System Management Commands

This chapter describes the commands used to manage the access server system and its performance on the network.

For system management configuration tasks and examples, refer to the chapter entitled "Managing the System" in the Access and Communication Servers Configuration Guide.

aaa accounting

To enable AAA accounting of requested services for billing or security purposes when using TACACS+, use the aaa accounting global configuration command. Use the no form of this command to disable accounting.

Syntax Description

Default

AAA accounting is not enabled.

Command Mode

Global configuration

Usage Guideline

The aaa accounting command allows you to set start/stop accounting for any or all of the listed functions in the Syntax Description for this command. For minimal accounting control, issue the stop-only command, which sends a stop record accounting notice at the end of the requested user process. For additional accounting control, you can issue the start-stop command, where TACACS+ sends a start accounting notice at the beginning of the requested process and a stop accounting notice at the end of the process. You can further control access and accounting by issuing the wait-start command, which ensures that the start notice is received by the TACACS+ server before granting the user's process request. Accounting is only done to the TACACS+ server.

Examples

In the following example, accounting is set for outbound Telnet and rlogin, and both a start and stop accounting notice is sent to the TACACS+ server:

aaa accounting connection start-stop tacacs+

In the following example, accounting is set for privilege level 15 commands, with a wait-start restriction:

aaa accounting command 15 wait-start tacacs+

Related Commands

aaa new-model
aaa authentication username-prompt

aaa authentication arap

To enable an AAA authentication method for AppleTalk Remote Access (ARA )users while using TACACS+, use the aaa authentication arap command. Use the no form of the command to disable this authentication.

Syntax Description

Default

If the default list is not set, only the local user database is checked. This has the same effect as issuing the following command:

aaa authentication arap default local

Command Mode

Global configuration

Usage Guideline

The list names and default that you set using the aaa authentication arap command are used with the arap authentication command. These lists can contain up to four authentication methods that will be used when a user tries to log in with ARA. Note that ARAP guest logins are disabled by default when you enable AAA/TACACS+. To allow guest logins, you must use either the guest or auth-guest method listed in Table 5-1. You can only use one of these methods; they are mutually exclusive.

Create a list by entering the aaa authentication arap list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method keyword refers to the list of methods the authentication algorithm will try, in the given sequence. You can enter up to four methods, which are described in Table 5-1.

To create a default list that will be used if no list is specified in the arap authentication command, use the default keyword followed by the methods you wish to be used in default situations.

The additional methods of authentication will only be used if the previous method returns an error, not if it fails.

Use the show running-config command to view lists of authentication methods.

Examples

The following example creates a list called MIS-access, which first tries TACACS+ authentication and then none:

aaa authentication arap MIS-access tacacs+ none

The following example creates the same list, but sets it as the default list, which will be used for all arap authentications if no other list is specified:

aaa authentication arap default tacacs+ none

Related Commands

A dagger (⁺) indicates that the command is documented in another chapter.

aaa authentication local-override
aaa new-model
arap authentication⁺

aaa authentication enable default

To enable AAA authentication to determine if a user can access the privileged command level with TACACS+, use the aaa authentication enable default command. Use the no form of the command to disable this authorization method.

Syntax Description

Default

If the default list is not set, the action will be to check only the enable password. This has the same effect as issuing the following command:

aaa authentication enable default enable

On the console, the enable password is used if it exists. If no password is set, the process will succeed anyway.

Command Mode

Global configuration

Usage Guideline

Use the aaa authentication enable default command to create a series of authentication methods that are used to determine if a user can access privileged command level. You can specify up to four authentication methods. Method keywords are described in Table 5-2. The additional methods of authentication will only be used if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.

If a default authentication routine is not set for a function, the default is none--no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.

Example

The following example creates an authentication list that will first try to contact a TACACS+ server. If no server can be found, then AAA will try to use the enable password. If this also returns an error (because no enable password is configured on the server), the user will be allowed access with no authentication.

aaa authentication enable default tacacs+ enable none

Related Commands

aaa authentication local-override
aaa new-model
aaa authentication username-prompt
enable password

aaa authentication login

To set AAA authentication at login when using TACACS+, use the aaa authentication login global configuration command. Use the no form of the command to disable AAA authentication.

Syntax Description

Default

If the default list is not set, only the local user database is checked. This has the same effect as issuing the following command:

aaa authentication login default local

Command Mode

Global configuration

Usage Guideline

The default and optional list names that you create with the aaa authentication login command are used with the login authentication command.

Create a list by entering the aaa authentication list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method keyword refers to the list of methods the authentication algorithm tries, in the given sequence. Method keywords are described in Table 5-3.

To create a default list that is used if no list is assigned to a line with the login authentication command, use the default argument followed by the methods you want in default situations.

The additional methods of authentication is only be used if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.

If authentication is not specifically set for a line, the default is to deny access--no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.

Example

The following example creates an AAA authentication list called MIS-access. This authentication will first try to contact a TACACS+ server. If no server is found, TACACS+ will return an error and AAA will try to use the enable password. If this also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.

aaa authentication login MIS-access tacacs+ enable none

The following example creates the same list, but sets it as the default list that will be used for all login authentications if no other list is specified:

aaa authentication login default tacacs+ enable none

Related Commands

aaa authentication local-override
aaa new-model
login authentication

aaa authentication local-override

To have the access server check the local user database for authentication before attempting another form of authentication, use the aaa authentication local-override command. Use the no form of the command to disable the override.

Syntax Description

This command has no arguments or keywords.

Default

Override is disabled.

Command Mode

Global configuration

Usage Guideline

This command is useful when you want to configure an override to the normal authentication process for certain personnel such as system administrators.

When this override is set, the user is always prompted for the username. The system then checks to see if the entered username corresponds to a local account. If the username does not correspond to one in the local database, login proceeds with the methods configured using other aaa commands (such as aaa authentication login). Note that when using this command, the first prompt is fixed as Username:

Example

The following example enables aaa authentication override:

aaa authentication local-override

Related Commands

aaa authentication arap
aaa authentication enable default
aaa authentication login
aaa new-model
aaa authentication password-prompt

aaa authentication password-prompt

To change the text displayed when users are prompted for a password, use the aaa authentication password-prompt global configuration command. Use the no form of this command to return to the default password prompt text.

Syntax Description

Default

This command is disabled by default.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.0.

Use the aaa authentication password-prompt command to change the default text that the Cisco IOS software displays when prompting a user to enter a password. This command changes the password prompt for the enable password as well as for login passwords that are not supplied by remote security servers. The no form of this command returns the password prompt to the default value:

Password:

The aaa authentication password-prompt command does not change any dialog that is supplied by a remote TACACS+ or RADIUS server.

Example

The following example changes the text for the password prompt:

aaa authentication password-prompt "Enter your password now:"

Related Commands

A dagger (⁺) indicates that the command is documented outside this chapter.

aaa authentication username prompt
aaa new-model
enable password ⁺

aaa authentication ppp

To specify one or more AAA authentication methods for use on serial interfaces running PPP when using TACACS+, use the aaa authentication ppp command. Use the no form of the command to disable authentication.

Syntax Description

Default

If the default list is not set, the action will be to check only the local user database. This has the same effect as issuing the following command:

aaa authentication ppp default local

Command Mode

Global configuration

Usage Guideline

The lists that you create using the aaa authentication ppp command are used with the ppp authentication command. These lists contain up to four authentication methods that will be used when a user tries to log in to the serial interface.

Create a list by entering the aaa authentication ppp list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method keyword refers to the list of methods the authentication algorithm tries, in the given sequence. You can enter up to four methods. Method keywords are described in Table 5-4.

The additional methods of authentication are only used if the previous method returns an error, not if it fails. Specify none as the final method in the command line to have authentication succeed even if all methods return an error.

If authentication is not specifically set for a function, the default is none--no authentication is performed. Use the show running-config command to view lists of authentication methods.

Example

The following example creates an AAA authentication list called MIS-access for serial lines that use PPP. This authentication first tries to contact a TACACS+ server. If this returns an error, the user is allowed access with no authentication.

aaa authentication ppp MIS-access tacacs+ none

Related Commands

aaa authentication local-override
aaa new-model
ppp authentication

aaa authentication username-prompt

To change the text displayed when users are prompted to enter a username, use the aaa authentication username-prompt global configuration command. Use the no form of this command to return to the default username prompt text.

Syntax Description

Default

This command is disabled by default.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.0.

Use the aaa authentication username-prompt command to change the default text that the Cisco IOS software displays when prompting a user to enter a username. The no form of this command returns the username prompt to the default value:

Username:

Some protocols (for example, TACACS+) have the ability to override the use of local username prompt information. Using the aaa authentication username-prompt command will not change the username prompt text in these instances.

Example

The following example changes the text for the username prompt:

aaa authentication username-prompt "Enter your name here:"

Related Commands

A dagger (⁺) indicates that the command is documented outside this chapter.

aaa authentication password-prompt
aaa new-model
enable password ⁺

aaa authorization

To set parameters that restrict a user's network access based on TACACS+ authorization, use the aaa authorization command. To disable authorization for a function, use the no form of the command.

Syntax Description

Default

Authorization is disabled for all actions (equivalent to the keyword none).

Command Mode

Global configuration

Usage Guideline

This command first appeared in Cisco IOS Release 10.0.

Use the aaa authorization command to create a list of one and up to four authorization methods that can be used when a user accesses the specified function. Table 5-5 lists the different authorization methods.

The additional methods of authorization are only used if the previous method returns an error, not if it fails. Specify none as the final method in the command line to have authorization succeed even if all methods return an error.

Table 5-6 describes attribute value (AV) pairs associated with the aaa authorization command. Registered users can find more information about TACACS+ and attribute pairs on Cisco Connection Online (CCO).

Examples

The following example specifies that TACACS+-style authorization is used for all network-related requests. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed, and the request is successful.

aaa authorization network tacacs+ none

The following example specifies that TACACS+-style authorization is run for level 15 commands. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed, and the request succeeds.

aaa authorization command 15 tacacs+ none

Related Commands

aaa accounting
aaa new-model

aaa new-model

To enable the new AAA access control model that includes TACACS+, issue the aaa new-model global configuration command. Use the no form of the command to disable this functionality.

Syntax Description

This command has no arguments or keywords.

Default

AAA/TACACS+ is not enabled.

Command Mode

Global configuration

Usage Guideline

This command enables the new AAA access control system and TACACS+. If you initialize this functionality and later decide to use TACACS or Extended TACACS, issue the no version of this command and then enable the version of TACACS you want to use.

After enabling AAA/TACACS+ with the aaa new-model command, you must use the tacacs-server key command to set the authentication key used in all TACACS+ communications with the TACACS+ daemon.

Example

The following example initializes AAA and TACACS+:

aaa new-model

Related Commands

aaa accounting
aaa authentication arap
aaa authentication enable default
aaa authentication local-override
aaa authentication login
aaa authentication password-prompt
aaa authentication username-prompt
tacacs-server key

alias

Syntax Description

Defaults

Default aliases are in EXEC mode as follows:

Command Mode

Global configuration

Usage Guidelines

You can use simple words as aliases or abbreviations. The aliases in the Default section are predefined. They can be turned off using the no alias command.

Table 5-7 shows the acceptable options for the mode argument in the alias global configuration command.

Router#lo?
*lo=logout  lock  login  logout 

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# alias exec device-mail telnet device.cisco.com 25
Router(config)# end
Router# device-mail?
*device-mail="telnet device.cisco.com 25" 

Router(config)# alias exec td trace device
Router(config)# ^Z
Router# t?
*td="trace device"  telnet  terminal  test  tn3270
trace               

Router# t?
telnet  terminal  test  tn3270  trace

Router(config)# alias exec td telnet device
Router(config)# ^Z
Router#td ?
      /debug     Enable telnet debugging mode
      /line      Enable telnet line mode
      ...
      whois      Whois port
      <cr>
Router# telnet device

bones# t
% Ambiguous command:  "t"

Example

In the following example, the alias fixmyrt is created for the EXEC-mode command clear ip route 172.30.116.16.

alias exec fixmyrt clear ip route 172.30.116.16

Related Command

show aliases

arap authentication

To enable TACACS+ authentication for ARA on a line, use the arap authentication command. Use the no form of the command to disable authentication for an ARA line.

Syntax Description

Default

ARAP authentication uses the default set with aaa authentication arap command. If no default has been set, the local user database is checked.

Command Mode

Line configuration

Usage Guideline

This command is a per-line command, and specifies the name of a list of AAA authentication methods to try at login. If no list is specified, the default list will be used (whether or not it is specified in the command line). Defaults and lists are created by using the aaa authentication arap command. Entering the no version of arap authentication has the same effect as entering the command with the default argument.

Before issuing this command, create a list of authentication processes by using the aaa authentication arap global configuration command.

