Undocumented and Secret Cisco Ios Commands - IPexpert - Ir

Cisco
Undocumented IOS
Commands
Sobhan Sadeghi
This document collected by Sobhan Sadeghi surfing the web

some of the references mentioned down the commands, the main
reference of the document is Lars Fenneberg (CCIE #7325)
Thanks to www.ciscozine.com
and www.elemental.net
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
and www.tripod.com
Certainly this is not a complete list, but I suppose that could be

funny to discover some new commands
Be careful and remember that these commands are not documented

so there is no warranty!
If you find new secret commands yourself please send it for me to
enjoy more !
info@ipsecurity.ir
[UNDOCUMENTED AND SECRET COSCO IOS COMMANDS]
[no] ip spd queue {min-threshold | max-threshold} <n> show banff-reset (XID/CatOS, Catalyst 5000 series with NFFC)
(IOS)
[no] spd enable (IOS)
show caller (IOS)
aaa accounting delay-start (IOS)
show chunk [summary] (IOS)
aaa authorization console (IOS (>= 12.1(10.6)))
show controller switch (Cat 2900XL/3500XL, IOS)
aaa pod server [port <port number>] [auth-type {any | show epc (IOS)
all | session-key}] server-key <string> (IOS (>=
11.3(7)AA))
show epc acl lookup {in|out} (IOS (Cat 2948G-L3, 4908GL3, 8540))
arap logging debug-extensions (IOS)
show epc acl tcam2acl interface <interface> {in|out} (IOS

(Cat 2948G-L3, 4908G-L3, 8540))
bgp common-administration (IOS)
show epc ip-address interface <interface> all-entries (IOS

(Cat 2948G-L3))
bgp maxas-limit <1 2000> (IOS)

bgp redistribute-internal (IOS)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ais-enable (IOS)
show epc patricia <ingress-interface> ipucast detail (IOS)

show epc patricia <interface> mac (IOS (Cat 2948G-L3,
4908G-L3))
bridge-group <bridge-num> saubscriber-loop-control

(IOS)
show idb (IOS)
clear ip eigrp [<as>] events (IOS)
show inband (XID/CatOS)
clear ip eigrp [<as>] logging (IOS)
show interface cable <x>/0 privacy statistic (IOS)
clock source free-running|line primary (IOS)
show interfaces [<interface-name>] stats (IOS)
csim (IOS)
show interfaces [<interface-name>] switching (IOS)
debug buffer (IOS)
show ip cef [<network> [<netmask>]] internal (IOS)
debug crypto isakmp detail (IOS)
show ip eigrp events [<as-num>] [<start-num>] [<end-num>]

(IOS)
debug crypto isakmp packet (IOS)
show ip eigrp sia-event (IOS)
debug dialer detailed (IOS)
show ip eigrp timers [<as-num>] (IOS)
debug dialer holdq (IOS)
show ip ospf bad-checksum (IOS)
debug ip ospf monitor (IOS)
show ip ospf delete-list (IOS)
show ip ospf events (IOS)
debug isdn q931 l3 (IOS)
show ip ospf maxage-list (IOS)
debug mica {tx|rx} <slot>/<port> (IOS)
show ip ospf statistic (IOS)
debug modem csm (IOS)
show ip route hash (IOS)
debug oir (IOS)
show ip route profile (IOS)
debug parser mode (IOS)
show ip spd (IOS)
debug sanity (IOS)
show isdn memory detail (IOS)
dialer disable-multiencaps (IOS)
show isdn service [<dsl> | <interface-name>] detail (IOS)
dialer mult-map-same-name (IOS)
show isdn status detail (IOS)
eigrp event-log-site <n> (IOS)
show isis private (IOS)
eigrp event-logging (IOS)
show isis timers (IOS)
eigrp kill-everyone (IOS)
show isis tree (IOS)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
debug ip packet [detail] [<access-list>] dump (IOS)
eigrp log-event-type [dual] [xmit] [transport] (IOS)
show list [none] (IOS)
enable engineer (XDI/CatOS)
show mbuf (XID/CatOS)
frame-relay fecn-create (IOS)
show memory big (IOS)
gdb {kernel | pid <pid-num> | {examine | debug} <pid- show mls nfde (XID/CatOS)
num>} (IOS)
h323 h245 tunnel defer (IOS)
show mls status (Cat 6000 Native IOS)
if-console <slot-num> [console|debug] (7000/7500

Series, IOS)
show mmc np5400 [config| flows |get |indications |ports

|queue |registers |stat |send] [...] (IOS (Cat 2948G-L3,
4908G-L3))
ip cache-ager <secs-between-runs> <fraction-lowmemory> <fraction> (IOS (>=10.3(8) and >=11.0(3)))
show mpls interfaces internal all (IOS)
ip cache-invalidate-delay <minimum-delay>
show msfc (IOS (Cat 6k hybrid))
<maximum-delay> <quit-interval> (IOS (>=10.3(8) and
>=11.0(3)))
ip ospf interface-retry <retries> (IOS)
show msfc (CatOS (Cat 6k hybrid))
ip route profile (IOS)
show msfc nvram (IOS (Cat 6k hybrid))
ipc-console <slot-num> <cpu> (Catalyst 6000/6500

Series, IOS)
show parser modes (IOS)
ipx sap-interval {<n>|passive} (IOS (>=11.2))
show parser unresolved (IOS)
ipx server-split-horizon-on-server-paths (IOS)
show polaris fibmgr usage (CatOS (Cat 6k hybrid))
ipx update interval {rip | sap} passive (IOS

(>=11.3(1.3)))
show region (IOS)
isdn incoming progress [validate|accept] (IOS (>=

12.1(3.3)T))
show region address <address> (IOS)
modem-mgmt csm debug rbs (IOS)
show slip (IOS)
mpls traffic-eng multicast-intact (IOS)
show snmp chassis (IOS)
multilink queuing bypass-fifo (IOS)
show snmp community (IOS)
neighbor <ip-address> dont-capability-negotiate (IOS) show snmp host (IOS)

show snmp location (IOS)
no ppp microcode (IOS)
show snmp mib (IOS)
no snmp-server sparse-tables (IOS)
show snmp newcom (IOS)
ppp dnis <number> [<number> ...] (IOS)

ppp ipcp accept-address (IOS)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
no logging snmp-authfail (IOS)
show snmp notify (IOS)

show sum (IOS)
ppp ipcp dns|wins {accept | a.b.c.d [e.f.g.h] [accept]}

(IOS)
show sum (IOS)
ppp ipcp ignore-map (IOS)
show tcam (Cat 6000 Native IOS)
ppp ipcp unique-address (IOS)
snmp-server priority {low | normal | high} (IOS)
ppp max-configure <num> (IOS)
spd headroom <n> (IOS)
priv ()
tcam priority high|low|medium (Cat 6000 Native IOS)
ps -c (XDI/CatOS)
test aaa group radius <username> <password> (IOS)
radius send service-type call-check (IOS (>= 12.1(4)T)) test aim eeprom slot <n> (IOS)
radius-server authorization default Framed-Protocol
ppp (IOS)
test crash (IOS)
radius-server authorization permit missing ServiceType (IOS)
test mbus power <slot> on|off (GSR IOS)
radius-server unique-ident (IOS)
test ppp echotimeout <interface-name> (IOS)
service download-fl (GSR IOS)
test transmit (IOS)
service internal (IOS)
tracy_close <module> <port> (XID/CatOS with WS-X6608-T1

or WS-X6608-E1)
service log backtrace (IOS)
tracy_start <module> <port> (XID/CatOS with WS-X6608-T1

or WS-X6608-E1)
service unsupported-transceiver (IOS)
traffic-shape fecn-create (IOS)
service-policy classify-per-feature (IOS)
ttcp (Cisco 7200/7500, IOS)
set trace <category> <level> (XID/CatOS)
tx-queue-limit (IOS)
set trace monitor {enable|disable} (XID/CatOS)
virtual-template <template-num> pre-clone <num> (IOS)
show acl stats (XID/CatOS)
vpdn ip udp ignore checksum (IOS)
show alignment (IOS)
vpdn {l2f|l2tp} session table-size <size> (IOS)
Command Name
Configuration
Mode
Platform / Software
[no] ip spd queue {min-threshold | max-threshold} <n>
config
IOS
config
IOS
config
IOS
config
IOS (>= 12.1(10.6))
Sets lower and upper ip process-level queue thresholds for SPD. With SSE
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
based SPD, lower precedence packets are randomly dropped when the queue size
hits min-threshold. The drop probability increases linearly with the queue
size until max-threshold is reached, at which point all lower precedence
packets are dropped. For regular SPD, lower precedence packets are dropped
when the queue size reaches min-threshold. Defaults are 50 and 75,
respectively. These values were not based on real life experience and may
need some tuning.
Reference: Cisco ISP Esssentials
[no] spd enable

Enable or disable the selective packet discard (SPD) feature. Command
is called ip spd enable in 11.1CC.
Reference: Cisco ISP Esssentials, CSCdk31898
aaa accounting delay-start

If you want to see IP addresses in the AAA start records, then you will want
aaa accounting delay-start which is hidden but universally used.
Reference:
aaa authorization console

This hidden commands enables authorization for the console port.
Otherwise authorization on the console ports always succeeds.
Aaron Leonard submitted CSCdp33836 and CSCdp33841 to get this
command documented.
Reference: Dennis Peng <dpeng@cisco.com>,

<20010510092606.I19846@sj-cse-320.cisco.com> and
Aaron Leonard <aaron@cisco.com>,
<20010510094014.K19846@sj-cse-320.cisco.com> on cisco-nas,
as well as CSCdi82030
aaa pod server [port <port number>] [auth-type {any | all | session-key}] serverkey <string>
config
IOS (>= 11.3(7)AA)
Syntax Description
port <port number>(Optional) The network access server port to use for POD requests. If no
port is specified, port 1700 is used.
auth-type(Optional) The type of authorization required for disconnecting sessions.

o anySession that matches all of the attributes sent in the POD packet is
disconnected. The POD packet may contain one or more of four key attributes
(user-name, framed-IP-address, session-ID, and session-key).
allOnly a session that matches all four key attributes is disconnected. All
is the default.
session-keySession with a matching session-key attribute is disconnected. All other
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
attributes are ignored.
<string>The secret text string that is shared between the network access server
and the client workstation. This secret string must be the same on
both systems.
This command is now documented as of 12.2(8)T.
Reference:
ais-enable
config-if
IOS
config
IOS
IOS version 12.0(7.1) includes a hidden command to enable generation of AIS

alarm on tx line when LOS is detected on rx line. This is a kludge to
workaround other vendors ATM switches (Newbridge) that dont generate
F4/F5 OAM AIS cells when F3 RDI is received. This command is only supported
on the PA-A3 port adapter. The hidden interface command ais-enable will
enable AIS alarm assertion when an LOS alarm occurs.
Reference: CSCdm37634
arap logging debug-extensions

This DDTS adds a hidden command, arap logging debug-extensions
which effectively negates the changes from CSCdi57713. Messages
that re-appear:Modem CD dropped unexpectedly. User exceeded timelimit ARAP connection was terminated. v42_input running (may be
low memory) v42_output running (may be low memory) Force Quit pak v42bisflush C Carrier dropped during startup
Reference: CSCdi68276, CSCdi57713
bgp common-administration
config-router bgp
IOS
Reference:
bgp maxas-limit <1 2000>
config-router bgp
IOS
config-router bgp
IOS
config-if
IOS
privileged exec
IOS
privileged exec
IOS
config-controller
IOS
exec
IOS
This command should be used in router configuration mode; by default

there is no limit. If the number of ASes in the AS_PATH exceeds the
limit, the UPDATE will be stored in the BGP table, but not used in
the bestpath selection or propagated.
Reference: CSCdr54230, CSCdu00679
bgp redistribute-internal
Normally redistributing BGP into another protocol only redistributes EBGP
routes. Using this command will also redistribute IBGP routes. Hidden
in IOS versions prior to 12.1.
Reference:
bridge-group <bridge-num> subscriber-loop-control

Bridge between two machines on the same subinterface.
clear ip eigrp [<as>] events

Clear IP EIGRP event logs.
Reference:
clear ip eigrp [<as>] logging

Stop IP EIGRP event logging.
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
clock source free-running|line primary

Generate or sample clock rate from the line.
Reference:
csim
With the command csim you can emulate a voice call. Its like sombody calls
the specified number. Usefull, if you dont have physically access to the
telephone:Sucessfull call:wg1r1#csim start 089150 csim: called number = 089150, loop count = 1 ping count = 0 csim err
csimDisconnected recvd DISC cid(21) csim: loop = 1, failed = 1 csim: call attempted = 1, setup failed = 1, tone failed = 0Call to an
undefined number:
wg1r1#csim start 089151 csim: called number = 089151, loop count = 1 ping count = 0 csim err:csim_do_test Error peer not found
Reference:
debug buffer
privileged exec
IOS
privileged exec
IOS
Debug buffer management.

