![[Search cisco.com]](logo-tagline.gif){kind=logo}
***
[mail
command]
---
[more undoc stuff @
heinzulm.com]
---
[search
google]
---
[search
yahoo]
---
[search
usenet]
---
[phrack
56]
***
[my homepage]
---
[my webcam]
---
[my employer]
---
[my
ripe handle]
***
Index:
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
~specials~
[Cat5/6000] | [router bgp] | [router eigrp] | [router isis] | [Filesystem]
This page is about undocumented cisco IOS commands. I started the project some time ago because I found out that some undocumented commands can save you a lot of time and frustration. I quess this holds true for most network engineers.
Please feel free to forward the list with the header, or the url to a cisco related mailing list or a network engineer. Feedback (see, "mail command" on the left) is not only appreciated, it is the only way this list project can exist! Please send your entry.
--
Groets,
bert boerland
#########################################################
# PROJECT: DOTU (document the undocumented)
#
# started: 2000/2/28 by bert boerland
#
# with the help of lot of people allready, thanks!
#
# for additional commands, please
#
# mailto:dotu@boerland.com, put [DOTU] in subject.
#
# please specify command, global or config, ios, hw
#
# and what the command does.
#
#
http://boerland.com/dotu #
#########################################################
# VERSION: 2001.08.25
#
# Changelog:
#
# 2001.8.25 added many commands. made few cosmetic
#
# changes,
made links to starting letter of #
# command.
we all know now why undocumented #
# stuff
is bad, since the ILMI
bug... :-( #
# found
out that google ranks this site first #
# when
searching for "cisco
ios commands". i #
# dont
think this is the power of this site, #
# but
the weakness of cisco's site ...
#
# also
saw that back in 1995
someone asked for#
# a
list like this one.
#
# 2001.1.6 added *many* commands, thanks to (ex)cisco's #
# please
read disclaimer. i am not responsible #
# if commands
listed here screw up your router #
# new commands
in bold.
#
# unless
staded otherwise, all listed commands #
# are undocumented
commands (in IOS help but #
# not
in documentation). Hidden commands (not #
# in IOS
help nor in documentation) are marked #
# as ...
[Hidden]
#
#
see also follow project at heinzulm.com
#
# 2000.10.2 added commands
#
# 2000.7.30 added *many* commands, thanks to all who
#
# helped
making this list better (even from #
# within
cisco itself!) and phrack #56. Made #
# this
list in HTML and moved it to
#
# http://borland.com/dotu
#
# 2000.5.02 added more commands, keepmcomming!
#
# 2000.3.13 added disclaimer and couple of commands
#
# 2000.2.29 added versionnummering
#
# 2000.2.29 list alpha sorted and 10+ new commands
#
# TODO:
#
# when i master php/mysql and move to another area where#
# they have ADSL so I can host this site at home, put
#
# all commands in database and do some php stuff around #
# it. might even using an engine like drupal.org.
#
#########################################################
# DISCLAIMER:
#
#########################################################
# having undocumented commands in your config or
#
# executing them from the CLI is *not* something you
#
# should do in a 'live' network! commands that are un-
#
# documented can have unpredictable behavior. cisco
#
# Systems nor bert boerland are responsible for the
#
# results of executing/configuring these commands
#
# (stupid disclaimer, but hell, i am not a lawyer :-)
#
#########################################################
# COPYRIGHT:
#
# mhh, who owns documentation of undocumented commands? #
# well, it sure isnt me! so feel free to mirror this
#
# site, forward it to a friendly sysop, or whatever.
#
# i would *like* that you would include a pointer to
#
# the URI of this list being http://boerland.com/dotu
#
# all content on boerland.com/dotu is released under the#
# terms of the GNU Free
Documentation License
#
# Version 1.1 or any later version published by the Free#
# Software Foundation.
#
#########################################################
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
aaa accounting delay-start
[12.1] [hidden] global configuration command aaa accounting delay-start
delays creation of the PPP Network start record until the peer IP
address is known.
aaa authorization address-authorization-exec
[12.1] [hidden] configuration command forces address authorzation for
PPP when started from an exec.
