-
Application Control Engine Module Command Reference (Software Version A2(1.0))
-
CLI Command Summary By Mode
-
Preface
-
Using the Command-Line Interface
-
CLI Commands
-
Exec Mode Commands
-
Configuration Mode Commands
-
Action List Configuration Mode Commands
-
Authentication Group Configuration Mode Commands
-
Chaingroup Configuration Mode Commands
-
Class Map Configuration Mode Commands
-
Console Configuration Mode Commands
-
Context Configuration Mode Commands
-
CSR Parameters Configuration Mode Commands
-
Domain Configuration Mode Commands
-
FT Group Configuration Mode Commands
-
FT Interface Configuration Mode Commands
-
FT Peer Configuration Mode Commands
-
FT Track Configuration Mode Commands
-
Interface Configuration Mode Commands
-
KAL-AP UDP Configuration Mode Commands
-
LDAP Configuration Mode Commands
-
Line Configuration Mode Commands
-
Object Group Configuration Mode Commands
-
Parameter Map Configuration Mode Commands
-
Policy Map Configuration Mode Commands
-
Probe Configuration Mode Commands
-
RADIUS Configuration Mode Commands
-
Real Server Configuration Mode Commands
-
Resource Configuration Mode Commands
-
Role Configuration Mode Commands
-
Server Farm Configuration Mode Commands
-
SSL Proxy Configuration Mode Commands
-
Sticky Configuration Mode Commands
-
TACACS+ Configuration Mode Commands
-
Table Of Contents
show security internal event-history
Exec Mode Commands
You can access Exec mode commands immediately after you log in to an ACE. Many of these commands are followed by keywords that make them distinct commands (for example, show aaa, show access-list, show accounting, and so on). To increase readability of command syntax, these commands are presented separately in this command reference.
You can also execute Exec mode commands from any of the configuration modes using the do command. For example, to display the ACE running configuration from the Exec mode, use the show running-config command. To execute the same command from the configuration mode, use the do show running-config command.
capture
To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command. As part of the packet capture process, you specify whether to capture packets from all interfaces or an individual VLAN interface.
capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
3.0(0)A1(5)
The buffer size was limited to 5000 KB.
A2(1.0)
The stop option was introduced.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The packet capture function enables access control lists (ACLs) to control which packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.
Under high traffic conditions, you may observe up to 64 packets printing on the console after you enter the stop keyword. These additional messages can occur because the packets were in transit or buffered before you entered the stop keyword.
The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
The ACE does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in flash memory, use the copy capture command.
Examples
To start the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1host1/Admin# capture CAPTURE1 startRelated Commands
changeto
To move from one context on the ACE to another context, use the changeto command.
changeto context_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the changeto feature in your user role (as found in all of the predefined user roles). For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Only users authorized in the admin context can use the changeto command to navigate between the various contexts. Context administrators, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
The command prompt indicates the context that you are currently in (see the following example).
The user role that is enforced after you enter the changeto command is that of the Admin context and not that of the non-Admin context.
You cannot add, modify, or delete objects in a custom domain after you change to a non-Admin context.
•
If you originally had access to the default-domain in the Admin context prior to moving to a non-Admin context, the ACE allows you to configure any object in the non-Admin context.
•
Examples
To change from the Admin context to the context CTX1, enter:
host1/Admin# changeto CTX1host1/CTX1#Examples
To change from the Admin context to the context CTX1, enter:
host1/Admin# changeto CTX1host1/CTX1#Related Commands
checkpoint
To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command.
checkpoint {create | delete | rollback} name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To create the checkpoint CP102305, enter:
host1/Admin# checkpoint create CP102305Related Commands
clear access-list
To clear access control list (ACL) statistics, use the clear access-list command.
clear access-list name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the access control list ACL1, enter:
host1/Admin# clear access-list ACL1Related Commands
(config) access-list ethertype
(config) access-list extendedclear accounting log
To clear the accounting log, use the clear accounting log command.
clear accounting log
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the accounting log, enter:
host1/Admin# clear accounting logRelated Commands
show accounting log
(config) aaa accounting defaultclear arp
To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP processes, use the clear arp command.
clear arp [no-refresh | {statistics [vlan number]}]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised with the vlan option.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you enter the clear arp command with no option, it clears all learned ARP entries and then refreshes the ARP entries.
Examples
To clear the ARP statistics, enter:
host1/Admin# clear arp statisticsTo clear the ARP learned entries and then refresh the ARP entries, enter:
host1/Admin# clear arpRelated Commands
clear buffer stats
To clear the control plane buffer statistics, use the clear buffer stats command.
clear buffer stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane buffer statistics, enter:
host1/Admin# clear buffer statsRelated Commands
clear capture
To clear an existing capture buffer, use the clear capture command.
clear capture name
Syntax Description
Command Modes
Exec
Admin and user context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Use the dir command to view the capture files that you copied to the disk0: file system using the copy capture command.
Examples
To clear the capture buffer CAPTURE1, enter:
host1/Admin# clear capture CAPTURE1Related Commands
clear cde
To clear the classification and distribution engine (CDE) statistics and interrupt counts, use the clear cde command.
clear cde {interrupt | stats}
Syntax Description
Command Modes
Exec
Admin context
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the CDE interrupt counts, enter:
host1/Admin# clear cde interruptRelated Commands
clear conn
To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn command.
clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip | dest_port}} | rserver name [port_number] serverfarm sfarm_name]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear only the connections that go through the ACE (flows that pass through the ACE between the originating network host and the terminating network host), use the clear conn command without any keywords. When you do not include any keywords, the connections that terminate or originate with the ACE are not cleared.
