CLI Reference Guide for the Cisco Secure Access Control System 5.0
ACS Command Reference
Downloads: This chapterpdf (PDF - 1.16MB) The complete bookPDF (PDF - 4.59MB) | Feedback

ACS Command Reference

Table Of Contents

ACS Command Reference

EXEC Commands

acs

acs backup

acs-config

acs migration-interface

acs patch

acs reset-config

acs reset-password

acs restore

acs support

application install

application remove

application start

application stop

application upgrade

backup

backup-logs

clock

configure

copy

copy acs-logs

debug

delete

dir

exit

forceout

halt

help

mkdir

nslookup

ping

reload

restore

rmdir

show

ssh

tech

telnet

terminal length

terminal session-timeout

terminal session-welcome

terminal terminal-type

traceroute

undebug

write

Show Commands

show acs-logs

show acs-migration-interface

show application

show backup history

show cdp

show clock

show cpu

show disks

show icmp-status

show interface

show logging

show logins

show memory

show ntp

show ports

show process

show repository

show restore

show running-configuration

show startup-configuration

show tech-support

show terminal

show timezone

show timezones

show udi

show uptime

show users

show version

ACS Configuration Commands

debug-adclient

no debug-adclient

debug-log

no debug-log

replication force-sync

show debug-log

show debug-adclient

Configuration Commands

backup-staging-url

cdp holdtime

cdp run

cdp timer

clock timezone

do

end

exit

hostname

icmp echo

interface

ip address

ip default-gateway

ip domain-name

ip name-server

kron occurrence

kron policy-list

logging

ntp server

password-policy

repository

service

shutdown

snmp-server community

snmp-server contact

snmp-server host

snmp-server location

username


ACS Command Reference


This appendix contains an alphabetical listing of the commands specific to the Cisco Secure Access Control System (ACS) 5.0 server. The commands comprise these modes:

EXEC

System-level

Show

ACS Configuration

Use the EXEC mode system-level acs-config command to access the ACS Configuration mode.

Configuration

Configuration submode

Use the EXEC mode system-level configure command to access the Configuration mode.

Each of the commands in this appendix has a brief description of its use, command syntax, usage guidelines, and one or more examples. Throughout this appendix, the ACS server uses the name acs in place of the ACS server's hostname.


Note If an error occurs in any command usage, use the debug command to determine the cause of the error.


Before proceeding to use the ACS CLI commands, familiarize yourself with disk space management in CSACS 1120. This section describes disk space management for the purpose of managing logs that you can view or download from the ACS CLI and includes:

Debug logs.

Debug backup logs.

Platform logs.

Managing disk space on the CSACS 1120 is important for you to use ACS efficiently. Table A-1 describes the disk space allocated for each set of log files.

Table A-1 Disk Space Allocation for ACS Process Logs 

Process
Log File
Maximum Disk Space
(in MB)

ADE OS 1.1

/var/log/ade/ADE.log

50

Monit

/opt/CSCOacs/logs/monit.log

55

Management

/opt/CSCOacs/logs/ACSManagementAudit.log

55

/opt/CSCOacs/logs/ACSManagement.log

1000

/opt/CSCOacs/mgmt/apache-tomcat-5.5.20/logs/*

55

Runtime

/opt/CSCOacs/logs/acsRuntime.log*

1000

/opt/CSCOacs/runtime/config/startup_cache

1000

/opt/CSCOacs/runtime/core.*

2000

/opt/CSCOacs/logs/localStore/*

95000

Config Database

/opt/CSCOacs/db/acs.db

2000

/opt/CSCOacs/db/acs*.log

100

/opt/CSCOacs/db/dberr.log

100

Viewer

/opt/CSCOacs/logs/*

155

Viewer database

/opt/CSCOacs/view/data/db/acsview.db

150000

/opt/CSCOacs/view/data/db/acsview.log

100

/opt/CSCOacs/view/data/db/acsview.errlog

100

Centrify

/var/log/centrifydc.log

50

/opt/CSCOacs/logs/ACSADAgent.log

55

Backup

Packaged files within a temporary directory

105000

/var/log/backup.log

50

/var/log/backup-success.log

50

Upgrade/Patch

/opt/CSCOacs/patches/*

500

/opt/CSCOacs/logs/acsupgrade.log

50


Log files in ACS are managed using various utitilies, such as logrotate, log4j, and log4cxx. The log files are numbered and rolled over based on a configured maximum file size. Once a log file touches the configured limit, the data is rolled over to another file. This file is renamed in the XXX.N.log format, where:

XXX—Specifies the name of the log file.

N—Specifies any value between 1 and 10. This value varies depending on the log file. While some utilities roll over up to 10 log files, others roll over up to 9 log files. For information on these log files, see Table A-2.

For instance, the default maximum file size for log files that logrotate manages is 5 MB. When a log file (for example, acsupgrade.log) reaches the 5-MB limit, it is renamed as acsupgrade.log.1. With every 5-MB increase in file size, the latest file is renamed as acsupgrade.log.2, acsupgrade.log.3, and so on. Logrotate stores up to 10 log files at a given time. The latest log information, however, is always stored in acsupgrade.log. In ACS, logrotate runs as an hourly kron job and verifies the disk space allocated for the log files.

Table A-2 Log File Rotation 

Process
Log File
Number of
Rotated Versions

Monit

/opt/CSCOacs/logs/monit.log

10

Upgrade

/opt/CSCOacs/logs/acsupgrade.log

10

Management

/opt/CSCOacs/mgmt/apache-tomcat-5.5.20/
logs/catalina.out

10

/opt/CSCOacs/logs/ACSManagement.log

9

/opt/CSCOacs/logs/ACSManagementAudit.log

10

/opt/CSCOacs/logs/MonitoringAndReportingProcess.log

10

Centrify

/opt/CSCOacs/logs/ACSADAgent.log

10

Runtime

/opt/CSCOacs/logs/acsRuntime.log

9


For detailed information on logging in ACS 5.0, refer to the User Guide for the Cisco Secure Access Control System 5.0.

This appendix describes:

EXEC Commands

Show Commands

ACS Configuration Commands

Configuration Commands

EXEC Commands

Each EXEC command includes a brief description of its use, command syntax, usage guidelines, and sample output.

Table A-3 lists the EXEC commands that this section describes.

Table A-3 List of EXEC Commands1  

acs *

acs backup *

acs-config *

acs migration-interface

acs patch *

acs reset-config *

acs reset-password *

acs restore *

acs support *

application install

application remove

application start

application stop

application upgrade

backup *

backup-logs

clock

configure

copy * 2

debug

delete

dir

exit

forceout

halt

help

mkdir

nslookup

ping

reload

restore *

rmdir

show (see Show Commands)

ssh

tech

telnet

terminal length

terminal session-timeout

terminal session-welcome

terminal terminal-type

traceroute

undebug

write

1 Commands marked with an asterisk (*) represent those that are specific to ACS functionality.

2 The copy acs-logs command is specific to ACS.


acs

To start or stop an ACS instance, use the acs command in the EXEC mode.

acs {start | stop}

Syntax Description

start

Starts an ACS instance.

stop

Stops an ACS instance.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

If you use the acs stop command to stop your ACS, the ACS instance automatically starts the next time the CSACS 1120 appliance boots up.

Examples

Example 1

acs/admin# acs start
 
   
Starting ACS .............................
 
   
To verify that ACS processes are running, use the 
'show application status acs' command.

Example 2

acs/admin# 
 
   
acs/admin# acs stop
 
   
Stopping ACS ......................
 
   
acs/admin# 

Related Commands

Command
Description

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


acs backup

To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode.

acs backup backup-filename repository repository-name

Syntax Description

backup-filename

Name of the backup file. Up to 100 alphanumeric characters.

repository

Repository command.

repository-name

Location where files should be backed up to. Up to 30 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Performs a backup of ACS data and places the backup in a repository.


Note Before you use this command, you may want to create an NFS staging area as a temporary location to perform your backup packaging, because backing up data requires a lot of disk space. For more information, see backup-staging-url.


When you are using the acs backup command, the backup files include:

Database—If the database server is running, you can use the dbbackup command to generate a binary file. Otherwise, the entire database is copied.

Database password file—dbcred.cal, located at /opt/CSCOacs/db.

Certificate store—prikeypwd.key, located at /opt/CSCOacs/conf.

Viewer database—If the ACS node you are backing up has Viewer enabled.

You can access the /opt/CSCOacs/logs/acsbackup_instance.log file for information about the last backup operation.

You can use the show backup history command to display the backup operations and determine whether they succeeded. If the backup fails, you may be able to use the show logging command (or the show acs-logs command if you are backing up ACS logs) to view troubleshooting information. Failures in the ACS aspect of the backup are clearly described on the terminal.

If you use this command on a secondary ACS that is not configured to collect logs, no backup occurs. You can use the ACS web interface to designate an ACS node to collect logs. If you use this command on a secondary ACS that is configured to collect logs, only the log collector database is backed up.

After you use this command, a timestamp is added to the end of the backup-name filename, to enable periodic backups. For more information, see acs restore.

Examples

acs/admin# acs backup mybackup repository myrepository
ACS backup file 'mybackup-081007-2055.tar.gpg' successfully copied to repository 
'myrepository'
acs/admin#

Related Commands

Command
Description

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

acs backup

Performs a backup of an ACS configuration.

backup-staging-url

Configures a Network File System (NFS) location that backup and restore operations will use as a staging area to package and unpackage backup files.

debug-log

Enables local debug logging.

delete

Deletes a file from the ACS server.

dir

Lists a file from the ACS server.

kron occurrence

Schedules one or more Command Scheduler commands to run at a specific date and time or a recurring level.

no debug-log

Disables local debug logging.

reload

Reboots the system.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

repository

Enters the repository submode for configuration of backups.

restore

Restores from backup the file contents of a specific repository.

show acs-logs

Display ACS system debug logs.

show backup history

Displays the backup history of the system.

show debug-log

Shows the debug log-level status for subsystems (enabled or disabled).

show repository

Displays the available backup files located on a specific repository.


acs-config

To enter the ACS Configuration mode, use the acs-config command in the EXEC mode.

acs-config

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

You must have privileges to enter the ACS Configuration mode, and must supply the username and the password that you use to log in to the ACS web interface. While the default username and password to access the ACS web interface is acsadmin and default, the first time you log in to the web interface, you will be prompted to change the default password. Cisco recommends that you change your password for security reasons. You will also be prompted to install the license.


Note You cannot delete the default acsadmin user. You can, however, create other users with admin privileges from the web interface.


After resetting your password and installing a valid license, use the default username (acsadmin) and changed password, or the username and password for a newly created admin user, to access the ACS CLI in the ACS Configuration mode.

Up to six users can access the ACS Configuration mode at a time; six users equal six sessions. When one of the six sessions ends, you must wait up to five minutes for the session to be available to another user.

To leave the ACS Configuration mode, type exit or press Ctrl-d.

Examples

Example 1 - Success

acs/admin# acs-config
Escape character is CNTL/D.
 
   
Username: user1
Password: 
 
   
acs/admin(config-acs)#

Example 2 - Failure

acs/admin# acs-config
Escape character is CNTL/D.
 
   
This command requires ACS to be running.
Issue 'acs start' command and try again.
 
   
acs/admin

Example 3 - Failure

acs/admin# acs-config
Escape character is CNTL/D.
 
   
Username: user1
Password: 
 
   
Authentication failed.
 
   
Username:

Example 4 - Failure

acs/admin# acs-config
Escape character is CNTL/D.
 
   
Username: acsadmin
Password: 
 
   
Failed to login with the default password.
Use the web interface to modify the default password
 
   
acs/admin# 

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


acs migration-interface

To enable or disable an interface for ACS migration, use the acs migration-interface command in the EXEC mode.

acs migration-interface {enable | disable}

Syntax Description

enable

Enables the interface for ACS migration.

disable

Disables the interface for ACS migration.


Defaults

Enabled.

Command Modes

EXEC

Usage Guidelines

Enables or disables an interface to migrate the ACS database.

If you do not want to migrate your ACS database, Cisco recommends that you disable this interface.

Examples

Example 1

acs/admin# acs migration-interface enable
acs/admin#

Example 2

acs/admin# acs migration-interface disable
acs/admin#

Related Commands

Command
Description

show acs-migration-interface

Displays whether the ACS migration interface is enabled or disabled.


acs patch

To install and remove ACS patches, use the acs patch command in the EXEC mode.

acs patch {install | remove} patch-name.tar.gpg repository repository-name

Syntax Description

install

Install command.

remove

Remove command.

patch-name.tar.gpg

The name of the patch, which always has the .tar.gpg filename extension.

repository

Repository command.

repository-name

Location where files should installed from or removed to. Up to 30 alphanumeric characters.


Defaults

Patch installations and removals are logged to /opt/CSCOacs/logs/acsupgrade.log.

Command Modes

EXEC

Usage Guidelines

ACS patches contain small fixes that include isolated files, not a full version of the ACS software. ACS patch installations and removals require that you restart ACS.

Examples

Example 1

acs/admin# acs patch install acspatch.tar.gpg repository myrepository
Installing an ACS patch requires a restart of ACS services.
Would you like to continue? Y/N

Example 2

acs/admin# acs patch remove acspatch.tar.gpg repository myrepository
Removing an ACS patch requires a restart of ACS services.
Would you like to continue? Y/N

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


acs reset-config

To reset the ACS configuration to factory defaults, use the acs reset-config command in the EXEC mode.

acs reset-config

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

If you use the acs reset-config command to reset your ACS to the factory default configuration, any configurations you have performed are lost; however, the appliance settings (such as network settings and backup repositories) are not affected.

ACS does not need to be running when you use this command.

Examples

acs/admin# acs reset-config
This command will reset the ACS configuration.
Would you like to continue? Y/N

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


acs reset-password

To reset the ACS password to the default setting, use the acs reset-password command in the EXEC mode.

acs reset-password

Syntax Description

No arguments or keywords.

Defaults

This command resets your ACS password to the default setting (default). Resetting this password does not affect other ACS administrators.

Command Modes

EXEC

Usage Guidelines

You cannot use this command on a secondary ACS node.

After you use this command, you must access your primary ACS node via the web interface and change the password. If you use the default password for the web interface (default) to access the ACS Configuration mode (which requires you to provide the web interface username and password), the login fails and the system prompts you to change the default password.

Examples

acs/admin# acs reset-password
This command resets the 'ACSAdmin' password to its original value. 
Are you sure you want to continue?  (yes/no) y
Password was reset successfully
acs/admin# 

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Backs up the system (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


acs restore

To restore an ACS configuration (not including the ADE OS data) from one ACS node to another, use the acs restore command in the EXEC mode.

acs restore backup-file-name repository repository-name

Syntax Description

backup-file-name

Name of backup file. Up to 100 alphanumeric characters.

A timestamp in the format -yymmdd-hhMM.tar.gpg is added to the backup filename to generate a unique backup filename, where:

yy—Two-digit representation of the year (the last two digits).

mm—Two-digit representation of the month. Single-digit months are preceded by zero (0).

dd—Two-digit representation of the day of the month. Single digit months are preceded by zero (0).

hh—Two-digit representation of the hour of the day of a 24-hour clock. Single-digit hours are preceded by zero (0).

MM—Two-digit representation of the minute of the hour. Single-digit minutes are preceded by zero (0).

For example, if you type dailyBackup as the filename, the resulting filename may be named dailyBackup-080229-2335.tar.gpg.

repository

Repository command.

repository-name

Location where files should be restored from. Up to 30 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Restores an ACS configuration from one ACS node to another. The restoration is performed from a temporary directory (the repository).

If you are restoring an primary ACS node configuration to a secondary, you must configure the secondary to local mode before you use this command (deregister from the primary node).


Caution The acs restore command causes the ACS server to reboot.

After a restoration is complete, you must use the ACS web interface to designate an ACS node as a log collector.