Caution If you use a list-name that was not configured with the aaa authentication arap command, ARAP will be disabled on this line.

Example

The following example specifies that the TACACS+ authentication list called MIS-access is used on ARA line 7:

line 7
arap authentication MIS-access

Related Command

aaa authentication arap

buffers

Use the buffers global configuration command to make adjustments to initial buffer pool settings and to the limits at which temporary buffers are created and destroyed. Use the no buffers command to return the buffers to their default size.

Syntax Description

Default

The default number of the buffers in a pool is determined by the hardware configuration and can be displayed with the EXEC show buffers command.

Command Mode

Global configuration

Usage Guidelines

It is normally not necessary to adjust these parameters; do so only after consulting with technical support personnel. Improper settings could adversely impact system performance.

Buffer pool allocation is a user tunable parameter. The buffer pool to tune depends on the type of encapsulation used by the interfaces. Correspondingly, the ring size changes with the size of the buffer required.

Examples

In the following example, the system will try to keep at least 50 small buffers free:

buffers small min-free 50

In the following example, the permanent buffer pool allocation for big buffers is increased to 200. On a Cisco 2509 1E2T box using HDLC encapsulation, there are four receive rings, each of 32 entries. The cache size is 32 buffers. The MTU for this sort of encapsulation is below 1524 bytes (the same as for Ethernet) which means that you must use buffers from the "big" pool. The basic number of "big" buffers required is (2 + 1) * 32 = 96. Adding a bit of "comfort" space, the following command can then be used:

buffers big permanent 100

The above example shows approximate figures.

In the following example, the initial and permanent interface buffer pools are set to 100:

buffers ethernet 0 initial 100
buffers ethernet 0 permanent 100

Related Commands

buffers huge size
show buffers

buffers huge size

Use the buffers huge size global configuration command to dynamically resize all huge buffers to the value you specify. Use the no buffers huge size command to restore the default buffer values.

Syntax Description

Default

18024 buffers

Command Mode

Global configuration

Usage Guidelines

Use this command only after consulting with technical support personnel. The buffer size cannot be lowered below the default.

Example

In the following example, the system will resize huge buffers to 20000 bytes:

buffers huge size 20000

Related Commands

buffers
show buffers

cdp enable

Syntax Description

This command has no arguments or keywords.

Default

Disabled

Command Mode

Interface configuration

Usage Guidelines

CDP is enabled by default at the global level, but it must be enabled on each interface in order to send or receive CDP information.

Example

In the following example, CDP is enabled on Ethernet interface 0:

interface ethernet 0
cdp enable

Related Command

cdp run

cdp holdtime

To specify the amount of time the receiving device should hold a CDP packet from your access server before discarding it, use the cdp holdtime global configuration command. Use the no cdp holdtime command to revert to the default setting.

Syntax Description

Default

180 seconds

Command Mode

Global configuration

Usage Guidelines

CDP packets are sent with time-to-live, or hold time, that is nonzero after an interface is enabled and a hold time of 0 immediately before an interface is idled down.

The CDP hold time must be set to a higher number of seconds than the time between CDP transmissions, which is set using the cdp timer command.

Example

In the following example, the CDP packets being sent from your device should be held by the receiving device for 60 seconds before being discarded. You might want to set the hold time lower than the default setting of 180 seconds if information about your device changes often and you want the receiving devices to purge this information more quickly.

cdp holdtime 60

Related Commands

cdp timer
show cdp

cdp run

Syntax Description

This command has no arguments or keywords.

Default

Enabled

Command Mode

Global configuration

Usage Guidelines

CDP is enabled on your access server by default, which means the access server will receive CDP information. However, to receive CDP packets it must be enabled on interfaces, using the cdp enable interface configuration command.

Example

In the following example, CDP is disabled for the access server.

no cdp run

Related Command

cdp enable

cdp timer

Syntax Description

Default

60 seconds

Command Mode

Global configuration

Usage Guidelines

The trade-off with sending more frequent transmissions is providing up-to-date information versus using bandwidth more often.

Example

In the following example, CDP updates will be sent from your access server every 80 seconds, less frequently than the default setting of 60 seconds. You might want to make this change if you are concerned about preserving bandwidth.

cdp timer 80

Related Commands

cdp holdtime
show cdp

clear cdp counters

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Example

In the following example, the CDP counters have been cleared. The show cdp traffic output shows that all of the traffic counters have been reset to zero (0).

Router# clear cdp counters
Router# show cdp traffic

CDP counters :
        Packets output: 0, Input: 0
        Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
        No memory: 0, Invalid packet: 0, Fragmented: 0

Related Commands

show cdp traffic
clear cdp table

clear cdp table

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Example

In the following example, the CDP table is cleared. The output of the show cdp neighbors command shows that all information has been deleted from the table.

Router# clear cdp table 

CDP-AD: Deleted table entry for neon.cisco.com, interface Ethernet0
CDP-AD: Deleted table entry for neon.cisco.com, interface Serial0
Router# show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP
 
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

Related Commands

clear cdp counters
show cdp neighbors

clock set

To manually set the system clock, use the clock set EXEC command.

Syntax Description

Command Mode

EXEC

Usage Guidelines

Generally, if the system is synchronized by a valid outside timing mechanism, such as an NTP clock source, you need not set the system clock. Use this command if no other time sources are available. The time specified in this command is relative to the configured time zone.

Example

In the following example, the system clock is manually set to 1:32 p.m. on July 23, 1993:

clock set 13:32:00 23 July 1993

Related Commands

calendar set
clock summer-time
clock timezone

clock summer-time

To configure the system to switch to summer time (daylight savings time) automatically, use one of the formats of the clock summer-time global configuration command. Use the no form of this command to configure the access server not to automatically switch to summer time.

Syntax Description

Default

Summer time is disabled. If clock summer-time zone recurring is specified without parameters, the summer time rules default to United States rules. Default of offset is 60.

Command Mode

Global configuration

Usage Guidelines

Use this command if you want to automatically switch to summer time (for display purposes only). Use the recurring form of the command if the local summer time rules are of this form. Use the date form to specify a start and end date for summer time if you cannot use the first form.

In both forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the Southern Hemisphere.

Examples

In the following example, summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00:

clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00

If you live in a place where summer time does not follow the pattern in the first example, you could set it to start on October 12, 1993 at 02:00, and end on April 28, 1994 at 02:00, with the following example:

clock summer-time date 12 October 1993 2:00 28 April 1994 2:00

Related Commands

calendar set
clock timezone

clock timezone

To set the time zone for display purposes, use the clock timezone global configuration command. To set the time to Coordinated Universal Time (UTC), use the no clock timezone command.

Syntax Description

Default

UTC

Command Mode

Global configuration

Usage Guidelines

The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.

Example

In the following example, the time zone is set to Pacific Standard Time and is offset 8 hours behind UTC:

clock timezone PST -8

Related Commands

clock set
clock summer-time
show clock

custom-queue-list

To assign a custom queue list to an interface, use the custom-queue-list interface configuration command. To remove a specific list or all list assignments, use the no form of this command.

Syntax Description

Default

No custom queue list is assigned.

Command Mode

Interface configuration

Usage Guidelines

You can assign only one queue list per interface. Use this command in place of the priority-list command (not in addition to it). Custom queuing allows a fairness that is not provided with priority queuing. With custom queuing, you can control the interfaces' available bandwidth when it is unable to accommodate the aggregate traffic enqueued. Associated with each output queue is a configurable byte count, which specifies how many bytes of data should be delivered from the current queue by the system before the system moves on to the next queue. When a particular queue is being processed, packets are sent until the number of bytes sent exceeds the queue byte count or until the queue is empty.

Example

In the following example, custom queue list number 3 is assigned to serial interface 0:

interface serial 0
custom-queue-list 3

Related Commands

queue-list default
queue-list interface
queue-list protocol
queue-list queue byte-count
queue-list queue limit
queue-list stun

downward-compatible-config

To have the access server try to generate a configuration that is compatible with an earlier Cisco IOS release, use the downward-compatible-config global configuration command. To remove this feature, use the no form of this command.

Syntax Description

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

In Cisco IOS Release 10.3, the IP access list formats changed. Use this command to regenerate a configuration in the format prior to Release 10.3 if you are going to downgrade from a Release 10.3 or later to an earlier release. The earliest release this command accepts is 10.2.

When this command is configured, the access server attempts to generate a configuration that is compatible with the specified version. Currently, this command affects only IP access lists.

Under some circumstances, the software might not be able to generate a fully backward-compatible configuration. In such a case, the software issues a warning message any time it tries to write a configuration that is not downward compatible.

Example

In the following example, the access server will attempt to generate a configuration file compatible with Cisco IOS Release 10.2:

downward-compatible-config 10.2

Related Commands

A dagger (⁺) indicates that the command is documented in another chapter.

access-list (extended)⁺
access-list (standard)⁺

enable last-resort

To specify what happens if the TACACS servers used by the enable command do not respond, use the enable last-resort global configuration command. The no form of this command restores the default.

Syntax Description

Default

Default action is to fail.

Command Mode

Global configuration

Usage Guideline

The secondary authentication is used only if the first attempt failed. The second authentication will not occur if the first authentication was only unsuccessful.

Example

In the following example, if the TACACS servers do not respond to the enable command, the user can enable by entering the privileged level password:

enable last-resort password

Related Command

A dagger (⁺) indicates that the command is documented in another chapter.

enable ⁺

enable password

Use the enable password global configuration command to set a local password to control access to various privilege levels. Use the no form of this command to remove the password requirement.

Syntax Description

Default

No password is defined.

Command Mode

Global configuration

Usage Guidelines

You will not ordinarily enter an encryption type. Typically you enter an encryption type only if you copy and paste back into this command a password that has already been encrypted by a Cisco router.

Use this command with the level option to define a password for a specific privilege level. Once the level and the password are specified, give the password to the users you want to have access at this level. Use the privilege level (global) configuration command to specify commands accessible at various level.

Enable or disable password encryption with the service password-encryption command.

An enable password can contain from 1 to 80 uppercase and lowercase alphanumeric characters. The first character cannot be a number. Some spaces are valid password characters; for example, "two words" is valid. Leading spaces are ignored, but trailing spaces are recognized. For example "woolly" is interpreted as "woolly" (without the space), while "woolly " is interpreted as "woolly " (with the space). To create an enable password containing a question mark (?), precede the question mark with the keystrokes Ctrl-V. For example, to create the password "abc?123", you enter the letters abc followed by Ctrl-V followed by ? followed by the numbers 123. When the system prompts you to enter the enable password, you need not precede the question mark with the Ctrl-V; you can simply enter abc?123 at the password prompt.

Example

In the following example, the password pswd2 is enabled for privilege level 2:

enable password level 2 pswd2

In the following example the encrypted password Xyti5Rkls3LoyxzS8t9, which has been copied from a router configuration file, is set for privilege level 2 using encryption type 7:

enable password level 2 7 Xyti5Rkls3LoyxzS8t9

Related Commands

A dagger (⁺) indicates that the command is documented outside this chapter.

disable ⁺
enable ⁺
privilege level (global)
service password-encryption
show privilege

enable secret

Use the enable secret command to specify an additional layer of security over the enable password command. Use the no form of the command to turn off the enable secret function.

Syntax Description

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

You will not ordinarily enter an encryption type. Typically you enter an encryption type only if you paste back into this command an encrypted password that you copied from a router configuration file.

The enable secret command is used in conjunction with the enable password command to provide an additional layer of security over the enable password. This scheme provides better security by storing the enable secret using a non-reversible cryptographic function.

This added layer of security is useful in environments where the password crosses the network or is stored on a TFTP server.

If you use the same password for enable password and enable secret, you receive an error message warning that this practice is not recommended; but the password will be accepted. By using the same password, however, you undermine the additional security the enable secret command provides.

Examples

The following example specifies an enable secret password of gobbledegook:

enable secret gobbledegook

After specifying an enable secret password, users must enter this password to gain access. Any passwords set through enable password will no longer work.

Password: gobbledegook

In the following example the encrypted password Xyti5Rkls3LoyxzS8t9, which has been copied from a router configuration file, is enabled for privilege level 2 using encryption type 5:

enable password level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8t98j2

Related Commands

A dagger (⁺) indicates that the command is documented outside this chapter.

enable ⁺
enable password

enable use-tacacs

To enable use of TACACS to determine whether a user can access the privileged command level, use the enable use-tacacs global configuration command. Use the no enable use-tacacs command to disable TACACS verification.

Syntax Description

This command has no arguments or keywords.

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

When you add this command to the configuration file, the EXEC enable command prompts for a new username and password pair. This pair is then passed to the TACACS server for authentication. If you are using extended TACACS, it also will pass any already-existing UNIX user identification code to the server.