aaa group server {radius | tacacs+} server-group-name
server ip-address-1 [auth-port port-number] [acct-port port-number]
server ip-address-2 [auth-port port-number] [acct-port port-number]
deadtime minutes pick-method [next | load-balanced | round-robin]
[hidden] pick-method server-group configuration command is used to specify
an alternate
method of selecting servers when one is not responding. As of 12.0(3)T
the load-balanced and round-robin alternatives may be specified but
may not be implemented. The Load-balanced keyword indicates that the
initial host is selected load-balanced. The Round-robin keyword
indicates that the initial host is selected in a round-robin method
with all servers being retried before starting from the beginnng of
the list of servers. The Next keyword indicates that the list of
servers is stepped through sequentially with each request always
starting with the first server in the list. This last option is the
default method of operation.
aaa nas port description text
[hidden] global configuration command causes the specified text to
appear in TACACS+ accounting records with the attribute nas-description
and the value of the text specified in the command.
This command is useful during debugging allowing one to specify
information about the environment or configuration in which the
accounting record was generated.
access-list number remark comment
and
ip access-list extended name
remark comment
[12.1]To add comments about the access list. This keyword is documented
under Bug Id CSCdk14543.
atm allow-max-vci
interface command, will allow the cisco 7000 use VCI's above 1023.
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
bgp common-administration
bgp dynamic-med-interval
bgp process-dpa
boot system rom
CONFIG
boot module
CONFIG
bundle-enable command
800-series
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
call-history-mib retain-timer (value)
[global] effects the size of the isdn history table
carrier delay value
[12.1] Modifies the carrier delay time. A value of 0 disables the carrier delay
clear crashdump 1
to cleanup an old crashdump
clear ip eigrp [as] event
Clear IP-EIGRP event logs
clear ip eigrp [as] logging
Stop IP-EIGRP event logging
clear profile
Clears CPU profiling
clear startup-config
same as erase startup-config)
clear vtemplate
reset virtual templates
clock rate { 1200 | [...]| 2015232 }
[hidden] There is an anomaly between what is documented, what is
displayed and what is entered for this command. The documentation
indicates the command is clock rate and this is what IOS shows as
the valid command in configuration mode. However, a configuration
display shows the command as clockrate as this is how is is saved in
nvram. In addition, older rom monitors do not understand the newer
clock rate command which would cause problems. What actually happens
here is that clockrate is implemented as a hidden command and is not
completed by pressing tab and nor is there any help generated for it.
But both clockrate and clock rate are accepted and there should
be no problem in cutting and pasting the configurations.
config overwrite
copy core ?
Does a full core dump, as write core but with more options
csim start <number>
Emulate a voice call
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
debug buffer
Additional buffer debugging
debug buffer failure
Buffer Allocation failures debugging
debug crypto isakmp detail
Crypto ISAKMP internals debugging
debug crypto isakmp packet
Crypto ISAKMP packet debugging
debug dialer detailed
debug dialer holdq
[11.2(12)P] [undocumented/hidden] gives some help on dialing.
debug eigrp neighbor [ sia-timer ]
this will print debug information about the operation of the
sia timers. Generally not very useful (unless you are testing
the timers)
debug eigrp transmit [ sia ]
the will print debug information about SIA packets being
sent. Most of the information found in this debug is part of
the event log.
debug eigrp sia { fast | reply [addr] | query [addr] | siareply [addr] | siaquery [addr] }
This command has been left in to assist testing with creating sia
events and will CAUSE sia events.
fast sia timer will fire in 1ms on next route to go active
query next query from peer will be ignored
reply next reply from peer will be ignored
siaquery next reply from peer will be ignored
siareply next reply from peer will be ignored
debug ip ospf monitor
Debug command which show opsf database sync
debug ip packet ... dump
Outputs a hex & ASCII dump of the packet's contents
debug ipx private
debug isdn code
debug isdn q931 l3
[12.0(13)] will show additional information on ISDN, i.e.
the corresponding call reference number in all ISDN messages.
debug oir
Debug online insertion and removal
debug parser alias
debug parser help
debug parser http
debug parser mode
debug parser privilege
debug sanity
debug subsys
Debug discrete subsystems
dialer mult-map-same-name
useful if you have dialup clients using the same chap/pap username
dhcp-server import all
take all DHCP client info from the "ip address dhcp" client
and assume that info for our DHCP server.
debug snmp {bag | dll | io | mib { all | by-mib-name } | packets |
sysdb | timers}
debug x25 switch
debug x25 encapsulation
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
exception-slave dump X.X.X.X
CONFIG
exception-slave protocol tftp
CONFIG
exception-slave corefile
CONFIG
execption memory fragment <amount>
CONFIG: Will reload router when no more fragment mem is avail
DOCUMENTED: in Version 12.1(2)E
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
gdb kernel
gdb examine pid
gdb debug pid
(ciscos comment: gdb commands are for debugging, only useful to cisco
engineers who have a symbol table for the IOS image in question.)
