is used as conservative value for the maximum
global buffer utilization. When the buffer utilization noted by Total
Allocation reaches this value, the switch may drop frames. The Peak Total
Allocation value shows the highest value attained by the Total Allocation
since the last time the show controller switch command was executed. It is
possible for the Peak Total Allocation and/or the Total Allocation to be
greater than Congestion Threshold. If the Total Allocation reaches or is
over the Congestion Threshold amount, the switch is experiencing
considerable network activity near its full capacity.
The global buffer utilization may be adversely effected by several
configuration issues, described below:
1.Speed mismatch between an ingress and egress port; for example, several
100 megabit clients transferring files to a server connected to the
switch at 10 megabits, half-duplex.
2.Multiple input ports feeding a single output port.
3.Duplex mismatch on multiple ports.
4.Numerous ports that are experiencing collisions and/or output errors due
to half-duplex configuration or over-subscription of a slow link.
Reference: http://www.cisco.com/warp/customer/473/19.html
show epc
privileged exec
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
privileged exec
Displays whether the ACL would permit or deny a specific IP packet on a particular
interface.
Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
privileged exec
Displays the ACL entries programmed in the TCAM for a particular interface.
Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
privileged exec
Shows the IP adjacencies installed in the CAM hardware:gepard#show epc ip-address interface FastEthernet 1 all-entries IPaddr:
192.168.60.116 MACaddr: 0090.27b7.24d7 FastEthernet14(17) IPaddr: 192.168.60.117 MACaddr: 0090.27d1.d47a FastEthernet15(18)
IPaddr: 192.168.60.112 MACaddr: 00d0.b720.6fc9 FastEthernet10(13) IPaddr: 192.168.60.113 MACaddr: 00d0.b720.750f
FastEthernet11(14) IPaddr: 192.168.60.114 MACaddr: 00d0.b720.7357 FastEthernet12(15) IPaddr: 192.168.60.115 MACaddr:
00d0.b720.755e FastEthernet13(16) IPaddr: 192.168.60.125 MACaddr: 0050.0457.edbf FastEthernet19(22) IPaddr: 10.232.4.202
MACaddr: 0009.b7b4.0700 Port-channel1.2(60) IPaddr: 192.168.60.120 MACaddr: 0090.27c3.f042 FastEthernet5(8) IPaddr:
192.168.60.100 MACaddr: 0002.b3ac.5470 GigabitEthernet50(53) IPaddr: 192.168.60.101 MACaddr: 0002.b3ac.5470
GigabitEthernet50(53) IPaddr: 192.168.60.102 MACaddr: 0090.27d1.88bf FastEthernet4(7) IPaddr: 192.168.60.103 MACaddr:
0090.27d1.88bf FastEthernet4(7) IPaddr: 192.168.60.99 MACaddr: 6080.0f3c.0000 IPaddr: 192.168.60.110 MACaddr: 0090.27dd.f9a6
FastEthernet8(11) IPaddr: 192.168.60.111 MACaddr: 00d0.b708.adb3 FastEthernet9(12) IPaddr: 192.168.61.21 MACaddr:
0800.20ee.4ead FastEthernet46(49) IPaddr: 192.168.60.20 MACaddr: 0030.6e11.0157 FastEthernet37(40) IPaddr: 192.168.60.21
MACaddr: 0030.6e11.139f FastEthernet38(41) IPaddr: 192.168.60.22 MACaddr: 0002.b3ac.5454 GigabitEthernet49(52) IPaddr:
192.168.61.22 MACaddr: 0800.20ec.6709 FastEthernet46(49) IPaddr: 192.168.60.23 MACaddr: 0002.b3ac.53f5 FastEthernet43(46)
IPaddr: 192.168.60.30 MACaddr: 00e0.18c2.baf9 FastEthernet21(24) IPaddr: 192.168.60.25 MACaddr: 0030.6e12.099a
FastEthernet39(42) IPaddr 192.168.60.26 missing [...] Total number of IP adjacency entries: 46 Missing IP adjacency entries: 1
Reference: http://www.cisco.com/warp/public/473/48.html
privileged exec
IOS
Seems to show the FIB stored in the CAM memory of a specific ingress port.Example output provided by Hank:cs-c2948gl3-13a#sh epc
patricia interface FastEthernet 3 ipucast detail 1# Synthetic entry: CAM location: 0x202B NAP location: 0x202C IP Prefix:224.0.0.0
MySubnet LB:Disabled Network Entry:Valid 2# Synthetic entry: CAM location: 02038 NAP location: 00000 3# Synthetic entry: CAM