Caution If you use the enable use-tacacs command, you must also use the tacacs-server authenticate enable command, or else you will be locked out of the access server.

Example

The following example sets TACACS verification on the privileged EXEC-level login sequence:

enable use-tacacs
tacacs-server authenticate enable

Related Command

tacacs-server authenticate

fair-queue

To enable weighted fair queuing for an interface and to set the congestion threshold after which messages for high-bandwidth conversations are dropped, use the fair-queue interface configuration command. To disable weighted fair queuing for an interface, use the no form of this command.

Syntax Description

Default

Fair queuing is enabled by default for physical interfaces whose bandwidth is less than or equal to 2.048 megabits per second (Mbps) and that do not use Link Access Procedure, Balanced (LAPB), X.25, PPP, or Synchronous Data Link Control (SDLC) encapsulations. (Fair queuing is not an option for these protocols.) However, if custom queuing or priority queuing is enabled for a qualifying link, it overrides fair queuing, effectively disabling it. Additionally, fair queuing is automatically disabled if you enable autonomous switching.

The congestive-discard threshold is 64 messages.

Command Mode

Interface configuration

Usage Guidelines

When enabled for an interface, weighted fair queuing provides traffic priority management that automatically sorts among individual traffic streams without requiring that you first define access lists. Enabling weighted fair queuing requires use of this command only.

Weighted fair queuing can manage duplex data streams, such as those between pairs of applications, and simplex data streams such as voice or video. From the perspective of weighted fair queuing, there are two categories of sessions: high-bandwidth sessions and low-bandwidth sessions. Low-bandwidth traffic has effective priority over high-bandwidth traffic, and high-bandwidth traffic shares the transmission service proportionally according to assigned weights.

When weighted fair queuing is enabled for an interface, new messages for high-bandwidth traffic streams are discarded after the configured or default congestive-messages threshold has been met. However, low-bandwidth conversations, which include control-message conversations, continue to enqueue data. As a result, the fair queue may occasionally contain more messages than its configured threshold number specifies.

Weighted fair queuing uses a traffic data stream discrimination registry service to determine which traffic stream a message belongs to. For each forwarding protocol, Table 5-8 shows the attributes of a message that are used to classify traffic into data streams.

It is important to note that IP precedence, congestion in Frame Relay switching, and discard eligibility flags affect the weights used for queuing.

IP precedence, which is set by the host, is a number in the range of 0 to 7. Data streams of precedence number are weighted so that they are given an effective bit rate of number+1 times as fast as a data stream of precedence 0, which is normal.

In Frame Relay switching, message flags for congestion (FECN and BECN) and discard eligible (DE) message flags cause the algorithm to select weights that effectively impose reduced queue priority, providing the application with "slow down" feedback and sorting traffic, giving the best service to applications within their Committed Information Rate.

Fair queuing is supported for all LAN and line (WAN) protocols except those that use LAPB, which are listed in "Default." Because tunnels are software interfaces that are themselves routed over physical interfaces, fair queuing is not supported for tunnels. If fair queuing is configured for an interface, the default of no fair-queue is applied for these links and tunnels on the interface and appears in the configuration script for them.

Example

The following example enables use of weighted fair queuing on Serial 0, with a congestive discard threshold of 300. This means that messages will be discarded from the queuing system only when 300 or more messages have been queued and the message is in a data stream that has more than one message in the queue. The transmit queue limit is set to 1, based on the 384-kilobit (kb) line set by the bandwidth command:

interface Serial 0
bandwidth 384
fair-queue 300

hostname

To specify or modify the host name for the network server, use the hostname global configuration command.

Syntax Description

Default

The factory-assigned default host name is cs.

Command Mode

Global configuration

Usage Guidelines

The order of display at startup is the message-of-the-day (MOTD) banner, then login and password prompts, then the EXEC banner.

The host name is used in prompts and default configuration filenames. The setup command facility also prompts for a host name at startup.

Example

The following example changes the host name to sandbox:

hostname sandbox

load-interval

To change the length of time for which data is used to compute load statistics, use the load-interval interface configuration command. Use the no load-interval command to revert to the default setting.

Syntax Description

Default

300 seconds (or 5 minutes)

Command Mode

Interface configuration

Usage Guidelines

If you want load computations to be more reactive to short bursts of traffic rather than averaged over five-minute periods, you can shorten the length of time over which load averages are computed.

If the load interval is set to thirty seconds, new data is used for load calculations over a thirty-second period. This data is used to compute load statistics, including input rate in bits and packets per second, output rate in bits and packets per second, load, and reliability.

Load data is gathered every five seconds on the access server. This data is used for a weighted average calculation in which more-recent load data has more weight in the computation than older load data. If the load interval is set to thirty seconds, the average is computed for the last thirty seconds of load data.

The load-interval command allows you to change the default interval five minutes to a shorter or longer period of time. If you change it to a shorter period of time, the input and output statistics that are displayed when you use the show interface command will be more current and based on more instantaneous data rather than reflecting a more average load over a longer period of time.

This command is often used for dial backup purposes to increase or decrease the likelihood of a backup interface being implemented, but it can be used on any interface.

Example

In the following example, the default five-minute average is set it to a thirty-second average. A burst in traffic that would not trigger a dial backup for an interface configured with the default five-minute interval might trigger a dial backup for this interface that is set for a shorter, thirty-second interval.

interface serial 0
load-interval 30

Related Command

A dagger (⁺) indicates that the command is documented in another chapter.

show interface⁺

logging

To log messages to a syslog server host, use the logging global configuration command. The no logging command deletes the syslog server with the specified address from the list of syslogs.

Syntax Description

Default

No messages are logged to a syslog server host.

Command Mode

Global configuration

Usage Guidelines

This command identifies a syslog server host to receive logging messages. By issuing this command more than once, you build a list of syslog servers that receive logging messages.

Example

The following example logs messages to a host named johnson:

logging johnson

Related Commands

logging trap
service timestamps

logging buffered

To log messages to an internal buffer, use the logging buffered global configuration command. The no logging buffered command cancels the use of the buffer and writes messages to the console terminal, which is the default.

Syntax Description

This command has no arguments or keywords.

Default

The access server displays all messages to the console terminal.

Command Mode

Global configuration

Usage Guidelines

This command copies logging messages to an internal buffer instead of writing them to the console terminal. The buffer is circular in nature, so newer messages overwrite older messages.

To display the messages that are logged in the buffer, use the EXEC command show logging. The first message displayed is the oldest message in the buffer.

Example

The following example illustrates how to enable logging to an internal buffer:

logging buffered

logging console

To limit messages logged to the console based on severity, use the logging console global configuration command. To disable logging to the console terminal, use the no form of the command.

Syntax Description

Default

The debugging level

Command Mode

Global configuration

Usage Guidelines

Specifying one of the level names shown in Table 5-9 causes messages at that level and numerically lower levels to be displayed at the console terminal.

The EXEC command show logging displays the addresses and levels associated with the current logging setup, as well as any other logging statistics.

Example

The following example changes the level of messages displayed to the console terminal to alerts, which means alerts and emergencies are displayed:

logging console alerts

Related Command

logging facility

logging facility

To configure the syslog facility in which error messages are sent, use the logging facility global configuration command. To revert to the default of local7, use the no form of this command.

Syntax Description

Default

local7

Command Mode

Global configuration

Usage Guidelines

Example

The following example configures the syslog facility to Kernel:

logging facility kern

Related Command

logging console

logging monitor

To limit messages logged to the terminal lines (monitors) based on severity, use the logging monitor global configuration command. Use the no form of this command to disable logging to terminal lines other than the console line.

Syntax Description

Default

debugging

Command Mode

Global configuration

Usage Guidelines

Specifying a level causes messages at that level and numerically lower levels to be displayed to the monitor.

This command limits the logging messages displayed on terminal lines other than the console line to messages with a level at or above the specified level.

Example

The following example specifies that only messages of the levels errors, critical, alerts, and emergencies be displayed on terminals:

logging monitor errors

logging on

To control logging of error messages, use the logging on global configuration command. This command enables or disables message logging to all destinations except the console terminal. The no logging on command enables logging to the console terminal only.

Syntax Description

This command has no arguments or keywords.

Default

The access server logs messages to the console terminal.

Command Mode

Global configuration

Example

The following example shows how to direct error messages to the console terminal only:

no logging on

logging synchronous

Syntax Description

Defaults

This feature is turned off by default.

If you do not specify a severity level, the default value of 2 is assumed.

If you do not specify the maximum number of buffers to be queued, the default value of 20 is assumed.

Command Mode

Line configuration

Usage Guidelines

When synchronous logging of unsolicited messages and debug output is turned on, unsolicited router output is displayed on the console or printed after solicited router output is displayed or printed. Unsolicited messages and debug output is displayed on the console after the prompt for user input is returned. This is to keep unsolicited messages and debug output from being interspersed with solicited router output and prompts. After the unsolicited messages are displayed, the console displays the user prompt again.

When specifying a severity level number, consider that for the logging system, low numbers indicate greater severity and high numbers indicate lesser severity.

When a terminal line's message-queue limit is reached, new messages are dropped from the line, although these messages might be displayed on other lines. If messages are dropped, the notice "%SYS-3-MSGLOST number-of-messages due to overflow" follows any messages that are displayed. This notice is displayed only on the terminal that lost the messages. It is not sent to any other lines, any logging servers, or the logging buffer.

Caution By configuring abnormally large message-queue limits and setting the terminal to "terminal monitor" on a terminal that is accessible to intruders, you expose yourself to "denial of service" attacks. An intruder could carry out the attack by putting the terminal in synchronous output mode, making a Telnet connection to a remote host, and leaving the connection idle. This could cause large numbers of messages to be generated and queued, and these messages would consume all available RAM. Although unlikely to occur, you should guard against this type of attack through proper configuration.

Example

The following example identifies a line and configures synchronous logging for that line, then it does this for another line:

line 0 4
logging synchronous level 6
line 2
logging synchronous level 7 limit 70000

Related Command

A dagger (⁺) indicates that the command is documented in another chapter.

line + 

logging trap

To limit messages logged to the syslog servers based on severity, use the logging trap global configuration command. Use the no form of this command to disable logging to syslog servers.

Syntax Description

Default

informational

Command Mode

Global configuration

Usage Guidelines

The EXEC command show logging displays the addresses and levels associated with the current logging setup. The command output also includes ancillary statistics. This command limits the logging of error messages sent to syslog servers to only those messages at the specified level.

Table 5-9 lists the syslog definitions that correspond to the debugging message levels. Additionally, there are four categories of messages generated by the software, as follows:

• Error messages about software or hardware malfunctions at the LOG_ERR level

• Output for the debug commands at the LOG_WARNING level

• Interface up/down transitions and system restarts at the LOG_NOTICE level

• Reload requests and low process stacks are at the LOG_INFO level

Use the logging and logging trap commands to send messages to a UNIX syslog server.

Example

The following example logs messages to a host named johnson and limits messages logged to the syslog server.

logging johnson
logging trap notifications

Related Command

logging

login authentication

To enable TACACS+ authentication for logins, use the login authentication command. Use the no form of the command to return to the default.

Syntax Description

Default

Uses the default set with aaa authentication login.

Command Mode

Line configuration

Usage Guideline

This command is a per-line command used with AAA, and specifies the name of a list of TACACS+ authentication methods to try at login. If no list is specified, the default list will be used (whether or not it is specified in the command line). Defaults and lists are created by using the aaa authentication login command. Entering the no version of login authentication has the same effect as entering the command with the default argument.

Before issuing this command, create a list of authentication processes by using the global configuration aaa authentication login command.

Caution If you use a list-name that was not configured with the aaa authentication login command, you will disable login on this line.

Examples

The following example specifies that the default AAA authentication is to be used on line 4:

line 4
login authentication default

The following example specifies that the AAA authentication list called MIS-access is to be used on line 7:

line 7
login authentication MIS-access

Related Command

aaa authentication login

ntp access-group

To control access to the system's Network Time Protocol (NTP) services, use the ntp access-group global configuration command. To remove access control to the system's NTP services, use the no form of this command.

Syntax Description

Default

No access control (full access granted to all systems)

Command Mode

Global configuration

Usage Guidelines

The access group options are scanned in the following order from least restrictive to most restrictive:

1. peer
   
   
2. serve
   
   
3. serve-only
   
   
4. query-only
   

Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. If tighter security is desired, use the NTP authentication facility.

Example

In the following example, the system is configured to allow itself to be synchronized by a peer from access list 99. However, the system restricts access to allow only time requests from access list 42.

ntp access-group peer 99
ntp access-group serve-only 42

Related Command

A dagger (⁺) indicates that the command is documented in another chapter.

access-list ⁺

ntp authenticate

To enable Network Time Protocol (NTP) authentication, use the ntp authenticate global configuration command. Use the no form of this command to disable the feature.