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
hangup
alias for "quit"
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
ip cache-ager
Needs service internal
ip cef accounting per-prefix non-recursive prefix-length
if-con <n>
Attach to a vip console; if-quit (gets out of if-con mode)
ip address dhcp
On eth[x], for cablemodems?
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ip forwarding accounting prefix-length
ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval
ip forwarding traffic-statistics update-rate
[no] ip gratuitous-arps
This disables unsolicited ARP replies that are useful to signal to
a second (redundant) router on the same LAN segment that a remote
gateway is present or has changed.
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
Legacy form of ip local pool, for backwards compatability
ip ospf interface-retry [x]
Retry for ospf process
ip ospf-name-lookup
ip route profile
This configuration command will turn on IP routing table statistics
collection. Information like number of changes, number of prefix
added etc will be collected.
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
ip tftp boot-interface
CONFIG
ip tmstats bin internal | external
CONFIG, when ip cef accounting non-recursive is configured
isdn network
tell router to be the "master" on T1-CCS link using isdn switch-type
primary-ni
ipx flooding-unthrottled
[12.1] global configuratiom command specifies that NLSP flooding should
be unthrottled.
ipx netbios-socket-input-checks
[12.1] global configuratiom command limits the input of non-type 20
netbios bc packets
ipx potential-pseudonode
[12.1] global configuration command specifies to keep backup route and
service data for NLSP potential pseudocode.
ipx sap follow-route-path
[12.1] An undocumented global configuration command. See Bug Id
SCdm12190 for details.
ipx server-split-horizon-on-server-paths
[12.1] global configuratiom command specifies that split horizon SAP
occurs on server, not route, paths. This command is documented in Bug Id
CSCdm12190.
ipx update interval {rip | sap} {seconds | passive | changes-only}
[12.1] The undocumented passive keyword specifies to listen but does not
send normal periodic SAP updates nor flashes/changes updates. Queries
will still be replied to. The update interval is set to the same
interval as changes-only. The passive keyword is documented under Bug
Id CSCdj59918.
isdn {n200 | t200 | t203} number
[hidden] commands change the value of various layer 2 ISDN timer
settings. The number parameter is milliseconds for t200 and t203 and
the maximum number of retransmits for the keyword n200. The current
value of ISDN timers can be displayed using the show isdn
timers EXEC command.The values of the timer settings depend on the
switch type and typically are used only for homologation purposes.
The typical value for t200 is 1 second, for t203 is 10 seconds and
for n200 is 3 retransmits.
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
llc attach [interface]
llc close aaaa
llc offset aaaa
llc open [interface]
llc send aaaa
logging event {link-status | subif-link-status}
The no form of the undocumented logging event link-status interface
commmand is used to turn off sending up, down and change messages for an
interface to the syslog. This is very useful on live systems since
these systems generate so many of these messages that other important
messages are often hard to see. This is a companion command to the
documented command no snmp trap link-status which prevents sending the
associated snmp trap.
loopback diag
CONFIG
loopback dec
CONFIG: at dec chip
loopback test
CONFIG
loopback micro-linear
CONFIG
loopback motorola
CONFIG
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
memory scan
Parity check for 7500 RSPs
modem log {cts | dcd | dsr | dtr | ri | rs232 | rts | tst}
[12.1] configuration command is used to specify which rs232 log events
are to be saved for display by the show modem log command. When
performing log analysis, various RS232 events fill the log within
seconds rendering it useless for analysis (see Bug Id CSCdk86001).
This command helps to filter out unwanted entries in the log.
modem-mgmt csm debug-rbs
[12.1] turns on debugging for Channelized T1 links in the AS5x00
series, providing info about ABCD bits in phone call supervision.
Documented, here. Debug cas replaced this 'broken' command.
INTERNAL privileged EXEC command enables robbed bit signaling debugging
within CSM. Issuing the command once turns on rbs debugging. Issueing
the command a second time turns on special rbs debugging. Issuing
the command using the no-debug-rbs keyword turns off all degugging.