Examples
To clear the connections for the real server RSERVER1, enter:
host1/Admin# clear conn rserver RSERVER1Related Commands
clear cores
To clear all of the core dumps stored in the core: file system, use the clear cores command.
clear cores
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Note
To view the list of core files in the core: file system, use the dir core: command.
To save a copy of a core dump to a remote server before clearing it, use the copy capture command.
To delete a specific core dump file from the core: file system, use the delete core: command.
Examples
To clear all core dumps, enter:
host1/Admin# clear coresRelated Commands
clear crypto session-cache
To clear the session cache information in the context, use the clear crypto session-cache command.
clear crypto session-cache [all]
Syntax Description
all
(Optional) Clears the session cache information for all contexts. This option is available in the Admin context only.
Command Modes
Exec
Admin and user context. The all option is available in the Admin context only.
Command History
Usage Guidelines
This command has no usage guidelines.
Examples
To clear the session cache information in the context, enter:
host1/Admin# clear crypto session-cacheRelated Commands
This command has no related commands.
clear debug-logfile
To remove a debug log file, use the clear debug-logfile command.
clear debug-logfile filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To clear the debug log file DEBUG1, enter:
host1/Admin# clear debug-logfile DEBUG1Related Commands
clear fifo stats
To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command.
clear fifo stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane FIFO statistics, enter:
host1/Admin# clear fifo statsRelated Commands
clear ft
To clear the various fault-tolerant (FT) statistics, use the clear ft command.
clear ft {all | ha-stats | hb-stats | history {cfg_cntlr | ha_dp_mgr | ha_mgr} | track-stats [all]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear all fault-tolerant statistics, enter:
host1/Admin# clear ft allRelated Commands
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(config) ft track hsrp
(config) ft track interfaceclear icmp statistics
To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics command.
clear icmp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the ICMP statistics, enter:
host1/Admin# clear icmp statisticsRelated Commands
clear interface
To clear the interface statistics, use the clear interface command.
clear interface [vlan number | bvi number]
Syntax Description
vlan number
(Optional) Clears the statistics for the specified VLAN.
bvi number
(Optional) Clears the statistics for the specified Bridge Group Virtual Interface (BVI).
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear all of the interface statistics, enter the clear interface command without using the optional VLAN and BVI keywords.
Examples
To clear all of the interface statistics for VLAN 212, enter:
host1/Admin# clear interface vlan 212Related Commands
clear ip
To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip command.
clear ip [dhcp relay statistics | statistics]
Syntax Description
dhcp relay statistics
(Optional) Clears all of the DHCP relay statistics.
statistics
(Optional) Clears all of the statistics associated with IP normalization, fragmentation, and reassembly.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional keywords.
Examples
To clear all of the IP normalization, fragmentation, and reassembly statistics, enter:
host1/Admin# clear ip statisticsRelated Commands
clear line
To close a specified virtual terminal (VTY) session, use the clear line command.
clear line vty_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To terminate the VTY session VTY1, enter:
host1/Admin# clear line VTY1Related Commands
(config) line console
(config) line vtyclear logging
To clear information stored in the logging buffer, use the clear logging command.
clear logging [disabled | rate-limit]
Syntax Description
disabled
(Optional) Clears the logging buffer of "disabled" messages.
rate-limit
(Optional) Clears the logging buffer of "rate-limit configuration" messages.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To clear all of the information stored in the logging buffer, enter the clear logging command without using either of the optional keywords.
Examples
To clear all of the information stored in the logging buffer, enter:
host1/Admin# clear loggingRelated Commands
clear netio stats
To clear the control plane network I/O statistics, use the clear netio stats command.
clear netio stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane network I/O statistics, enter:
host1/Admin# clear netio statsRelated Commands
clear probe
To clear the probe statistics displayed through the show probe command, use the clear probe command.
clear probe name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear all the statistics for the probe HTTP1, enter:
host1/Admin# clear probe HTTP1Related Commands
clear processes log
To clear the statistics for the processes log, use the clear processes log command.
clear processes log {all | pid id}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the list of process identifiers assigned to each of the processes running on the ACE, use the show processes command.
Examples
To clear all the statistics for the processes log, enter:
host1/Admin# clear processes log allRelated Commands
clear rserver
To clear the real server statistics of all instances of a particular real server regardless of the server farms that it is associated with, use the clear rserver command.
clear rserver name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you have redundancy configured, then you need to explicitly clear real-server statistics on both the active and the standby ACEs. Clearing statistics on the active module only will leave the standby module's statistics at the old values.
Examples
To clear the statistics for the real server RS1, enter:
host1/Admin# clear rserver RS1Related Commands
clear rtcache
To clear the route cache, use the clear rtcache command.
clear rtcache
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the route cache, enter:
host1/Admin# clear rtcacheRelated Commands
This command has no related commands.
clear screen
To clear the display screen, use the clear screen command.
clear screen
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the display screen, enter:
host1/Admin# clear screenRelated Commands
This command has no related commands.
clear serverfarm
To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command.
clear serverfarm name [retcode]
Syntax Description
name
Name of an existing server farm.
retcode
(Optional) Clears the return-code statistics for the server farm.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the statistics for the server farm SFARM1, enter:
host1/Admin# clear serverfarm SFARM1Related Commands
clear service-policy
To clear the service policy statistics, use the clear service-policy command.
clear service-policy policy_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the statistics for the service policy HTTP1, enter:
host1/Admin# clear service-policy HTTP1Related Commands
clear ssh
To clear a Secure Shell (SSH) session or clear the public keys of all SSH hosts, use the clear ssh command.
clear ssh {session_id | hosts}
Syntax Description
session_id
Identifier of the SSH session to clear, terminating the session.
hosts
Clears the public keys of all trusted SSH hosts. This keyword is available to all users in all contexts.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To obtain the specific SSH session ID value, use the show ssh session-info command.