Syntax Description

This command has no keywords or arguments.

Default

No authentication

Command Mode

Global configuration

Usage Guidelines

Use this command if you want authentication. If this command is specified, the system will not synchronize to a system unless it carries one of the authentication keys specified in the ntp trusted-key command.

Example

The following example enables NTP authentication:

ntp authenticate

Related Commands

ntp authentication-key
ntp trusted-key

ntp authentication-key

To define an authentication key for Network Time Protocol (NTP), use the ntp authentication-key global configuration command. Use the no form of this command to remove the authentication key for NTP.

Syntax Description

Default

No authentication key is defined for NTP.

Command Mode

Global configuration

Usage Guidelines

Use this command to define authentication keys for use with other NTP commands in order to provide a higher degree of security. Currently, only the key type md5 is supported.

Example

The following example sets authentication key 10 to aNiceKey:

ntp authentication-key 10 md5 aNiceKey

Related Commands

ntp authenticate
ntp peer
ntp server
ntp trusted-key

ntp broadcast

To specify that a specific interface should send Network Time Protocol (NTP) broadcast packets, use the ntp broadcast interface configuration command. Use the no form of this command to disable this capability.

Syntax Description

Default

Disabled

Command Mode

Interface configuration

Example

In the following example, Ethernet interface 0 is configured to send NTP version 2 packets:

interface ethernet 0
ntp broadcast version 2

Related Commands

ntp broadcast client
ntp broadcastdelay

ntp broadcast client

To allow the system to receive NTP broadcast packets on an interface, use the ntp broadcast client interface configuration command. Use the no form of this command to disable this capability.

Syntax Description

This command has no arguments or keywords.

Default

Disabled

Command Mode

Interface configuration

Usage Guidelines

Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.

Example

In the following example, the access server synchronizes to NTP packets broadcasted on Ethernet interface 1:

interface ethernet 1
ntp broadcast client

Related Commands

ntp broadcast
ntp broadcastdelay

ntp broadcastdelay

To set the estimated round-trip delay between the access server and a Network Time Protocol (NTP) broadcast server, use the ntp broadcastdelay global configuration command. Use the no form of this command to revert to the default value.

Syntax Description

Default

3000 microseconds

Command Mode

Global configuration

Usage Guidelines

Use this command when the access server is configured as a broadcast client and the round-trip delay on the network is other than 3000 microseconds.

Example

In the following example, the estimated round-trip delay between the access server and the broadcast client is set to 5000 microseconds:

ntp broadcastdelay 5000

Related Commands

ntp broadcast
ntp broadcast client

ntp clock-period

As NTP compensates for the error in the system clock, it keeps track of the correction factor for this error. The system automatically saves this value into the system configuration using the ntp clock-period global configuration command. The system uses the no form of this command to revert to the default.

Syntax Description

Default

17179869 (4 milliseconds)

Command Mode

Global configuration

Usage Guidelines

If a write memory command is entered to save the configuration to nonvolatile memory, this command will automatically be added to the configuration. It is a good idea to use the write memory command after NTP has been running for a week or so; this will help NTP synchronize more quickly if the system is restarted.

Do not enter this command; it is documented for informational purposes only. The system automatically generates this command as Network Time Protocol (NTP) determines the clock error and compensates.

ntp disable

To prevent an interface from receiving Network Time Protocol (NTP) packets, use the ntp disable interface configuration command. To enable receipt of NTP packets on an interface, use the no form of this command.

Syntax Description

This command has no arguments or keywords.

Default

Enabled

Command Mode

Interface configuration

Usage Guidelines

This command provides a simple method of access control.

Example

In the following example, Ethernet interface 0 is prevented from receiving NTP packets:

interface ethernet 0
ntp disable

ntp master

To configure the access server as a Network Time Protocol (NTP) master clock to which peers synchronize themselves when an external NTP source is not available, use the ntp master global configuration command. To disable the master clock function, use the no ntp master command.

Syntax Description

Default

By default, the master clock function is disabled. When enabled, the default stratum is 8.

Command Mode

Global configuration

Usage Guidelines

Because our implementation of NTP does not support directly attached radio or atomic clocks, the access server is normally synchronized, directly or indirectly, to an external system that has such a clock. In a network without Internet connectivity, such a time source may not be available. The ntp master command is used in such cases.

If the access server has ntp master configured, and it cannot reach any clock with a lower stratum number, the access server will claim to be synchronized at the configured stratum number, and other access servers will be willing to synchronize to it via NTP.

Caution Use this command with extreme caution. It is very easy to override valid time sources using this command, especially if a low stratum number is configured. Configuring multiple machines in the same network with the ntp master command can cause instability in timekeeping if the machines do not agree on the time.

Example

In the following example, the access server is configured as an NTP master clock to which peers can synchronize:

ntp master 10

ntp peer

To configure the access server's system clock to synchronize a peer or to be synchronized by a peer, use the ntp peer global configuration command. To disable this capability, use the no form of this command.

Syntax Description

Default

No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.

Command Mode

Global configuration

Usage Guidelines

Use this command if you want to allow this access server to synchronize with the peer, or vice versa. Using the prefer keyword will reduce switching back and forth between peers.

If you are using the default version of 3 and NTP synchronization does not occur, try using NTP version number 2. Many NTP servers on the Internet run version 2.

Example

In the following example, the access server is configured to allow its system clock to be synchronized with the clock of the peer (or vice versa) at IP address 172.30.22.33 using NTP version 2. The source IP address will be the address of Ethernet interface 0.

ntp peer 172.30.22.33 version 2 source Ethernet 0

Related Commands

ntp authentication-key
ntp server
ntp source

ntp server

To allow the access server's system clock to be synchronized by a time server, use the ntp server global configuration command. To disable this capability, use the no form of this command.

Syntax Description

Default

No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.

Command Mode

Global configuration

Usage Guidelines

Use this command if you want to allow this access server to synchronize with the specified server. The server will not synchronize to this access server.

Using the prefer keyword will reduce switching back and forth between servers.

If you are using the default version of 3 and NTP synchronization does not occur, try using NTP version number 2. Many NTP servers on the Internet run version 2.

Example

In the following example, the access server is configured to allow its system clock to be synchronized with the clock of the peer at IP address 172.30.22.44 using NTP version 2:

ntp server 172.30.22.44 version 2

Related Commands

ntp authentication-key
ntp peer
ntp source

ntp source

To use a particular source address in Network Time Protocol (NTP) packets, use the ntp source global configuration command. Use the no form of this command to remove the specified source address.

Syntax Description

Default

Source address is determined by the outgoing interface.

Command Mode

Global configuration

Usage Guidelines

Use this command when you want to use a particular source IP address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword is present on an ntp server or ntp peer command, that value overrides the global value.

Example

In the following example, the access server is configured to use the IP address of Ethernet interface 0 as the source address of all outgoing NTP packets:

ntp source ethernet 0

Related Commands

ntp peer
ntp server

ntp trusted-key

If you want to authenticate the identity of a system to which Network Time Protocol (NTP) will synchronize, use the ntp trusted-key global configuration command. Use the no form of this command to disable authentication of the identity of the system.

Syntax Description

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

If authentication is enabled, use this command to define one or more key numbers (corresponding to the keys defined with the ntp authentication-key command) that a peer NTP system must provide in its NTP packets, in order for this system to synchronize to it. This provides protection against accidentally synchronizing the system to a system that is not trusted, since the other system must know the correct authentication key.

Example

In the following example, the system is configured to synchronize only to systems providing authentication key 42 in its NTP packets:

ntp authenticate
ntp authentication-key 42 md5 aNiceKey
ntp trusted-key 42

Related Commands

ntp authenticate
ntp authentication-key

ping (user)

Use the ping (packet internet groper) user EXEC command to diagnose basic network connectivity on IP and Novell IPX networks.

Syntax Description

Command Mode

User EXEC

Usage Guidelines

The user-level ping feature provides a basic ping facility for users who do not have system privileges. This feature allows the access server to perform the simple default ping functionality for a number of protocols. Only the nonverbose form of the ping command is supported for user-level pings. Unlike the privileged-level ping command, the values for the number of ping packets sent, the datagram size, and the timeout cannot be adjusted.

If the system cannot map an address for a host name, it will return an "%Unrecognized host or address" error message.

To abort a ping session, type the escape sequence (by default, Ctrl-^ X, which is done by simultaneously pressing the Ctrl, Shift, and 6 keys, letting go, then pressing the X key).

Table 5-11 describes the test characters that the ping facility sends.

Example

The following display shows sample ping output when you ping the IP host named donald:

Router> ping donald
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.31.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/3/4 ms

Table 5-12 describes the default ping fields shown in the display.

Related Command

ping (privileged)

ping (privileged)

Use the ping (packet internet groper) privileged EXEC command to diagnose basic network connectivity on IP and Novell IPX networks.

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

The ping program sends an echo request packet to an address, then awaits a reply. Ping output can help you evaluate path-to-host reliability, delays over the path, and whether the host can be reached or is functioning.

Depending upon the protocol type, You can adjust values for the number of ping packets to be sent, the datagram size, the timeout interval, additional command to include, and the sizes of the echo packets being sent.

After you enter the ping command in privileged mode, the system prompts for one of the following keywords: ip or ipx. The default protocol is IP.

If you enter a host name or address on the same line as the ping command, the default action is taken as appropriate for the protocol type of that name or address.

To abort a ping session, type the escape sequence (by default, Ctrl-^ X, which is done by simultaneously pressing the Ctrl, Shift, and 6 keys, letting go, then pressing the X key).

Table 5-13 describes the test characters that the ping facility sends.

Example

While the precise dialog varies somewhat from protocol to protocol, all are similar to the ping session using default values shown in the following display:

Router# ping
Protocol [ip]:
Target IP address: 172.30.7.27
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.31.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms

Table 5-14 describes the default ping fields shown in the display.

Related Command

ping (user)

ppp authentication

To enable Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP), and to enable an AAA authentication method on an interface, use the ppp authentication interface configuration command. Use the no form of the command to disable this authentication.

Syntax Description

Default

PPP authentication is not enabled.

Command Mode

Interface configuration

Usage Guidelines

Once you have enabled CHAP or PAP, the local access server requires a password from remote devices. If the remote device does not support CHAP or PAP, no traffic will be passed to that device.

If you are using autoselect on a tty line, you will probably want to use the ppp authentication command to turn on PPP authentication for the corresponding interface.

When you specify the if-needed option, PPP authentication is not required when the user has already provided authentication. This option is useful in conjunction to the autoselect command, but cannot be used with AAA/TACACS+.

The list-name keyword can only be used when AAA/TACACS+ is initialized and cannot be used with the if-needed argument.

Caution If you use a list-name that was not configured with the aaa authentication ppp command, you will disable PPP on this interface.

Example

The following example enables CHAP on asynchronous interface 4:

interface async 4
encapsulation ppp
ppp authentication chap

Related Commands

A dagger (⁺) indicates that the command is documented in another chapter.

aaa authentication password-prompt
aaa new-model
autoselect⁺
encapsulation ppp⁺
ppp chap password
username

ppp chap password

Use the ppp chap password interface configuration command to enable a router calling a collection of routers that do not support this command (such as routers running older Cisco IOS software images) to configure a common CHAP secret password to use in response to challenges from an unknown peer. To disable this function, use the no form of this command.

Syntax Description

Default

Disabled.

Command Mode

Interface configuration.

Usage Guidelines

This command first appeared in Cisco IOS Release 11.2.

This command allows you to replace several username and password configuration commands with a single copy of this command on any dialer interface or asynchronous group interface.

This command is used for remote CHAP authentication only (when routers authenticate to the peer) and does not affect local CHAP authentication.

Example

The commands in the following example specify Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) number 0. The method of encapsulation on the interface is PPP. If a CHAP challenge is received from a peer whose name is not found in the global list of usernames, the encrypted secret 7 1267234591 is decrypted and used to create a CHAP response value.

interface bri 0
encapsulation ppp
ppp chap password 7 1234567891 

Related Commands

aaa authentication ppp
ppp authentication
ppp chap hostname
ppp pap

ppp use-tacacs

To enable TACACS for PPP authentication, use the ppp use-tacacs interface configuration command. Use the no form of this command to disable TACACS for PPP authentication.

Syntax Description

Default

TACACS is not used for PPP authentication.

Command Mode

Interface configuration

Usage Guidelines

This is a per-interface command used with Extended TACACS. Use this command only when you have set up an extended TACACS server.

When CHAP authentication is being used, the ppp use-tacacs command with the single-line option specifies that if a username and password are specified in the username, separated by an asterisk (*), then a standard tacacs login query is performed using that username and password. If the username does not contain an asterisk, then normal CHAP authentication is performed using TACACS.