Reference: Phrack, Volume 0xa, Issue 038
debug crypto isakmp detail
Crypto ISAKMP internals debugging.Example output during ISAKMP SA establishment:6w3d: ISAKMP cookie gen for src 62.245.147.66
dst 195.244.119.2 6w3d: ISAKMP cookie B5FCAD89 B2BD7BFF 6w3d: ISAKMP: find_me a=(src 62.245.147.66 dst 195.244.119.2 state 0,
init 1) b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0) 6w3d: my_cookie a B5FCAD89 9BEC22F8 6w3d: my_cookie b B5FCAD89 B2BD7BFF
6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b 00000000 00000000 6w3d: ISAKMP: compare a=(src 62.245.147.66 dst
195.244.119.2 state 0, init 1) b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 6w3d: my_cookie a B5FCAD89 9BEC22F8 6w3d:
my_cookie b B5FCAD89 9BEC22F8 6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b DB28B716 6D61AE4F 6w3d: ISAKMP
cookie gen for src 195.244.119.2 dst 62.245.147.66 6w3d: ISAKMP cookie 10FA17FE 2C76366D 6w3d: ISAKMP: find_me a=(src
62.245.147.66 dst 195.244.119.2 state 0, init 1) b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0) 6w3d: my_cookie a B5FCAD89 9BEC22F8 6w3d:
my_cookie b 10FA17FE 2C76366D 6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b 00000000 00000000 6w3d: ISAKMP:
compare a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 6w3d: my_cookie a
B5FCAD89 9BEC22F8 6w3d: my_cookie b B5FCAD89 9BEC22F8 6w3d: his_cookie a DB28B716 6D61AE4F 6w3d: his_cookie b
DB28B716 6D61AE4F
Reference:
debug crypto isakmp packet
privileged exec
IOS
Crypto ISAKMP packet debugging.Example output during ISAKMP SA establishment:6w3d: -Traceback= 80A36FE0 80A3A5C0
80A3D41C 809F0880 809F8A34 809F301C 809F33DC 809F5228 801710CC 6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C
809F8494 809F87C0 809F8C20 809F301C 809F33DC 809F5228 801710CC 6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d: SA payload 6w3d: PROPOSAL 6w3d: TRANSFORM 6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_NO_STATE 6w3d: ISAKMP: Main Mode packet contents (flags 0, len
72): 6w3d: SA payload 6w3d: PROPOSAL 6w3d: TRANSFORM 6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809FF460
80A00E0C 80A01070 809FBEBC 809F99B8 809F468C 809F51C8 801710CC 6w3d: ISAKMP: Main Mode packet contents (flags 0, len
204): 6w3d: KE payload 6w3d: NONCE payload 6w3d: VENDOR payload 6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
MM_SA_SETUP 6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_SA_SETUP 6w3d: ISAKMP: Main Mode packet
contents (flags 0, len 184): 6w3d: KE payload 6w3d: NONCE payload 6w3d: ISAKMP: Main Mode packet contents (flags 1, len 64): 6w3d:
ID payload 6w3d: HASH payload 6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_KEY_EXCH 6w3d: ISAKMP (0:1):
received packet from 195.244.119.2 (I) MM_KEY_EXCH 6w3d: ISAKMP: Main Mode packet contents (flags 1, len 68): 6w3d: ID payload
6w3d: HASH payload 6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 168): 6w3d: HASH payload 6w3d: SA payload 6w3d:
PROPOSAL 6w3d: TRANSFORM 6w3d: NONCE payload 6w3d: ID payload 6w3d: ID payload 6w3d: ISAKMP (0:1): sending packet to
195.244.119.2 (I) QM_IDLE 6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) QM_IDLE 6w3d: ISAKMP: Quick Mode packet
contents (flags 1, len 172): 6w3d: HASH payload 6w3d: SA payload 6w3d: PROPOSAL 6w3d: TRANSFORM 6w3d: NONCE payload
6w3d: ID payload 6w3d: ID payload 6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 52): 6w3d: HASH payload 6w3d: ISAKMP
(0:1): sending packet to 195.244.119.2 (I) QM_IDLE
Reference:
debug dialer detailed
privileged exec
IOS
privileged exec
IOS
Enable some additional debugging for the DDR subsystem.

Reference:
debug dialer holdq
Activate debugging output for dialer hold queue events.Jan 13 14:56:03.240: Se0/1:15 DDR: Creating holdq 626B1B9C Jan 13
14:56:03.240: DDR: Assigning holdq 626B1B9C to 627923F8 Jan 13 14:56:09.208: DDR: Assigning holdq 626B1B9C to 61B667F4 Jan 13
14:56:09.208: DDR: freeing dialer holdq 626B1B9C (Ref ptr 61B667F4) Jan 13 14:56:09.208: DDR: Dialing failed, 0 packets unqueued and
discarded Jan 13 14:56:09.208: : 2 packets unqueued and discarded
Reference:
debug ip ospf monitor

OSPF SPF monitoring debugging. Hmm, seems to show synchronization
between OSPF routing process and routing table. Furthermore it
shows LSA changes and so can be used to debug why a link marked
as OSPF demand circuit is brought up for example.
Reference:
privileged exec
IOS
debug ip packet [detail] [<access-list>] dump
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
Dumps packets contents for process switched packets.

Reference:
debug isdn q931 l3

This command will show additional information on ISDN Layer 3, i.e.
the corresponding call reference number in all ISDN messages.
Reference: Project DOTU
debug mica {tx|rx} <slot>/<port>

Dump data from a MICA digital modem. Probably only supported
on the Cisco Access Server series (e.g. AS5300).
Reference:
debug modem csm

Modem Management Call Switching Module debugging.
Reference:
debug oir
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Activate OIR debugging.ctalkb#debug oir Online Insertion and Removal debugging is on 2w3d: OIR: Process woke, Event, stall=2,
usec=0xB6835B36 -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR: Shutdown pulled interface for Serial5/0 -Traceback=
600E30C4 60409204 604096C8 603B6D2C 603B6D18 2w3d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled Traceback= 60409748 603B6D2C 603B6D18 2w3d: OIR: Remove hwidbs for slot 5 -Traceback= 60409368 60409750 603B6D2C
603B6D18 2w3d: OIR: Process woke, Event(max not running), stall=3, usec=0xD0115C9E -Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Process woke, Timer(max running), stall=3, usec=0xDDBB56D6 -Traceback= 6040967C 603B6D2C 603B6D18 2w3d: OIR:
(Re)Init card 5, retry_count=3 -Traceback= 60409894 603B6D2C 603B6D18 2w3d: %OIR-6-INSCARD: Card inserted in slot 5, interfaces
administratively shut down -Traceback= 604098BC 603B6D2C 603B6D18
debug parser mode
privileged exec
IOS
Aug 7 21:58:44.207 MEST: Look up of parser mode route-map succeeded Aug 7 21:58:45.923 MEST: Look up of parser mode configure
succeeded
debug sanity
privileged exec
IOS
config-if
IOS
config-if
IOS
With this command every buffer that is used in the system is sanity-checked
when it is allocated and when it is freed. This can sometimes be used to
pinpoint memory corruption problems when analyzing a core dump which was
generated with this debug option in effect.
Reference:
dialer disable-multiencaps
Revert to premultiencapsulation on the dialer profile.
Reference: CSCdp95164
dialer mult-map-same-name
If distinct dialer maps to different destinations share the same remote
name, traffic will fail to pass on the 2nd and subsequent sessions. This
ability is implemented 1n 12.0T as a hidden command. dialer
mult-map-same-name allows 2 users to dial in to the dialer with the same ppp
user_name. Its behaviour with other dialer features is currently
unpredictable and should be used with caution.
Reference: CSCdk28459 allow multi users w/ same name
eigrp event-log-site <n>
config-router eigrp IOS
Set size of event log. Setting it to zero deletes event log buffers.
Default log buffer size is 500 events.
Reference:
eigrp event-logging
Controls logging of EIGRP events.

Reference:
eigrp kill-everyone
Kill all adjacencies on an SIA or a neighbor down event.
eigrp log-event-type [dual] [xmit] [transport]

Configure the set of EIGRP event types to log.
Reference:
enable engineer
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
exec
XDI/CatOS
Catalyst 5000 series with Supervisor Engine I:You will be prompted for a password. It has the following format:
VTY
VTY
HW
FW
SW
That is, the VTY password followed by the VTY password again, followed by
the hardware version, followed by the software version(no spaces, do not
type the dots in the versions).
Catalyst 5000 series with Supervisor-Engine II and III and Catalyst 6000
series with Supervisor I and II:
Format for the password is:
VTY
HW
FW
SW
VTY
That is, the VTY password followed by the VTY password again, followed by
the hardware version, followed by the software version (no spaces, do not
type the dots in the versions).
Reference:
frame-relay fecn-create
config-map-class
IOS
privileged exec
IOS
voice service voip
IOS
privileged exec
7000/7500 Series, IOS
config
IOS (>=10.3(8) and

>=11.0(3))
This hidden command enables setting the FECN bit in

all outgoing packets that have been delayed due to traffic
shaping.
Reference:
gdb {kernel | pid <pid-num> | {examine | debug} <pid-num>}

Seems to activate some internal debugger. Maybe for access via remote gdb.
Probably only useful with a symbol table and an IOS image compiled for
debugging.
Reference: Phrack, Volume 0xa, Issue 038; Project DOTU
h323 h245 tunnel defer
Reference:
if-console <slot-num> [console|debug]
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Open connection to the VIP console. Lots of useful commands there,

especially showing memory and cpu usage.
Reference:
ip cache-ager <secs-between-runs> <fraction-low-memory> <fraction>

Its hidden, and you have to configure service internal in order
to bring it into existence.
<secs-between-runs> is 0-2147483 number of seconds between ager

runs, default = 60 seconds. If the period between ager invalidation runs is
set to 0, the ager process is disabled entirely.
<fraction-low-memory> is 2-50 1/<fraction-low-memory> of

cache to age per run (low memory), default = 4.
<fraction> is 3-100 1/<fraction> of cache to age per run

(normal), default = 20.
Configures the ager of the fast switching cache. Aaron Leonard
<Aaron@cisco.com> recommended 20 3 3 on cisco-nas in the
light of recent CodeRed attacks, i.e. make the ager more aggressive
to prevent excessive cache growth.
Reference: <01K7Y45PW1PA9KWFH9@Cisco.COM> and http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
ip cache-invalidate-delay <minimum-delay> <maximum-delay> <quit-interval>
config
IOS (>=10.3(8) and

>=11.0(3))
Requires service internal.
<minimum-delay> is 0-300 seconds.

<maximum-delay> is 1-300 seconds.
<quiet-interval> is 1-600 seconds.
Use no ip cache-invalidate-delay to disable the delay altogether. See
this posting from cisco-nas:
Date: Fri, 28 Apr 2000 10:07:03 -0700 (PDT) From: Aaron Leonard <Aaron@cisco.com> Subject: Re: CN: telnet DoS (CSCdm70743) To:
Cisco-NAS@datasys.net Message-id: <01JORKP9PBPIA2AL39@Cisco.COM> References: <01JOHR9QY432A2AAVQ@Cisco.COM>
Reply-To: Cisco-NAS@datasys.net Its hidden, and you have to configure service internal in order to bring it into existence. I.e. as53001(config)#service internal as5300-1(config)#no ip cache-invalidate-delay Its generally recommended for systems running 12.0T/12.1 code
if they have lots of interfaces (>300) and are not doing CEF.
Reference: <01JORKP9PBPIA2AL39@Cisco.COM> and http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
ip ospf interface-retry <retries>
config-if
IOS
From Cisco DE (slightly edited):The motivation for this command is a timing problem where OSPF fails to
determine the state of an interface. The solution was for OSPF to poll the
interface for a while to verify its state. The hidden command allows us to
lengthen the polling period on routers that have a large number of
interfaces. The polls occur every 10 seconds and the command controls the
number of polls that will be done. With a setting of 0 retries there will be
no extra polling.Default number of retries is 10.
ip route profile
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
config
IOS
As disclosed by Aaron Leonard from Cisco on cisco-nas:Date: Thu, 11 Sep 2003 09:34:53 -0700 (PDT) From: Aaron Leonard
<Aaron@cisco.com> Subject: Re: [cisco-nas] IP Route Profile In-reply-to: Your message dated Wed, 10 Sep 2003 22:21:02 -0500
<10e701c37813$bad83870$5370cd41@dellbert> To: Beprojects.com <info@beprojects.com> Cc: cisco-nas@puck.nether.net [...] ip
route profile was implemented way back in late 96 by CSCdi76662. However we have historically refrained from documenting this
(CSCdk01634, CSCdz19775) as this has been declared to be a hidden command that should not be used by customers. However, in fact
this is NOT a hidden command so Ive just now gone ahead and reopened CSCdz19775. Introduction The Route Table Profiling feature
was developed to assist network engineers in monitoring routing table fluctuations, which may be the result of route flapping, network
failure, or network service restoration. This feature was added in CSCdi76662 to the 11.1CC train of Cisco IOS. The Route Table Profiling
feature is an undocumented and unsupported feature. There is no MIB support provided. Configuration The Route Table Profiling feature is
enabled globally. The command is ip route profile in global configuration mode. This feature can be disabled with the command no ip
route profile in global configuration mode. Routing table change statistics can be viewed with the show ip route profile command in exec
mode.
Reference: CSCdi76662
ipc-console <slot-num> <cpu>
privileged exec
Catalyst 6000/6500 Series,

IOS
config-if
IOS (>=11.2)
config
IOS
Open connection to the FlexWAN console. FlexWANs contain two

CPUs so you can connect to either CPU 0 or CPU 1.
Reference:
ipx sap-interval {<n>|passive}

Set the IPX SAP advertising interval to n or to passive mode.
Reference:
ipx server-split-horizon-on-server-paths
This global configuratiom command specifies that split horizon SAP
occurs on server paths.This command is documented in DDTS CSCdm12190. From the release note:By default, split horizon blocks
information about periodic SAPs from being
advertised by a router to the same interface on which the best route to that
SAP is learned. But in the case where the SAP may be learned from
interfaces other than (or in addition to) the interface on which the best
route to that SAP is learned, enabling ipx
server-split-horizon-on-server-paths will reduce unnecessary periodic SAP
updates as that SAP will not be advertised to the interface(s) where it was
learned from; this will also prevent potential SAP loop in the network.
ipx update interval {rip | sap} passive
config
IOS (>=11.3(1.3))
config-if
IOS (>= 12.1(3.3)T)
privileged exec
IOS
config-router
IOS
config-if
IOS
config-router bgp
IOS
config
IOS
The undocumented passive keyword specifies to listen but not send

normal periodic SAP or RIP updates nor flash update caused by changes.
Queries will still be replied to. The update interval is set to the same
interval as changes-only.See also ipx sap-interval.
Reference: CSCdj59918
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
isdn incoming progress [validate|accept]
Controls whether IOS sends an INVALID information element message when it

receives an invalid PROGRESS IE.
Reference: CSCdt12611
modem-mgmt csm debug rbs
Debug RBS trunks. Only available if service internal configured.