Examples

acs/admin# acs restore mybackup-080229-2335.tar.gpg repository myrepository
Restore requires a restart of ACS services. Continue?  (yes/no) 

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

backup-staging-url

Configures a Network File System (NFS) location that backup and restore operations use as a staging area to package and unpackage backup files.

debug-log

Enables local debug logging.

delete

Deletes a file from the ACS server.

dir

Lists a file in the ACS server.

no debug-log

Disables local debug logging.

reload

Reboots the system.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

repository

Enters the repository submode for configuration of backups.

restore

Restores from backup the file contents of a specific repository.

show acs-logs

Displays ACS system debug logs.

show backup history

Displays the backup history of the system.

show debug-log

Shows the debug log-level status for subsystems (enabled or disabled).

show repository

Displays the available backup files located on a specific repository.


acs support

To gather information for ACS troubleshooting, use the acs support command in the EXEC mode.

acs support filename repository repository-name [description {"text"}] [exclude-cores {number-days}] [include-config-db] [include-debug-logs {number-logs}] [include-local-logs {number-logs}] [include-logs {number-days} {all-categories | log-categories [aaa-accounting | aaa-audit | aaa-diagnostics | administrative-audit | system-diagnostics]}]

Syntax Description

filename

The filename (up to 255 characters) of the support file, a filename.tar.gz is saved to the repository.

repository

Repository command.

repository-name

Location where files should be restored from. Up to 30 alphanumeric characters.

description

Description command.

"text"

Text, between quotation marks, which is saved in a readme.txt file that is included in the ACS support bundle.

exclude-cores

Excludes core files from the ACS support bundle.

number-older-days

Excludes core files from the ACS support bundle that are older than the number of days that you specify with this argument. If you specify 0, all core files are excluded.

include-config-db

Includes the ACS configuration database in the ACS support bundle.

Note If you do not include this option, the generated support database will contain default value, instead of potential sensitive information.

include-debug-logs

Includes debug log files in the ACS support bundle.

number-logs

Includes the number of debug log files in the ACS support bundle of ACS management and runtime subsystems, and ACS Viewer that you specify with this argument. By default, all logs are included.

include-local-logs

Includes logs that a customer can view via the CLI or the ACS web interface in the ACS support bundle.

number-logs

Includes the number of log files in the ACS support bundle that you specify with this argument. By default, all logs are included.

include-logs

Includes logs from the Viewer database in the ACS support bundle.

number-recent-days

Includes Viewer database logs of the most recent number of days that you specify with this argument in the ACS support bundle. If you specify 0, no logs are included.

all-categories

Includes messages from all logging categories in the ACS support bundle.

log-categories

Includes messages from a subset of logging categories in the ACS support bundle.

aaa-accounting

Includes messages from the AAA accounting logging category in the ACS support bundle.

aaa-audit

Includes messages from the AAA audit logging category in the ACS support bundle.

aaa-diagnostics

Includes messages from the AAA diagnostic logging category in the ACS support bundle.

administrative-audit

Includes messages from the administrative audit logging category in the ACS support bundle.

system-diagnostics

Includes messages from the system diagnostics logging category in the ACS support bundle.


Defaults

The command generates a tar.gz file, which can contain the following components:

ACS (non-sensitive data) and Viewer (as text) configuration data.

All core files, if any exist.

The output of show version, show udi, show tech-support, show running-config, and show startup-config commands.

The log files, as you specify in your command structure.

A readme.txt file.

Command Modes

EXEC

Usage Guidelines

 
   

Note Before you use this command, you may want to create an NFS staging area as a temporary location to perform your backup packaging, because backing up data requires a lot of disk space. For more information, see backup-staging-url.


You are prompted for a username and password that can access the remote location.

Possible errors are standard FTP and SCP error messages.

Table A-4 Protocol Prefix Keywords 

Keyword
Source of Destination

ftp

Source or destination URL for FTP network server. The syntax for this alias:

ftp:[[[//username [:password]@]location]/directory]/filename

scp

Source or destination URL for SCP network server. The syntax for this alias:

scp:[[[//username [:password]@]location]/directory]/filename

sftp1

Source or destination URL for an SFTP network server. The syntax for this alias:

sftp:[[//location]/directory]/filename

tftp1

Source or destination URL for a TFTP network server. The syntax for this alias:

tftp:[[//location]/directory]/filename

1 Not available for ACS file transfers.


Examples

acs/admin# acs support file01 repository repository01 description "files to bundle for 
assistance" exclude-cores 3 include-config-db include-debug-logs 10 include-local-logs 5 
include-logs 7 log-categories aaa-audit administrative-audit
Collecting support information ...(file01.tar.gz)
ACS support file 'file01.tar.gz' successfully copied to repository 'repository01'
acs/admin#

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


application install

To install a specific application, use the application install command in the EXEC mode. To remove this function, use the application remove command.

application install application-bundle remote-repository-name

Syntax Description

install

Installs a specific application.

application-bundle

Application bundle filename. Up to 255 alphanumeric characters.

remote-repository-name

Remote repository name. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Installs the specified application bundle on the appliance. The application bundle file is pulled from the specified repository.

Examples

acs/admin# application install acs myremoterepository
Do you want to save the current configuration ? (yes/no) [yes] ? 
Generating configuration...
Saved the running configuration to startup successfully
acs/admin#

Related Commands

Command
Description

application remove

Removes or uninstalls an application.

application start

Starts or enables an application.

application stop

Stops or disables an application.

application upgrade

Upgrades an application bundle.

show application

Shows application information for the installed application packages on the system.


application remove

To remove a specific application, use the application remove command in the EXEC mode. To remove this function, use the no form of this command.

application remove application-name

Syntax Description

remove

Removes or uninstalls an application.

application-name

Application name. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Removes or uninstalls an application.

Examples

acs/admin# application remove acs
acs/admin#

Related Commands

Command
Description

application install

Installs an application bundle.

application start

Starts or enables an application.

application stop

Stops or disables an application.

application upgrade

Upgrades an application bundle.

show application

Shows application information for the installed application packages on the system.


application start

To enable a specific application, use the application start command in the EXEC mode. To remove this function, use the no form of this command.

application start application-name

Syntax Description

start

Enables an application bundle.

application-name

Name of the predefined application that you want to enable. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Enables an application.

You cannot use this command to start ACS.

Examples

acs/admin# application start acs
acs/admin#

Related Commands

Command
Description

application install

Installs an application bundle.

application remove

Removes or uninstalls an application.

application stop

Stops or disables an application.

application upgrade

Upgrades an application bundle.

show application

Shows application information for the installed application packages on the system.


application stop

To disable a specific application, use the application stop command in the EXEC mode. To remove this function, use the no form of this command.

application stop application-name

Syntax Description

stop

Disables an application.

application-name

Name of the predefined application that you want to disable. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Disables an application.

You cannot use this command to stop ACS.

Examples

acs/admin# application stop acs
acs/admin#

Related Commands

Command
Description

application install

Installs an application bundle.

application remove

Removes or uninstalls an application.

application start

Starts or enables an application.

application upgrade

Upgrades an application bundle.

show application

Shows application information for the installed application packages on the system.


application upgrade

To upgrade a specific application bundle, use the application upgrade command in the EXEC mode. To remove this function, use the application remove command.

application upgrade application-bundle remote-repository-name

Syntax Description

upgrade

Upgrades a specific application bundle.

application-bundle

Application name. Up to 255 alphanumeric characters.

remote-repository-name

Remote repository name. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Upgrades an application bundle, preserving any application configuration data.

Examples

acs/admin# application upgrade acs myremoterepository
acs/admin#

Related Commands

Command
Description

application install

Installs an application bundle.

application remove

Removes or uninstalls an application.

application start

Starts or enables an application.

application stop

Stops or disables an application.

show application

Shows application information for the installed application packages on the system.


backup

To perform a backup (including the ADE OS data) and place the backup in a repository, use the backup command in the EXEC mode.

backup backup-name repository repository-name

Syntax Description

backup-name

Name of backup file. Up to 100 alphanumeric characters.

repository

Repository command.

repository-name

Location where the files should be backed up to. Up to 30 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Performs a backup of ACS and ADE OS data and places the backup in a repository.

When you are using this command for ACS, the backup files include:

Database—If the database server is running, you can use the dbbackup command to generate a binary file. Otherwise, the entire database is copied over.

Database files includes data related to ACS as well as the ADE OS. You can view backup files of the ADE OS at:

/storedconfig

/storeddata

Database password file—dbcred.cal, located at /opt/CSCOacs/conf.

Certificate store—Located at /opt/CSCOacs/conf.

You can use the show backup history command to display the backup operations and determine whether they succeeded.

If the backup fails, you may be able to use the show logging command (or the show acs-logs command if you are backing up ACS logs) to view troubleshooting information. Failures in the ACS aspect of the backup are clearly described on the terminal.

Examples

acs/admin# backup mybackup repository myrepository
% Creating backup with timestamped filename: myback2-081007-2129.tar.gpg
acs/admin#

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

debug-log

Enables local debug logging.

delete

Deletes a file from the ACS server.

dir

Lists a file from the ACS server.

no debug-log

Disables local debug logging.

reload

Reboots the system.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

repository

Enters the repository submode for configuration of backups.

restore

Restores from backup the file contents of a specific repository.

show acs-logs

Displays ACS system debug logs.

show backup history

Displays the backup history of the system.

show debug-log

Shows the debug log-level status for subsystems (enabled or disabled).

show repository

Displays the available backup files located on a specific repository.


backup-logs

To back up system logs, use the backup-logs command in the EXEC mode. To remove this function, use the no form of this command.

backup-logs backup-name repository repository-name

Syntax Description

backup-name

Name of one or more files to back up. Up to 100 alphanumeric characters.

repository

Repository command.

repository-name

Location where files should be backed up to. Up to 30 alphanumeric characters.


Defaults

This command backs up these log files, which are located in specific directories:

ACS server files located in the /var/log directory.

ACS debug, audit, and diagnostic files located in the /opt/CSCSacs/logs directory.

ACS Tomcat files located in the /opt/CSCOacs/mgmt/apache/<version>/logs directory, where <version> identifies the Tomcat version that you are running.

ACS database files located in the /opt/CSCOacs/db directory.

Command Modes

EXEC

Usage Guidelines

Backs up system logs.

Examples

acs/admin# backup-logs mysyslogs repository myrepository
% Creating log backup with timestamped filename: mysyslogs-081007-2130.tar.gz
acs/admin#

Related Commands

Command
Description

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

restore

Restores from backup the file contents of a specific repository.

repository

Enters the repository submode for configuration of backups.

show backup history

Displays the backup history of the system.

show repository

Displays the available backup files located on a specific repository.


clock

To set the system clock, use the clock command in the EXEC mode. To remove this function, use the no form of this command.

clock {set} [month day hh:min:ss yyyy]

Syntax Description

set

Sets the system clock.

month

Current month of the year by name. Up to three alphabetic characters. For example, Jan for January.

day

Current day (by date) of the month. Value = 0 to 31. Up to two numbers.

hh:mm:ss

Current time in hours (24-hour format), minutes, and seconds.

yyyy

Current year (no abbreviation).


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Sets the system clock.

Examples

acs/admin# clock set Jan 4 5:05:05 2007
Clock was modified. You must restart ACS.
Do you want to restart ACS now? (yes/no) 
Stopping ACS .................
Starting ACS ......................
 
   
acs/admin#

Related Commands

Command
Description

show clock

Displays the time and date set on the system software clock.


configure

To enter the Configuration mode, use the configure command in the EXEC mode. If using the replace option, this command copies a remote configuration to the system, overwriting the existing configuration.

configure {terminal}

Syntax Description

terminal

Executes configuration commands from the terminal.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Use this command to enter the Configuration mode. Note that commands in this mode write to the running configuration file as soon as you enter them (press Enter).

To exit the Configuration mode and return to the EXEC mode, enter end, exit, or Ctrl-z.

To view the changes that you have made to the configuration, use the show running-config command in the EXEC mode.

Examples

acs/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
acs/admin(config)#

Related Commands

Command
Description

show running-configuration

Displays the contents of the currently running configuration file or the configuration.

show startup-configuration

Displays the contents of the startup configuration file or the configuration.


copy

To copy any file from a source to a destination, use the copy command in the EXEC mode. Currently, the copy command in the ACS server copies a configuration (running or startup).

Running configuration

The ACS server active configuration stores itself in the ACS server RAM. Every configuration command you enter resides in the running configuration. If you reboot your ACS server, you lose the configuration. If you make changes that you want to save, you must copy the running configuration to a safe location, such as a network server, or save it as the ACS server startup configuration.

Startup configuration

You cannot edit a startup configuration directly. All commands that you enter store themselves in the running configuration, which you can copy into the startup configuration.

In other words, when you boot a ACS server, the startup configuration becomes the initial running configuration. As you modify the configuration, the two diverge: the startup configuration remains the same; the running configuration reflects the changes that you have made. If you want to make your changes permanent, you must copy the running configuration to the startup configuration.

The following command lines show some of the copy command scenarios available:

copy running-configuration startup-configuration

Copies the running configuration to the startup configuration. Replaces the startup-configuration with the running configuration.


Note If you do not save the running configuration, you will lose all your configuration changes during the next reboot of the ACS server. Once you are satisfied that the current configuration is correct, copy your configuration to the startup configuration with the preceding command.


copy startup-configuration running-configuration

Copies the startup configuration to the running configuration. Merges the startup configuration on top of the running configuration.

copy [protocol://hostname/location] startup-configuration

Copies but does not merge a remote file to the startup configuration.

copy [protocol://hostname/location] running-configuration

Copies and merges a remote file to the running configuration.

copy startup-configuration [protocol://hostname/location]

Copies the startup configuration to a remote system.

copy running-configuration [protocol://hostname/location]

Copies the running configuration to a remote system.

copy logs [protocol://hostname/location]

Copies log files from the system to another location.

copy acs-logs {all [protocol://hostname/location] | filename [log_filename] [protocol://hostname/location] | mgmt [protocol://hostname/location] | runtime [protocol://hostname/location]}

Copies ACS log files from the system to another location.


Note The copy command is supported only for the local disk and not for a repository.


Syntax Description

running-configuration

Represents the current running configuration file.

startup-configuration

Represents the configuration file used during initialization (startup).

protocol

See Table A-4 for protocol keyword options.

hostname

Hostname of destination.

location

Location of destination.

logs

The system log files.

acs-logs

The ACS log files.

all

Copies all ACS log files from the system to another location. All logs are packaged as acslogs.tar.gz and transferred to the specified directory on the remote host.

filename

Allows you to copy a single ACS log file and transfer it to the specified directory on the remote host, with its original name.

log_filename

Name of the ACS log file, as displayed by the show logs command (up to 255 characters).

mgmt

Copies the ACS management debug logs and Tomcat logs from the system, bundles them as mgmtlogs.tar.gz, and transfers them to the specified directory on the remote host.

runtime

Copies the ACS runtime debug logs from the system, bundles them as runtimelogs.tar.gz, and transfers them to the specified directory on the remote host.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

The fundamental function of the copy command allows you to copy a file (such as a system image or configuration file) from one location to another location. The source and destination for the file specified uses the ACS file system, through which you can specify any supported local or remote file location. The file system being used (a local memory source or a remote server) dictates the syntax used in the command.

You can enter on the command line all the necessary source and destination information and the username and password to use; or, you can enter the copy command and have the ACS server prompt you for any missing information.


Timesaver Aliases reduce the amount of typing that you need to do. For example, type copy run start (the abbreviated form of the copy running-config startup-config command).


The entire copying process might take several minutes and differs from protocol to protocol and from network to network.

Use the filename relative to the directory for file transfers.

For the copy acs-logs command, you are prompted for a username and password that can access the remote location. Possible errors are standard FTP or SCP error messages.

