Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine
Exec Mode Commands
Downloads: This chapterpdf (PDF - 2.01MB) The complete bookPDF (PDF - 28.65MB) | Feedback

CLI Commands

Table Of Contents

CLI Commands

Exec Mode Commands

backup

capture

changeto

checkpoint

clear access-list

clear accounting log

clear acl-merge statistics

clear arp

clear buffer stats

clear capture

clear cde

clear cfgmgr internal history

clear conn

clear cores

clear crypto session-cache

clear dc

clear debug-logfile

clear fifo stats

clear ft

clear icmp statistics

clear interface

clear ip

clear ipv6

clear line

clear logging

clear netio stats

clear np

clear ntp statistics

clear probe

clear processes log

clear rserver

clear rtcache

clear screen

clear serverfarm

clear service-policy

clear ssh

clear startup-config

clear stats

clear sticky database

clear syn-cookie

clear tcp statistics

clear telnet

clear udp statistics

clear user

clear vnet stats

clear xlate

clock set

compare

configure

copy capture

copy checkpoint

copy core:

copy disk0:

copy ftp:

copy image:

copy licenses

copy probe:

copy running-config

copy startup-config

copy sftp:

copy tftp:

crypto crlparams

crypto delete

crypto export

crypto generate csr

crypto generate key

crypto import

crypto verify

debug

delete

dir

dm

exit

format flash:

ft switchover

gunzip

invoke context

license

mkdir disk0:

move disk0:

np session

ping

reload

reprogram bootflash

restore

rmdir disk0:

setup

set dc

set sticky-ixp

show

show aaa

show access-list

show accounting log

show acl-merge

show action-list

show arp

show backup

show banner motd

show bootvar

show buffer

show capture

show cde

show cfgmgr

show checkpoint

show clock

show conn

show context

show copyright

show crypto

show dc

show debug

show domain

show download information

show eobc

show fifo

show file

show fragment

show ft

show hardware

show hyp

show icmp statistics

show interface

show inventory

show ip

show ipcp

show ipv6

show kalap udp load

show lcp event-history

show ldap-server

show license

show line

show logging

show login timeout

show nat-fabric

show netio

show nexus-device

show np

show ntp

show optimization-global

show parameter-map

show probe

show processes

show pvlans

show radius-server

show resource allocation

show resource internal

show resource usage

show restore

show role

show rserver

show running-config

show scp

show script

show security internal event-history

show serverfarm

show service-policy

show snmp

show ssh

show startup-config

show stats

show sticky cookie-insert group

show sticky database

show sticky hash

show conn sticky

show syn-cookie

show system

show tacacs-server

show tcp statistics

show tech-support

show telnet

show terminal

show udp statistics

show user-account

show users

show version

show vlans

show vm-controller

show vnet

show xlate

ssh

system internal

system watchdog

tac-pac

telnet

terminal

traceroute

undebug all

untar disk0:

write

xml-show


CLI Commands


This chapter provides detailed information for the following types of CLI commands for the ACE:

Commands that you can enter after you log in to the ACE.

Configuration mode commands that allow you to access configuration mode and its subset of modes after you log in to the ACE.

The description of each command includes the following:

The syntax of the command

Any related commands, when appropriate

Exec Mode Commands

You can access Exec mode commands immediately after you log in to an ACE. Many of these commands are followed by keywords that make them distinct commands (for example, show aaa, show access-list, show accounting, and so on). To increase readability of command syntax, these commands are presented separately in this command reference.

You can also execute Exec mode commands from any of the configuration modes using the do command. For example, to display the ACE running configuration from the Exec mode, use the show running-config command. To execute the same command from the configuration mode, use the do show running-config command.

backup

To backup the configuration files and dependent files in a context or in all contexts, use the backup command.

backup [all] [pass-phrase text_string] [exclude component]

Syntax Description

all

(Optional) Specifies that the ACE should back up the configuration files and dependencies in all contexts. You can specify this keyword only in the Admin context.

exclude component

(Optional) Specifies the components that you do not wish to back up.You can enter any of the following components in any order separated by a comma if you enter more than one:

checkpoints—Excludes all checkpoints

ssl-files—Excludes SSL certificate files and key files

pass-phrase text_string

(Optional) Passphrase that you specify to encrypt the backed up SSL keys. Enter the passphrase as an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. You must enter the pass-phrase keyword before the exclude keyword. If you enter a passphrase and then exclude the SSL files from the archive, the ACE does not use the passphrase.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(3.0)

This command was introduced.


ACE Appliance Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The backup command has the following configuration guidelines and limitations:

Use the Admin context for an ACE-wide backup and the corresponding context for a user context backup.

When you back up the running-configuration file, the ACE uses the output of the show running-configuration command as the basis for the archive file.

The ACE backs up only exportable certificates and keys.

License files are backed up only when you back up the Admin context.

Use a passphrase to back up SSL keys in encrypted form. Remember the passphrase or write it down and store it in a safe location. When you restore the encrypted keys, you must enter the passphrase to decrypt the keys. If you use a passphrase when you back up the SSL keys, the ACE encrypts the keys with AES-256 encryption using OpenSSL software.

If you imported SSL certificates or keys with a crypto passphrase, you must use the pass-phrase option to encrypt the crypto passphrase when you back up these files.

Only probe scripts that reside in disk0: need to be backed up. The prepackaged probe scripts in the probe: directory are always available. When you perform a backup, the ACE automatically identifies and backs up the scripts in disk0: that are required by the configuration.

The ACE does not resolve any other dependencies required by the configuration during a backup except for scripts that reside in disk0:. For example, if you configured SSL certificates in an SSL proxy in the running-configuration file, but you later deleted the certificates, the backup proceeds as if the certificates still existed.

To perform a backup or a restore operation, you must have the admin RBAC feature in your user role.

Examples

To back up all contexts in the ACE, enter:

host1/Admin# backup all pass-phrase MY_PASS_PHRASE
 
   

Related Commands

restore

show backup

capture

To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command. As part of the packet capture process, you specify whether to capture packets from all interfaces or an individual VLAN interface.

capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop

Syntax Description

buffer_name

Name of the packet capture buffer. The buffer_name argument associates the packet capture with a name. Specify an unquoted text string with no spaces from 1 to 80 alphanumeric characters.

all

Specifies that packets from all input interfaces are captured.

interface

Specifies a particular input interface from which to capture packets.

vlan number

Specifies the VLAN identifier associated with the interface.

access-list name

Selects packets to capture based on a specific access list. A packet must pass the access list filters before the packet is stored in the capture buffer. Specify a previously created access list identifier. Enter an unquoted text string with a maximum of 64 characters.

Note Ensure that the access list is for an input interface; input is considered with regards to the direction of the session that you wish to capture. If you configure the packet capture on the output interface, the ACE will fail to match any packets.

bufsize buf_size

(Optional) Specifies the buffer size, in kilobytes (KB), used to store the packet capture. The range is from 1 to 5000 KB.

circular-buffer

(Optional) Enables the packet capture buffer to overwrite itself, starting from the beginning, when the buffer is full.

remove

Clears the packet capture configuration.

start

Starts the packet capture function and displays the messages on the session console as the ACE receives the packets. The CLI prompt returns and you can type other commands at the same time that the ACE is capturing packets. To stop the capture process, use the stop option. The packet capture function automatically stops when the buffer is full unless you enable the circular buffer function.

stop

Stops the packet capture process after a brief delay.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

3.0(0)A1(5)

The buffer size was limited to 5000 KB.

A2(1.0)

The stop option was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

The stop option was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The packet capture function enables access control lists (ACLs) to control which packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.

To capture packets for both IPv6 and IPv4 in the same buffer, configure the capture command twice: once with an IPv6 ACL and once with an IPv4 ACL.

Under high traffic conditions, you may observe up to 64 packets printing on the console after you enter the stop keyword. These additional messages can occur because the packets were in transit or buffered before you entered the stop keyword.

The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.

The ACE does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in flash memory, use the copy capture command.

Examples

To start the packet capture function for CAPTURE1, enter:

host1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1
host1/Admin# capture CAPTURE1 start
 
   

To stop the packet capture function for CAPTURE1, enter:

host1/Admin# capture CAPTURE1 stop

Related Commands

clear icmp statistics

copy capture

show capture

changeto

To move from one context on the ACE to another context, use the changeto command.

changeto context_name

Syntax Description

context_name

Name of an existing context. This argument is case sensitive.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.3)

You can apply the changeto feature to a rule for a user-defined role.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.2)

You can apply the changeto feature to a rule for a user-defined role.


Usage Guidelines

This command requires the changeto feature in your user role, and as found in all of the predefined user roles. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.

The command prompt indicates the context that you are currently in (see the following example).

The predefined user role that is enforced after you enter the changeto command is that of the Admin context and not that of the non-Admin context.

You cannot add, modify, or delete objects in a custom domain after you change to a non-Admin context.

If you originally had access to the default-domain in the Admin context prior to moving to a non-Admin context, the ACE allows you to configure any object in the non-Admin context.

If you originally had access to a custom domain in the Admin context prior to moving to a non-Admin context, any created objects in the non-Admin context will be added to the default-domain. However, an error message will appear when you attempt to modify existing objects in the non-Admin context.

User-defined roles configured with the changeto feature retain their privileges when accessing different contexts.

Examples

To change from the Admin context to the context CTX1, enter:

host1/Admin# changeto CTX1
host1/CTX1#

Related Commands

exit

show context

(config) context

(config-role) rule

checkpoint

To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command.

checkpoint {create | delete | rollback} name

Syntax Description

create

Creates a new checkpoint with the value of name.

delete

Deletes the existing checkpoint with the value of name.

rollback

Reverts back to the checkpoint with the value of name.

name

Name of a new or existing checkpoint. Enter a text string from 1 to 50 alphanumeric characters (no spaces).


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If the running-configuration file has the no ft auto-sync command configured and the checkpoint has the ft auto-sync command configured, a checkpoint rollback will fail with the following message:

Warning : 'no ft auto-sync' & 'ft auto-sync' conflict detected - Rollback will fail
Failing Scenario - running config has 'no ft auto-sync' / checkpoint has 'ft auto-sync'

Examples

To create the checkpoint CP102305, enter:

host1/Admin# checkpoint create CP102305

Related Commands

compare

copy checkpoint

show checkpoint

clear access-list

To clear access control list (ACL) statistics, use the clear access-list command.

clear access-list name

Syntax Description

name

Name of an existing ACL.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the access control list ACL1, enter:

host1/Admin# clear access-list ACL1

Related Commands

show access-list

(config) access-list ethertype
(config) access-list extended

clear accounting log

To clear the accounting log, use the clear accounting log command.

clear accounting log

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the accounting log, enter:

host1/Admin# clear accounting log

Related Commands

show accounting log
(config) aaa accounting default

clear acl-merge statistics

To clear the ACL-merge statistics, use the clear acl-merge statistics command.

clear acl-merge statistics

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A4(1.0)

This command was introduced.


ACE Appliance Release
Modification

A3(2.5)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the ACL-merge statistics, enter:

host1/Admin# clear acl-merge statistics
 
   

Related Commands

show acl-merge

(config) access-list extended

clear arp

To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP processes, use the clear arp command.

clear arp [no-refresh | {statistics [vlan number] [interface_name]}]

Syntax Description

no-refresh

(Optional) Removes the learned ARP entries from the ARP table without refreshing the ARP entries.

statistics [vlan number]

(Optional) Clears ARP statistics counters globally or for the specified VLAN, vlan number.

[interface_name]

(Optional, ACE appliance only) Clears ARP statistics counters globally or for the specified interface, interface_name.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised with the vlan option.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was revised with the vlan option.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If you enter the clear arp command with no option, it clears all learned ARP entries and then refreshes the ARP entries.

Examples

To clear the ARP statistics, enter:

host1/Admin# clear arp statistics
 
   

To clear the ARP learned entries and then refresh the ARP entries, enter:

host1/Admin# clear arp

Related Commands

show arp

(config) arp

clear buffer stats

To clear the control plane buffer statistics, use the clear buffer stats command.

clear buffer stats

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To clear the control plane buffer statistics, enter:

host1/Admin# clear buffer stats

Related Commands

show buffer

clear capture

To clear an existing capture buffer, use the clear capture command.

clear capture name

Syntax Description

name

Name of an existing capture buffer.


Command Modes

Exec

Admin and user context

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Use the dir command to view the capture files that you copied to the disk0: file system using the copy capture command.

Examples

To clear the capture buffer CAPTURE1, enter:

host1/Admin# clear capture CAPTURE1

Related Commands

capture

copy capture

dir

show capture

clear cde

(ACE module only) To clear the classification and distribution engine (CDE) statistics and interrupt counts, use the clear cde command.

clear cde {interrupt | stats}

Syntax Description

interrupt

Clears the CDE interrupt counts.

stats

Clears the CDE statistics.


Command Modes

Exec

Admin context

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To clear the CDE interrupt counts, enter:

host1/Admin# clear cde interrupt

Related Commands

show cde

clear cfgmgr internal history

To clear the Configuration Manager internal history, use the clear cfgmgr internal history command.

clear cfgmgr internal history

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To clear the Configuration Manager internal history, enter:

host1/Admin# clear cfgmgr internal history

Related Commands

show cfgmgr

clear conn

To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn command.

clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip | dest_port}} | id number np number | rserver name [port_number] serverfarm sfarm_name]

Syntax Description

all

(Optional) Clears all connections that go through the ACE, originate with the ACE, or terminate with the ACE.

flow

(Optional) Clears the connection that matches the specified flow descriptor.

prot_number

Protocol number of the flow.

icmp

Specifies the flow types using ICMP.

tcp

Specifies the flow types using TCP.

udp

Specifies the flow types using UDP.

source_ip

Source IP address of the flow.

source_port

Source port of the flow.

dest_ip

Destination IP address of the flow.

dest_port

Destination port of the flow.

id number

(Optional) Clears the connection with the specified connection ID number as displayed in the output of the show conn command.

np number

Clears all the connections to the specified network processor with the specified connection ID.

rserver name

(Optional) Clears all connections to the specified real server.

port_number

(Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535.

serverfarm sfarm_name

(Optional) Clears all connections to the specified real server associated with this server farm.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was revised.


Usage Guidelines

This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To clear only the connections that go through the ACE (flows that pass through the ACE between the originating network host and the terminating network host), use the clear conn command without any keywords. When you do not include any keywords, the connections that terminate or originate with the ACE are not cleared.

Examples

To clear the connections for the real server RSERVER1, enter:

host1/Admin# clear conn rserver RSERVER1

Related Commands

show conn

clear cores

To clear all of the core dumps stored in the core: file system, use the clear cores command.

clear cores

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.


Note The ACE creates a core dump when it experiences a fatal error. Core dump information is for Cisco Technical Assistance Center (TAC) use only. We recommend that you contact TAC for assistance in interpreting the information in the core dump.


To view the list of core files in the core: file system, use the dir core: command.

To save a copy of a core dump to a remote server before clearing it, use the copy capture command.

To delete a specific core dump file from the core: file system, use the delete core: command.

Examples

To clear all core dumps, enter:

host1/Admin# clear cores

Related Commands

copy capture

delete

dir

clear crypto session-cache

To clear the session cache information in the context, use the clear crypto session-cache command.

clear crypto session-cache [all]

Syntax Description

all

(Optional) Clears the session cache information for all contexts. This option is available in the Admin context only.


Command Modes

Exec

Admin and user context. The all option is available in the Admin context only.

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.


ACE Appliance Release
Modification

A3(1.0)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To clear the session cache information in the context, enter:

host1/Admin# clear crypto session-cache

Related Commands

This command has no related commands.

clear dc

(ACE module only) To clear the daughter card interrupt and register statistics on the ACE module, use the clear dc command.

clear dc dc_number {controller {interrupts | stats} | interrupt}

Syntax Description

dc_number

Number of the daughter card (1 or 2).

controller

Specifies the daughter card controller.

interrupts

Clears the specified daughter card controller interrupt statistics.

stats

Clears the specified daughter card cumulative controller statistics.

interrupt

Clears the specified daughter card interrupt count.


Command Modes

Exec

Admin context only.

Command History

ACE Module Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin user role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To clear the daughter card 1 controller interrupt statistics, enter:

host1/Admin# clear dc 1 controller interrupts

Related Commands

set dc
show dc

clear debug-logfile

To remove a debug log file, use the clear debug-logfile command.

clear debug-logfile filename

Syntax Description

filename

Name of an existing debug log file.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.

Examples

To clear the debug log file DEBUG1, enter:

host1/Admin# clear debug-logfile DEBUG1

Related Commands

debug

show debug

clear fifo stats

To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command.

clear fifo stats

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To clear the control plane FIFO statistics, enter:

host1/Admin# clear fifo stats

Related Commands

show fifo

clear ft

To clear the various fault-tolerant (FT) statistics, use the clear ft command.

clear ft {all | ha-stats | hb-stats | history {cfg_cntlr | ha_dp_mgr | ha_mgr} | track-stats [all]}

Syntax Description

all

Clears all redundancy statistics, including all TL, heartbeat, and tracking counters.

ha-stats

Clears all transport layer-related counters that the ACE displays as part of the show ft peer detail command output.

hb-stats

Clears all heartbeat-related statistics. When you enter this command for the first time, the ACE sets the heartbeat statistics counters to zero and stores a copy of the latest statistics locally. From that point on, when you enter the show ft hb-stats command, the ACE displays the difference between the statistics that are stored locally and the current statistics.

history

Clears the redundancy history statistics.

track-stats

Clears tracking-related statistics for the Admin FT group only, a user context FT group only, or for all FT groups that are configured in the ACE.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was extensively revised. This version of software introduced the all, ha-stats, hb-stats, history, and track-stats keywords, and removed the original stats keyword.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was extensively revised. This version of software introduced the all, ha-stats, hb-stats, history, and track-stats keywords, and removed the original stats keyword.