Equivalent to debug cas on later IOS versions (>= 12.0(7)T).
Reference:
mpls traffic-eng multicast-intact

Use hop-by-hop routing instead of MPLS TE tunnels to transport
multicast traffic. See CSCdm63234 for details.
multilink queuing bypass-fifo
Reference:
neighbor <ip-address> dont-capability-negotiate

Turns off CAPABILITY parameters in BGP Open message.
Reference:
no logging snmp-authfail
Turn off the %SNMP-3-AUTHFAIL message.See CSCdv04268 for availability information.
Reference: CSCdv04268
no ppp microcode
config-if
IOS
config
IOS
config-if
IOS
config-if
IOS
config-if
IOS
config-if
IOS
config-if
IOS
config-if
IOS
On a cisco 805, ip tcp header-compression configured on the serial async

interface and on the dialer interface linked to it, results in VERY long
response time for TCP sessions. Workaround: Remove ip tcp
header-compression or enable the hidden command no ppp microcode on the
serial interface or configure IP directly on the serial interface (no dialer
interface).
Reference: CSCdp32980
no snmp-server sparse-tables
Fully populate all SNMP tables even if an object id
is not applicable in a specific case.
Reference:
ppp dnis <number> [<number> ...]

Skip authentication entirely for PPP per DNIS.
ppp ipcp accept-address
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference: CSCdk45054
It is possible to revert to the previous operation using the hidden
interface command ppp ipcp accept-address. When enabled the peer IP

address will be accepted but is still subject to AAA verification,
it will have precedence over any local address pool however.
Reference: CSCdj04128
ppp ipcp dns|wins {accept | a.b.c.d [e.f.g.h] [accept]}
Reference: CSCdm62097, CSCdk01128
ppp ipcp ignore-map

Dont assign same IP address to peers with the same name. Instead
get a fresh address.
Reference: CSCdm18764 dont assign peer IP addr from map
ppp ipcp unique-address

Assigns a unique IP address even if the same user (identified by the username)
has multiple links open. Standard behaviour is to assigned the same IP
address. See dialer mult-map-same-name, too.
Reference:
ppp max-configure <num>

Maximum number if configure requests to send.
Reference:
priv
ROMMON
Enable private commands in the ROMMON. Sometimes a password is required.

Reference:
ps -c
privileged exec
XDI/CatOS
config
IOS (>= 12.1(4)T)
Show process listing and CPU usage.

Reference:
radius send service-type call-check
From: Dennis Peng <dpeng@cisco.com> To: scott.list <scott.list@mlec.net> Cc: cisco-nas@external.cisco.com Message-ID:
<20010331195613.D28415@sj-cse-320.cisco.com> I assume you have preauthentication already configured? By default, we send
Service-Type = Outbound-User. In 12.1(4)T and later, you can configure the (hidden) command radius send service-type call-check to
change the value from Outbound-User to Call-Check. I submitted CSCdt85947 to get the command unhidden and documented. Here is the
release-note I attached: The command radius send service-type call-check is hidden. This command is available in 12.1(4)T and later and
is used to change the value of the Service-Type RADIUS attribute the access server sends when doing pre-authentication. The default is to
send Outbound-User (5). With this command configured, we will send Call-Check (10). This is useful in a multi-vendor environment as well
as when migrating an existing RADIUS database for use withe Cisco access server.
Reference: CSCdt85947
radius-server authorization default Framed-Protocol ppp
config
IOS
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
This hidden command assumes that the RADIUS Framed-Protocol attribute is PPP
when no Framed-Protocol attribute is present in a RADIUS server reply packet.
Reference: Dennis Peng <dpeng@cisco.com>, <20020404165144.GE5919@sj-cse-320.cisco.com> on cisco-nas
radius-server authorization permit missing Service-Type
config
IOS
This hidden command seems to allow RADIUS server replies in which the
Service-Type attribute is missing.
Reference: Dennis Peng <dpeng@cisco.com>, <20020404165144.GE5919@sj-cse-320.cisco.com> on cisco-nas
radius-server unique-ident
config
Directly from the DDTS release note:The hidden command radius-server unique-ident can be used to try to
ensure that RADIUS session IDs are unique across IOS boots. It will have
the side effect of automatically writing the IOS configuration to NVRAM some
time after booting.When the router parses the command radius-server unique-ident it sets the
unique-ident variable to (n+1) and all accouting records have a prefix of
(n+1). When you look at the configuration or write the configuration to
NVRAM, it is also shows radius-server unique-ident.
If the box is reloaded, upon booting the router will parse radius-server
unique-ident and then set the unique-ident variable to (n+2) and all
accounting records have a prefix of (n+2). When you look at the
configuration or write the configuration to NVRAM, is will show
radius-server unique-ident.
Reference: CSCdu77149
IOS
service download-fl
config
GSR IOS
config
IOS
config
IOS
config
IOS
Force the GRP to download its own version of the Fabric Downloader to the
line card before attempting to start Cisco IOS.
Reference: http://www.cisco.com/warp/public/63/17.html
service internal
Activate some Cisco commands normally used for internal testing.
Reference:
service log backtrace

Supply a backtrace with every messaged logged. Probably to find
out where a certain message is generated.
service unsupported-transceiver
Enables the use of third-party SFP or GBIC modules on Cisco switches but note the warning
Reference: Saku Ytti on cisco-nsp
service-policy classify-per-feature
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
below.Example output:Switch(config)#service unsupported-transceiver Warning: When Cisco determines that a fault or defect can be
traced to the use of third-party transceivers installed by a customer or reseller, then, at Ciscos discretion, Cisco may withhold support
under warranty or a Cisco support program. In the course of providing support for a Cisco networking product Cisco may require that the
end user install Cisco transceivers if Cisco determines that removing third-party parts will assist Cisco in diagnosing the cause of a support
issue.
config
IOS
privileged exec
XID/CatOS
From CSCds43683:Packets should be treated consistently on all platforms for a given

configuration. This fix addresses the consistency issue when QoS Mod CLI is
configured via the service-policy command on the 7500 vs the other IOS
platforms.After this fix, each packet will be matched for a matching class under the
policy-map until a match is found. Matching terminates at the first matching
class and all features configured under the class act on the packet. In the
current IOS releases, matching happens across all classes under a policy
until the first matching class is found for every configured QoS feature.
To maintain backward compatibility a hidden knob called service-policy
classify-per-feature knob is introduced. When configured, the behaviour
reverts to the current existing behaviour. By way of this fix, the default
behaviour will be common for all platforms. This fix is going to affect 7200
and other non-distributed platforms only.
Reference: CSCds43683
set trace <category> <level>
Enable tracing of the specified subsystem.Possible category names (most certainly depending on CatOS version):acct, acl, all, bdd, cdp,
config, dhcp, diag, dns, dot1x, drip, dtp,
dupflash, dupnvram, dynvlan, earl, envmon, eobc, epld, essr, evmgr,
fabric, fcp, fddi, fib, filesys, fpoe, garp, gvrp, hamgr, http,
inband, ipc, kerberos, l3age, l3sup, lane, ld, llc, ltl, mbuf, mcast,
mdg, memdbg, mls, mlsm, modport, ntp, nvsync, oob, pagp, protfilt,
pruning, privatevlan, qde, qos, radius, redundancy, rsfc, rsvp, rtios,
rtipc, rticc, runtimecfg, scp, security, slp, snmp, span, spantree,
ssh, syncmgr, synfig, syslog, tacacs, test, tftp, tftpd, udld, verb,
vlanmgr, vmps, vtp.
<level> = 0..15, 0 to disable, default is 1

<level> = 0..255 for inband only
A level of 6 is normally a good start.
Warning: Can produce losts of output depending on your configuration and the
level chosen.
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
set trace monitor {enable|disable}
privileged exec
XID/CatOS
privileged exec
XID/CatOS
show acl stats
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Comment by Francois on this command:Displays various statistics about the ACL subsystem and associated hardware
components. There are some interesting counters like compilation errors and
also usage counters for various tables (different masks, subnets, etc).
Useful when you cant commit your ACL with a TCAM error message.ACL: local stats table Messaging
- rxScpMsg: 0 rxScpMsgAbort: 0 rxAclMsg: 1257 rxAclMsgAbort: 0 aclMsgUnknownType: 0 outOfSequence: 0 appIdMisUse: 0
intfConfError: 0 msgSendFailed: 1 appIdDifferAfterSwover:0 ignoreRaclOverride: 1 draco-id: 65535-ffffffff-ffffffff draco-id: 33-ffffffff-ffffffff
Resources - ACL malloc fail: 0 noLou: 0 noMask: 0 noCapmap: 0 tcamFull: 0 compilerErr: 18
noLabel: 0 louExpandGt: 0 louExpandLt: 0 louExpandNeq: 0 louExpandRange: 0 freeListRebuild: 0 Acl engine stats
- perseusL3Parity: 0 perseusSequenceErr: 0 perseusLabelOverflow: 0 perseusCamLookupErr: 0 perseusDbusErr: 0
perseusCpuParityErr: 0 perseusIPChecksumErr: 1 perseusShortPacketErr: 0 perseusCpuTmout: 0 **lookup fifo undeflow:0 Hardware
resource usage for ACL Tcam: label:3.73%, lou:20.31%, mask:11.86%, value:4.4% Acl manager stats
- aclRestarted: F Sec vacl restore done: T Lda vacl restore done: T Qos acl restore done: T Feature intf count: 0 HA stats
- activeHaCopyFail: 0 Gsync_count: 1 Sleep on gsync Gsync done Wakeup on gsync 14:58:43 14:58:45
14:58:45 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 000:00:00 00:00:00 00:00:00 00:00:00
00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00
show alignment
privileged exec
IOS
privileged exec
XID/CatOS, Catalyst 5000

series with NFFC
Displays statistics about spurious memory accesses and aligment

errors. Also includes stack tracebacks.
Reference:
show banff-reset
There is a quiet recall on some Catalyst 5000 series switches that have the
EARL 1 chip NFFC and a data rate that exceeds 80MBS across the backplane
because of a defect that causes the ECB to reset continuously. Usually users
will report a network slowdown.This command will display the number of times the ECBs have reset since last
power on, a number of 1 for each ECB is normal. Numbers in the hundreds or
thousands mean you need to call Cisco for replacement boards.

