-
Cisco ACE 4700 Series Appliance Command Reference
-
CLI Command Summary By Mode
-
Preface
-
Using the Command-Line Interface
-
CLI Commands
-
Exec Mode Commands
-
Configuration Mode Commands
-
Action List Optimization Configuration Mode Commands
-
Chaingroup Configuration Mode Commands
-
Class Map Configuration Mode Commands
-
Console Configuration Mode Commands
-
Context Configuration Mode Commands
-
CSR Parameters Configuration Mode Commands
-
Domain Configuration Mode Commands
-
FT Group Configuration Mode Commands
-
FT Interface Configuration Mode Commands
-
FT Peer Configuration Mode Commands
-
FT Track Host Configuration Mode Commands
-
Interface Configuration Mode Commands
-
LDAP Configuration Mode Commands
-
Line Configuration Mode Commands
-
Optimize Configuration Mode Commands
-
Parameter Map Connection Configuration Mode Commands
-
Policy Map Configuration Mode Commands
-
Probe Configuration Mode Commands
-
RADIUS Configuration Mode Commands
-
Real Server Host Configuration Mode Commands
-
Role Configuration Mode Commands
-
Resource Configuration Mode Commands
-
Serverfarm Host Configuration Mode Commands
-
SSL Proxy Configuration Mode Commands
-
Sticky Cookie Configuration Mode Commands
-
TACACS+ Configuration Mode Commands
-
Table Of Contents
show security internal event-history
Exec Mode Commands
You can access Exec mode commands immediately after you log in to an ACE. Many of these commands are followed by keywords that make them distinct commands (for example, show aaa, show access-list, show accounting, and so on). To increase readability of command syntax, these commands are presented separately in this command reference.
You can also execute Exec mode commands from any of the configuration modes using the do command. For example, to display the ACE running configuration from the Exec mode, use the show running-config command. To execute the same command from the configuration mode, use the do show running-config command.
capture
To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command. As part of the packet capture process, you specify whether to capture packets from all interfaces or an individual VLAN interface.
capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The packet capture function enables access control lists (ACLs) to control which packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.
The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
The ACE does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in Flash memory, use the copy capture command.
Examples
To start the packet capture function for CAPTURE1, enter:
host1/Admin# access-list ACL1 line 10 extended permit ip any anyhost1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1host1/Admin# capture CAPTURE1 startTo stop the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 stopRelated Commands
changeto
To move from one context on the ACE to another context, use the changeto command.
changeto context_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the changeto feature in your user role (as found in all of the predefined user roles). For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Only users authorized in the admin context can use the changeto command to navigate between the various contexts. Context administrators, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
The command prompt indicates the context that you are currently in (see the following example).
Examples
To change from the Admin context to the context CTX1, enter:
host1/Admin# changeto CTX1host1/CTX1#Related Commands
checkpoint
To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command.
checkpoint {create | delete | rollback} name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To create the checkpoint CP102305, enter:
host1/Admin# checkpoint create CP102305Related Commands
clear
To clear specific context logs and buffers of their statistics and monitoring history, use one of the following clear commands:
Command Modes
Exec
Command History
Usage Guidelines
The features required in your user role to execute a specific clear command are described in the "Usage Guidelines" section of the command. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
If you configure redundancy, then you need to explicitly clear the statistics on both the active and the standby ACEs. Clearing the statistics on the active appliance will not clear the statistics on the standby appliance.
Related Commands
clear access-list
To clear access control list (ACL) statistics, use the clear access-list command.
clear access-list name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the access control list ACL1, enter:
host1/Admin# clear access-list ACL1Related Commands
(config) access-list ethertype
(config) access-list extendedclear accounting log
To clear the accounting log, use the clear accounting log command.
clear accounting log
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the accounting log, enter:
host1/Admin# clear accounting logRelated Commands
show accounting log
(config) aaa accounting defaultclear arp
To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP processes, use the clear arp command.
clear arp [no-refresh | {statistics [interface_name]}]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
If you enter the clear arp command with no option, it clears all learned ARP entries and then refreshes the ARP entries.
Examples
To clear the ARP statistics, enter:
host1/Admin# clear arp statisticsTo clear the ARP learned entries and then refresh the ARP entries, enter:
host1/Admin# clear arpRelated Commands
clear buffer stats
To clear the control plane buffer statistics, use the clear buffer stats command.
clear buffer stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane buffer statistics, enter:
host1/Admin# clear buffer statsRelated Commands
clear capture
To clear an existing capture buffer, use the clear capture command.
clear capture name
Syntax Description
Command Modes
Exec
Admin and user context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Use the dir command to view the capture files that you copied to the disk0: file system using the copy capture command.
Examples
To clear the capture buffer CAPTURE1, enter:
host1/Admin# clear capture CAPTURE1Related Commands
clear conn
To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn command.
clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip | dest_port}} | rserver name]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To clear only the connections that go through the ACE (flows that pass through the ACE between the originating network host and the terminating network host), use the clear conn command without any keywords. When you do not include any keywords, the connections that terminate or originate with the ACE are not cleared.