Usage Guidelines

This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear all fault-tolerant statistics, enter:

host1/Admin# clear ft all

Related Commands

show ft

(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface

clear icmp statistics

To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics command.

clear icmp statistics

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the ICMP statistics, enter:

host1/Admin# clear icmp statistics

Related Commands

show icmp statistics

clear interface

To clear the interface statistics, use the clear interface command.

clear interface [bvi number | vlan number | gigabitEthernet slot_number/port_number]

Syntax Description

bvi number

(Optional) Clears the statistics for the specified Bridge Group Virtual Interface (BVI).

vlan number

(Optional) Clears the statistics for the specified VLAN.

gigabitEthernet slot_number/
port_number

(Optional, ACE appliance only) Clears the statistics for the specified Gigabit Ethernet slot and port.

The slot_number represents the physical slot on the ACE containing the Ethernet ports. This selection is always 1.

The port_number represents the physical Ethernet port on the ACE. Valid selections are 1 through 4.

This keyword is available in the Admin context only.


Command Modes

Exec

BVI and VLAN—Admin and user contexts

(ACE appliance only) Ethernet data port—Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the interface feature in your user role. In addition, the Ethernet data port interface command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To clear all of the interface statistics, enter the clear interface command without using the optional VLAN and BVI keywords.

Examples

ACE Module Example

To clear all of the interface statistics for VLAN 212, enter:

host1/Admin# clear interface vlan 212
 
   

ACE Appliance Example

To clear the statistics for Ethernet port 3, enter:

host1/Admin# clear interface gigabitEthernet 1/3

Related Commands

show interface

(config) interface

clear ip

To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip command.

clear ip [dhcp relay statistics | statistics]

Syntax Description

dhcp relay statistics

(Optional) Clears all of the DHCP relay statistics.

statistics

(Optional) Clears all of the statistics associated with IP normalization, fragmentation, and reassembly.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional keywords.

Examples

To clear all of the IP normalization, fragmentation, and reassembly statistics, enter:

host1/Admin# clear ip statistics

Related Commands

show ip

clear ipv6

To clear the Dynamic Host Configuration Protocol (DHCP) relay and neighbor discovery statistics, use the clear ipv6 command.

clear ipv6 {dhcp relay statistics | {neighbors [no-refresh | vlan vlan_id ipv6_address [no-refresh] | ipv6_address [no-refresh]]}}

Syntax Description

dhcp relay statistics

Clears all the DHCPv6 relay statistics.

neighbors

Clears all the statistics associated with neighbor discovery.

no-refresh

(Optional) The ACE deletes the neighbor information from the cache and does not perform a refresh

vlan vlan_id

(Optional) Deletes the neighbor information associated with the specified VLAN interface

ipv6_address

(Optional) Deletes the neighbor information associated with the specified IPv6 address.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module/Appliance Release
Modification

A5(1.0)

This command was introduced.


Usage Guidelines

This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear all the DHCPv6 statistics, enter:

host1/Admin# clear ipv6 dhcp relay statistics

Related Commands

show ipv6

clear line

To close a specified virtual terminal (VTY) session, use the clear line command.

clear line vty_name

Syntax Description

vty_name

Name of a VTY session. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To terminate the VTY session VTY1, enter:

host1/Admin# clear line VTY1

Related Commands

(ACE module only) (config) line console
(config) line vty

clear logging

To clear information stored in the logging buffer, use the clear logging command.

clear logging [disabled | rate-limit]

Syntax Description

disabled

(Optional) Clears the logging buffer of "disabled" messages.

rate-limit

(Optional) Clears the logging buffer of "rate-limit configuration" messages.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To clear all of the information stored in the logging buffer, enter the clear logging command without using either of the optional keywords.

Examples

To clear all of the information stored in the logging buffer, enter:

host1/Admin# clear logging

Related Commands

show logging

(config) logging buffered

clear netio stats

To clear the control plane network I/O statistics, use the clear netio stats command.

clear netio stats

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To clear the control plane network I/O statistics, enter:

host1/Admin# clear netio stats

Related Commands

show netio

clear np

To clear the network processor interrupt error statistics that appear when you enter the show np number interrupts command, use the clear np command.

clear np number interrupts

Syntax Description

number

Specifies the number of the network processor whose interrupt statistics you want to clear. Enter an integer from 1 to 4.

interrupts

Clears the interrupt statistics. of the network processor that you specify.


Command Modes

Exec

Admin context only

Command History

Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the network processor interrupt error statistics, enter:

host1/Admin# clear np 1 interrupts

Related Commands

show np

clear ntp statistics

(ACE appliance only) To clear the NTP statistics that display when you enter the show ntp command, use the clear ntp command.

clear ntp statistics {all-peers | io | local | memory}

Syntax Description

all-peers

Clears all peer statistics.

io

Clears the I/O statistics.

local

Clears the local statistics.

memory

Clears the memory statistics.


Command Modes

Exec

Admin context only

Command History

ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the NTP memory statistics, enter:

host1/Admin# clear ntp statistics memory

Related Commands

(config) ntp

clear probe

To clear the probe statistics displayed through the show probe command, use the clear probe command.

clear probe name

Syntax Description

name

Name of an existing probe.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear all the statistics for the probe HTTP1, enter:

host1/Admin# clear probe HTTP1

Related Commands

show probe

(config) probe

clear processes log

To clear the statistics for the processes log, use the clear processes log command.

clear processes log {all | pid id}

Syntax Description

all

Clears all statistics for the processes logs.

pid id

Specifies the processes log to clear.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To display the list of process identifiers assigned to each of the processes running on the ACE, use the show processes command.

Examples

To clear all the statistics for the processes log, enter:

host1/Admin# clear processes log all

Related Commands

show processes

clear rserver

To clear the real server statistics of all instances of a particular real server regardless of the server farms that it is associated with, use the clear rserver command.

clear rserver name

Syntax Description

name

Name of the real server.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If you have redundancy configured, then you need to explicitly clear real-server statistics on both the active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE's statistics at the old values.

Examples

To clear the statistics for the real server RS1, enter:

host1/Admin# clear rserver RS1

Related Commands

show rserver

(config) rserver

clear rtcache

To clear the route cache, use the clear rtcache command.

clear rtcache

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the route cache, enter:

host1/Admin# clear rtcache

Related Commands

This command has no related commands.

clear screen

To clear the display screen, use the clear screen command.

clear screen

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the display screen, enter:

host1/Admin# clear screen

Related Commands

This command has no related commands.

clear serverfarm

To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command.

clear serverfarm name [inband | predictor | retcode]

Syntax Description

name

Name of an existing server farm.

inband

(Optional) Resets the inband health monitoring Total failure counters for the specified server farm, as displayed by the show serverfarm name inband command.

predictor

(Optional) Resets the average bandwidth field for each real server in the specified server farm, as displayed by the show serverfarm name detail command.

retcode

(Optional) Clears the return-code statistics for the server farm.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.

A2(1.3)

The predictor option was added.

A4(1.0)

The inband option was added.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was revised. The predictor option was added.

A4(1.0)

The inband option was added.


Usage Guidelines

This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the statistics for the server farm SFARM1, enter:

host1/Admin# clear serverfarm SFARM1

Related Commands

show serverfarm

(config) serverfarm

clear service-policy

To clear the service policy statistics, use the clear service-policy command.

clear service-policy policy_name

Syntax Description

policy_name

Name of an existing policy map that is currently in service (applied to an interface).


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the statistics for the service policy HTTP1, enter:

host1/Admin# clear service-policy HTTP1

Related Commands

show service-policy

clear ssh

To clear a Secure Shell (SSH) session or clear the public keys of all SSH hosts, use the clear ssh command.

clear ssh {session_id | hosts}

Syntax Description

session_id

Identifier of the SSH session to clear, terminating the session.

hosts

Clears the public keys of all trusted SSH hosts. This keyword is available to all users in all contexts.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To obtain the specific SSH session ID value, use the show ssh session-info command.

Examples

To clear the SSH session with the identifier 345, enter:

host1/Admin# clear ssh 345

Related Commands

clear telnet

show ssh

(config) ssh key
(config) ssh maxsessions

clear startup-config

To clear the startup configuration of the current context, use the clear startup-config command.

clear startup-config

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Clearing the startup configuration does not affect the context running-configuration.

The clear startup-config command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command.

To clear the startup configuration, you can also use the write erase command.

Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. Once you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration:

Use the copy running-config startup-config command to copy the contents of the running configuration to the startup configuration.

Upload a backup of a previously saved startup-configuration file from a remote server using the copy startup-config command.

Examples

To clear the startup configuration, enter:

host1/Admin# clear startup-config

Related Commands

copy capture

show startup-config

write

clear stats

To clear the statistical information stored in the ACE buffer, use the clear stats command.

clear stats {all | connection | {crypto [client | server [alert | authentication | cipher | termination]]} | http | inspect | kalap | loadbalance [radius | rdp | rtsp | sip] | optimization | probe | resource-usage | sticky}

Syntax Description

all

Clears all statistical information in a context. The all keyword also clears the resource usage counters.

connection

Clears connection statistical information.

crypto

Clears TLS and SSL statistics from the context. If you do not enter the client or server option, the ACE clears both the client and server statistics.

client

(Optional) Clears the complete TLS and SSL client statistics for the current context.

server

(Optional) Clears the complete TLS and SSL server statistics for the current context.

alert

(Optional) Clears the back-end SSL alert statistics.

authentication

(Optional) Clears the back-end SSL authentication statistics.

cipher

(Optional) Clears the back-end SSL cipher statistics.

termination

(Optional) Clears the back-end SSL termination statistics.

http

Clears HTTP statistical information.

inspect

Clears HTTP inspect statistical information.

kalap

Clears the global server load-balancing (GSLB) statistics.

loadbalance

Clears load-balancing statistical information.

radius

(Optional) Clears Remote Authentication Dial-In User Service (RADIUS) load-balancing statistical information.

rdp

(Optional) Clears Reliable Datagram Protocol (RDP) load-balancing statistical information.

rtsp

(Optional) Clears Real-Time Streaming Protocol (RTSP) load-balancing statistical information.

sip

(Optional) Clears Session Initiation Protocol (SIP) load-balancing statistical information.

optimization

(ACE appliance only) Clears HTTP optimization statistics

probe

Clears probe statistical information.

resource-usage

Clears resource usage-related context statistics

sticky

Clears sticky statistical information.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A4(1.0)

The crypto keyword and client | server [alert | authentication | cipher | termination] options were added.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

The resource-usage keyword was added.

A3(2.1)

The crypto keyword and client | server [alert | authentication | cipher | termination] options were added.


Usage Guidelines

This command requires the loadbalance, inspect, NAT, connection, sticky, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If you have redundancy configured, then you need to explicitly clear sticky statistics on both the active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE's statistics at the old values.

Examples

To clear sticky statistics, enter:

host1/Admin# clear stats sticky

Related Commands

show stats

clear sticky database

To clear dynamic sticky database entries, use the clear sticky database command.

clear sticky database {active-conn-count min value1 max value2 | all | group group_name | time-to-expire min value3 max value4 | type {hash-key value5 | http-cookie value6 | ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5}}

Syntax Description

active-conn-count min value1 max value2

Clears the sticky database entries within the specified connection count range.

all

Clears all dynamic sticky database entries in a context.

group name

Clears all dynamic sticky database entries for the specified sticky group.

time-to-expire min value3 max value4

Clears the sticky database entries within the specified time to expire range.

type {hash-key value5 | http-cookie value6 | ip-netmask {both {source ip_address1 destination ip_address2} | destination ip_address3 | source ip_address4}}

Clears sticky database entries for one of the following sticky group types:

hash-key value

http-cookie value

ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5}


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command does not clear static sticky database entries. To clear static sticky database entries, use the no form of the appropriate sticky configuration mode command. For example, enter
(config-sticky-cookie) static cookie-value or (config-sticky-header) static header-value.

Examples

To clear all dynamic sticky database entries in the Admin context, enter:

host1/Admin# clear sticky database all

Related Commands

show sticky database

clear syn-cookie

To clear the SYN cookie statistics, use the clear syn-cookie command. To clear SYN cookie statistics for all VLANs that are configured in the current context, enter the command with no arguments.

clear syn-cookie [vlan number]

Syntax Description

vlan number

(Optional) Instructs the ACE to clear SYN cookie statistics for the specified interface. Enter an integer from 2 to 2024.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.


ACE Appliance Release
Modification

A3(1.0)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To clear SYN cookie statistics for VLAN 100, enter:

host1/C1# clear syn-cookie vlan 100

 
   

Related Commands

show syn-cookie

clear tcp statistics

To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command.

clear tcp statistics

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the TCP statistics, enter:

host1/Admin# clear tcp statistics

Related Commands

show tcp statistics

clear telnet

To clear a Telnet session, use the clear telnet command.

clear telnet session_id

Syntax Description

session_id

Identifier of the Telnet session to clear, terminating the session.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To obtain the specific Telnet session identification number, use the show telnet command.

Examples

To clear the Telnet session with the identification number of 236, enter:

host1/Admin# clear telnet 236

Related Commands

clear ssh

show telnet

telnet

clear udp statistics

To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command.

clear udp statistics

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To clear the UDP statistics, enter:

host1/Admin# clear udp statistics

Related Commands

show udp statistics

clear user

To clear a user session, use the clear user command.

clear user name

Syntax Description

name

Name of the user to log out.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To display the list of users that are currently logged in to the ACE, use the show users command.

Examples

To log out the user USER1, enter:

host1/Admin# clear user USER1

Related Commands

show users

(config) username

clear vnet stats

To clear control plane virtual network (VNET) device statistics, use the clear vnet stats command.

clear vnet stats

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To clear the VNET statistics, enter:

host1/Admin# clear vnet stats

Related Commands

show vnet

clear xlate

To clear the global address to the local address mapping information based on the global address, global port, local address, local port, interface address as global address, and NAT type, use the clear xlate command.

clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface vlan number] [state static] [portmap]

Syntax Description

global

(Optional) Clears the active translation by the global IP address.

local

(Optional) Clears the active translation by the local IP address.

start_ip

Global or local IP address or the first IP address in a range of addresses. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).

end_ip

(Optional) Last IP address in a global or local range of IP addresses. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).

netmask netmask

(Optional) Specifies the network mask for global or local IP addresses. Enter a mask in dotted-decimal notation (for example, 255.255.255.0).

gport

(Optional) Clears active translations by the global port.

lport

(Optional) Clears active translations by the local port.

start_port

Global or local port number.

end_port

(Optional) Last port number in a global or local range of ports.

interface vlan number

(Optional) Clears active translations by the VLAN number.

state static

(Optional) Clears active translations by the state.

portmap

(Optional) Clears active translations by the port map.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you enter this command, the ACE releases sessions that are using the translations (Xlates).

If you configure redundancy, then you need to explicitly clear Xlates on both the active and the standby ACEs. Clearing Xlates on the active ACE does not clear Xlates in the standby ACE.

Examples

To clear all static translations, enter:

host1/Admin# clear xlate state static

Related Commands

show xlate

clock set

(ACE appliance only) To set the time and the date for an ACE, use the clock set command in Exec mode.

clock set hh:mm:ss DD MONTH YYYY

Syntax Description

hh:mm:ss

Current time to which the ACE clock is being reset. Specify one or two digits for the hour, minutes, and seconds.

DD MONTH YYYY

Current date to which the ACE clock is being reset. Specify the full name of the month, one or two digits for the day, and four digits for the year. The following month names are recognized:

January

February

March

April

May

June

July

August

September

October

November

December


Command Modes

Exec

Admin and user contexts

Command History

ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you enter this command, the ACE displays the current configured date and time.

If you want to use the Network Time Protocol (NTP) to automatically synchronize the ACE system clock to an authoritative time server (such as a radio clock or an atomic clock), see Chapter 1, Setting Up the ACE, in the Administration Guide, Cisco ACE Application Control Engine. In this case, the NTP time server automatically sets the ACE system clock.

If you previously configured NTP on an ACE, the ACE prevents you from using the clock set command and displays an error message. To manually set the ACE system clock, remove the NTP peer and NTP server from the configuration before setting the clock on an ACE.

Examples

For example, to specify a time of 1:38:30 and a date of October 7, 2008, enter:

host1/Admin# clock set 01:38:30 7 Oct 2008
Wed Oct 7 01:38:30 PST 2008

Related Commands

show clock

(config) clock timezone

(config) clock summer-time

compare

To compare an existing checkpoint with the running-configuration file, use the compare command.

compare checkpoint_name

Syntax Description

checkpoint_name

Specifies the name of an existing checkpoint. The compare function defaults to comparing the specified checkpoint with the running-config.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module/Appliance Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If the checkpoint configuration is the same as the running-config, the output of this command is:

Checkpoint config is same as running config
 
   

If the checkpoint configuration is different from the running-config, the output will be the difference between the two configurations.

Examples

To compare the CHECKPOINT_1 checkpoint with the running-config, enter the following command:

host1/Admin# compare CHECKPOINT_1
 
   

Related Commands

checkpoint

copy checkpoint

show checkpoint

configure

To change from the Exec mode to the configuration mode, use the configure command.

configure [terminal]

Syntax Description

terminal

(Optional) Enables you to configure the system from the terminal.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires one or more features assigned to your user role, such as the AAA, interface, or fault-tolerant features. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To return to the Exec mode from the configuration mode, use the exit command.

To execute an Exec mode command from any of the configuration modes, use the do version of the command.

Examples

To change to the configuration mode from the Exec mode, enter:

host1/Admin# configure
host1/Admin(config)#

Related Commands

exit

copy capture

To copy an existing context packet capture buffer as the source file in the ACE compact flash to another file system, use the copy capture command.

copy capture capture_name disk0: [path/]destination_name

Syntax Description

capture_name

Name of the packet capture buffer on the disk0: file system. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

disk0:

Specifies that the buffer is copied to the disk0: file system.

[path/]destination_name

Destination path (optional) and name for the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the ACE and free memory.

Examples

To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter:

host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1

Related Commands

clear capture

show capture

copy checkpoint

To copy a checkpoint file to a remote server, use the copy checkpoint command.

copy checkpoint:filename disk0:[path/]filename | image:image_name | startup-config | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

Syntax Description

filename

Filename of the checkpoint file residing on the ACE in flash memory.

disk0:[path/]filename

Specifies that the file destination is the disk0: directory of the current context and the filename for the checkpoint. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

image:image_name

Specifies that the file destination is an image in the image: directory.

startup-config

Specifies that the destination file is the startup-configuration file.

ftp://server/path[/filename]

Specifies the File Transfer Protocol (FTP) network server and optional renamed checkpoint file.

sftp://[username@]server/path[/filename]

Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed checkpoint file.

tftp://server[:port]/path[/filename]

Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed checkpoint file.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(1.6)

This command was introduced.