Examples

Example 1

acs/admin# copy run start
Generating configuration...
acs/admin#

Example 2

acs/admin# copy acs-logs all ftp://host01/dir01

Example 3

acs/admin# copy acs-logs filename file01 ftp://host01/ldir01

Example 4

acs/admin# copy acs-logs mgmt ftp://host01/dir01

Example 5

acs/admin# copy acs-logs runtime ftp://host01/dir01

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs-config

Enters the ACS Configuration mode.

acs reset-config

Resets the ACS configuration to factory defaults.

acs support

Gathers information for troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

debug-log

Enables local debug logging.

delete

Deletes a file from the ACS server.

dir

Lists a file from the ACS server.

no debug-log

Disables local debug logging.

reload

Reboots the system.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


copy acs-logs

To copy ACS system logs to another location, use the copy acs-logs command in the EXEC mode.

copy acs-logs {all [protocol://hostname/location] | filename [log_filename] [protocol://hostname/location] | mgmt [protocol://hostname/location] | runtime [protocol://hostname/location]}

Syntax Description

all

Copies all ACS log files from the system to another location. All logs are packaged as acslogs.tar.gz and transferred to the specified directory on the remote host.

protocol://hostname/location

Hostname, and location (up to 2048 characters) you want to specify. See Table A-4 for protocol keyword options.

filename

Allows you to copy a single ACS log file and transfer it to the specified directory on the remote host, with its original name.

filename protocol://hostname/location

Name of the file that the show logs command prints (up to 255 characters), protocol, host, and location (up to 2045 characters) that you want to specify. See Table A-4 for protocol keyword options.

mgmt

Copies the ACS management debug logs and Tomcat logs from the system, bundles them as mgmtlogs.tar.gz, and transfers them to the specified directory on the remote host.

protocol://hostname/location

Protocol, hostname, and location (up to 2048 characters) that you want to specify. See Table A-4 for protocol keyword options.

runtime

Copies the ACS runtime debug logs from the system, bundles them as runtimelogs.tar.gz, and transfers them to the specified directory on the remote host.

protocol://hostname/location

Protocol, hostname, and location (up to 2048 characters) that you want to specify.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

See Table A-4 for protocol keyword options. To copy ACS log files to local directories, use the disk:\\directory format (up to 2048 characters), where:

disk—Identifies the hard drive

directory—Identifies the directory name of the hard drive to which you want to copy the logs.

If you specify all, all logs are packaged as acslogs.tar.gz and transferred to the specified directory on the remote host. If you specify mgmt or runtime, the logs are bundled as mgmtlogs.tar.gz and runtimelogs.tar.gz, respectively. Otherwise, the single log file is transferred with its original name.

You are prompted for a username and password that can access the remote location.

Possible errors are standard FTP and SCP error messages.

This command works similarly to the copy logs command, which is not ACS-specific.

Examples

Example 1

acs/admin# copy acs-logs all ftp://host01/dir01

Example 2

acs/admin# copy acs-logs filename file01 ftp://host01/ldir01

Example 3

acs/admin# copy acs-logs mgmt ftp://host01/dir01

Example 4

acs/admin# copy acs-logs runtime ftp://host01/dir01

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs-config

Enters the ACS Configuration mode.

acs reset-config

Resets the ACS configuration to factory defaults.

acs support

Gathers information for troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

copy

Copies any file from a source to a destination.

debug-log

Enables local debug logging.

delete

Deletes a file from the ACS server.

dir

Lists a file from the ACS server.

no debug-log

Disables local debug logging.

reload

Reboots the system.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


debug

To display errors or events for command situations, use the debug command in the EXEC mode.

debug {all | application | backup-restore | cdp | | config | icmp | copy | locks | logging | snmp | system | transfer | user | utils}

Syntax Description

all

Enables all debugging.

application

Application files.

all—Enables all application debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

install—Enables application install debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

operation—Enables application operation debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

uninstall—Enables application uninstall debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

backup-restore

Backs up and restores files.

all—Enables all debug output for backup-restore. Set level between 0 and 7 with 0 being severe and 7 being all.

backup—Enables backup debug output for backup-restore. Set level between 0 and 7 with 0 being severe and 7 being all.

backup-logs—Enables backup-logs debug output for backup-restore. Set level between 0 and 7 with 0 being severe and 7 being all.

history—Enables history debug output for backup-restore. Set level between 0 and 7 with 0 being severe and 7 being all.

restore—Enables restore debug output for backup-restore. Set level between 0 and 7 with 0 being severe and 7 being all.

cdp

CDP configuration files.

all—Enables all CDP configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

config—Enables configuration debug output for CDP. Set level between 0 and 7 with 0 being severe and 7 being all.

infra—Enables infrastructure debug output for CDP. Set level between 0 and 7 with 0 being severe and 7 being all.

config

Configuration files.

all—Enables all configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

backup—Enables backup configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

clock—Enables clock configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

infra—Enables configuration infrastructure debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

kron—Enables command scheduler configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

network—Enables network configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

repository—Enables repository configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

service—Enables service configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

copy

Copy commands. Set level between 0 and 7 with 0 being severe and 7 being all.

locks

Resource locking.

all—Enables all resource locking debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

file—Enables file locking debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

logging

Logging configuration files.

all—Enables all logging configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

snmp

SNMP configuration files.

all—Enables all SNMP configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

system

System files.

all—Enables all system files debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

id—Enables system ID debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

info—Enables system info debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

init—Enables system init debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

transfer

File transfer. Set level between 0 and 7 with 0 being severe and 7 being all.

user

User management.

all—Enables all user management debug output. Set level between 0 and 7 with 0 being severe and 7 being all.

password-policy—Enables user management debug output for password-policy. Set level between 0 and 7 with 0 being severe and 7 being all.

utils

Utilities configuration files.

all—Enables all utilities configuration debug output. Set level between 0 and 7 with 0 being severe and 7 being all.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Use the debug command to identify various failures within the ACS server; for example, setup failures or configuration failures.

Examples

acs/admin# debug all
acs/admin# mkdir disk:/1
acs/admin# 6 [7178]: utils: vsh_root_stubs.c[2301]: mkdir operation success
 
   
acs/admin# rmdir disk:/1
acs/admin# 6 [7180]: utils: vsh_root_stubs.c[2171]: Invoked Remove Directory disk:/1 
command 6 [7180]: utils: vsh_root_stubs.c[2228]: Remove Directory operation success
 
   
acs/admin# undebug all
acsvw-test8/admin# 7 [2826]: cdp:infra: ether-write.c[87]: WriteEther(): wrote len: 192
7 [2826]: cdp:infra: ether-write.c[112]: cdpd write succeed...
7 [2826]: cdp:infra: main.c[128]: 
Writing with retransmissiontime 60...

Related Commands

Command
Description

undebug

Disables the output (display of errors or events) of the debug command for various command situations.


delete

To delete a file from the ACS server, use the delete command in the EXEC mode. To remove this function, use the no form of this command.

delete filename

Syntax Description

filename

Filename. Up to 80 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

If you attempt to delete the configuration file or image, the system prompts you to confirm the deletion. Also, if you attempt to delete the last valid system image, the system prompts you to confirm the deletion.

Examples

acs/admin# delete myfile
acs/admin#

Related Commands

Command
Description

dir

Lists all the files on the ACS server.


dir

To list a file from the ACS server, use the dir command in the EXEC mode. To remove this function, use the no form of this command.

dir [word] [recursive]

Syntax Description

word

Directory name. Up to 80 alphanumeric characters. Requires disk:/ preceding the directory name.

recursive

Lists a local directory or filename recursively.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# dir
 
   
Directory of disk:/
 
   
      16384  Jul 02 2008 08:34:49  lost+found/
       4096  Jul 16 2008 02:10:20  mytest/
       4096  Jul 11 2008 09:12:12  save-config/
 
   
           Usage for disk: filesystem 
                   49741824 bytes total used
                 6815842304 bytes free
                 7233003520 bytes available
acs/admin#

Example 2

acs/admin# dir disk:/mytest
 
   
Directory of disk:/mytest
 
   
           Usage for disk: filesystem 
                   49741824 bytes total used
                 6815842304 bytes free
                 7233003520 bytes available
acs/admin#

Example 3

acs/admin# dir recursive
 
   
Directory of disk:/
 
   
       4096  Jul 16 2008 02:10:20  mytest/
      16384  Jul 02 2008 08:34:49  lost+found/
       4096  Jul 11 2008 09:12:12  save-config/
 
   
Directory of disk:/mytest
 
   
No files in directory
 
   
Directory of disk:/lost+found
 
   
No files in directory
 
   
Directory of disk:/save-config
 
   
        555  Jul 11 2008 09:12:12  running-config
 
   
           Usage for disk: filesystem 
                   49741824 bytes total used
                 6815842304 bytes free
                 7233003520 bytes available

Related Commands

Command
Description

delete

Deletes a file from the ACS server.


exit

To close an active terminal session by logging out of the ACS server or to move up one mode level from the Configuration mode, use the exit command in the EXEC mode.

exit

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Use the exit command in EXEC mode to exit an active session (log out of the ACS server) or to move up from Configuration mode.

Examples

acs/admin# exit

Related Commands

Command
Description

end

Exits the Configuration mode.

exit

Exits the Configuration mode or EXEC mode.

Ctrl-z

Exits the Configuration mode.


forceout

To force users out of an active terminal session by logging them out of the ACS server, use the forceout command in the EXEC mode.

forceout username

Syntax Description

username

The name of the user. Up to 31 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Use the forceout command in EXEC mode to force a user from an active session.

Examples

acs/admin# forceout user1

halt

To shut down and power off the system, use the halt command in EXEC mode.

halt

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# halt
acs/admin#

Related Commands

Command
Description

reload

Reboots the server.


help

To describe the interactive help system for the ACS server, use the help command in the EXEC mode.

help

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

All configuration modes

Usage Guidelines

The help command provides a brief description of the context-sensitive help system. To:

List all commands available for a particular command mode, enter a question mark (?) at the system prompt.

Obtain a list of commands that begin with a particular character string, enter the abbreviated command entry immediately followed by a question mark (?). This form of help is called word help, because it lists only the keywords or arguments that begin with the abbreviation that you entered.

List the keywords and arguments associated with a command, enter a question mark (?) in place of a keyword or argument on the command line. This form of help is called command syntax help, because it lists the keywords or arguments that apply based on the command, keywords, and arguments that you have already entered.

Examples

acs/admin# help
Help may be requested at any point in a command by entering a question mark '?'.  If 
nothing matches, the help list will be empty and you must backup until entering a '?' 
shows the available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') 
and describes each possible argument.
2. Partial help is provided when an abbreviated argument is entered and you want to know 
what arguments match the input (e.g. 'show pr?'.)
acs/admin#

mkdir

To create a new directory on the ACS server, use the mkdir command in the EXEC mode.

mkdir directory-name [disk:/path]

Syntax Description

directory-name

The name of the directory to create. Use disk:/path with the directory name. Up to 80 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Use disk:/path with the directory name; otherwise, an error indicating that the disk:/path must be included appears.

Examples

acs/admin# mkdir disk:/test/
acs/admin# dir
 
   
Directory of disk:/
 
   
      16384  Jun 28 2007 00:09:50  lost+found/
       4096  Jun 28 2007 14:34:27  test/
 
   
           Usage for disk: filesystem
                   88150016 bytes total used
                44585803776 bytes free
                47064707072 bytes available
 
   
acs/admin#

Related Commands

Command
Description

dir

Displays a list of files on the ACS server.

rmdir

Removes an existing directory.


nslookup

To look up the hostname of a remote system on the ACS server, use the nslookup command in the EXEC mode.

nslookup word

Syntax Description

word

IPv4 address or hostname of a remote system. Up to 64 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# nslookup 1.2.3.4
Trying "4.3.2.1.in-addr.arpa"
Host 4.3.2.1.in-addr.arpa not found: 3(NXDOMAIN) Received 105 bytes from 
209.165.200.225#53 in 5 ms
 
   

Example 2

acs/admin# nslookup 209.165.200.225
Trying "225.200.165.209.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15007 ;; flags: qr aa rd ra; QUERY: 1, 
ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
 
   
;; QUESTION SECTION:
;225.200.165.209.in-addr.arpa.      IN      PTR
 
   
;; ANSWER SECTION:
225.200.165.209.in-addr.arpa. 86400 IN      PTR     ACS.cisco.com.
 
   
;; AUTHORITY SECTION:
165.209.in-addr.arpa.    86400   IN      NS      ns2.cisco.com.
165.209.in-addr.arpa.    86400   IN      NS      ns1.cisco.com.
 
   
;; ADDITIONAL SECTION:
ns1.cisco.com.          86400   IN      A       209.165.200.225
ns2.cisco.com.          86400   IN      A       209.165.200.225
 
   
Received 146 bytes from 172.69.2.133#53 in 5 ms
 
   
acs/admin#

ping

To diagnose basic network connectivity to a remote system, use the ping command in the EXEC mode.

ping [ip-address | hostname]

Syntax Description

ip-address

IP address of the system to ping. Up to 32 alphanumeric characters.

hostname

Hostname of the system to ping. Up to 32 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

The ping command sends an echo request packet to an address, then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over the path, and whether you can reach a host.

Examples

acs/admin# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=0 ttl=64 time=0.041 ms
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.029 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=0.026 ms
 
   
--- 172.16.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.026/0.031/0.041/0.007 ms, pipe 2
acs/admin#

reload

To reload the ACS operating system, use the reload command in the EXEC mode.

reload

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

The reload command halts the system. Use the command after configuration information is entered into a file and saved to the startup configuration.

Examples

acs/admin# reload
Continue with reboot? [y/n] y
 
   
Broadcast message from root (pts/0) (Tue Oct  7 23:01:46 2008):
 
   
The system is going down for reboot NOW!
 
   
acs/admin#

Related Commands

Command
Description

halt

Disables the system.


restore

To perform a restore of a previous backup, use the restore command in the EXEC mode. A restore operation restores data related to ACS as well as the ADE OS. To remove this function, use the no form of this command.

restore filename repository repository-name

Syntax Description

filename

Name of the backed-up file that resides in the repository. Up to 100 alphanumeric characters.

Note You must add the .tar.gpg extension after the filename (for example, myfile.tar.gpg).

repository-name

Name of the repository you want to restore from backup.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

When you use this command for ACS, the ACS server restarts automatically.


Note When a restore operation is in progress, do not issue another restore or a reload command.


Examples

acs/admin# restore backup1.tar.gpg repository repository1
acs/admin#

Related Commands

Command
Description

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

repository

Enters the repository submode for configuration of backups.

show repository

Displays the available backup files located on a specific repository.

show backup history

Displays the backup history of the system.


rmdir

To remove an existing directory, use the rmdir command in the EXEC mode.

rmdir word

Syntax Description

word

Directory name. Up to 80 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# mkdir disk:/test/
acs/admin# dir
 
   
Directory of disk:/
 
   
      16384  Jun 28 2007 00:09:50  lost+found/
       4096  Jun 28 2007 14:34:27  test/
 
   
           Usage for disk: filesystem
                   88150016 bytes total used
                44585803776 bytes free
                47064707072 bytes available CAM/admin#
acs/admin# rmdir disk:/test 
acs/admin# dir
 
   
Directory of disk:/
 
   
      16384  Jun 28 2007 00:09:50  lost+found/
 
   
           Usage for disk: filesystem
                   88145920 bytes total used
                44585807872 bytes free
                47064707072 bytes available CAM/admin#
 
   

Related Commands

Command
Description

dir

Displays a list of files on the ACS server.

mkdir

Creates a new directory.


show

To show the running system information, use the show command in the EXEC mode. For detailed information on all the ACS show commands, see Show Commands.

show keyword

Syntax Description

Table A-5 provides a summary of the show commands.

Table A-5 Summary of Show Commands 

Command 1
Description
application

(requires keyword)2

Displays information about the installed application, for example, status or version.

backup

(requires keyword)

Displays information about the backup.

cdp

(requires keyword)

Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces.

clock

Displays the day, date, time, time zone, and year of the system clock.

cpu

Displays CPU information.

disks

Displays file-system information of the disks.

interface

Displays statistics for all the interfaces configured on the ADE OS 1.0.2 system.

logging

(requires keyword)

Displays system logging information.

logins

(requires keyword)

Displays login history.

memory

Displays memory usage by all running processes.

ntp

Displays the status of the Network Time Protocol (NTP).

ports

Displays all the processes listening on the active ports.

process

Displays information about the active processes of the ACS server.

repository

(requires keyword)

Displays the file contents of a specific repository.

restore

(requires keyword)

Displays restore history on the ACS server.

running-config

Displays the contents of the currently running configuration file on the ACS server.

startup-config

Displays the contents of the startup configuration on the ACS server.

tech-support

Displays system and configuration information that you can provide to the Cisco Technical Assistance Center (TAC) when reporting a problem.

terminal

Displays information about the terminal configuration parameter settings for the current terminal line.

timezone

Displays the current time zone of the ACS server.

timezones

Displays all the time zones available for use on the ACS server.

udi

Displays information about the system's Unique Device Identifier (UDI).

uptime

Displays how long the system you are logged in to has been up and running.

users

Displays information for currently logged in users.