Examples
To clear the connections for the real server RSERVER1, enter:
host1/Admin# clear conn rserver RSERVER1Related Commands
clear cores
To clear all of the core dumps stored in the core: file system, use the clear cores command.
clear cores
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Note
The ACE creates a core dump when it experiences a fatal error. Core dump information is for Cisco Technical Assistance Center (TAC) use only. We recommend that you contact TAC for assistance in interpreting the information in the core dump.
To view the list of core files in the core: file system, use the dir core: command.
To save a copy of a core dump to a remote server before clearing it, use the copy capture command.
To delete a specific core dump file from the core: file system, use the delete core: command.
Examples
To clear all core dumps, enter:
host1/Admin# clear coresRelated Commands
clear debug-logfile
To remove a debug log file, use the clear debug-logfile command.
clear debug-logfile filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To clear the debug log file DEBUG1, enter:
host1/Admin# clear debug-logfile DEBUG1Related Commands
clear fifo stats
To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command.
clear fifo stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane FIFO statistics, enter:
host1/Admin# clear fifo statsRelated Commands
clear ft
To clear the fault-tolerant (FT) statistics, use the clear ft stats command.
clear ft {history {cfg_cntlr | ha_dp_mgr | ha_mgr} | stats}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the fault-tolerant statistics, enter:
host1/Admin# clear ft statsRelated Commands
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(config) ft track interface
(config) ft track interfaceclear icmp statistics
To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics command.
clear icmp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the ICMP statistics, enter:
host1/Admin# clear icmp statisticsRelated Commands
clear interface
To clear the interface statistics, use the clear interface command.
clear interface [bvi number | vlan number | gigabitEthernet slot_number/port_number]
Syntax Description
Command Modes
Exec
BVI and VLAN—Admin and user contexts
Ethernet data port—Admin context only
Command History
Usage Guidelines
This command requires the interface feature in your user role. In addition, the Ethernet data port interface command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To clear all of the interface statistics, enter the clear interface command without using the optional keywords.
Examples
To clear all of the interface statistics for VLAN 212, enter:
host1/Admin# clear interface vlan 212To clear the statistics for Ethernet port 3, enter:
host1/Admin# clear interface gigabitEthernet 1/3Related Commands
clear ip
To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip command.
clear ip [dhcp relay statistics | statistics]
Syntax Description
dhcp relay statistics
(Optional) Clears all of the DHCP relay statistics.
statistics
(Optional) Clears all of the statistics associated with IP normalization, fragmentation, and reassembly.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional keywords.
Examples
To clear all of the IP normalization, fragmentation, and reassembly statistics, enter:
host1/Admin# clear ip statisticsRelated Commands
clear line
To close a specified virtual terminal (VTY) session, use the clear line command.
clear line vty_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To terminate the VTY session VTY1, enter:
host1/Admin# clear line VTY1Related Commands
(config) line vty
(config) line vtyclear logging
To clear information stored in the logging buffer, use the clear logging command.
clear logging [disabled | rate-limit]
Syntax Description
disabled
(Optional) Clears the logging buffer of "disabled" messages.
rate-limit
(Optional) Clears the logging buffer of "rate-limit configuration" messages.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To clear all of the information stored in the logging buffer, enter the clear logging command without using either of the optional keywords.
Examples
To clear all of the information stored in the logging buffer, enter:
host1/Admin# clear loggingRelated Commands
clear netio stats
To clear the control plane network I/O statistics, use the clear netio stats command.
clear netio stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane network I/O statistics, enter:
host1/Admin# clear netio statsRelated Commands
clear ntp statistics
To clear the NTP statistics that display when you enter the show ntp command, use the clear ntp command.
clear ntp statistics {all-peers | io | local | memory}
Syntax Description
all-peers
Clears all peer statistics.
io
Clears the I/O statistics.
local
Clears the local statistics.
memory
Clears the memory statistics.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the NTP memory statistics, enter:
host1/Admin# clear ntp statistics memoryRelated Commands
clear probe
To clear the probe statistics displayed through the show probe command, use the clear probe command.
clear probe name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear all the statistics for the probe HTTP1, enter:
host1/Admin# clear probe HTTP1Related Commands
clear processes log
To clear the statistics for the processes log, use the clear processes log command.
clear processes log {all | pid id}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To display the list of process identifiers assigned to each of the processes running on the ACE, use the show processes command.
Examples
To clear all the statistics for the processes log, enter:
host1/Admin# clear processes log allRelated Commands
clear rserver
To clear the real server statistics of all instances of a particular real server regardless of the server farms that it is associated with, use the clear rserver command.
clear rserver name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the statistics for the real server RS1, enter:
host1/Admin# clear rserver RS1Related Commands
clear rtcache
To clear the route cache, use the clear rtcache command.
clear rtcache
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the route cache, enter:
host1/Admin# clear rtcacheRelated Commands
This command has no related commands.
clear screen
To clear the display screen, use the clear screen command.
clear screen
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the display screen, enter:
host1/Admin# clear screenRelated Commands
This command has no related commands.
clear serverfarm
To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command.
clear serverfarm name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the statistics for the server farm SFARM1, enter:
host1/Admin# clear serverfarm SFARM1Related Commands
clear service-policy
To clear the service policy statistics, use the clear service-policy command.
clear service-policy policy_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the statistics for the service policy HTTP1, enter:
host1/Admin# clear service-policy HTTP1Related Commands
clear ssh
To clear a Secure Shell (SSH) session or clear the public keys of all SSH hosts, use the clear ssh command.
clear ssh {session_id | hosts}
Syntax Description
session_id
Identifier of the SSH session to clear, terminating the session.
hosts
Clears the public keys of all trusted SSH hosts.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To obtain the specific SSH session ID value, use the show ssh session-info command.