This command is useful in looking at modem pooling and channelized
T1s. To make this command available, the service internal global
configuration command must be issued first.
multilink bundle-name {authenticated | both | endpoint}
[12.1] This undocumented global configuration command selects the method
for naming multilink bundles. "authenticated" specifies using the
peer's authenticated name, "endpoint" specifies using the peer's
endpoint discriminator and "both" specifies using both the peer's
authenticated name and endpoint discriminator.
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[no] environment-monitor
Disable environment monitoring
[no] ppp chap ignoreous
For router with same hostname
[no] service auto-reset
On linecards
[no] service password-recovery
For the daring people, it can be undone but *please* only specify this if you know what you are doing. and since this is undocumented, you probably don't! :-)
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
ppp direction {callin | callout | dedicated}
[12.1] [hidden] identify the direction of ppp activity. PPP attempts to
determine if a call is callin or a callout or a dedicated line. This is
how it detects spoofed CHAP challenges. When an async interface is
added to a dialer interface, ppp cannot detect the difference between
a dedicated line and a callin. So it assumes that it is a callin.
Adding the ppp direction dedicated overcomes this.
ppp ipcp accept-address
[hidden] interface command specifies that IOS is to revert to the
previous operation regarding the acceptance of ip addresses from
users. When enabled, the peer IP address will be accepted but is still
subject to AAA verification, it will have precedence
over any local address pool however. In IOS releases after 11.0(11),
PPP IPCP negotiation was changed to accepts a remote peer's
"Her" proposed address regardless, and the "Her" address is
subsequently added to the IP routing table as a host route.
With IOS Releases later than 11.0(11) the software checks the
"Her" address against the corresponding dialer map and if the address
is different than the IP address detailed within the dialer map,
a NAK will be sent and the dialer map IP address will be added as
a host route in the IP routing table.
ppp ipcp ignore-map
ppp lcp fast-start
[12.1] interface configuration command specifies to ignore the carrier
timer and start PPP when an LCP packet arrives.
ppp restart-timer msec
[hidden] interface configuration command modifies the default value
(2 seconds) for the restart timer. The translate command also has a
similar keyword, restart.
ppp timeout absolute <sec>
Determines how long PPP link can be up [default is infinity, configurable as 0] used under virtual-template interfaces.
ppp timeout idle <sec> inbound
ppp timeout idle <sec> either
Determines how long PPP can wait until bringing the link down if there
is no traffic. [default is infinity, configurable as 0] used under
virtual-template interfaces.
profile <start> <stop> <granularity>
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
radius-server attribute 44 on-for-access-req
[hiden] global configuration command sends attribute 44 in all access
request packets. The command may be present in IOS 11.3(9+)AA
(reference BugID CSCdk74429). This command is replaced by the
radius-server attribute 44 include-in-access-req command.
radius-server attribute 6 on-for-login-auth
[hidden] global configuration command sends attribute 6 in all
authentication packets (e.g., access requests). This command may be
present in IOS 11.3(9+)T and 12.0(3+)T (reference
BugID CSCdk81561).
radius-server attribute 6 support-multiple
[hidden] global configuration command specifies that IOS is to support
multiple Service-Type values per Radius profile in violation of the
RFC for Radius. This command was added in IOS
12.1(2.3)T2 and 12.1(3.3)T (reference BugID CSCdr60306).
radius-server authorization default framed-protocol ppp
[hidden] used to specify the default framed-protocol as PPP when this
RADIUS attribute is missing.
radius-server authorization permit missing service-type
[hidden] global command is used to specify that a RADIUS entry without
service-type information is permitted. It is used when RADIUS is being
used as a database without regard to service-type.
radius-server attribute nas-port extended
[hidden?] command is replaced by the radius-server attribute nas-port
format b command in some releases of IOS. For this reason it may be
hidden in the IOS configuration mode but documented. In these
versions of IOS, the command will be accepted but ignored.
radius-server challenge-noecho
[12.1] global configuration command specifies that data echoing to the
screen is disabled during Access-Challenge.
radius-server directed-request [restricted] [right-to-left]
[hidden] right-to-left keyword, which first appeared in IOS 12/0(7)T,
enables right-to-left parsing of the user information (reference
Bugid CSCdm77820).
radius-server extended-portnames
[hidden] global configuration command, which displays expanded interface
information in the NAS-Port-Type attribute, has been replaced by the
radius-server attribute nas-port extended command.