ACE Appliance Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

Examples

To copy a checkpoint file from the ACE to a remote FTP server, enter:

host1/Admin# copy checkpoint:CHECKPOINT1.txt ftp://192.168.1.2 
Enter the destination filename[]? [CHECKPOINT1.txt]
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).

Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server.


Related Commands

checkpoint

compare

show checkpoint

copy core:

To copy a core file to a remote server, use the copy core: command.

copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

Syntax Description

filename1

Filename of the core dump residing on the ACE in flash memory. Use the dir core: command to view the core dump files available in the core: file system.

disk0:[path/]filename2

Specifies that the file destination is the disk0: directory of the current context and the filename for the core. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

ftp://server/path[/filename]

Specifies the File Transfer Protocol (FTP) network server and optional renamed core dump.

sftp://[username@]server/path[/filename]

Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed core dump.

tftp://server[:port]/path[/filename]

Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed core dump.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

Examples

To copy a core file from the ACE to a remote FTP server, enter:

host1/Admin# copy core:np0_crash.txt ftp://192.168.1.2 
Enter the destination filename[]? [np0_crash.txt]
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).

Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server.


Related Commands

dir

copy disk0:

To copy a file from one directory in the disk0: file system of flash memory to another directory in disk0: or a network server, use the copy disk0: command.

copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | image:image_filename | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config}

Syntax Description

disk0:[path/]filename1

Specifies the name of the file to copy in the disk0: file system. Use the dir disk0: command to view the files available in disk0:. If you do not provide the optional path, the ACE copies the file from the root directory on the disk0: file system.

disk0:[path/]filename2

Specifies that the file destination is the disk0: directory of the current context and the filename for the core. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

ftp://server/path[/filename]

Specifies the File Transfer Protocol (FTP) network server and optional renamed file.

image:image_filename

Specifies the image: filesystem and the image filename.

sftp://[username@]server/path[/filename]

Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed file.

ftp://server[:port]/path[/filename]

Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed file.

running-config

Specifies to replace the running-configuration file that currently resides on the ACE in volatile memory.

startup-config

Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

Examples

To copy the file called SAMPLEFILE to the MYSTORAGE directory in flash memory, enter:

host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILE

Related Commands

dir

copy ftp:

To copy a file, software image, running-configuration file, or startup-configuration file from a remote File Transfer Protocol (FTP) server to a location on the ACE, use the copy ftp: command.

copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}

Syntax Description

ftp://server/path[/filename]

Specifies the FTP network server and optional file to copy.

disk0:[path/]filename

Specifies that the file destination is the disk0: directory of the current context and the filename. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

image: [image_name]

Specifies to copy a system software image to flash memory. Use the boot system command in configuration mode to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. The image: keyword is available only in the Admin context. The image_name argument is optional. If you do not enter a name, the ACE uses the source filename.

running-config

Specifies to replace the running-configuration file that currently resides on the ACE in RAM (volatile memory).

startup-config

Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory (nonvolatile memory).


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To copy a startup-configuration file from a remote FTP server to the ACE, enter:

host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-config

Related Commands

show running-config

show startup-config

copy image:

To copy an ACE software system image from flash memory to a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy image: command.

copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

Syntax Description

image_filename

Name of the ACE system software image. Use the dir image: command or the show version command to view the software system images available in flash memory.

ftp://server/path[/filename]

Specifies the FTP network server and optional renamed image.

sftp://[username@]server/path[/filename]

Specifies the SFTP network server and optional renamed image.

tftp://server[:port]/path[/filename]

Specifies the TFTP network server and optional renamed image.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

Examples

ACE Module Example

To save a software system image to a remote FTP server, enter:

host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2 

ACE Appliance Example

To save a software system image to a remote FTP server, enter:

host1/Admin# copy image:c4710ace-mz.A3_1_0.bin ftp://192.168.1.2 

Related Commands

dir

show version

copy licenses

To create a backup license file for the ACE licenses in the .tar format and copy it to the disk0: file system, use the copy licenses command.

copy licenses disk0:[path/]filename.tar

Syntax Description

disk0:

Specifies that the backup license file is copied to the disk0: file system.

[path/]filename.tar

Specifies the destination filename for the backup licenses. The destination filename must have a .tar file extension. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To copy the installed software licenses to the disk0: file system, enter:

host1/Admin# copy licenses disk0:mylicenses.tar

Related Commands

show license

untar disk0:

copy probe:

To copy scripted probe files from the probe: directory to the disk0: file system on the ACE or a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy probe: command.

copy probe:probe_filename {disk0:[path/]filename | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

Syntax Description

probe_filename

Name of the scripted probe file. Use the dir probe: command to view the files available in flash memory.

disk0:

Specifies that the probe file is copied to the disk0: file system.

ftp://server/path[/filename]

Specifies the FTP network server and optional renamed image.

sftp://[username@]server/path[/filename]

Specifies the SFTP network server and optional renamed image.

tftp://server[:port]/path[/filename]

Specifies the TFTP network server and optional renamed image.


Command Modes

Exec

Admin context only

Command History

ACE Module/Appliance Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

Examples

To copy a probe file to a remote FTP server, enter:

host1/Admin# copy probe:IMAP_PROBE ftp://192.168.1.2 
 
   

Related Commands

dir

copy running-config

To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration file in flash memory (nonvolatile memory) or a network server, use the copy running-config command.

copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

Syntax Description

disk0:[path/]filename

Specifies that the running configuration is copied to a file on the disk0: file system. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

startup-config

Copies the running configuration file to the startup configuration file.

ftp://server/path[/filename]

Specifies the File Transfer Protocol (FTP) network server and optional renamed file.

sftp://[username@]server/path[/filename]

Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed file.

tftp://server[:port]/path[/filename]

Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed file.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

To copy the running configuration to the startup configuration, you can also use the write memory command.

Examples

To save the running-configuration file to the startup-configuration file in flash memory on the ACE, enter:

host1/Admin# copy running-config startup-config 

Related Commands

show running-config

show startup-config

write

copy startup-config

To merge the contents of the startup configuration file into the running configuration file or copy the startup configuration file to a network server, use the copy startup-config command.

copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

Syntax Description

disk0:[path/]filename

Specifies that the startup configuration is copied to a file on the disk0: file system. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

running-config

Merges contents of the startup configuration file into the running configuration file.

ftp://server/pat[/filename]

Specifies the File Transfer Protocol (FTP) network server and optional renamed file.

sftp://[username@]server/path[/filename]

Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed file.

tftp://server[:port]/path[/filename]

Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed file.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

Examples

To merge the contents of the startup-configuration file into the running-configuration file in flash memory, enter:

host1/Admin# copy startup-config running-config

Related Commands

show startup-config

copy sftp:

To copy a file, software image, running-configuration file, or startup-configuration file from a remote Secure File Transfer Protocol (SFTP) server to a location on the ACE, use the copy sftp: command.

copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name] | running-config | startup-config}

Syntax Description

sftp://[username@]server/path[/filename]

Specifies the SFTP network server and optional renamed file.

disk0:[path/]filename

Specifies that the file destination is the disk0: directory of the current context and the filename. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

image: [image_name]

Specifies to copy a system software image to flash memory. Use the boot system command in configuration mode to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. The image: keyword is available only in the Admin context. The image_name argument is optional. If you do not enter a name, the ACE uses the source filename.

running-config

Specifies to replace the running-configuration file that currently resides on the ACE in RAM (volatile memory).

startup-config

Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory (nonvolatile memory).


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To copy a startup-configuration file from a remote SFTP server to the ACE, enter:

host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-config

Related Commands

show running-config

show startup-config

copy tftp:

To copy a file, software image, running-configuration file, or startup-configuration file from a remote Trivial File Transfer Protocol (TFTP) server to a location on the ACE, use the copy tftp: command.

copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}

Syntax Description

tftp://server[:port]/path[/filename]

Specifies the TFTP network server and optional renamed file.

disk0:[path/]filename

Specifies that the file destination is the disk0: directory of the current context and the filename. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

image: [image_name]

Specifies to copy a system software image to flash memory. Use the boot system command in configuration mode to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. The image: keyword is available only in the Admin context. The image_name argument is optional. If you do not enter a name, the ACE uses the source filename.

running-config

Specifies to replace the running-configuration file that currently resides on the ACE in RAM (volatile memory).

startup-config

Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory (nonvolatile memory).


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To copy a startup-configuration file from a remote TFTP server to the ACE, enter:

host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-config

Related Commands

show running-config

show startup-config

crypto crlparams

To configure signature verification on a Certificate Revocation List (CRL) to determine that it is from a trusted certificate authority, use the crypto crlparams command.

crypto crlparams crl_name cacert ca_cert_filename

no crypto crlparams crl_name

Syntax Description

crl_name

Name of an existing CRL.

ca_cert_filename

Name of the CA certificate file used for signature verification.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(1.4) and A2(2.1)

This command was introduced.


ACE Appliance Release
Modification

A3(2.2)

This command was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To configure signature verification on a CRL, enter:

host1/Admin(config)# crypto crlparams CRL1 cacert MYCERT.PEM

To remove signature verification from a CRL, enter:

host1/Admin(config)# no crypto crlparams CRL1

 
   

Related Commands

(config-ssl-proxy) crl

crypto delete

To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete command.

crypto delete {filename | all}

Syntax Description

filename

Name of a specific certificate or key pair file to delete. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.

all

Deletes all of the certificate and key pair files.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The all option does not delete the preinstalled sample certificate and key files. When you use the all keyword, the ACE prompts you with the following message to verify the deletion:

This operation will delete all crypto files for this context from the disk, but will not 
interrupt existing SSL services.  If new SSL files are not applied SSL services will be 
disabled upon next vip inservice or device reload.
Do you wish to proceed? (y/n)  [n] 
 
   

To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.

You cannot delete the ACE cisco-sample-key and cisco-sample-cert files.

Examples

To delete the key pair file MYRSAKEY.PEM, enter:

host1/Admin# crypto delete MYRSAKEY.PEM

Related Commands

crypto export

crypto import

show crypto

crypto export

To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen, use the crypto export command.

crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename

Syntax Description

local_filename

Name of the file stored on the ACE to export. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.

ftp

Specifies the File Transfer Protocol (FTP) file transfer process.

sftp

Specifies the Secure File Transfer Protocol (SFTP) file transfer process.

tftp

Specifies the Trivial File Transfer Protocol (TFTP) file transfer process.

terminal

Displays the file content on the terminal for copy and paste purposes. Use the terminal keyword when you need to cut and paste certificate or private key information from the console. You can only use the terminal method to display PEM files, which are in ASCII format.

ip_addr

IP address or name of the remote server. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).

username

Username required to access the remote server. The ACE prompts you for your password when you enter the command.

remote_filename

Name to save the file to on the remote server. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

You cannot export a certificate or key pair file that you marked as nonexportable when you imported the file to the ACE.

The remote server variables listed after the terminal keyword in the "Syntax Description" are used by the ACE only when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). We recommend using SFTP as it provides the most security.

To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.

Examples

To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter:

host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEM
User password: ****
Writing remote file /usr/keys/mykey.pem
host1/Admin#

Related Commands

crypto delete

crypto import

show crypto

crypto generate csr

To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command.

crypto generate csr csr_params key_filename

Syntax Description

csr_params

CSR parameters file that contains the distinguished name attributes. The ACE applies the distinguished name attributes contained in the CSR parameters file to the CSR.

To create a CSR parameters file, use the (config) crypto csr-params command in the configuration mode.

key_filename

RSA key pair filename that contains the key on which the CSR is built. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. It is the public key that the ACE embeds in the CSR. Ensure that the RSA key pair file is loaded on the ACE for the current context. If the appropriate key pair does not exist, the ACE logs an error message.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs it to the screen. Most major certificate authorities have web-based applications that require you to cut and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file.


Note The ACE does not save a copy of the CSR locally.


After submitting your CSR to the CA, you will receive your signed certificate in one to seven business days. When you receive your certificate, use the crypto import command to import the certificate to the ACE.

Examples

To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in the file MYRSAKEY_1.PEM, enter:

host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEM

Related Commands

crypto import

(config) crypto csr-params

crypto generate key

To generate an RSA key pair file, use the crypto generate key command.

crypto generate key [non-exportable] bitsize filename

Syntax Description

non-exportable

(Optional) Marks the key pair file as nonexportable, which means that you cannot export the key pair file from the ACE.

bitsize

Key pair security strength. The number of bits in the key pair file defines the size of the RSA key pair used to secure web transactions. Longer keys produce a more secure implementation by increasing the strength of the RSA security policy. Available entries (in bits) are as follows:

512 (least security)

768 (normal security)

1024 (high security, level 1)

1536 (high security, level 2)

2048 (high security, level 3

filename

Name that you assign to the generated RSA key pair file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.The key pair filename is used only for identification purposes by the ACE.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To generate the RSA key pair file MYRSAKEYS.PEM with a bit size of 1536, enter:

host1/Admin# crypto generate key 1536 MYRSAKEYS.PEM

Related Commands

crypto delete

crypto export

crypto generate csr

crypto import

crypto verify

show crypto

crypto import

To import certificate or key pair files to the ACE or terminal screen from a remote server, use the crypto import command.

crypto import [non-exportable] {bulk sftp [passphrase passphrase] ip_addr username remote_url} | {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} | terminal local_filename [passphrase passphrase]

Syntax Description

non-exportable

(Optional) Specifies that the ACE marks the imported file as nonexportable, which means that you cannot export the file from the ACE.

bulk

Specifies the importing of multiple certificate or key pair files simultaneously.

sftp

Specifies the Secure File Transfer Protocol (SFTP) file transfer process.

ftp

Specifies the File Transfer Protocol (FTP) file transfer process.

passphrase passphrase

(Optional) Indicates that the file was created with a passphrase, which you must submit with the file transfer request in order to use the file. The passphrase pertains only to encrypted PEM files and PKCS files.

ip_addr

IP address or name of the remote server. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).

username

Username required to access the remote server. The ACE prompts you for your password when you enter the command.

remote_url

Path to the certificate or key pair files that reside on the remote server to import. The ACE matches only files specified by the URL. Enter a file path including wildcards (for example, /remote/path/*.pem). To fetch all files from a remote directory, specify a remote URL that ends with a wildcard character (for example, /remote/path/*).

The ACE module fetches all files on the remote server that matches the wildcard criteria. However, it imports only files with names that have a maximum of 40 characters. If the name of a file exceeds 40 characters, the ACE module does not import the file and discards it.

remote_filename

Name of the certificate or key pair file that resides on the remote server to import. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.

local_filename

Name to save the file to when imported to the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.

tftp

Specifies the Trivial File Transfer Protocol (TFTP) file transfer process.

terminal

Allows you to import a file using cut and paste by pasting the certificate and key pair information to the terminal display. You can only use the terminal method to display PEM files, which are in ASCII format.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(2.0)

The bulk keyword was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The bulk keyword was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Because a device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both corresponding file types: the certificate file and its corresponding key pair file.

The remote server variables listed after the passphrase variable in the Syntax Description table are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). If you select one of these transport types and do not define the remote server variables, the ACE prompts you for the variable information. We recommend using SFTP because it provides the most security.

The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width. Of these methods, we recommend SFTP because it is secure.

This bulk keyword imports files with the names that they have on the remote server and does not allow you to rename the files.

If you attempt to import a file that has the same filename of an existing local file, the ACE module does not overwrite the existing file. Before importing the updated file, you must either delete the local file or rename the imported file.

The ACE supports 4096 certificates and 4096 keys.

The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.

To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.

Examples

To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter:

host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM 
MYKEY.PEM
Password: ********
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
#
Successfully imported file from remote server.
host1/Admin#
 
   

This example shows how to use the terminal keyword to allow pasting of the certificate information to the file MYCERT.PEM:

host1/Admin# crypto import terminal MYCERT.PEM
Enter PEM formatted data ending with a blank line or "quit" on a line by itself
--------BEGIN CERTIFICATE-----------------------
MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3
-----------END CERTIFICATE------------------------
QUIT
host1/Admin#
 
   

This example shows how to use the bulk keyword to import all of the RSA key files from an SFTP server:

host1/Admin# crypto import bulk sftp 1.1.1.1 JOESMITH /USR/KEYS/*.PEM
Initiating bulk import. Please wait, it might take a while...
Connecting to 1.1.1.1...
Password: password
...
Bulk import complete. Summary:
Network errors: 											0
Bad file URL: 0
Specified local files already exists:											0
Invalid file names: 											1
Failed reading remote files: 											5
Failed reading local files: 											0
Failed writing local files: 											0
Unknown errors: 											0
Successfully imported: 											10
host1/Admin#
 
   

Related Commands

crypto delete

crypto export

crypto verify

show crypto

crypto verify

To compare the public key in a certificate with the public key in a key pair file, and to verify that they are identical, use the crypto verify command.

crypto verify key_filename cert_filename

Syntax Description

key_filename

Name of the key pair file (stored on the ACE) that the ACE uses to verify against the specified certificate. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.

cert_filename

Name of the certificate file (stored on the ACE) that the ACE uses to verify against the specified key pair. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If the public key in the certificate does not match the public key in the key pair file, the ACE logs an error message.

To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.

