-
Application Control Engine Module Command Reference (Software Version A1(2))
-
CLI Command Summary By Mode
-
Preface
-
Using the Command-Line Interface
-
CLI Commands
-
Exec Mode Commands
-
Configuration Mode Commands
-
Chaingroup Configuration Mode Commands
-
Class Map Configuration Mode Commands
-
Console Configuration Mode Commands
-
Context Configuration Mode Commands
-
CSR Parameters Configuration Mode Commands
-
Domain Configuration Mode Commands
-
FT Group Configuration Mode Commands
-
FT Interface Configuration Mode Commands
-
FT Peer Configuration Mode Commands
-
FT Track Host Configuration Mode Commands.
-
Interface Configuration Mode Commands
-
LDAP Configuration Mode Commands
-
Line Configuration Mode Commands
-
Parameter Map Connection Configuration Mode Commands
-
Policy Map Configuration Mode Commands
-
Probe Configuration Mode Commands
-
RADIUS Configuration Mode Commands
-
Real Server Host Configuration Mode Commands
-
Resource Configuration Mode Commands
-
Role Configuration Mode Commands
-
Server Farm Host Configuration Mode Commands
-
SSL Proxy Configuration Mode Commands
-
Sticky Cookie Configuration Mode Commands
-
TACACS+ Configuration Mode Commands
-
Table Of Contents
show security internal event-history
Exec Mode Commands
Exec mode commands are those available to you immediately access after you log in to an ACE. Many of these commands are followed by keywords that effectively make them distinct commands (for example, show aaa, show access-list, show accounting, and so on). To increase readability of command syntax, these are presented as separate commands.
You can also execute Exec mode commands from any of the configuration modes using the do command. For example, to display the ACE running configuration from the Exec mode, use the show running-config command. To execute the same command from the configuration mode, use the do show running-config command.
capture
To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command. As part of the packet capture process, you specify whether to capture packets from all interfaces or an individual VLAN interface.
capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The packet capture function enables access-control lists (ACLs) to control what packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.
The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. The context ID is passed along with the packet, which can be used to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
The ACE does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in Flash memory, use the copy capture command.
Examples
To start the packet capture function for CAPTURE1, enter:
host1/Admin# access-list ACL1 line 10 extended permit ip any anyhost1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1host1/Admin# capture CAPTURE1 startTo stop the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 stopRelated Commands
changeto
To move from one context on the ACE to another, use the changeto command.
changeto context_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the changeto feature in your user role (as found in all of the predefined user roles). For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Only users authorized in the admin context can use the changeto command to navigate between the various contexts. Context administrators, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
The command prompt indicates the context you are currently in (see the following example).
Examples
To change from the Admin context to the context CTX1, enter:
host1/Admin# changeto CTX1host1/CTX1#Related Commands
checkpoint
To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command.
checkpoint {create | delete | rollback} name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To create the checkpoint CP102305, enter:
host1/Admin# checkpoint create CP102305Related Commands
clear
To clear specific context logs and buffers of their statistics and monitoring history, use the clear command. The clear command are:
Command Modes
Exec
Command History
Usage Guidelines
The features required in your user role to execute a specific clear command is described in the Usage Guidelines section of the command. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you have redundancy configured, then you need to explicitly clear statistics on both the active and the standby ACEs. Clearing statistics on the active module alone will leave the standby module statistics at the old value.
Related Commands
clear access-list
To clear access control list (ACL) statistics, use the clear access-list command.
clear access-list name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the access control list ACL1, enter:
host1/Admin# clear access-list ACL1Related Commands
(config) access-list ethertype
(config) access-list extendedclear accounting log
To clear the accounting log, use the clear accounting log command.
clear accounting log
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the accounting log, enter:
host1/Admin# clear accounting logRelated Commands
show accounting log
(config) aaa accounting defaultclear arp
To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP processes, use the clear arp command.
clear arp [no-refresh | {statistics [interface_name]}]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you enter the clear arp command with no option, it clears all learned ARP entries with a reARP on the entries.
Examples
To clear the ARP statistics, enter:
host1/Admin# clear arp statisticsTo clear the ARP learned entries with a reARP on the entries, enter:
host1/Admin# clear arpRelated Commands
clear buffer stats
To clear the control plane buffer statistics, use the clear buffer stats command.
clear buffer stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane buffer statistics, enter:
host1/Admin# clear buffer statsRelated Commands
clear capture
To clear an existing capture buffer, use the clear capture command.
clear capture name
Syntax Description
Command Modes
Exec
Admin and user context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Use the dir command to view the capture files you copied to the disk0: file system using the copy capture command.
Examples
To clear the capture buffer CAPTURE1, enter:
host1/Admin# clear capture CAPTURE1Related Commands
clear cde
To clear the classification and distribution engine (CDE) statistics and interrupt counts, use the clear cde command.
clear cde {interrupt | stats}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the CDE interrupt counts, enter:
host1/Admin# clear cde interruptRelated Commands
clear conn
To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn command.
clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip | dest_port}} | rserver name]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear only the connections that go through the ACE (flows that pass through the ACE between the originating network host and the terminating network host), use the clear conn command without any keywords. When you do not include any keywords, the connections that terminate or originate with the ACE are not cleared.