This command configures RADIUS to expand the size of the NAS-Port
attribute field to 32 bits.
The upper 16 bits of the NAS-Port attribute display the type and number
of the controlling interface; the lower 16 bits indicate the
interface undergoing authentication.
This command first appeared in IOS Release 11.1. It has been hidden in
IOS 11.3+ and IOS 12.0+ since the command has been replaced
(reference Bugid CSCdj06817).
radius-server host {hostname | ip-address} [auth-port port-number]
[acct-port port-number] [timeout seconds] [retransmit retries]
[key string] [ignore-acct-authenticator]
[hidden] ignore-acct-authenticator keyword specifies to ignore
accounting authenticator errors and warn only (11.3(+)AA).
radius-server ipc-limit done limit
[hidden]
radius-server retry method round-robin
[hidden] global configuration command is used to specify an alternate
method of selecting servers when one is not responding. As of 12.0(3)T
alternates may not be defined and the round-robin alternative may not
be implemented.
radius-server secret string
[hidden] global configuration command is used to specify the key shared
with the RADIUS server. This command is hidden because it has been
replaced with the radius-server key command (reference
BugID CSCdi44081). This command first appeared in IOS Release 11.1.
radius-server unique-ident value
[hidden] global configuration command is used to set high order bits for
the accounting identifier. The identifier field is a one octet field
included in all RADIUS accounting packets which aids in matching
requests and replies.
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
scheduler max-task-time 200
CONFIG: last val in milliseconds
scheduler heapcheck process
CONFIG: memory validation, after proc
scheduler heapcheck poll
CONFIG: memory valid after some poll
scheduler run-degraded
CONFIG: in a failure mode?
service internal
CONFIG: additional debugs that are not normally available
service slave-coredump
CONFIG
service log backtrace
CONFIG: provides traceback with every logging instance
set destination-preference
show alignment
show asciireg
On switches
show asp
show async bootp
No extended data will be sent in BOOTP responses
show biga
GLOBAL: catalyst 5000 release 5.5(1)
show bridge group verbose
shows additional information on each port that the bridge group is enabled
show caller
show chunk
show chunk summary
show counters [slot/port]
Shows all port counters
show compress hardware
show controller buffer fa# # (note, not the more common "fa#/#)
Catalyst 2900XL family 12.0(5.2)XU
show controller coronado #
Catalyst 2900XL family 12.0(5.2)XU
show controller delmar #
Catalyst 2900XL family 12.0(5.2)XU
show controller frank
Catalyst 2900XL family 12.0(5.2)XU
show controller razor
Catalyst 2900XL family 12.0(5.2)XU
show controller switch
Catalyst 2900XL family 12.0(5.2)XU, see also ciscosite.
show controller vip <slotno> log
show controller vip <slotno> tech
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show idb
show inband
GLOBAL: catalyst 5000 release 5.5(1)
show interfaces cable <cable card> modem 0
Shows CPES attached to a cable modems.
show interface statis
show interface switching
show interfaces stat
show interface <int> stat
show interfaces switching
show int <int> switching
Shows switching path information for the interface
show ip cef internal
show ip eigrp event [as] [start# end#]
IP-EIGRP Events
show ip eigrp sia-event [as] [start# end#]
IP-EIGRP SIA event
show ip eigrp timers [as]
IP-EIGRP Timers
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf ev
show ip ospf events
show ip ospf maxage-list
show ip ospf statistics
show ip route profile
Use this command to view the IP routing table profile.
show ipx backup [network]
show ipx cache cbus
show ipx cache hash
show ipx eigrp event [event-number]
shows past eigrp events
show ipx eigrp sia-event
shows past eigrp stuck in actives
show ipx private cache-history aaa
show ipx urd [0-fffffffe]
show isdn {active | history | memory | services | status [dsl | serial
number] | timers}
active: Displays current call information, including called number, the
time until the call is disconnected, AOC charging units used during the
call, and whether the AOC information is provided during calls or at end
of calls.
history: Displays historic and current call information, including the
called number, the time until the call is disconnected, AOC charging
time units used during the call, and whether the AOC information is
provided during calls or at the end of calls.
status serial number: Displays the status of a specific ISDN PRI
interface created and configured as a serial interface.
show isis timers
show isis tree
IS-IS link state database AVL tree
show isis tree level-2
show isis private
show list
show list nonempty
show llc
show mbuf
Catalyst 5000, The main issue to observe with this command is whether
the switch is being starved for memory. Within the display, "clusters"
is the number of buffers that are available for NMP to process
incoming packets, which include any broadcast/multicast, management
traffic. "clfree" is the number of buffers that are available for the
NMP at any given time.