Examples

To verify that the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match, enter:

host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEM
keypair in myrsakey.pem matches certificate in mycert.pem
 
   

This example shows what happens when the public keys do not match:

host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEM
Keypair in myrsakey2.pem does not match certificate in mycert.pem
host1/Admin#

Related Commands

crypto import

show crypto

debug

To enable the ACE debugging functions, use the debug command.

debug {aaa | access-list | accmgr | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr [rhi-info] | clock | fifo | fm | gslb | ha_dp_mgr | ha_mgr | hm | ifmgr | ip | ipcp | lcp | ldap | license | logfile | mtsmon | nat-download | netio | ntp | pfmgr | pktcap | portmgr | radius | routemgr | scp | scripted_hm | security | sme | snmp | ssl | syslogd | system | tacacs+ | time | tl | virtualization | vnet}

Syntax Description

aaa

Enables debugging for authentication, authorization, and accounting (AAA).

access-list

Enables access-list debugging.

accmgr

Loglevel options for application acceleration CM.

arpmgr

Enables Address Resolution Protocol (ARP) manager debugging.

bpdu

Enables bridge protocol data unit (BPDU) debugging.

buffer

Configures debugging of CP buffer manager.

cfg_cntlr

Enables configuration controller debugging.

cfgmgr

Enables configuration manager debugging.

rhi-info

(Optional, ACE module only) Enables route health injection (RHI) debugging.

clock

(ACE module only) Enables clock module debugging.

fifo

Configures debugging of the packet first in, first out (FIFO) driver.

fm

Enables ACE feature manager debugging.

gslb

Enables GSLB protocol debugging.

ha_dp_mgr

Enables HA-DP debugging.

ha_mgr

Enables HA debugging.

hm

Enables HM debugging.

ifmgr

Enables interface manager debugging.

ip

Enables IP service debugging.

ipcp

Enables interprocess control protocol debugging.

lcp

(ACE module only) Enables the debugging of the line card processor.

ldap

Configures debugging for Lightweight Directory Access Protocol (LDAP).

license

Enables the debugging of licensing.

logfile

Directs the debug output to a log file.

mtsmon

Enables MTS monitor debugging.

nat-download

Enables Network Address Translation (NAT) download debugging.

netio

Enables the debugging of the CP network I/O.

ntp

(ACE appliance only) Debugs the Network Time Protocol (NTP) module.

pfmgr

Enables the debugging of the platform manager.

pktcap

Enables packet capture debugging.

portmgr

(ACE appliance only) Debugs the port manager.

radius

Configures debugging for the Remote Authentication Dial-In User Service (RADIUS) daemon.

routemgr

Enables route manager debugging.

ipcp

Enables the debugging of the kernel IPCP component.

scp

(ACE module only) Configures debugging for the Switch Module Control protocol.

scripted_hm

Enables scripted health monitoring debugging.

security

Enables the debugging for security and accounting.

sme

Enables the debugging for the System Manager Extension.

snmp

Configures Simple Network Management Protocol (SNMP) server debugging.

ssl

Enables ACE SSL manager debugging.

syslogd

Enables syslogd debugging.

system

Enables debugging of the system components.

tacacs+

Configures debugging for Terminal Access Controller Access Control System Plus (TACACS+).

tl

Configures debugging of TL driver.

virtualization

Enables virtualization debugging.

vnet

Configures debugging of virtual net-device driver.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.

A4(1.0)

The rhi-info option was added.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was revised.

A4(1.0)

The hardware and optimize options was removed.


Usage Guidelines

This command is available to roles that allow debugging and to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.

Examples

To enable access-list debugging, enter:

host1/Admin# debug access-list

Related Commands

clear debug-logfile

show debug

delete

To delete a specified file in an ACE file system, use the delete command.

delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}

Syntax Description

core:filename

Deletes the specified file from the core: file system.

disk0:[path/]filename

Deletes the specified file from the disk0: file system. If you do not specify the optional path, the ACE looks for the file in the root directory of the disk0: file system.

image:filename

Deletes the specified file from the image: file system.

volatile:filename

Deletes the specified file from the volatile: file system.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If you do not specify a filename with the file system keyword, the ACE prompts you for a filename.

To display the list of files that reside in a file system, use the dir command.

Examples

To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:

host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZ

Related Commands

dir

dir

To display the contents of a specified ACE file system, use the dir command.

dir {core: | disk0:[path/][filename] | image:[filename] | probe:[filename] | volatile:[filename]}

Syntax Description

core:

Displays the contents of the core: file system.

disk0:[path/]

Displays the contents of the disk0: file system. Specify the optional path to display the contents of a specific directory on the disk0: file system.

image:

Displays the contents of the image: file system.

probe:

Displays the contents of the probe: file system. This directory contains the Cisco-supplied scripts. For more information about these scripts, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine.

volatile:

Displays the contents of the volatile: file system.

filename

(Optional) Specified file to display. Displays information, such as the file size and the date that it was created. You can use wildcards in the filename. A wildcard character (*) matches all patterns. Strings after a wildcard are ignored.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

The probe: option was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

The probe: option was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To delete a file from a file system, use the delete command.

To delete all core dumps, use the clear cores command.

Examples

ACE Module Example

To display the contents of the disk0: file system, enter:

host1/Admin# dir disk0:

ACE Appliance Example

To display the contents of the image: file system, enter:

switch/Admin# dir image:
 
   
176876624 Aug 08 2008 14:15:31 c4710ace-mz.A3_1_0.bin
176876624 Jun 9 14:15:31 2008 c4710ace-mz.A1_8_0A.bin
 
   
           Usage for image: filesystem
                  896978944 bytes total used
                   11849728 bytes free
                  908828672 bytes total

Related Commands

clear cores

delete

show file

dm

(ACE Appliance only) To verify the state of the Device Manager (DM), restart it when it is inoperative, or upload a lifeline file to a TFTP server, use the dm command.

dm {help | {lifeline tftp host port}| reload | status}

Syntax Description

help

Displays the list of keywords that are available for use on the dm command.

lifeline tftp host port

Creates and uploads a lifeline (anm-lifeline.tar.gz) file through TFTP.

reload

Restarts the DM with a reinitialized database.

status

Displays the status of the DM.


Command Modes

Exec

Admin context

Command History

ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.6)

This command is no longer hidden


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To display the status of the DM, enter:

host1/Admin# dm status

Related Commands

This command has no related commands.

exit

To exit out of Exec mode and log out the CLI session, use the exit command.

exit

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To log out of an active CLI session, enter:

host1/Admin# exit

Related Commands

This command has no related commands.

format flash:

To erase all data stored in the Flash memory and reformat it with the ACE module FAT16 filesystem or the ACE appliance third extended filesystem (ext3) as the base file system, use the format flash: command. All user-defined configuration information is erased and the ACE returns to the factory-default settings.

format flash:

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

A4(1.0)

This command was introduced and replaced the format disk0: command.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

(ACE appliance only) The ACE performs the following verification sequence prior to reformatting Flash memory:

If the system image (the current loaded image) is present in the GNU GRand Unified Bootloader (GRUB) boot loader, the ACE automatically performs a backup of that image and then performs the reformat of Flash memory.

If the system image is not present in the GRUB boot loader, the ACE prompts you for the location of an available image to backup prior to reformatting the Flash memory.

If you choose not to backup an available image file, the ACE searches for the ACE-APPLIANCE-RECOVERY-IMAGE.bin image in the Grub partition of Flash memory. ACE-APPLIANCE-RECOVERY-IMAGE.bin is the recovery software image that the ACE uses if the disk partition in Flash memory is corrupted.

If ACE-APPLIANCE-RECOVERY-IMAGE.bin is present, the ACE continues with the Flash memory reformat. The CLI prompt changes to "switch(RECOVERY-IMAGE)/Admin#" as a means for you to copy the regular ACE software image.

If ACE-APPLIANCE-RECOVERY-IMAGE.bin is not present, the ACE stops the Flash memory reformat because there is no image to boot after format.

Before you reformat the Flash memory, you should save a copy of the following ACE operation and configuration attributes to a remote server:

ACE software image (use the copy image: command)

ACE license (use the copy licenses command)

Startup configuration of each context (use the copy startup-config command)

Running configuration of each context (use the copy running-config command)

Core dump files of each context (use the copy core: command)

Packet capture buffers of each context (use the copy capture command)

Secure Sockets Layer (SSL) certificate and key pair files of each context (use the crypto export command)

After you reformat the Flash memory, perform the following actions:

Copy the ACE software image to the image: file system using the copy ftp:, copy tftp:, or copy sftp: command

Reinstall the ACE license using the license command

Import the following configuration files into the associated context using the copy disk0: command:

Startup-configuration file

Running-configuration file

Import the following SSL files into the associated context using the crypto import command:

SSL certificate files

SSL key pair files

Examples

For example, to erase all information in Flash memory and reformat it, enter:

host1/Admin# format flash:
Warning!! This will erase everything in the compact flash including startup configs for 
all the contexts and reboot the system!!
Do you wish to proceed anyway? (yes/no)  [no] yes
 
   

If the ACE fails to extract a system image from the Grub bootloader, it prompts you to provide the location of an available system image to backup:

Failed to extract system image Information from Grub
backup specific imagefile? (yes/no)  [no] yes 
Enter Image name: scimi-3.bin
Saving Image [scimi-3.bin]
Formatting the cf.....
Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...
 
   
Unmounting compact flash filesystems...
format completed  successfully
Restoring Image backupimage/scimi-3.bin
kjournald starting.  Commit interval 5 seconds
REXT3 FS on hdb2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
starting graceful shutdown
switch/Admin# Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...

Related Commands

copy capture
copy ftp:
copy tftp:
copy sftp:
crypto export
crypto import
dir
license

ft switchover

To purposely cause a failover to make a particular context active, use the ft switchover command.

ft switchover [all [force] | force | group_id [force]]

Syntax Description

all

(Optional) Causes a switchover of all FT groups configured in the ACE simultaneously.

force

(Optional) Causes a switchover of the Admin context if you enter the command in the Admin context and do not specify a group ID, or the specified FT group, while ignoring the state of the standby member. Use this option only when the fault-tolerant (FT) VLAN is down.

group_id

(Optional) Causes a switchover of the specified FT group. Enter the ID of an existing FT group as an integer from 1 to 255.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

Added the all keyword.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

Added the all keyword.

A3(2.2)

This command is disabled by default for the network-monitor role.


Usage Guidelines

This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT group, which forces a switchover.

You may need to force a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully become the active member of the FT group, a switchover occurs. To use this command, you must configure the no preempt command in FT group configuration mode.

The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context:

Admin context—If you specify an FT group ID, then the FT group specified by the group ID switches over. If you do not specify a group ID, then the Admin context switches over.

User context—Because you cannot specify an FT group ID in a user context, the context in which you enter the command switches over.

When you specify the ft switchover command, there may be brief periods of time when the configuration mode is enabled on the new active group member to allow the administrator to make configuration changes. However, these configuration changes are not synchronized with the standby group member and will exist only on the active group member. We recommend that you refrain from making any configuration changes after you enter the ft switchover command until the FT states stabilize to ACTIVE and STANDBY_HOT. Once the FT group reaches the steady state of ACTIVE and STANDBY_HOT, any configuration changes performed on the active group member will be incrementally synchronized to the standby group member, assuming that configuration synchronization is enabled.

Examples

To cause a switchover from the active ACE to the standby ACE of FT group1, enter:

host1/Admin# ft switchover 1

Related Commands

(config-ft-group) preempt

gunzip

To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe script files), use the gunzip command.

gunzip disk0:[path/]filename.gz

Syntax Description

disk0:[path/]filename.gz

Specifies the name of the compressed file on the disk0: file system. The filename must end with a .gz extension. If you do not specify the optional path, the ACE looks for the file in the root directory.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file that is zipped by the gzip (GNU zip) compression utility.

To display a list of available zipped files on disk0:, use the dir command.

Examples

To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file system, enter:

host1/Admin# gunzip disk0:PROBE_SCRIPTS.gz

Related Commands

dir

invoke context

To display the context running configuration information from the Admin context, use the invoke context command.

invoke context context_name show running-config

Syntax Description

context_name

Name of user-created context. This argument is case sensitive.


Command Modes

Exec

Admin context

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To display the running configuration for the C1 user context from the Admin context, enter:

host1/Admin# invoke context C1 show running-config
 
   

Related Commands

This command has no related commands.

license

To install, update, or uninstall licenses on the ACE, use the license command.

license {install disk0:[path/]filename [target_filename] | uninstall {name | all} | update disk0:[path/]permanent_filename demo_filename}

Syntax Description

install disk0:[path/]filename

Installs a demo or permanent license from the disk0: file system into flash memory on the ACE. The filename is the name of the license on the disk0: file system. If you do not specify the optional path, the ACE looks for the file in the root directory.

target_filename

(Optional) Target filename for the license file.

uninstall name

Uninstalls the specified license file. Enter the license name as an unquoted text string with no spaces.

all

Uninstalls all installed licenses in the ACE.

update disk0:

Updates an installed demo license with a permanent license.

[path/]permanent_filename

Filename for the permanent license.

demo_filename

Filename for the demo license.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A4(1.0)

Added the all keyword to the uninstall option


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

Added the all keyword to the uninstall option


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

After you receive a demo or permanent software license key in an e-mail from Cisco Systems, you must copy the license file to a network server and then use the copy tftp command in Exec mode to copy the file to the disk0: file system on the ACE.

To update an installed demo license with a permanent license, use the license update command. The demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage command.

To back up license files, use the copy licenses command


Caution When you remove a demo or permanent virtual context license, the ACE removes all user contexts from the Admin running configuration. By removing the user contexts, their running and startup configurations are also removed from the ACE. Before removing any virtual context license, back up the Admin running configuration and the user context running configurations to a remote server.

For more information about the types of ACE licenses available and how to manage the licenses on your ACE, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To install a new permanent license, enter:

host1/Admin# license install disk0:ACE-VIRT-020.LIC
 
   

To uninstall a license, enter:

host1/Admin# license uninstall ACE-VIRT-20.LIC
 
   

ACE Module Example

To update the demo license with a permanent license, enter:

host1/Admin# license update disk0:ACE-VIRT-250.LIC ACE-VIRT-250-demo.LIC

ACE Appliance Example

To update the demo license with a permanent license, enter:

host1/Admin# license update disk0:ACE-AP-VIRT-020.lic ACE-AP-VIRT-020-DEMO.lic

Related Commands

copy licenses

copy tftp:

show license

mkdir disk0:

To create a new directory in disk0:, use the mkdir disk0: command.

mkdir disk0:[path/]directory_name

Syntax Description

[path/]directory_name

Name that you assign to the new directory. Specify the optional path if you want to create a directory within an existing directory.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If a directory with the same name already exists, the ACE does not create the new directory and the "Directory already exists" message appears.

Examples

To create a directory in disk0: called TEST_DIRECTORY, enter:

host1/Admin# mkdir disk0:TEST_DIRECTORY

Related Commands

dir

rmdir disk0:

move disk0:

To move a file between directories in the disk0: file system, use the move disk0: command.

move disk0:[source_path/]filename disk0:[destination_path/]filename

Syntax Description

disk0:

Indicates the disk0: file system of the current context.

source_path/

(Optional) Path of the source directory.

destination_path/

(Optional) Path of the destination directory.

filename

Name of the file to move in the disk0: file system.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If a file with the same name already exists in the destination directory, that file is overwritten by the file that you move.

Examples

To move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:, enter:

host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILE

Related Commands

dir

np session

(ACE module only) To execute network processor-related commands, use the np session command.

np session {disable | enable}

Syntax Description

disable

Disables sessions to the network processor from the supervisor engine.

enable

Enables sessions to the network processor from the supervisor engine.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To enable sessions to the network processor from the supervisor engine, enter:

host1/Admin# np session enable

Related Commands

This command has no related commands.

ping

To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the ping command.

ping [ip | ipv6 [system_address [count count [size size [timeout time]]]]]

Syntax Description

ip | ipv6

(Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address.

system_address

(Optional) IP address of the remote host to ping. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). If you do not specify the IP address of the remote host, the CLI prompts you for the information.

count count

(Optional) Repeat count. Enter the repeat count as an integer from 1 to 65000. The default is 5.

size size

(Optional) Datagram size. Enter the datagram size as an integer from 36 to 1440. The default is 100.

timeout time

(Optional) Timeout in seconds. Enter the timeout value as an integer from 0 to 3600. The default is 2.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A4(1.0)

The size option was increased from 452 to 1440.

A5(1.0)

Added IPv6 support.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.5)

At the datagram size prompt for the extended ping command, the size was increased from 452 to 1400.

A3(2.6)

The size option was increased from 452 to 1440.

A5(1.0)

Added IPv6 support.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The ping command sends an echo request packet to an address from the current context on the ACE and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and the path, and whether the host can be reached or is functioning.

To terminate a ping session before it reaches its timeout value, press Ctrl-C.

Examples

IPv6 Example

To send a ping to the IPv6 loopback address 0:0:0:0:0:0:0:1, enter the following command:

host1/Admin# ping ::1
PING 0:0:0:0:0:0:0:1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=255 time=0.039 ms
64 bytes from ::1: icmp_seq=2 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=3 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=4 ttl=255 time=0.108 ms
64 bytes from ::1: icmp_seq=5 ttl=255 time=0.126 ms
 
   
--- 0:0:0:0:0:0:0:1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8002ms
rtt min/avg/max/mdev = 0.000/0.054/0.126/0.053 ms
 
   

To abnormally terminate a ping session, press Ctrl-C.

IPv4 Example

To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter:

host1/Admin# ping 196.168.1.2

Related Commands

traceroute

reload

To reload the configuration on the ACE, use the reload command.

reload

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command.


Caution Configuration changes that are not written to flash memory are lost after a reload. Before rebooting, enter the copy running-conf startup-config command to save a copy of the running configuration to the startup configuration in flash memory. If you fail to save your running configuration changes, the ACE reverts to the last saved version of the startup configuration upon restart.

Examples

To execute a soft reboot, enter:

host1/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes]

Related Commands

copy capture

show running-config

show startup-config

reprogram bootflash

(ACE module only) To reprogram the field upgradable (FUR) partition of the ROM monitor (rommon) image on the ACE, use the reprogram bootflash command.

reprogram bootflash {default-image {disk0:[path/]filename | image:[path/]filename} | fur-image {disk0:[path/]filename | image:[path/]filename} | invalidate-fur-image | validate-fur-image}

Syntax Description

default-image

Reprograms the rommon image default partition.

fur-image

Reprograms the rommon image FUR partition.

disk0:[path/]filename

Specifies a file stored on the disk0: file system.

image:[path/]filename

Specifies the rommon image stored on the image: file system.

invalidate-fur-image

Invalidates the rommon image FUR partition.

validate-fur-image

Validates the rommon image FUR partition.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The reprogram bootflash command is intended for use by trained Cisco personnel only. Entering this command may cause unexpected results. Do not attempt to use the reprogram bootflash command without guidance from Cisco support personnel.