Examples
To clear the connections for the real server RSERVER1, enter:
host1/Admin# clear conn rserver RSERVER1Related Commands
clear cores
To clear all of the core dumps stored in the core: file system, use the clear cores command.
clear cores
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Note
The ACE creates a core dump when it experiences a fatal error. Core dump information is for Cisco Technical Assistance Center (TAC) use only. We recommend contacting TAC for assistance in interpreting the information in the core dump.
To view the list of core files in the core: file system, use the dir core: command.
To save a copy of a core dump to a remote server before clearing it, use the copy capture command.
To delete a specific core dump file from the core: file system, use the delete core: command.
Examples
To clear all core dumps, enter:
host1/Admin# clear coresRelated Commands
clear debug-logfile
To remove a debug log file, use the clear debug-logfile command.
clear debug-logfile filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To clear the debug log file DEBUG1, enter:
host1/Admin# clear debug-logfile DEBUG1Related Commands
clear fifo stats
To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command.
clear fifo stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane FIFO statistics, enter:
host1/Admin# clear fifo statsRelated Commands
clear ft stats
To clear the fault tolerant (FT) statistics, use the clear ft stats command.
clear ft stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the fault tolerant statistics, enter:
host1/Admin# clear ft statsRelated Commands
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(config) ft track hsrp
(config) ft track interfaceclear icmp statistics
To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics command.
clear icmp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the ICMP statistics, enter:
host1/Admin# clear icmp statisticsRelated Commands
clear interface
To clear the interface statistics, use the clear interface command.
clear interface [vlan number | bvi number]
Syntax Description
vlan number
(Optional) Clears the statistics for the specified VLAN
bvi number
(Optional) Clears the statistics for the specified BVI
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear all of the interface statistics, execute the clear interface command without using the optional VLAN and BVI keywords.
Examples
To clear all of the interface statistics for VLAN 212, enter:
host1/Admin# clear interface vlan 212Related Commands
clear ip
To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip command.
clear ip [dhcp relay statistics | statistics]
Syntax Description
dhcp relay statistics
(Optional) Clears all of the DHCP relay statistics
statistics
(Optional) Clears all of the statistics associated with IP normalization, fragmentation, and reassembly
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional keywords.
Examples
To clear all of the IP normalization, fragmentation, and reassembly statistics, enter:
host1/Admin# clear ip statisticsRelated Commands
clear line
To close a specified virtual terminal session (VTY) session, use the clear line command.
clear line vty_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To terminate the VTY session VTY1, enter:
host1/Admin# clear line VTY1Related Commands
(config) line console
(config) line vtyclear logging
To clear information stored in the logging buffer, use the clear logging command.
clear logging [disabled | rate-limit]
Syntax Description
disabled
(Optional) Clears the logging buffer of "disabled" messages
rate-limit
(Optional) Clears the logging buffer of "rate-limit configuration" messages
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear all of the information stored in the logging buffer, execute the clear logging command without using either of the optional keywords.
Examples
To clear all of the information stored in the logging buffer, enter:
host1/Admin# clear loggingRelated Commands
clear netio stats
To clear the control plane network I/O statistics, use the clear netio stats command.
clear netio stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane network I/O statistics, enter:
host1/Admin# clear netio statsRelated Commands
clear probe
To clear probe statistics displayed through the show probe command, use the clear probe command.
clear probe name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear all the statistics for the probe HTTP1, enter:
host1/Admin# clear probe HTTP1Related Commands
clear processes log
To clear processes log statistics, use the clear processes command.
clear processes log {all | pid id}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the list of process identifiers assigned to each of the processes running on the ACE, use the show processes command.
Examples
To clear all the processes log statistics, enter:
host1/Admin# clear processes allRelated Commands
clear rserver
To clear the real server statistics of all instances of a particular real server regardless of the server farms it is associated with, use the clear rserver command.
clear rserver name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the statistics for real server RS1, enter:
host1/Admin# clear rserver RS1Related Commands
clear rtcache
To clear the route cache, use the clear rtcache command.
clear rtcache
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the route cache, enter:
host1/Admin# clear rtcacheRelated Commands
This command has no related commands.
clear screen
To clear the display screen, use the clear screen command.
clear screen
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the display screen, enter:
host1/Admin# clear screenRelated Commands
This command has no related commands.
clear serverfarm
To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command.
clear serverfarm name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the statistics for the server farm SFARM1, enter:
host1/Admin# clear severfarm SFARM1Related Commands
clear service-policy
To clear the service policy statistics, use the clear service-policy command.
clear service-policy policy_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the statistics for the service policy HTTP1, enter:
host1/Admin# clear service-policy HTTP1Related Commands
clear ssh
To clear an SSH session or clear the public keys of all SSH hosts, use the clear ssh command.
clear ssh {session_id | hosts}
Syntax Description
session_id
Identifier of the SSH session to clear, terminating the session
hosts
Clears the public keys of all trusted SSH hosts
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To obtain the specific SSH session id value, use the show ssh session-info command.