Reference: From Heinz Ulms web site
show caller
exec
IOS
privileged exec
IOS
exec
Cat 2900XL/3500XL, IOS
Show a lot of information about calls in a NAS environment. Lots of subcommands here.
Reference:
show chunk [summary]

There is the traditional malloc/free memory management in place on the
cisco. there is also chunk allocation. the main benefit of chunk
allocation over its predecessor is that memory overhead is only paid by the
large chunk (which is then carved up into smaller pieces) instead of by each
individual malloced block.
show controller switch

The show controller switch command provides indicative information regarding
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
the total switch utilization. An example is presented below:Switch#sh controller switch Switch registers: Device Type : 000040273
Congestion Threshold : 0x00000E95 Peak Total Allocation : 0x0000001A Total Allocation : 000000000 Peak Total Bandwidth :
000000020 Total Bandwidth : 000000000 Total Bandwidth Limit : 0x000003DE Lower Bandwidth Limit : 0x000003DE Switch Mode :
000040000 Switch#The Total Bandwidth Limit varies between different 2900XL and 3500XL models.
When the Total Bandwidth reaches the Total Bandwidth Limit value, the switch
has reached its full bandwidth capacity and begins to drop packets. The Peak
Total Bandwidth is the highest value attained by the Total Bandwidth since
the last time the show controller switch command was executed. Note, the
values for the above parameters are in hexadecimal.The Congestion Threshold value is used as conservative value for the maximum
global buffer utilization. When the buffer utilization noted by Total
Allocation reaches this value, the switch may drop frames. The Peak Total
Allocation value shows the highest value attained by the Total Allocation
since the last time the show controller switch command was executed. It is
possible for the Peak Total Allocation and/or the Total Allocation to be
greater than Congestion Threshold. If the Total Allocation reaches or is
over the Congestion Threshold amount, the switch is experiencing
considerable network activity near its full capacity.
The global buffer utilization may be adversely effected by several
configuration issues, described below:
1.Speed mismatch between an ingress and egress port; for example, several
100 megabit clients transferring files to a server connected to the
switch at 10 megabits, half-duplex.
2.Multiple input ports feeding a single output port.
3.Duplex mismatch on multiple ports.
4.Numerous ports that are experiencing collisions and/or output errors due
to half-duplex configuration or over-subscription of a slow link.
Reference: http://www.cisco.com/warp/customer/473/19.html
show epc
privileged exec
IOS
From a Catalyst 2048G-L3 (also applies to the Catalyst 4908G-L3 and

probably in parts to the Catalyst 8500 series):gepard#show epc ? E-PAM show comands: IF-entry IF Entry in IF-Table VC-entry VC Entry
in VC-Table VLAN-entry VLAN Entry in VLAN-Table aal5 aal5 statistics acl ACL FPGA related debug commands adm Show contents of
ADM in IOS age-timer Aging Timer atm-debug-status ATM debug statistics atmup_ipmcast Show Multicast VC leg to external VC mapping
caller-stats Caller Stats at a merge-point caller-tags Caller Tags cam Show contents of E-PAM CAM card Show information managed by
CARD coredb show coredb counters Counters of all epif-ports discards discard statistics exvc-entry External VC Entry in VC-Table fechannel FE-Channel Membership Information fpga Access ACL FPGA resources freecam Free space in CAM ifmapping Interface mapping
to CAM IF number ip-address Show adjacency entries in line cards ip-prefix Show IP prefix entries (compare to CEF output) ipmcast Show
IP Multicast table in E-PAM CAM ipx-node Show IPX node entry in E-PAM CAM ipx-prefix Show IPX prefix in E-PAM CAM jaguar-fpgaepld Access ACL2 EPLD Addresses with WID=2 lec-ipx Show LEC Local IPX Information lsipc Show LSIPC information mac Show MAC
address in E-PAM macfilter Show MAC filter address database mailbox Read the mailbox value mem Show contents of packet memory in
E-PAM patricia Show Patricia tree in E-PAM CAM port-qos Show current port qos configuration queuing queueing statistics register print
contents of EPIF register ri-register Show last reported contents of EPIF RI register sm Show 1483 Local static map information spd
selective packet drop statistics status Status of all epif-ports switching VC switching statistics tcam TCAM related commands ucode uCode
images on all epif-ports udp-flood Show LS UDP-flooding informationSome of these commands are documented as part of the Catalyst
8540
documentation but are also useful on the Catalyst 2948G-L3 which seems to
be based (at least partly) on the same hardware platform as the Catalyst 8540.See:
http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/11_ey/trouble/l3_net.htm
Reference:
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show epc acl lookup {in|out}
privileged exec
IOS (Cat 2948G-L3, 4908GL3, 8540)
Displays whether the ACL would permit or deny a specific IP packet on a particular
interface.
Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
show epc acl tcam2acl interface <interface> {in|out}
privileged exec
IOS (Cat 2948G-L3, 4908GL3, 8540)
Displays the ACL entries programmed in the TCAM for a particular interface.
Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
show epc ip-address interface <interface> all-entries
privileged exec
IOS (Cat 2948G-L3)
Shows the IP adjacencies installed in the CAM hardware:gepard#show epc ip-address interface FastEthernet 1 all-entries IPaddr:
192.168.60.116 MACaddr: 0090.27b7.24d7 FastEthernet14(17) IPaddr: 192.168.60.117 MACaddr: 0090.27d1.d47a FastEthernet15(18)
IPaddr: 192.168.60.112 MACaddr: 00d0.b720.6fc9 FastEthernet10(13) IPaddr: 192.168.60.113 MACaddr: 00d0.b720.750f
FastEthernet11(14) IPaddr: 192.168.60.114 MACaddr: 00d0.b720.7357 FastEthernet12(15) IPaddr: 192.168.60.115 MACaddr:
00d0.b720.755e FastEthernet13(16) IPaddr: 192.168.60.125 MACaddr: 0050.0457.edbf FastEthernet19(22) IPaddr: 10.232.4.202
MACaddr: 0009.b7b4.0700 Port-channel1.2(60) IPaddr: 192.168.60.120 MACaddr: 0090.27c3.f042 FastEthernet5(8) IPaddr:
192.168.60.100 MACaddr: 0002.b3ac.5470 GigabitEthernet50(53) IPaddr: 192.168.60.101 MACaddr: 0002.b3ac.5470
GigabitEthernet50(53) IPaddr: 192.168.60.102 MACaddr: 0090.27d1.88bf FastEthernet4(7) IPaddr: 192.168.60.103 MACaddr:
0090.27d1.88bf FastEthernet4(7) IPaddr: 192.168.60.99 MACaddr: 6080.0f3c.0000 IPaddr: 192.168.60.110 MACaddr: 0090.27dd.f9a6
FastEthernet8(11) IPaddr: 192.168.60.111 MACaddr: 00d0.b708.adb3 FastEthernet9(12) IPaddr: 192.168.61.21 MACaddr:
0800.20ee.4ead FastEthernet46(49) IPaddr: 192.168.60.20 MACaddr: 0030.6e11.0157 FastEthernet37(40) IPaddr: 192.168.60.21
MACaddr: 0030.6e11.139f FastEthernet38(41) IPaddr: 192.168.60.22 MACaddr: 0002.b3ac.5454 GigabitEthernet49(52) IPaddr:
192.168.61.22 MACaddr: 0800.20ec.6709 FastEthernet46(49) IPaddr: 192.168.60.23 MACaddr: 0002.b3ac.53f5 FastEthernet43(46)
IPaddr: 192.168.60.30 MACaddr: 00e0.18c2.baf9 FastEthernet21(24) IPaddr: 192.168.60.25 MACaddr: 0030.6e12.099a
FastEthernet39(42) IPaddr 192.168.60.26 missing [...] Total number of IP adjacency entries: 46 Missing IP adjacency entries: 1
show epc patricia <ingress-interface> ipucast detail
privileged exec
IOS
Seems to show the FIB stored in the CAM memory of a specific ingress port.Example output provided by Hank:cs-c2948gl3-13a#sh epc
patricia interface FastEthernet 3 ipucast detail 1# Synthetic entry: CAM location: 0x202B NAP location: 0x202C IP Prefix:224.0.0.0
MySubnet LB:Disabled Network Entry:Valid 2# Synthetic entry: CAM location: 02038 NAP location: 00000 3# Synthetic entry: CAM
location: 0x202F NAP location: 02035 IP Prefix:192.168.128.255 MySubnet LB:Disabled Network Entry:Valid 4# HOST Entry CAM
location: 02030 NAP location: 00000 IP addr:192.168.128.2 Host IF Number:6 Entry:Valid Mac Addr:0090.a65c.63ff 5# Synthetic entry:
CAM location: 02050 NAP location: 02032 IP Prefix:192.168.128.0 MySubnet LB:Disabled Network Entry:Valid IP Prefix:192.168.128.1
MySubnet LB:Disabled Host Entry:Valid 6# Synthetic entry: CAM location: 0x203C NAP location: 02037 IP Prefix:192.168.105.0
MySubnet LB:Disabled Network Entry:Valid IP Prefix:192.168.128.0 MySubnet LB:Disabled Network Entry:Valid 7# Synthetic entry: CAM
location: 0x203F NAP location: 0x203E IP Prefix:192.168.105.255 MySubnet LB:Disabled Network Entry:Valid 8# HOST Entry CAM
location: 02046 NAP location: 00000 IP addr:192.168.105.8 Host IF Number:5 Entry:Valid Mac Addr:0001.968e.33b0 9# Synthetic entry:
CAM location: 02045 NAP location: 02040 IP Prefix:192.168.105.2 LB:Disabled Network Entry:Valid Nexthop CAM locations: 02046
00000 Nexthop 1: IP addr:192.168.105.8 Host Entry:Valid FastEthernet2 (5) Mac Addr:0001.968e.33b0 10# Synthetic entry: CAM
location: 02033 NAP location: 0x203D IP Prefix:192.168.105.0 MySubnet LB:Disabled Network Entry:Valid IP Prefix:192.168.105.1
MySubnet LB:Disabled Host Entry:Valid 11# CAM location: 0x201B ROOT IP Patricia Tree Summary: Number of IP entries: 18 Number of
Host Entries: 2 Number of Network Entries: 10 Number of Good Synthetic entries: 7 Number of Dirty Synthetic entries: 1
Reference: Contributed by Hank Nussbacher <hank@att.net.il>
show epc patricia <interface> mac
privileged exec
IOS (Cat 2948G-L3, 4908GL3)
Layer 2 forwarding table entries for a given MAC address in a bridge group
are viewed using the show bridge bridge-group-number command.However, bridge table entries on the Catalyst 2948G-L3 and 4908G-L3
switches
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
are actually formed internally of at least two entries, one on the source
interface (where the device with that MAC resides) and one on each
destination interface (the interface where, based on the destination MAC in

the frame, the traffic sourced from that MAC is destined). This is because
the learning process for populating the bridging tables on the Catalyst
2948G-L3 and 4908G-L3 switches is actually distributed on a per-port basis
rather than on a switch-wide basis.gepard#show epc patricia interface FastEthernet 9 mac 1# MAC addr:0000.0000.0000 VC:0 Entry: 2#
MAC addr:0900.2b01.0001 MyMAC 3# MAC addr:0180.c200.0000 MyMAC 4# MAC addr:0100.5e00.0006 MyMAC 5# MAC
addr:0100.5e00.0005 MyMAC 6# MAC addr:0100.5e00.0002 MyMAC 7# MAC addr:0100.0ccc.cccd MyMAC 8# MAC addr:0100.0ccc.cccc
MyMAC 9# MAC addr:00e0.18c2.baf9 IF Number:24 Entry:Remote 10# MAC addr:00d0.b720.755e IF Number:16 Entry:Remote 11# MAC
addr:00d0.b720.7357 IF Number:15 Entry:Remote 12# MAC addr:00d0.b720.6fc9 IF Number:13 Entry:Remote 13# MAC
addr:00d0.b720.750f IF Number:14 Entry:Remote 14# MAC addr:0090.27dd.f9a6 IF Number:11 Entry:Remote 15# MAC
addr:0090.27d1.d47a IF Number:18 Entry:Remote 16# MAC addr:0090.27c3.f042 IF Number:8 Entry:Remote 17# MAC
addr:0090.27b7.24d7 IF Number:17 Entry:Remote 18# MAC addr:00d0.b708.adb3 IF Number:12 Entry:Local 19# MAC
addr:0030.6e12.099b IF Number:59 Entry:Remote [...] 29# MAC addr:0002.b3ac.5474 IF Number:59 Entry:Remote 30# MAC
addr:0003.9f17.980f HsrpMAC 31# MAC addr:0001.428b.d280 IF Number:4 Entry:Remote 32# MAC addr:0000.0c07.ac00 HsrpMAC Total
number of MAC entries: 32
show idb
privileged exec
IOS
Show list of assigned software und hardware Interface Descriptor Blocks (IDBs).
Later IOS versions show the maximum number of software IDBs, too.vxr15#sh idb Maximum number of IDBs 3000 26 SW IDBs allocated
(2368 bytes each) 22 HW IDBs allocated (4064 bytes each) HWIDB#1 1 FastEthernet0/0 (HW IFINDEX, Ether)
Reference:
show inband
privileged exec
Comment by Francois:This command outputs statistics about the internal Catalyst 6000 memory
channel (interface between two supervisors in a redundant configuration).
XID/CatOS
Can help to diagnose this kind of error: InbandPingProcessFailure:Module 1