Examples
To clear the SSH session with the identifier 345, enter:
host1/Admin# clear ssh 345Related Commands
(config) ssh key
(config) ssh maxsessionsclear startup-config
To clear the startup configuration of the current context, use the clear startup-config command.
clear startup-config
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Clearing the startup configuration does not affect the context running-configuration.
The clear startup-config command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command.
To clear the startup configuration, you can also use the write erase command.
Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. Once you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration:
•
•
Examples
To clear the startup configuration, enter:
host1/Admin# clear startup-configRelated Commands
clear stats
To clear the statistical information stored in the ACE buffer, use the clear stats command.
clear stats {all | connection | http | inspect | loadbalance [radius | rdp] | probe | sticky}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, sticky, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you have redundancy configured, then you need to explicitly clear sticky statistics on both the active and the standby ACEs. Clearing statistics on the active module only will leave the standby module's statistics at the old values.
Examples
To clear sticky statistics, enter:
host1/Admin# clear stats stickyRelated Commands
clear sticky database
To clear dynamic sticky database entries, use the clear sticky database command.
clear sticky database {all | group name}
Syntax Description
all
Clears all dynamic sticky database entries in a context.
group name
Clears all dynamic sticky database entries for the specified sticky group.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command does not clear static sticky database entries. To clear static sticky database entries, use the no form of the appropriate sticky configuration mode command. For example, enter
(config-sticky-cookie) static cookie-value or (config-sticky-header) static header-value.Examples
To clear all dynamic sticky database entries in the Admin context, enter:
host1/Admin# clear sticky database allRelated Commands
clear syn-cookie
To clear the SYN cookie statistics, use the clear syn-cookie command. To clear SYN cookie statistics for all VLANs that are configured in the current context, enter the command with no arguments.
clear syn-cookie [vlan number]
Syntax Description
vlan number
(Optional) Instructs the ACE to clear SYN cookie statistics for the specified interface. Enter an integer from 2 to 2024.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no usage guidelines.
Examples
To clear SYN cookie statistics for VLAN 100, enter:
host1/C1# clear syn-cookie vlan 100
Related Commands
clear tcp statistics
To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command.
clear tcp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the TCP statistics, enter:
host1/Admin# clear tcp statisticsRelated Commands
clear telnet
To clear a Telnet session, use the clear telnet command.
clear telnet session_id
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To obtain the specific Telnet session identification number, use the show telnet command.
Examples
To clear the Telnet session with the identification number of 236, enter:
host1/Admin# clear telnet 236Related Commands
clear udp statistics
To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command.
clear udp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To clear the UDP statistics, enter:
host1/Admin# clear udp statisticsRelated Commands
clear user
To clear a user session, use the clear user command.
clear user name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the list of users that are currently logged in to the ACE, use the show users command.
Examples
To log out the user USER1, enter:
host1/Admin# clear user USER1Related Commands
clear vnet stats
To clear control plane virtual network (VNET) device statistics, use the clear vnet stats command.
clear vnet stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the VNET statistics, enter:
host1/Admin# clear vnet statsRelated Commands
clear xlate
To clear the global address to the local address mapping information based on the global address, global port, local address, local port, interface address as global address, and NAT type, use the clear xlate command.
clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface vlan number] [state static] [portmap]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you enter this command, the ACE releases sessions that are using the translations (Xlates).
If you configure redundancy, then you need to explicitly clear Xlates on both the active and the standby ACEs. Clearing Xlates on the active module does not clear Xlates in the standby module.
Examples
To clear all static translations, enter:
host1/Admin# clear xlate state staticRelated Commands
configure
To change from the Exec mode to the configuration mode, use the configure command.
configure [terminal]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires one or more features assigned to your user role, such as the AAA, interface, or fault-tolerant features. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To return to the Exec mode from the configuration mode, use the exit command.
To execute an Exec mode command from any of the configuration modes, use the do version of the command.
Examples
To change to the configuration mode from the Exec mode, enter:
host1/Admin# configurehost1/Admin(config)#Related Commands
copy capture
To copy an existing context packet capture buffer as the source file in the ACE compact flash to another file system, use the copy capture command.
copy capture capture_name disk0: [path/]destination_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the ACE and free memory.
Examples
To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter:
host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1Related Commands
copy core:
To copy a core file to a remote server, use the copy core: command.
copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy a core file from the ACE to a remote FTP server, enter:
host1/Admin# copy core:ixp0_crash.txt ftp://192.168.1.2Enter the destination filename[]? [ixp0_crash.txt]Enter username[]? user1Enter the file transfer mode[bin/ascii]: [bin]Password:Passive mode on.Hash mark printing on (1024 bytes/hash mark).