Examples
To clear the SSH session with the identifier 345, enter:
host1/Admin# clear ssh 345Related Commands
(config) ssh key
(config) ssh maxsessionsclear startup-config
To clear the startup configuration of the current context, use the clear startup config command.
clear startup-config
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin use role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Clearing the startup configuration does not affect the context running-configuration.
To clear the startup configuration, you can also use the write erase command.
Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. Once you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration:
•
•
The clear startup-config command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command.
Examples
To clear the startup configuration, enter:
host1/Admin# clear startup-configRelated Commands
clear stats
To clear the statistical information stored in the ACE buffer, use the clear stats command.
clear stats {all | connections | http | inspect | loadbalance | probe | sticky}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the system buffer, enter:
host1/Admin# clear buffer statsRelated Commands
clear sticky database
To clear sticky database entries, use the clear sticky database command.
clear sticky database {all | group name}
Syntax Description
all
Clears all dynamic sticky database entries in a context
group name
Clears all dynamic sticky database entries for the specified sticky group
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear static sticky database entries, use the no form of the (config-sticky-cookie) static cookie value, (config-sticky-header) static header value, or the (config-sticky-ip) static client source command.
Examples
To clear all dynamic sticky database entries in the Admin context, enter:
host1/Admin# clear sticky database allRelated Commands
clear tcp statistics
To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command.
clear tcp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the TCP statistics, enter:
host1/Admin# clear tcp statisticsRelated Commands
clear telnet
To clear a Telnet session, use the clear telnet command.
clear telnet session_id
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To obtain the specific Telnet session identification number, use the show telnet command.
Examples
To clear the Telnet session with the identification number of 236, enter:
host1/Admin# clear telnet 236Related Commands
clear udp statistics
To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command.
clear udp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the UDP statistics, enter:
host1/Admin# clear udp statisticsRelated Commands
clear user
To clear a user session, use the clear user command.
clear user name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the list of users that are currently logged in to the ACE, use the show users command.
Examples
To logout the user USER1, enter:
host1/Admin# clear user USER1Related Commands
clear vnet stats
To control plane virtual network (VNET) device statistics, use the clear vnet stats command.
clear vnet stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the VNET statistics, enter:
host1/Admin# clear vnet statsRelated Commands
clear xlate
To clear global address to local address mapping information based on global address, global port, local address, local port, interface address as global address, and NAT type, use the clear xlate command.
clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface vlan number] [state static] [portmap]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you enter this command, the ACE releases sessions that are using the translations (Xlates).
If you configured redundancy, then you need to explicitly clear Xlates on both the active and the standby ACEs. Clearing Xlates on the active module alone will leave the standby module's Xlates at the old mappings.
Examples
To clear all static translations, enter:
host1/Admin# clear xlate state staticRelated Commands
configure
To change from the Exec mode to the configuration mode, use the configure command.
configure [terminal]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires one or more features assigned to your user role that allow configuration, such as AAA, interface, or fault-tolerant. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To return to the Exec mode from the configuration mode, use the exit command.
To execute an Exec mode command from any of the configuration modes, use the do version of the command.
Examples
To change to the configuration mode from the Exec mode, enter:
host1/Admin# configurehost1/Admin(config)#Related Commands
copy capture
To copy an existing context packet capture buffer as the source file in the ACE compact flash to another file system, use the copy capture command.
copy capture capture_name disk0: [path/]destination_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the ACE and free up memory.
Examples
To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter:
host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1Related Commands
copy core:
To copy save a core file to a remote server, use the copy core: command.
copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE:
•
•
•
Examples
To copy a core file from the ACE to a remote FTP server, enter:
host1/Admin# copy core:ixp0_crash.txt ftp://192.168.1.2Enter the destination filename[]? [ixp0_crash.txt]Enter username[]? user1Enter the file transfer mode[bin/ascii]: [bin]Password:Passive mode on.Hash mark printing on (1024 bytes/hash mark).
Note
Related Commands
copy disk0:
To copy a file from one directory in the disk0: file system of Flash memory to another directory in disk0: or a network server, use the copy disk0: command.
copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE:
•
•
•
Examples
To copy the file called SAMPLEFILE to the MYSTORAGE directory in Flash memory, enter:
host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILERelated Commands
copy ftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote FTP server to a location on the ACE, use the copy ftp: command.
copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote FTP server to the ACE, enter:
host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy image:
To copy an ACE software system image from Flash memory to a remote server using FTP, SFTP, or TFTP, use the copy image: command.
copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE:
•
•
•
Examples
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2Related Commands
copy licenses
To create a backup license file for the ACE licenses in .tar format and copy it to the disk0: file system, use the copy licenses command.
copy licenses disk0:[path/]filename.tar
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy the installed software licenses to the disk0: file system, enter:
host1/Admin# copy licenses disk0:mylicenses.tarRelated Commands
copy running-config
To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration file in Flash memory (non-volatile memory) or a network server, use the copy running-config command.
copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE:
•
•
•
To copy the running configuration to the startup configuration, you can also use the write memory command.
Examples
To save the running-configuration file to the startup-configuration file in Flash memory on the ACE, enter:
host1/Admin# copy running-config startup-configRelated Commands
copy startup-config
To merge the contents of the startup configuration file into the running configuration file or copy the startup configuration file to a network server, use the copy startup-config command.
copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE:
•
•
•
Examples
To merge the contents of the startup-configuration file into the running-configuration file in Flash memory, enter:
host1/Admin# copy startup-config running-configRelated Commands
copy sftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote SFTP server to a location on the ACE, use the copy sftp: command.
copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name]| running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote SFTP server to the ACE, enter:
host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy tftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote TFTP server to a location on the ACE, use the copy tftp: command.
copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name]| running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote TFTP server to the ACE, enter:
host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
crypto delete
To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete command.
crypto delete {filename | all}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To view the list of the certificate and key pairs files stored on the ACE for the current context, use the show crypto files command.
Examples
To delete the key pair file MYRSAKEY.PEM, enter:
host1/Admin# crypto delete MYRSAKEY.PEMRelated Commands
crypto export
To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen, use the crypto export command.
crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
You cannot export a certificate or key pair file that you marked as non-exportable when you imported the file to the ACE.
The remote server variables listed after the terminal keyword in the Syntax Description are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal).
To view the list of the certificate and key pairs files stored on the ACE for the current context, use the show crypto files command.
Examples
To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter:
host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEMUser password: ****Writing remote file /usr/keys/mykey.pemhost1/Admin#Related Commands
crypto generate csr
To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command.
crypto generate csr csr_params key_filename
Syntax Description
csr_params
CSR parameters file containing the distinguished name attributes. The ACE applies the distinguished name attributes contained in the CSR parameters file to the CSR.
To create a CSR parameters file, use the (config) crypto csr-params command in the configuration mode.
key_filename
RSA key pair filename containing the key on which the CSR is built. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. It is the public key that the ACE embeds in the CSR. Ensure the RSA key pair file is loaded on the ACE for the current context. If the appropriate key pair does not exist, the ACE logs an error message.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs it to the screen. Most major Certificate Authorities have web-based applications that require you to cut and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file. Note that the ACE does not save a copy of the CSR locally.
After submitting your CSR to the CA, you will receive your signed certificate in one to seven business days. When you receive your certificate, use the crypto import command to import the certificate to the ACE.
Examples
To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in the file MYRSAKEY_1.PEM, enter:
host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEMRelated Commands
crypto generate key
To generate an RSA key pair file, use the crypto generate key command.
crypto generate key [non-exportable] bitsize filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To generate the RSA key file MYRSAKEYS.PEM, enter:
host1/Admin# crypto generate rsa MYRSAKEYS.PEMRelated Commands
crypto import
To import a certificate or key pair file to the ACE or terminal screen from a remoter server, use the crypto import command.
crypto import [non-exportable] {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} | terminal local_filename [passphrase passphrase]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Because a device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both corresponding file types; the certificate file and its corresponding key pair file.
The remote server variables listed after the passphrase variable in the Syntax Description table are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). If you select one of these transport types and do not define the remote server variables, the ACE prompts you for the variable information.
To view the list of the certificate and key pairs files stored on the ACE for the current context, use the show crypto files command.
Examples
To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter:
host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM MYKEY.PEMPassword: ********Passive mode on.Hash mark printing on (1024 bytes/hash mark).#Successfully imported file from remote server.host1/Admin#The following example illustrates how to use the terminal keyword to allow pasting of the certificate information to the file MYCERT.PEM:
host1/Admin# crypto import terminal MYCERT.PEMEnter PEM formatted data ending with a blank line or "quit" on a line by itself--------BEGIN CERTIFICATE-----------------------MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENBMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3-----------END CERTIFICATE------------------------QUIThost1/Admin#Related Commands
crypto verify
To compare the public key in a certificate with the public key in a key pair file, and verify that they are identical, use the crypto verify command.
crypto verify key_filename cert_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If the public key in the certificate does not match the public key in the key pair file, the ACE logs an error message.
To view the list of the certificate and key pairs files stored on the ACE for the current context, use the show crypto files command.
Examples
To verify the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match, enter:
host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEMkeypair in myrsakey.pem matches certificate in mycert.pemThe following example illustrates what happens when the public keys do not match:
host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEMKeypair in myrsakey2.pem does not match certificate in mycert.pemhost1/Admin#Related Commands
debug
To enable the ACE debugging functions, use the debug command.
debug {aaa | access-list | all | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr | fifo | fm | ha_dp_mgr | ha_mgr | hardware | hm | ifmgr | ip | ldap | logfile | nat-download | pktcap | radius | routemgr | security | snmp | ssl | syslogd | system | tacacs+ | virtualization}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command is available to roles that allow debugging and available to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To enable all of the debugging functions, enter:
host1/Admin# debug allRelated Commands
delete
To delete a specified file in an ACE file system, use the delete command.
delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you do not specify a filename with the file system keyword, the ACE prompts you for a file name.
To display the list of files that reside in a file system, use the dir command.
Examples
To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:
host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZRelated Commands
dir
To display the contents of a specified ACE file system, use the dir command.
dir {core: | disk0:[path/][filename] | image:[filename] | volatile:[filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To delete a file from a file system, use the delete command.
To delete all core dumps, use the clear cores command.
Examples
To display the contents of the drive0: file system, enter:
host1/Admin# dir disk0:Related Commands
exit
To exit out of Exec mode and log out the CLI session, use the exit command.
exit
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To log out of an active CLI session, enter:
host1/Admin# exitRelated Commands
This command has no related commands.
format disk0:
To erase all data stored on the Flash memory and reformat it with the FAT16 version of the file allocation table, use the format disk0: command. All user-defined configuration information is erased and the ACE returns to the factory default settings.
format disk0:
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Before you reformat the Flash memory, consider saving a copy of the following ACE operation and configuration attributes to a remote server:
•
•
•
•
•
•
•
After you reformat the Flash memory, perform the following actions:
•
•
•
–
–
•
–
–
Examples
To reformat Flash memory, enter:
host1/Admin# format disk0:Related Commands
ft switchover
To purposely cause a failover, perhaps to make a particular context active, use the ft switchover command.
ft switchover [force | group_id]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT (fault tolerant) group, thereby causing the failover.
You may need to cause a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully becoming the active member of the FT group, a switchover occurs. You must configure no preempt to use this command (use the preempt command in FT group configuration mode.)
The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context:
•
•
Examples
To cause a failover from the active module to the standby module of FT group1, enter:
host1/Admin# ft switchover 1Related Commands
gunzip
To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe script files), use the gunzip command.
gunzip disk0:[path/]filename.gz
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file zipped by the gzip (GNU zip) compression utility.
To display a list of available zipped files on disk0:, use the dir command.
Examples
To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file system, enter:
host1/Admin# gunzip disk0:PROBE_SCRIPTS.gzRelated Commands
license
To install, update, or uninstall licenses on the ACE, use the license command.
license {install disk0:[path/]filename [target_filename] | uninstall name | update disk0:[path/]permanent_filename demo_filename}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
After you have received a demo or permanent software license key in an e-mail from Cisco Systems, you must copy the license file to a network server and then use the copy tftp command in Exec mode to copy the file to the disk0: file system on the ACE.
To update an installed demo license with a permanent license, use the license update command. The demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage command.
To back up license files, use the copy licenses command
Caution
If you uninstall an SSL license, it also brings down the SSL transactions per second (TPS) to 1000 TPS on the ACE.
If you uninstall the module bandwidth license, it brings down the ACE module bandwidth to the default of 4 Gbps on the ACE.
For more information on the types of ACE licenses available and managing the licenses on your ACE, see the Cisco Application Control Engine Module Administration Guide.
Examples
To install a new permanent license, enter:
host1/Admin# license install disk0:ACE-VIRT-020.LICTo uninstall a license, enter:
host1/Admin# license uninstall ACE-VIRT-250.LICTo update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-VIRT-250.LIC ACE-VIRT-250-demo.LICRelated Commands
mkdir disk0:
To create a new directory in disk0:, use the mkdir disk0: command.
mkdir disk0:[path/]directory_name
Syntax Description
[path/]directory_name
Name you assign the new directory. Specify the optional path if you want to create a directory within an existing directory.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If a directory with the same name already exists, the ACE does not create the new directory and the "Directory already exists" message appears.
Examples
To create a directory in disk0: called TEST_DIRECTORY, enter:
host1/Admin# mkdir disk0:TEST_DIRECTORYRelated Commands
move disk0:
To move a file between directories in the disk0: file system, use the move command.
move disk0:[source_path/]filename disk0:[destination_path/]filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If a file with the same name already exists in the destination directory, that file is overwritten by the file you move.
Examples
To move the called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:, enter:
host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILERelated Commands
np session
To execute network processor-related commands, use the np session command.
np session {disable | enable}
Syntax Description
disable
Disables sessions to the network processor from the SUP720
enable
Enables sessions to the network processor from the SUP720
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To enable sessions to the network processor from the SUP720, enter:
host1/Admin# np session enableRelated Commands
This command has no related commands.
ping
To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the ping (packet internet groper) command.
ping target_ip
Syntax Description]
target_ip
The IP address of the remote host to ping. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ping program sends an echo request packet to an address from the current context on the ACE, and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and the path, and whether the host can be reached or is functioning.
To terminate a ping session before reaches its timeout value, type the Ctrl-C escape sequence.
Examples
To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter:
host1/Admin# ping 196.168.1.2Related Commands
reload
To reload the configuration on the ACE, use the reload command.
reload
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command.