1 The commands in this table require that the show command precedes a keyword; for example, show application.

2 Some show commands require an argument or variable after the keyword to function; for example, show application version. This show command displays the version of the application installed on the system (see show application).


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

All show commands require at least one keyword to function.

Examples

acs/admin# show application
<name>          <Description> 
acs              Cisco ACS 5.0
acs/admin#

ssh

To start an encrypted session with a remote system, use the ssh command in the EXEC mode.


Note An Admin or Operator (user) can use this command (see Table 1-1).


ssh [ip-address | hostname] username port [number] version [1 | 2] delete hostkey word

Syntax Description

ip-address

IP address of the remote system. Up to 64 alphanumeric characters.

hostname

Hostname of the remote system. Up to 64 alphanumeric characters.

username

Username of the user logging in through SSH.

port [number]

(Optional) Indicates the port number of the remote host. From 0 to 65,535. Default 22.

version [1 | 2]

(Optional) Indicates the version number. Default 2.

delete hostkey

Deletes the SSH fingerprint of a specific host.

word

IPv4 address or hostname of a remote system. Up to 64 alphanumeric characters.


Defaults

Disabled.

Command Modes

EXEC (Admin or Operator)

Usage Guidelines

The ssh command enables a system to make a secure, encrypted connection to another remote system or server. This connection provides functionality similar to that of an outbound Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for secure communication over an insecure network.

Examples

Example 1

acs/admin# ssh delete hostkey mtm-sun8
acs/admin#

Example 2

acs/admin# ssh acs2 admin
admin@acs2's password:
Last login: Wed Jul 11 05:53:20 2008 from ACS.cisco.com 
 
   
acs2/admin#

tech

To dump a Transmission Control Protocol (TCP) package to the console, use the tech command in the EXEC mode.

tech {dumptcp} gigabit-ethernet

Syntax Description

dumptcp

Dumps TCP package to console.

gigabit-ethernet

Gigabit Ethernet interface number 0 to 1.


Defaults

Disabled.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# tech dumptcp 0
140816:141088(272) ack 1921 win 14144
08:26:12.034630 IP ACS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 
141088:141248(160) ack 1921 win 14144
08:26:12.034635 IP dhcp-64-102-82-153.cisco.com.2221 > ACS.cisco.com.ssh: . ack 139632 win 
64656
08:26:12.034677 IP ACS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 
141248:141520(272) ack 1921 win 14144
08:26:12.034713 IP ACS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 
141520:141680(160) ack 1921 win 14144
08:26:12.034754 IP ACS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 
141680:141952(272) ack 1921 win 14144
08:26:12.034756 IP dhcp-64-102-82-153.cisco.com.2221 > ACS.cisco.com.ssh: . ack 140064 win 
65520
08:26:12.034796 IP ACS.cisco.com.ssh > dhcp-64-102-82-153.cisco.com.2221: P 
141952:142112(160) ack 1921 win 14144
1000 packets captured
1000 packets received by filter
0 packets dropped by kernel
acs/admin#

telnet

To log in to a host that supports Telnet, use the telnet command in Operator (user) or EXEC mode.

telnet [ip-address | hostname] port number

Syntax Description

ip-address

IP address of the remote system. Up to 64 alphanumeric characters.

hostname

Hostname of the remote system. Up to 64 alphanumeric characters.

port number

(Optional) Indicates the port number of the remote host. From 0 to 65,535.


Defaults

No default behavior or values.

Command Modes

Operator

EXEC

Usage Guidelines

None.

Examples

acs/admin# telnet 172.16.0.11 port 23
ACS.cisco.com login: admin
password:
Last login: Mon Jul  2 08:45:24 on ttyS0
acs/admin#

terminal length

To set the number of lines on the current terminal screen for the current session, use the terminal length command in the EXEC mode.

terminal length integer

Syntax Description

integer

Number of lines on the screen. Contains between 0 to 511 lines, inclusive. A value of zero (0) disables pausing between screens of output.


Defaults

24 lines

Command Modes

EXEC

Usage Guidelines

The system uses the length value to determine when to pause during multiple-screen output.

Examples

acs/admin# terminal length 0
acs/admin#

terminal session-timeout

To set the inactivity timeout for all sessions, use the terminal session-timeout command in the EXEC mode.

terminal session-timeout minutes

Syntax Description

minutes

Sets the number of minutes for the inactivity timeout. From 0 to 525,600. Zero (0) disables the timeout.


Defaults

30 minutes

Command Modes

EXEC

Usage Guidelines

Setting the terminal session-timeout command to zero (0) results in no timeout being set.

Examples

acs/admin# terminal session-timeout 40
acs/admin#

Related Commands

Command
Description

terminal session-welcome

Sets a welcome message on the system for all users who log in to the system.


terminal session-welcome

To set a welcome message on the system for all users who log in to the system, use the terminal session-welcome command in EXEC mode.

terminal session-welcome string

Syntax Description

string

Welcome message. Up to 2,048 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Specify a message using up to 2,048 characters.

Examples

acs/admin# terminal session-welcome Welcome
acs/admin#

Related Commands

Command
Description

terminal session-timeout

Sets the inactivity timeout for all sessions.


terminal terminal-type

To specify the type of terminal connected to the current line for the current session, use the terminal terminal-type command in EXEC mode.

terminal terminal-type type

Syntax Description

type

Defines the terminal name and type, and permits terminal negotiation by hosts that provide that type of service. Up to 80 alphanumeric characters.


Defaults

VT100

Command Modes

EXEC

Usage Guidelines

Indicate the terminal type if it is different from the default of VT100.

Examples

acs/admin# terminal terminal-type vt220
acs/admin#

traceroute

To discover the routes that packets take when traveling to their destination address, use the traceroute command in EXEC mode.

traceroute [ip-address | hostname]

Syntax Description

ip-address

IP address of the remote system. Up to 32 alphanumeric characters.

hostname

Hostname of the remote system. Up to 32 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# traceroute 172.16.0.1
traceroute to 172.16.0.1 (172.16.0.1), 30 hops max, 38 byte packets
 1  172.16.0.1 0.067 ms  0.036 ms  0.032 ms
 
   
acs/admin#

undebug

To disable debugging functions, use the undebug command in EXEC mode.

undebug {all | application | backup-restore | cdp | config | copy | locks | logging | snmp | system | transfer | user | utils} level

Syntax Description

all

Disables all debugging.

application

Application files.

all—Disables all application debug output.

install—Disables application install debug output.

operation—Disables application operation debug output.

uninstall—Disables application uninstall debug output.

backup-restore

Backs up and restores files.

all—Disables all debug output for backup-restore.

backup—Disables backup debug output for backup-restore.

backup-logs—Disables backup-logs debug output for backup-restore.

history—Disables history debug output for backup-restore.

restore—Disables restore debug output for backup-restore.

cdp

CDP configuration files.

all—Disables all CDP configuration debug output.

config—Disables configuration debug output for CDP.

infra—Disables infrastructure debug output for CDP.

config

Configuration files.

all—Disables all configuration debug output.

backup—Disables backup configuration debug output.

clock—Disables clock configuration debug output.

infra—Disables configuration infrastructure debug output.

kron—Disables command scheduler configuration debug output.

network—Disables network configuration debug output.

repository—Disables respository configuration debug output.

service—Disables service configuration debug output.

copy

Copy commands.

locks

Resource locking.

all—Disables all resource locking debug output.

file—Disables file locking debug output.

logging

Logging configuration files.

all—Disables all debug output for logging configuration.

snmp

SNMP configuration files.

all—Disables all debug output for SNMP configuration.

system

System files.

all—Disables all system files debug output.

id—Disables system ID debug output.

info—Disables system info debug output.

init—Disables system init debug output.

transfer

File transfer.

user

User management.

all—Disables all user management debug output.

password-policy—Disables user management debug output for password-policy.

utils

Utilities configuration files.

all—Disables all utilities configuration debug output.

level

Number of the priority level at which you set the undebug output. Set level between 0 and 7 with 0 being severe and 7 being all.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# undebug all
acs/admin# 

Related Commands

Command
Description

debug

Displays errors or events for command situations.


write

To copy, display, or erase ACS server configurations, use the write command with the appropriate argument in the EXEC mode.

write {erase | memory | terminal}

Syntax Description

erase

Erases the startup-configuration.

memory

Copies running-configuration to startup-configuration.

terminal

Copies the running-configuration to console.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# write memory
Generating configuration...
acs/admin# 

Example 2

acs/admin# write terminal 
Generating configuration...
!        
hostname ACS
!
ip domain-name cisco.com
!
interface GigabitEthernet 0
  ip address 209.165.200.225 255.255.255.224
!
interface GigabitEthernet 1
  shutdown
!
ip name-server 209.165.201.1 
!
ip default-gateway 209.165.202.129
!
clock timezone UTC
!
username admin password hash $1$UMCQIJy1$8Z.9tkpO1QzCo4zyc1jso0 role admin 
!
service sshd
!
password-policy
  lower-case-required
  upper-case-required
  digit-required
  no-username
  disable-cisco-passwords
  min-password-length 6
!
logging localhost
logging loglevel 6
!
acs/admin#

Show Commands

Each show command includes a brief description of its use, command syntax, usage guidelines, and sample output.

Table A-6 lists the Show commands in the EXEC mode that this section describes.

Table A-6 List of EXEC Show Commands1  

show acs-logs *

show acs-migration-interface

show application *2

show backup history

show cdp

show clock

show icmp-status

show interface

show logging

show logins

show memory

show ntp

show ports

show process

show repository

show restore

show running-configuration

show startup-configuration

show tech-support

show terminal

show timezone

show timezones

show udi

show uptime

show users

show version *

1 Commands marked with an asterisk (*) represent those that are specific to ACS functionality.

2 The show application status acs and show application version acs commands are specific to ACS.


show acs-logs

To display ACS system debug logs, use the show acs-logs command in the EXEC mode.

show acs-logs {details | filename [filename]}

Syntax Description

details

Displays the modification time and size (in KB) for each log file. Also lists the available logfiles.

filename

Specifies a file whose contents you want to view.

filename

Name of the logfile (up to 255 characters) whose contents you want to view.

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables (see Table A-7).

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables (see Table A-7).


Defaults

The ACS logs are located at /opt/CSCOacs/logs, and include:

Management and runtime subsytem debug logs.

Logs containing log messages that you can view via the CLI.

ACS upgrade logs.

Last backup instance.

Monitoring and Report Viewer debug logs.

Third-party debug logs (for example, monit.log and catalina.log)

Using the show acs-logs and show acs-logs details commands, you can view the list of available logfiles. To view the contents of a specific logfile, use the show acs-logs filename filename command.

Command Modes

EXEC

Usage Guidelines

You can use this command when ACS is not running.

Examples

Example 1

acs/admin# show acs-logs
ACSADAgent.log
ACSManagementAudit.log
ACSManagement.log
acsRuntime.log
monit.log
MonitoringAndReportingAlert.log
MonitoringAndReportingCollector.log
MonitoringAndReportingDatabase.log
MonitoringAndReportingProcess.log
MonitoringAndReportingScheduler.log
MonitoringAndReportingUI.log
reportService.0.acs.2008Oct08_20_02_37_Pacific_Daylight_Time.0.log
acsLocalStore.log
catalina.out
acs/admin# 

Example 2

acs/admin# show acs-logs details
Filesize (kb)   Date   Time   Filename
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26              Oct 7  19:32  ACSManagementAudit.log 
65              Oct 7  19:32  ACSManagement.log 
12              Oct 7  19:32  acsRuntime.log 
6               Oct 7  19:33  monit.log  
0               Oct 7  19:17  MonitoringAndReportingAlert.log 
2               Oct 7  19:34  MonitoringAndReportingCollector.log 
6               Oct 7  19:32  MonitoringAndReportingDatabase.log 
3               Oct 7  19:33  MonitoringAndReportingProcess.log 
0               Oct 7  19:17  MonitoringAndReportingScheduler.log 
0               Oct 7  19:18  MonitoringAndReportingUI.log 
0              Oct 8 20:02   
reportService.0.acs.2008Oct08_20_02_37_Pacific_Daylight_Time.0.log
8               Oct 7  19:32  acsLocalStore.log 
19              Oct 7  19:32  catalina.out 
acs/admin# 

Example 3

acs/admin# show acs-logs filename acsRuntime.log
MessageBus,07/10/2008,19:16:40:569,ERROR,66497456,MessageBusSender::connect: unable to 
connect to the management;exception=Connection refused,MessageBusSender.cpp:131
Handler,07/10/2008,19:17:35:273,WARN ,67550128,NIL-CONTEXT,Posture Server did not have any 
ca cert configured,PostureServerHandler.cpp:63
Handler,07/10/2008,19:17:35:274,WARN ,67550128,NIL-CONTEXT,AcsNode does *not* have an 
Https Certificate,PostureServerHandler.cpp:100
--More-- (press Spacebar to continue)

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


show acs-migration-interface

To view if an interface is disabled or enabled for ACS migration, use the show acs-migration-interface command in the EXEC mode.

show acs-migration-interface

Syntax Description

No arguments or keywords.

Defaults

The interface for ACS migration is enabled by default.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show acs-migration-interface
Migration interface is enabled
 
   
Example 2
acs/admin# show acs-migration-interface
Migration interface is disabled

Related Commands

acs migration-interface

Enables or disables an interface for ACS migration.


show application

To show application information of the installed application packages on the system, use the show application command in the EXEC mode.

show application [status | version [app_name]]

Syntax Description

status

Displays the status of the installed application.

Note For ACS usage, the display includes whether the ACS is the primary or secondary, and the status of the services.

version

Displays the application version for an installed application—the ACS.

app_name

Name of installed application.

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables (see Table A-7).

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables (see Table A-7).


Table A-7 Output Modifier Variables for Count or Last 

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Here is a list of various application status displayed and their interpretation.

Status
Description

Running

When the application is in running state.

Execution Failed

When the process has failed to start but still trying to start the process.

Not Monitored

After watchdog failed to start the process as configured.

Restarting

When either the process cannot be found or the process ID file is missing and the watchdog restarts the process.

Initializing

Intermediate state when the watchdog comes up or watchdog starts again to monitor a process. This is shown also when any of the processes has failed to pass the active test.


Examples

Example 1

acs/admin# show application
<name>          <Description> 
acs              ACS 5.0
acs/admin# 

Example 2

acs/admin# show application version acs
 
   
Cisco ACS VERSION INFORMATION
-----------------------------
Version :  5.0.0
Release :  100
 
   
acs/admin# 

Example 3

acs/admin# show application status acs
ACS role: PRIMARY
 
   
Process 'database'                  running
Process 'management'                running
Process 'runtime'                   running
Process 'view-database'             running
Process 'view-collector'            running
Process 'view-jobmanager'           running
Process 'view-alertmanager'         running
 
   
acs/admin# 

Example 4

acs/admin# show application status acs
ACS role: PRIMARY
 
   
"ACS is busy applying a recent configuration change
requiring enabling/disabling of processes.
Status is unavailable.
Please check again in a minute."
 
   
acs/admin#
 
   

This message appears when a set of processes change because of a view node selection or Active Directory configuration.