Note
Related Commands
copy disk0:
To copy a file from one directory in the disk0: file system of flash memory to another directory in disk0: or a network server, use the copy disk0: command.
copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy the file called SAMPLEFILE to the MYSTORAGE directory in flash memory, enter:
host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILERelated Commands
copy ftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote File Transfer Protocol (FTP) server to a location on the ACE, use the copy ftp: command.
copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote FTP server to the ACE, enter:
host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy image:
To copy an ACE software system image from flash memory to a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy image: command.
copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2Related Commands
copy licenses
To create a backup license file for the ACE licenses in the .tar format and copy it to the disk0: file system, use the copy licenses command.
copy licenses disk0:[path/]filename.tar
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy the installed software licenses to the disk0: file system, enter:
host1/Admin# copy licenses disk0:mylicenses.tarRelated Commands
copy running-config
To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration file in flash memory (nonvolatile memory) or a network server, use the copy running-config command.
copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
To copy the running configuration to the startup configuration, you can also use the write memory command.
Examples
To save the running-configuration file to the startup-configuration file in flash memory on the ACE, enter:
host1/Admin# copy running-config startup-configRelated Commands
copy startup-config
To merge the contents of the startup configuration file into the running configuration file or copy the startup configuration file to a network server, use the copy startup-config command.
copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To merge the contents of the startup-configuration file into the running-configuration file in flash memory, enter:
host1/Admin# copy startup-config running-configRelated Commands
copy sftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote Secure File Transfer Protocol (SFTP) server to a location on the ACE, use the copy sftp: command.
copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote SFTP server to the ACE, enter:
host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy tftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote Trivial File Transfer Protocol (TFTP) server to a location on the ACE, use the copy tftp: command.
copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To copy a startup-configuration file from a remote TFTP server to the ACE, enter:
host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
crypto delete
To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete command.
crypto delete {filename | all}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To delete the key pair file MYRSAKEY.PEM, enter:
host1/Admin# crypto delete MYRSAKEY.PEMRelated Commands
crypto export
To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen, use the crypto export command.
crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
You cannot export a certificate or key pair file that you marked as nonexportable when you imported the file to the ACE.
The remote server variables listed after the terminal keyword in the "Syntax Description" are used by the ACE only when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). We recommend using SFTP as it provides the most security.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter:
host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEMUser password: ****Writing remote file /usr/keys/mykey.pemhost1/Admin#Related Commands
crypto generate csr
To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command.
crypto generate csr csr_params key_filename
Syntax Description
csr_params
CSR parameters file that contains the distinguished name attributes. The ACE applies the distinguished name attributes contained in the CSR parameters file to the CSR.
To create a CSR parameters file, use the (config) crypto csr-params command in the configuration mode.
key_filename
RSA key pair filename that contains the key on which the CSR is built. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. It is the public key that the ACE embeds in the CSR. Ensure that the RSA key pair file is loaded on the ACE for the current context. If the appropriate key pair does not exist, the ACE logs an error message.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs it to the screen. Most major certificate authorities have web-based applications that require you to cut and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file.
Note
After submitting your CSR to the CA, you will receive your signed certificate in one to seven business days. When you receive your certificate, use the crypto import command to import the certificate to the ACE.
Examples
To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in the file MYRSAKEY_1.PEM, enter:
host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEMRelated Commands
crypto generate key
To generate an RSA key pair file, use the crypto generate key command.
crypto generate key [non-exportable] bitsize filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To generate the RSA key pair file MYRSAKEYS.PEM with a bit size of 1536, enter:
host1/Admin# crypto generate key 1536 MYRSAKEYS.PEMRelated Commands
crypto import
To import a certificate or key pair file to the ACE or terminal screen from a remote server, use the crypto import command.
crypto import [non-exportable] {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} | terminal local_filename [passphrase passphrase]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Because a device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both corresponding file types: the certificate file and its corresponding key pair file.
The remote server variables listed after the passphrase variable in the Syntax Description table are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). If you select one of these transport types and do not define the remote server variables, the ACE prompts you for the variable information. We recommend using SFTP as it provides the most security.
The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width. Of these methods, we recommend SFTP becaues it is secure.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter:
host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM MYKEY.PEMPassword: ********Passive mode on.Hash mark printing on (1024 bytes/hash mark).#Successfully imported file from remote server.host1/Admin#This example shows how to use the terminal keyword to allow pasting of the certificate information to the file MYCERT.PEM:
host1/Admin# crypto import terminal MYCERT.PEMEnter PEM formatted data ending with a blank line or "quit" on a line by itself--------BEGIN CERTIFICATE-----------------------MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENBMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3-----------END CERTIFICATE------------------------QUIThost1/Admin#Related Commands
crypto verify
To compare the public key in a certificate with the public key in a key pair file, and to verify that they are identical, use the crypto verify command.
crypto verify key_filename cert_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If the public key in the certificate does not match the public key in the key pair file, the ACE logs an error message.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To verify that the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match, enter:
host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEMkeypair in myrsakey.pem matches certificate in mycert.pemThis example shows what happens when the public keys do not match:
host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEMKeypair in myrsakey2.pem does not match certificate in mycert.pemhost1/Admin#Related Commands
debug
To enable the ACE debugging functions, use the debug command.
debug {aaa | access-list | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr | fifo | fm | gslb | ha_dp_mgr | ha_mgr | hm | ifmgr | ip | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | virtualization | vnet}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command is available to roles that allow debugging and to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To enable access-list debugging, enter:
host1/Admin# debug access-listRelated Commands
delete
To delete a specified file in an ACE file system, use the delete command.
delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If you do not specify a filename with the file system keyword, the ACE prompts you for a filename.