not responding over inband.Inband FX1000 Control Information General Ctrl Regs: RegsBase: 42000000 DevCtrl: 003C0001 DevStatus:
0000000F TxCtrl: 000400FA RxCtrl: 0000821E Tx Ctrl Regs: TxDBase: 019AF000 TxDSize: 00002000 TxDHead: 383 TxDTail: 383 TxIpg:
00A00810 Rx Ctrl Regs: RxDBase: 019AA000 RxDSize: 00004000 RxDHead: 993 RxDTail: 990 Inband PCI Information DeviceID: 1000
VendorID: 8086 Status: 0200 Command: 0116 ClassCode: 020000 Revision: 03 Latency: FC CacheLine: 08 BaseAddr: 42000004
NonSwapAddr: 00000000 SwapAddr: 02000000 Inband Driver Information Transmit: FirstTxD: A19AF000( 0) LastTxD: A19B0FF0( 511)
TxHead: A19B0850( 389) TxTail: A19B0850( 389) FreeTxDs: 00000512 Receive: FirstRxD: A19AA000( 0) LastRxD: A19ADFF0(1023)
RxHead: A19ADDF0( 991) RxTail: A19ADDE0( 990) FreeRxDs: 00001023 System: SpurIntrs: 00000000 OutofMbufs: 00000000
TotalMbufs: 00013088 TotalMCls: 00005536 FreeMbufs: 00011532 FreeMCls: 00004043 MacAddr: 00D0017957FF Resynch: 00000000
Inband FX1000 Statistics Transmit: TxPkts: 61337989 TxBytes: 2412393989 Inband Stuck Count: 00000000 Pkts/Sec: 00000000
QueuedPkts: 00000000 LateColl: 00000000 ExcessColl: 00000000 Ovfl: 00000000 OvflRate: 00000000 JmboPktDrp: 00000000
MaxPktRcvd: 00000000 Detail Tx Pkt Info (clear on read) 64: 00000000 65-127: 50108072 128-255: 04559900 256-511: 00910493 5121023: 00000600 1024-1522: 00988696 Bcast: 00000000 Mcast: 00000033 # pkts: 56567761 Receive: RxPkts: 43941855 RxBytes:
2483893904 Pkts/Sec: 00000000 SeqErrInt: 00000000 Ovfl: 00000000 OvflRate: 00000000 OvInt: 00000000 OvIntRate: 00000000
CrcErrs: 00000000 SymbErrs: 00000000 ISLCrcErrs: 00000000 SeqErrs: 00000000 DescOv: 00000000 DescOvRate: 00000000 LenErrs:
00314103 DefrPkts: 00000000 Detail Rx Pkt Info (clear on read) 64: 00000000 65-127: 17144848 128-255: 25105957 256-511: 00849533
512-1023: 00497913 1024-1522: 00029504 Bcast: 00000000 Mcast: 00840799 Good pkt: 43627755 Undersize: 00000000 NoBuff:
00000000 Frags: 00000000 Oversize: 00314103 Jabber: 00000000 # pkts: 43941858
show interface cable <x>/0 privacy statistic
privileged exec
IOS
This hidden command may be used to view statistics on the number of SIDs
using baseline privacy on a particular cable interface.Here is an example output of this command.CMTS# show interface cable 4/0 privacy
statistic CM key Chain Count : 12 CM Unicast key Chain Count : 12 CM Mucast key Chain Count : 3
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference: http://www.cisco.com/warp/public/109/docsis_bpi.shtml
show interfaces [<interface-name>] stats
exec
IOS
exec
IOS
privileged exec
IOS
Show statistics on the switching path used (per interface or all).

Reference:
show interfaces [<interface-name>] switching
Produces detailed output on the switching paths used on a particular

interface (or on all interfaces). Also shows SPD statistics.
Reference:
show ip cef [<network> [<netmask>]] internal
Especially shows information about the CEF load sharing logic.router#show ip cef 141.1.0.0 255.255.0.0 internal 141.1.0.0/16, version
10758832, per-destination sharing 0 packets, 0 bytes via 194.221.43.81, 0 dependencies, recursive next hop 194.77.146.254,
GigabitEthernet4/0/0 via 194.221.43.80/30 valid adjacency Recursive load sharing using 194.221.43.80/30 Load distribution: 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0 1 (refcount 48739) Hash OK Interface Address Packets 1 Y GigabitEthernet0/0/0 195.244.119.164 0 2 Y
GigabitEthernet4/0/0 194.77.146.254 0 3 Y GigabitEthernet0/0/0 195.244.119.164 0 4 Y GigabitEthernet4/0/0 194.77.146.254 0 5 Y
GigabitEthernet4/0/0 194.77.146.254 0 15 Y GigabitEthernet0/0/0 195.244.119.164 0 16 Y GigabitEthernet4/0/0 194.77.146.254 0
show ip eigrp events [<as-num>] [<start-num>] [<end-num>]
privileged exec
IOS
privileged exec
IOS
Show history of events for the EIGRP routing process.

Reference:
show ip eigrp sia-event

Show SIA (stuck in active) events from the event history.
Reference:
show ip eigrp timers [<as-num>]
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
exec
IOS
List of timers associated with a EIGRP routing process.

Reference:
show ip ospf bad-checksum
Reference:
show ip ospf delete-list
Reference:
show ip ospf events

Show history of events for the OSPF routing process.
Reference:
show ip ospf maxage-list
show ip ospf statistic

Show timing statistics about the SPF algorithm.
Reference:
show ip route hash
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
David writes: The only usefulness of this seems to be to identify the larger
hash buckets and hence provide feedback to Cisco if the hash algorithm is
producing a particularly bad distribution into some buckets.Example output:router#show ip route hash nettable: Bucket Majornets
Subnettted Subnets 0 17 1 3 [...] 4095 18 0 0 supernettable: 0 16 [...] 4095 6 Routing table summary: Total
nets: 159234 Total major nets: 67731 Total super nets: 38199
Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
show ip route profile
privileged exec
IOS
See ip route profile.aspen#show ip route profile IP routing table change statistics: Frequency of changes in a 5 second sampling interval
- Change/ Fwd-path Prefix Nexthop Pathcount Prefix interval change add change change
refresh - 0 196 215 433 490 394 1 99 98 34 0 27 2 54 45 10 0 27 3 22 19 5 0 2 4 17 17 1 1 0
5 51 48 2 0 0 10 18 16 4 0 0 15 8 8 0 0 0 20 3 3 2 0 0 25 4 4 0 0 41 30 8 9 0 0 0 [...] 3905 1 1 0 0 0 7030 1 1 0 0 0 10155 0 0 0 0 0 13280 0
0 0 0 0 Overflow 5 5 0 0 0
Reference: CSCdi76662
show ip spd
config
IOS
Shows SPD mode, current and max size of IP process level input queue, and
status of external (SSE) SPD. SPD mode will be one of disabled, normal,
random drop, or full drop. The priority queue is where high-precedence
packets go.labR4#show ip spd Current mode: normal. Queue min/max thresholds: 73/74, Headroom: 100, Extended Headroom: 10 IP
normal queue: 0, priority queue: 0. SPD special drop mode: none
Reference: Cisco ISP Esssentials
show isdn memory detail
exec
IOS
exec
IOS
Shows additional memory information.

Reference:
show isdn service [<dsl> | <interface-name>] detail

Shows additional table named Source of Service state and outputs
the free channel mask (also shown by show isdn status).
Reference: Josh Duffek <jduffek@cisco.com> on cisco-nas, <026e01c189a1$b8229a60$4d721eac@cisco.com>
show isdn status detail
exec
IOS
privileged exec
IOS
Shows additional status information, i.e. call reference id.

Reference:
show isis private
ctalkb#sh isis private ISIS: FastPSNP cache (hits/misses): 0/4002 ISIS: LSPIX validations (full/skipped): 216271/490412 ISIS: LSP HT=0
checksum errors received: 0
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show isis timers
privileged exec
IOS
Useful in that it provides a brief overview of execution flow in the IS-IS
process. Shows you the frequency of things like L1/L2 hello etc.ctalkb#sh isis timers Hello Process Expiration Type | 0.856 (Parent) | 0.856
L2 Hello (Ethernet3/0) | 6.352 L1 Hello (Ethernet3/0) | 6.940 Adjacency Update Process Expiration Type | 1.060 (Parent) | 1.060 Ager |
1.352 L2 CSNP (Ethernet3/0) | 8.616 L1 CSNP (Ethernet3/0) | 3:25.860 (Parent) | 3:25.860 LSP refresh | 9:02.160 LSP lifetime | 9:24.568
LSP lifetime | 17:16.084 LSP lifetime | 20:58.536 Dynamic Hostname cleanup
show isis tree
privileged exec
IOS
Shows path and depth taken to get to other level 1/2 intermediate systems.ctalkb#sh isis tree IS-IS Level-2 AVL Tree Current node =
X.X.X.00-00, depth = 0, bal = 0 Go down left Current node = X.X.Y.00-00, depth = 1, bal = 0 > Hit node X.X.Y.00-00 Back up to
X.X.X.00-00 Current node = X.X.X.00-00, depth = 0, bal = 0 > Hit node X.X.X.00-00 Go down right Current node = X.X.X.02-00, depth =
1, bal = 0 > Hit node X.X.X.02-00 Back up to X.X.X.00-00
show list [none]
privileged exec
IOS
ctalkb#show list List Manager: 1415 lists known, 1561 lists created ID Address Size/Max Name 1 613EE970 11/- Region List 2 613EEE98
1/- Processor 3 613EFDE8 1/- I/O 4 613F0D38 1/- I/O-2 5 6149EDD0 0/- Sched Critical 6 6149ED90 0/- Sched High 7 6149EB00 0/Sched Normal ctalkb#show list none List Manager: 1415 lists known, 1561 lists created ID Address Size/Max Name 1 613EE970 11/Region List 2 613EEE98 1/- Processor 3 613EFDE8 1/- I/O 4 613F0D38 1/- I/O-2 9 6149ED10 82/- Sched Idle 11 61499A50 8/- Sched
Normal (Old) 12 6149CC10 1/- Sched Low (Old)
show mbuf
Catalyst 5000: The main issue to observe with this command is whether the
switch is being starved for memory. Within the display, clusters is the
number of buffers that are available for NMP to process incoming packets,
which include any broadcast/multicast, management traffic. clfree is the
privileged exec
XID/CatOS
number of buffers that are available for the NMP at any given time. If this
is zero then this means that NMP has no buffers to process any incoming
frames. lowest clfree determines the lowest watermark that NMP has hit at
any time. If this value is zero but clfree is nonzero, then this means that
at one instance NMP ran out of buffers. This can be because of a broadcast
of a multicast storm in the management VLAN.
Reference:
show memory big
privileged exec
IOS
R1#show memory big Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 148364 15428764 4550340 10878424 10832564
10875604 25 largest free blocks in the system (biggest to lowest) 10875604, 1424, 644, 500, 108, 36, 28, 28, 28, 24, 5897388, 52466600,
5743730, 0, 0, 0, 1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446. Count of firstfit: 7, bestfit: 2215118, maxout1: 0
maxout2: 0 I/O 4000000 2097152 398396 1698756 1641680 1698588 25 largest free blocks in the system (biggest to lowest) 1698588, 84,
84, 0, 0, 0, 0, 0, 0, 0, 5897388, 52466600, 5743730, 0, 0, 0, 1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446. Count of
firstfit: 0, bestfit: 366, maxout1: 0 maxout2: 0
show mls nfde
privileged exec
XID/CatOS
NDE related info: NDE enable : TRUE Current Export Version : 7 IP address : 192.168.212.65 UDP port: 9996 Flows in nde buffer : 0 Nde
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
flow limit : 27 Flow sequence : 26695012 Unused flows : 3591516 Non Ip Sc : 0 Filter mismatch : 0 Packets sent : 0 Flows dropped at
swover: 109788930Comment by Francois on the output above:This command allows to debug NetFlow data export on Catalyst 6000.
Flows in
nde buffer should grow until a threshold and then get flushed to the
collector (Packets sent). In this particular case, the Catatyst 6000
series switch is hit by a bug which renders flow exports impossible and so
the counter keeps rising.
show mls status
exec
Cat 6000 Native IOS
privileged exec
IOS (Cat 2948G-L3, 4908G-
Show multilayer switching status.

Reference: New product training Catalyst 6000
show mmc np5400 [config|flows|get|indications|ports|queue|registers|stat|send]

[...]
L3)
Reference:
show mpls interfaces internal all
privileged exec
IOS
privileged exec
IOS (Cat 6k hybrid)
Displays detailed information about all of the MPLS interfaces in the

router. If the used IOS image supports the MPLS Egress NetFlow Accounting
Feature then the output shows if MPLS Egress NetFlow Accounting is enabled
on the interface.
Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
show msfc
On a MSFC1:TORUMSFC1# show msfc Network IO Interrupt Throttling: throttle count=1149, timer count=1149 active=0, configured=1
netint usec=4000, netint mask usec=400 Interrupt Registers: Revision: 1, Slot 1 Control : 0x1C Enable : 0x3F Status : 00 RSFC CPU
IDPROM: IDPROM image: (FRU is MSFC Cat6k daughterboard) IDPROM image block #0: hexadecimal contents of block: 00: AB AB 01
90 12 98 01 00 00 02 60 03 00 CF 43 69 .Ci 10: 73 63 6F 20 53 79 73 74 65 6D 73 00 00 00 00 00 sco Systems.. 20: 00 00 57
53 2D 46 36 4B 2D 4D 53 46 43 00 00 00 ..WS-F6K-MSFC [...]
Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
show msfc
privileged exec
CatOS (Cat 6k hybrid)
privileged exec
IOS (Cat 6k hybrid)
TORUSW6509 (enable) show msfc MSFC Auto port state: enabled

show msfc nvram
Dumps the ROMMON NVRAM portion on a MSFC1.TORUMSFC1# show msfc nvram 000: AA 55 01 00 02 DF EF F5 78 77 FB BF 00 00
00 00 .Uxw 010: 00 00 00 00 01 02 FE FD FE ED FA CE 00 00 00 00 . [...]
show parser modes
privileged exec
IOS
ctalkb#show parser modes Parser modes: Name Prompt Top Alias Privilege exec 0x60EFB294TRUE TRUE configure config
0x60EFABACTRUE TRUE interface config-if 0x60EF7AECTRUE TRUE subinterface config-subif 0x60EF7AECTRUE FALSE null-interface
config-if 0x60EFB368TRUE TRUE line config-line 0x60EF3F84TRUE TRUE
show parser unresolved
privileged exec
IOS
privileged exec
CatOS (Cat 6k hybrid)
show polaris fibmgr usage
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ctalkb#sh parser un Unresolved parse chains: 40 40 198 198 322
Displays some useful about the FIB TCAM and the adjacency table when
using the PFC2.Example output:[...] Total FIB entries: 262144 Allocated FIB entries: 13894 Free FIB entries: 248250 FIB entries used for
IP ucast: 13853 FIB entries used for IPX : 1 FIB entries used for IP mcast: 40 Total adjacencies: 262144 Allocated adjacencies: 1365 Free
adjacencies: 260779 Adjacencies used for IP ucast (FIB) : 288 Adjacencies used for IPX (FIB) : 3 Adjacencies used for IP mcast (FIB) : 36
Adjacencies used for IP mcast (Netflow) : 0 Adjacencies used for Policy Routing : 1023 Adjacencies used for Feature Manager (Netflow): 0
Adjacencies used for Local Director : 0 Adjacencies used for Diagnostics : 5 Adjacencies used for FTEP : 10 [...]
show region
privileged exec
IOS
Displays how the memory is partitioned into different regions.From a cisco 7140:maple#show region Region Manager: Start End Size(b)
Class Media Name 0x0B800000 0x0BFFFFFF 8388608 Iomem R/W iomem2 020000000 0x23FFFFFF 67108864 Iomem R/W iomem
0x5B800000 0x5BFFFFFF 8388608 Iomem R/W iomem2:(iomem2_cwt) 060000000 0x6B7FFFFF 192937984 Local R/W main
060008950 0x612D4D8C 19711037 IText R/O main:text 0x612D6000 0x6137A3BF 672704 IData R/W main:data 0x6137A3C0
0x6155A57F 1966528 IBss R/W main:bss 0x6155A580 0x6B7FFFFF 170547840 Local R/W main:heap 070000000 0x73FFFFFF
67108864 Iomem R/W iomem:(iomem_cwt) 080000000 0x8B7FFFFF 192937984 Local R/W main:(main_k0) 0xA0000000 0xAB7FFFFF
192937984 Local R/W main:(main_k1)
Reference: Inside Cisco IOS Software Architectures
show region address <address>
privileged exec
IOS
Show to which region a certain address belongs.From a cisco 7140:maple#show region address 0x6137A3BF Address 0x6137A3BF is
located physically in : Name : data Class : IData Media : R/W Start : 0x612D6000 End : 0x6137A3BF Size : 0x000A43C0
Reference: Inside Cisco IOS Software Architectures
show slip
exec
IOS
alder#show slip Async protocol statistics: Int Local Remote Qd InPack OutPac Inerr Drops MTU 97 10.0.0.1 None 0 17593 368518 0 1071
1500 98 10.0.0.1 None 0 19774 384754 0 1995 1500 [...] 113 10.0.0.1 None 0 19107 362360 0 817 1500 114 10.0.0.1 None 0 19438
428691 0 1424 1500 Rcvd: 341389 packets, 7115582 bytes 0 format errors, 139791 checksum errors, 0 overrun Sent: 6920660 packets,
640291923 bytes, 31864 dropped
Reference:
show snmp chassis
privileged exec
IOS
privileged exec
IOS
Display SNMP chassis id.

Reference:
show snmp community
Shows a list of communities that IOS knows about.oak#show snmp community ILMI ILMI volatile active public public volatile active
Reference:
show snmp host
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
privileged exec
IOS
exec
IOS
exec
Cat 6000 Native IOS
Show list of host receiving traps.

Reference:
show snmp location

Show snmp location.
Reference:
Show list of implemented MIBs.

Reference:
show snmp newcom
Reference:
show snmp notify
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show snmp mib
router#show snmp notify snmpNotifyName : trap tag: trap type: trap nonvolatile
Reference:
show sum
Show current stored image checksum.
Reference:
show sum
router>show sum New checksum of 0xEDE08607 matched original checksum
Reference:
show tcam
cosmos#show tcam ? and-or and-or keyword capability-map capability-map keyword detail detail keyword dynamic-entries dynamic entries
keyword first first keyword [further arguments required] label label keyword [further arguments required] lou lou keyword redirects redirect
indices keyword region region keyword start start keyword statistics statistics keyword type type keyword [further arguments required] vlan
vlan keyword [further arguments required] window window keyword [further arguments required]Some of these keywords must or can have
further arguments.
snmp-server priority {low | normal | high}
config
IOS
Global configuration command can be used to change the priority of SNMP

processes. To avoid extensive polling, the priority should be set to low
. All SNMP queries sent to a router are prioritized as either low or medium
priority, depending on the version of code run by the route processor. This
means that processes with a higher priority than the SNMP process will be
serviced before SNMP. So, regardless of SNMP polling intensity, routing
processes will generally be processed before SNMP requests because route
processes are high priority.
Reference:
spd headroom <n>
config
IOS
config-if
Cat 6000 Native IOS
privileged exec
IOS
Default value is 100. Specifies how many high-precedence packets we will

enqueue over the normal input hold queue limit. This is to reserve room for
incoming high precedence packets. Is ip spd headroom in 11.1CC.
Reference: Cisco ISP Esssentials, CSCdk31898
tcam priority high|low|medium

If TCAM is full, interfaces with a higher priority will be prefered when
test aaa group radius <username> <password>
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
loading access-lists etc. into the TCAM.
Send a test authentication request.alder#test aaa group radius test test Attempting authentication test to server-group radius using radius
User authentication request was rejected by server. alder#test aaa group radius mon mon Attempting authentication test to server-group
radius using radius User was successfully authenticated.Sends the following RADIUS attributes:Wed Aug 1 21:00:19 2001 NAS-IPAddress = 194.221.19.47 NAS-Port-Type = Async User-Name = mon Timestamp = 996692419
Reference:
test aim eeprom slot <n>
privileged exec
IOS
cisco#test aim eeprom slot 1 AIM Slot [1]: Use NMC93C46 ID EEPROM [y]: AIM Slot 1 eeprom (? for help)[?]: ? d dump eeprom contents
e erase all locations (to 1) p primitive access q exit eeprom test z zero eeprom c rules of radix type-in and display apply. AIM Slot
1 eeprom (? for help)[?]: d Slot 1, 000: FF FF FF FF FF FF FF FF Slot 1, 008: FF FF FF FF FF FF FF FF Slot 1, 010: FF FF FF FF FF
FF FF FF Slot 1, 018: FF FF FF FF FF FF FF FF Slot 1, 020: FF FF FF FF FF FF FF FF Slot 1, 028: FF FF FF FF FF FF FF FF Slot 1,
030: FF FF FF FF FF FF FF FF Slot 1, 038: FF FF FF FF FF FF FF FF Slot 1, 040: FF FF FF FF FF FF FF FF Slot 1, 048: FF FF FF
FF FF FF FF FF Slot 1, 050: FF FF FF FF FF FF FF FF Slot 1, 058: FF FF FF FF FF FF FF FF Slot 1, 060: FF FF FF FF FF FF FF FF
Slot 1, 068: FF FF FF FF FF FF FF FF Slot 1, 070: FF FF FF FF FF FF FF FF Slot 1, 078: FF FF FF FF FF FF FF FF
Reference: Contributed by Damjan Marion <Damjan.Marion@iskon.hr>
test crash
privileged exec
IOS
privileged exec
GSR IOS
Trigger all kinds of crashes. Test crashinfo functionality. Test RSP

failover.
Reference:
test mbus power <slot> on|off

Turn power of GSR linecard on or off.
Reference:
test ppp echotimeout <interface-name>
privileged exec
IOS
privileged exec
IOS
Test PPP LCP echo timeout. Seems to simulate a PPP LCP echo timeout on the
router where this command is issued. After this command line protocol
changes to down, PPP parameteres are renegotiated and the line comes
up again.
Reference:
test transmit
ctalkb#test transmit interface: Ethernet3/0 total frame size [100]: 1) To this interface 2) To another interface 9) Ask for everything Choice: 2
Encapsulation Type: 1) Ethertype 2) SAP 3) SNAP 4) SNAP (Cisco OUI) 5) SNAP (EtherV2 OUI) 6) Novell 802.3 Choice: 1 Protocol type:
1) IP 2) XNS 3) IPX 9) Ask for everything Choice: 1
tracy_close <module> <port>
exec
XID/CatOS with WS-X6608T1 or WS-X6608-E1
exec
XID/CatOS with WS-X6608T1 or WS-X6608-E1
config-if
IOS
privileged exec
Cisco 7200/7500, IOS
Stops the tracing output started with tracy_start. See tracy_start.

Reference: From Heinz Ulms web site, originally from Martin Gagnon, Canada
tracy_start <module> <port>
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Displays tracing information useful for debugging the Cisco 6608 Gateway.
The output is identical to the one produced by the Dick Tracy debugging tool
from Cisco.
Reference: From Heinz Ulms web site, originally from Martin Gagnon, Canada
traffic-shape fecn-create
This hidden command enables setting the FECN bit in
all outgoing packets that have been delayed due to traffic

shaping.Requirements: GTS must be enabled and the interface has
to be set to frame-relay encapsulation.
Reference:
ttcp
Start a TCP data server/receiver for TCP performance testing between two
Cisco 7500 router:Router#ttcp transmit or receive [receive]: transmit Target IP address: 1.1.1.1 perform tcp half close [n]: send buflen
[8192]: send nbuf [2048]: bufalign [16384]: bufoffset [0]: port [5001]: sinkmode [y]: buffering on writes [y]: show tcp information at end [n]:
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp -> 1.1.1.1 %Connect failed: Destination unreachable; gateway or host down
Router#ttcp transmit or receive [receive]: perform tcp half close [n]: receive buflen [8192]: bufalign [16384]: bufoffset [0]: port [5001]:
sinkmode [y]: rcvwndsize [4128]: delayed ACK [y]: show tcp information at end [n]: ttcp-r: buflen=8192, align=16384/0, port=5001
rcvwndsize=4128, delayedack=yes tcpFrom the Open Forum:Question: When using the Cisco hidden command ttcp (to generate traffic),
what do the following values for this command mean:
perform tcp half close [n] send bufflen [8192]: send nbuf [2048] bufalign [16384]: bufoffset [0]: port [5001]: sinkmode [y]: show tcp
information at end [n]:Answer:
Half close is regarding the tcp syn-ack; send bufflen is the size of the
packet to be sent; send nbuf is the number of packets sent; bufalign is
create a matrix of sent data in either a linear or non-linear model of

testing throughput and pattern analysis; setoffset is the offset of created
data in the packet; port is the tcp/udp port the data is sent on, and
sinkmode tells the device to ignore other network traffic or not.
Reference:
tx-queue-limit
config-if
IOS
config
IOS
config
IOS
Hidden command which seems to be an alias for the documented

tx-ring-limit command.
Reference: CSCdk17210
virtual-template <template-num> pre-clone <num>

Pre-clone specified number of Virtual-Access interfaces. Hidden in 12.1
mainline. Visible in 12.1T.Where <template-num> is the vtemplate number and <num> is
the number of sessions you wish to pre-clone. Please note that with l2tp
[by default], if you choose to pre-clone you are limited to the number of
sessions you pre-cloned. i.e. if you pre-clone 1000 sessions, you cannot
set up more then 1000 sessions for the given virtual-template.
vpdn ip udp ignore checksum
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Reference:
This command tells the router to ignore the checksum on UDP packets used
by L2TP/L2F and can be used to temporarily reduce CPU load.This probably is per the suggestion in RFC 2661, section 8.1: The default
for any L2TP implementation is that UDP checksums MUST be enabled for both
control and data messages. An L2TP implementation MAY provide an option to
disable UDP checksums for data messages. It is recommended that UDP
checksums always be enabled on control packets.And Dennis Peng from Cisco added the following note (on cisco-nas):
Verification of the UDP checksum forces
us into the process switching path which will result in increased CPU
usage. By default, Cisco LACs will not set the UDP checksum, so in a
Cisco to Cisco environment, you dont need this command. But other
vendors may set the UDP checksum, so in a multi-vendor environment, it
is probably a good idea to include it. One big vendor which sets the
UDP checksum is Microsoft, their L2TP client does this.
Reference: Contributed by Ash Garg <Ash@telstra.net>
vpdn {l2f|l2tp} session table-size <size>

This command sets the number of buckets on the hash table used for looking
up multiplex IDs (session IDs in L2TP speak; both use a 16-bit namespace)
and so finding the session control data structures. Each tunnel has its own
MID lookup table. <size> can range from 16 to 2048 but cannot be greater
config
IOS
than the number L2F/L2TP interfaces available (which is platform dependent).

The default number of buckets is platform dependent. If <size> is not a
power of two it is rounded down to the next power of two.Some performance might be gained by increasing the hash table size and so
reducing the number of collisions at the expense of increased memory usage.
Reference: Credits: Ash Garg <Ash@telstra.net>, Dennis Peng <dpeng@cisco.com>
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
***********************[A]*************************
aaa accounting delay-start
[12.1] [hidden] global configuration command aaa accounting delay-start delays creation of the
PPP Network start record until the peer IP address is known.
aaa authorization address-authorization-exec
[12.1] [hidden] configuration command forces address authorzation for PPP when started from
an exec.
aaa group server {radius | tacacs+} server-group-name server (ip-address-1) [auth-port
(port-number)] [acct-port (port-number)] server (ip-address-2) [auth-port (port-number)]
[acct-port port-number] deadtime (minutes) pick-method [next | load-balanced | roundrobin]
[hidden] Pick-method server-group configuration command used to specify an alternate method
of selecting servers when one is not responding. As of 12.0(3)T the load-balanced and roundrobin alternatives may be specified butmay not be implemented. The load-balanced keyword
indicates that the initial host is selected load-balanced. The round-robin keyword indicates that
the initial host is selected in a round-robin method with all servers being retried before starting
from the beginning of the list of servers. The next keyword indicates that the list of servers is
stepped through sequentially with each request always starting with the first server in the list.
This last option is the default method of operation.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
aaa nas port description text

[hidden] global configuration command causes the specified text to appear in TACACS+
accounting records with the attribute nas-description and the value of the text specified in the
command. This command is useful during debugging allowing one to specify information about
the environment or configuration in which the accounting record was generated.
access-list number remark (comment)
and
ip access-list extended name remark (comment)
[12.1] Option to add comments about the access list. This keyword is documented under Bug
Id CSCdk14543.
atm allow-max-vci
Interface command, will allow the cisco 7000 use VCI's above 1023.
***********************[B]*************************
bgp common-administration
bgp dynamic-med-interval
bgp process-dpa
***********************[C]*************************
carrier delay (value)
[12.1] Modifies the carrier delay time. A value of 0 disables the carrier delay.
clear ip eigrp [as] event

Clear IP-EIGRP event logs.
clear ip eigrp [as] logging
Stop IP-EIGRP event logging.
clear profile
Clears CPU profiling.
clear startup-config
Same as erase startup-config
clear vtemplate
Resets the virtual templates.
config overwrite
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
clockrate {1200 | [...]| 2015232 }

There is an anomaly between what is documented, what is displayed and what is entered for this
command. The documentation indicates the command is clock rate and this is what IOS shows
as the valid command in configuration mode. However, a configuration display shows the
command as clockrate as this is how is saved in nvram. In addition, older rom monitors do not
understand the newer clock rate command which would cause problems. What actually happens
here is that clockrate is implemented as a hidden command and is not completed by pressing tab
and nor is there any help generated for it. But both clockrate and clock rate are accepted and
there should be no problem in cutting and pasting the configurations.
copy core
Does a full core dump, as write core but with more options.
csim start (number)
Emulates a voice call.
***********************[D]*************************
debug buffer
Additional buffer debugging.
debug crypto isakmp detail
Crypto ISAKMP internals debugging.
debug crypto isakmp packet
Crypto ISAKMP packet debugging.
debug dialer detailed
debug ip ospf monitor
Debug command which show opsf database sync
debug ip packet ... dump

Outputs a hex and ASCII dump of the packet's contents.
debug ipx private
debug isdn code
debug oir
Debug online insertion and removal
debug parser mode
debug sanity
debug subsys
Debug discrete subsystems.
dialer mult-map-same-name
Useful if you have dialup clients using the same chap/pap username.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
dhcp-server import all

Take all DHCP client info from the "ip address dhcp" client and assume that info for our DHCP
server.
debug snmp {bag | dll | io | mib { all | by-mib-name } | packets | sysdb | timers}
***********************[E]*************************
exception-slave dump X.X.X.X
exception-slave protocol tftp
exception-slave corefile
execption memory fragment (amount)
Will reload router when no more fragment mem is available. DOCUMENTED:in Version
12.1(2)E
***********************[F]*************************
***********************[G]*************************
gdb kernel
gdb examine pid
gdb debug pid
(Cisco's comment: gdb commands are for debugging, only useful to cisco engineers who have a
symbol table for the IOS image in question).
***********************[H]*************************
hangup
Alias for "quit"
***********************[I]*************************
ip cef accounting per-prefix non-recursive prefix-length
if-con (slot number)
Attach to a vip console.
if-quit
Gets out of if-con mode.
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ip forwarding accounting prefix-length

ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval

ip forwarding traffic-statistics update-rate
[no] ip gratuitous-arps
This disables unsolicited ARP replies that are useful to signal to a second (redundant) router on
the same LAN segment that a remote gateway is present or has changed.
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
Legacy form of ip local pool, for backwards compatability
ip ospf interface-retry (x)
Retry for ospf process
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
ip tftp boot-interface
ip tmstats bin [internal | external]
When ip cef accounting non-recursive is configured
isdn network
Tell a router to be the "master" on T1-CCS link using isdn switch-type primary-ni
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
ipx flooding-unthrottled
[12.1] Global configuratiom command, specifies that NLSP flooding should be unthrottled.
ipx netbios-socket-input-checks
[12.1] Global configuration command limits the input of non-type 20 netbios broadcast packets.
ipx potential-pseudonode
[12.1] Global configuration command specifies to keep backup route and service data for NLSP
potential pseudocode.
ipx saps follow-route-paths
[12.1] An undocumented global configuration command. See Bug Id CSCdm12190
ipx server-split-horizon-on-server-paths
[12.1] Global configuratiom command specifies that split horizon SAP occurs on server, not
route, paths. This command is documented in Bug Id CSCdm12190
ipx update interval {rip | sap} {seconds | passive | changes-only}
[12.1] The undocumented passive keyword specifies to listen but does not send normal periodic
SAP updates nor flashes/changes updates. Queries will still be replied to. The update interval is
set to the same interval as changes-only. The passive keyword is documented under Bug
Id CSCdj59918.
isdn {n200 | t200 | t203} (number)
Changes the value of various layer 2 ISDN timer settings. The number parameter is milliseconds
for t200 and t203 and the maximum number of retransmits for the keyword n200. The current
value of ISDN timers can be displayed using the show isdn timers EXEC command.The values
of the timer settings depend on the switch type and typically are used only for homologation
purposes. The typical value for t200 is 1 second, for t203 is 10 seconds and for n200 is 3
retransmits.
***********************[J]*************************
***********************[K]*************************
***********************[L]*************************
llc attach [interface]
llc close aaaa
llc offset aaaa
llc open [interface]
llc send aaaa
loopback diag
loopback dec
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
logging event {link-status | subif-link-status}

The no form of the undocumented logging event link-status interface commmand is used to turn
off sending up, down and change messages for an interface to the syslog. This is very useful on
live systems since these systems generate so many of these messages that other important
messages are often hard to see. This is a companion command to the documented command no
snmp trap link-status which prevents sending the associated snmp trap.
loopback test
loopback micro-linear
loopback motorola
***********************[M]*************************
memory scan
Parity check for 7500 RSP's.
modem log {cts | dcd | dsr | dtr | ri | rs232 | rts | tst}
[12.1] Configuration command is used to specify which rs232 log events are to be saved for
display by the show modem log command. When performing log analysis, various RS232
events fill the log within seconds rendering it useless for analysis (see Bug Id CSCdk86001).
This command helps to filter out unwanted entries in the log.
modem-mgmt csm debug-rbs
[12.1] Turns on debugging for Channelized T1 links in the AS5x00 series, providing info about
ABCD bits in phone call supervision. Documented, here. Debug cas replaced this 'broken'
command. INTERNAL privileged EXEC command enables robbed bit signaling debugging
within CSM. Issuing the command once turns on rbs debugging. Issuing the command a second
time turns on special rbs debugging. Issuing the command using the no-debug-rbskeyword
turns off all degugging. This command is useful in looking at modem pooling and channelized
T1s. To make this command available, the service internal global configuration command must
be issued first.
multilink bundle-name {authenticated | both | endpoint}
[12.1] This undocumented global configuration command selects the method for naming
multilink bundles. Authenticated specifies using the peer's authenticated
name, endpoint specifies using the peer's endpoint discriminator andboth specifies using both
the peer's authenticated name and endpoint discriminator.
***********************[N]*************************
[no] environment-monitor
Disable environment monitoring.
[no] service auto-reset

On linecards
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
[no] ppp chap ignoreous

For router with same hostname
***********************[O]*************************
***********************[P]*************************
ppp direction {callin | callout | dedicated}
[12.1] Identifies the direction of ppp activity. PPP attempts to determine if a call is callin or a
callout or a dedicated line. This is how it detects spoofed CHAP challenges. When an async
interface is added to a dialer interface, ppp cannot detect the difference between a dedicated line
and a callin. So it assumes that it is a callin. Adding the ppp direction dedicated overcomes
this.
ppp ipcp accept-address
Interface command specifies that IOS is to revert to the previous operation regarding the
acceptance of ip addresses from users. When enabled, the peer IP address will be accepted but is
still subject to AAA verification, it will have precedence over any local address pool however.
In IOS releases after 11.0(11), PPP IPCP negotiation was changed to accepts a remote peer's
"Her" proposed address regardless, and the "Her" address is subsequently added to the IP
routing table as a host route. With IOS Releases later than 11.0(11) the software checks the
"Her" address against the corresponding dialer map and if the address is different than the IP
address detailed within the dialer map, a NAK will be sent and the dialer map IP address will be
added as a host route in the IP routing table.
ppp ipcp ignore-map
ppp lcp fast-start

[12.1] Interface configuration command specifies to ignore the carrier timer and start PPP when
an LCP packet arrives.
ppp restart-timer (msec)
Interface configuration command modifies the default value (2 seconds) for the restart timer.
The translate command also has a similar keyword, restart.
ppp timeout absolute (sec)
Determines how long PPP link can be up [default is infinity, configurable as 0] used under
virtual-template interfaces.
ppp timeout idle (sec) [inbound | either]
Determines how long PPP can wait until bringing the link down if there is no traffic. Default is
infinity, configurable as 0. Used under virtual-template interfaces.
profile (start) (stop) (granularity)
***********************[Q]*************************
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
***********************[R]*************************
radius-server attribute 44 on-for-access-req
Global configuration command sends attribute 44 in all access request packets. The command
may be present in IOS 11.3(9+)AA (reference BugID CSCdk74429). This command is replaced
by the radius-server attribute 44 include-in-access-req command.
radius-server attribute 6 on-for-login-auth
Global configuration command sends attribute 6 in all authentication packets (e.g., access
requests). This command may be present in IOS 11.3(9+)T and 12.0(3+)T (reference
BugID CSCdk81561).
radius-server attribute 6 support-multiple
Global configuration command specifies that IOS is to support multiple Service-Type values per
Radius profile in violation of the RFC for Radius. This command was added in IOS 12.1(2.3)T2
and 12.1(3.3)T (reference BugIDCSCdr60306).
radius-server authorization default framed-protocol ppp
Used to specify the default framed-protocol as PPP when this RADIUS attribute is missing.
radius-server authorization permit missing service-type
Global command is used to specify that a RADIUS entry without service-type information is
permitted. It is used when RADIUS is being used as a database without regard to service-type.
radius-server attribute nas-port extended
Command is replaced by the radius-server attribute nas-port format b command in some releases
of IOS. For this reason it may be hidden in the IOS configuration mode but documented. In
these versions of IOS, the command will be accepted but ignored.
radius-server challenge-noecho
[12.1] global configuration command specifies that data echoing to the screen is disabled during
Access-Challenge.
radius-server directed-request [restricted] [right-to-left]
Right-to-left keyword, which first appeared in IOS 12/0(7)T, enables right-to-left parsing of the
user information (reference Bugid CSCdm77820).
radius-server extended-portnames
Global configuration command, which displays expanded interface information in the NASPort-Type attribute, has been replaced by the radius-server attribute nas-port extended
command. This command configures RADIUS to expand the size of the NAS-Port attribute
field to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the
controlling interface; the lower 16 bits indicate the interface undergoing authentication. This
command first appeared in IOS Release 11.1. It has been hidden in IOS 11.3+ and IOS 12.0+
since the command has been replaced (reference Bugid CSCdj06817).
radius-server ipc-limit done limit
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
radius-server host {hostname | ip-address} [auth-port (port-number)] [acct-port (portnumber)] [timeout (seconds)] [retransmit (retries)] [key string] [ignore-acctauthenticator]
The ignore-acct-authenticator keyword specifies to ignore accounting authenticator errors and
warn only (11.3(+)AA).
radius-server retry method round-robin