Caution
Examples
To execute a soft reboot, enter:
host1/Admin# reloadThis command will reboot the systemSave configurations for all the contexts. Save? [yes/no]: [yes]Related Commands
reprogram bootflash
To reprogram the Field Upgradable (FUR) partition of the rommon image on the ACE, use the reprogram bootflash command.
reprogram bootflash {default-image {disk0:[path/]filename | image:[path/]filename} | fur-image {disk0:[path/]filename | image:[path/]filename} | invalidate-fur-image | validate-fur-image}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The reprogram bootflash command is intended for use by trained Cisco personnel only. Entering this command may cause unexpected results. Do not attempt to use the reprogram bootflash command without guidance from Cisco support personnel.
Examples
To reprogram the rommon image FUR partition on the image: file system, enter:
host1/Admin# reprogram bootflash fur-image image:sb-ace.NOV_11Related Commands
This command has no related commands.
rmdir disk0:
To remove a directory from the disk0: file system, use the rmdir disk0: command.
rmdir disk0:directory
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command.
Examples
To remove the directory TEST_DIRECTORY from disk0:, enter:
host1/Admin# rmdir disk0:TEST-DIRECTORYRelated Commands
show
To display ACE statistical and configuration information, use the show command.
show keyword [| {begin pattern | count | end | exclude pattern | include pattern | last | more}] [> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}]
The available show keyword commands are listed below.
Syntax Description
Command Modes
Exec
Command History
Usage Guidelines
The features required in your user role to execute a specific show command is described in the Usage Guidelines section of the command. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Most commands have an associated show command. For example, the associated show command for the interface command in configuration mode is the show interface command. Use the associated show command to verify changes you make to the running configuration.
The output of the show command may vary depending on the context you execute the command from. For example, the show running-config command displays the running-configuration for the current context only.
To enable XML conversion of show command output from the ACE for result monitoring by an NMS, use the xml-show command.
Examples
To display the current running configuration, enter:
host1/Admin# show running-configRelated Commands
show aaa
To display AAA accounting and authentication configuration information for the current context, use the show aaa command.
show aaa {accounting | authentication [login error-enable] | groups} [|] [>]
Syntax Description
accounting
Displays accounting configuration information.
authentication
Displays authentication configuration information.
login error-enable
(Optional) Displays the status of the login error message configuration.
groups
Displays the configured server groups.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show aaa command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display the accounting configuration information, enter:
host1/Admin# show aaa accountingdefault: localRelated Commands
(config) aaa accounting default
(config) aaa authentication loginshow access-list
To display statistics associated with a specific Access Control List (ACL), use the show access-list command.
show access-list name [|] [>]
Syntax Description
name
Name of an existing ACL. Enter the name as an unquoted text string.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACL information the ACE displays when you execute the show access-list command includes the ACL name, number of elements in the ACL, operating status of the ACL (ACTIVE or NOT ACTIVE), any configured remarks, the ACL entry, and the ACL hit count.
For information about the fields in the show access-list command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display statistical and configuration information for the ACL ACL1, enter:
host1/Admin# show access-list ACL1Related Commands
clear access-list
show running-config(config) access-list ethertype
(config) access-list extended
(config) access-list remark
(config) access-list resequenceshow accounting log
To display AAA accounting log information, use the show accounting log command.
show accounting log [size] [|] [>]
Syntax Description
size
(Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to 250000. The default is 250000 bytes.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show accounting log command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display the contents of the accounting log file, enter:
host1/Admin# show accounting logRelated Commands
(config) aaa accounting default
show acl-merge
To display statistics related to merged ACLs, use the show acl-merge command.
show acl-merge {acls vlan number {in | out} [summary]} | {match vlan number {in | out} ip_address1 ip_address2 protocol src_port dest_port} | {merged-list vlan number {in | out} [non-redundant | summary]} [|] [>]
Syntax Description
acls
Displays various feature ACLs and their entries before the merge.
vlan number
Specifies the interface on which the ACL was applied.
in | out
Specifies the direction in which the ACL was applied to network traffic: incoming or outgoing.
summary
(Optional) Displays summary information before or after the merge.
match
Displays the ACL entry that matches the specified tuple.
ip_address1
Source IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
ip_address2
Destination IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
protocol
Protocol specified in the ACL.
src_port
Source port specified in the ACL.
dest_port
Destination port specified in the ACL.
merged-list
(Optional) Displays the merged ACL.
non-redundant
(Optional) Displays only those ACL entries that have been downloaded to a network processor.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the acl-merge feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a redundant configuration. The number assigned depends on the order in which the ACLs are applied to the VLANs. This number can be different on the two modules. Even the ACL merged list could be different on the two modules depending on when redundancy is enabled.
Examples
To display the ACL merge information for VLAN 401, enter:
host1/Admin# show acl-merge acls vlan 401 in summaryRelated Commands
This command has no related commands.
show arp
To display the current active IP address-to-MAC address mapping in the ARP table, statistics, or inspection or timeout configuration, use the show arp command.
show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>]
Syntax Description
inspection
(Optional) Displays the ARP inspection configuration.
internal event-history dbg
(Optional) Displays the ARP internal event history. The ACE debug commands are intended for use by trained Cisco personnel only. Do not attempt to use these commands without guidance from Cisco support personnel.
statistics
(Optional) Displays the ARP statistics for all VLAN interfaces.
vlan vlan_number
(Optional) Displays the statistics for the specified VLAN number.
timeout
(Optional) Displays the ARP timeout values.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The show arp command without options displays the active IP address-to-MAC address mapping in the ARP table.
For information about the fields in the show arp command output, see the Cisco Application Control Engine Module Routing and Bridging Configuration Guide.
Examples
To display the current active IP address-to-MAC address mapping in the ARP table, enter:
host1/Admin# show arpRelated Commands
show banner motd
To display the configured banner message of the day, use the show banner motd command.
show banner motd [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To configure the banner message, use the banner command in the configuration mode.
For information about the fields in the show banner motd command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the message of the day, enter:
host1/Admin# show banner motdRelated Commands
show bootvar
To display the current BOOT environment variable and configuration register setting, use the show bootvar command.
show bootvar [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To set the BOOT environment variable, use the boot system image: command in the configuration mode.
For information about the fields in the show bootvar command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvarBOOT variable = "disk0:c6ace-t1k9-mzg.3.0.0_A0_2.48.bin"Configuration register is 0x1Related Commands
This command has no related commands.
show buffer
To display the buffer manager module messages, use the show buffer command.
show buffer {events-history | stats | usage} [|] [>]
Syntax Description
events-history
Displays a historic log of the most recent messages generated by the buffer manager event history.
stats
Displays detailed counters for various buffer manager event occurrences.
usage
Displays the number of buffers currently being held (allocated but not freed) by each buffer module. The usage keyword also shows an estimate of the number of times a particular buffer module has freed the same buffer more than once (this indicates a software error condition).
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the control plane buffer event history, enter:
host1/Admin# show buffer events-history1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa02) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000[102] total blocks=151682 (ctrl=75841, data=75841)Related Commands
show capture
To display the packet information that the ACE traces as part of the packet capture function, use the show capture command.
show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status] [|] [>]
Syntax Description
buffer_name
Name of the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters.
detail
(Optional) Displays additional protocol information for each packet.
connid connection_id
(Optional) Displays protocol information for a specified connection identifier.
range packet_start packet_end
(Optional) Displays protocol information for range of captured packets.
status
(Optional) Displays capture status information for each packet.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For all types of received packets, the console display is in tcpdump format.
To copy the capture buffer information as a file in Flash memory, use the copy capture command.
For information about the fields in the show capture command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the captured packet information contained in packet capture buffer CAPTURE1, enter:
switch/Admin# show capture CAPTURE1Related Commands
show cde
To display the classification and distribution engine (CDE) register values, use the show cde command.
show cde {all | count | dist | hash index_number | health | interrupts | reg cde_number register | stats {cumulative | stats} | vlan vlan_number} [|] [>]
Syntax Description
all
Displays all CDE register values.
count
Displays the cumulative count of the CDE interrupts.
dist
Displays the CDE distribution type.
hash index_number
Displays the hash distribution table. Enter a value from 0 and 31.
health
Displays the CDE health.
interrupts
Displays the CDE interrupts.
reg
Displays the specified CDE register.
cde_number
CDE number.
register
Register value. Enter a hexadecimal value from 0x0 to 0x1d9.
stats
Displays the specified CDE statistics.
cumulative
Displays the cumulative CDE statistics from the last invocation of the show cde command.
stats
Displays the delta CDE statistics from the last invocation of the show cde command.
vlan vlan_number
Displays the VLAN distribution table for the specified VLAN. Enter the desired VLAN number.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display all of the CDE register values, enter:
host1/Admin# show cde allRelated Commands
show checkpoint
To display information relating to the configured checkpoints, use the show checkpoint command.
show checkpoint {all | detail name} [|] [>]
Syntax Description
all
Displays a list of all existing checkpoints.
detail name
Displays the running configuration of the specified checkpoint.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show checkpoint command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the running configuration for the checkpoint MYCHECKPOINT, enter:
host1/Admin# show checkpoint detail MYCHECKPOINTRelated Commands
show clock
To display the current date and time settings of the system clock, use the show clock command.
show clock [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To configure the system clock setting, use the clock command in the configuration mode.