This feature is useful when integrating TACACS with other authentication systems that require a clear-text version of the user's password. Such systems include one-time password systems, token card systems, and others.

Caution Normal CHAP authentications prevent the clear-text password from being transmitted over the link. When you use the single-line option, passwords will cross the link in the clear.

If the username and password are contained in the CHAP password, then the CHAP secret is not used by the Cisco system. Because most PPP clients will require that a secret be specified, you can use any arbitrary string; the Cisco system will ignore it.

Examples

In the following example, asynchronous serial interface 1 is configured to use TACACS for CHAP authentication:

interface async 1
ppp authentication chap
ppp use-tacacs

In the following example, asynchronous serial interface 1 is configured to use TACACS for PAP authentication:

interface async 1
ppp authentication pap
ppp use-tacacs

Related Commands

A dagger (⁺) indicates that the command is documented in another chapter.

ppp authentication chap⁺
ppp authentication pap⁺
tacacs-server directed-request
tacacs-server host

priority-group

To assign the specified priority list to an interface, use the priority-group interface configuration command. Use the no form of this command to remove the specified priority-group assignment.

Syntax Description

Default

None

Command Mode

Interface configuration

Usage Guidelines

Only one list can be assigned per interface. Priority output queueing provides a mechanism to prioritize packets transmitted on an interface.

Example

The following example causes packets on serial interface 0 to be classified by priority list 1:

interface serial 0
priority-group 1

Related Commands

priority-list
priority-list interface
priority-list queue-limit
priority-list stun

priority-list default

To assign a priority queue for those packets that do not match any other rule in the priority list, use the priority-list default global configuration command. Use the no form of this command to return to the default or assign normal as the default.

Syntax Description

Default

The normal queue is assumed if you use the no form of the command.

Command Mode

Global configuration

Example

The following example sets the priority queue for those packets that do not match any other rule in the priority list to a low priority:

priority-list 1 default low

Related Commands

priority-group
show queueing

priority-list interface

To establish queuing priorities on packets entering from a given interface, use the priority-list interface global configuration command. Use the no priority-list command with the appropriate arguments to remove an entry from the list.

Syntax Description

Default

No queuing priorities are established.

Command Mode

Global configuration

Example

The following example sets any packet type entering on Ethernet interface 0 to a medium priority:

priority-list 3 interface ethernet 0 medium

Related Commands

priority-group
show queueing

priority-list protocol

Syntax Description

Default

No queuing priorities are established.

Command Mode

Global configuration

Usage Guidelines

When using multiple rules for a single protocol, remember that the system reads the priority settings in order of appearance. When classifying a packet, the system searches the list of rules specified by priority-list commands for a matching protocol type. When a match is found, the packet is assigned to the appropriate queue. The list is searched in the order it is specified, and the first matching rule terminates the search.

Use Table 5-15, Table 5-16, and Table 5-17 to configure the queuing priorities for your system.

Use the no priority-list global configuration command followed by the appropriate list-number argument and the protocol keyword to remove a priority list entry assigned by protocol type.

Examples

The following example assigns a high-priority level to traffic that matches IP access list 10:

priority-list 1 protocol ip high list 10

The following example assigns a medium-priority level to Telnet packets:

priority-list 4 protocol ip medium tcp 23

The following example assigns a medium-priority level to UDP Domain Name Service packets:

priority-list 4 protocol ip medium udp 53

The following example assigns a high-priority level to traffic that matches Ethernet type code access list 201:

priority-list 1 protocol bridge high list 201

Related Commands

priority-group
show queueing

priority-list queue-limit

To specify the maximum number of packets that can be waiting in each of the priority queues, use the priority-list queue-limit global configuration command. Use the no form of this command to select the normal queue.

Syntax Description

Default

The default queue limit arguments are listed in Table 5-18.

Command Mode

Global configuration

Usage Guidelines

If a priority queue overflows, excess packets are discarded and quench messages can be sent, if appropriate, for the protocol.

Example

The following example sets the maximum packets in the priority queue to 10:

priority-list 2 queue-limit 10 40 60 80

Related Commands

priority-group
show queueing

privilege level (global)

To set the privilege level for a command, use the privilege level global configuration command. Use the no privilege level command to revert to default privileges for a given command.

Syntax Description

Default

Level 15 is the level of access permitted by the enable password.

Level 1 is normal EXEC-mode user privileges.

Command Mode

Global configuration

Usage Guidelines

Table 5-7 in the description of the alias command shows the acceptable options for the mode argument in the privilege level global configuration command.

The password for the privilege level defined using the privilege level global configuration mode is configured using the enable password command.

There are five commands associated with privilege level 0: disable, enable, exit, help, and logout. If you configure AAA authorization for a privilege level greater than 0, these five commands will not be included. Level 0 can be used to specify a more-limited subset of commands for specific users or lines. For example, you can allow user "guest" to only use the show users and exit commands.

Example

In the following example, the configure command in global configuration mode is assigned a privilege level of 14. Only users who know the level 14 password will be able to use the configure command.

privilege exec level 14 configure
enable password level 14 pswd14

Related Commands

enable password
privilege level (line)

privilege level (line)

To set the default privilege level for a line, use the privilege level line configuration command. Use the no privilege level command to restore the default user privilege level to the line.

Syntax Description

Default

Level 15 is the level of access permitted by the enable password.

Level 1 is normal EXEC-mode user privileges.

Command Mode

Line configuration

Usage Guidelines

The privilege level that is set using this command can be overridden by a user logging into the line and enabling a different privilege level. The user can lower the privilege level by using the disable command. If they know the password to a higher privilege level, they can use that password to enable the higher privilege level.

Level 0 can be used to specify a more limited subset of commands for specific users or lines. For example, you can allow user "guest" to only use the show users and exit commands.

You might specify a high level of privilege for your console line if you are able to restrict who uses that line.

Example

In the following example, the auxiliary line is configured for privilege level 5. Anyone who is using the auxiliary line will have privilege level 5 by default.

line aux 0
privilege level 5

Related Commands

enable password
privilege level (global)

prompt

To customize the access server prompt, use the prompt global configuration command. To revert to the default access server prompt, use the no form of this command.

Syntax Description

Default

The default access server prompt is either Router (cs for ASM) or the access server name defined with the hostname global configuration command, followed by an angle bracket (>) for EXEC mode or a pound sign (#) for privileged EXEC mode.

Command Mode

Global configuration

Usage Guidelines

You can include escape sequences when specifying the access server prompt. All escape sequences are preceded by a percent sign (%). Table 5-19 lists the valid escape sequences.

Examples

The following example changes the EXEC prompt to include the TTY number, followed by the access server name and a space:

prompt TTY%n@%h%s%p

The following are examples of user and privileged EXEC prompts that result from the previous command:

TTY17@cs >
TTY17Scs #

Related Command

hostname

queue-list default

Syntax Description

Default

Queue number 1

Command Mode

Global configuration

Usage Guidelines

Queue number 0 is a system queue. It is emptied before any of the other queues are processed. The system enqueues high-priority packets, such as keepalives, to this queue.

Example

In the following example, the default queue for list 10 is set to queue number 2:

queue-list 10 default 2

Related Commands

custom-queue-list
show queueing

queue-list interface

Syntax Description

Default

No queuing priorities are established.

Command Mode

Global configuration

Example

In the following example, queue list 4 established queuing priorities for packets entering on interface tunnel 3. The queue number assigned is 10.

queue-list 4 interface tunnel 3 10

Related Commands

custom-queue-list
show queueing

queue-list protocol

Syntax Description

Default

No queuing priorities are established.

Command Mode

Global configuration

Usage Guidelines

When classifying a packet, the system searches the list of rules specified by queue-list commands for a matching protocol type. When a match is found, the packet is assigned to the appropriate queue. The list is searched in the order it is specified, and the first matching rule terminates the search.

Use Table 5-15, Table 5-16, and Table 5-17 from the priority-list protocol command to configure custom queuing for your system.

Examples

The following example assigns traffic that matches IP access list 10 to queue number 1:

queue-list 1 protocol ip 1 list 10

The following example assigns Telnet packets to queue number 2:

queue-list 4 protocol ip 2 tcp 23

The following example assigns UDP Domain Name System packets to queue number 2:

queue-list 4 protocol ip 2 udp 53

The following example assigns traffic that matches Ethernet type code access list 201 to queue number 1:

queue-list 1 protocol bridge 1 list 201

Related Commands

custom-queue-list
show queueing

queue-list queue byte-count

Syntax Description

Default

1500 bytes

Command Mode

Global configuration

Example

In the following example, queue list 9 establishes the byte-count as 1400 for queue number 10:

queue-list 9 queue 10 byte-count 1400

Related Commands

custom-queue-list
show queueing

queue-list queue limit

To designate the queue length limit for a queue, use the queue-list queue limit global configuration command. To return the queue length to the default value, use the no form of this command.

Syntax Description

Default

20 entries

Command Mode

Global configuration

Example

In the following example, the queue length of queue 10 is increased to 40:

queue-list 5 queue 10 limit 40

Related Commands

custom-queue-list
show queueing

scheduler-interval

To control the maximum amount of time that can elapse without running the lowest-priority system processes, use the scheduler-interval global configuration command. Use the no form of this command to restore the default.

Syntax Description

Default

500 milliseconds

Command Mode

Global configuration

Usage Guidelines

The normal operation of the network server allows the switching operations to use as much of the central processor as is required. If the network is running unusually heavy loads that do not allow the processor the time to handle the routing protocols, give priority to the system process scheduler. High-priority operations are allowed to use as much of the central processor as needed.

Example

The following example changes the low-priority process schedule to an interval of 750 milliseconds:

scheduler-interval 750

service decimal-tty

To specify that line numbers be displayed and interpreted as decimal numbers rather than octal numbers, use the service decimal-tty global configuration command. Use the no form of this command to restore the default.

Syntax Description

This command has no arguments or keywords.

Default

Octal line numbers on the ASM-CS; decimal numbers on the 500-CS and Cisco 2500 Series.

Command Mode

Global configuration

Example

The following example shows how to display decimal rather than octal line numbers:

service decimal-tty

service exec-wait

To delay the startup of the EXEC on noisy lines, use the service exec-wait global configuration command. Use the no form of this command to disable this feature.

Syntax Description

This command has no arguments or keywords.

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

This command delays startup of the EXEC until the line has been idle (no traffic seen) for 3 seconds. The default is to enable the line immediately on modem activation.

This command is useful on noisy modem lines or when a modem attached to the line is configured to ignore MNP or V.42 negotiations, and MNP or V.42 modems may be dialing in. In these cases, noise or MNP/V.42 packets might be interpreted as usernames and passwords, causing authentication failure before the user gets a chance to type a username/password. The command is not useful on nonmodem lines or lines without some kind of login configured.

Example

The following example delays the startup of the EXEC:

service exec-wait

service finger

To allow Finger protocol requests (defined in RFC 742) to be made of the network server, use the service finger global configuration command. This service is equivalent to issuing a remote show users command. The no service finger command removes this service.

Syntax Description

This command has no arguments or keywords.

Default

Enabled

Command Mode

Global configuration

Example

The following is an example of how to disable the Finger protocol:

no service finger

service nagle

To enable the Nagle congestion control algorithm, use the service nagle global configuration command. Use the no form of this command to disable this feature.

Syntax Description

This command has no arguments or keywords.

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

When using a standard TCP implementation to send keystrokes between machines, TCP tends to send one packet for each keystroke typed. On larger networks, many small packets use up bandwidth and contribute to congestion.

John Nagle's algorithm (RFC 896) helps alleviate the small-packet problem in TCP. In general, it works this way: The first character typed after connection establishment is sent in a single packet, but TCP holds any additional characters typed until the receiver acknowledges the previous packet. Then the second, larger packet is sent, and additional typed characters are saved until the acknowledgment comes back. The effect is to accumulate characters into larger chunks, and pace them out to the network at a rate matching the round-trip time of the given connection. This method is usually a good for all TCP-based traffic. However, do not use the service nagle command if you have XRemote users on X Window sessions.

Example

The following example enables the Nagle algorithm on the access server:

service nagle

service password-encryption

To encrypt passwords, use the service password-encryption global configuration command. Use the no form of this command to disable this service.

Syntax Description

This command has no arguments or keywords.

Default

No encryption

Command Mode

Global configuration

Usage Guidelines

The actual encryption process occurs when the current configuration is written or when a password is configured. Password encryption can be applied to both the privileged command password and to console and virtual terminal line access passwords.

When password encryption is enabled, the encrypted form of the passwords is displayed when a show configuration command is entered.

Example

The following example causes password encryption to take place:

service password-encryption

service prompt config

To display the configuration prompt (config), use the service prompt config global configuration command. Use the no form of this command to remove the configuration prompt.

Syntax Description

This command has no arguments or keywords.

Default

Router(config)#

Command Mode

Global configuration

Examples

In the following example, notice how the configuration prompt varies, depending on what sub division of configuration mode you are using.

Router#config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#line config 0
Router(config-line)#router rip
Router(config-router)#map-list foo
Router(config-map-list)#map-class atm bar
Router(config-map-class)#exit
Router(config)#exit
Router#

Related Commands

prompt
hostname

service tcp-keepalives

To generate keepalive packets on idle network connections, use the service tcp-keepalives global configuration command. Use the no form of this command with the appropriate keyword to disable the keepalives.

Syntax Description

Default

Disabled

Command Mode

Global configuration

Example

The following example generates keepalives on incoming TCP connections:

service tcp-keepalives-in

service tcp-small-servers

To access minor TCP/IP services available from hosts on the network, use the service tcp-small-servers command. Use the no form of the command to disable these services.

Syntax Description

This command has no arguments or keywords.

Default

Enabled

Command Mode

Global configuration

Usage Guidelines

This command makes available minor TCP/IP services through hosts on the network such as chargen, echo, discard, and daytime.

Example

The following example enables minor TCP/IP services available from the network:

service tcp-small-servers

service telnet-zero-idle

To set the TCP window to zero (0) when the Telnet connection is idle, use the service telnet-zero-idle global configuration command. Use the no form of this command to disable this feature.

Syntax Description

This command has no arguments or keywords.

Default

Disabled

Command Mode

Global configuration

Usage Guidelines

Normally, data sent to noncurrent Telnet connections is accepted and discarded. When service telnet-zero-idle is enabled, if a session is suspended (that is, some other connection is made active or the EXEC is sitting in command mode), the TCP window is set to zero. This action prevents the remote host from sending any more data until the connection is resumed. Use this command when it is important that all messages sent by the host be seen by the users and the users are likely to use multiple sessions.

Do not use this command if your host will eventually time out and log out a TCP user whose window is zero.

Example

The following example sets the TCP window to zero when the Telnet connection is idle:

service telnet-zero-idle

Related Command

resume

service timestamps

To configure the system to timestamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.

Syntax Description

Default

No timestamping.

If service timestamps is specified with no arguments or keywords, the default is service timestamps debug uptime.

The default for service timestamps type datetime is to format the time in UTC, with no milliseconds and no time-zone name.

The command no service timestamps with no arguments or keywords disables timestamps for both debugging and logging messages.

Command Mode

Global configuration

Usage Guidelines

Timestamps can be added to either debugging or logging messages independently. The uptime form of the command adds timestamps in the format HHHH:MM:SS, indicating the time since the system was rebooted. The datetime form of the command adds timestamps in the format
MMM DD HH:MM:SS, indicating the date and time according to the system clock. If the system clock has not been set, the date and time are preceded by an asterisk (*) to indicate that the date and time are probably not correct.

Examples

The following example enables timestamps on debugging messages, showing the time since reboot:

service timestamps debug uptime

The following example enables timestamps on logging messages, showing the current time and date relative to the local time zone, with the time zone name included:

service timestamps log datetime localtime show-timezone

Related Commands

A dagger (⁺) indicates that the command is documented in the Debug Command Reference.

clock set
debug ⁺
ntp

show aliases

To display all alias commands, or the alias commands in a specified mode, use the show aliases privileged EXEC command.

Syntax Description

Table 5-7 shows the options for the optional mode argument in the show aliases privileged EXEC command.

Command Mode

Privileged EXEC

Usage Guidelines

All of the modes listed in Table 5-7 have their own prompts, except for the null interface mode. For example, the prompt for interface configuration mode is cs(config-if).

Sample Display

The following is sample output from the show aliases exec commands. The aliases configured for commands in EXEC mode are displayed.

Router# show aliases exec

Exec mode aliases:
  h                     help
  lo                    logout
  p                     ping
  r                     resume
  s                     show
  w                     where

Related Command

alias

show buffers

Use the show buffers EXEC command to display statistics for the buffer pools on the network server.

Syntax Description

Command Mode

EXEC

Sample Displays

The following is sample output from the show buffers command with no optional arguments; showing all buffer pool and interface buffer pool information:

		Router# show buffers
Buffer elements:
          421 in free list (500 max allowed)
          409 hits, 0 misses, 0 created
      Public buffer pools:
     Small buffers, 104 bytes (total 50, permanent 50):
          50 in free list (20 min, 150 max allowed)
          277 hits, 0 misses, 0 trims, 0 created
     Middle buffers, 600 bytes (total 25, permanent 25):
          24 in free list (10 min, 75 max allowed)
          19 hits, 0 misses, 0 trims, 0 created
          0 failures (0 no memory)
     Big buffers, 1524 bytes (total 50, permanent 50):
          50 in free list (5 min, 40 max allowed)
          4 hits, 0 misses, 0 trims, 0 created
          0 failures (0 no memory)
     VeryBig buffers, 4520 bytes (total 10, permanent 10):
          10 in free list (0 min, 100 max allowed)
          0 hits, 0 misses, 0 trims, 0 created
     Large buffers, 5024 bytes (total 0, permanent 0):
          0 in free list (0 min, 10 max allowed)
          0 hits, 0 misses, 0 trims, 0 created
          0 failures (0 no memory)
     Huge buffers, 18024 bytes (total 0, permanent 0):
          0 in free list (0 min, 4 max allowed)
          0 hits, 0 misses, 0 trims, 0 created
          0 failures (0 no memory)
      Interface buffer pools:
     Fddi buffers, 5024 bytes (total 256, permanent 256):
          0 in free list (0 min, 256 max allowed)
          256 hits, 0 misses
          256 max cache size, 110 in cache
          14 buffer threshold, 0 threshold transitions
     Ethernet0 buffers, 1524 bytes (total 64, permanent 64):
          16 in free list (0 min, 64 max allowed)
          48 hits, 0 misses
          16 max cache size, 16 in cache
     Ethernet1 buffers, 1524 bytes (total 64, permanent 64):
          16 in free list (0 min, 64 max allowed)
          48 hits, 0 misses
          16 max cache size, 16 in cache
     Serial0 buffers, 1524 bytes (total 64, permanent 64):
          16 in free list (0 min, 64 max allowed)
          48 hits, 0 misses
          16 max cache size, 16 in cache
     Serial1 buffers, 1524 bytes (total 64, permanent 64):
          16 in free list (0 min, 64 max allowed)
          48 hits, 0 misses
          16 max cache size, 16 in cache

Table 5-20 describes significant fields shown in the display.

		Router# show buffers ethernet 0
Ethernet0 buffers, 1524 bytes (total 64, permanent 64):
          16 in free list (0 min, 64 max allowed)
          48 hits, 0 misses
          16 max cache size, 16 in cache

		Router# show buffers all
Buffer elements:
                            Free      Max        Hit  Miss      Creat
                                      Free                         ed
--------------------------------------------------------------------------------
                             427       500     17553     0          0
 
Public buffer pools:
 
Pool      Buffer Total Perm Free Min  Max        Hit  Miss  Trim Creat Need Ex-
Name        Size                 Free Free                          ed      tra
--------------------------------------------------------------------------------
Small        104    50   50   50   20  150     14141     0     0     0 
 
Middle       600    25   25   25   10   75        36     0     0     0 
 
Big         1524    50   50   50    5   40        18     0     0     0 
 
Large       5024     0    0    0    0   10         0     0     0     0 
 
Huge       18024     0    0    0    0    4         0     0     0     0 
 
 
Interface buffer pools:
 
Pool      Buffer Total Perm Free Min  Max        Hit  Fall Cache Cache Need Ex-
Name        Size                 Free Free            back Max   Free       tra
--------------------------------------------------------------------------------
Serial0     1524    96   96   31    0   96        65     0    32    32 
 
Serial1     1524    96   96   31    0   96        65     0    32    32 
Ethernet0   1524    96   96   32    0   96        64     0    32    32 
 
0 failures (0 no memory)

		Router# show buffers alloc
Buffer elements:
                            Free      Max        Hit  Miss      Creat
                                      Free                         ed
--------------------------------------------------------------------------------
                             427       500     18589     0          0
 
Public buffer pools:
 
Pool      Buffer Total Perm Free Min  Max        Hit  Miss  Trim Creat Need Ex-
Name        Size                 Free Free                          ed      tra
--------------------------------------------------------------------------------
Small        104    50   50   50   20  150     14982     0     0     0 
 
Middle       600    25   25   25   10   75        36     0     0     0 
 
Big         1524    50   50   50    5   40        18     0     0     0 
 
Large       5024     0    0    0    0   10         0     0     0     0 
 
Huge       18024     0    0    0    0    4         0     0     0     0 
 
 
0 failures (0 no memory)
 
 
Address  PakAddr  Data     Off Data  Pool  Ref Link Enc     Flags Output  Input
                  Area     set Size        Cnt Type Type    (Hex) Idb     Idb
--------------------------------------------------------------------------------
604A8C20 604A8C40 40007550  84     0 Seria   1    0    0        0              
604B6A80 604B6AA0 40007BD4  84     0 Seria   1    0    0        0              
.

show cdp

To display global CDP information, including timer and hold-time information, use the show cdp privileged EXEC command.

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show cdp command. Global CDP timer and hold-time parameters are set to the defaults of 60 and 180 seconds, respectively.

Router# show cdp

Global CDP information:
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds

Related Commands

cdp holdtime
cdp timer
show cdp entry
show cdp neighbors

show cdp entry

To display information about a neighbor device listed in the CDP table, use the show cdp entry privileged EXEC command.

Syntax Description

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show cdp entry command with no limits. Information about the neighbor device.cisco.com is displayed, including device ID, address and protocol, platform, interface, hold-time, and version.

Router# show cdp entry device.cisco.com

Device ID: device.cisco.com
Entry address(es): 
  IP address: 172.30.68.18
  CLNS address: 490001.1111.1111.1111.00
  DECnet address: 10.1
Platform: AGS,  Capabilities: Router Trans-Bridge 
Interface: Ethernet0,  Port ID (outgoing port): Ethernet0
Holdtime : 155 sec
 
Version :
GS Software (GS3), Experimental Version 10.2(10302) [asmith 161]
Copyright (c) 1986-1994 by cisco Systems, Inc.
Compiled Mon 07-Nov-94 14:34

The following is sample output from the show cdp entry privilege command. Only information about the protocols enabled on device-cisco.com is displayed.

Router# show cdp entry device.cisco.com protocol

Protocol information for device.cisco.com :
  IP address: 172.30.68.18
  CLNS address: 490001.1111.1111.1111.00
  DECnet address: 10.1

The following is sample output from the show cdp entry version command. Only information about the version of software running on device.cisco.com is displayed.

Router# show cdp entry device.cisco.com version 
 
Version information for device.cisco.com :
  GS Software (GS3), Experimental Version 10.2(10302) [asmith 161]
Copyright (c) 1986-1994 by cisco Systems, Inc.
Compiled Mon 07-Nov-94 14:34

Related Command

show cdp neighbors

show cdp interface

To display information about the interfaces on which CDP is enabled, use the show cdp interface privileged EXEC command.

Syntax Description

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show cdp interface command. Status information and information about CDP timer and hold-time settings is displayed for all interfaces on which CDP is enabled.

Router# show cdp interface

Serial0 is up, line protocol is up, encapsulation is SMDS
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds
Ethernet0 is up, line protocol is up, encapsulation is ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds

The following is sample output from the show cdp interface command with an interface specified. Status information and information about CDP timer and hold-time settings is displayed for Ethernet interface 0 only.

Router# show cdp interface ethernet 0

Ethernet0 is up, line protocol is up, encapsulation is ARPA
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds

show cdp neighbors

To display information about neighbors, use the show cdp neighbors privileged EXEC command.

Syntax Description

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show cdp neighbors command. Device ID, interface type and number, hold-time settings, capabilities, platform, and port ID information about the access server's neighbors are displayed.

Router# show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP
 
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
device.cisco.com      Eth 0          151         R T        AGS       Eth 0
device.cisco.com      Ser 0          165         R T        AGS       Ser 3

The following is sample output from the show cdp neighbors detail command. Additional detail is shown about the access server's neighbors, including network address, enabled protocols, and software version:

Router# show cdp neighbors detail 
Device ID: device.cisco.com
Entry address(es): 
  IP address: 172.30.68.18
  CLNS address: 490001.1111.1111.1111.00
  DECnet address: 10.1
Platform: AGS,  Capabilities: Router Trans-Bridge 
Interface: Ethernet0,  Port ID (outgoing port): Ethernet0
Holdtime : 143 sec
 
Version :
GS Software (GS3), Experimental Version 10.2(10302) [asmith 161]
Copyright (c) 1986-1994 by cisco Systems, Inc.
Compiled Mon 07-Nov-94 14:34

Related Command

show cdp entry

show cdp traffic

To display traffic information from the CDP table, use the show cdp traffic privileged EXEC command.