location: 0x202F NAP location: 02035 IP Prefix:192.168.128.255 MySubnet LB:Disabled Network Entry:Valid 4# HOST Entry CAM
location: 02030 NAP location: 00000 IP addr:192.168.128.2 Host IF Number:6 Entry:Valid Mac Addr:0090.a65c.63ff 5# Synthetic entry:
CAM location: 02050 NAP location: 02032 IP Prefix:192.168.128.0 MySubnet LB:Disabled Network Entry:Valid IP Prefix:192.168.128.1
MySubnet LB:Disabled Host Entry:Valid 6# Synthetic entry: CAM location: 0x203C NAP location: 02037 IP Prefix:192.168.105.0
MySubnet LB:Disabled Network Entry:Valid IP Prefix:192.168.128.0 MySubnet LB:Disabled Network Entry:Valid 7# Synthetic entry: CAM
location: 0x203F NAP location: 0x203E IP Prefix:192.168.105.255 MySubnet LB:Disabled Network Entry:Valid 8# HOST Entry CAM
location: 02046 NAP location: 00000 IP addr:192.168.105.8 Host IF Number:5 Entry:Valid Mac Addr:0001.968e.33b0 9# Synthetic entry:
CAM location: 02045 NAP location: 02040 IP Prefix:192.168.105.2 LB:Disabled Network Entry:Valid Nexthop CAM locations: 02046
00000 Nexthop 1: IP addr:192.168.105.8 Host Entry:Valid FastEthernet2 (5) Mac Addr:0001.968e.33b0 10# Synthetic entry: CAM
location: 02033 NAP location: 0x203D IP Prefix:192.168.105.0 MySubnet LB:Disabled Network Entry:Valid IP Prefix:192.168.105.1
MySubnet LB:Disabled Host Entry:Valid 11# CAM location: 0x201B ROOT IP Patricia Tree Summary: Number of IP entries: 18 Number of
Host Entries: 2 Number of Network Entries: 10 Number of Good Synthetic entries: 7 Number of Dirty Synthetic entries: 1
Reference: Contributed by Hank Nussbacher <hank@att.net.il>
privileged exec
Layer 2 forwarding table entries for a given MAC address in a bridge group
are viewed using the show bridge bridge-group-number command.However, bridge table entries on the Catalyst 2948G-L3 and 4908G-L3
switches
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
are actually formed internally of at least two entries, one on the source
interface (where the device with that MAC resides) and one on each
rather than on a switch-wide basis.gepard#show epc patricia interface FastEthernet 9 mac 1# MAC addr:0000.0000.0000 VC:0 Entry: 2#
MAC addr:0900.2b01.0001 MyMAC 3# MAC addr:0180.c200.0000 MyMAC 4# MAC addr:0100.5e00.0006 MyMAC 5# MAC
addr:0100.5e00.0005 MyMAC 6# MAC addr:0100.5e00.0002 MyMAC 7# MAC addr:0100.0ccc.cccd MyMAC 8# MAC addr:0100.0ccc.cccc
MyMAC 9# MAC addr:00e0.18c2.baf9 IF Number:24 Entry:Remote 10# MAC addr:00d0.b720.755e IF Number:16 Entry:Remote 11# MAC
addr:00d0.b720.7357 IF Number:15 Entry:Remote 12# MAC addr:00d0.b720.6fc9 IF Number:13 Entry:Remote 13# MAC
addr:00d0.b720.750f IF Number:14 Entry:Remote 14# MAC addr:0090.27dd.f9a6 IF Number:11 Entry:Remote 15# MAC
addr:0090.27d1.d47a IF Number:18 Entry:Remote 16# MAC addr:0090.27c3.f042 IF Number:8 Entry:Remote 17# MAC
addr:0090.27b7.24d7 IF Number:17 Entry:Remote 18# MAC addr:00d0.b708.adb3 IF Number:12 Entry:Local 19# MAC
addr:0030.6e12.099b IF Number:59 Entry:Remote [...] 29# MAC addr:0002.b3ac.5474 IF Number:59 Entry:Remote 30# MAC
addr:0003.9f17.980f HsrpMAC 31# MAC addr:0001.428b.d280 IF Number:4 Entry:Remote 32# MAC addr:0000.0c07.ac00 HsrpMAC Total
number of MAC entries: 32
Reference: http://www.cisco.com/warp/public/473/47.html
show idb
privileged exec
IOS
Show list of assigned software und hardware Interface Descriptor Blocks (IDBs).
Later IOS versions show the maximum number of software IDBs, too.vxr15#sh idb Maximum number of IDBs 3000 26 SW IDBs allocated
(2368 bytes each) 22 HW IDBs allocated (4064 bytes each) HWIDB#1 1 FastEthernet0/0 (HW IFINDEX, Ether)
Reference:
show inband
privileged exec
Comment by Francois:This command outputs statistics about the internal Catalyst 6000 memory
channel (interface between two supervisors in a redundant configuration).