Examples
To clear the SSH session with the identifier 345, enter:
host1/Admin# clear ssh 345Related Commands
(config) ssh key
(config) ssh maxsessionsclear startup-config
To clear the startup configuration of the current context, use the clear startup-config command.
clear startup-config
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Clearing the startup configuration does not affect the context running-configuration.
The clear startup-config command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command.
To clear the startup configuration, you can also use the write erase command.
Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. Once you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration:
•
•
Examples
To clear the startup configuration, enter:
host1/Admin# clear startup-configRelated Commands
clear stats
To clear the statistical information stored in the ACE buffer, use the clear stats command.
clear stats {all | connections | http | inspect | loadbalance | optimization | probe | sticky}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear sticky statistics, enter:
host1/Admin# clear stats stickyRelated Commands
clear sticky database
To clear sticky database entries, use the clear sticky database command.
clear sticky database {all | group name}
Syntax Description
all
Clears all dynamic sticky database entries in a context.
group name
Clears all dynamic sticky database entries for the specified sticky group.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To clear static sticky database entries, use the no form of the (config-sticky-cookie) static cookie-value, or (config-sticky-ip) static client source command.
Examples
To clear all dynamic sticky database entries in the Admin context, enter:
host1/Admin# clear sticky database allRelated Commands
clear tcp statistics
To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command.
clear tcp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the TCP statistics, enter:
host1/Admin# clear tcp statisticsRelated Commands
clear telnet
To clear a Telnet session, use the clear telnet command.
clear telnet session_id
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To obtain the specific Telnet session identification number, use the show telnet command.
Examples
To clear the Telnet session with the identification number of 236, enter:
host1/Admin# clear telnet 236Related Commands
clear udp statistics
To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command.
clear udp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To clear the UDP statistics, enter:
host1/Admin# clear udp statisticsRelated Commands
clear user
To clear a user session, use the clear user command.
clear user name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To display the list of users that are currently logged in to the ACE, use the show users command.
Examples
To log out the user USER1, enter:
host1/Admin# clear user USER1Related Commands
clear vnet stats
To clear control plane virtual network (VNET) device statistics, use the clear vnet stats command.
clear vnet stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the VNET statistics, enter:
host1/Admin# clear vnet statsRelated Commands
clear xlate
To clear the global address to the local address mapping information based on the global address, global port, local address, local port, interface address as global address, and NAT type, use the clear xlate command.
clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface vlan number] [state static] [portmap]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
When you enter this command, the ACE releases sessions that are using the translations (Xlates).
If you configure redundancy, then you need to explicitly clear Xlates on both the active and the standby ACEs. Clearing Xlates on the active appliance does not clear Xlates in the standby appliance.
Examples
To clear all static translations, enter:
host1/Admin# clear xlate state staticRelated Commands
clock set
To set the time and the date for an ACE, use the clock set command in Exec mode.
clock set hh:mm:ss DD MONTH YYYY
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
When you enter this command, the ACE displays the current configured date and time.
If you want to use the Network Time Protocol (NTP) to automatically synchronize the ACE system clock to an authoritative time server (such as a radio clock or an atomic clock), see Chapter 1, Setting Up the ACE, in the Cisco 4700 Series Application Control Engine Appliance Administration Guide. In this case, the NTP time server automatically sets the ACE system clock.
If you previously configured NTP on an ACE, the ACE prevents you from using the clock set command and displays an error message. To manually set the ACE system clock, remove the NTP peer and NTP server from the configuration before setting the clock on an ACE.
Examples
For example, to specify a time of 1:38:30 and a date of October 7, 2007, enter:
host1/Admin# clock set 01:38:30 7 Oct 2007Sun Oct 7 01:38:30 PST 2007Related Commands
configure
To change from the Exec mode to the configuration mode, use the configure command.
configure [terminal]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires one or more features assigned to your user role, such as the AAA, interface, or fault-tolerant features. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To return to the Exec mode from the configuration mode, use the exit command.
To execute an Exec mode command from any of the configuration modes, use the do version of the command.
Examples
To change to the configuration mode from the Exec mode, enter:
host1/Admin# configurehost1/Admin(config)#Related Commands
copy capture
To copy an existing context packet capture buffer as the source file in the ACE compact Flash to another file system, use the copy capture command.
copy capture capture_name disk0: [path/]destination_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the ACE and free memory.
Examples
To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter:
host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1Related Commands
copy core:
To copy a core file to a remote server, use the copy core: command.
copy core:filename {disk0:[path/]filename | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy a core file from the ACE to a remote FTP server, enter:
host1/Admin# copy core:ixp0_crash.txt ftp://192.168.1.2Enter the destination filename[]? [ixp0_crash.txt]Enter username[]? user1Enter the file transfer mode[bin/ascii]: [bin]Password:Passive mode on.Hash mark printing on (1024 bytes/hash mark).