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show cdp traffic command.

Router# show cdp traffic
CDP counters :
        Packets output: 94, Input: 75
        Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
        No memory: 0, Invalid packet: 0, Fragmented: 0

In this example, traffic information is displayed, which includes the numbers of packets sent, the number of packets received, header syntax, checksum errors, failed encapsulations, memory problems, and invalid and fragmented packet. Header syntax indicates the number of packets CDP receives that have an invalid header format.

show clock

To display the system clock, use the show clock EXEC command:

Syntax Description

Command Mode

EXEC

Usage Guidelines

The system clock keeps an "authoritative" flag that indicates whether or not the time is authoritative (believed to be accurate). If system clock has been set by a timing source (NTP), the flag is set. If the time is not authoritative, it will be used only for display purposes. Until the clock is authoritative and the "authoritative" flag is set, the flag prevents the access server from causing peers to synchronize to the server when its time is invalid.

The symbol that precedes the show clock display indicates the following:

Sample Display

The following sample output shows that the current clock is authoritative and that the time source is NTP:

Router# show clock detail
15:29:03.158 PST Mon Mar 1 1993
Time source is NTP
Router#

Related Command

clock set

show debugging

To display information about the types of CDP debugging that are enabled for your access server, use the show debugging privileged EXEC command.

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show debug command:

Router# show debugging

CDP:
  CDP packet info debugging is on
  CDP events debugging is on
  CDP neighbor info debugging is on
CDP-PA: Packet received from neon.cisco.com on interface Ethernet0
CDP-EV: Encapsulation on interface Serial0 failed
CDP-AD: Aging entry for neon.cisco.com, on interface Ethernet0

In this example, all three types of CDP debugging are enabled.

Related Commands

A dagger (⁺) indicates that the command is documented in the Debug Command Reference.

debug cdp packets⁺
debug cdp adjacency⁺
debug cdp events⁺

show ip accounting

To display the active accounting or checkpointed database or to display access-list violations, use the show ip accounting privileged EXEC command.

Syntax Description

Defaults

If neither the output-packets nor access-violations keyword is specified, show ip accounting displays information pertaining to packets that passed access control and were successfully routed.

Command Mode

EXEC

Usage Guidelines

To use this command, you must first enable IP accounting on a per-interface basis.

Example

The following example displays information pertaining to packets that failed access lists and were not router (see sample display for command).

show ip accounting access-violations

Sample Display

Following is sample output from the show ip accounting command:

Router# show ip accounting
   Source           Destination              Packets               Bytes     
 172.30.19.40     172.30.67.20                     7                 306
 172.30.13.55     172.30.67.20                    67                2749
 172.30.2.50      172.30.33.51                    17                1111
 172.30.2.50      172.30.2.1                       5                 319
 172.30.2.50      172.30.1.2                     463               30991
 172.30.19.40     172.30.2.1                       4                 262
 172.30.19.40     172.30.1.2                      28                2552
 172.30.20.2     172.30.6.100                    39                2184
 172.30.13.55    172.30.1.2                      35                3020
 172.30.19.40    172.30.33.51                  1986               95091
 172.30.2.50     172.30.67.20                   233               14908
 172.30.13.28    172.30.67.53                   390               24817
 172.30.13.55    172.30.33.51                214669             9806659
 172.30.13.111   172.30.6.23                  27739             1126607
 172.30.13.44    172.30.33.51                 35412             1523980
 172.30.7.21     172.30.1.2                      11                 824
 172.30.13.28    172.30.33.2                     21                1762
 172.30.2.166    172.30.7.130                   797              141054
 172.30.3.11     172.30.67.53                     4                 246
 172.30.7.21     172.30.33.51                 15696              695635
 172.30.7.24     172.30.67.20                    21                 916
 172.30.13.111   172.30.10.1                     16                1137

Table 5-21 describes significant fields shown in the display.

Following is sample output from the show ip accounting access-violations command:

Router# show ip accounting access-violations
  Source          Destination        Packets        Bytes      ACL   172.30.19.40   172.30.67.20       7              306        77
  172.30.13.55   172.30.67.20       67             2749       185
  172.30.2.50    172.30.33.51       17             1111       140
  172.30.2.50    172.30.2.1         5              319        140
  172.30.19.40   172.30.2.1         4              262        77
Accounting data age is 41

Table 5-22 describes significant fields shown in the display.

Related Commands

A dagger (⁺) indicates that the command is documented in another chapter.

clear ip accounting⁺
ip accounting⁺
ip accounting-list⁺
ip accounting-threshold⁺
ip accounting-transits⁺

show logging

Use the show logging EXEC command to display the state of logging (syslog).

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

This command displays the state of syslog error and event logging, including host addresses, and whether console logging is enabled. This command also displays Simple Network Management Protocol (SNMP) configuration parameters and protocol activity.

Sample Display

The following is sample output from the show logging command:

Router# show logging
Syslog logging: enabled
     	Console logging: disabled
     	Monitor logging: level debugging, 266 messages logged.
     	Trap logging: level informational, 266 messages logged.
     	Logging to 172.30.2.238
SNMP logging: disabled, retransmission after 30 seconds
    0 messages logged

Table 5-23 describes significant fields shown in the display.

show memory

Use the show memory EXEC command to show statistics about the access server's memory, including memory free pool statistics.

Syntax Description

Command Mode

EXEC

Sample Displays

The following is sample output from the show memory command:

Router# show memory
               Head  FreeList    Total(b)     Used(b)     Free(b)  Largest(b)
Processor    2E0FF8    2AABFC    13758472      847216    12911256    12908036
          Processor memory
Address   Bytes Prev.   Next     Ref  PrevF   NextF   Alloc PC  What
2E0FF8     2128 0       2E1848     1                  84352     *Init*
2E1848     2052 2E0FF8  2E204C     1                  86184     *Init*
2E204C      564 2E1848  2E2280     1                  861B0     *Init*
2E2280     2052 2E204C  2E2A84     1                  1266      *Init*
2E2A84      308 2E2280  2E2BB8     1                  44974     *Init*
2E2BB8      220 2E2A84  2E2C94     1                  3F788     *Init*
2E2C94     2052 2E2BB8  2E3498     1                  3F7A8     *Init*
2E3498     4052 2E2C94  2E446C     1                  46770     *Init*
2E446C      516 2E3498  2E4670     1                  44E4C     *Packet Buffer*
2E4670      516 2E446C  2E4874     1                  44E4C     *Packet Buffer*
2E4874      516 2E4670  2E4A78     1                  44E4C     *Packet Buffer*
2E4A78      516 2E4874  2E4C7C     1                  44E4C     *Packet Buffer*
2E4C7C      516 2E4A78  2E4E80     1                  44E4C     *Packet Buffer*
2E4E80      516 2E4C7C  2E5084     1                  44E4C     *Packet Buffer*
2E5084      516 2E4E80  2E5288     1                  44E4C     *Packet Buffer*
2E5288      516 2E5084  2E548C     1                  44E4C     *Packet Buffer*
2E548C      516 2E5288  2E5690     1                  44E4C     *Packet Buffer*
2E5690      516 2E548C  2E5894     1                  44E4C     *Packet Buffer*

The following is sample output from the show memory free command:

Router# show memory free
               Head  FreeList    Total(b)     Used(b)     Free(b)  Largest(b)
Processor    2E0FF8    2AABFC    13758472      847120    12911352    12908036
          Processor memory
Address   Bytes Prev.   Next     Ref  PrevF   NextF   Alloc PC  What
             72    Free list 1
             88    Free list 2
             96    Free list 3
384A04       96 38496C  384A64     0  0       0       1205A4    IGRP Router
            108    Free list 4
            124    Free list 5
                   Final freespace block
3B09FC 12908036 3B0834  0          0  0       0       76162     (coalesced)

The display of show memory free contains the same types of information as the show memory display, except that only free memory is displayed, and the information is displayed in order for each free list.

The first section of the display includes summary statistics about the activities of the system memory allocator. Table 5-24 describes significant fields shown in the first section of the display.

The second section of the display is a block-by-block listing of memory use. Table 5-25 describes significant fields shown in the second section of the display.

cs1# show memory io
I/O memory
 Address  Bytes Prev.    Next     Ref  PrevF   NextF   Alloc PC  What
100000      212 0        1000F8     1                  3000F2C   *Packet Data*
1000F8      212 100000   1001F0     1                  3000F2C   *Packet Data*
1001F0      212 1000F8   1002E8     1                  3000F2C   *Packet Data*
   .         .     .        .       .                     .            .
   .         .     .        .       .                     .            .
   .         .     .        .       .                     .            .
14AB94     4528 14A510   14BD68     0  146134  0       0         (fragment)
14BD68     1632 14AB94   14C3EC     1                  3001C74   *Packet Data*
14C3EC   736240 14BD68   0          0  0       0       0         (fragment)

cs1# show memory
   Head  FreeList    Total(b)     Used(b)     Free(b)  Largest(b)
Processor     66ABC     2DD1C      628036      579460       48576       36096
      I/O    100000     32A14     1048576      179192      869384      736240
Processor memory
 Address  Bytes Prev.    Next     Ref  PrevF   NextF   Alloc PC  What
66ABC      2408 0        67448      1                  30196A0   TTY data
67448      2000 66ABC    67C3C      1                  301B640   TTY Input Buf
  .          .    .        .        .                     .           .
  .          .    .        .        .                     .           .
  .          .    .        .        .                     .           .
14AB94     4528 14A510   14BD68     0  146134  14542C  0         (fragment)
14BD68     1632 14AB94   14C3EC     1                  3001C74   *Packet Data*
14C3EC   736240 14BD68   0          0  0       0       0         (fragment)
cs1#

show ntp associations

To show the status of Network Time Protocol (NTP) associations, use the show ntp associations EXEC command.

Syntax Description

Command Mode

EXEC

Sample Displays

Detailed descriptions of the information displayed by this command can be found in the NTP specification (RFC 1305).

The following is sample output from the show ntp associations command:

Router# show ntp associations
     address         ref clock     st  when  poll reach  delay  offset    disp
 ~172.30.32.2      172.30.32.1       5    29  1024  377     4.2   -8.59     1.6
+~172.30.13.33    172.30.1.111     3    69   128  377     4.1    3.48     2.3
*~172.30.13.57    172.30.1.111     3    32   128  377     7.9   11.18     3.6
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Table 5-26 describes significant fields shown in the display.

Router# show ntp associations detail
172.30.32.2 configured, insane, invalid, stratum 5
ref ID 172.30.32.1, time AFE252C1.6DBDDFF2 (00:12:01.428 PDT Mon Jul 5 1993)
our mode active, peer mode active, our poll intvl 1024, peer poll intvl 64
root delay 137.77 msec, root disp 142.75, reach 376, sync dist 215.363
delay 4.23 msec, offset -8.587 msec, dispersion 1.62
precision 2**19, version 3
org time AFE252E2.3AC0E887 (00:12:34.229 PDT Mon Jul 5 1993)
rcv time AFE252E2.3D7E464D (00:12:34.240 PDT Mon Jul 5 1993)
xmt time AFE25301.6F83E753 (00:13:05.435 PDT Mon Jul 5 1993)
filtdelay =     4.23    4.14    2.41    5.95    2.37    2.33    4.26    4.33
filtoffset =   -8.59   -8.82   -9.91   -8.42  -10.51  -10.77  -10.13  -10.11
filterror =     0.50    1.48    2.46    3.43    4.41    5.39    6.36    7.34
172.30.13.33 configured, selected, sane, valid, stratum 3
ref ID 172.30.1.111, time AFE24F0E.14283000 (23:56:14.078 PDT Sun Jul 4 1993)
our mode client, peer mode server, our poll intvl 128, peer poll intvl 128
root delay 83.72 msec, root disp 217.77, reach 377, sync dist 264.633
delay 4.07 msec, offset 3.483 msec, dispersion 2.33
precision 2**6, version 3
org time AFE252B9.713E9000 (00:11:53.442 PDT Mon Jul 5 1993)
rcv time AFE252B9.7124E14A (00:11:53.441 PDT Mon Jul 5 1993)
xmt time AFE252B9.6F625195 (00:11:53.435 PDT Mon Jul 5 1993)
filtdelay =     6.47    4.07    3.94    3.86    7.31    7.20    9.52    8.71
filtoffset =    3.63    3.48    3.06    2.82    4.51    4.57    4.28    4.59
filterror =     0.00    1.95    3.91    4.88    5.84    6.82    7.80    8.77
172.30.13.57 configured, our_master, sane, valid, stratum 3
ref ID 172.30.1.111, time AFE252DC.1F2B3000 (00:12:28.121 PDT Mon Jul 5 1993)
our mode client, peer mode server, our poll intvl 128, peer poll intvl 128
root delay 125.50 msec, root disp 115.80, reach 377, sync dist 186.157
delay 7.86 msec, offset 11.176 msec, dispersion 3.62
precision 2**6, version 2
org time AFE252DE.77C29000 (00:12:30.467 PDT Mon Jul 5 1993)
rcv time AFE252DE.7B2AE40B (00:12:30.481 PDT Mon Jul 5 1993)
xmt time AFE252DE.6E6D12E4 (00:12:30.431 PDT Mon Jul 5 1993)
filtdelay =    49.21    7.86    8.18    8.80    4.30    4.24    7.58    6.42
filtoffset =   11.30   11.18   11.13   11.28    8.91    9.09    9.27    9.57
filterror =     0.00    1.95    3.91    4.88    5.78    6.76    7.74    8.71   

Table 5-27 describes significant fields shown in the display.

show ntp status

To show the status of Network Time Protocol (NTP), use the show ntp status EXEC command.