XID/CatOS
privileged exec
IOS
This hidden command may be used to view statistics on the number of SIDs
using baseline privacy on a particular cable interface.Here is an example output of this command.CMTS# show interface cable 4/0 privacy
statistic CM key Chain Count : 12 CM Unicast key Chain Count : 12 CM Mucast key Chain Count : 3
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference: http://www.cisco.com/warp/public/109/docsis_bpi.shtml
exec
IOS
exec
IOS
privileged exec
IOS
Especially shows information about the CEF load sharing logic.router#show ip cef 141.1.0.0 255.255.0.0 internal 141.1.0.0/16, version
10758832, per-destination sharing 0 packets, 0 bytes via 194.221.43.81, 0 dependencies, recursive next hop 194.77.146.254,
GigabitEthernet4/0/0 via 194.221.43.80/30 valid adjacency Recursive load sharing using 194.221.43.80/30 Load distribution: 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0 1 (refcount 48739) Hash OK Interface Address Packets 1 Y GigabitEthernet0/0/0 195.244.119.164 0 2 Y
GigabitEthernet4/0/0 194.77.146.254 0 3 Y GigabitEthernet0/0/0 195.244.119.164 0 4 Y GigabitEthernet4/0/0 194.77.146.254 0 5 Y
GigabitEthernet0/0/0 195.244.119.164 0 6 Y GigabitEthernet4/0/0 194.77.146.254 0 7 Y GigabitEthernet0/0/0 195.244.119.164 0 8 Y
GigabitEthernet4/0/0 194.77.146.254 0 9 Y GigabitEthernet0/0/0 195.244.119.164 0 10 Y GigabitEthernet4/0/0 194.77.146.254 0 11 Y
GigabitEthernet0/0/0 195.244.119.164 0 12 Y GigabitEthernet4/0/0 194.77.146.254 0 13 Y GigabitEthernet0/0/0 195.244.119.164 0 14 Y
GigabitEthernet4/0/0 194.77.146.254 0 15 Y GigabitEthernet0/0/0 195.244.119.164 0 16 Y GigabitEthernet4/0/0 194.77.146.254 0
Reference: Project DOTU
privileged exec
IOS
privileged exec
IOS
Reference:
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
exec
IOS
Reference:
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
David writes: The only usefulness of this seems to be to identify the larger
hash buckets and hence provide feedback to Cisco if the hash algorithm is
producing a particularly bad distribution into some buckets.Example output:router#show ip route hash nettable: Bucket Majornets
Subnettted Subnets 0 17 1 3 [...] 4095 18 0 0 supernettable: 0 16 [...] 4095 6 Routing table summary: Total
nets: 159234 Total major nets: 67731 Total super nets: 38199
Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
privileged exec
IOS
See ip route profile.aspen#show ip route profile IP routing table change statistics: Frequency of changes in a 5 second sampling interval
- Change/ Fwd-path Prefix Nexthop Pathcount Prefix interval change add change change
refresh - 0 196 215 433 490 394 1 99 98 34 0 27 2 54 45 10 0 27 3 22 19 5 0 2 4 17 17 1 1 0
5 51 48 2 0 0 10 18 16 4 0 0 15 8 8 0 0 0 20 3 3 2 0 0 25 4 4 0 0 41 30 8 9 0 0 0 [...] 3905 1 1 0 0 0 7030 1 1 0 0 0 10155 0 0 0 0 0 13280 0
0 0 0 0 Overflow 5 5 0 0 0
Reference: CSCdi76662
show ip spd
config
IOS
Shows SPD mode, current and max size of IP process level input queue, and
status of external (SSE) SPD. SPD mode will be one of disabled, normal,
random drop, or full drop. The priority queue is where high-precedence
packets go.labR4#show ip spd Current mode: normal. Queue min/max thresholds: 73/74, Headroom: 100, Extended Headroom: 10 IP
normal queue: 0, priority queue: 0. SPD special drop mode: none
exec
IOS
exec
IOS
exec
IOS
privileged exec
IOS
ctalkb#sh isis private ISIS: FastPSNP cache (hits/misses): 0/4002 ISIS: LSPIX validations (full/skipped): 216271/490412 ISIS: LSP HT=0
checksum errors received: 0
Reference: Phrack, Volume 0xa, Issue 038
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
privileged exec
IOS
process. Shows you the frequency of things like L1/L2 hello etc.ctalkb#sh isis timers Hello Process Expiration Type | 0.856 (Parent) | 0.856
L2 Hello (Ethernet3/0) | 6.352 L1 Hello (Ethernet3/0) | 6.940 Adjacency Update Process Expiration Type | 1.060 (Parent) | 1.060 Ager |
1.352 L2 CSNP (Ethernet3/0) | 8.616 L1 CSNP (Ethernet3/0) | 3:25.860 (Parent) | 3:25.860 LSP refresh | 9:02.160 LSP lifetime | 9:24.568
LSP lifetime | 17:16.084 LSP lifetime | 20:58.536 Dynamic Hostname cleanup
Reference: Phrack, Volume 0xa, Issue 038
privileged exec
IOS
Shows path and depth taken to get to other level 1/2 intermediate systems.ctalkb#sh isis tree IS-IS Level-2 AVL Tree Current node =
X.X.X.00-00, depth = 0, bal = 0 Go down left Current node = X.X.Y.00-00, depth = 1, bal = 0 > Hit node X.X.Y.00-00 Back up to
X.X.X.00-00 Current node = X.X.X.00-00, depth = 0, bal = 0 > Hit node X.X.X.00-00 Go down right Current node = X.X.X.02-00, depth =
1, bal = 0 > Hit node X.X.X.02-00 Back up to X.X.X.00-00
Reference: Phrack, Volume 0xa, Issue 038
privileged exec
IOS
ctalkb#show list List Manager: 1415 lists known, 1561 lists created ID Address Size/Max Name 1 613EE970 11/- Region List 2 613EEE98
1/- Processor 3 613EFDE8 1/- I/O 4 613F0D38 1/- I/O-2 5 6149EDD0 0/- Sched Critical 6 6149ED90 0/- Sched High 7 6149EB00 0/Sched Normal ctalkb#show list none List Manager: 1415 lists known, 1561 lists created ID Address Size/Max Name 1 613EE970 11/Region List 2 613EEE98 1/- Processor 3 613EFDE8 1/- I/O 4 613F0D38 1/- I/O-2 9 6149ED10 82/- Sched Idle 11 61499A50 8/- Sched
Normal (Old) 12 6149CC10 1/- Sched Low (Old)
Reference: Phrack, Volume 0xa, Issue 038
show mbuf
Catalyst 5000: The main issue to observe with this command is whether the
switch is being starved for memory. Within the display, clusters is the
number of buffers that are available for NMP to process incoming packets,
which include any broadcast/multicast, management traffic. clfree is the
privileged exec
XID/CatOS
number of buffers that are available for the NMP at any given time. If this
is zero then this means that NMP has no buffers to process any incoming
frames. lowest clfree determines the lowest watermark that NMP has hit at
any time. If this value is zero but clfree is nonzero, then this means that
at one instance NMP ran out of buffers. This can be because of a broadcast
of a multicast storm in the management VLAN.