If this is zero then this means that NMP has no buffers to process any
incoming frames. "lowest clfree" determines the lowest watermark that
NMP has hit at any time. If this value is zero but clfree is nonzero,
then this means that at one instance NMP ran out of buffers. This
can be because of a broadcast of a multicast storm in the management
vlan.
show media
show media access-lists
show memory big
show modem mapping
show parity
show parser
show parser links
show parser modes
show parser unresolved
show portreg
On switches
show proc all-events
Shows all process events
show profile
Shows cpu profiling
show profile detail
Shows cpu profiling
show profile terse
Shows cpu profiling
show refuse-message
show region <address>
Shows image layout <at give address]
show registry <cr> | brief | statistics | registry-name
memory management
show rsh
show rsh-disable-commands
show rsp
show slip
show smrp private | request |response
show snapshot private
show snmp chassis
show snmp contact
show snmp community
show snmp location
show snmp mib [detailed | dll ]
show snmp newcom
show snmp view
show sum
Show current stored image checksum
show timers
Show timers for timer command in config mode
show traffic
Shows the current backplane utilization and peak
utilization for all three busses
show queueing interface [interface]
gives queueing information on a per interface basis
snmp-server priority {low | normal | high}
[hidden] global configuration command can be used to change the
priority of SNMP processes. To avoid extensive polling, use the
priority should be set to low . All SNMP queries sent to a router
are prioritized as either low or medium priority, depending on the
version of code run by the route processor. This means that processes
with a higher priority than the SNMP process will be serviced before
SNMP. So, regardless of SNMP polling intensity, routing processes will
generally be processed before SNMP requests because route processes
are "high" priority. You can view the priorities of each of the
router's processes by doing a show process and looking in the Q column
(L == Low, M == Medium, H == High). See
http://www.cisco.com/warp/public/490/9.html for documentation.
This command has no impact on the priority of the snmp trap process.
[no] snmp-server sparse-tables
Get the complete SNMP MIB table. On controller interface
you get without this command e.g. no out bytes counter.
With this commands you get every object with SNMP get-next.
[no] sscop quick-poll
Suppose to help recover if sscop has problems, global
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
tclsh
[very interesting, you can program with loop control,
expressions, etc from the IOS CLI. works on 3640-IS-M, Version 12.1(5)XM,
EARLY DEPLOYMENT RELEASE SOFTWARE (fc1))
test aaa group {group name} {username} {password}
[12.0(5)T] used to test the authentication of a username/password
without having to use an extraneous process such as telnet or dialin
to initiate it
test appletalk
[11.2.x] The test appletalk command will enter appletalk test mode. The
sub-commands available in this mode are:
. arp interface-type number at-aarp-addr arp-mac-address
. eigrp neighbor-states cablestart-cableend
. nbp confirm <net>.<node>[:<skt>] <object>:<type>@<zone>
. nbp lookup <object>:<type>@<zone>
. nbp parmameters max-retrans max-replies interval
. nbp poll end
test align
test cable [atp | berr | bpimcast | brk | dhcp-inq | hop | minimum-poll | nobrk | stack-pro | ucc ]
[12.1]
atp acceptance test procedure
berr Bus Error
bpimcast Privacy Multicast test commands
brk Break
dhcp-inq Send DHCP inquiry
hop Initiate frequency hop
minimum-poll Toggle 1 second minimum polling
nobrk No Break
stack-prot Stack Protect
ucc Send UCC command
test call fallback
[12.1] VoIP Fallback
test cbus
For old AGS+ and 7000. Lets you prod stuff right into cbus memory.