Global configuration command is used to specify an alternate method of selecting servers when
one is not responding. As of 12.0(3)T alternates may not be defined and the round-robin
alternative may not be implemented.
radius-server secret (string)
Global configuration command is used to specify the key shared with the RADIUS server. This
command is hidden because it has been replaced with the radius-server key command
(reference BugID CSCdi44081). This command first appeared in IOS Release 11.1.
radius-server unique-ident value
Global configuration command is used to set high order bits for the accounting identifier. The
identifier field is a one octet field included in all RADIUS accounting packets which aids in
matching requests and replies.
***********************[S]*************************
scheduler max-task-time 200
Last value in milliseconds.
scheduler heapcheck process
scheduler heapcheck poll
scheduler run-degraded
service internal
Allows additional debugs that are not normally available.
service slave-coredump
service log backtrace
Provides traceback with every logging instance.
set destination-preference
show alignment
show asp
show async bootp
No extended data will be sent in BOOTP responses.
show caller
show chunk [summary]
show counters [slot/port]
show compress hardware
show controller vip (slotno) log
show controller vip (slotno) tech
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show idb
show interface status
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show bridge group verbose

Shows additional information on each port that the bridge group is enabled.
show interface switching

show interface (int) stat
show interfaces switching
show interfaces (int) switching
Shows switching path information for the interface
show ip cef internal
show ip eigrp event [as] [start# end#]
show ip eigrp sia-event [as] [start# end#]
show ip eigrp timers [as]
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf events
show ip ospf statistics

show ipx backup [network]
show ipx cache cbus
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show ip ospf maxage-list
show ipx cache hash

show ipx eigrp event [event-number]
show ipx eigrp sia-event
show ipx private cache-history aaa
show ipx urd [0-fffffffe]
show isdn {active | history | memory | services | status [dsl | serial number] | timers}
active: Displays current call information, including called number, the time until the call is
disconnected, AOC charging units used during the call, and whether the AOC information is
provided during calls or at end of calls. history: Displays historic and current call information,
including the called number, the time until the call is disconnected, AOC charging time units
used during the call, and whether the AOC information is provided during calls or at the end of
calls. status serial number: Displays the status of a specific ISDN PRI interface created and
configured as a serial interface.
show isis timers

show isis tree
show isis tree level-2
show isis private
show list
show list nonempty
show llc
show media
show media access-lists
show modem mapping
show parity
show parser
show parser modes

show parser unresolved
show proc all-events
Shows all process events
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show parser links
show profile
Shows cpu profiling.
show profile detail
show profile terse
show refuse-message
show region (address)
Shows image layout at given address.
show registry cr | brief | statistics | registry-name
show rsh
show rsh-disable-commands
show rsp
show slip
show smrp private | request |response
show snapshot private
show snmp chassis
show snmp contact
show snmp community
show snmp location
show snmp mib [detailed | dll]
show snmp newcom
show snmp view
show sum
Show current stored image checksum
show timers
Show timers for timer command in config mode.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
show traffic
Shows the current backplane utilization and peak utilization for all three busses.
show queueing interface (interface)
Gives queueing information on a per interface basis
snmp-server priority {low | normal | high}

Global configuration command can be used to change the priority of SNMP processes. To avoid
extensive polling, use the priority should be set to low . All SNMP queries sent to a router are
prioritized as either low or medium priority, depending on the version of code run by the route
processor. This means that processes with a higher priority than the SNMP process will be
serviced before SNMP. So, regardless of SNMP polling intensity, routing processes will
generally be processed before SNMP requests because route processes are "high" priority. You
can view the priorities of each of the router's processes by doing a show process and looking in
the Q column (L == Low, M == Medium, H == High). See Cisco's website for documentation.
This command has no impact on the priority of the snmp trap process.
[no] snmp-server sparse-tables
Get the complete SNMP MIB table. On controller interface you get without this command e.g.
no out bytes counter. With these commands you get every object with SNMP get-next.
[no] sscop quick-poll Suppose to help recover if sscop has problems, global command.
***********************[T]*************************
tclsh
Unverified but very interesting, you can program with loop control, expressions, etc from the
IOS CLI. Prerelease?
telnet timeout
test appletalk
[12.1] The test appletalk command will enter appletalk test mode. The sub-commands available
in this mode are:
arp interface-type (number) at-aarp-addr arp-mac-address

eigrp neighbor-states cablestart-cableend
nbp confirm (net.node) [skt] (object:type@zone)
nbp lookup (object:type@zone)
nbp parmameters max-retrans max-replies (interval)
nbp poll end
test cbus
For old AGS+ and 7000. Lets you prod stuff right into cbus memory. *VERY* dangerous if you
don't know what you're doing.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
test cch323
test crash
Makes the router crash any way you want.
test dhcp [allocate xxx.xxx.xxx.xxx] | [release | renew]
test eigrp (as-number) {ack | neighbor-states ipx-address ipx-mask}

[12.1] As-number id from 1 to 65535, neighbor-states is either 1local (Neighbor states 1),
1successor (Neighbor states 3), 2local (Neighbor states 1 - 2), 2successor (Neighbor states 3 2), 3local (Neighbor states 1 - 0), 4local (Neighbor states 1 - 0 - 2), 5local (Neighbor states 1 - 0
- FC fail - 1), 6local (Neighbor states 1 - 2 - FC fail - 3), and delete (Delete a phoney entry in the
topology table). The keyword ack toggles EIGRP fast acking.
test ifs appn {read | write}{hostname | ip-address}
The test ifs appn command reads or writes an appn file.
test ifs boot boot-command-line
The test ifs boot command parses the bootstrap 'boot' command line.
test ifs defaults
The test ifs defaults command shows the default boot files.
test ifs show hidden The test ifs show hidden command toggles the display of hidden file
systems and files.
test ifs slot slot (url)
The test ifs slot command will produce a core dump of slots on crashes.
test interfaces
test ipc misc
test ipx capacity w x y z
Generated IPX RIP and SAPs. Enterprise feature set (11.2+), where:
w is the number of routes,

x is the start of the network address range,
y is the next-hop network for the generated networks, and
z is the number of SAP's to generate.
test ipx debug [0-ffffffff] [0-ffffffff] [0-ffffffff]

test ipx echo router-address [times-sent] [interval]
Sends 1447 RIP requests for 1-182 random networks; remote end sends echo reply back (ipx
ping works the same way, but it always requests network 00000000)
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
test ipx gns [type] [numb-tries] [timeout] [network-to-send-request-on]

Types: 1-User, 2-User Group, 3-Print Queue, 4-File Server, 5-Job Server, 6-Gateway, 7-Print
Server, 8-Archive Queue, 9-Archive Server, A-Job Queue, B-Administration Object, F-Novell
TI-RPC, FF-Wild, FFFF-Request Response.
test ipx netbios find [name] [numb-tries] [timeout] [network-to-send-request-on]
Sends out un-interpreted packets.
test ipx query [sending-SAP-type] [type] [server-name] [network] [maskf] [numb-tries]
[timeout]
Sending-sap-types: 2-Response (in), 4-Nearest Server type, C-General Name Query, D-General
Name Response, E-Nearest Name Query, F-Nearest Name Response
test ipx ripreq (network)
Sends rip request for network specified.
test ipx watchdog (host-address)
Sends watchdog (IPX Keep-alive) packet to specified host.
test leds
test mbus power (slot) [on | off]
[no]Shut a line card.
test memory
test rsp cache memd-fastswitch uncached
The processor in the router has its own cache. There were bugs in working with this cache. With
this exec-command you can disable the use of this cache. Because this is a exec-command you
have to type it again after a reboot.
test rsp slot [mask/unmask]
Use this command to shut down a VIP from CLI (mask) or return it to service (unmask). Note
that this will also remove the VIP from a "sho diag."
test transmit
test modem back-to-back (first-slot/port) (second-slot/port)
Performs modem testing. Test the transmission of L2 frames.
test vines
Enter VINES test mode. The sub-commands available in this mode are: build [Build
tables], checksum [Checksum test], data [Set data values used in various places], end [Exit
VINES test mode], flush [Flush tables], generate[generate information], send [Send a VINES
packet], set [Send a VINES value], ss [Do Server Service things], st [Send a vines streettalk
packet].
test vpdn
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
test voip scripts

Allow to run self-created IVR (Interactive Voice Response) scripts. Cisco included 7 IVR
scripts in IOS. Self-created scripts must be specially signed. Issuing this command in priviliged
mode before loading self-created script you turn off the signature checking procedure. The only
problem is that the command must be issued every each router reboot. Cisco promises to remove
totally the signature checking procedure in future IOS releases.
timeout absolute (minutes) (seconds)

[12.1] command is available to enforce timeouts on an interface.
trace display
Displays the trace buffer when connected with if-con 0
ttcp
Like the unix ttcp, to generate traffic.
tunnel carry-security
***********************[U]*************************
***********************[V]*************************
vpdn aaa override-server {hostname | ip-address}
[12.1] Global configuration command specifies the name or ip address of a designated AAA
server to be used for VPDN authorization.
***********************[W]*************************
who
Alias for show users
write core
Does a full core dump, reboots router
Filesystem - interesting hidden files

cd system:/vfiles and 'dir' and there are three files available:
tmasinfo
tmstats.ascii
tmstast.binary
tmstats.ascii:
Header - version, address, aggreg, sysuptime, UTC, NTP, duration

Per-prefix entry format - prefix type, dest/mask, sysuptime, pkts in, bytes in, pkts out,
bytes out
Per-tunnel entry format - tunnel type, tunnel id.
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr
Cisco hidden tools: Testing TCP connection

Sometimes you have a connection between 2 routers that you want to test with something more than a
ping. Cisco devices have a hidden command which is actually a very powerful testing tool for your TCP
connection.
The command is ttcp and you will not find it in the the default list of commands of a Cisco device. So,
even if you use help ( ? mark at the router prompt) this command will not be showed to you.
For our testing we will use the same topology as in the previous posts. If you do not have it please
download it here. Since this is a point-to-point TCP connection testing we will not use any fancy
routing protocol or other networking protocols
ir ing
rt. in
pe ra
ex o T
.IP sc
w i
w C
w ee
Fr

Undocumented and Secret Cisco Ios Commands - IPexpert - Ir

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Undocumented and Secret Cisco Ios Commands - IPexpert - Ir

Enviado por

Direitos autorais:

Formatos disponíveis

Cisco

This document collected by Sobhan Sadeghi surfing the web

Certainly this is not a complete list, but I suppose that could be

Be careful and remember that these commands are not documented

[UNDOCUMENTED AND SECRET COSCO IOS COMMANDS]

show caller (IOS)

aaa accounting delay-start (IOS)

show chunk [summary] (IOS)

aaa authorization console (IOS (>= 12.1(10.6)))

show controller switch (Cat 2900XL/3500XL, IOS)

arap logging debug-extensions (IOS)

show epc acl tcam2acl interface <interface> {in|out} (IOS

bgp common-administration (IOS)

show epc ip-address interface <interface> all-entries (IOS

bgp maxas-limit <1 2000> (IOS)

show epc patricia <ingress-interface> ipucast detail (IOS)

bridge-group <bridge-num> saubscriber-loop-control

show idb (IOS)

clear ip eigrp [<as>] events (IOS)

show inband (XID/CatOS)

clear ip eigrp [<as>] logging (IOS)

show interface cable <x>/0 privacy statistic (IOS)

clock source free-running|line primary (IOS)

show interfaces [<interface-name>] stats (IOS)

show interfaces [<interface-name>] switching (IOS)

debug buffer (IOS)

show ip cef [<network> [<netmask>]] internal (IOS)

debug crypto isakmp detail (IOS)

show ip eigrp events [<as-num>] [<start-num>] [<end-num>]

debug crypto isakmp packet (IOS)

show ip eigrp sia-event (IOS)

debug dialer detailed (IOS)

show ip eigrp timers [<as-num>] (IOS)

debug dialer holdq (IOS)

show ip ospf bad-checksum (IOS)

debug ip ospf monitor (IOS)

show ip ospf delete-list (IOS)

show ip ospf events (IOS)

debug isdn q931 l3 (IOS)

show ip ospf maxage-list (IOS)

debug mica {tx|rx} <slot>/<port> (IOS)

show ip ospf statistic (IOS)

debug modem csm (IOS)

show ip route hash (IOS)

debug oir (IOS)

show ip route profile (IOS)

debug parser mode (IOS)

show ip spd (IOS)

debug sanity (IOS)

show isdn memory detail (IOS)

dialer disable-multiencaps (IOS)

show isdn service [<dsl> | <interface-name>] detail (IOS)

dialer mult-map-same-name (IOS)

show isdn status detail (IOS)

eigrp event-log-site <n> (IOS)

show isis private (IOS)

eigrp event-logging (IOS)

show isis timers (IOS)

eigrp kill-everyone (IOS)

show isis tree (IOS)

debug ip packet [detail] [<access-list>] dump (IOS)

eigrp log-event-type [dual] [xmit] [transport] (IOS)

show list [none] (IOS)