Reference:
privileged exec
IOS
R1#show memory big Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 148364 15428764 4550340 10878424 10832564
10875604 25 largest free blocks in the system (biggest to lowest) 10875604, 1424, 644, 500, 108, 36, 28, 28, 28, 24, 5897388, 52466600,
5743730, 0, 0, 0, 1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446. Count of firstfit: 7, bestfit: 2215118, maxout1: 0
maxout2: 0 I/O 4000000 2097152 398396 1698756 1641680 1698588 25 largest free blocks in the system (biggest to lowest) 1698588, 84,
84, 0, 0, 0, 0, 0, 0, 0, 5897388, 52466600, 5743730, 0, 0, 0, 1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446. Count of
firstfit: 0, bestfit: 366, maxout1: 0 maxout2: 0
Reference: Project DOTU
privileged exec
XID/CatOS
NDE related info: NDE enable : TRUE Current Export Version : 7 IP address : 192.168.212.65 UDP port: 9996 Flows in nde buffer : 0 Nde
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
flow limit : 27 Flow sequence : 26695012 Unused flows : 3591516 Non Ip Sc : 0 Filter mismatch : 0 Packets sent : 0 Flows dropped at
swover: 109788930Comment by Francois on the output above:This command allows to debug NetFlow data export on Catalyst 6000.
Flows in
nde buffer should grow until a threshold and then get flushed to the
collector (Packets sent). In this particular case, the Catatyst 6000
series switch is hit by a bug which renders flow exports impossible and so
the counter keeps rising.
exec
privileged exec
L3)
Reference:
privileged exec
IOS
privileged exec
show msfc
On a MSFC1:TORUMSFC1# show msfc Network IO Interrupt Throttling: throttle count=1149, timer count=1149 active=0, configured=1
netint usec=4000, netint mask usec=400 Interrupt Registers: Revision: 1, Slot 1 Control : 0x1C Enable : 0x3F Status : 00 RSFC CPU
IDPROM: IDPROM image: (FRU is MSFC Cat6k daughterboard) IDPROM image block #0: hexadecimal contents of block: 00: AB AB 01
90 12 98 01 00 00 02 60 03 00 CF 43 69 .Ci 10: 73 63 6F 20 53 79 73 74 65 6D 73 00 00 00 00 00 sco Systems.. 20: 00 00 57
53 2D 46 36 4B 2D 4D 53 46 43 00 00 00 ..WS-F6K-MSFC [...]
Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
show msfc
privileged exec
privileged exec
Dumps the ROMMON NVRAM portion on a MSFC1.TORUMSFC1# show msfc nvram 000: AA 55 01 00 02 DF EF F5 78 77 FB BF 00 00
00 00 .Uxw 010: 00 00 00 00 01 02 FE FD FE ED FA CE 00 00 00 00 . [...]
Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
privileged exec
IOS
ctalkb#show parser modes Parser modes: Name Prompt Top Alias Privilege exec 0x60EFB294TRUE TRUE configure config
0x60EFABACTRUE TRUE interface config-if 0x60EF7AECTRUE TRUE subinterface config-subif 0x60EF7AECTRUE FALSE null-interface
config-if 0x60EFB368TRUE TRUE line config-line 0x60EF3F84TRUE TRUE
Reference: Phrack, Volume 0xa, Issue 038
privileged exec
IOS
privileged exec
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Displays some useful about the FIB TCAM and the adjacency table when
using the PFC2.Example output:[...] Total FIB entries: 262144 Allocated FIB entries: 13894 Free FIB entries: 248250 FIB entries used for
IP ucast: 13853 FIB entries used for IPX : 1 FIB entries used for IP mcast: 40 Total adjacencies: 262144 Allocated adjacencies: 1365 Free
adjacencies: 260779 Adjacencies used for IP ucast (FIB) : 288 Adjacencies used for IPX (FIB) : 3 Adjacencies used for IP mcast (FIB) : 36
Adjacencies used for IP mcast (Netflow) : 0 Adjacencies used for Policy Routing : 1023 Adjacencies used for Feature Manager (Netflow): 0
Adjacencies used for Local Director : 0 Adjacencies used for Diagnostics : 5 Adjacencies used for FTEP : 10 [...]