Example 5

acs/admin# show application status acs
 
   
ACS is not running.
Issue 'application start acs' command to start ACS.
 
   
acs/admin# 

Related Commands

Command
Description

application install

Installs an application bundle.

application remove

Removes or uninstalls an application.

application start

Starts or enables an application.

application stop

Stops or disables an application.

application upgrade

Upgrades an application bundle.


show backup history

To display the backup history of the system, use the show backup command in the EXEC mode.

show backup history

Syntax Description

history

Displays history information about any backups on the system.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show backup history
Wed Jul 18 12:55:21 UTC 2007: backup logs logs-0718.tar.gz to repository fileserver007: 
success
Wed Jul 18 12:55:53 UTC 2007: backup full-0718.tar.gpg to repository fileserver007: 
success
acs/admin#

Example 2

acs/admin# show backup history
backup history is empty

Related Commands

Command
Description

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

restore

Restores from backup the file contents of a specific repository.

repository

Enters the repository submode for configuration of backups.

show repository

Displays the available backup files located on a specific repository.


show cdp

To display information about the enabled CDP interfaces, use the show cdp command in the EXEC mode.

show cdp {all | neighbors}

Syntax Description

all

Shows enabled CDP interfaces.

neighbors

Shows CDP neighbors.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show cdp all
 
   
CDP protocol is enabled ...
        broadcasting interval is every 60 seconds.
        time-to-live of cdp packets is 180 seconds.
 
   
        CDP is enabled on port GigabitEthernet0.
 
   
acs/admin# 

Example 2

acs/admin# show cdp neighbors
 
   
 
   
CDP Neighbor : acs-test2
        Local Interface    : GigabitEthernet0
        Device Type        : cisco WS-C3560G-48PS
        Port               : GigabitEthernet0/36
        Address            : 209.165.200.225
 
   
acs/admin#

Related Commands

Command
Description

cdp holdtime

Specifies the length of time that the receiving device should hold a CDP packet from your router before discarding it.

cdp run

Enables the CDP.

cdp timer

Specifies how often the ACS server sends CDP updates.


show clock

To display the day, month, date, time, time zone, and year of the system software clock, use the show clock command in the EXEC mode.

show clock

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show clock
Tue Oct  7 20:13:22 UTC 2008
acs/admin#
 
   

Note The show clock output in the previous example includes Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), Great Britain, or Zulu time (see Tables A-15, A-16, and A-17 on pages A-94 and A-95 for sample time zones).


Related Commands

Command
Description

clock

Sets the system clock for display purposes.


show cpu

To display CPU information, use the show cpu command in the EXEC mode.

show cpu [statistics] [|] [|]

Syntax Description

statistics

Displays CPU statistics.

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables (see Table A-8).

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables (see Table A-8).


Table A-8 Output Modifier Variables for Count or Last 

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show cpu
processor : 0
model     : Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz
speed(MHz): 2133.737
cache size: 2048 KB
 
   
processor : 1
model     : Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz
speed(MHz): 2133.737
cache size: 2048 KB
 
   
acs/admin#

Example 2

acs/admin# show cpu statistics
user time:               8312
kernel time:             3200
idle time:           15510748
i/o wait time:           5295
irq time:                 972
 
   
acs/admin#

Related Commands

Command
Description

show disks

Displays the system information of all disks.

show memory

Displays the amount of system memory that each system process uses.


show disks

To display file-system information about the disks, use the show disks command in the EXEC mode.

show disks [|] [|]

Syntax Description

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables (see Table A-9).

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables (see Table A-9).


Table A-9 Output Modifier Variables for Count or Last 

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Only platforms that have a disk file system support the show disks command.

Examples

acs/admin# show disks
disk: 1% used (48564 of 7063480)
temp. space 2% used (35844 of 2031952)
 
   
Internal filesystems:
  all internal filesystems have sufficient free space
 
   
acs/admin#

Related Commands

Command
Description

show cpu

Displays CPU information.

show memory

Displays the amount of system memory that each system process uses.


show icmp-status

To display file-system information about the disks, use the show icmp_status command in EXEC mode.

show icmp_status {> file | |}

Syntax Description

>

Output direction.

file

Name of file to redirect standard output (stdout).

|

Output modifier commands:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier commands (see Table A-10).

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier commands (see Table A-10).


Table A-10 Output Modifier Variables for Count or Last 

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show icmp_status
icmp echo response is turned on
acs/admin#

Example 2

acs/admin# show icmp_status
icmp echo response is turned off
acs/admin#

Related Commands

Command
Description

icmp echo

Configures the Internet Control Message Protocol (ICMP) echo requests.


show interface

To display the usability status of interfaces configured for IP, use the show interface command in the EXEC mode.

show interface [GigabitEthernet] |

Syntax Description

GigabitEthernet

Shows the Gigabit Ethernet interface. Either 0 or 1.

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the interface. Add number after the word count.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show interface
eth0      Link encap:Ethernet  HWaddr 00:16:36:56:61:D2  
          inet addr:209.165.200.225 Bcast:209.165.200.255 Mask:255.255.255.224
          inet6 addr: fe80::216:36ff:fe56:61d2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8783423 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4178157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:574274908 (547.6 MiB)  TX bytes:268869567 (256.4 MiB)
          Interrupt:169 
 
   
eth1      Link encap:Ethernet  HWaddr 00:16:36:56:61:D1  
          inet6 addr: fe80::216:36ff:fe56:61d1/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:177 
 
   
lo        Link encap:Local Loopback  
          inet addr:209.165.201.1 Mask:255.255.255.224
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:21617 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21617 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3587148 (3.4 MiB)  TX bytes:3587148 (3.4 MiB)
 
   
sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 
   
acs/admin#

Related Commands

Command
Description

interface

Configures an interface type and enters the interface configuration submode.


show logging

To display the state of system logging (syslog) and the contents of the standard system logging buffer, use the show logging command in the EXEC mode.

show logging {application [application-name]} {internal} {system} |

Syntax Description

application

Displays application logs.

application-name—Application name. Up to 255 alphanumeric characters.

tail—Tail system syslog messages.

count—Tail last count messages. From 0 to 4,294,967,295.

|—Output modifier variables (see below).

internal

Displays the syslogs configuration.

system

Displays the system syslogs.

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the interface. Add number after the word count.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

This command displays the state of syslog error and event logging, including host addresses, and for which, logging destinations (console, monitor, buffer, or host) logging is enabled.

Examples

Example 1

acs/admin# show logging system
ADEOS Platform log:
-----------------
 
   
Oct  7 13:24:41 localhost debugd[2050]: [2915]: config:network: main.c[238]: Set
up is complete 
Oct  7 13:24:51 localhost debugd[2050]: hangup signal caught, configuration read
Oct  7 13:24:51 localhost debugd[2050]: successfully loaded debug config
Oct  7 13:24:51 localhost debugd[2050]: [3482]: icmp: icmputils_cli.c[139]: Generating 
icmp echo response config 
Oct  7 13:24:51 localhost debugd[2050]: [3482]: icmp: cars_icmpcfg.c[118]: Got the current 
ICMP Echo response config as : enabled 
Oct  7 13:24:51 localhost debugd[2050]: [3482]: icmp: icmputils_cli.c[160]: Got ICMP echo 
config: on 
Oct  7 13:24:51 localhost debugd[2050]: [3482]: icmp: icmputils_cli.c[167]: Finished icmp 
echo response config generation 
Oct  7 13:24:51 localhost debugd[2050]: [3482]: logging: logutils_cli.c[233]: Generating 
logging config 
Oct  7 13:24:51 localhost debugd[2050]: [3482]: logging: logutils_cli.c[253]: Got 
Logserver: localhost 
Oct  7 13:24:51 localhost debugd[2050]: [3482]: logging: logutils_cli.c[261]: Got 
loglevel: 6 
--More-- (press Spacebar to continue)
 
   

Example 2

acs/admin# show logging internal
 
   
log server:          localhost
Global loglevel:     6
Status:              Enabled
 
   
acs/admin#

show logins

To display the state of system logins, use the show logins command in the EXEC mode.

show logins cli

Syntax Description

cli

Lists the login history.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

Requires the cli keyword; otherwise, an error occurs.

Examples

acs/admin# show logins cli
admin    pts/0        dhcp-64-102-82-1 Thu May  3 05:23   still logged in   
admin    pts/0        dhcp-64-102-82-1 Thu May  3 04:31 - 05:11  (00:39)    
admin    pts/0        dhcp-64-102-82-1 Thu May  3 04:16 - 04:17  (00:00)    
admin    pts/0        dhcp-64-102-82-1 Thu May  3 03:53 - 04:16  (00:22)    
 
   
wtmp begins Tue Oct  7 13:21:14 2008
 
   
acs/admin#

show memory

To display the memory usage of all the running processes, use the show memory command in the EXEC mode.

show memory

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show memory
total memory:    2074924 kB
free memory:     1687324 kB
cached:           162984 kB
swap-cached:           0 kB
 
   
acs/admin#

show ntp

To show the status of the Network Time Protocol (NTP) associations, use the show ntp command in the EXEC mode.

show ntp

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show ntp
Primary NTP   : 1.ntp.esl.cisco.com
Secondary NTP : 2.ntp.esl.cisco.com
 
   
synchronised to NTP server (209.165.202.129) at stratum 2
   time correct to within 37 ms
   polling server every 128 s
 
   
acs/admin#

Related Commands

Command
Description

ntp server

Allows the synchronization of the software clock by the NTP server for the system.


show ports

To display information about all the processes listening on active ports, use the show ports command in the EXEC mode.

show ports [|] [|]

Syntax Description

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the interface. Add number after the word count.

|—Output modifier variables (see Table A-11).

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables (see Table A-11).


Table A-11 Output Modifier Variables for Count or Last 

|

Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

|—Output modifier variables.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.

|—Output modifier variables.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

When you run the show ports command, the port must have an associated active session.

Examples

acs/admin# show ports
 
   
Process : dbsrv10 (9253)
     tcp: 0.0.0.0:2638, :::2638
Process : portmap (2615)
     tcp: 0.0.0.0:111
     udp: 0.0.0.0:111
Process : dbsrv10 (10019)
     tcp: 0.0.0.0:43216, :::43216
Process : rt_daemon (9450)
     tcp: 172.23.245.28:49
     udp: 0.0.0.0:32771, 0.0.0.0:1812, 0.0.0.0:1813, 0.0.0.0:1645, 0.0.0.0:1646
Process : monit (6933)
     tcp: 127.0.0.1:2812
Process : java (9756)
     tcp: :::2020, ::ffff:127.0.0.1:8005, :::6666, :::2030, :::61616, :::80, 
::ffff:127.0.0.1:51515, :::443
Process : sshd (2776)
     tcp: :::22
Process : java (10023)
     udp: :::20514
acs/admin# 

show process

To display information about active processes, use the show process command in the EXEC mode.

show process |

Syntax Description

|

(Optional) Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the interface. Add number after the word count.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

See Table A-12 for process field descriptions.

acs/admin# show process
 
   
USER       PID     TIME TT       COMMAND
root         1 00:00:00 ?        init
root         2 00:00:00 ?        migration/0
root         3 00:00:00 ?        ksoftirqd/0
root         4 00:00:00 ?        migration/1
root         5 00:00:00 ?        ksoftirqd/1
root         6 00:00:00 ?        events/0
root         7 00:00:00 ?        events/1
root         8 00:00:00 ?        khelper
root         9 00:00:00 ?        kacpid
root        36 00:00:00 ?        kblockd/0
root        37 00:00:00 ?        kblockd/1
root        55 00:00:00 ?        pdflush
root        58 00:00:00 ?        aio/0
root        59 00:00:00 ?        aio/1
root        38 00:00:00 ?        khubd
root        57 00:00:00 ?        kswapd0
root       203 00:00:00 ?        kseriod
root       320 00:00:00 ?        ata/0
root       321 00:00:00 ?        ata/1
root       325 00:00:00 ?        scsi_eh_0
root       326 00:00:00 ?        scsi_eh_1
--More-- (press Spacebar to continue)
 
   

Table A-12 Show Process Field Descriptions 

Field
Description

USER

Logged-in user.

PID

Process ID.

TIME

The time the command was last used.

TT

Terminal that controls the process.

COMMAND

Type of process or command used.


show repository

To display the file contents of the repository, use the show repository command in the EXEC mode.

show repository repository-name

Syntax Description

repository-name

Name of the repository whose contents you want to view. Up to 30 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show repository myrepository
back1.tar.gpg
back2.tar.gpg
acs/admin#

Related Commands

Command
Description

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

restore

Restores from backup the file contents of a specific repository.

repository

Enters the repository submode for configuration of backups.

show backup history

Displays the backup history of the system.


show restore

To display the restore history, use the show restore command in the EXEC mode.

show restore {history}

Syntax Description

history

Displays the restore history.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show restore history
Tue Sep  4 03:42:48 PDT 2008: restore 11backup_Local.File2.tar.gpg from repository 
executeBackupRepo: success Tue Sep  4 03:46:15 PDT 2008: restore 
11backup_Local.File2.tar.gpg from repository executeBackupRepo: success Tue Sep  4 
03:51:07 PDT 2008: restore 11backup_Local.File2.tar.gpg from repository executeBackupRepo: 
success Tue Sep  4 03:54:35 PDT 2008: restore 11backup_Local.File2.tar.gpg from repository 
executeBackupRepo: success Wed Sep  5 12:31:21 UTC 2008: restore cdromRestore.tar.gpg from 
repository cdrom1: success admin#
 
   
acs/admin#

Example 2

acs/admin# show restore history
restore history is empty
acs/admin#

Related Commands

Command
Description

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

restore

Restores from backup the file contents of a specific repository.

repository

Enters the repository submode for configuration of backups.

show backup history

Displays the backup history of the system.


show running-configuration

To display the contents of the currently running configuration file or the configuration, use the show running-configuration command in the EXEC mode.

show running-configuration

Syntax Description

No arguments or keywords.

Defaults

The show running-configuration command displays all of the configuration information.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show running-configuration
 
   
Generating configuration...
!        
hostname acs
!        
ip domain-name cisco.com
!        
interface GigabitEthernet 0
  ip address 209.165.200.225 255.255.255.224
!        
interface GigabitEthernet 1
  shutdown
!        
!        
 
   
clock timezone UTC
!        
!
username admin password groove role admin 
!
service sshd
!
repository myrepository
  url ftp://209.165.200.234/backup
  user bubba password gump
!
password-policy
  lower-case-required
  upper-case-required
  digit-required
  no-username
  disable-cisco-passwords
  min-password-length 6
!
logging localhost
logging loglevel 6
!
cdp timer 60
cdp holdtime 180
cdp run GigabitEthernet 0
!
icmp echo on
!
acs/admin#

Related Commands

Command
Description

configure

Enters the Configuration mode.

show startup-configuration

Displays the contents of the startup configuration file or the configuration.


show startup-configuration

To display the contents of the startup configuration file or the configuration, use the show startup-configuration command in the EXEC mode.

show startup-configuration

Syntax Description

No arguments or keywords.

Defaults

The show startup-configuration command displays all of the startup configuration information.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show startup-configuration
 
   
Generating configuration...
!        
hostname acs
!        
ip domain-name cisco.com
!        
interface GigabitEthernet 0
  ip address 209.165.200.225 255.255.255.224
!        
interface GigabitEthernet 1
  shutdown
!        
!        
 
   
clock timezone UTC
!        
!
username admin password groove role admin 
!
service sshd
!
repository myrepository
  url ftp://209.165.200.234/backup
  user bubba password gump
!
--More-- (press Spacebar to continue)

Related Commands

Command
Description

configure

Enters the Configuration mode.

show running-configuration

Displays the contents of the currently running configuration file or the configuration.


show tech-support

To display technical support information, including e-mail, use the show tech-support command in the EXEC mode.

show tech-support file [word]

Syntax Description

file

Save any technical support data as a file in the local disk.

word

Filename to save. Up to 80 alphanumeric characters.


Defaults

Passwords and other security information do not appear in the output.

Command Modes

EXEC

Usage Guidelines

The show tech-support command is useful for collecting a large amount of information about your ACS server for troubleshooting purposes. You can then provide output to technical support representatives when reporting a problem.