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Sample Display

The following is sample output from the show ntp status command:

Router# show ntp status
Clock is synchronized, stratum 4, reference is 131.108.13.57
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19
reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993)
clock offset is 7.33 msec, root delay is 133.36 msec
root dispersion is 126.28 msec, peer dispersion is 5.98 msec

Table 5-28 shows the significant fields in the display.

show privilege

To display your current level of privilege, use the show privilege EXEC command.

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Sample Display

The following is sample output from the show privilege command. The current privilege level is 15.

Router# show privilege

Current privilege level is 15

Related Command

enable password

show processes

Use the show processes EXEC command to display information about the active processes.

Syntax Description

Command Mode

EXEC

Sample Displays

The following is sample output from the show processes command:

Router# show processes
CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
  PID Q T      PC Runtime (ms)    Invoked   uSecs   Stacks  TTY Process
    1 M T   40FD4         1736         58   29931  910/1000   0 Check heaps
    2 H E   9B49C           68        585     116  790/900    0 IP Input
    3 M E   AD4E6            0        737       0  662/1000   0 TCP Timer
    4 L E   AEBB2            0          2       0  896/1000   0 TCP Protocols
    5 M E   A2F9A            0          1       0  852/1000   0 BOOTP Server
    6 L E   4D2A0           16        127     125  876/1000   0 ARP Input
    7 L E   50C76            0          1       0  936/1000   0 Probe Input
    8 M E   63DA0            0          7       0  888/1000   0 MOP Protocols
    9 M E   86802            0          2       0 1468/1500   0 Timers
   10 M E   7EBCC          692         64   10812  794/1000   0 Net Background
   11 L E   83BBC            0          5       0  870/1000   0 Logger
   12 M T  11C454            0         38       0  574/1000   0 BGP Open
   13 H E   7F0E0            0          1       0  446/500    0 Net Input
   14 M T   436EA          540       3435     157  737/1000   0 TTY Background
   15 M E  11BA9C            0          1       0  960/1000   0 BGP I/O
   16 M E  11553A         5100       1367    3730 1250/1500   0 IGRP Router
   17 M E  11B76C           88       4200      20 1394/1500   0 BGP Router
   18 L T  11BA64          152      14650      10  942/1000   0 BGP Scanner
   19 M *       0          192         80    2400 1714/2000   0 Exec

The following is sample output from the show processes cpu command:

Router# show processes cpu
CPU utilization for five seconds: 5%/2%; one minute: 3%; five minutes: 2%
  PID  Runtime (ms)    Invoked   uSecs   5Sec 1Min 5Min  Process
    1          1736         58   29931     0%   0%   0%  Check heaps
    2            68        585     116     1%   1%   0%  IP Input
    3             0        744       0     0%   0%   0%  TCP Timer
    4             0          2       0     0%   0%   0%  TCP Protocols
    5             0          1       0     0%   0%   0%  BOOTP Server
    6            16        130     123     0%   0%   0%  ARP Input
    7             0          1       0     0%   0%   0%  Probe Input
    8             0          7       0     0%   0%   0%  MOP Protocols
    9             0          2       0     0%   0%   0%  Timers
   10           692         64   10812     0%   0%   0%  Net Background
   11             0          5       0     0%   0%   0%  Logger
   12             0         38       0     0%   0%   0%  BGP Open
   13             0          1       0     0%   0%   0%  Net Input
   14           540       3466     155     0%   0%   0%  TTY Background
   15             0          1       0     0%   0%   0%  BGP I/O
   16          5100       1367    3730     0%   0%   0%  IGRP Router
   17            88       4232      20     2%   1%   0%  BGP Router
   18           152      14650      10     0%   0%   0%  BGP Scanner
   19           224         99    2262     0%   0%   1%  Exec

Table 5-29 describes significant fields shown in the two displays. In the first line of the display: CPU utilization for the last 5 seconds, 1 minute, and 5 minutes. The second part of the 5-second figure is the percentage of the CPU used by interrupt routines.

show processes memory

Use the show processes memory EXEC command to show memory utilization.

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Sample Display

The following is sample output from the show processes memory command:

Router# show processes memory
Total: 2416588, Used: 530908, Free: 1885680
	   PID   	TTY  	Allocated	    Freed       	Holding Process
   	0     	0	    462708	       2048        	460660 *Init*
   	0     	0    	76	           4328 - 	     4252 *Sched*
   	0     	0    	82732        	33696       	49036 *Dead*
   	1     	0    	2616         	0           	2616 Net Background
   	2     	0    	0            	0           	0 Logger
   	21    	0    	20156        	40          	20116 IGRP Router
   	4     	0    	104	          0	           104 BOOTP Server
   	5     	0    	0            	0           	0 IP Input
   	6     	0    	0            	0           	0 TCP Timer
   	7     	0    	360          	0           	360 TCP Protocols
   	8     	0    	0            	0           	0 ARP Input
   	9     	0    	0            	0           	0 Probe Input
   	10    	0    	0            	0           	0 MOP Protocols
   	11	    0	    0	            0	           0 Timers
   12    0    0            0           0 Net Input

Table 5-30 describes significant fields shown in the display.

show protocols

Use the show protocols EXEC command to display the global and interface-specific status of any configured Level 3 protocol such as IP or IPX.

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Sample Display

The following is sample output from the show protocols command:

Router# show protocols
Global values:
  Internet Protocol routing is enabled
  X.25 routing is enabled
Ethernet 0 is up, line protocol is up
  Internet address is 131.108.1.1, subnet mask is 255.255.255.0
Serial 0 is up, line protocol is up
  Internet address is 192.31.7.49, subnet mask is 255.255.255.240
Ethernet 1 is up, line protocol is up
  Internet address is 131.108.2.1, subnet mask is 255.255.255.0
Serial 1 is down, line protocol is down
  Internet address is 192.31.7.177, subnet mask is 255.255.255.240
  

For more information on the parameters or protocols shown in this sample output, refer to the Access and Communication Servers Configuration Guide.

show queueing

To list the current state of the queue lists, use the show queueing privileged EXEC command.

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If no keyword is entered, this command show the status of both custom and priority queue lists.

Sample Display

The following is sample output from the show queueing custom EXEC command:

Router# show queueing custom
Current custom queue configuration:
List   Queue  Args
3      10     default
3      3      interface Tunnel3
3      3      protocol ip
3      3      byte-count 444 limit 3   

The following is sample output from the show queueing command. On interface Serial0, there are two active conversations. Weighted fair queuing will ensure that both of these IP data streams--both using TCP--receive equal bandwidth on the interface while they have messages in the pipeline, even though there is more FTP data in the queue than rcp data.

Router# show queueing 
Current fair queue configuration:
Interface Serial0
	  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Output queue: 18/64/30 (size/threshold/drops)
     Conversations 2/8 (active/max active)
     Reserved Conversations 0/0 (allocated/max allocated)
 
  (depth/weight/discards) 3/4096/30
  Conversation 117, linktype: ip, length: 556, flags: 0x280
  source: 171.69.128.115, destination: 171.69.58.89, id: 0x1069, ttl: 59, 
  TOS: 0 prot: 6, source port 514, destination port 1022
  (depth/weight/discards) 14/4096/0
  Conversation 155, linktype: ip, length: 1504, flags: 0x280
  source: 171.69.128.115, destination: 171.69.58.89, id: 0x104D, ttl: 59, 
  TOS: 0 prot: 6, source port 20, destination port 1554

Related Commands

custom-queue-list
priority-group
priority-list interface
priority-list queue-limit
priority-list default
queue-list interface
queue-list protocol
queue-list queue byte-count
queue-list queue limit

show snmp

To check the status of communications between the SNMP agent and SNMP manager, use the
show snmp EXEC command.

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

This command provides counter information for RFC 1213 SNMP operations. It also displays the chassis ID string defined with the snmp-server chassis-id command.

Sample Display

The following is sample output from the show snmp command:

Router# show snmp
Chassis: SN#TS02K229
167 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    167 Number of requested variables
    0 Number of altered variables
    0 Get-request PDUs
    167 Get-next PDUs
    0 Set-request PDUs
167 SNMP packets output
    0 Too big errors (Maximum packet size 484)
    0 No such name errors
    0 Bad values errors
    0 General errors
    167 Get-response PDUs
    0 SNMP trap PDUs

Related Command

snmp-server chassis-id

show stacks

Use the show stacks EXEC command to monitor the stack utilization of processes and interrupt routines.

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

The display from this command includes the reason for the last system reboot. If the system was reloaded because of a system failure, a saved system stack trace is displayed. This information is of use only to your technical support representative in analyzing crashes in the field. It is included here in case you need to read the displayed statistics to an engineer over the phone.

Sample Display

The following is sample output from the show stacks command following a system failure:

Router# show stacks
Minimum process stacks:
Free/Size  Name
 652/1000  Router Init
 726/1000  Init
 744/1000  BGP Open
 686/1200  Virtual Exec
Interrupt level stacks:
Level    Called Free/Size  Name
  1           0 1000/1000  env-flash
  3         738  900/1000  Multiport Communications Interfaces
  5         178  970/1000  Console UART
System was restarted by bus error at PC 0xAD1F4, address 0xD0D0D1A
GS Software (GS3), Version 9.1(0.16), BETA TEST SOFTWARE
Compiled Tue 11-Aug-92 13:27 by jthomas
Stack trace from system failure:
FP: 0x29C158, RA: 0xACFD4
FP: 0x29C184, RA: 0xAD20C
FP: 0x29C1B0, RA: 0xACFD4
FP: 0x29C1DC, RA: 0xAD304
FP: 0x29C1F8, RA: 0xAF774
FP: 0x29C214, RA: 0xAF83E
FP: 0x29C228, RA: 0x3E0CA
FP: 0x29C244, RA: 0x3BD3C

show tcp

Use the show tcp EXEC command to display the status of TCP connections.

Syntax Description

Command Mode

EXEC

Sample Display

The following is sample output from the show tcp command:

Router# show tcp
con0 (console terminal), connection 1 to host MATHOM
Connection state is ESTAB, I/O status: 1, unread input bytes: 1
Local host: 172.30.7.18, 33537  Foreign host: 192.31.7.17, 23
Enqueued packets for retransmit: 0, input: 0, saved: 0
Event Timers (current time is 2043535532):
Timer:       Retrans   TimeWait    AckHold    SendWnd   KeepAlive
Starts:           69          0         69          0           0
Wakeups:           5          0          1          0           0
Next:     2043536089          0          0          0           0
iss: 2043207208 snduna: 2043211083  sndnxt: 2043211483    sndwnd: 1344
irs: 3447586816 rcvnxt: 3447586900  rcvwnd:       2144 delrcvwnd:   83
RTTO: 565 ms, RTV: 233 ms, KRTT: 0 ms, minRTT: 68 ms, maxRTT: 1900 ms
ACK hold: 282 ms
Datagrams (max data segment is 536 bytes):
Rcvd: 106 (out of order: 0), with data: 71, total data bytes: 83
Sent: 96 (retransmit: 5), with data: 92, total data bytes: 4678

Table 5-31 describes the following lines of output shown in the display:

con0 (console terminal), connection 1 to host MATHOM
Connection state is ESTAB, I/O status: 1, unread input bytes: 1
Local host: 172.30.7.18, 33537  Foreign host: 192.31.7.17, 23
Enqueued packets for retransmit: 0, input: 0, saved: 0

Event Timers (current time is 2043535532):

Timer:       Retrans   TimeWait    AckHold    SendWnd   KeepAlive
Starts:           69          0         69          0           0
Wakeups:           5          0          1          0           0
Next:     2043536089          0          0          0           0

Table 5-32 describes the fields in the preceding lines of output.