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show region
privileged exec
IOS
Displays how the memory is partitioned into different regions.From a cisco 7140:maple#show region Region Manager: Start End Size(b)
Class Media Name 0x0B800000 0x0BFFFFFF 8388608 Iomem R/W iomem2 020000000 0x23FFFFFF 67108864 Iomem R/W iomem
0x5B800000 0x5BFFFFFF 8388608 Iomem R/W iomem2:(iomem2_cwt) 060000000 0x6B7FFFFF 192937984 Local R/W main
060008950 0x612D4D8C 19711037 IText R/O main:text 0x612D6000 0x6137A3BF 672704 IData R/W main:data 0x6137A3C0
0x6155A57F 1966528 IBss R/W main:bss 0x6155A580 0x6B7FFFFF 170547840 Local R/W main:heap 070000000 0x73FFFFFF
67108864 Iomem R/W iomem:(iomem_cwt) 080000000 0x8B7FFFFF 192937984 Local R/W main:(main_k0) 0xA0000000 0xAB7FFFFF
192937984 Local R/W main:(main_k1)
Reference: Inside Cisco IOS Software Architectures
privileged exec
IOS
Show to which region a certain address belongs.From a cisco 7140:maple#show region address 0x6137A3BF Address 0x6137A3BF is
located physically in : Name : data Class : IData Media : R/W Start : 0x612D6000 End : 0x6137A3BF Size : 0x000A43C0
Reference: Inside Cisco IOS Software Architectures
show slip
exec
IOS
alder#show slip Async protocol statistics: Int Local Remote Qd InPack OutPac Inerr Drops MTU 97 10.0.0.1 None 0 17593 368518 0 1071
1500 98 10.0.0.1 None 0 19774 384754 0 1995 1500 [...] 113 10.0.0.1 None 0 19107 362360 0 817 1500 114 10.0.0.1 None 0 19438
428691 0 1424 1500 Rcvd: 341389 packets, 7115582 bytes 0 format errors, 139791 checksum errors, 0 overrun Sent: 6920660 packets,
640291923 bytes, 31864 dropped
Reference:
privileged exec
IOS
privileged exec
IOS
Shows a list of communities that IOS knows about.oak#show snmp community ILMI ILMI volatile active public public volatile active
Reference:
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
exec
IOS
exec
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
router#show snmp notify snmpNotifyName : trap tag: trap type: trap nonvolatile
Reference:
show sum
Show current stored image checksum.
Reference:
show sum
router>show sum New checksum of 0xEDE08607 matched original checksum
Reference:
show tcam
cosmos#show tcam ? and-or and-or keyword capability-map capability-map keyword detail detail keyword dynamic-entries dynamic entries
keyword first first keyword [further arguments required] label label keyword [further arguments required] lou lou keyword redirects redirect
indices keyword region region keyword start start keyword statistics statistics keyword type type keyword [further arguments required] vlan
vlan keyword [further arguments required] window window keyword [further arguments required]Some of these keywords must or can have
further arguments.
Reference: New product training Catalyst 6000
config
IOS
config
IOS
config-if
privileged exec
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Send a test authentication request.alder#test aaa group radius test test Attempting authentication test to server-group radius using radius
User authentication request was rejected by server. alder#test aaa group radius mon mon Attempting authentication test to server-group
radius using radius User was successfully authenticated.Sends the following RADIUS attributes:Wed Aug 1 21:00:19 2001 NAS-IPAddress = 194.221.19.47 NAS-Port-Type = Async User-Name = mon Timestamp = 996692419
Reference:
privileged exec
IOS
cisco#test aim eeprom slot 1 AIM Slot [1]: Use NMC93C46 ID EEPROM [y]: AIM Slot 1 eeprom (? for help)[?]: ? d dump eeprom contents
e erase all locations (to 1) p primitive access q exit eeprom test z zero eeprom c rules of radix type-in and display apply. AIM Slot
1 eeprom (? for help)[?]: d Slot 1, 000: FF FF FF FF FF FF FF FF Slot 1, 008: FF FF FF FF FF FF FF FF Slot 1, 010: FF FF FF FF FF
FF FF FF Slot 1, 018: FF FF FF FF FF FF FF FF Slot 1, 020: FF FF FF FF FF FF FF FF Slot 1, 028: FF FF FF FF FF FF FF FF Slot 1,
030: FF FF FF FF FF FF FF FF Slot 1, 038: FF FF FF FF FF FF FF FF Slot 1, 040: FF FF FF FF FF FF FF FF Slot 1, 048: FF FF FF
FF FF FF FF FF Slot 1, 050: FF FF FF FF FF FF FF FF Slot 1, 058: FF FF FF FF FF FF FF FF Slot 1, 060: FF FF FF FF FF FF FF FF
Slot 1, 068: FF FF FF FF FF FF FF FF Slot 1, 070: FF FF FF FF FF FF FF FF Slot 1, 078: FF FF FF FF FF FF FF FF
Reference: Contributed by Damjan Marion <Damjan.Marion@iskon.hr>
test crash
privileged exec
IOS
privileged exec
GSR IOS
privileged exec
IOS
privileged exec
IOS
Test PPP LCP echo timeout. Seems to simulate a PPP LCP echo timeout on the
router where this command is issued. After this command line protocol
changes to down, PPP parameteres are renegotiated and the line comes
up again.