Examples

acs/admin# show tech-support
###################################################
Application Deployment Engine(ADE) - Release 1.0
Technical Support Debug Info follows...
###################################################
 
   
 
   
*****************************************
Checking dmidecode Serial Number(s)
*****************************************
  0x0736C7F6
 0x0736C803
 0x0736C808
 0x0736C81F
 AZAX74601334
 
   
*****************************************
Displaying System Uptime...
*****************************************
 20:41:46 up  6:42,  1 user,  load average: 0.45, 0.20, 0.12
 
   
*****************************************
Display Memory Usage(KB)
*****************************************
             total       used       free     shared    buffers     cached
Mem:       4148032    2951612    1196420          0      59440    1873920
-/+ buffers/cache:    1018252    3129780
Swap:      8191992          0    8191992
 
   
*****************************************
Displaying Processes(ax --forest)...
*****************************************
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:00 init [3]         
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S      0:00 [migration/1]
    5 ?        SN     0:00 [ksoftirqd/1]
 
   
--More--(Press Enter or Spacebar.)

Related Commands

Command
Description

show interface

Displays the usability status of the interfaces.

show process

Displays information about active processes.

show running-configuration

Displays the contents of the current running configuration.


show terminal

To obtain information about the terminal configuration parameter settings, use the show terminal command in the EXEC mode.

show terminal

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show terminal
TTY: /dev/pts/0 Type: "vt100"
Length: 25 lines, Width: 80 columns
Session Timeout: 30 minutes
acs/admin#
 
   

Table A-13 describes the fields of the show terminal output.

Table A-13 Show Terminal Field Descriptions 

Field
Description

TTY: /dev/pts/0

Displays standard output to type of terminal.

Type: "vt100"

Type of current terminal used.

Length: 24 lines

Length of the terminal display.

Width: 80 columns

Width of the terminal display, in character columns.

Session Timeout: 30 minutes

Length of time, in minutes, for a session, after which the connection closes.


show timezone

To display the time zone as set on the system, use the show timezone command in the EXEC mode.

show timezone

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show timezone
UTC
acs/admin#

Related Commands

Command
Description

clock timezone

Sets the time zone on the system.

show timezones

Displays the time zones available on the system.


show timezones

To obtain a list of time zones from which you can select, use the show timezones command in the EXEC mode.

show timezones

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

See clock timezone, for examples of the time zones available for ACS server.

Examples

acs/admin# show timezones
PST8PDT
Hongkong
Etc/GMT-7
Etc/GMT-12
Etc/GMT-4
Etc/GMT-13
Etc/GMT-11
Etc/GMT-1
Etc/GMT+5
Etc/GMT-14
Etc/GMT+11
Etc/GMT+6
Etc/Zulu
Etc/GMT+7
Etc/Universal
Etc/GMT-2
Etc/GMT+10
Etc/GMT-8
Etc/GMT+8
Etc/GMT+1
Etc/GMT0
Etc/GMT+9
Etc/GMT+3
Etc/GMT-3
Etc/GMT
Etc/GMT-5
Etc/GMT-0
Etc/GMT-6
Etc/GMT+4
Etc/GMT-9
Etc/GMT+12
Etc/GMT+2
Etc/UCT
Etc/GMT-10
Etc/GMT+0
Etc/Greenwich
Etc/UTC
Pacific/Norfolk
--More-- (Press Enter or Spacebar)

Related Commands

Command
Description

show timezone

Displays the time zone set on the system.

clock timezone

Sets the time zone on the system.


show udi

To display information about the CSACS 1120's Unique Device Identifier (UDI), use the show udi command in the EXEC mode.

show udi

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

Example 1

acs/admin# show udi
SPID: ADE-1010
VPID: VO1
Serial: 123455
acs/admin#

Example 2

acs/admin# show udi
SPID:: Cisco-VM_SPID
VPID:  V01
Serial: Cisco-VM-SN
 
   

This output appears when you run the show udi command on VMWare servers running VMWare ESX 3.5.0.

show uptime

To display the length of time that you have been logged in to the ACS server, use the show uptime command in the EXEC mode.

show uptime |

Syntax Description

|

(Optional) Output modifier variables:

begin—Matched pattern. Up to 80 alphanumeric characters.

count—Count the number of lines in the output. Add number after the word count.

end—End with line that matches. Up to 80 alphanumeric characters.

exclude—Exclude lines that match. Up to 80 alphanumeric characters.

include—Include lines that match. Up to 80 alphanumeric characters.

last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10.


Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show uptime
4 day(s), 16:36:58
acs/admin#

show users

To display the list of users logged in to the ACS server, use the show users command in the EXEC mode.

show users

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

None.

Examples

acs/admin# show users
 
   
USERNAME         ROLE   HOST                     TTY      LOGIN DATETIME            
 
   
admin            Admin  209.165.200.225            pts/0    Tue Oct  7 19:21:00 2008
 
   
acs/admin#

show version

To display information about the software version of the system, use the show version command in the EXEC mode.

show version

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Usage Guidelines

This command displays information about the ADE OS 1.1 software version currently running on the ACS server, and the ACS version.

Examples

acs/admin# show version
Cisco Application Deployment Engine OS Release: 1.1
Build Version: 1.1.0.416
Copyright (c) 2005-2008 by Cisco Systems, Inc.
All rights reserved.
Hostname: acs
 
   
Version information of installed applications
---------------------------------------------
 
   
 
Cisco ACS VERSION INFORMATION
-----------------------------
Version :  5.0.1
Release :  100
acs/admin#

ACS Configuration Commands

Each ACS Configuration command includes a brief description of its use, command syntax, usage guidelines, and sample output.

To access the ACS Configuration mode, you must use the acs-config command in the EXEC mode.

This section describes the following Configuration commands.

debug-adclient

no debug-adclient

debug-log

no debug-log

replication force-sync

show debug-log

show debug-adclient

debug-adclient

To enable debug logging for an Active Directory client, use the debug-adclient command in the ACS Configuration mode. To disable debug logging for an Active Directory client, use the no form of this command.

debug-adclient enable

Syntax Description

No arguments or keywords.

Defaults

Disabled.

Command Modes

ACS Configuration

Usage Guidelines

None.

Examples

acs/admin(config-acs)# debug-adclient enable
acs/admin(config-acs)#

Related Commands

Command
Description

no debug-adclient

Disables debug logging for an Active Directory client.

debug-log

Enables local debug logging.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show debug-adclient

Shows the debug log level status for Active Directory client (enabled or disabled).


no debug-adclient

To disable debug logging for an Active Directory client, use the no debug-adclient command in the ACS Configuration mode.

no debug-adclient enable

Syntax Description

No arguments or keywords.

Defaults

Disabled.

Command Modes

ACS Configuration

Usage Guidelines

None.

Examples

acs/admin(config-acs)# no debug-adclient enable
acs/admin(config-acs)#

Related Commands

Command
Description

debug-adclient

Enables debug logging for an Active Directory client.

debug-log

Enables local debug logging.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show debug-adclient

Shows the debug log level status for Active Directory client (enabled or disabled).


debug-log

To set the local debug logging level for all or specific ACS components, use the debug-log command in the ACS Configuration mode.

debug-log {component | all} level {debug | info | warn | error | fatal | none}

Syntax Description

component

Selects local debug logging on the components you want, where component can be any of the components described in the Usage Guidelines.

all

Selects local debug logging on all components.

level

Selects local debug logging level. The options are:

debug—Selects logging messages with the DEBUG severity level.

info—Selects logging messages with the INFO severity level.

warn—Selects logging messages with the WARN severity level.

error—elects logging messages with the ERROR severity level.

fatal—Selects logging messages with the FATAL severity level.

none—Selects logging messages with the no severity level.


Defaults

All ACS debug logging is disabled.

Command Modes

ACS Configuration

Usage Guidelines

You can select any of the following options (including suboptions) as a component:

runtime—If you select this component, all runtime subcomponents are included; see runtime- items in the list below.

runtime-admin

runtime-authenticators

runtime-authorization

runtime-config-manager

runtime-config-notification-flow

runtime-customerlog

runtime-crypto

runtime-dataaccess

runtime-dbpassword

runtime-eap

runtime-event-handler

runtime-idstores

runtime-infrastructure

runtime-logging

runtime-logging-notification-flow

runtime-message-bus

runtime-message-catalog

runtime-radius

runtime-rule-engine

runtime-state-manager

runtime-tacacs

runtime-xml-config

mgmt (management)—If you select this component, all other mgmt subcomponents are included; see mgmt- items in the list below.

mgmt-audit

mgmt-common

mgmt-aac

mgmt-bl

mgmt-cli

mgmt-gui

mgmt-system

mgmt-notification

mgmt-bus

mgmt-dbal

mgmt-replication

mgmt-distmgmt

mgmt-validation

mgmt-changepassword

mgmt-license

mgmt-acsview

The debug logging configuration remains in effect even after a reboot. To reconfigure, use the debug-log command again or the no debug-log command.

Examples

acs/admin(config-acs)# debug-log mgmt level warn
acs/admin(config-acs)# 

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

no debug-log

Disables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


no debug-log

To return debug logging to the default configuration—all debug logging is disabled—for all components or for specific ACS components, use the no debug-log command in the ACS Configuration mode.

no debug-log {component | all} [level [debug | info | warn | error | fatal | none]]

Syntax Description

component

Selects local debug logging on the components you want, where component can be any of the components described in the Usage Guidelines.

all

Selects local debug logging on all components.


Defaults

All debug logging is disabled.

Command Modes

ACS Configuration

Usage Guidelines

You can select any of the following as a component:

runtime—If you select this component, all other runtime subcomponents are included; see runtime- items in the list below:

runtime-admin

runtime-authenticators

runtime-authorization

runtime-config-manager

runtime-config-notification-flow

runtime-customerlog

runtime-crypto

runtime-dataaccess

runtime-dbpassword

runtime-eap

runtime-event-handler

runtime-idstores

runtime-infrastructure

runtime-logging

runtime-logging-notification-flow

runtime-message-bus

runtime-message-catalog

runtime-radius

runtime-rule-engine

runtime-state-manager

runtime-tacacs

runtime-xml-config

mgmt (management)—If you select this component, all other mgmt subcomponents are included; see mgmt- items in the list below:

mgmt-audit

mgmt-common

mgmt-aac

mgmt-bl

mgmt-cli

mgmt-gui

mgmt-system

mgmt-notification

mgmt-bus

mgmt-dbal

mgmt-replication

mgmt-distmgmt

mgmt-validation

mgmt-changepassword

mgmt-license

mgmt-acsview

Examples

acs/admin(config-acs)# no debug-log all

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs-config

Enters the ACS Configuration mode.

acs reset-config

Resets the ACS configuration to factory defaults.

acs support

Gathers information for troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables local debug logging.

replication force-sync

Synchronizes the secondary ACS database to the primary ACS database.

restore

Restores from backup the file contents of a specific repository.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).

show acs-logs

Displays ACS system debug logs.

show application

Shows application status and version information.

show version

Displays information about the software version of the system.


replication force-sync

To synchronize the ACS database (configuration information) of a secondary ACS with the database of the primary ACS, use the replication force-sync command in the ACS Configuration mode.

replication force-sync

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

ACS Configuration

Usage Guidelines

You can use this command only on a secondary ACS. If you use this command on the primary ACS, this message appears:

Replication synchronization must be done on a SECONDARY instance.
 
   

This command stops the ACS application, which remains unavailable for the duration of the synchronization process. The duration of the synchronization process depends on the size of the ACS database—it could take a significant amount of time to complete. Ensure that you use this command when you do not need to access your ACS.

ACS restarts after the primary-to-secondary synchronization is complete.

Examples

acs/admin(config-acs)# replication force-sync
 
   
Success.

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables debug logging for components.

no debug-log

Disables debug logging for components.

restore

Restores from backup the file contents of a specific repository.

show acs-logs

Displays ACS system debug logs.

show application

Displays application status and version information.

show version

Displays information about the software version of the system.


show debug-log

To display the local debug logging status for all components or for specific ACS components, use the show debug-log command in the ACS Configuration mode.

show debug-log [component | all]

Syntax Description

component

Selects local debug logging on the components you want, where component can be any of the components described in the Usage Guidelines.

all

Displays the currently configured local debug logging status for all components.


Defaults

No default behavior or values.

Command Modes

ACS Configuration

Usage Guidelines

You can select any of the following (including the suboptions) as a component:

runtime—If you select this component, all other runtime subcomponents are included; see runtime- items in the list below:

runtime-admin

runtime-authenticators

runtime-authorization

runtime-config-manager

runtime-config-notification-flow

runtime-customerlog

runtime-crypto

runtime-dataaccess

runtime-dbpassword

runtime-eap

runtime-event-handler

runtime-idstores

runtime-infrastructure

runtime-logging

runtime-logging-notification-flow

runtime-message-bus

runtime-message-catalog

runtime-radius

runtime-rule-engine

runtime-state-manager

runtime-tacacs

runtime-xml-config

mgmt (management)—If you select this component, all other mgmt subcomponents are included; see mgmt- items in the list below:

mgmt-audit

mgmt-common

mgmt-aac

mgmt-bl

mgmt-cli

mgmt-gui

mgmt-system

mgmt-notification

mgmt-bus

mgmt-dbal

mgmt-replication

mgmt-distmgmt

mgmt-validation

mgmt-changepassword

mgmt-license

mgmt-acsview

Examples

When the ACS system starts up, the show debug-log mgmt command produces the following output:

        current   configured
Mgmt    disabled  disabled
 
   

After issuing the debug-log mgmt enable command, the show debug-log mgmt command displays:

        current  onfigured
Mgmt    disabled enabled
 
   

After restarting ACS, the show debug-log mgmt command displays:

        current   configured
Mgmt    enabled   enabled

Related Commands

Command
Description

acs

Starts or stops an ACS instance.

acs backup

Performs a backup of an ACS configuration.

acs-config

Enters the ACS Configuration mode.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs support

Gathers information for ACS troubleshooting.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Backs up system logs.

copy acs-logs

Copies ACS logs to a remote location or to a local disk.

debug-log

Enables debug logging for components.

no debug-log

Disables debug logging for components.

restore

Restores from backup the file contents of a specific repository.

show acs-logs

Displays ACS system debug logs.

show application

Displays application status and version information.

show version

Displays information about the software version of the system.


show debug-adclient

To display the debug logging status for an Active Directory client, use the show debug-adclient command in the ACS Configuration mode.

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

ACS Configuration

Usage Guidelines

None.

Examples

acs/admin(config-acs)# show debug-adclient
Active Directory client debug is disabled 

Related Commands

Command
Description

debug-adclient

Enables debug logging for an Active Directory client.

no debug-adclient

Disables debug logging for an Active Directory client.

debug-log

Enables local debug logging.

show debug-log

Shows the debug log level status for subsystems (enabled or disabled).


Configuration Commands

Each Configuration command includes a brief description of its use, command syntax, usage guidelines, and sample output.

Configuration commands include commands such as interface and repository.


Note Some of the Configuration commands require you to enter the configuration submode to complete the command configuration.


To access the Configuration mode, you must use the configure command in the EXEC mode.

Table A-14 lists the Configuration commands that this section describes.


backup-staging-url

To allow you to configure a Network File System (NFS) location that backup and restore operations will use as a staging area to package and unpackage backup files, use the backup-staging-url command in Configuration mode.

backup-staging-url word

Syntax Description

word

NFS URL for staging area. Up to 2048 alphanumeric characters. Use nfs://server:path1 .

1 Server is the server name and path refers to /subdir/subsubdir. Remember that a colon (:) is required after the server.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

The URL is NFS only. The format of the command is backup-staging-url nfs://server:path.

Examples

acs/admin(config)# backup-staging-url nfs://loc-filer02a:/vol/local1/private1/jdoe
acs/admin(config)# 

cdp holdtime

To specify the amount of time that the receiving device should hold a CDP packet from the ACS server before discarding it, use the cdp holdtime command in Configuration mode. To revert to the default setting, use the no form of this command.

cdp holdtime seconds

Syntax Description

seconds

Specifies the hold time, in seconds. Value from 10 to 255 seconds.


Defaults

180 seconds

Command Modes

Configuration

Usage Guidelines

CDP packets transmit with a time to live, or hold time, value. The receiving device will discard the CDP information in the CDP packet after the hold time has elapsed.