To display the list of files that reside in a file system, use the dir command.
Examples
To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:
host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZRelated Commands
dir
To display the contents of a specified ACE file system, use the dir command.
dir {core: | disk0:[path/][filename] | image:[filename] | probe:[filename] | volatile:[filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
The probe: option was introduced.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To delete a file from a file system, use the delete command.
To delete all core dumps, use the clear cores command.
Examples
To display the contents of the drive0: file system, enter:
host1/Admin# dir disk0:Related Commands
exit
To exit out of Exec mode and log out the CLI session, use the exit command.
exit
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To log out of an active CLI session, enter:
host1/Admin# exitRelated Commands
This command has no related commands.
format disk0:
To erase all data stored on the flash memory and reformat it with the FAT16 version of the file allocation table, use the format disk0: command. All user-defined configuration information is erased and the ACE returns to the factory-default settings.
format disk0:
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Before you reformat the flash memory, you should save a copy of the following ACE operation and configuration attributes to a remote server:
•
•
•
•
•
•
•
After you reformat the flash memory, perform the following actions:
•
•
•
–
–
•
–
–
Examples
To reformat flash memory, enter:
host1/Admin# format disk0:Related Commands
ft switchover
To purposely cause a failover to make a particular context active, use the ft switchover command.
ft switchover [all [force] | force | group_id [force]]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT group, which forces a switchover.
You may need to force a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully become the active member of the FT group, a switchover occurs. To use this command, you must configure the no preempt command in FT group configuration mode.
The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context:
•
•
Examples
To cause a switchover from the active module to the standby module of FT group1, enter:
host1/Admin# ft switchover 1Related Commands
gunzip
To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe script files), use the gunzip command.
gunzip disk0:[path/]filename.gz
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file that is zipped by the gzip (GNU zip) compression utility.
To display a list of available zipped files on disk0:, use the dir command.
Examples
To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file system, enter:
host1/Admin# gunzip disk0:PROBE_SCRIPTS.gzRelated Commands
invoke context
To display the context running configuration information from the Admin context, use the invoke context command.
invoke context context_name show running-config
Syntax Description
Command Modes
Exec
Admin context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To display the running configuration for the C1 user context from the Admin context, enter:
host1/Admin# invoke context C1 show running-configRelated Commands
This command has no related commands.
license
To install, update, or uninstall licenses on the ACE, use the license command.
license {install disk0:[path/]filename [target_filename] | uninstall name | update disk0:[path/]permanent_filename demo_filename}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
After you receive a demo or permanent software license key in an e-mail from Cisco Systems, you must copy the license file to a network server and then use the copy tftp command in Exec mode to copy the file to the disk0: file system on the ACE.
To update an installed demo license with a permanent license, use the license update command. The demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage command.
To back up license files, use the copy licenses command
Caution
For more information about the types of ACE licenses available and how to manage the licenses on your ACE, see the Cisco Application Control Engine Module Administration Guide.
Examples
To install a new permanent license, enter:
host1/Admin# license install disk0:ACE-VIRT-020.LICTo uninstall a license, enter:
host1/Admin# license uninstall ACE-VIRT-250.LICTo update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-VIRT-250.LIC ACE-VIRT-250-demo.LICRelated Commands
mkdir disk0:
To create a new directory in disk0:, use the mkdir disk0: command.
mkdir disk0:[path/]directory_name
Syntax Description
[path/]directory_name
Name that you assign to the new directory. Specify the optional path if you want to create a directory within an existing directory.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If a directory with the same name already exists, the ACE does not create the new directory and the "Directory already exists" message appears.
Examples
To create a directory in disk0: called TEST_DIRECTORY, enter:
host1/Admin# mkdir disk0:TEST_DIRECTORYRelated Commands
move disk0:
To move a file between directories in the disk0: file system, use the move disk0: command.
move disk0:[source_path/]filename disk0:[destination_path/]filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
If a file with the same name already exists in the destination directory, that file is overwritten by the file that you move.
Examples
To move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:, enter:
host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILERelated Commands
np session
To execute network processor-related commands, use the np session command.
np session {disable | enable}
Syntax Description
disable
Disables sessions to the network processor from the Supervisor Engine 720.
enable
Enables sessions to the network processor from the Supervisor Engine 720.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To enable sessions to the network processor from the Supervisor Engine 720, enter:
host1/Admin# np session enableRelated Commands
This command has no related commands.
ping
To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the ping command.
ping target_ip
Syntax Description
target_ip
IP address of the remote host to ping. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ping command sends an echo request packet to an address from the current context on the ACE and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and the path, and whether the host can be reached or is functioning.
To terminate a ping session before it reaches its timeout value, press Ctrl-C.
Examples
To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter:
host1/Admin# ping 196.168.1.2Related Commands
reload
To reload the configuration on the ACE, use the reload command.
reload
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command.
Caution
Examples
To execute a soft reboot, enter:
host1/Admin# reloadThis command will reboot the systemSave configurations for all the contexts. Save? [yes/no]: [yes]Related Commands
reprogram bootflash
To reprogram the field upgradable (FUR) partition of the ROM monitor (rommon) image on the ACE, use the reprogram bootflash command.
reprogram bootflash {default-image {disk0:[path/]filename | image:[path/]filename} | fur-image {disk0:[path/]filename | image:[path/]filename} | invalidate-fur-image | validate-fur-image}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The reprogram bootflash command is intended for use by trained Cisco personnel only. Entering this command may cause unexpected results. Do not attempt to use the reprogram bootflash command without guidance from Cisco support personnel.