Note
Related Commands
copy disk0:
To copy a file from one directory in the disk0: file system of Flash memory to another directory in disk0: or a network server, use the copy disk0: command.
copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | image:image_filename | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy the file called SAMPLEFILE to the MYSTORAGE directory in Flash memory, enter:
host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILERelated Commands
copy ftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote File Transfer Protocol (FTP) server to a location on the ACE, use the copy ftp: command.
copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote FTP server to the ACE, enter:
host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy image:
To copy an ACE software system image from Flash memory to a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy image: command.
copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:c4710ace-mz.3.0.0_AB0_0.488.bin ftp://192.168.1.2Related Commands
copy licenses
To create a backup license file for the ACE licenses in the .tar format and copy it to the disk0: file system, use the copy licenses command.
copy licenses disk0:[path/]filename.tar
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To copy the installed software licenses to the disk0: file system, enter:
host1/Admin# copy licenses disk0:mylicenses.tarRelated Commands
copy running-config
To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration file in Flash memory (nonvolatile memory) or a network server, use the copy running-config command.
copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
To copy the running configuration to the startup configuration, you can also use the write memory command.
Examples
To save the running-configuration file to the startup-configuration file in Flash memory on the ACE, enter:
host1/Admin# copy running-config startup-configRelated Commands
copy startup-config
To merge the contents of the startup configuration file into the running configuration file or copy the startup configuration file to a network server, use the copy startup-config command.
copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To merge the contents of the startup-configuration file into the running-configuration file in Flash memory, enter:
host1/Admin# copy startup-config running-configRelated Commands
copy sftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote Secure File Transfer Protocol (SFTP) server to a location on the ACE, use the copy sftp: command.
copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote SFTP server to the ACE, enter:
host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy tftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote Trivial File Transfer Protocol (TFTP) server to a location on the ACE, use the copy tftp: command.
copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name]| running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote TFTP server to the ACE, enter:
host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
crypto delete
To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete command.
crypto delete {filename | all}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To delete the key pair file MYRSAKEY.PEM, enter:
host1/Admin# crypto delete MYRSAKEY.PEMRelated Commands
crypto export
To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen, use the crypto export command.
crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
You cannot export a certificate or key pair file that you marked as nonexportable when you imported the file to the ACE.
The remote server variables listed after the terminal keyword in the "Syntax Description" are used by the ACE only when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). We recommend using SFTP as it provides the most security.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter:
host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEMUser password: ****Writing remote file /usr/keys/mykey.pemhost1/Admin#Related Commands
crypto generate csr
To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command.
crypto generate csr csr_params key_filename
Syntax Description
csr_params
CSR parameters file that contains the distinguished name attributes. The ACE applies the distinguished name attributes contained in the CSR parameters file to the CSR.
To create a CSR parameters file, use the (config) crypto csr-params command in the configuration mode.
key_filename
RSA key pair filename that contains the key on which the CSR is built. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. It is the public key that the ACE embeds in the CSR. Ensure that the RSA key pair file is loaded on the ACE for the current context. If the appropriate key pair does not exist, the ACE logs an error message.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs it to the screen. Most major certificate authorities have web-based applications that require you to cut and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file.
Note
After submitting your CSR to the CA, you will receive your signed certificate in one to seven business days. When you receive your certificate, use the crypto import command to import the certificate to the ACE.
Examples
To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in the file MYRSAKEY_1.PEM, enter:
host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEMRelated Commands
crypto generate key
To generate an RSA key pair file, use the crypto generate key command.
crypto generate key [non-exportable] bitsize filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To generate the RSA key pair file MYRSAKEYS.PEM with a bit size of 1536, enter:
host1/Admin# crypto generate key 1536 MYRSAKEYS.PEMRelated Commands
crypto import
To import a certificate or key pair file to the ACE or terminal screen from a remote server, use the crypto import command.
crypto import [non-exportable] {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} | terminal local_filename [passphrase passphrase]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Because a device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both corresponding file types: the certificate file and its corresponding key pair file.
The remote server variables listed after the passphrase variable in the Syntax Description table are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). If you select one of these transport types and do not define the remote server variables, the ACE prompts you for the variable information. We recommend using SFTP as it provides the most security.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter:
host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM MYKEY.PEMPassword: ********Passive mode on.Hash mark printing on (1024 bytes/hash mark).#Successfully imported file from remote server.host1/Admin#This example shows how to use the terminal keyword to allow pasting of the certificate information to the file MYCERT.PEM:
host1/Admin# crypto import terminal MYCERT.PEMEnter PEM formatted data ending with a blank line or "quit" on a line by itself--------BEGIN CERTIFICATE-----------------------MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENBMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3-----------END CERTIFICATE------------------------QUIThost1/Admin#Related Commands
crypto verify
To compare the public key in a certificate with the public key in a key pair file, and to verify that they are identical, use the crypto verify command.
crypto verify key_filename cert_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
If the public key in the certificate does not match the public key in the key pair file, the ACE logs an error message.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To verify that the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match, enter:
host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEMkeypair in myrsakey.pem matches certificate in mycert.pemThis example shows what happens when the public keys do not match:
host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEMKeypair in myrsakey2.pem does not match certificate in mycert.pemhost1/Admin#Related Commands
debug
To enable the ACE debugging functions, use the debug command.
debug {aaa | access-list | all | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr | fifo | fm | ha_dp_mgr | ha_mgr | hardware | hm | ifmgr | ip | ldap | license | logfile | nat-download | netio | ntp | optimize | pfmgr | pktcap | portmgr | radius | routemgr | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | virtualization | vnet}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command is available to roles that allow debugging and to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To enable all of the debugging functions, enter:
host1/Admin# debug allRelated Commands
delete
To delete a specified file in an ACE file system, use the delete command.
delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
If you do not specify a filename with the file system keyword, the ACE prompts you for a filename.