Reference:
test transmit
ctalkb#test transmit interface: Ethernet3/0 total frame size [100]: 1) To this interface 2) To another interface 9) Ask for everything Choice: 2
Encapsulation Type: 1) Ethertype 2) SAP 3) SNAP 4) SNAP (Cisco OUI) 5) SNAP (EtherV2 OUI) 6) Novell 802.3 Choice: 1 Protocol type:
1) IP 2) XNS 3) IPX 9) Ask for everything Choice: 1
Reference: Phrack, Volume 0xa, Issue 038
exec
exec
config-if
IOS
privileged exec
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Displays tracing information useful for debugging the Cisco 6608 Gateway.
The output is identical to the one produced by the Dick Tracy debugging tool
from Cisco.
Reference: From Heinz Ulms web site, originally from Martin Gagnon, Canada
traffic-shape fecn-create
ttcp
Start a TCP data server/receiver for TCP performance testing between two
Cisco 7500 router:Router#ttcp transmit or receive [receive]: transmit Target IP address: 1.1.1.1 perform tcp half close [n]: send buflen
[8192]: send nbuf [2048]: bufalign [16384]: bufoffset [0]: port [5001]: sinkmode [y]: buffering on writes [y]: show tcp information at end [n]:
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp -> 1.1.1.1 %Connect failed: Destination unreachable; gateway or host down
Router#ttcp transmit or receive [receive]: perform tcp half close [n]: receive buflen [8192]: bufalign [16384]: bufoffset [0]: port [5001]:
sinkmode [y]: rcvwndsize [4128]: delayed ACK [y]: show tcp information at end [n]: ttcp-r: buflen=8192, align=16384/0, port=5001
rcvwndsize=4128, delayedack=yes tcpFrom the Open Forum:Question: When using the Cisco hidden command ttcp (to generate traffic),
what do the following values for this command mean:
perform tcp half close [n] send bufflen [8192]: send nbuf [2048] bufalign [16384]: bufoffset [0]: port [5001]: sinkmode [y]: show tcp
information at end [n]:Answer:
Half close is regarding the tcp syn-ack; send bufflen is the size of the
packet to be sent; send nbuf is the number of packets sent; bufalign is
tx-queue-limit
config-if
IOS
config
IOS
config
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
This command tells the router to ignore the checksum on UDP packets used
by L2TP/L2F and can be used to temporarily reduce CPU load.This probably is per the suggestion in RFC 2661, section 8.1: The default
for any L2TP implementation is that UDP checksums MUST be enabled for both
control and data messages. An L2TP implementation MAY provide an option to
disable UDP checksums for data messages. It is recommended that UDP
checksums always be enabled on control packets.And Dennis Peng from Cisco added the following note (on cisco-nas):
Verification of the UDP checksum forces
us into the process switching path which will result in increased CPU
usage. By default, Cisco LACs will not set the UDP checksum, so in a
Cisco to Cisco environment, you dont need this command. But other
vendors may set the UDP checksum, so in a multi-vendor environment, it
is probably a good idea to include it. One big vendor which sets the
UDP checksum is Microsoft, their L2TP client does this.
Reference: Contributed by Ash Garg <Ash@telstra.net>
config
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
***********************[A]*************************
aaa accounting delay-start
[12.1] [hidden] global configuration command aaa accounting delay-start delays creation of the
PPP Network start record until the peer IP address is known.
aaa authorization address-authorization-exec
[12.1] [hidden] configuration command forces address authorzation for PPP when started from
an exec.
aaa group server {radius | tacacs+} server-group-name server (ip-address-1) [auth-port
(port-number)] [acct-port (port-number)] server (ip-address-2) [auth-port (port-number)]
[acct-port port-number] deadtime (minutes) pick-method [next | load-balanced | roundrobin]
[hidden] Pick-method server-group configuration command used to specify an alternate method
of selecting servers when one is not responding. As of 12.0(3)T the load-balanced and roundrobin alternatives may be specified butmay not be implemented. The load-balanced keyword
indicates that the initial host is selected load-balanced. The round-robin keyword indicates that
the initial host is selected in a round-robin method with all servers being retried before starting
from the beginning of the list of servers. The next keyword indicates that the list of servers is
stepped through sequentially with each request always starting with the first server in the list.
This last option is the default method of operation.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
config overwrite
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
copy core
Does a full core dump, as write core but with more options.
csim start (number)
Emulates a voice call.