Examples
To reprogram the rommon image FUR partition on the image: file system, enter:
host1/Admin# reprogram bootflash fur-image image:sb-ace.NOV_11Related Commands
This command has no related commands.
rmdir disk0:
To remove a directory from the disk0: file system, use the rmdir disk0: command.
rmdir disk0:directory
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command.
Examples
To remove the directory TEST_DIRECTORY from disk0:, enter:
host1/Admin# rmdir disk0:TEST-DIRECTORYRelated Commands
show
To display ACE statistical and configuration information, use the show command.
show keyword [| {begin pattern | count | end | exclude pattern | include pattern | last | more}] [> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}]
Syntax Description
Command Modes
Exec
Command History
Usage Guidelines
The features required in your user role to execute a specific show command are described in the "Usage Guidelines" section of the command. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Most commands have an associated show command. For example, the associated show command for the interface command in configuration mode is the show interface command. Use the associated show command to verify changes that you make to the running configuration.
The output of the show command may vary depending on the context that you enter the command from. For example, the show running-config command displays the running-configuration for the current context only.
To convert show command output from the ACE to XML for result monitoring by an NMS, use the xml-show command.
Examples
To display the current running configuration, enter:
host1/Admin# show running-configRelated Commands
show aaa
To display AAA accounting and authentication configuration information for the current context, use the show aaa command.
show aaa {accounting | authentication [login error-enable] | groups} [|] [>]
Syntax Description
accounting
Displays accounting configuration information.
authentication
Displays authentication configuration information.
login error-enable
(Optional) Displays the status of the login error message configuration.
groups
Displays the configured server groups.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show aaa command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display the accounting configuration information, enter:
host1/Admin# show aaa accountingdefault: localRelated Commands
(config) aaa accounting default
(config) aaa authentication loginshow access-list
To display statistics associated with a specific access control list (ACL), use the show access-list command.
show access-list name [detail] [|] [>]
Syntax Description
name
Name of an existing ACL. Enter the name as an unquoted text string.
detail
Displays detailed information for the specified ACL.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised with the detail option.
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACL information that the ACE displays when you enter the show access-list command includes the ACL name, the number of elements in the ACL, the operating status of the ACL (ACTIVE or NOT ACTIVE), any configured remarks, the ACL entry, and the ACL hit count.
For information about the fields in the show access-list command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display statistical and configuration information for the ACL ACL1, enter:
host1/Admin# show access-list ACL1Related Commands
clear access-list
show running-config(config) access-list ethertype
(config) access-list extended
(config) access-list remark
(config) access-list resequenceshow accounting log
To display AAA accounting log information, use the show accounting log command.
show accounting log [size] [|] [>]
Syntax Description
size
(Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to 250000. The default is 250000 bytes.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show accounting log command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display the contents of the accounting log file, enter:
host1/Admin# show accounting logRelated Commands
(config) aaa accounting default
show acl-merge
To display statistics related to merged ACLs, use the show acl-merge command.
show acl-merge {acls vlan number {in | out} [summary]} | {match vlan number {in | out} ip_address1 ip_address2 protocol src_port dest_port} | {merged-list vlan number {in | out} [non-redundant | summary]} [|] [>]
Syntax Description
acls
Displays various feature ACLs and their entries before the merge.
vlan number
Specifies the interface on which the ACL was applied.
in | out
Specifies the direction in which the ACL was applied to network traffic: incoming or outgoing.
summary
(Optional) Displays summary information before or after the merge.
match
Displays the ACL entry that matches the specified tuple.
ip_address1
Source IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
ip_address2
Destination IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
protocol
Protocol specified in the ACL.
src_port
Source port specified in the ACL.
dest_port
Destination port specified in the ACL.
merged-list
(Optional) Displays the merged ACL.
non-redundant
(Optional) Displays only those ACL entries that have been downloaded to a network processor.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the acl-merge feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a redundant configuration. The number assigned depends on the order in which the ACLs are applied to the VLANs. This number can be different on the two modules. The ACL merged list could be different on the two modules depending on when redundancy is enabled.
Examples
To display the ACL merge information for VLAN 401, enter:
host1/Admin# show acl-merge acls vlan 401 in summaryRelated Commands
This command has no related commands.
show arp
To display the current active IP address-to-MAC address mapping in the Address Resolution Protocol (ARP) table, statistics, or inspection or timeout configuration, use the show arp command.
show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>]
Syntax Description
inspection
(Optional) Displays the ARP inspection configuration.
internal event-history dbg
(Optional) Displays the ARP internal event history. The ACE debug commands are intended for use by trained Cisco personnel only. Do not attempt to use these commands without guidance from Cisco support personnel.
statistics
(Optional) Displays the ARP statistics for all VLAN interfaces.
vlan vlan_number
(Optional) Displays the statistics for the specified VLAN number.
timeout
(Optional) Displays the ARP timeout values.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The show arp command without options displays the active IP address-to-MAC address mapping in the ARP table.
For information about the fields in the show arp command output, see the Cisco Application Control Engine Module Routing and Bridging Configuration Guide.