To display the list of files that reside in a file system, use the dir command.
Examples
To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:
host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZRelated Commands
dir
To display the contents of a specified ACE file system, use the dir command.
dir {core: | disk0:[path/][filename] | image:[filename] | volatile:[filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To delete a file from a file system, use the delete command.
To delete all core dumps, use the clear cores command.
Examples
To display the contents of the image: file system, enter:
switch/Admin# dir image:172732543 Oct 5 08:47:48 2007 c4710ace-mz.3.0.0_AB0_0.453.bin176712851 Oct 10 07:39:34 2007 c4710ace-mz.3.0.0_AB0_0.488.binUsage for image: filesystem706723840 bytes total used175624192 bytes free882348032 bytes totalRelated Commands
exit
To exit out of Exec mode and log out the CLI session, use the exit command.
exit
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To log out of an active CLI session, enter:
host1/Admin# exitRelated Commands
This command has no related commands.
format flash:
To erase all data stored on the Flash memory and reformat it with the third extended filesystem (ext3) as the base file system, use the format flash: command. All user-defined configuration information is erased and the ACE returns to the factory-default settings.
format flash:
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The ACE performs the following verification sequence prior to reformatting Flash memory:
•
•
•
–
–
Before you reformat the Flash memory, you should save a copy of the following ACE operation and configuration attributes to a remote server:
•
•
•
•
•
•
•
After you reformat the Flash memory, perform the following actions:
•
•
•
–
–
•
–
–
Examples
For example, to erase all information in Flash memory and reformat it, enter:
host1/Admin# format flash:Warning!! This will erase everything in the compact flash including startup configs for all the contexts and reboot the system!!Do you wish to proceed anyway? (yes/no) [no] yesIf the ACE fails to extract a system image from the Grub bootloader, it prompts you to provide the location of an available system image to backup:
Failed to extract system image Information from Grubbackup specific imagefile? (yes/no) [no] yesEnter Image name: scimi-3.binSaving Image [scimi-3.bin]Formatting the cf.....Unmounting ext3 filesystems...Unmounting FAT filesystems...Unmounting done...Unmounting compact flash filesystems...format completed successfullyRestoring Image backupimage/scimi-3.binkjournald starting. Commit interval 5 secondsREXT3 FS on hdb2, internal journalEXT3-fs: mounted filesystem with ordered data mode.starting graceful shutdownswitch/Admin# Unmounting ext3 filesystems...Unmounting FAT filesystems...Unmounting done...Related Commands
copy capture
copy ftp:
copy tftp:
copy sftp:
crypto export
crypto import
dir
licenseft switchover
To purposely cause a failover to make a particular context active, use the ft switchover command.
ft switchover [force | group_id]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT group, which forces a switchover.
You might need to force a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully become the active member of the FT group, a switchover occurs. You must configure no preempt to use this command (use the preempt command in FT group configuration mode).
The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context:
•
•
Examples
To cause a switchover from the active appliance to the standby appliance of FT group1, enter:
host1/Admin# ft switchover 1Related Commands
gunzip
To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe script files), use the gunzip command.
gunzip disk0:[path/]filename.gz
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file that is zipped by the gzip (GNU zip) compression utility.
To display a list of available zipped files on disk0:, use the dir command.
Examples
To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file system, enter:
host1/Admin# gunzip disk0:PROBE_SCRIPTS.gzRelated Commands
invoke context
To display the context running configuration information from the Admin context, use the invoke context command.
invoke context context_name show running-config
Syntax Description
Command Modes
Exec
Admin context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To display the running configuration for the C1 user context from the Admin context, enter:
host1/Admin# invoke context C1 show running-configRelated Commands
This command has no related commands.
license
To install, update, or uninstall licenses on the ACE, use the license command.
license {install disk0:[path/]filename [target_filename] | uninstall name | update disk0:[path/]permanent_filename demo_filename}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
After you receive a demo or permanent software license key in an e-mail from Cisco Systems, you must copy the license file to a network server and then use the copy tftp command in Exec mode to copy the file to the disk0: file system on the ACE.
To update an installed demo license with a permanent license, use the license update command. The demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage command.
To back up license files, use the copy licenses command
Caution
If you uninstall a Secure Sockets Layer (SSL) license, it also brings down the SSL transactions per second (TPS) to 1000 TPS on the ACE.
If you uninstall the appliance bandwidth license, it brings down the ACE appliance bandwidth to the default of 1 Gbps on the ACE.