***********************[D]*************************
debug buffer
Additional buffer debugging.
debug crypto isakmp detail
Crypto ISAKMP internals debugging.
debug crypto isakmp packet
Crypto ISAKMP packet debugging.
debug dialer detailed
debug ip ospf monitor
Debug command which show opsf database sync
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
***********************[H]*************************
hangup
Alias for "quit"
***********************[I]*************************
ip cef accounting per-prefix non-recursive prefix-length
if-con (slot number)
Attach to a vip console.
if-quit
Gets out of if-con mode.
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
[no] ip gratuitous-arps
This disables unsolicited ARP replies that are useful to signal to a second (redundant) router on
the same LAN segment that a remote gateway is present or has changed.
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
Legacy form of ip local pool, for backwards compatability
ip ospf interface-retry (x)
Retry for ospf process
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
ip tftp boot-interface
ip tmstats bin [internal | external]
When ip cef accounting non-recursive is configured
isdn network
Tell a router to be the "master" on T1-CCS link using isdn switch-type primary-ni
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ipx flooding-unthrottled
[12.1] Global configuratiom command, specifies that NLSP flooding should be unthrottled.
ipx netbios-socket-input-checks
[12.1] Global configuration command limits the input of non-type 20 netbios broadcast packets.
ipx potential-pseudonode
[12.1] Global configuration command specifies to keep backup route and service data for NLSP
potential pseudocode.
ipx saps follow-route-paths
[12.1] An undocumented global configuration command. See Bug Id CSCdm12190
ipx server-split-horizon-on-server-paths
[12.1] Global configuratiom command specifies that split horizon SAP occurs on server, not
route, paths. This command is documented in Bug Id CSCdm12190
ipx update interval {rip | sap} {seconds | passive | changes-only}
[12.1] The undocumented passive keyword specifies to listen but does not send normal periodic
SAP updates nor flashes/changes updates. Queries will still be replied to. The update interval is
set to the same interval as changes-only. The passive keyword is documented under Bug
Id CSCdj59918.
isdn {n200 | t200 | t203} (number)
Changes the value of various layer 2 ISDN timer settings. The number parameter is milliseconds
for t200 and t203 and the maximum number of retransmits for the keyword n200. The current
value of ISDN timers can be displayed using the show isdn timers EXEC command.The values
of the timer settings depend on the switch type and typically are used only for homologation
purposes. The typical value for t200 is 1 second, for t203 is 10 seconds and for n200 is 3
retransmits.
***********************[J]*************************
***********************[K]*************************
***********************[L]*************************
llc attach [interface]
llc close aaaa
llc offset aaaa
llc open [interface]
llc send aaaa
loopback diag
loopback dec
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
loopback test
loopback micro-linear
loopback motorola
***********************[M]*************************
memory scan
Parity check for 7500 RSP's.
modem log {cts | dcd | dsr | dtr | ri | rs232 | rts | tst}
[12.1] Configuration command is used to specify which rs232 log events are to be saved for
display by the show modem log command. When performing log analysis, various RS232
events fill the log within seconds rendering it useless for analysis (see Bug Id CSCdk86001).
This command helps to filter out unwanted entries in the log.
modem-mgmt csm debug-rbs
[12.1] Turns on debugging for Channelized T1 links in the AS5x00 series, providing info about
ABCD bits in phone call supervision. Documented, here. Debug cas replaced this 'broken'
command. INTERNAL privileged EXEC command enables robbed bit signaling debugging
within CSM. Issuing the command once turns on rbs debugging. Issuing the command a second
time turns on special rbs debugging. Issuing the command using the no-debug-rbskeyword
turns off all degugging. This command is useful in looking at modem pooling and channelized
T1s. To make this command available, the service internal global configuration command must
be issued first.
multilink bundle-name {authenticated | both | endpoint}
[12.1] This undocumented global configuration command selects the method for naming
multilink bundles. Authenticated specifies using the peer's authenticated
name, endpoint specifies using the peer's endpoint discriminator andboth specifies using both
the peer's authenticated name and endpoint discriminator.
***********************[N]*************************
[no] environment-monitor
Disable environment monitoring.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
***********************[O]*************************
***********************[P]*************************
ppp direction {callin | callout | dedicated}
[12.1] Identifies the direction of ppp activity. PPP attempts to determine if a call is callin or a
callout or a dedicated line. This is how it detects spoofed CHAP challenges. When an async
interface is added to a dialer interface, ppp cannot detect the difference between a dedicated line
and a callin. So it assumes that it is a callin. Adding the ppp direction dedicated overcomes
this.
ppp ipcp accept-address
Interface command specifies that IOS is to revert to the previous operation regarding the
acceptance of ip addresses from users. When enabled, the peer IP address will be accepted but is
still subject to AAA verification, it will have precedence over any local address pool however.