For information about the fields in the show clock command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the current clock settings, enter:
host1/Admin# show clockFri Feb 24 20:08:14 UTC 2006Related Commands
show conn
To display the connection statistics, use the show conn command.
show conn {address ip_address1 [ip_address2] netmask mask} | count | detail | {port number1 [number2]} | {protocol {tcp | udp}} [|] [>]
Syntax Description
address ip_address1 [ip_address2]
Displays connection statistics for a single source or destination IP address or, optionally, for a range of source or destination IP addresses. To specify a range of IP addresses, enter an IP address for the lower limit of the range and a second IP address for the upper limit of the range. Enter one or two IP addresses in dotted-decimal notation (for example, 192.168.12.15).
count
Displays the total current connections to the ACE.
detail
Displays detailed connection information.
netmask mask
Network mask for the IP address or range of IP addresses you specify. Enter a network mask in dotted decimal notation (for example, 255.255.255.0).
port number1 [number2]
Displays connection statistics for a single source or destination port or, optionally, for a range of source or destination ports.
protocol {tcp | udp}
Displays connection statistics for TCP or UDP.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show conn command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display connection statistics for a range of IP addresses, enter:
host1/Admin# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0Related Commands
show context
To display the context configuration information, use the show context command.
show context [context_name | Admin] [|] [>]
Syntax Description
context_name
(Optional) Name of user-created context. The ACE displays just the specified context configuration information. The context_name argument is case-sensitive. and is visible only from the admin context.
Admin
(Optional) Displays just the admin context configuration information. This keyword is visible only from the admin context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE displays different information for this command depending on the context you are in when executing the command:
•
•
For information about the fields in the show context command output, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To display the Admin context and all user-context configuration information, enter:
host1/Admin# show contextTo display the configuration information for the user context CTX1, enter:
host1/Ctx1# show contextRelated Commands
show copyright
To display the software copyright information for the ACE, use the show copyright command.
show copyright [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show copyright command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the ACE software copyright information, enter:
host1/Admin# show copyrightRelated Commands
This command has no related commands.
show crypto
To display the summary and detailed reports on files containing SSL certificates, key pairs, and chain groups, use the show crypto command.
show crypto {certificate {filename | all} | chaingroup {filename | all} | csr-params {filename | all} | files | key {filename | all}} [|] [>]
Syntax Description
certificate
Specifies certificate file type.
chaingroup
Specifies chaingroup file type.
key
Specifies key pair file type.
filename
Name of a specific file. The ACE displays the detailed report for the specified file.
all
Displays the summary report that lists all the files of the specified file type.
files
Displays the summary report listing all of the crypto files loaded on the ACE, including certificate, chaingroup, and key pair files. The summary report also shows whether the file contains a certificate, a key pair, or both.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When using the show crypto certificate command and the certificate file contains a chain, the ACE displays only the bottom level certificate (the signers are not displayed).
For information about the fields in the show crypto command output, see the Cisco Application Control Engine Module SSL Configuration Guide.
Examples
To display the summary report listing all of the crypto files, enter:
host1/Admin# show crypto filesRelated Commands
show debug
To display the debug flags, use the show debug command.
show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp | fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd} [|] [>]
Syntax Description
aaa
Displays the 301 debugging flags.
access-list
Displays the access-list debug flags.
arpmgr
Displays the arp manager debug flags.
ascii-cfg
Displays the ascii-cfg debugging flags.
bpdu
Displays the bpdu debug flags.
buffer
Displays the CP buffer debugging flags.
cfg_cntlr
Displays the configuration controller debug flags.
cfgmgr
Displays the configuration manager debug flags.
clock
Displays the state of Clock debug settings.
dhcp
Displays the DHCP debugging flags.
fifo
Displays the show packet Fifo debugging flags.
fm
Displays the feature manager debug flags.
fs-daemon
Displays the fs daemon debugging flags.
ha_dp_mgr
Displays the HA-DP manager debug flags.
ha_mgr
Displays the HA manager debug flags.
hm
Displays the hm debug flags.
ifmgr
Displays the interface manager debug flags.
ipcp
Displays the kernel IPCP debugging flags.
lcp
Displays the lcp debug flags.
ldap
Displays the LDAP debugging flags.
license
Displays the licensing debugging flags.
logfile
Displays the contents of the logfile.
nat-download
Displays the NAT download debug flags.
netio
Displays the CP net I/O debugging flags.
pfmgr
Displays the platform manager debug flags.
pktcap
Displays the packet capture debug flags.
radius
Displays the RADIUS debugging flags.
routemgr
Displays the route manager debug flags.
scp
Displays the SCP debug flags.
security
Displays the security/accounting debugging flags.
sme
Displays the System Manager Extension debug flags.
snmp
Displays the SNMP server debugging flags.
ssl
Displays the SSL manager debug flags.
syslogd
Displays the syslogd debug flags.
system
Displays the system debugging flags.
tacacs+
Displays the TACACS+ debugging flags.
tl
Displays the CP buffer debugging flags.
ttyd
Displays the TTYD debugging flags.
virtualization
Displays the virtualization debug flags.
vnet
Displays the VNet driver debugging flags.
vshd
Displays the VSHD debugging flags.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the debug feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To display the VSHD debugging flags, enter:
host1/Admin# show debug vshdRelated Commands
show domain
To display the information about the configured domains in the ACE, use the show domain command.
show domain [name] [|] [>]
Syntax Description
name
(Optional) Name of an existing context domain. Specify a domain name to display the detailed configuration report relating to just the specified domain.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