Examples
To display the current active IP address-to-MAC address mapping in the ARP table, enter:
host1/Admin# show arpRelated Commands
show banner motd
To display the configured banner message of the day, use the show banner motd command.
show banner motd [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To configure the banner message, use the banner command in the configuration mode.
For information about the fields in the show banner motd command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the message of the day, enter:
host1/Admin# show banner motdRelated Commands
show bootvar
To display the current BOOT environment variable and configuration register setting, use the show bootvar command.
show bootvar [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To set the BOOT environment variable, use the boot system image: command in the configuration mode.
For information about the fields in the show bootvar command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvarBOOT variable = "disk0:c6ace-t1k9-mzg.3.0.0_A0_2.48.bin"Configuration register is 0x1Related Commands
This command has no related commands.
show buffer
To display the buffer manager module messages, use the show buffer command.
show buffer {events-history | stats | usage} [|] [>]
Syntax Description
events-history
Displays a historic log of the most recent messages generated by the buffer manager event history.
stats
Displays detailed counters for various buffer manager event occurrences.
usage
Displays the number of buffers currently being held (allocated but not freed) by each buffer module. The usage keyword also shows an estimate of the number of times a particular buffer module has freed the same buffer more than once (this condition indicates a software error).
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the control plane buffer event history, enter:
host1/Admin# show buffer events-history1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa02) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000[102] total blocks=151682 (ctrl=75841, data=75841)Related Commands
show capture
To display the packet information that the ACE traces as part of the packet capture function, use the show capture command.
show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status] [|] [>]
Syntax Description
buffer_name
Name of the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters.
detail
(Optional) Displays additional protocol information for each packet.
connid connection_id
(Optional) Displays protocol information for a specified connection identifier.
range packet_start packet_end
(Optional) Displays protocol information for a range of captured packets.
status
(Optional) Displays capture status information for each packet.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For all types of received packets, the console display is in tcpdump format.
To copy the capture buffer information as a file in flash memory, use the copy capture command.
For information about the fields in the show capture command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the captured packet information contained in packet capture buffer CAPTURE1, enter:
switch/Admin# show capture CAPTURE1Related Commands
show cde
To display the classification and distribution engine (CDE) register values, use the show cde command.
show cde {all | count | dist | hash index_number | health | interrupts | reg cde_number register | stats {cumulative | stats} | vlan vlan_number} [|] [>]
Syntax Description
all
Displays all CDE register values.
count
Displays the cumulative count of the CDE interrupts.
dist
Displays the CDE distribution type.
hash index_number
Displays the hash distribution table. Enter a value from 0 to 31.
health
Displays the CDE health.
interrupts
Displays the CDE interrupts.
reg
Displays the specified CDE register.
cde_number
CDE number.
register
Register value. Enter a hexadecimal value from 0x0 to 0x1d9.
stats
Displays the specified CDE statistics.
cumulative
Displays the cumulative CDE statistics from the last invocation of the show cde command.
stats
Displays the delta CDE statistics from the last invocation of the show cde command.
vlan vlan_number
Displays the VLAN distribution table for the specified VLAN. Enter the desired VLAN number.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display all of the CDE register values, enter:
host1/Admin# show cde allRelated Commands
show checkpoint
To display information relating to the configured checkpoints, use the show checkpoint command.
show checkpoint {all | detail name} [|] [>]
Syntax Description
all
Displays a list of all existing checkpoints.
detail name
Displays the running configuration of the specified checkpoint.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show checkpoint command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the running configuration for the checkpoint MYCHECKPOINT, enter:
host1/Admin# show checkpoint detail MYCHECKPOINTRelated Commands
show clock
To display the current date and time settings of the system clock, use the show clock command.
show clock [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To configure the system clock setting, use the clock command in the configuration mode.
For information about the fields in the show clock command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the current clock settings, enter:
host1/Admin# show clockFri Feb 24 20:08:14 UTC 2006Related Commands
show conn
To display the connection statistics, use the show conn command.
show conn {address ip_address1 [ip_address2] netmask mask} | count | detail | {port number1 [number2]} | {protocol {tcp | udp}} | {rserver rs_name [port_number serverfarm sfarm_name1 | serverfarm sfarm_name1]} | {serverfarm sfarm_name2} [|] [>]
Syntax Description
address ip_address1 [ip_address2]
Displays connection statistics for a single source or destination IP address or, optionally, for a range of source or destination IP addresses. To specify a range of IP addresses, enter an IP address for the lower limit of the range and a second IP address for the upper limit of the range. Enter one or two IP addresses in dotted-decimal notation (for example, 192.168.12.15).
netmask mask
Specifies the network mask for the IP address or range of IP addresses that you specify. Enter a network mask in dotted-decimal notation (for example, 255.255.255.0).
count
Displays the total current connections to the ACE.
Note
detail
Displays detailed connection information.
Note
port number1 [number2]
Displays connection statistics for a single source or destination port or optionally, for a range of source or destination ports.
protocol {tcp | udp}
Displays connection statistics for TCP or UDP.
rserver rs_name
Displays connection statistics for the specified real server.
port_number
(Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535.
serverfarm sfarm_name1
(Optional) Displays connection statistics for the specified real server associated with this server farm.
serverfarm sfarm_name2
Displays connection statistics for the real servers associated with the specified server farm.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show conn command output, see the Cisco Application Control Engine Module Security Configuration Guide.