Examples

To reprogram the rommon image FUR partition on the image: file system, enter:

host1/Admin# reprogram bootflash fur-image image:sb-ace.NOV_11

Related Commands

This command has no related commands.

restore

To restore the configuration files and dependent files in a context or in all contexts, use the restore command.

restore {[all] disk0:archive_filename} [pass-phrase text_string] [exclude {licenses | ssl-files}]

Syntax Description

all

Specifies that the ACE should restore the configuration files and dependencies in all contexts. You can specify this keyword only in the Admin context.

disk0:archive_
filename

Name of the archive file that you want to restore.

exclude licenses | ssl-files

(Optional) Excludes licenses or SSL certificates and keys from the restoration. Use this option only if you want to keep the license or SSL files already present in your ACE and ignore the license or SSL files in the backup archive, if any.

pass-phrase text_string

Passphrase that you used to encrypt the backed up SSL keys in the archive. Enter the passphrase as an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. If you used a passphrase when you backed up the SSL keys, the ACE encrypted the keys with AES-256 encryption using OpenSSL software. To restore the SSL keys, you must enter that same passphrase.

Note If you forget your passphrase, import the required SSL files first. Then, use the exclude option of the restore command to restore e the backup archive.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(3.0)

This command was introduced.


ACE Appliance Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The restore command has the following configuration guidelines and limitations:

The restore command will cause an interruption in service for the two contexts in a redundant configuration. We recommend that you schedule the restoration of a backup archive on a redundant pair during a maintenance window.

When you instruct the ACE to restore the archive for the entire ACE in the Admin context, it restores the Admin context completely first, and then it restores the other contexts. The ACE restores all dependencies before it restores the running context. The order in which the ACE restores dependencies is as follows:

License files

SSL certificates and key files

Health-monitoring scripts

Checkpoints

Startup-configuration file

Running-configuration file

After you restore license files, previously installed license files are uninstalled and the restored files are installed in their place.

In a redundant configuration, if the archive that you want to restore is different from the peer configurations in the FT group, redundancy may not operate properly after the restoration.

You can restore a single context from an ACE-wide backup archive provided that:

You enter the restore command in the context that you want to restore

All files dependencies for the context exist in the ACE-wide backup archive

If you upgrade to software version A4(1.0) or later from a release before A4(1.0), the ACE cannot install the earlier license files because they are unsupported. The ACE ignores these license files and keeps the existing licenses.

If you enter the exclude option first, you cannot enter the pass-phrase option.

Examples

To restore a backup archive in the Admin context, enter:

host1/Admin# restore disk0:switch_Admin_07_July_2009_11_08_04_AM.tgz pass-phrase 
MY_PASS_PHRASE

Related Commands

backup

show restore

rmdir disk0:

To remove a directory from the disk0: file system, use the rmdir disk0: command.

rmdir disk0:directory

Syntax Description

directory

Name of the directory to remove.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command.

Examples

To remove the directory TEST_DIRECTORY from disk0:, enter:

host1/Admin# rmdir disk0:TEST-DIRECTORY

Related Commands

delete

dir

mkdir disk0:

setup

(ACE appliance only) To initiate a special setup script that guides you through the basic process of configuring an Ethernet port on the ACE as the management port to access the Device Manager GUI, use the setup command.

setup

Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The setup script is intended primarily as the means to guide you though a basic configuration of the ACE to quickly access the Device Manager. Use the setup command when the ACE boots without a startup-configuration file. This situation may occur when the ACE is new and the appliance was not configured upon initial startup. The setup script guides you through configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports.

After you specify a gigabit Ethernet port, the port mode, and management VLAN, the setup script automatically applies the following default configuration:

Management VLAN allocated to the specified Ethernet port.

VLAN 1000 assigned as the management VLAN interface.

GigabitEthernet port mode configured as VLAN access port.

Extended IP access list that allows IP traffic originating from any other host addresses.

Traffic classification (class map and policy map) created for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated for connectivity with the Device Manager GUI.

VLAN interface configured on the ACE and a policy map assigned to the VLAN interface.

The ACE provides a default answer in brackets [ ] for each question in the setup script. To accept a default configuration prompt, press Enter, and the ACE accepts the setting. To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence.

When completed, the setup script prompts you to apply the configuration settings.

Examples

To run the setup script from the CLI, enter:

host1/Admin# setup
This script will perform the configuration necessary for a user to manage the ACE 
Appliance using the ACE Device Manager.The management port is a designated Ethernet port 
which has access to the same network as your management tools including the ACE Device 
Manager. You will be prompted for the Port Number, IP Address, Netmask and Default Route 
(optional). Enter 'ctrl-c' at any time to quit the script
 
   
Would you like to enter the basic configuration (yes/no): y
 
   
Enter the Ethernet port number to be used as the management port (1-4):? [1]: 3
 
   
Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 192.168.1.10
 
   
Enter the management port Netmask(n.n.n.n): [255.255.255.0]: 255.255.255.2
 
   
Enter the default route next hop IP Address (n.n.n.n) or <enter> to skip this step: 
172.16.2.1
 
   
Summary of entered values:
 
   
  Management Port: 3
  Ip address 192.168.1.10
  Netmask: 255.255.255.2
  Default Route: 172.16.2.1
 
   
Submit the configuration including security settings to the ACE Appliance? 
(yes/no/details): [y]: d
 
   
Detailed summary of entered values:
 
   
interface gigabit/Ethernet 1/3
  switchport access vlan 1000
  no shut
access-list ALL extended permit ip any any class-map type management match-any 
remote_access
  match protocol xml-https any
  match protocol dm-telnet any
  match protocol icmp any
  match protocol telnet any
  match protocol ssh any
  match protocol http any
  match protocol https any
  match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
  class remote_access
    permit
interface vlan 1000
  ip address 192.168.1.10 255.255.255.0
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown
ssh key rsa
ip route 0.0.0.0 0.0.0.0 172.16.2.1
Submit the configuration including security settings to the ACE Appliance? 
(yes/no/details): [y]: y
 
   
Configuration successfully applied. You can now manage this ACE Appliance by entering the 
url 'https://192.168.1.10' into a web browser to access the Device Manager GUI.

Related Commands

This command has no related commands.

set dc

(ACE module only) To set the daughter card console access to the master or the slave network processor, use the set dc command.

set dc dc_number console {master | slave}

Syntax Description

dc_number

Specifies the daughter card on the ACE module. Enter either 1 or 2.

console

Sets the console access to the specified network processor.

master | slave

Specifies the master or the slave network processor on the specified daughter card for console access. The default is master.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin user role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To set the daughter card 1 console access to the slave network processor, enter:

host1/Admin# set dc 1 console slave
 
   
Switched the console access to slave network processor

Related Commands

clear dc
show dc

set sticky-ixp

(ACE module only) This command has been deprecated in software version A4(1.0).

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.

A4(1.0)

This command was removed from the software.


show

To display ACE statistical and configuration information, use the show command.

show keyword [| {begin pattern | count | end | exclude pattern | include pattern | next | prev}] [> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}]

Syntax Description

keyword

Keyword associated with the show command. See the show commands that follow.

|

(Optional) Enables an output modifier that filters the command output.

begin pattern

Begins with the line that matches the pattern that you specify.

count

Counts the number of lines in the output.

end pattern

Ends with the line that matches the pattern that you specify.

exclude pattern

Excludes the lines that match the pattern that you specify.

include pattern

Includes the lines that match the pattern that you specify.

next

Displays the lines next to the matching pattern that you specify.

prev

Displays the lines before the matching pattern that you specify.

>

(Optional) Enables an output modifier that redirects the command output to a file.

filename

Name of the file that the ACE saves the output to on the volatile: file system.

disk0:

Specifies that the destination is the disk0: file system on the ACE flash memory.

volatile:

Specifies that the destination is the volatile: file system on the ACE.

[path/][filename]

(Optional) Path and filename to the disk0: or volatile: file system. This path is optional because the ACE prompts you for this information if you omit it.

ftp://server/path[/filename]

Specifies the File Transfer Protocol (FTP) network server and optional filename.

sftp://[username@]server/path
[/filename]

Specifies the Secure File Transfer Protocol (SFTP) network server and optional filename.

tftp://server[:port]/path[/filename]

Specifies the Trivial File Transfer Protocol (TFTP) network server and optional filename.


Command Modes

Exec

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The features required in your user role to execute a specific show command are described in the "Usage Guidelines" section of the command. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Most commands have an associated show command. For example, the associated show command for the interface command in configuration mode is the show interface command. Use the associated show command to verify changes that you make to the running configuration.

The output of the show command may vary depending on the context that you enter the command from. For example, the show running-config command displays the running-configuration for the current context only.

To convert show command output from the ACE to XML for result monitoring by an NMS, use the xml-show command.

Examples

To display the current running configuration, enter:

host1/Admin# show running-config

Related Commands

xml-show

show aaa

To display AAA accounting and authentication configuration information for the current context, use the show aaa command.

show aaa {accounting | authentication [login error-enable] | groups} [|] [>]

Syntax Description

accounting

Displays accounting configuration information.

authentication

Displays authentication configuration information.

login error-enable

(Optional) Displays the status of the login error message configuration.

groups

Displays the configured server groups.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show aaa command output, see the Security Guide, Cisco ACE Application Control Engine.

Examples

To display the accounting configuration information, enter:

host1/Admin# show aaa accounting
default: local

Related Commands

show accounting log

(config) aaa accounting default
(config) aaa authentication login

show access-list

To display statistics associated with a specific access control list (ACL), use the show access-list command.

show access-list name [detail] [|] [>]

Syntax Description

name

Name of an existing ACL. Enter the name as an unquoted text string.

detail

Displays detailed information for the specified ACL.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised with the detail option.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was revised with the detail option.


Usage Guidelines

This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The ACL information that the ACE displays when you enter the show access-list command includes the ACL name, the number of elements in the ACL, the operating status of the ACL (ACTIVE or NOT ACTIVE), any configured remarks, the ACL entry, and the ACL hit count.

For information about the fields in the show access-list command output, see the Security Guide, Cisco ACE Application Control Engine.

Examples

To display statistical and configuration information for the ACL ACL1, enter:

host1/Admin# show access-list ACL1

Related Commands

clear access-list
show running-config

(config) access-list ethertype
(config) access-list extended
(config) access-list remark
(config) access-list resequence

show accounting log

To display AAA accounting log information, use the show accounting log command.

show accounting log [size] [all] [|] [>]

Syntax Description

size

(Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to 250000. The default is 250000 bytes.

all

(Optional) Displays the accounting logs of all contexts in the ACE. This option is available only in the Admin context.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A4(1.0)

The all option was added.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The all option was added.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show accounting log command output, see the Security Guide, Cisco ACE Application Control Engine.

Examples

To display the contents of the accounting log file, enter:

host1/Admin# show accounting log

Related Commands

show aaa

(config) aaa accounting default

show acl-merge

The ACE merges individual ACLs into one large ACL called a merged ACL. The ACL compiler then parses the merged ACL and generates the ACL lookup mechanisms. A match on this merged ACL can result in multiple actions. To display statistics related to merged ACLs, use the show acl-merge command.

show acl-merge {acls {vlan number | internal vlan 1 | 4095} {in | out} [summary]} | {event-history} | {match {acls {vlan number | internal vlan 1 | 4095} {in | out} ip_address1 ip_address2 protocol src_port dest_port}} | {merged-list {acls {vlan number | internal vlan 1 | 4095}{in | out} [non-redundant | summary]}} | {statistics} [|] [>]

Syntax Description

acls

Displays various feature ACLs and their entries before the merge.

vlan number

Specifies the interface on which the ACL was applied.

internal vlan 1 | 4095

Displays the ACL merge information for internal VLAN 1 or 4095 (ACE appliance).

in | out

Specifies the direction in which the ACL was applied to network traffic: incoming or outgoing.

summary

(Optional) Displays summary information before or after the merge.

event-history

Displays the ACL merge event-history log.

match

Displays the ACL entry that matches the specified tuple.

ip_address1

Source IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).

ip_address2

Destination IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).

protocol

Protocol specified in the ACL.

src_port

Source port specified in the ACL.

dest_port

Destination port specified in the ACL.

merged-list

(Optional) Displays the merged ACL.

non-redundant

(Optional) Displays only those ACL entries that have been downloaded to a network processor.

statistics

Displays ACL merge node failure statistics and other merge and compiler errors.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.5) and A2(2.1)

This command was revised to include the internal vlan 1 keywords.

A4(1.0)

This command was revised to include the event-history and statistics keywords.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.3)

This command was revised to include the internal vlan 1 | 4095 keywords.

A3(2.5)

This command was revised to include the event-history and statistics keywords.


Usage Guidelines

This command requires the acl-merge feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a redundant configuration. The number assigned depends on the order in which the ACLs are applied to the VLANs. This number can be different on the two ACEs. The ACL merged list could be different on the two ACEs depending on when redundancy is enabled.

Examples

To display the ACL merge information for VLAN 401, enter:

host1/Admin# show acl-merge acls vlan 401 in summary

Related Commands

This command has no related commands.

show action-list

To display information about an action list configuration, use the show action-list command in Exec mode. The show action-list command output displays all modify HTTP and ACE appliance optimization action list configurations and configured values.

show action-list [list_name] [|] [>]

Syntax Description

list_name

(Optional) Identifier of an existing action list as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter an action list name, the ACE displays all configured action lists.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A4(1.0)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.3)

The Description field has been added to the show action-list command output. This field displays the previously entered summary about the specific parameter map.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show action-list command output, see the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance and the Server Load-Balancing Guide, Cisco ACE Application Control Engine.

Examples

To display configuration information for the ACT_LIST1 action list, enter:

host1/Admin# show action-list ACT_LIST1

Related Commands

show running-config
(config) action-list type modify http
(ACE appliance only) (config) action-list type optimization http

show arp

To display the current active IP address-to-MAC address mapping in the Address Resolution Protocol (ARP) table, statistics, or inspection or timeout configuration, use the show arp command.

show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>]

Syntax Description

inspection

(Optional) Displays the ARP inspection configuration.

internal event-history dbg

(Optional) Displays the ARP internal event history. The ACE debug commands are intended for use by trained Cisco personnel only. Do not attempt to use these commands without guidance from Cisco support personnel.

statistics

(Optional) Displays the ARP statistics for all VLAN interfaces.

vlan vlan_number

(Optional) Displays the statistics for the specified VLAN number.

timeout

(Optional) Displays the ARP timeout values.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The show arp command without options displays the active IP address-to-MAC address mapping in the ARP table.

For information about the fields in the show arp command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine.

Examples

To display the current active IP address-to-MAC address mapping in the ARP table, enter:

host1/Admin# show arp

Related Commands

clear arp

(config) arp

show backup

To display backup errors (in the case of a failed backup) or the backup status, use the show backup command.

show backup errors | status [details] [|] [>]

Syntax Description

errors

Displays errors that may occur during a backup operation. For information about backup system messages, see the System Message Guide, Cisco ACE Application Control Engine.

status [details]

Displays the status of the last backup operation. Backup status details are not stored across reboots.

Possible values in the Status column are as follows:

SUCCESS—The component was successfully backed up

FAILED—The component failed to be backed up

N/A—The component (for example, a checkpoint or probe script) being backed up contains 0 files


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(3.0)

This command was introduced.


ACE Appliance Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To display the status of an ongoing backup, enter:

host1/Admin# show backup status detail
 
   
Backup Archive: host1_2010_09_16_21_34_03.tgz
Type          : Full
Start-time    : Thu Sep 16 21:34:03 2010
Finished-time : Thu Sep 16 21:34:18 2010
Status        : SUCCESS
Current vc    : ct3
Completed     : 4/4
------------------------+---------------+--------------------------+------------
Context                  component       Time                       Status
------------------------+---------------+--------------------------+------------
Admin                    Running-cfg     Thu Sep 16 21:34:04 2010   SUCCESS
Admin                    Startup-cfg     Thu Sep 16 21:34:04 2010   SUCCESS
Admin                    Checkpoints     Thu Sep 16 21:34:07 2010   SUCCESS
Admin                    Cert/Key        Thu Sep 16 21:34:07 2010   SUCCESS
Admin                    License         Thu Sep 16 21:34:07 2010   SUCCESS
Admin                    Probe script    Thu Sep 16 21:34:07 2010   N/A
ct1                      Running-cfg     Thu Sep 16 21:34:12 2010   SUCCESS
ct1                      Startup-cfg     Thu Sep 16 21:34:12 2010   SUCCESS
ct1                      Checkpoints     Thu Sep 16 21:34:12 2010   N/A
ct1                      Cert/Key        Thu Sep 16 21:34:12 2010   SUCCESS
ct1                      Probe script    Thu Sep 16 21:34:12 2010   N/A
ct2                      Running-cfg     Thu Sep 16 21:34:13 2010   SUCCESS
ct2                      Startup-cfg     Thu Sep 16 21:34:13 2010   SUCCESS
ct2                      Checkpoints     Thu Sep 16 21:34:13 2010   N/A
ct2                      Cert/Key        Thu Sep 16 21:34:13 2010   SUCCESS
ct2                      Probe script    Thu Sep 16 21:34:13 2010   N/A
ct3                      Running-cfg     Thu Sep 16 21:34:13 2010   SUCCESS
ct3                      Startup-cfg     Thu Sep 16 21:34:13 2010   SUCCESS
ct3                      Checkpoints     Thu Sep 16 21:34:13 2010   N/A
ct3                      Cert/Key        Thu Sep 16 21:34:13 2010   SUCCESS
ct3                      Probe script    Thu Sep 16 21:34:13 2010   N/A

Related Commands

backup

show banner motd

To display the configured banner message of the day, use the show banner motd command.

show banner motd [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To configure the banner message, use the banner command in the configuration mode.

For information about the fields in the show banner motd command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the message of the day, enter:

host1/Admin# show banner motd

Related Commands

(config) banner

show bootvar

To display the current BOOT environment variable and configuration register setting, use the show bootvar command. This command is available only in the Admin context.

show bootvar [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To set the BOOT environment variable, use the boot system image: command in the configuration mode.