The cdp holdtime command takes only one argument; otherwise, an error occurs.

Examples

acs/admin(config)# cdp holdtime 60
acs/admin(config)# 

Related Commands

Command
Description

cdp timer

Specifies how often the ACS server sends CDP updates.

cdp run

Enables the CDP.


cdp run

To enable the CDP, use the cdp run command in Configuration mode. To disable the CDP, use the no form of this command.

cdp run [GigabitEthernet]

Syntax Description

GigabitEthernet

Specifies the GigabitEthernet interface on which to enable CDP.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

The command has one optional argument, an interface name. Without an optional interface name, the command enables CDP on all interfaces.


Note The default for this command is on interfaces that are already up and running. When you are bringing up an interface, stop CDP first; then, start CDP again.


Examples

acs/admin(config)# cdp run GigabitEthernet 0
acs/admin(config)# 

Related Commands

Command
Description

cdp holdtime

Specifies the length of time that the receiving device should hold a CDP packet from the ACS server before discarding it.

cdp timer

Specifies how often the ACS server sends CDP updates.


cdp timer

To specify how often the ACS server sends Cisco Discovery Protocol (CDP) updates, use the cdp timer command in Configuration mode. To revert to the default setting, use the no form of this command.

cdp timer seconds

Syntax Description

seconds

Specifies how often, in seconds, the ACS server sends CDP updates. Value from 5 to 254 seconds.


Defaults

60 seconds

Command Modes

Configuration

Usage Guidelines

CDP packets transmit with a time to live, or hold time, value. The receiving device will discard the CDP information in the CDP packet after the hold time has elapsed.

The cdp timer command takes only one argument; otherwise, an error occurs.

Examples

acs/admin(config)# cdp timer 60
acs/admin(config)# 

Related Commands

Command
Description

cdp holdtime

Specifies the amount of time that the receiving device should hold a CDP packet from the ACS server before discarding it.

cdp run

Enables CDP.


clock timezone

To set the time zone, use the clock timezone command in Configuration mode. To disable this function, use the no form of this command.

clock timezone timezone

Syntax Description

timezone

Name of the time zone visible when in standard time. Up to 64 alphanumeric characters.


Defaults

UTC

Command Modes

Configuration

Usage Guidelines

The system internally keeps time in UTC. If you do not know your specific time zone, you can enter the region, country, and city (see Tables A-15, A-16, and A-17 for sample time zones to enter on your system).

Table A-15 Common Time Zones 

Acronym or name
Time Zone Name
Europe

GMT, GMT0, GMT-0, GMT+0, UTC, Greenwich, Universal, Zulu

Greenwich Mean Time, as UTC

GB

British

GB-Eire, Eire

Irish

WET

Western Europe Time, as UTC

CET

Central Europe Time, as UTC + 1 hour

EET

Eastern Europe Time, as UTC + 2 hours

United States and Canada

EST, EST5EDT

Eastern Standard Time, as UTC -5 hours

CST, CST6CDT

Central Standard Time, as UTC -6 hours

MST, MST7MDT

Mountain Standard Time, as UTC -7 hours

PST, PST8PDT

Pacific Standard Time, as UTC -8 hours

HST

Hawaiian Standard Time, as UTC -10 hours


Table A-16 Australia Time Zones 

Australia 1

ACT2

Adelaide

Brisbane

Broken_Hill

Canberra

Currie

Darwin

Hobart

Lord_Howe

Lindeman

LHI3

Melbourne

North

NSW4

Perth

Queensland

South

Sydney

Tasmania

Victoria

West

Yancowinna

   

1 Enter the country and city together with a forward slash (/) between them; for example, Australia/Currie.

2 ACT = Australian Capital Territory.

3 LHI = Lord Howe Island

4 NSW = New South Wales


Table A-17 Asia Time Zones 

Asia 1

Aden2

Almaty

Amman

Anadyr

Aqtau

Aqtobe

Ashgabat

Ashkhabad

Baghdad

Bahrain

Baku

Bangkok

Beirut

Bishkek

Brunei

Calcutta

Choibalsan

Chongqing

Columbo

Damascus

Dhakar

Dili

Dubai

Dushanbe

Gaza

Harbin

Hong_Kong

Hovd

Irkutsk

Istanbul

Jakarta

Jayapura

Jerusalem

Kabul

Kamchatka

Karachi

Kashgar

Katmandu

Kuala_Lumpur

Kuching

Kuwait

Krasnoyarsk

   

1 The Asia time zone includes cities from East Asia, Southern Southeast Asia, West Asia, and Central Asia.

2 Enter the region and city or country together separated by a forward slash (/); for example, Asia/Aden.



Note Several more time zones are available to you. On your ACS server, enter show timezones. A list of all the time zones available in the ACS server appears. Choose the most appropriate one for your time zone.


Examples

acs/admin(config)# clock timezone EST
Time zone was modified. You must restart ACS.
Do you want to restart ACS now? (yes/no)
Stopping ACS .................
Starting ACS ......................
 
   
acs/admin(config)# exit
acs/admin# show timezone
EST
acs/admin# 

Related Commands

Command
Description

show timezones

Displays a list of available time zones on the system.

show timezone

Displays the current time zone set on the system.


do

To execute an EXEC-level command from Configuration mode or any configuration submode, use the do command in any configuration mode.

do arguments

Syntax Description

arguments

The EXEC command to execute (see Table A-18).


Table A-18 Command Options for Do Command 

Command
Description

acs backup

Performs a backup of an ACS configuration.

acs-config-mode

Enters the ACS Configuration mode.

acs-migration-interface

Enables or disables an interface for ACS migration.

acs patch

Installs and removes ACS patches.

acs reset-config

Resets the ACS configuration to factory defaults.

acs reset-password

Resets the ACS password to the default setting.

acs restore

Performs a restoration of an ACS configuration.

acs-start

Starts an ACS instance.

acs-stop

Stops an ACS instance.

acs support

Gathers information for ACS troubleshooting.

application install

Installs a specific application.

application remove

Removes a specific application.

application start

Starts or enables a specific application

application stop

Stops or disables a specific application.

application upgrade

Upgrades a specific application.

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

backup-logs

Performs a backup of all the logs on the ACS server to a remote location.

clock

Sets the system clock on the ACS server.

configure

Enters Configuration mode.

copy

Copies any file from a source to a destination.

debug

Displays any errors or events for various command situations; for example, backup and restore, configuration, copy, resource locking, file transfer, and user management.

delete

Deletes a file on the ACS server.

dir

Lists files on the ACS server.

forceout

Forces the logout of all the sessions of a specific ACS system user.

halt

Disables or shuts down the ACS server.

help

Describes the help utility and how to use it on the ACS server.

mkdir

Creates a new directory.

nslookup

Queries the IPv4 address or hostname of a remote system.

ping

Determines the network activity on a remote system.

reload

Reboots the ACS server.

restore

Performs a restore and retrieves the backup out of a repository.

rmdir

Removes an existing directory.

show

Provides information about the ACS server.

ssh

Starts an encrypted session with a remote system.

tech

Provides Technical Assistance Center (TAC) commands.

telnet

Telnets to a remote system.

terminal length

Sets terminal line parameters.

terminal session-timeout

Sets the inactivity timeout for all terminal sessions.

terminal session-welcome

Sets the welcome message on the system for all terminal sessions.

terminal terminal-type

Specifies the type of terminal connected to the current line of the current session.

traceroute

Traces the route of a remote IP address.

undebug

Disables the output (display of errors or events) of the debug command for various command situations; for example, backup and restore, configuration, copy, resource locking, file transfer, and user management.

write

Copies, displays, or erases the running ACS server information.


Command Default

No default behavior or values.

Command Modes

Configuration or any configuration submode

Usage Guidelines

Use this command to execute EXEC commands (such as show, clear, and debug commands) while configuring your server. After the EXEC command executes, the system will return to the configuration mode you were using.

Examples

acs/admin(config)# do show run
Generating configuration...
!        
hostname ems-lnx106
ip domain-name cisco.com
interface ethernet 0
  ip address 209.165.200.225 255.255.255.224
interface ethernet 1
  shutdown
ip name-server 209.165.201.1 
ip default-gateway 209.165.202.129
clock timezone Cuba
!        
!
username admin password hash $1$hB$MxIZHvecMiey/P9mM9PvN0 role admin
!
!
logging localhost
logging loglevel 6
!
acs/admin(config)# 

end

To end the current configuration session and return to the EXEC mode, use the end command in Configuration mode.

end

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

This command brings you back to EXEC mode regardless of what configuration mode or submode you are in.

Use this command when you finish configuring the system and you want to return to EXEC mode to perform verification steps.

Examples

acs/admin(config)# end
acs/admin#

Related Commands

Command
Description

exit

Exits Configuration mode.

exit (EXEC)

Closes the active terminal session by logging out of the ACS server.


exit

To exit any configuration mode to the next-highest mode in the CLI mode hierarchy, use the exit command in Configuration mode.

exit

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

The exit command is used in the ACS server to exit the current command mode to the next highest command mode in the CLI mode hierarchy.

For example, use the exit command in Configuration mode to return to the EXEC mode. Use the exit command in the configuration submodes to return to Configuration mode. At the highest level, EXEC mode, the exit command exits the EXEC mode and disconnects from the ACS server (see exit, for a description of the exit (EXEC) command).

Examples

acs/admin(config)# exit
acs/admin#

Related Commands

Command
Description

end

Exits Configuration mode.

exit (EXEC)

Closes the active terminal session by logging out of the ACS server.


hostname

To set the hostname of the system, use the hostname command in Configuration mode. To delete the hostname from the system, use the no form of this command. This resets the system to localhost.

hostname word

Syntax Description

word

Name of the host. Contains at least 2 to 64 alphanumeric characters and an underscore ( _ ). The hostname must begin with a character that is not a space.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

A single instance type of command, hostname only occurs once in the configuration of the system. The hostname must contain one argument; otherwise, an error occurs.

Examples

acs/admin(config)# hostname myserver-1
Hostname was modified.
ACS is restarting and a new HTTP certificate will be generated.
Stopping ACS ......................
Starting ACS ....
 
   
To verify that ACS processes are running, use the
'show application status acs' command.
 
   
myserver-1/admin(config)#

icmp echo

To configure the Internet Control Message Protocol (ICMP) echo responses, use the icmp echo command in Configuration mode.

icmp echo {off | on}

Syntax Description

echo

Configures ICMP echo response.

off

Disables ICMP echo response

on

Enables ICMP echo response.


Defaults

The system will behave as if the ICMP echo response is on (enabled).

Command Modes

Configuration

Usage Guidelines

None.

Examples

acs/admin(config)# icmp echo off
acs/admin(config)#

Related Commands

Command
Description

show icmp-status

Display ICMP echo response configuration information.


interface

To configure an interface type and enter the interface configuration mode, use the interface command in Configuration mode. This command does not have a no form.

interface GigabitEthernet [0 | 1]

Syntax Description

GigabitEthernet

Configures the Gigabit Ethernet interface.

0 | 1

Number of the Gigabit Ethernet port to configure.



Note After you enter the Gigabit Ethernet port number in the interface command, you enter the config-GigabitEthernet configuration submode (see the following Syntax Description).


do

EXEC command. Allows you to perform any EXEC commands in this mode (see do).

end

Exits the config-GigabitEthernet submode and returns you to the EXEC mode.

exit

Exits the config-GigabitEthernet configuration submode.

ip

Sets the IP address and netmask for the Ethernet interface (see ip address).

no

Negates the command in this mode. Two keywords available:

ip—Sets the IP address and netmask for the interface.

shutdown—Shuts down the interface.

shutdown

Shuts down the interface (see shutdown).


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

You can use this command to configure subinterfaces to support various requirements.

Examples

acs/admin(config)# interface GigabitEthernet 0
acs/admin(config-GigabitEthernet)# 

Related Commands

Command
Description

show interface

Displays information about the system interfaces.

ip address (interface configuration mode)

Sets the IP address and netmask for the interface.

shutdown (interface configuration mode)

Shuts down the interface (see shutdown).


ip address

To set the IP address and netmask for the Ethernet interface, use the ip address command in interface Configuration mode. To remove an IP address or disable IP processing, use the no form of this command.

ip address ip-address netmask


Note You can configure the same IP address on multiple interfaces. You might want to do this to limit the configuration steps required to switch from using one interface to another.


Syntax Description

ip-address

IPv4 version IP address.

netmask

Mask of the associated IP subnet.


Defaults

Enabled.

Command Modes

Interface configuration

Usage Guidelines

Requires exactly one address and one netmask; otherwise, an error occurs.

Examples

acs/admin(config)# interface GigabitEthernet 1
acs/admin(config-GigabitEthernet)# ip address 209.165.200.227 255.255.255.224
IP Address was modified.
ACS is restarting and a new HTTP certificate will be generated.
Stopping ACS ......................
Starting ACS ....
 
   
To verify that ACS processes are running, use the
'show application status acs' command.
acs/admin(config-GigabitEthernet)#

Related Commands

Command
Description

shutdown (interface configuration mode)

Disables an interface (see shutdown).

ip default-gateway

Sets the IP address of the default gateway of an interface.

show interface

Displays information about the system IP interfaces.

interface

Configures an interface type and enters the interface mode.


ip default-gateway

To define or set a default gateway with an IP address, use the ip default-gateway command in Configuration mode. To disable this function, use the no form of this command.

ip default-gateway ip-address

Syntax Description

ip-address

IP address of the default gateway.


Defaults

Disabled.

Command Modes

Configuration

Usage Guidelines

If you enter more than one argument or no arguments at all, an error occurs.

Examples

acs/admin(config)# ip default-gateway 209.165.202.129
acs/admin(config)# 

Related Commands

Command
Description

ip address(interface configuration mode)

Sets the IP address and netmask for the Ethernet interface.


ip domain-name

To define a default domain name that the ACS server uses to complete hostnames, use the ip domain-name command in Configuration mode. To disable this function, use the no form of this command.

ip domain-name word

Syntax Description

word

Default domain name used to complete the hostnames. Contains at least 2 to 64 alphanumeric characters.


Defaults

Enabled.

Command Modes

Configuration

Usage Guidelines

If you enter more or fewer arguments, an error occurs.

Examples

acs/admin(config)# ip domain-name cisco.com
acs/admin(config)#

Related Commands

Command
Description

ip name-server

Sets the DNS servers for use during a DNS query.


ip name-server

To set the Domain Name Server (DNS) servers for use during a DNS query, use the ip name-server command in Configuration mode. You can configure one to three DNS servers. To disable this function, use the no form of this command.


Note Using the no form of this command removes all the name servers from the configuration. Using the no form of this command and one of the IP names removes only that IP name.


ip name-server ip-address [ip-address*]

Syntax Description

ip-address

Address of a name server.

ip-address*

(Optional) IP addresses of additional name servers.

Note You can configure a maximum of three name servers.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

The first name server added with the ip name-server command will occupy the first position and the system will first use that server in resolving the IP addresses.

You can add name servers to the system one at a time or all at once, until you reach the maximum (3). If you already configured the system with three name servers, you must remove at least one server to add additional name servers.

To place a name server in the first position so that the subsystem uses it first, you must remove all name servers with the no form of this command before you proceed.

Examples

acs/admin(config)# ip name-server 209.165.201.1
Name Server was modified. You must restart ACS.
Do you want to restart ACS now? (yes/no) yes
Stopping ACS ......................
Starting ACS ....
 
   
To verify that ACS processes are running, use the
'show application status acs' command.
acs/admin(config)# 
 
   

You can choose not to restart the ACS server; nevertheless, the changes will take effect.

Related Commands

Command
Description

ip domain-name

Defines a default domain name that the ACS server uses to complete hostnames.


kron occurrence

To schedule one or more Command Scheduler commands to run at a specific date and time or a recurring level, use the kron occurrence command in Configuration mode. To delete this, use the no form of this command.

kron {occurrence} occurrence-name

Syntax Description

occurrence

Schedules Command Scheduler commands.

occurrence-name

Name of the occurrence. Up to 80 alphanumeric characters. (See following note and Syntax Description.)



Note After you enter the occurrence-name in the kron occurrence command, you enter the config-occurrence configuration submode (see the following Syntax Description).


at

Identifies that the occurrence is to run at a specified calendar date and time. Usage: at [hh:mm] [day-of-week | day-of-month | month day-of-month].

do

EXEC command. Allows you to perform any EXEC commands in this mode (see do).

end

Exits the kron-occurrence configuration submode and returns you to the EXEC mode.

exit

Exits the kron-occurrence configuration mode.

no

Negates the command in this mode.

Three keywords available:

at—Usage: at [hh:mm] [day-of-week | day-of-month | month day-of-month].

policy-list—Specifies a policy list to be run by the occurrence. Up to 80 alphanumeric characters.

recurring—Execution of the policy lists should be repeated.

policy-list

Specifies a Command Scheduler policy list to be run by the occurrence.

recurring

Identifies that the occurrences run on a recurring basis.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

Use the kron occurrence and policy-list commands to schedule one or more policy lists to run at the same time or interval.

Use the kron policy-list command in conjunction with the cli command to create a Command Scheduler policy containing EXEC CLI commands to be scheduled to run on the ACS server at a specified time. See kron policy-list.

Examples


Note When you run the kron command, backup bundles are created with a unique name (by adding a time stamp), to ensure that the files do not overwrite each other.


Example 1: Weekly Backup

acs/admin(config)# kron occurrence WeeklyBackup
acs/admin(config-Occurrence)# at 14:35 Monday
acs/admin(config-Occurrence)# policy-list SchedBackupPolicy
acs/admin(config-Occurrence)# recurring
acs/admin(config-Occurrence)# exit
acs/admin(config)# 

Example 2: Daily Backup

acs/admin(config)# kron occurrence DailyBackup
acs/admin(config-Occurrence)# at 02:00
acs/admin(config-Occurrence)# exit
acs/admin(config)# 

Related Commands

Command
Description

kron policy-list

Specifies a name for a Command Scheduler policy.

acs backup

Backs up an ACS configuration.


kron policy-list

To specify a name for a Command Scheduler policy and enter the kron-Policy List configuration submode, use the kron policy-list command in Configuration mode. To delete this, use the no form of this command.

kron {policy-list} list-name

Syntax Description

policy-list

Specifies a name for Command Scheduler policies.

list-name

Name of the policy list. Up to 80 alphanumeric characters.



Note After you enter the list-name in the kron policy-list command, you enter the config-Policy List configuration submode (see the following Syntax Description).


cli

Command to be executed by the scheduler. Up to 80 alphanumeric characters.

do

EXEC command. Allows you to perform any EXEC commands in this mode (see do).

end

Exits from the config-Policy List configuration submode and returns you to the EXEC mode.

exit

Exits this submode.

no

Negates the command in this mode. One keyword available:

cli-Command to be executed by the scheduler.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

Use the kron policy-list command in conjunction with the cli command to create a Command Scheduler policy containing EXEC CLI commands to be scheduled to run on the ACS server at a specified time. Use the kron occurrence and policy list commands to schedule one or more policy lists to run at the same time or interval. See kron occurrence.

Examples

acs/admin(config)# kron policy-list SchedBackupMonday
acs/admin(config-Policy List)# cli backup SchedBackupMonday repository SchedBackupRepo
acs/admin(config-Policy List)# exit
acs/admin(config)# 

Related Commands

Command
Description

kron occurrence

Specifies schedule parameters for a Command Scheduler occurrence and enters the config-Occurrence configuration mode.


logging

To enable the system to forward logs to a remote system or to configure the log level, use the logging command in Configuration mode. To disable this function, use the no form of this command.

logging {ip-address | hostname} {loglevel level}

Syntax Description

ip-address

IP address of remote system to which you forward logs. Up to 32 alphanumeric characters.

hostname

Hostname of remote system to which you forward logs. Up to 32 alphanumeric characters.

loglevel

Configures the log level for the logging command.

level

Number of the desired priority level at which you set the log messages. Priority levels are (enter the number for the keyword):

0-emerg—Emergencies: System unusable.

1-alert—Alerts: Immediate action needed.

2-crit—Critical: Critical conditions.

3-err—Error: Error conditions.

4-warn—Warning: Warning conditions.

5-notif—Notifications: Normal but significant conditions.

6-inform—Informational messages. Default.

7-debug—Debugging messages.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

This command requires an IP address or hostname or the loglevel keyword; an error occurs if you enter two or more of these arguments.

Examples

Example 1

acs/admin(config)# logging 209.165.200.225
acs/admin(config)# 

Example 2

acs/admin(config)# logging loglevel 0
acs/admin(config)# 

Related Commands

Command
Description

show logging

Displays list of logs for the system.


ntp server

To allow for software clock synchronization by the Network Time Protocol (NTP) server for the system, use the ntp server command in Configuration mode. Allows up to two servers. To disable this capability, use the no form of this command.

ntp server {ip-address | hostname} [ip-address | hostname]

Syntax Description

ip-address | hostname

IP address or hostname of the server providing the clock synchronization. Arguments are limited to 255 alphanumeric characters.


Defaults

No servers are configured by default.

Command Modes

Configuration

Usage Guidelines

Use this command if you want to allow the system to synchronize with a specified server.

To terminate NTP service on a device, you must enter the no ntp command without keywords or arguments. For example, if you previously issued the ntp server command and you now want to remove not only the server synchronization capability, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions disable and that the NTP service also terminates.


Note This command will give conflicting information during the sync process. The sync process can take up to 20 minutes to complete.


Examples

acs/admin(config)# ntp server 209.165.201.31
NTP Server was modified. You must restart ACS.
Do you want to restart ACS now? (yes/no) yes
Stopping ACS ......................
Starting ACS ......................
 
   
To verify that ACS processes are running, use the
'show application status acs' command.
acs/admin(config)#
 
   

You can choose not to restart the ACS server; nevertheless, the changes will take effect.

Related Commands

Command
Description

show ntp

Displays the status information about the NTP associations.


password-policy

To enable or configure the passwords on the system, use the password-policy command in Configuration mode. To disable this function, use the no form of this command.

password-policy option


Note The password-policy command requires a policy option (see Syntax Description).

You must enter the password-expiration-enabled command before the other password-expiration commands.


Syntax Description

 
   

Note After you enter the password-policy command, you enter the config-password-policy configuration submode.


digit-required

Requires a digit in the password.

disable-repeat-characters

Disables the password's ability to contain more than four identical characters.

disable-cisco-password

Disables the ability to use the word Cisco or any combination as the password.

lower-case-required

Requires a lowercase letter in the password.

min-password-length

Specifies a minimum number of characters for a valid password. Integer length from 0 to 4,294,967,295.

no-previous-password

Prevents users from reusing a part of their previous password.

no-username

Prohibits users from reusing their username as a part of a password.

password-expiration-days

Number of days until a password expires. Integer length from 0 to 80.

password-expiration-enabled

Enables password expiration.

Note You must enter the password-expiration-enabled command before the other password-expiration commands.

password-expiration-warning

Number of days before expiration that warnings of impending expiration begin. Integer length from 0 to 4,294,967,295.

password-lock-enabled

Locks a password after several failures.

password-lock-retry-count

Number of failed attempts before password locks. Integer length from 0 to 4,294,967,295.

upper-case-required

Requires an uppercase letter in the password.

special-required

Requires a special character in the password.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

None.

Examples

acs/admin(config)# password-policy
acs/admin(config-password-policy)# password-expiration-days 30
acs/admin(config-password-policy)# exit
acs/admin(config)# 

repository

To enter the repository submode for configuration of backups, use the repository command in Configuration mode.

repository repository-name

Syntax Description

repository-name

Name of repository. Up to 80 alphanumeric characters.



Note After you enter the name of the repository in the repository command, you enter the config-Repository configuration submode (see the Syntax Description).


do

EXEC command. Allows you to perform any of the EXEC commands in this mode (see do).

end

Exits the config-Repository mode and returns you to the EXEC mode.

exit

Exits this mode.

no

Negates the command in this mode.

Two keywords available:

url—Repository URL.

user—Repository username and password for access.

url

URL of the repository. Up to 80 alphanumeric characters (see Table A-19).

user

Configure username and password for access. Up to 30 alphanumeric characters.


Table A-19 URL Keywords 

Keyword
Source of Destination

word

Enter repository URL, including server and path info. Up to 80 alphanumeric characters.

cdrom:

Local CD-ROM drive (read only).

disk:

Local storage.

Note All local repositories are created on the /localdisk partition. When you specify disk:// in the repository URL, the system creates directories in a path that is relative to /localdisk. For example, if you entered disk://backup, the directory is created at /localdisk/backup.

You can run the show repository repository_name to view all the files in the local repository.

ftp:

Source or destination URL for an FTP network server. Use url ftp://server:path1 .

nfs:

Source or destination URL for an NFS network server. Use url nfs://server:path1.

sftp:

Source or destination URL for an SFTP network server. Use url sftp://server:path1.

tftp:

Source or destination URL for a TFTP network server. Use url tftp://server:path1.

1 Server is the server name and path refers to /subdir/subsubdir. Remember that a colon (:) is required after the server.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

None.

Examples

acs/admin(config)# repository myrepository
acs/admin(config-Repository)# url sftp://starwars.test.com/repository/system1
acs/admin(config-Repository)# user luke password skywalker
acs/admin(config-Repository)# exit
acs/admin(config)# 

Related Commands

Command
Description

backup

Performs a backup (ACS and ADE OS) and places the backup in a repository.

restore

Performs a restore and takes the backup out of a repository.

show backup history

Displays the backup history of the system.

show repository

Displays the available backup files located on a specific repository.


service

To specify a service to manage, use the service command in Configuration mode. To disable this function, use the no form of this command

service sshd

Syntax Description

sshd

Secure Shell Daemon. The daemon program for SSH.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

None.

Examples

acs/admin(config)# service sshd
acs/admin(config)# 

shutdown

To shut down an interface, use the shutdown command in the interface configuration mode. To disable this function, use the no form of this command.

Syntax Description

No arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Interface Configuration

Usage Guidelines

When you shut down an interface using this command, you lose connectivity to the CSACS 1120 apppliance through that interface (even though the appliance is still powered on). However, if you have configured the second interface on the appliance with a different IP and have not shut down that interface, you can access the appliance through that second interface.

To shut down an interface, you can also modify the ifcfg-eth[0,1] file, located at /etc/sysconfig/network-scripts, using the ONBOOT parameter:

Disable an interface, set ONBOOT="no"

Enable an interface, set ONBOOT="yes"

You can also use the no shutdown command to enable an interface.

Examples

acs/admin(config)# interface GigabitEthernet 0
acs/admin(config-GigabitEthernet)# shutdown

Related Commands

Command
Description

interface

Configures an interface type and enters the interface mode.

ip address (interface configuration mode)

Sets the IP address and netmask for the Ethernet interface.

show interface

Displays information about the system IP interfaces.

ip default-gateway

Sets the IP address of the default gateway of an interface.


snmp-server community

To set up the community access string to permit access to the Simple Network Management Protocol (SNMP), use the snmp-server community command in Configuration mode. To disable this function, use the no form of this command.

snmp-server community word ro

Syntax Description

word

Accessing string that functions much like a password, allowing access to SNMP. No blank spaces allowed. Up to 255 alphanumeric characters.

ro

Specifies read-only access.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

The snmp-server community command requires a community string and the ro argument; otherwise, an error occurs.

Examples

acs/admin(config)# snmp-server community new ro
acs/admin(config)# 

Related Commands

Command
Description

snmp-server host

Sends traps to a remote system.

snmp-server location

Configures the SNMP location MIB value on the system.

snmp-server contact

Configures the SNMP contact MIB value on the system.


snmp-server contact

To configure the SNMP contact MIB value on the system, use the snmp-server contact command in Configuration mode. To remove the system contact information, use the no form of this command.

snmp-server contact word

Syntax Description

word

String that describes the system contact information of the node. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

None.

Examples

acs/admin(config)# snmp-server contact Luke
acs/admin(config)# 

Related Commands

Command
Description

snmp-server host

Sends traps to a remote system.

snmp-server community

Sets up the community access string to permit access to the SNMP.

snmp-server location

Configures the SNMP location MIB value on the system.


snmp-server host

To send SNMP traps to a remote user, use the snmp-server host command in Configuration mode. To remove trap forwarding, use the no form of this command.

snmp-server host {ip-address | hostname} version {1 | 2c} community

Syntax Description

ip-address

IP address of the SNMP notification host. Up to 32 alphanumeric characters.

hostname

Name of the SNMP notification host. Up to 32 alphanumeric characters.

version {1 | 2c}

(Optional) Version of the SNMP used to send the traps. Default = 1.

If you use the version keyword, specify one of the following keywords:

1—SNMPv1.

2c—SNMPv2C.

community

Password-like community string that is sent with the notification operation.


Defaults

Disabled.

Command Modes

Configuration

Usage Guidelines

The command takes arguments as listed; otherwise, an error occurs.

Examples

acs/admin(config)# snmp-server community new ro 10
acs/admin(config)# snmp-server host 209.165.202.129 version 1 password
acs/admin(config)# 

Related Commands

Command
Description

snmp-server community

Sets up the community access string to permit access to SNMP.

snmp-server location

Configures the SNMP location MIB value on the system.

snmp-server contact

Configures the SNMP contact MIB value on the system.


snmp-server location

To configure the SNMP location MIB value on the system, use the snmp-server location command in Configuration mode. To remove the system location information, use the no form of this command.

snmp-server location word

Syntax Description

word

String that describes the system's physical location information. Up to 255 alphanumeric characters.


Defaults

No default behavior or values.

Command Modes

Configuration

Usage Guidelines

Cisco recommends that you use underscores (_) or hyphens (-) between the terms within the word string. If you use spaces between terms within the word string, you must enclose the string in quotation marks (").

Examples

Example 1

acs/admin(config)# snmp-server location Building_3/Room_214
acs/admin(config)# 

Example 2

acs/admin(config)# snmp-server location "Building 3/Room 214"
acs/admin(config)# 

Related Commands

Command
Description

snmp-server host

Sends traps to a remote system.

snmp-server community

Sets up the community access string to permit access to SNMP.

snmp-server contact

Configures the SNMP location MIB value on the system.


username

To add a user who can access the CSACS 1120 using SSH, use the username command in Configuration mode. If a user currently exists, the password, the privilege level, or both change with this command. To delete the user from the system, use the no form of this command.

username username password {hash | plain | remote} password role {admin | user] [disabled [email email-address]] [email email-address]

For an existing user, use the following option:

username username password role {admin | user} password

Syntax Description

username

Only one word for the username argument. Blank spaces and quotation marks (") are not allowed. Up to 31 alphanumeric characters.

password password

Password character length up to 40 alphanumeric characters. You must specify the password for all new users.

hash | plain | remote

Type of password. Up to 34 alphanumeric characters.

The remote argument specifies that the user's password should be authenticated against the defined TACACS+ server. No actual password is allowed.

role admin | user

Sets the privilege level for the user.

disabled

Disables the user according to the user's e-mail address.

email email-address

The user's e-mail address. For example, user1@cisco.com.


Defaults

The initial user during setup.

Command Modes

Configuration

Usage Guidelines

The username command requires that the username and password keywords precede the hash | plain | remote and the admin | user options. The remote option is used for the remote authentication feature on the ACS server. You use the remote feature to configure a subset of users to have their credentials authenticated against a remote TACACS+ server, instead of against a local store. No password policy, including password expiration or lockout, is enforced against remote passwords because that is the remote server's responsibility.

Examples

Example 1

acs/admin(config)# username admin password hash ###### role admin
acs/admin(config)# 

Example 2

acs/admin(config)# username admin password remote role admin
acs/admin(config)# 

Example 3

acs/admin(config)# username admin password remote role user email admin123@cisco.com
acs/admin(config)# 

Related Commands

Command
Description

password-policy

Enables and configures the password policy.

show users

Displays a list of users and their privilege level. It also displays a list of logged-in users.