*very* dangerous if you don't know what you are doing.
test cch323
command performs cch323 tests.
test crash
Makes the router crash anyway you want :)
test crypto [dns-query] [engine] [initiate-session] [pki]
[12.1]
dns-query DNSSEC query
engine Crypto Engine
initiate-session Send a CIM connection message
pki PKI Client Test
test dhcp [allocate xxx.xxx.xxx.xxx] | [release] | [renew]
test dsp memory
[12.1] Test DSP memory
test eigrp as-number {ack | neighbor-states ipx-address ipx-mask}
[12.1] as-number id from 1 to 65535. neighbor-states is one of 1local
(Neighbor states 1), 1successor (Neighbor states 3), 2local (Neighbor
states 1 - 2), 2successor (Neighbor states 3 - 2), 3local (Neighbor
states 1 - 0), 4local (Neighbor states 1 - 0 - 2), 5local (Neighbor
states 1 - 0 - FC fail - 1), 6local (Neighbor states 1 - 2 - FC fail -
3), and delete (Delete a phoney entry in the topology table). The
keyword ack toggles EIGRP fast acking.
test ifs appn {read | write}{hostname | ip-address}
The test ifs appn command reads or writes an appn file.
test ifs boot boot-command-line
The test ifs boot command parses the bootstrap 'boot' command line.
test ifs defaults
The test ifs defaults command shows the default boot files.
test ifs show hidden
The test ifs show hidden command toggles the display of hidden file systems and files.
test ifs slot slot url
The test ifs slot command will produce a core dump of slots on
crashes.
test interfaces
test ip local-pool alloc (interface)
needs service-internal
test ip local-pool alloc user
needs service-internal
test ip local-pool chown (interface)
needs service-internal
test ip local-pool free (interface)
needs service-internal
test ip local-pool pool
needs service-internal
test ipc misc
test ipx capacity x y z
Generated IPX RIP and SAPs. Enterprise feature set (11.2+).
where x is the network address to begin at.
where y is the number of advertisements
where z is the interface IPX address that is reachable from
test ipx debug [0-ffffffff] [0-ffffffff] [0-ffffffff]
test ipx echo router-address [times-sent] [interval]
sends 1447 RIP requests for 1 – 182 random networks – remote end sends
echo repl back (ipx ping works the same way, but it always requests
network 00000000))
test ipx gns [type] [numb-tries] [timeout] [network-to-send-request-on]
types:
1 – User,
2 – User Group,
3 – Print Queue,
4 – File Server,
5 – Job Server,
6 – Gateway,
7 – Print Server,
8 – Archive Queue,
9 – Archive Server,
a – Job Queue,
b – Administration Object,
f – Novell TI-RPC,
ff – Wild,
ffff – Request Response
test ipx netbios find [name] [numb-tries] [timeout] [network-to-send-request-on]
sends out un-interpreted packets
test ipx query [sending-SAP-type] [type] [server-name] [network] [maskf]
[numb-tries] [timeout]
sending-sap-types:
2 – Response (in),
4 – Nearest Server type,
C – General Name Query,
D – General Name Response,
E – Nearest Name Query,
F – Nearest Name Response
test ipx ripreq network
sends rip request for network specified
test ipx watchdog host-address
sends watchdog (IPX Keep-alive) packet to specified host)
test leds test network interfaces.
test mbus power [slot] [on off]
[no]Shut a line card
test memory
test pas [bus watcher] [counter] [eeprom]
[12.1]
bus watcher Bus Watcher
counter Cycle Counter
eeprom Test eeprom functionality
test playout [adaptive] [fixed] [nots]
[12.1]
adaptive use adaptive playout buffer
fixed use fixed playout buffer
nots use fixed playout buffer with no timestamps
test port <2147483647-0>
[12.1] Voice interface slot #
test pppoe [stop] [ip] <1-8000> [FastEthernet]
[12.1]
<1-8000> Number of PPPoE sessions to be opened
FastEthernet FastEthernet IEEE 802.3
test rsp cach memd-fastswitch uncached
The processor in the router has its own Cache. There were bugs
in working with this cache. With this exec-command you can
disable the use of this cache. Because this is a exec-command you
have to type it again after a reboot.
test ssl [open-conn] [open-session] [read] [write]
[12.1]
open-conn Open connection
open-session Open a SSL Session
read Read data from a selected socket
write Write data to the selected socket
test tcp [delay|drop|line|random]
needs service-internal
test tone locale
[12.1]
locale 2 letter ISO-3166 country code
test translation-rule <1-2147483647>
[12.1]
<1-2147483647> The unique Tag for this translation table
test transmit
test spanning-tree [get] [process-stats] [switch-count]
[12.1]
get get configuration
process-stats Spanning tree process / queue statistics
switch-count Spanning tree packet counters
test modem back-to-back first-slot/port second-slot/port
performs modem testing. Test the transmission of L2 frames
test vines
enter VINES test mode. The Sub-commands available in this mode are:
. build [Build tables]
. checksum [Checksum test]
. data [Set data values used in various places]
. end [Exit VINES test mode]
. flush [Flush tables]
. generate [generate information]
. send [Send a VINES packet]
. set [Send a VINES value]
. ss [Do Server Service things]
. st [Send a vines streettalk packet]
test voice [echo] [playout] [port] [tone]
[12.1]
echo Test echo canceller
playout set playout delay configuration
port Diagnose voice ports by forcing conditions
tone TONE
test voip scripts
allow to run self-created IVR (Interactive Voice Response) scripts.
Cisco included 7 IVR scripts in IOS. Self-created scripts must be
specially signed. Issuing this command in priviliged mode before loading
self-created script you turn off the signature checking procedure. The
only problem is that the command must be issued every each router
reboot. Cisco promises to remove totally the signature checking
procedure in future IOS releases.
test vpdn
<cisco Systems on the test command>
"The undocumented and soon to be hidden 'test' privileged
command is
used to test subsystems, memory and interfaces.
The features of the
test command are box and IOS dependent and are intended
for Cisco
technical support only."
<cisco Systems on the test command>
timeout absolute minutes [seconds]
[12.1] command is available to enforce timeouts on an
interface.
trace display
Displays the trace buffer when connected with if-con 0
c
ttcp
Like the unix ttcp, to generate traffic
tunnel carry-security
CONFIG
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
vpdn aaa override-server {hostname | ip-address}
[12.1] global configuration command specifies the name or ip address of a
designate AAA server to be used for VPDN authorization.
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
who
Alias for show users
write core
Does a full core dump, reboots router
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
x29 inviteclear-time none
The router will not send out a x29 invite-to-clear but a x25 clear
(disconnect)to the X.25 host. This is necessary, if your X.25 host
has problems receiving X.29 invite-to-clear.
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]
[Catalyst 5000 and 6000]
enable engineer
this prompts for a password, which has the form:
passwordHWFWSWenablepass
password, enablepass: whatever passwords are on the box
HW, FW, SW: first two digits of the hardware, firmware,
software
versions running on the Supervisor, shown by show
version.
Example: password and enablepass are cisco, show
version says HW: 3.2,
FW: 5.3(1), SW: 5.4(4)
The enable engineer password would be cisco325354cisco
[5000]
set trace
If you enter set trace ?, nothing appears however if you
enter
set trace followed by anything else you will see the command
options. Be careful with this command, make a backup of
the
configuration FIRST. You can saturate the processor
if it is
used inappropriately the Catalyst may reboot constantly
or
become non responsive upon boot! In this case you have
to break
in and wipe the config very quickly.
[router bgp ASN]
neighbor ctalkb-out filter-as 100 d
Filter-as is an obsolete subcommand
use filter-list instead
neighbor <customer-router> translate-update [nlri multicast
unicast]
Redistribute between BGP and MBGP
bgp redistribute-internal
Redistribute I-BGP routes in the other routing-protocol
[router eigrp X]
eigrp event-log-size xxx
sets the event log size when used with "show ip eigrp
event"
Default is 500 on 12.0.11
[no] eigrp event-logging
controls logging of eigrp events on a per bases
[no] eigrp event-log-size
Set event log sixe to events; 0 deletes event log buffers
[no] command resets event log and SIA log size to 500 events
[no] eigrp log-event-type [dual] [xmit] [transport]
Configure the set of event types to log
[no] eigrp kill-everyone
Kill all adjacencies on an SIA event or a neighbor down
event
[no] eigrp log-neighbor-changes
log changes in peer status of neighbors
[router isis]
partition-avoidance
[Filesystem]
cd system:/vfiles and 'dir' and there are three files available:
tmasinfo
tmstats_ascii
tmstast_binary
File format tmstats.ascii:
Header - version, address, aggreg, sysuptime, UTC, NTP,
duration
Per-prefix entry format - prefix type, dest/mask, sysuptime,
pkts in,
bytes in, pkts out, bytes out Per-tunnel entry format
- tunnel type,
tunnel id
[A] | [B] | [C] | [D] | [E] | [F] | [G] | [H] | [I] | [J] | [K] | [L] | [M] | [N] | [O] | [P] | [Q] | [R] | [S] | [T] | [U] | [V] | [W] | [X] | [Y] | [Z]