For information about the fields in the show bootvar command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

ACE Module Example

To display the current BOOT environment variable and configuration register setting, enter:

host1/Admin# show bootvar
BOOT variable = "disk0:c6ace-t1k9-mzg.3.0.0_A0_2.48.bin"
Configuration register is 0x1

ACE Appliance Example

To display the current BOOT environment variable and configuration register setting, enter:

host1/Admin# show bootvar
BOOT variable = "disk0:c4710ace-mz.A5_1_0.bin"
Configuration register is 0x1

Related Commands

This command has no related commands.

show buffer

To display the buffer manager module messages, use the show buffer command.

show buffer {events-history | stats | usage} [|] [>]

Syntax Description

events-history

Displays a historic log of the most recent messages generated by the buffer manager event history.

stats

Displays detailed counters for various buffer manager event occurrences.

usage

Displays the number of buffers currently being held (allocated but not freed) by each buffer module. The usage keyword also shows an estimate of the number of times a particular buffer module has freed the same buffer more than once (this condition indicates a software error). Displays the Hi watermark field which allows more visibility for buffer usage when monitoring high watermarks

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display the control plane buffer event history, enter:

host1/Admin# show buffer events-history
1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000
[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa0
2) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000
[102] total blocks=151682 (ctrl=75841, data=75841)

Related Commands

clear buffer stats

show capture

To display the packet information that the ACE traces as part of the packet capture function, use the show capture command.

show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status] [|] [>]

Syntax Description

buffer_name

Name of the packet capture buffer. Specify an unquoted text string with no spaces from 1 to 80 alphanumeric characters.

detail

(Optional) Displays additional protocol information for each packet.

connid connection_id

(Optional) Displays protocol information for a specified connection identifier.

range packet_start packet_end

(Optional) Displays protocol information for a range of captured packets.

status

(Optional) Displays capture status information for each packet.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For all types of received packets, the console display is in tcpdump format.

To copy the capture buffer information as a file in flash memory, use the copy capture command.

For information about the fields in the show capture command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the captured packet information contained in packet capture buffer CAPTURE1, enter:

switch/Admin# show capture CAPTURE1

Related Commands

copy capture

show cde

(ACE module only) To display the classification and distribution engine (CDE) interface statistics, health, and register values, use the show cde command. This command includes statistics for the CDE daughter card interface, the CDE control plane interface, and the CDE switch fabric interface.

show cde {all | count | dist | hash index_number | health | interrupts | reg cde_number register | stats {cumulative | stats} | vlan vlan_number} [|] [>]

Syntax Description

all

Displays all CDE register values.

count

Displays the cumulative count of the CDE interrupts.

dist

Displays the CDE distribution type.

hash index_number

Displays the hash distribution table. Enter a value from 0 to 63.

health

Displays the CDE health, including the daughter card statistics.

interrupts

Displays the CDE interrupts.

reg

Displays the specified CDE register.

cde_number

CDE number (0 or 1).

register

Register value. Enter a hexadecimal value from 0x0 to 0x1d9.

stats

Displays the specified CDE statistics.

cumulative

Displays the cumulative CDE statistics from the last invocation of the show cde command.

delta

Displays the delta CDE statistics from the last invocation of the show cde command.

vlan vlan_number

Displays the VLAN distribution table for the specified VLAN. Enter the desired VLAN number from 0 to 4096.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display all of the CDE register values, enter:

host1/Admin# show cde all

Related Commands

clear cde

show cfgmgr

To display the Configuration Manager internal information, use the show cfgmgr command.

show cfgmgr internal {history | {table {access-group | ace name| acl name| action-list | arp | class-map | context | icmp-vip | if-zone | interface | l2-ace | l2-acl | l3-rule| match-item | nat | nat-dynamic | nat-pool | nat-pool-data | nat-static | og name | og-data name | og-exp name | parameter-map | policy-map | probe | probe-instance | rserver | script-file | script-task | sfarm | sfarm-real | slb-policy | ssl-proxy | sticky-grp | sticky-static-grp | time-range | track-probe | vip} [all | context name | detail]} [|] [>]

Syntax Description

history

Displays the Configuration Manager debug log.

table

Displays the specified Configuration Manager internal table.

access-group

Displays the access group table.

ace name

Displays the specified ACE table.

acl name

Displays the specified ACL table.

action-list

Displays the action-list table.

arp

Displays the ARP table.

class-map

Displays the class map table.

context

Displays the context table.

icmp-vip

Displays the ICMP state in VIP table.

if-zone

Displays the if zone table.

interface

Displays the interface table.

l2-ace

Displays the Layer 2 ACE table.

l2-acl

Displays the Layer 2 ACL table.

l3-rule

Displays the Layer 3 rule table.

match-item

Displays the match-item table.

nat

Displays the NAT table.

nat-dynamic

Displays the NAT dynamic table.

nat-pool

Displays the NAT pool table.

nat-pool-data

Displays the NAT pool data table.

nat-static

Displays the NAT static table.

og name

Displays the specified Object Group table.

og-data name

Displays the specified Object Group Data table.

og-exp name

Displays the specified Object Group Expanded table.

parameter-map

Displays the parameter map table.

policy-map

Displays the policy map table.

probe

Displays the probe table.

probe-instance

Displays the probe instance table.

rserver

Displays the real server table.

script-file

Displays the script file table.

script-task

Displays the script task table.

sfarm

Displays the server farm table.

sfarm-real

Displays the server farm and real server table.

slb-policy

Displays the server load-balancing policy table.

ssl-proxy

Displays the SSL proxy table.

sticky-grp

Displays the sticky group table.

sticky-static-grp

Displays the static sticky table.

time-range

Displays the time-range table.

track-probe

Displays the track probe table.

vip

Display the VIP table.

all

Displays the internal table information for all the contexts.

context name

Displays the internal table information for the specified context.

detail

Displays the detailed Configuration Manager table information.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display real server table information, enter:

host1/Admin# show cfgmgr internal table rserver
 
   

Related Commands

clear cfgmgr internal history

show checkpoint

To display information relating to the configured checkpoints, use the show checkpoint command.

show checkpoint {all | detail name} [|] [>]

Syntax Description

all

Displays a list of all existing checkpoints. The show output includes checkpoint time stamps.

detail name

Displays the running configuration of the specified checkpoint.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show checkpoint command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the running configuration for the checkpoint MYCHECKPOINT, enter:

host1/Admin# show checkpoint detail MYCHECKPOINT

Related Commands

checkpoint

show clock

To display the current date and time settings of the system clock, use the show clock command.

show clock [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To configure the system clock setting, use the clock command in the configuration mode.

For information about the fields in the show clock command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the current clock settings, enter:

host1/Admin# show clock
Fri Feb 24 20:08:14 UTC 2006

Related Commands

(config) clock summer-time

(config) clock timezone

show conn

To display the connection statistics, use the show conn command.

show conn {address ip_address1 [ip_address2] [/prefix_length | netmask mask]] [detail]} | count | detail | {port number1 [number2] [detail]} | {protocol {tcp | udp} [detail]} | {rserver rs_name [port_number] [serverfarm sfarm_name1] [detail]} | {serverfarm sfarm_name2 [detail]} [|] [>]

Syntax Description

address ip_address1 [ip_address2]

Displays connection statistics for a single source or destination IPv4 or IPv6 address or, optionally, for a range of source or destination IPv4 or IPv6 addresses. To specify a range of IP addresses, enter an IP address for the lower limit of the range and a second IP address for the upper limit of the range.

/prefix_length

Displays connection statistics for the IPv6 address or range of IPv6 addresses that you specify. Enter an IPv6 prefix (for example, /64).

netmask mask

Specifies the network mask for the IPv4 address or range of IPv4 addresses that you specify. Enter a network mask in dotted-decimal notation (for example, 255.255.255.0).

count

Displays the total current connections to the ACE.

Note The total current connections is the number of connection objects. There are two connection objects for each flow and complete connection.

detail

Displays detailed connection information.

Note The total current connections is the number of connection objects. There are two connection objects for each flow and complete connection.

port number1 [number2]

Displays connection statistics for a single source or destination port or optionally, for a range of source or destination ports.

protocol {tcp | udp}

Displays connection statistics for TCP or UDP.

rserver rs_name

Displays connection statistics for the specified real server.

port_number

(Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535.

serverfarm sfarm_name1

(Optional) Displays connection statistics for the specified real server associated with this server farm.

serverfarm sfarm_name2

Displays connection statistics for the real servers associated with the specified server farm.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.4) and A2(2.1)

This detail option was added for a specified address, port, protocol, real server, or server farm.

A5(1.0)

Added support for IPv6.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.2)

This detail option was added for a specified address, port, protocol, real server, or server farm.

A5(1.0)

Added support for IPv6.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show conn command output, see the Security Guide, Cisco ACE Application Control Engine.

Examples

IPv6 Example

To display connection statistics for a range of IP addresses, enter:

host1/C1# show conn address 2001:DB8:1::15 2001:DB8:1::35/64
 
   

IPv4 Example

To display connection statistics for a range of IP addresses, enter:

host1/C1# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0
 
   

Related Commands

clear conn

show context

To display the context configuration information, use the show context command.

show context [context_name | Admin] [|] [>]

Syntax Description

context_name

(Optional) Name of user-created context. The ACE displays just the specified context configuration information. The context_name argument is case sensitive. and is visible only from the admin context.

Admin

(Optional) Displays just the admin context configuration information. This keyword is visible only from the admin context.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The ACE displays different information for this command depending on the context that you are in when executing the command:

Admin context—When you are in the Admin context and use the show context command without specifying a context, the ACE displays the configuration information for the admin context and all user-created contexts.

user-created context—When you are in a user-created context and enter the show context command, the ACE displays only the configuration information of the current context.

For information about the fields in the show context command output, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To display the Admin context and all user-context configuration information, enter:

host1/Admin# show context
 
   

To display the configuration information for the user context CTX1, enter:

host1/Ctx1# show context

Related Commands

changeto

(config) context

show copyright

To display the software copyright information for the ACE, use the show copyright command.

show copyright [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show copyright command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the ACE software copyright information, enter:

host1/Admin# show copyright

Related Commands

This command has no related commands.

show crypto

To display the summary and detailed reports on files containing Secure Sockets Layer (SSL) certificates, key pairs, chain and authentication groups, and statistics, use the show crypto command.

show crypto { aia-errors | authgroup {group_name| all} | cdp-errors | certificate {filename | all} | chaingroup {filename | all} | {crl {filename [detail]} | all | best-effort} | csr-params {filename | all} | files | key {filename | all} | ocspserver {name [detail] | all | best-effort} | session}} [|] [>]

Syntax Description

aia-errors

Displays the AuthorityInfoAccess (AIA) extension error statistics.

authgroup

Specifies the authentication group file type.

group_name

Name of the specific authentication group file.

all

Displays the summary report that lists all the files of the specified file type or certificates for each authentication group, or certificate revocation lists (CRLs) in the context.

cdp-errors

Displays the statistics for discrepancies in CRL Distribution Points (CDPs) for the certificates on the ACE; not context specific. A CDP indicates the location of the CRL in the form of a URL. CDP parsing in the certificate occurs only when best effort CRL is in use. The statistics include incomplete, malformed and missing information, and unrecognized transports and the number of times that the ACE ignores CDP errors as related to the (config-parammap-ssl) cdp-errors ignore command.

certificate

Specifies the certificate file type.

filename

Name of a specific file. The ACE displays the detailed report for the specified file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.

chaingroup

Specifies the chaingroup file type.

crl

Specifies the certificate revocation list configured in the context.

detail

(Optional) Displays detailed statistics for the downloading of the CRL including failure counters.

best-effort

Displays summarized information for all best-effort CRLs in ACE (a maximum of 16 CRLs).

csr-params

Specifies the Certificate Signing Request (CSR) parameter set.

files

Displays the summary report listing all of the crypto files loaded on the ACE, including certificate, chaingroup, and key pair files. The summary report also shows whether the file contains a certificate, a key pair, or both.

key

Specifies the key pair file type.

ocspserver name

Identifier of a configured OCSP server. The ACE displays Online Certificate Status Protocol (OCSP) information. You can use OCSP as an alternative to CRLs.

detail

Instructs the ACE to display detailed statistics for the specified OCSP server.

all

Displays statistics for all configured OCSP servers.

best-effort

Displays statistics for OCSP servers that were obtained on a best-effort basis by extracting the server information from the client packets.

session

Displays the number of cached TLS and SSL client and server session entries in the current context.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

3.0(0)A1(6.2a)

This command was revised with the hardware and stats keywords.

A2(1.0)

This command was revised with the authgroup, csr-params, crl, and session keywords.

A2(2.0)

This command was revised with the cdp-errors, detail, and best-effort keywords.

A2(2.1)

This command was revised to include the Best Effort CDP Errors Ignored field displayed with the cdp-errors keyword.

A5(1.0)

Added the aia-errors and the ocspserver keywords and arguments.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

This command was revised with the authgroup, csr-params, crl, and session keywords.

A3(2.2)

The cdp-errors keyword and the detail option were added.

A3(2.3)

The best-effort keyword was added.

A5(1.0)

Added the aia-errors and the ocspserver keywords and arguments.


Usage Guidelines

This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When using the show crypto certificate command and the certificate file contains a chain, the ACE displays only the bottom level certificate (the signers are not displayed).

For information about the fields in the show crypto command output, see the SSL Guide, Cisco ACE Application Control Engine.

Examples

To display the summary report that lists all of the crypto files, enter:

host1/Admin# show crypto files
 
   

To display

 
   

Related Commands

crypto delete
crypto export
crypto import
crypto verify
(config) crypto csr-params
(config-parammap-ssl) cdp-errors ignore

show dc

(ACE module only) To display the statistics for the daughter card hardware on the ACE ACE, use the show dc command.

show dc dc_number {console | controller {all | health | interrupts | reg register_number | stats {cumulative | delta}} | interrupts} [|] [>]

Syntax Description

dc_number

Number of the daughter card (1 or 2).

console

Displays whether the master or the slave network processor console is directed to the base board front panel for the specified daughter card. For example, if the master network processor is directed to the front panel, the following message appears: "mCPU console is directed to base board front panel." See the related set dc dc_number console command.

controller

Displays the register values for the specified daughter card CPU and the specified controller area.

all

Displays all controller register values for the specified daughter card CPU

health

Displays the controller health and statistics for the specified daughter card.

interrupts

Displays the controller interrupt statistics for the specified daughter card.

reg register_number

Displays the description, value, and register type for the specified controller register in the specified daughter card.

stats

Displays the controller statistics registers for the specified daughter card. You can instruct the ACE to display either cumulative stats since the last reboot or the change in stats since the last time you entered this command.

cumulative

Displays accumulated controller statistics since the last time you rebooted the ACE or entered the clear dc command.

delta

Displays the difference in controller statistics since the last time you entered this command.

interrupts

Displays the interrupt statistics for the specified daughter card.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

A4(1.0)

This command was introduced.


Usage Guidelines

This command requires the Admin feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

For information about the fields in the show dc command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the cumulative daughter card controller statistics, enter:

host1/Admin# show dc 1 controller stats cumulative
Tnrpc call for INFO_VERN_REGISTERS Success
 
   
 SNO       Verni Register Name    Address        Value
---------------------------------------------------------
 0 VERNI_TXDCCTRLBPCNT_REG_ADDR        0x0024     0
 1 VERNI_TXBCMBPCNT_REG_ADDR           0x0028     0
 2 VERNI_CSR_CNTL_REG_ADDR             0x0080     0
 3 VERNI_DCRX0_BYTCNT_L_REG_ADDR       0x3104     0
 4 VERNI_DCRX0_BYTCNT_H_REG_ADDR       0x3100     0
 5 VERNI_DCRX1_BYTCNT_L_REG_ADDR       0x3114     26857913
 6 VERNI_DCRX1_BYTCNT_H_REG_ADDR       0x3110     0
 7 VERNI_DCRX2_BYTCNT_L_REG_ADDR       0x3124     2984041857
 8 VERNI_DCRX2_BYTCNT_H_REG_ADDR       0x3120     0
 9 VERNI_DCRX3_BYTCNT_L_REG_ADDR       0x3134     0
 10 VERNI_DCRX3_BYTCNT_H_REG_ADDR       0x3130     0
 11 VERNI_DCRX4_BYTCNT_L_REG_ADDR       0x3144     0
 12 VERNI_DCRX4_BYTCNT_H_REG_ADDR       0x3140     0
 13 VERNI_DCRX5_BYTCNT_L_REG_ADDR       0x3154     10182426
 14 VERNI_DCRX5_BYTCNT_H_REG_ADDR       0x3150     0
 15 VERNI_DCRX6_BYTCNT_L_REG_ADDR       0x3164     461907
 16 VERNI_DCRX6_BYTCNT_H_REG_ADDR       0x3160     0
 17 VERNI_DCRX7_BYTCNT_L_REG_ADDR       0x3174     0
 18 VERNI_DCRX7_BYTCNT_H_REG_ADDR       0x3170     0
 19 VERNI_DCRX0_PKTCNT_REG_ADDR         0x3200     0
 20 VERNI_DCRX1_PKTCNT_REG_ADDR         0x3204     270400
 21 VERNI_DCRX2_PKTCNT_REG_ADDR         0x3208     33181066
 22 VERNI_DCRX3_PKTCNT_REG_ADDR         0x320c     0
 23 VERNI_DCRX4_PKTCNT_REG_ADDR         0x3210     0
 24 VERNI_DCRX5_PKTCNT_REG_ADDR         0x3214     120311
 25 VERNI_DCRX6_PKTCNT_REG_ADDR         0x3218     4946
 26 VERNI_DCRX7_PKTCNT_REG_ADDR         0x321c     0
 27 VERNI_DCRX0_EPKTCNT_REG_ADDR        0x3300     0
 28 VERNI_DCRX1_EPKTCNT_REG_ADDR        0x3304     0
 29 VERNI_DCRX2_EPKTCNT_REG_ADDR        0x3308     0
 30 VERNI_DCRX3_EPKTCNT_REG_ADDR        0x330c     0
 31 VERNI_DCRX4_EPKTCNT_REG_ADDR        0x3310     0
 32 VERNI_DCRX5_EPKTCNT_REG_ADDR        0x3314     0
 33 VERNI_DCRX6_EPKTCNT_REG_ADDR        0x3318     0
 34 VERNI_DCRX7_EPKTCNT_REG_ADDR        0x331c     0
 35 VERNI_DCRX0_FCCNT_REG_ADDR          0x3400     0
 36 VERNI_DCRX0_DROPCNT_REG_ADDR        0x3420     0
 37 VERNI_DCRX1_FCCNT_REG_ADDR          0x3404     0
 38 VERNI_DCRX1_DROPCNT_REG_ADDR        0x3424     0
 39 VERNI_DCRX2_DROPCNT_REG_ADDR        0x3408     0
 40 VERNI_DCRX3_DROPCNT_REG_ADDR        0x340c     0
 41 VERNI_DCRX4_FCCNT_REG_ADDR          0x3410     0
 42 VERNI_DCRX4_DROPCNT_REG_ADDR        0x3428     0
 43 VERNI_DCRX5_FCCNT_REG_ADDR          0x3414     0
 44 VERNI_DCRX5_DROPCNT_REG_ADDR        0x342c     0
 45 VERNI_DCRX6_DROPCNT_REG_ADDR        0x3418     0
 46 VERNI_DCRX7_DROPCNT_REG_ADDR        0x341c     0
 47 VERNI_DCTX0_BYTCNT_L_REG_ADDR       0x4104     0
 48 VERNI_DCTX0_BYTCNT_H_REG_ADDR       0x4100     0
 49 VERNI_DCTX1_BYTCNT_L_REG_ADDR       0x4114     29588774
 50 VERNI_DCTX1_BYTCNT_H_REG_ADDR       0x4110     0
 51 VERNI_DCTX2_BYTCNT_L_REG_ADDR       0x4124     15457403
 52 VERNI_DCTX2_BYTCNT_H_REG_ADDR       0x4120     0
 53 VERNI_DCTX3_BYTCNT_L_REG_ADDR       0x4134     0
 54 VERNI_DCTX3_BYTCNT_H_REG_ADDR       0x4130     0
 55 VERNI_DCTX4_BYTCNT_L_REG_ADDR       0x4144     0
 56 VERNI_DCTX4_BYTCNT_H_REG_ADDR       0x4140     0
 57 VERNI_DCTX5_BYTCNT_L_REG_ADDR       0x4154     7139354
 58 VERNI_DCTX5_BYTCNT_H_REG_ADDR       0x4150     0
 59 VERNI_DCTX6_BYTCNT_L_REG_ADDR       0x4164     82
 60 VERNI_DCTX6_BYTCNT_H_REG_ADDR       0x4160     0
 61 VERNI_DCTX7_BYTCNT_L_REG_ADDR       0x4174     0
 62 VERNI_DCTX7_BYTCNT_H_REG_ADDR       0x4170     0
 63 VERNI_DCTX0_PKTCNT_REG_ADDR         0x4200     0
 64 VERNI_DCTX1_PKTCNT_REG_ADDR         0x4204     345107
 65 VERNI_DCTX2_PKTCNT_REG_ADDR         0x4208     150138
 66 VERNI_DCTX3_PKTCNT_REG_ADDR         0x420c     0
 67 VERNI_DCTX4_PKTCNT_REG_ADDR         0x4210     0
 68 VERNI_DCTX5_PKTCNT_REG_ADDR         0x4214     77580
 69 VERNI_DCTX6_PKTCNT_REG_ADDR         0x4218     1
 70 VERNI_DCTX7_PKTCNT_REG_ADDR         0x421c     0
 71 VERNI_DCTX0_EPKTCNT_REG_ADDR        0x4300     0
 72 VERNI_DCTX1_EPKTCNT_REG_ADDR        0x4304     0
 73 VERNI_DCTX2_EPKTCNT_REG_ADDR        0x4308     0
 74 VERNI_DCTX3_EPKTCNT_REG_ADDR        0x430c     0
 75 VERNI_DCTX4_EPKTCNT_REG_ADDR        0x4310     0
 76 VERNI_DCTX5_EPKTCNT_REG_ADDR        0x4314     0
 77 VERNI_DCTX6_EPKTCNT_REG_ADDR        0x4318     0
 78 VERNI_DCTX7_EPKTCNT_REG_ADDR        0x431c     0
 79 VERNI_DCTX0_CRCECNT_REG_ADDR        0x4400     0
 80 VERNI_DCTX1_CRCECNT_REG_ADDR        0x4404     0
 81 VERNI_DCTX2_CRCECNT_REG_ADDR        0x4408     0
 82 VERNI_DCTX3_CRCECNT_REG_ADDR        0x440c     0
 83 VERNI_DCTX4_CRCECNT_REG_ADDR        0x4410     0
 84 VERNI_DCTX5_CRCECNT_REG_ADDR        0x4414     0
 85 VERNI_DCTX6_CRCECNT_REG_ADDR        0x4418     0
 86 VERNI_DCTX7_CRCECNT_REG_ADDR        0x441c     0
 87 VERNI_SOP_ILL_CNT_REG_ADDR          0x4420     0
 88 VERNI_SNKCH0_BYTCNT_L_REG_ADDR      0x5104     0
 89 VERNI_SNKCH0_BYTCNT_H_REG_ADDR      0x5100     0
 90 VERNI_SNKCH1_BYTCNT_L_REG_ADDR      0x5114     29589286
 91 VERNI_SNKCH1_BYTCNT_H_REG_ADDR      0x5110     0
 92 VERNI_SNKCH2_BYTCNT_L_REG_ADDR      0x5124     15466363
 93 VERNI_SNKCH2_BYTCNT_H_REG_ADDR      0x5120     0
 94 VERNI_SNKCH3_BYTCNT_L_REG_ADDR      0x5134     0
 95 VERNI_SNKCH3_BYTCNT_H_REG_ADDR      0x5130     0
 96 VERNI_SNKCH4_BYTCNT_L_REG_ADDR      0x5144     0
 97 VERNI_SNKCH4_BYTCNT_H_REG_ADDR      0x5140     0
 98 VERNI_SNKCH5_BYTCNT_L_REG_ADDR      0x5154     7141402
 99 VERNI_SNKCH5_BYTCNT_H_REG_ADDR      0x5150     0
 100 VERNI_SNKCH6_BYTCNT_L_REG_ADDR      0x5164     82
 101 VERNI_SNKCH6_BYTCNT_H_REG_ADDR      0x5160     0
 102 VERNI_SNKCH7_BYTCNT_L_REG_ADDR      0x5174     0
 103 VERNI_SNKCH7_BYTCNT_H_REG_ADDR      0x5170     0
 104 VERNI_SNKCH0_PKTCNT_REG_ADDR        0x5200     0
 105 VERNI_SNKCH1_PKTCNT_REG_ADDR        0x5210     345107
 106 VERNI_SNKCH2_PKTCNT_REG_ADDR        0x5220     150138
 107 VERNI_SNKCH3_PKTCNT_REG_ADDR        0x5230     0
 108 VERNI_SNKCH4_PKTCNT_REG_ADDR        0x5240     0
 109 VERNI_SNKCH5_PKTCNT_REG_ADDR        0x5250     75532
 110 VERNI_SNKCH6_PKTCNT_REG_ADDR        0x5260     1
 111 VERNI_SNKCH7_PKTCNT_REG_ADDR        0x5270     0
 112 VERNI_SNKCH0_EPKTCNT_REG_ADDR       0x5300     0
 113 VERNI_SNKCH1_EPKTCNT_REG_ADDR       0x5310     0
 114 VERNI_SNKCH2_EPKTCNT_REG_ADDR       0x5320     0
 115 VERNI_SNKCH3_EPKTCNT_REG_ADDR       0x5330     0
 116 VERNI_SNKCH4_EPKTCNT_REG_ADDR       0x5340     0
 117 VERNI_SNKCH5_EPKTCNT_REG_ADDR       0x5350     0
 118 VERNI_SNKCH6_EPKTCNT_REG_ADDR       0x5360     0
 119 VERNI_SNKCH7_EPKTCNT_REG_ADDR       0x5370     0
 120 VERNI_SNK_GERRCNT_REG_ADDR          0x5400     0
 121 VERNI_SRCCH0_BYTCNT_L_REG_ADDR      0x6104     0
 122 VERNI_SRCCH0_BYTCNT_H_REG_ADDR      0x6100     0
 123 VERNI_SRCCH1_BYTCNT_L_REG_ADDR      0x6114     26857913
 124 VERNI_SRCCH1_BYTCNT_H_REG_ADDR      0x6110     0
 125 VERNI_SRCCH2_BYTCNT_L_REG_ADDR      0x6124     2984065605
 126 VERNI_SRCCH2_BYTCNT_H_REG_ADDR      0x6120     0
 127 VERNI_SRCCH3_BYTCNT_L_REG_ADDR      0x6134     0
 128 VERNI_SRCCH3_BYTCNT_H_REG_ADDR      0x6130     0
 129 VERNI_SRCCH4_BYTCNT_L_REG_ADDR      0x6144     0
 130 VERNI_SRCCH4_BYTCNT_H_REG_ADDR      0x6140     0
 131 VERNI_SRCCH5_BYTCNT_L_REG_ADDR      0x6154     10182426
 132 VERNI_SRCCH5_BYTCNT_H_REG_ADDR      0x6150     0
 133 VERNI_SRCCH6_BYTCNT_L_REG_ADDR      0x6164     461907
 134 VERNI_SRCCH6_BYTCNT_H_REG_ADDR      0x6160     0
 135 VERNI_SRCCH7_BYTCNT_L_REG_ADDR      0x6174     0
 136 VERNI_SRCCH7_BYTCNT_H_REG_ADDR      0x6170     0
 137 VERNI_SRCCH0_PKTCNT_REG_ADDR        0x6200     0
 138 VERNI_SRCCH1_PKTCNT_REG_ADDR        0x6210     270400
 139 VERNI_SRCCH2_PKTCNT_REG_ADDR        0x6220     33181387
 140 VERNI_SRCCH3_PKTCNT_REG_ADDR        0x6230     0
 141 VERNI_SRCCH4_PKTCNT_REG_ADDR        0x6240     0
 142 VERNI_SRCCH5_PKTCNT_REG_ADDR        0x6250     120311
 143 VERNI_SRCCH6_PKTCNT_REG_ADDR        0x6260     4946
 144 VERNI_SRCCH7_PKTCNT_REG_ADDR        0x6270     0
 145 VERNI_SRCCH0_EPKTCNT_REG_ADDR       0x6300     0
 146 VERNI_SRCCH1_EPKTCNT_REG_ADDR       0x6310     0
 147 VERNI_SRCCH2_EPKTCNT_REG_ADDR       0x6320     0
 148 VERNI_SRCCH3_EPKTCNT_REG_ADDR       0x6330     0
 149 VERNI_SRCCH4_EPKTCNT_REG_ADDR       0x6340     0
 150 VERNI_SRCCH5_EPKTCNT_REG_ADDR       0x6350     0
 151 VERNI_SRCCH6_EPKTCNT_REG_ADDR       0x6360     0
 152 VERNI_SRCCH7_EPKTCNT_REG_ADDR       0x6370     0
 153 CH0_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6400     8
 154 CH1_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6410     0
 155 CH2_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6420     0
 156 CH3_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6430     0
 157 CH4_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6440     0
 158 CH5_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6450     0
 159 CH6_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6460     0
 160 CH7_OCTEON_FLOWCTRL_CNT_REG_ADDR    0x6470     0

Related Commands

set dc

clear dc

show debug

To display the debug flags, use the show debug command.

show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp | fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd} [|] [>]

Syntax Description

aaa

Displays the 301 debug flags.

access-list

Displays the access-list debug flags.

arpmgr

Displays the Address Resolution Protocol (ARP) manager debug flags.

ascii-cfg

Displays the ASCII cfg debug flags.

bpdu

Displays the bridge protocol data unit (BPDU) debug flags.

buffer

Displays the CP buffer debug flags.

cfg_cntlr

Displays the configuration controller debug flags.

cfgmgr

Displays the configuration manager debug flags.

clock

(ACE module only) Displays the state of clock debug settings.

dhcp

Displays the Dynamic Host Configuration Protocol (DHCP) debug flags.

fifo

Displays the show packet first in, first out (FIFO) debug flags.

fm

Displays the feature manager debug flags.

fs-daemon

Displays the FS daemon debug flags.

ha_dp_mgr

Displays the high availability (HA) dataplane manager debug flags.

ha_mgr

Displays the HA manager debug flags.

hm

Displays the HM debug flags.

ifmgr

Displays the interface manager debug flags.

ipcp

Displays the kernel IP Control Protocol (IPCP) debug flags.

lcp

(ACE module only) Displays the LCP debug flags.

ldap

Displays the Lightweight Directory Access Protocol (LDAP) debug flags.

license

Displays the licensing debug flags.

logfile

Displays the contents of the logfile.

nat-download

Displays the Network Address Translation (NAT) download debug flags.

netio

Displays the CP net I/O debug flags.

pfmgr

Displays the platform manager debug flags.

pktcap

Displays the packet capture debug flags.

radius

Displays the Remote Authentication Dial-In User Service (RADIUS) debug flags.

routemgr

Displays the route manager debug flags.

scp

(ACE module only) Displays the Secure Copy Protocol (SCP) debug flags.

security

Displays the security/accounting debug flags.

sme

Displays the System Manager Extension (SME) debug flags.

snmp

Displays the Simple Network Management Protocol (SNMP) server debug flags.

ssl

Displays the Secure Sockets Layer (SSL) manager debug flags.

syslogd

Displays the syslogd debug flags.

system

Displays the system debug flags.

tacacs+

Displays the Terminal Access Controller Access Control System Plus (TACACS+) debug flags.

tl

Displays the CP buffer debug flags.

ttyd

Displays the TTYD debug flags.

virtualization

Displays the virtualization debug flags.

vnet

Displays the virtual network (VNET) driver debug flags.

vshd

Displays the VSHD debug flags.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the debug feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.

Examples

To display the VSHD debug flags, enter:

host1/Admin# show debug vshd

Related Commands

debug

clear debug-logfile

show domain

To display the information about the configured domains in the ACE, use the show domain command.

show domain [name] [|] [>]

Syntax Description

name

(Optional) Name of an existing context domain. Specify a domain name to display the detailed configuration report that relates to the specified domain.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Syntax Description

This command has no keywords or arguments.

Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

To display the complete domain configuration report that lists all of the configured domains, enter the show domain command without including the name argument.

For information about the fields in the show domain command output, see the Virtualization Guide, Cisco ACE Application Control Engine.

Examples

To display the domain configuration report for the domain D1, enter:

host1/Admin# show domain D1

Related Commands

(config) domain

show download information

To display the state of the configuration download for each interface on the context, use the show download information command.

show download information [all] [summary]} [|] [>]

Syntax Description

all

Displays the configuration download status for all interfaces on all contexts (Admin context only).

summary

Displays the summary status of the download information for the context. When you include the all option with the summary option, this command displays the download summary status for all contexts.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context for the all option.

Command History

ACE Module Release
Modification

A2(3.0)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.7) only

This command displays the regex download optimization status, enabled or disabled through the debug cfgmgr limit-regex-dnld command.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If no option is included with this command, the status information for all interfaces in the current context is displayed.

You can execute the show download information command to monitor the progress of the download.

When you apply changes to a configuration file, the ACE downloads the configuration to its data plane. When you perform incremental changes, such as copying and pasting commands in a configuration, the ACE immediately performs the configuration download and does not display any terminal messages at the start or end of the download.

However, in the following situations, the ACE defers the configuration download until the entire configuration is applied to the context:

The startup configuration at boot time

Copying of the configuration to the running-config file

A checkpoint rollback

We recommend that you do not execute any configuration commands during the deferred download. The ACE does not deny you from entering configuration changes. But the changes will not occur until the download is completed. If the command times out during the download, the following message appears:

Config application in progress. This command is queued to the system.
 
   

The ACE does not queue the command immediately, however, the ACE processes and executes the command when the download is completed even if the command times out.

Examples

To display the configuration download status for all contexts, enter:

host1/Admin# show download information all

Related Commands

This command has no related commands.

show eobc

(ACE module only) To display the Ethernet Out-of-Band Channel (EOBC) registers and statistics on the ACE, use the show eobc command.

show eobc {registers | stats} [|] [>]

Syntax Description

registers

Displays the EOBC registers.

stats

Displays the EOBC statistics.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(2.3)

This command was introduced.

A2(3.1)

This command was introduced.


Usage Guidelines

This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display the EOBC statistics, enter:

host1/Admin# show eobc stats 

Related Commands

This command has no related commands.

show fifo

To display the packet first in, first out (FIFO) statistics for the Pkt-Fifo module, use the show fifo command.

show fifo {event-history | registers | stats} [|] [>]

Syntax Description

event-history

Displays a historic log of the most recent debug messages generated by the Pkt-Fifo module.

registers

Displays the state of all the registers associated with the transmit and receive hardware engines.

stats

Displays detailed counters for the various Pkt-Fifo module event occurrences.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

3.0(0)A1(5)

Interrupt statistics were added to the output of the stats keyword.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display the control plane packet FIFO registers, enter:

host1/Admin# show fifo registers

Related Commands

clear fifo stats

show file

To display the contents of a specified file in a directory in persistent memory (flash memory) or volatile memory (RAM), use the show file command.

show file {disk0: | volatile:}[directory/]filename [cksum | md5sum] [|] [>]

Syntax Description

disk0:

Specifies the disk0 file system in persistent memory.

volatile:

Specifies the file system in volatile memory.

[directory/]filename

Path and name of the specified file.

cksum

(Optional) Displays the cyclic redundancy check (CRC) checksum for the file. The checksum values compute a CRC for each named file. Use this command to verify that the files are not corrupted. You compare the checksum output for the received file against the checksum output for the original file.

md5sum

(Optional) Displays the MD5 checksum (electronic fingerprint) for the file. MD5 is the latest implementation of the Internet standards described in RFC 1321 and is useful for data security and integrity.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show file command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the contents of the file FILE1 stored in the directory MYFILES in disk0:, enter:

host1/Admin# show file disk0:MYFILES/FILE1

Related Commands

dir

clear cores

delete

show fragment

To display the IPv4 an IPv6 fragmentation and reassembly statistics for all interfaces in the ACE or the specified interface, use the show fragment command.

show fragment [vlan vlan_id] [|] [>]

Syntax Description

vlan vlan_id

(Optional) Specifies an existing interface.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A5(1.0)

Added IPv6 support.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A5(1.0)

Added IPv6 support.


Usage Guidelines

This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

If you omit the vlan vlan_id optional keyword and argument, you can display statistics for all interfaces in the ACE.

For information about the fields in the show fragment command output, see the Security Guide, Cisco ACE Application Control Engine.

Examples

To display the IPv4 and IPv6 fragmentation and reassembly statistics for VLAN 210, enter:

host1/Admin# show fragment vlan 210

Related Commands

show vlans

show ft

To display the fault-tolerant (ft), or redundancy, statistics per context, use the show ft command.

show ft {config-error [context_name]} | {group {brief | {[group_id] {detail | status | summary}}}} | {history {cfg_cntlr | ha_dp_mgr | ha_mgr}} | {idmap} | {memory [detail]} | {peer peer_id {detail | status | summary}} | {stats group_id} | {track group_id {detail | status | summary}} [|] [>]

Syntax Description

config-error [context_name]

Displays the commands that fail on the standby ACE during bulk synchronization in a redundant configuration. If all commands succeed on the standby ACE, the command displays the following message:

No bulk config apply errors
 
        

In the Admin context, the optional context_name argument is the name of a user context. If you do not enter the argument, the command uses the Admin context. In a user context, this argument is not available.

group group_id

Displays FT group statistics for the specified FT group. In the Admin context, this keyword displays statistics for all FT groups in the ACE. Also, in the Admin context, you can specify an FT group number to display statistics for an individual group. In a user context, this keyword displays statistics only for the FT group to which the user context belongs.

brief

Displays the group ID, local state, peer state, context name, context ID of all the FT groups that are configured in the ACE, and the configuration synchronization status.

detail

Displays detailed information for the specified FT group or peer, including the configuration synchronization status of the running- and the startup-configuration files.

status

Displays the current operating status for the specified FT group or peer.

summary

Displays summary information for the specified FT group or peer.

history

Displays a history of internal redundancy software statistics (Admin context only).

cfg_cntlr

Displays the configuration controller debug log.

ha_dp_mgr

Displays the high availability (HA) dataplane manager debug log.

ha_mgr

Displays the HA manager debug log.

idmap

Displays the IDMAP table for all object types. In a redundancy configuration, the IDMAP table is used to map objects between the active and the standby ACEs for use in config sync and state replication.

memory [detail]

Displays summary HA manager memory statistics or optional detailed HA manager memory statistics (Admin context only).

peer peer_id

Specifies the identifier of the remote standby member of the FT group.

stats group_id

Displays redundancy statistics for the specified FT group.

track group_id

Displays redundancy statistics related to tracked items for all FT groups.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

3.0(0)A1(5)

The brief and idmap keywords were added to this command. The status of config sync was added to the output of the detail keyword.

A2(2.1)

The config-error keyword and context_name option were added to this command.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.2)

The config-error keyword and context_name option were added to this command.

A3(2.6)

The show ft {history | memory} command is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. See the "Usage Guidelines" section for more information.

A4(1.0)

The brief and detail options were added to the show ft group command.


Usage Guidelines

This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The show ft {history | memory} command is available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed.

For detailed information about the fields in the show ft command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the detailed statistics for FT group GROUP1, enter:

host1/Admin# show ft group GROUP1 detail

Related Commands

clear ft

(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface

show hardware

To display the ACE hardware details, such as the serial number and the hardware revision level of the ACE and the ACE module daughter card, use the show hardware command.

show hardware [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A4(1.0)

Added daughter card information.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show hardware command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display ACE hardware information, enter:

host1/Admin# show hardware

Related Commands

show inventory

show tech-support

show hyp

(ACE module only) To display the Hyperion backplane ASIC register values and statistics, use the show hyp command.

show hyp [reg reg_number | stats] [|] [>]

Syntax Description

reg reg_number

(Optional) Displays the specified Hyperion backplane ASIC register values. Enter a hexadecimal value from 0x0 to 0x6db.

stats

(Optional) Displays the Hyperion backplane ASIC statistics.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display the Hyperion backplane ASIC statistics, enter:

host1/Admin# show hyp stats

Related Commands

This command has no related commands.

show icmp statistics

To display the Internet Control Message Protocol (ICMP) statistics, use the show icmp statistics command.

show icmp statistics [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Use the clear icmp-statistics command to clear the ICMP statistics.

For information about the fields in the show icmp statistics command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display ICMP statistics, enter:

host1/Admin# show icmp statistics

Related Commands

clear icmp statistics

show interface

To display the interface information, use the show interface command.

show interface [bvi number | eobc | gigabitEthernet slot_number/port_number [counters] | internal {event-history {dbg | mts} | iftable [name] | port-vlantable | seciptable | vlantable [number]} port-channel channel_number | vlan number] [|] [>]

Syntax Description

bvi number

(Optional) Displays the information for the specified Bridge Group Virtual Interface (BVI).

eobc

(Optional, ACE module only) Displays the interface information for the Ethernet Out-of-Band channel (EOBC).

gigabitEthernet slot_number/port_number

(Optional, ACE appliance only) Displays the statistics for the specified gigabit Ethernet slot and port.

The slot_number represents the physical slot on the ACE containing the Ethernet ports. This selection is always 1.

The port_number represents the physical Ethernet port on the ACE. Valid selections are 1 through 4.

This keyword is available in the Admin context only.

counters

(ACE appliance only) Displays a summary of interface counters for the specified Ethernet data port related to the receive and transmit queues.

internal

(Optional) Displays the internal interface manager tables and events.

event-history

Displays event history information.

dbg

Displays debug history information.

mts

Displays message history information.

iftable

Displays the master interface table (Admin context only).

name

(Optional) Interface table name. If you specify an interface table name, the ACE displays the table information for that interface.

port-vlantable

(Optional, ACE appliance only) Displays the Ethernet port manager VLAN table.

seciptable

Displays the interface manager's (ifmgr) view of a logical interface and displays all the configured secondary IP addresses under an interface

vlantable

Displays the VLAN table (Admin context only).

number

(Optional) VLAN number. If you specify an interface number, the ACE displays the table information for that interface.

port-channel channel_number

(Optional, ACE appliance only) Displays the channel number assigned to a port-channel interface. Valid values are from 1 to 255. This keyword is available in the Admin context only.

vlan number

(Optional) Displays the statistics for the specified VLAN.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

BVI and VLAN interface—Admin and user contexts

(ACE appliance only) Ethernet data port, Ethernet management port, and port-channel interface—Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(3.1)

Added the seciptable option.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(2.5)

The command output includes the reason for an UP transition, timestamp for the last change, number for transitions since creation, and the last three previous states including the timestamp and the transition reasons.

If you do not configure a load-balance scheme on the interface, the load-balance scheme field through the port-channel option displays src-dst-mac, which is the default load-balance scheme on the source or destination MAC address.

A4(1.0)

Added the seciptable option.


Usage Guidelines

This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

(ACE appliance only) In addition, the Ethernet data port, Ethernet management port, and port-channel interface command functions require the Admin user role.

(ACE appliance only) You can configure flow control on each Ethernet port of a Catalyst 6500 series switch. However, the ACE does not support flow control. If you connect an ACE to a Catalyst 6500 series switch, the flow control functionality is disabled on the ACE. The output of the show interface gigabitEthernet command on the ACE displays the "input flow-control is off, output flow control is off" flow-control status line as shown in the example above regardless of the state of flow control on the Catalyst 6500 series switch port to which the ACE is connected.

To display all of the interface statistical information, enter the show interface command without using any of the optional keywords.

The internal keyword and options are intended for use by trained Cisco personnel for troubleshooting purposes only.

For information about the fields in the show interface command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine.

Examples

To display all of the interface statistical information, enter:

host1/Admin# show interface
 
   

ACE Appliance Example

To view the configuration status for Ethernet data port 4, enter:

host1/Admin# show interface gigabitEthernet 1/4

Related Commands

clear interface

show inventory

To display the system hardware inventory, use the show inventory command.

show inventory [raw] [|] [>]

Syntax Description

raw

(Optional) Displays the hardware inventory report and information about each temperature sensor in the ACE.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

Use the show inventory command to display information about the field-replaceable units (FRUs) in the ACE, including product IDs, serial numbers, and version IDs.

If you do not include the raw keyword, the ACE displays the hardware inventory report only.

For information about the fields in the show inventory command output, see the Administration Guide, Cisco ACE Application Control Engine.

Examples

To display the hardware inventory report, enter:

host1/Admin# show inventory
 
   

To display the hardware inventory report and information about each temperature sensor, enter:

host1/Admin# show inventory raw

Related Commands

show hardware

show ip

To display the IP statistics, use the show ip command.

show ip {dhcp relay {conf | information policy | statistics} | fib [np number {dest-ip ip_address}} | summary | wr dest-ip ip_address] | interface brief {[bvi | gigabitEthernet | port-channel | vlan] number} | route [summary | internal {event-history dbg | memory}] | traffic} [|] [>]

Syntax Description

dhcp relay

Specifies the Dynamic Host Configuration Protocol (DHCP) configuration information.

conf

Displays the DHCP relay configuration information.

information policy

Displays the relay agent information and the reforwarding policy status.

statistics

Displays the DHCP relay statistics.

fib

Displays the Forwarding Information Base (FIB) table for the context. This table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables.

np number dest-ip ip_address

(Optional) Displays the FIB information for a destination address on the specified ACE NP (network processor). For the number argument:

For the ACE module, enter an integer from 1 to 4.

For the ACE appliance, enter 1.

For the ip_address argument, enter the IPV4 address in dotted-decimal notation (for example, 172.27.16.10).

summary

(Optional) Displays the FIB table or route summary for the current context.

wr dest-ip ip_address

(Optional) Displays the FIB information for the specified wire region (0 only) and destination IP address. Enter the IPv4 address in dotted-decimal notation (for example, 172.27.16.10).

interface brief

Displays a brief configuration and status summary of all interfaces, a specified bridge group virtual interface (BVI), or a virtual LAN (VLAN), including the interface number, IP address, status, and protocol.

bvi

Displays the information for a specified BVI.

gigabitEthernet

Displays the information for an existing gigabit Ethernet (GE) port. Enter 1.

port-channel

Displays the information for an existing port-channel.

vlan

Displays the statistics for a specified VLAN number.

number

Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1. For a port channel, enter an integer from 1 to 255. For a VLAN, enter an integer from 2 to 4090.

route

Displays the route entries.

internal

(Optional) Specifies the internal route entries.

event-history dbg

Displays the event history statistics.

memory

Displays the mtrack output statistics.

traffic

Displays the IPv4 and IPv6 protocol statistics.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

Added the interface brief and related keywords.

A5(1.0)

Added IPv6 support for the traffic keyword.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

Added the interface brief and related keywords.

A3(2.5)

Added the gigabitEthernet and port-channel keywords.

The interface brief option displays the hardware interfaces along with the logical interfaces. It also supports the individual output of each physical interface. For FT interfaces, (ft) appears after the VLAN ID in the output. This change is only applicable in the Admin context.

A5(1.0)

Added IPv6 support for the traffic keyword.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The internal and fib keywords and options are intended for use by trained Cisco personnel for troubleshooting purposes only.

For information about the fields in the show ip command output, see the Security Guide, Cisco ACE Application Control Engine and the Routing and Bridging Guide, Cisco ACE Application Control Engine.

Examples

To display all IP route entries, enter:

host1/Admin# show ip route

Related Commands

clear ip

show ipcp

To display the Interprocess Communication Protocol (IPCP) statistics, use the show ipcp command. The ACE module uses the Interprocess Communication Protocol for communication between the control plane processor and the dataplane processors.

show ipcp {cde | clients | event-history | peek_poke} [|] [>]

Syntax Description

cde

Displays the following statistics:

ACE moduleIPCP messages that were sent over the classification and distribution engine (CDE) interface.

ACE appliance—Displays IPCP statistical information.

clients

Displays the following statistics:

ACE moduleDisplays the IPCP statistics of the service access points (SAPs).

ACE appliance—Displays IPCP message queue information.

event-history

Displays the following statistics:

ACE module—Displays the history of error messages (usually none) in the IPCP driver.

ACE appliance—Displays IPCP event history information.

peek_poke

Displays the following statistics:

ACE module—Displays the statistics of the special queue that is used to read from or write to the network processor or the control plane processor memory from the control plane.

ACE appliance—Displays IPCP peek poke message queue information.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The pci option was removed.


Usage Guidelines

This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display IPCP statistics for the CDE interface, enter the following command:

host1/Admin# show ipcp cde

Related Commands

This command has no related commands.

show ipv6

To display the IPv6 statistics, use the show ipv6 command.

show ipv6 {dhcp relay [statistics]} | {fib [{np number dest-ip ip_address} | summary | wr dest-ip ip_address]} | {interface [brief] [[bvi | vlan] number]} | neighbors | {route [summary | internal ktable]} [|] [>]

Syntax Description

dhcp relay

Specifies the Dynamic Host Configuration Protocol (DHCP) configuration information.

statistics

(Optional) Displays the DHCP relay statistics.

fib

Displays the Forwarding Information Base (FIB) table for the context. This table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables.

np number dest-ip ip_address

(Optional) Displays the FIB information for a destination address on the specified ACE NP (network processor). For the number argument:

For the ACE module, enter an integer from 1 to 4.

For the ACE appliance, enter 1.

For the ip_address argument, enter the IP address in dotted-decimal notation (for example, 172.27.16.10).

summary

(Optional) Displays the FIB table or route summary for the current context.

wr dest-ip ip_address

(Optional) Displays the FIB information for the specified wire region (0 only) and destination IP address. Enter the IP address in dotted-decimal notation (for example, 172.27.16.10).

interface

Displays the configuration and status of all interfaces, including the interface number, IP address, status, and protocol.

brief

Displays a brief configuration and status summary of all interfaces, a specified bridge group virtual interface (BVI), or a virtual LAN (VLAN), including the interface number, IP address, status, and protocol.

bvi

Displays the configuration and status information for a specified BVI.

vlan

Displays the configuration and status information for a specified VLAN number.

number

Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1. For a port channel, enter an integer from 1 to 255. For a VLAN, enter an integer from 2 to 4090.

neighbors

Displays information about the IPv6 neighbors, including the IPv6 address, MAC address, status (Up or Down), and more.

route

Displays the route entries.

internal

(Optional) Specifies the internal route entries.

ktable

Displays the IPv6 kernel route table entries.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

Added the interface brief and related keywords.

A5(1.0)

Added IPv6 support.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A3(1.0)

Added the interface brief and related keywords.

A3(2.5)

Added the gigabitEthernet and port-channel keywords.

The interface brief option displays the hardware interfaces along with the logical interfaces. It also supports the individual output of each physical interface. For FT interfaces, (ft) appears after the VLAN ID in the output. This change is only applicable in the Admin context.

A5(1.0)

Added IPv6 support.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

The internal and fib keywords and options are intended for use by trained Cisco personnel for troubleshooting purposes only.

For information about the fields in the show ipv6 command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine.

Examples

To display IPv6 interface summary information for VLAN 300, enter:

host1/Admin# show ipv6 interface brief vlan 300

Related Commands

show kalap udp load

To display the latest load information for a VIP address, VIP-based tag, or a domain name provided to the KAL-AP request, use the show kalap udp load command in Exec mode.

show kalap udp load {all | domain domain | vip {ip_address | tag name}} [|] [>]

Syntax Description

all

Displays the latest load information for all VIP addresses, and VIP-based tags and domains with their associated VIP addresses and port numbers.

domain domain

Displays the latest load information for the specified domain name.

vip ip_address | tag name

Displays the latest load information for the specified VIP address or VIP tag name. For the ip_address argument, enter the IP address in dotted-decimal notation (for example, 192.168.11.1).

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.

A2(2.0)

The all keyword was added.

The vip tag name keyword and argument were added.


ACE Appliance Release
Modification

A3(1.0)

This command was introduced.

A4(1.0)

The tag name keyword and argument were added.


Usage Guidelines

The output fields for the show kalap udp load all command display the VIP address, VIP tag with its associated VIP address and port number, or domain name with its associated VIP address and port number, its load value, and the time stamp.

Examples

To display the latest load information to the KAL-AP request for VIP address 10.10.10.10, enter:

host1/Admin# show kalap udp load vip 10.10.10.10
 
   

To display the latest load information to the KAL-AP request for domain KAL-AP-TAG1, enter:

host1/Admin# show kalap udp load domain KAL-AP-TAG1
 
   

To display the latest load information to the KAL-AP request for the VIP KAL-AP-TAG2 tag, enter:

host1/Admin# show kalap udp load vip tag KAL-AP-TAG2

Related Commands

(config-pmap-c) kal-ap-tag

show lcp event-history

(ACE module only) To display the Line Card Process (LCP) debug event history information, use the show lcp event-history command.

show lcp event-history [|] [>]

Syntax Description

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

This command is intended for use by trained Cisco personnel for troubleshooting purposes only.

Examples

To display LCP debug event history information, enter:

host1/Admin# show lcp event-history

Related Commands

This command has no related commands.

show ldap-server

To display the configured Lightweight Directory Access Protocol (LDAP) server and server group parameters, use the show ldap-server command.

show ldap-server [groups] [|] [>]

Syntax Description

groups

(Optional) Displays configured LDAP server group information.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

For information about the fields in the show ldap-server command output, see the Security Guide, Cisco ACE Application Control Engine.

Examples

To display the configured LDAP server groups, enter:

host1/Admin# show ldap-server groups

Related Commands

(config) aaa group server
(config) ldap-server host
(config) ldap-server port
(config) ldap-server timeout

show license

To display your ACE license information, use the show license command.

show license [brief | file filename | internal event-history | status | usage] [|] [>]

Syntax Description

brief

(Optional) Displays a filename list of currently installed licenses.

file filename

(Optional) Displays the file contents of the specified license.

internal event-history

(Optional) Displays a history of licensing-related events.

status

(Optional) Displays the status of licensed features.

usage

(Optional) Displays the usage table for all licenses.

|

(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.

>

(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.


Command Modes

Exec

Admin context only

Command History

ACE Module Release