In IOS releases after 11.0(11), PPP IPCP negotiation was changed to accepts a remote peer's
"Her" proposed address regardless, and the "Her" address is subsequently added to the IP
routing table as a host route. With IOS Releases later than 11.0(11) the software checks the
"Her" address against the corresponding dialer map and if the address is different than the IP
address detailed within the dialer map, a NAK will be sent and the dialer map IP address will be
added as a host route in the IP routing table.
ppp ipcp ignore-map
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
***********************[R]*************************
radius-server attribute 44 on-for-access-req
Global configuration command sends attribute 44 in all access request packets. The command
may be present in IOS 11.3(9+)AA (reference BugID CSCdk74429). This command is replaced
by the radius-server attribute 44 include-in-access-req command.
radius-server attribute 6 on-for-login-auth
Global configuration command sends attribute 6 in all authentication packets (e.g., access
requests). This command may be present in IOS 11.3(9+)T and 12.0(3+)T (reference
BugID CSCdk81561).
radius-server attribute 6 support-multiple
Global configuration command specifies that IOS is to support multiple Service-Type values per
Radius profile in violation of the RFC for Radius. This command was added in IOS 12.1(2.3)T2
and 12.1(3.3)T (reference BugIDCSCdr60306).
radius-server authorization default framed-protocol ppp
Used to specify the default framed-protocol as PPP when this RADIUS attribute is missing.
radius-server authorization permit missing service-type
Global command is used to specify that a RADIUS entry without service-type information is
permitted. It is used when RADIUS is being used as a database without regard to service-type.
radius-server attribute nas-port extended
Command is replaced by the radius-server attribute nas-port format b command in some releases
of IOS. For this reason it may be hidden in the IOS configuration mode but documented. In
these versions of IOS, the command will be accepted but ignored.
radius-server challenge-noecho
[12.1] global configuration command specifies that data echoing to the screen is disabled during
Access-Challenge.
radius-server directed-request [restricted] [right-to-left]
Right-to-left keyword, which first appeared in IOS 12/0(7)T, enables right-to-left parsing of the
user information (reference Bugid CSCdm77820).
radius-server extended-portnames
Global configuration command, which displays expanded interface information in the NASPort-Type attribute, has been replaced by the radius-server attribute nas-port extended
command. This command configures RADIUS to expand the size of the NAS-Port attribute
field to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the
controlling interface; the lower 16 bits indicate the interface undergoing authentication. This
command first appeared in IOS Release 11.1. It has been hidden in IOS 11.3+ and IOS 12.0+
since the command has been replaced (reference Bugid CSCdj06817).
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
radius-server host {hostname | ip-address} [auth-port (port-number)] [acct-port (portnumber)] [timeout (seconds)] [retransmit (retries)] [key string] [ignore-acctauthenticator]
The ignore-acct-authenticator keyword specifies to ignore accounting authenticator errors and
warn only (11.3(+)AA).
scheduler run-degraded
service internal
Allows additional debugs that are not normally available.
service slave-coredump
service log backtrace
Provides traceback with every logging instance.
set destination-preference
show alignment
show asp
show async bootp
No extended data will be sent in BOOTP responses.
show caller
show chunk [summary]
show counters [slot/port]
show compress hardware
show controller vip (slotno) log
show controller vip (slotno) tech
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show idb
show interface status
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show profile
Shows cpu profiling.
show profile detail
Shows cpu profiling.
show profile terse
Shows cpu profiling.
show refuse-message
show region (address)
Shows image layout at given address.
show registry cr | brief | statistics | registry-name
show rsh
show rsh-disable-commands
show rsp
show slip
show smrp private | request |response
show snapshot private
show snmp chassis
show snmp contact
show snmp community
show snmp location
show snmp mib [detailed | dll]
show snmp newcom
show snmp view
show sum
Show current stored image checksum
show timers
Show timers for timer command in config mode.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show traffic
Shows the current backplane utilization and peak utilization for all three busses.
show queueing interface (interface)
Gives queueing information on a per interface basis
tclsh
Unverified but very interesting, you can program with loop control, expressions, etc from the
IOS CLI. Prerelease?
telnet timeout
test appletalk
[12.1] The test appletalk command will enter appletalk test mode. The sub-commands available
in this mode are:
test cbus
For old AGS+ and 7000. Lets you prod stuff right into cbus memory. *VERY* dangerous if you
don't know what you're doing.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
test cch323
test crash
Makes the router crash any way you want.
The test ifs slot command will produce a core dump of slots on crashes.
test interfaces
test ipc misc
test ipx capacity w x y z
Generated IPX RIP and SAPs. Enterprise feature set (11.2+), where:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
this exec-command you can disable the use of this cache. Because this is a exec-command you
have to type it again after a reboot.
test rsp slot [mask/unmask]
Use this command to shut down a VIP from CLI (mask) or return it to service (unmask). Note
that this will also remove the VIP from a "sho diag."
test transmit
test modem back-to-back (first-slot/port) (second-slot/port)
Performs modem testing. Test the transmission of L2 frames.
test vines
Enter VINES test mode. The sub-commands available in this mode are: build [Build
tables], checksum [Checksum test], data [Set data values used in various places], end [Exit
VINES test mode], flush [Flush tables], generate[generate information], send [Send a VINES
packet], set [Send a VINES value], ss [Do Server Service things], st [Send a vines streettalk
packet].
test vpdn
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
write core
Does a full core dump, reboots router
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr