Tweet
| ebug parser mode | privileged exec | IOS |
| Aug 7 21:58:44.207 MEST: Look up of parser mode 'route-map' succeeded Aug 7 21:58:45.923 MEST: Look up of parser mode 'configure' succeeded | ||
| Reference: Phrack, Volume 0xa, Issue 0x38 | ||
| debug sanity | privileged exec | IOS |
| With this command every buffer that is used in the system is sanity-checked when it is allocated and when it is freed. This can sometimes be used to pinpoint memory corruption problems when analyzing a core dump which was generated with this debug option in effect. | ||
| Reference: | ||
| dialer disable-multiencaps | config-if | IOS |
| Revert to premultiencapsulation on the dialer profile. | ||
| Reference: CSCdp95164 | ||
| dialer mult-map-same-name | config-if | IOS |
| If distinct dialer maps to different destinations share the same remote name, traffic will fail to pass on the 2nd and subsequent sessions. This ability is implemented 1n 12.0T as a hidden command. dialer mult-map-same-name allows 2 users to dial in to the dialer with the same ppp user_name. It's behaviour with other dialer features is currently unpredictable and should be used with caution. | ||
| Reference: CSCdk28459 - allow multi users w/ same name | ||
| eigrp event-log-site <n> | config-router eigrp | IOS |
| Set size of event log. Setting it to zero deletes event log buffers. Default log buffer size is 500 events. | ||
| Reference: | ||
| eigrp event-logging | config-router eigrp | IOS |
| Controls logging of EIGRP events. | ||
| Reference: | ||
| eigrp kill-everyone | config-router eigrp | IOS |
| Kill all adjacencies on an SIA or a neighbor down event. | ||
| Reference: | ||
| eigrp log-event-type [dual] [xmit] [transport] | config-router eigrp | IOS |
| Configure the set of EIGRP event types to log. | ||
| Reference: | ||
| enable engineer | exec | XDI/CatOS |
| Catalyst 5000 series with Supervisor Engine I: You will be prompted for a password. It has the following format:
That is, the VTY password followed by the VTY password again, followed by the hardware version, followed by the software version(no spaces, do not type the dots in the versions). Catalyst 5000 series with Supervisor-Engine II and III and Catalyst 6000 series with Supervisor I and II: Format for the password is:
That is, the VTY password followed by the VTY password again, followed by the hardware version, followed by the software version (no spaces, do not type the dots in the versions). |
||
| Reference: | ||
| frame-relay fecn-create | config-map-class | IOS |
| This hidden command enables setting the FECN bit in all outgoing packets that have been delayed due to traffic shaping. | ||
| Reference: | ||
| gdb {kernel | pid <pid-num> | {examine | debug} <pid-num>} | privileged exec | IOS |
| Seems to activate some internal debugger. Maybe for access via remote gdb. Probably only useful with a symbol table and an IOS image compiled for debugging. | ||
| Reference: Phrack, Volume 0xa, Issue 0x38; Project DOTU | ||
| h323 h245 tunnel defer | voice service voip | IOS |
| Reference: | ||
| if-console <slot-num> [console|debug] | privileged exec | 7000/7500 Series, IOS |
| Open connection to the VIP console. Lots of useful commands there, especially showing memory and cpu usage. | ||
| Reference: | ||
| ip cache-ager <secs-between-runs> <fraction-low-memory> <fraction> | config | IOS (>=10.3(8) and >=11.0(3)) |
It's hidden, and you have to configure "service internal" in order to bring it into existence.
Configures the ager of the fast switching cache. Aaron Leonard <Aaron@cisco.com> recommended "20 3 3" on cisco-nas in the light of recent CodeRed attacks, i.e. make the ager more aggressive to prevent excessive cache growth. |
||
| Reference: <01K7Y45PW1PA9KWFH9@Cisco.COM> and http://www.cisco.com/warp/public/63/...red_worm.shtml | ||
| ip cache-invalidate-delay <minimum-delay> <maximum-delay> <quit-interval> | config | IOS (>=10.3(8) and >=11.0(3)) |
Requires "service internal".
Use "no ip cache-invalidate-delay" to disable the delay altogether. See this posting from cisco-nas: Date: Fri, 28 Apr 2000 10:07:03 -0700 (PDT) From: Aaron Leonard <Aaron@cisco.com> Subject: Re: CN: telnet DoS (CSCdm70743) To: Cisco-NAS@datasys.net Message-id: <01JORKP9PBPIA2AL39@Cisco.COM> References: <01JOHR9QY432A2AAVQ@Cisco.COM> Reply-To: Cisco-NAS@datasys.net It's hidden, and you have to configure "service internal" in order to bring it into existence. I.e. as5300-1(config)#service internal as5300-1(config)#no ip cache-invalidate-delay It's generally recommended for systems running 12.0T/12.1 code if they have lots of interfaces (>300) and are not doing CEF. |
||
| Reference: <01JORKP9PBPIA2AL39@Cisco.COM> and http://www.cisco.com/warp/public/63/...red_worm.shtml | ||
| ip ospf interface-retry <retries> | config-if | IOS |
| From Cisco DE (slightly edited): The motivation for this command is a timing problem where OSPF fails to determine the state of an interface. The solution was for OSPF to poll the interface for a while to verify its state. The hidden command allows us to lengthen the polling period on routers that have a large number of interfaces. The polls occur every 10 seconds and the command controls the number of polls that will be done. With a setting of 0 retries there will be no extra polling. Default number of retries is 10. |
||
| Reference: | ||
| ip route profile | config | IOS |
| As disclosed by Aaron Leonard from Cisco on cisco-nas: Date: Thu, 11 Sep 2003 09:34:53 -0700 (PDT) From: Aaron Leonard <Aaron@cisco.com> Subject: Re: [cisco-nas] IP Route Profile In-reply-to: "Your message dated Wed, 10 Sep 2003 22:21:02 -0500" <10e701c37813$bad83870$5370cd41@dellbert> To: "Beprojects.com" <info@beprojects.com> Cc: cisco-nas@puck.nether.net [...] "ip route profile" was implemented way back in late '96 by CSCdi76662. However we have historically refrained from documenting this (CSCdk01634, CSCdz19775) as this has been declared to be a hidden command that "should not be used by customers". However, in fact this is NOT a hidden command ... so I've just now gone ahead and reopened CSCdz19775. Introduction The Route Table Profiling feature was developed to assist network engineers in monitoring routing table fluctuations, which may be the result of route flapping, network failure, or network service restoration. This feature was added in CSCdi76662 to the 11.1CC train of Cisco IOS. The Route Table Profiling feature is an undocumented and unsupported feature. There is no MIB support provided. Configuration The Route Table Profiling feature is enabled globally. The command is "ip route profile" in global configuration mode. This feature can be disabled with the command "no ip route profile" in global configuration mode. Routing table change statistics can be viewed with the "show ip route profile" command in exec mode. |
||
| Reference: CSCdi76662 | ||
| ipc-console <slot-num> <cpu> | privileged exec | Catalyst 6000/6500 Series, IOS |
| Open connection to the FlexWAN console. FlexWANs contain two CPUs so you can connect to either CPU 0 or CPU 1. | ||
| Reference: | ||
| ipx sap-interval {<n>|passive} | config-if | IOS (>=11.2) |
| Set the IPX SAP advertising interval to n or to passive mode. | ||
| Reference: | ||
| ipx server-split-horizon-on-server-paths | config | IOS |
| This global configuratiom command specifies that split horizon SAP occurs on server paths. This command is documented in DDTS CSCdm12190. From the release note: By default, split horizon blocks information about periodic SAPs from being advertised by a router to the same interface on which the best route to that SAP is learned. But in the case where the SAP may be learned from interfaces other than (or in addition to) the interface on which the best route to that SAP is learned, enabling "ipx server-split-horizon-on-server-paths" will reduce unnecessary periodic SAP updates as that SAP will not be advertised to the interface(s) where it was learned from; this will also prevent potential "SAP loop" in the network. |
||
| Reference: CSCdm12190 | ||
| ipx update interval {rip | sap} passive | config | IOS (>=11.3(1.3)) |
| The undocumented passive keyword specifies to listen but not send normal periodic SAP or RIP updates nor flash update caused by changes. Queries will still be replied to. The update interval is set to the same interval as changes-only. See also "ipx sap-interval". |
||
| Reference: CSCdj59918 | ||
| isdn incoming progress [validate|accept] | config-if | IOS (>= 12.1(3.3)T) |
| Controls whether IOS sends an INVALID information element message when it receives an invalid PROGRESS IE. | ||
| Reference: CSCdt12611 | ||
| modem-mgmt csm debug rbs | privileged exec | IOS |
| Debug RBS trunks. Only available if "service internal" configured. Equivalent to "debug cas" on later IOS versions (>= 12.0(7)T). | ||
| Reference: | ||
| mpls traffic-eng multicast-intact | config-router | IOS |
| Use hop-by-hop routing instead of MPLS TE tunnels to transport multicast traffic. See CSCdm63234 for details. | ||
| Reference: CSCdm63234 | ||
| multilink queuing bypass-fifo | config-if | IOS |
| Reference: | ||
| neighbor <ip-address> don't-capability-negotiate | config-router bgp | IOS |
| Turns off CAPABILITY parameters in BGP Open message. | ||
| Reference: | ||
| no logging snmp-authfail | config | IOS |
| Turn off the %SNMP-3-AUTHFAIL message. See CSCdv04268 for availability information. |
||
| Reference: CSCdv04268 | ||
| no ppp microcode | config-if | IOS |
| On a cisco 805, "ip tcp header-compression" configured on the serial async interface and on the dialer interface linked to it, results in VERY long response time for TCP sessions. Workaround: Remove "ip tcp header-compression" or enable the hidden command "no ppp microcode" on the serial interface or configure IP directly on the serial interface (no dialer interface). | ||
| Reference: CSCdp32980 | ||
| no snmp-server sparse-tables | config | IOS |
| Fully populate all SNMP tables even if an object id is not applicable in a specific case. | ||
| Reference: | ||
| ppp dnis <number> [<number> ...] | config-if | IOS |
| Skip authentication entirely for PPP per DNIS. | ||
| Reference: CSCdk45054 | ||
| ppp ipcp accept-address | config-if | IOS |
| It is possible to revert to the previous operation using the hidden interface command ppp ipcp accept-address. When enabled the peer IP address will be accepted but is still subject to AAA verification, it will have precedence over any local address pool however. | ||
| Reference: CSCdj04128 | ||
| ppp ipcp dns|wins {accept | a.b.c.d [e.f.g.h] [accept]} | config-if | IOS |
| Reference: CSCdm62097, CSCdk01128 | ||
| ppp ipcp ignore-map | config-if | IOS |
| Don't assign same IP address to peers with the same name. Instead get a fresh address. | ||
| Reference: CSCdm18764 - don't assign peer IP addr from map | ||
| ppp ipcp unique-address | config-if | IOS |
| Assigns a unique IP address even if the same user (identified by the username) has multiple links open. Standard behaviour is to assigned the same IP address. See "dialer mult-map-same-name", too. | ||
| Reference: | ||
| ppp max-configure <num> | config-if | IOS |
| Maximum number if configure requests to send. | ||
| Reference: | ||
| priv | ROMMON | |
| Enable private commands in the ROMMON. Sometimes a password is required. | ||
| Reference: | ||
| ps -c | privileged exec | XDI/CatOS |
| Show process listing and CPU usage. | ||
| Reference: | ||