For more information about the types of ACE licenses available and how to manage the licenses on your ACE, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To install a new permanent license, enter:
host1/Admin# license install disk0:ACE-VIRT-020.LICTo uninstall a license, enter:
host1/Admin# license uninstall ACE-VIRT-020.LICTo update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-AP-VIRT-020.lic ACE-AP-VIRT-020-DEMO.licRelated Commands
mkdir disk0:
To create a new directory in disk0:, use the mkdir disk0: command.
mkdir disk0:[path/]directory_name
Syntax Description
[path/]directory_name
Name that you assign to the new directory. Specify the optional path if you want to create a directory within an existing directory.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
If a directory with the same name already exists, the ACE does not create the new directory and the "Directory already exists" message appears.
Examples
To create a directory in disk0: called TEST_DIRECTORY, enter:
host1/Admin# mkdir disk0:TEST_DIRECTORYRelated Commands
move disk0:
To move a file between directories in the disk0: file system, use the move disk0: command.
move disk0:[source_path/]filename disk0:[destination_path/]filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
If a file with the same name already exists in the destination directory, that file is overwritten by the file that you move.
Examples
To move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:, enter:
host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILERelated Commands
ping
To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the ping command.
ping [target_ip [count count | size size | timeout time]]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The ping command sends an echo request packet to an address from the current context on the ACE and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and the path, and whether the host can be reached or is functioning.
To terminate a ping session before it reaches its timeout value, press Ctrl-C.
Examples
To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter:
host1/Admin# ping 196.168.1.2Related Commands
reload
To reload the configuration on the ACE, use the reload command.
reload
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command.
Caution
Examples
To execute a soft reboot, enter:
host1/Admin# reloadThis command will reboot the systemSave configurations for all the contexts. Save? [yes/no]: [yes]Related Commands
rmdir disk0:
To remove a directory from the disk0: file system, use the rmdir disk0: command.
rmdir disk0:directory
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command.
Examples
To remove the directory TEST_DIRECTORY from disk0:, enter:
host1/Admin# rmdir disk0:TEST-DIRECTORYRelated Commands
setup
To initiate a special setup script that guides you through the basic process of quickly configuring the ACE to access the Device Manager GUI, use the setup command.
setup
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The setup script is intended primarily as the means to guide you though a basic configuration of the ACE to quickly access the Device Manager. Use the setup command when the ACE boots without a startup-configuration file. This situation may occur when the ACE is new and the appliance was not configured upon initial startup. The setup script guides you through configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports.
After you specify a gigabit Ethernet port, the port mode, and management VLAN, the setup script automatically applies the following default configuration:
•
•
•
•
The ACE provides a default answer in brackets [ ] for each question in the setup script. To accept a default configuration prompt, press Enter, and the ACE accepts the setting. To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence.
When completed, the setup script automatically applies a configuration and prompts you to perform the following actions:
•
•
•
Examples
To run the setup script from the CLI, enter:
host1/Admin# setup---- Basic System Configuration Dialog ----This setup utility will guide you through the basic configuration ofthe system. Setup configures only enough connectivity to theACE appliance Device Manager GUI of the system.*Note: setup is mainly used for configuring the system initially,when no configuration is present. So setup always assumes systemdefaults and not the current system configuration values.Press Enter at anytime to skip a dialog. Use ctrl-c at anytimeto skip the remaining dialogs.Would you like to enter the basic configuration dialog (yes/no): yesWhich port is used to carry Management vlan (1 - 4)? [1]:Configure Gigabit Ethernet port mode (Access/Trunk) [Trunk]:Which vlan is used as Management vlan (2 - 4095)? [10]:What is the Management VLAN ip address [192.168.1.10]:What is the Management VLAN ip netmask [255.255.255.0]:Configure the default gateway? (yes/no) [y]:What is the ip address of the default gateway [192.168.1.1]:The following configuration will be applied:interface gigabitEthernet 1/1switchport trunk allowed vlan 2no shutaccess-list ALL extended permit ip any anyclass-map type management match-any remote_accessmatch protocol xml-https anymatch protocol icmp anymatch protocol telnet anymatch protocol ssh anymatch protocol http anymatch protocol https anypolicy-map type management first-match first-match remote_mgmt_allow_policyclass remote_accesspermitinterface vlan 2ip address 192.168.1.10 255.255.255.0access-group input ALLservice-policy input remote_mgmt_allow_policyno shutdownip route 0.0.0.0 0.0.0.0 172.16.2.1Would you like to edit the configuration? (yes/no) [n]: nUse this configuration? (yes/no) [y]:Would you like to save the running-config to startup-config? (yes/no) [n]:Related Commands
This command has no related commands.
show
To display ACE statistical and configuration information, use the show command.
show keyword [| {begin pattern | count | end | exclude pattern | include pattern | last | more}] [> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}]
The available show keyword commands are as follows:
Syntax Description
Command Modes
Exec
Command History
Usage Guidelines
The features required in your user role to execute a specific show command are described in the "Usage Guidelines" section of the command. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Most commands have an associated show command. For example, the associated show command for the interface command in configuration mode is the show interface command. Use the associated show command to verify changes that you make to the running configuration.
The output of the show command may vary depending on the context that you enter the command from. For example, the show running-config command displays the running-configuration for the current context only.
To convert show command output from the ACE to XML for result monitoring by an NMS, use the xml-show command.
Examples
To display the current running configuration, enter:
host1/Admin# show running-configRelated Commands
show aaa
To display AAA accounting and authentication configuration information for the current context, use the show aaa command.
show aaa {accounting | authentication [login error-enable] | groups} [|] [>]
Syntax Description
accounting
Displays accounting configuration information.
authentication
Displays authentication configuration information.
login error-enable
(Optional) Displays the status of the login error message configuration.
groups
Displays the configured server groups.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For information about the fields in the show aaa command output, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.
Examples
To display the accounting configuration information, enter:
host1/Admin# show aaa accountingdefault: localRelated Commands
(config) aaa accounting default
(config) aaa authentication loginshow access-list
To display statistics associated with a specific access control list (ACL), use the show access-list command.
show access-list name [|] [>]
Syntax Description
name
Name of an existing ACL. Enter the name as an unquoted text string.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The ACL information that the ACE displays when you enter the show access-list command includes the ACL name, the number of elements in the ACL, the operating status of the ACL (ACTIVE or NOT ACTIVE), any configured remarks, the ACL entry, and the ACL hit count.
For information about the fields in the show access-list command output, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.
Examples
To display statistical and configuration information for the ACL ACL1, enter:
host1/Admin# show access-list ACL1Related Commands
clear access-list
show running-config
(config) access-list ethertype
(config) access-list extended
(config) access-list remark
(config) access-list resequenceshow accounting log
To display AAA accounting log information, use the show accounting log command.
show accounting log [size] [|] [>]
Syntax Description
size
(Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to 250000. The default is 250000 bytes.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For information about the fields in the show accounting log command output, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.
Examples
To display the contents of the accounting log file, enter:
host1/Admin# show accounting logRelated Commands
show aaa
(config) aaa accounting defaultshow acl-merge
To display statistics related to merged ACLs, use the show acl-merge command.
show acl-merge {acls vlan number {in | out} [summary]} | {match vlan number {in | out} ip_address1 ip_address2 protocol src_port dest_port} | {merged-list vlan number {in | out} [non-redundant | summary]} [|] [>]
Syntax Description
acls
Displays various feature ACLs and their entries before the merge.
vlan number
Specifies the interface on which the ACL was applied.
in | out
Specifies the direction in which the ACL was applied to network traffic: incoming or outgoing.
summary
(Optional) Displays summary information before or after the merge.
match
Displays the ACL entry that matches the specified tuple.
ip_address1
Source IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
ip_address2
Destination IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
protocol
Protocol specified in the ACL.
src_port
Source port specified in the ACL.
dest_port
Destination port specified in the ACL.
merged-list
(Optional) Displays the merged ACL.
non-redundant
(Optional) Displays only those ACL entries that have been downloaded to a network processor.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the acl-merge feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a redundant configuration. The number assigned depends on the order in which the ACLs are applied to the VLANs. This number can be different on the two modules. Even the ACL merged list could be different on the two modules depending on when redundancy is enabled.
Examples
To display the ACL merge information for VLAN 401, enter:
host1/Admin# show acl-merge acls vlan 401 in summaryRelated Commands
This command has no related commands.
show action-list
To display information about action list configuration, use the show action-list command in Exec mode. The show action-list command output displays all optimization action list configurations and default values.
show action-list list_name [|] [>]
Syntax Description
list_name
Identifier of an existing action list as an unquoted text string with a maximum of 64 alphanumeric characters.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For information about the fields in the show action-list command output, see the Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide.
Examples
To display configuration information for the ACT_LIST1 action list, enter:
host1/Admin# show action-list ACT_LIST1Related Commands
show running-config
(config) action-list typeshow arp
To display the current active IP address-to-MAC address mapping in the Address Resolution Protocol (ARP) table, statistics, or inspection or timeout configuration, use the show arp command.
show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>]
Syntax Description
inspection
(Optional) Displays the ARP inspection configuration.
internal event-history dbg
(Optional) Displays the ARP internal event history. The ACE debug commands are intended for use by trained Cisco personnel only. Do not attempt to use these commands without guidance from Cisco support personnel.
statistics
(Optional) Displays the ARP statistics for all VLAN interfaces.
vlan vlan_number
(Optional) Displays the statistics for the specified VLAN number.
timeout
(Optional) Displays the ARP timeout values.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The show arp command without options displays the active IP address-to-MAC address mapping in the ARP table.
For information about the fields in the show arp command output, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide.
Examples
To display the current active IP address-to-MAC address mapping in the ARP table, enter:
host1/Admin# show arpRelated Commands
clear arp
(config) action-list typeshow banner motd
To display the configured banner message of the day, use the show banner motd command.
show banner motd [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To configure the banner message, use the banner command in the configuration mode.
For information about the fields in the show banner motd command output, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To display the message of the day, enter:
host1/Admin# show banner motdRelated Commands
show bootvar
To display the current BOOT environment variable and configuration register setting, use the show bootvar command. This command is available only in the Admin context.
show bootvar [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To set the BOOT environment variable, use the boot system image: command in the configuration mode.
For information about the fields in the show bootvar command output, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvarBOOT variable = "image:/c4710ace-mz.3.0.0_AB0_0.488.bin;image:/c4710ace-mz.3.0.0_AB0_0.453.bin"Configuration register is 0x1Related Commands
This command has no related commands.
show buffer
To display the buffer manager module messages, use the show buffer command.
show buffer {events-history | stats | usage} [|] [>]
Syntax Description
events-history
Displays a historic log of the most recent messages generated by the buffer manager event history.
stats
Displays detailed counters for various buffer manager event occurrences.
usage
Displays the number of buffers currently being held (allocated but not freed) by each buffer module. The usage keyword also shows an estimate of the number of times a particular buffer module has freed the same buffer more than once (this condition indicates a software error).
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the control plane buffer event history, enter:
host1/Admin# show buffer events-history1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2007[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa02) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2007[102] total blocks=151682 (ctrl=75841, data=75841)Related Commands
show capture
To display the packet information that the ACE traces as part of the packet capture function, use the show capture command.
show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status] [|] [>]
Syntax Description
buffer_name
Name of the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters.
detail
(Optional) Displays additional protocol information for each packet.
connid connection_id
(Optional) Displays protocol information for a specified connection identifier.
range packet_start packet_end
(Optional) Displays protocol information for a range of captured packets.
status
(Optional) Displays capture status information for each packet.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For all types of received packets, the console display is in tcpdump format.
To copy the capture buffer information as a file in Flash memory, use the copy capture command.
For information about the fields in the show capture command output, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To display the captured packet information contained in packet capture buffer CAPTURE1, enter:
switch/Admin# show capture CAPTURE1Related Commands
show checkpoint
To display information relating to the configured checkpoints, use the show checkpoint command.
show checkpoint {all | detail name} [|] [>]
Syntax Description
all
Displays a list of all existing checkpoints.
detail name
Displays the running configuration of the specified checkpoint.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For information about the fields in the show checkpoint command output, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To display the running configuration for the checkpoint MYCHECKPOINT, enter:
host1/Admin# show checkpoint detail MYCHECKPOINTRelated Commands
show clock
To display the current date and time settings of the system clock, use the show clock command.
show clock [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
To configure the system clock setting, use the clock command in the configuration mode.
For information about the fields in the show clock command output, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To display the current clock settings, enter:
host1/Admin# show clockSun Oct 7 20:08:14 UTC 2007Related Commands
(config) clock summer-time
(config) clock timezoneshow conn
To display the connection statistics, use the show conn command.
show conn {address ip_address1 [ip_address2] netmask mask} | count | detail | {port number1 [number2]} | {protocol {tcp | udp} | rserver name | serverfarm name} [|] [>]
Syntax Description
address ip_address1 [ip_address2]
Displays connection statistics for a single source or destination IP address or, optionally, for a range of source or destination IP addresses. To specify a range of IP addresses, enter an IP address for the lower limit of the range and a second IP address for the upper limit of the range. Enter one or two IP addresses in dotted-decimal notation (for example, 192.168.12.15).
netmask mask
Specifies the network mask for the IP address or range of IP addresses that you specify. Enter a network mask in dotted-decimal notation (for example, 255.255.255.0).
count
Displays the total current connections to the ACE.
detail
Displays detailed connection information.
port number1 [number2]
Displays connection statistics for a single source or destination port or optionally, for a range of source or destination ports.
protocol {tcp | udp}
Displays connection statistics for TCP or UDP.
rserver name
Displays connections for the specified real server.
serverfarm name
Displays connections for the specified server farm.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For information about the fields in the show conn command output, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.
Examples
To display connection statistics for a range of IP addresses, enter:
host1/Admin# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0Related Commands
show context
To display the context configuration information, use the show context command.
show context [context_name | Admin] [|] [>]
Syntax Description
context_name
(Optional) Name of user-created context. The ACE displays just the specified context configuration information. The context_name argument is case sensitive. and is visible only from the admin context.
Admin
(Optional) Displays just the admin context configuration information. This keyword is visible only from the admin context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
The ACE displays different information for this command depending on the context that you are in when executing the command:
•
•
For information about the fields in the show context command output, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Examples
To display the Admin context and all user-context configuration information, enter:
host1/Admin# show contextTo display the configuration information for the user context CTX1, enter:
host1/Ctx1# show contextRelated Commands
show copyright
To display the software copyright information for the ACE, use the show copyright command.
show copyright [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
For information about the fields in the show copyright command output, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Examples
To display the ACE software copyright information, enter:
host1/Admin# show copyrightRelated Commands
This command has no related commands.
show crypto
To display the summary and detailed reports on files containing Secure Sockets Layer (SSL) certificates, key pairs, and chain groups, use the show crypto command.
show crypto {certificate {filename | all} | chaingroup {filename | all} | csr-params {filename | all} | files | key {filename | all}} [|] [>]
Syntax Description
certificate
Specifies certificate file type.
chaingroup
Specifies chaingroup file type.
key
Specifies key pair file type.
filename
Name of a specific file. The ACE displays the detailed report for the specified file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.
all
Displays the summary report that lists all the files of the specified file type.
files
Displays the summary report listing all of the crypto files loaded on the ACE, including certificate, chaingroup, and key pair files. The summary report also shows whether the file contains a certificate, a key pair, or both.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