Examples
To display connection statistics for a range of IP addresses, enter:
host1/Admin# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0Related Commands
show context
To display the context configuration information, use the show context command.
show context [context_name | Admin] [|] [>]
Syntax Description
context_name
(Optional) Name of user-created context. The ACE displays just the specified context configuration information. The context_name argument is case sensitive. and is visible only from the admin context.
Admin
(Optional) Displays just the admin context configuration information. This keyword is visible only from the admin context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE displays different information for this command depending on the context that you are in when executing the command:
•
•
For information about the fields in the show context command output, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To display the Admin context and all user-context configuration information, enter:
host1/Admin# show contextTo display the configuration information for the user context CTX1, enter:
host1/Ctx1# show contextRelated Commands
show copyright
To display the software copyright information for the ACE, use the show copyright command.
show copyright [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
For information about the fields in the show copyright command output, see the Cisco Application Control Engine Module Administration Guide.
Examples
To display the ACE software copyright information, enter:
host1/Admin# show copyrightRelated Commands
This command has no related commands.
show crypto
To display the summary and detailed reports on files containing Secure Sockets Layer (SSL) certificates, key pairs, chain and authentication groups, and statistics, use the show crypto command.
show crypto {authgroup {group_name| all} | certificate {filename | all} | chaingroup {filename | all} | csr-params {filename | all} | files | hardware | key {filename | all} | session}} [|] [>]
Syntax Description
authgroup
Specifies the authentication group file type.
group_name
Name of the specific authentication group file.
all
Displays the summary report that lists all the files of the specified file type or certificates for each authentication group.
certificate
Specifies the certificate file type.
filename
Name of a specific file. The ACE displays the detailed report for the specified file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.
chaingroup
Specifies the chaingroup file type.
csr-params
Specifies the Certificate Signing Request (CSR) parameter set.
files
Displays the summary report listing all of the crypto files loaded on the ACE, including certificate, chaingroup, and key pair files. The summary report also shows whether the file contains a certificate, a key pair, or both.
hardware
Displays the statistics for the debugging of the SSL crypto processor for the ACE module. This keyword applies to the module and not per context. This statistics report is intended for use by trained Cisco personnel for troubleshooting purposes only.
key
Specifies the key pair file type.
session
Displays the number of cached TLS and SSL client and server session entries in the current context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When using the show crypto certificate command and the certificate file contains a chain, the ACE displays only the bottom level certificate (the signers are not displayed).
For information about the fields in the show crypto command output, see the Cisco Application Control Engine Module SSL Configuration Guide.
Examples
To display the summary report that lists all of the crypto files, enter:
host1/Admin# show crypto filesRelated Commands
show debug
To display the debug flags, use the show debug command.
show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp | fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd} [|] [>]
Syntax Description
aaa
Displays the 301 debug flags.
access-list
Displays the access-list debug flags.
arpmgr
Displays the Address Resolution Protocol (ARP) manager debug flags.
ascii-cfg
Displays the ASCII cfg debug flags.
bpdu
Displays the bridge protocol data unit (BPDU) debug flags.
buffer
Displays the CP buffer debug flags.
cfg_cntlr
Displays the configuration controller debug flags.
cfgmgr
Displays the configuration manager debug flags.
clock
Displays the state of clock debug settings.
dhcp
Displays the Dynamic Host Configuration Protocol (DHCP) debug flags.
fifo
Displays the show packet first in, first out (FIFO) debug flags.
fm
Displays the feature manager debug flags.
fs-daemon
Displays the FS daemon debug flags.
ha_dp_mgr
Displays the high availability (HA) dataplane manager debug flags.
ha_mgr
Displays the HA manager debug flags.
hm
Displays the HM debug flags.
ifmgr
Displays the interface manager debug flags.
ipcp
Displays the kernel IP Control Protocol (IPCP) debug flags.
lcp
Displays the LCP debug flags.
ldap
Displays the Lightweight Directory Access Protocol (LDAP) debug flags.
license
Displays the licensing debug flags.
logfile
Displays the contents of the logfile.
nat-download
Displays the Network Address Translation (NAT) download debug flags.
netio
Displays the CP net I/O debug flags.
pfmgr
Displays the platform manager debug flags.
pktcap
Displays the packet capture debug flags.
radius
Displays the Remote Authentication Dial-In User Service (RADIUS) debug flags.
routemgr
Displays the route manager debug flags.
scp
Displays the Secure Copy Protocol (SCP) debug flags.
security
Displays the security/accounting debug flags.
sme
Displays the System Manager Extension (SME) debug flags.
snmp
Displays the Simple Network Management Protocol (SNMP) server debug flags.
ssl
Displays the Secure Sockets Layer (SSL) manager debug flags.
syslogd
Displays the syslogd debug flags.
system
Displays the system debug flags.
tacacs+
Displays the Terminal Access Controller Access Control System Plus (TACACS+) debug flags.
tl
Displays the CP buffer debug flags.
ttyd
Displays the TTYD debug flags.
virtualization
Displays the virtualization debug flags.
vnet
Displays the virtual network (VNET) driver debug flags.
vshd
Displays the VSHD debug flags.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the debug feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To display the VSHD debug flags, enter:
host1/Admin# show debug vshdRelated Commands
show domain
To display the information about the configured domains in the ACE, use the show domain command.
show domain [name] [|] [>]
Syntax Description
name
(Optional) Name of an existing context domain. Specify a domain name to display the detailed configuration report that relates to the specified domain.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
To display the complete domain configuration report that lists all of the configured domains, enter the show domain command without including the name argument.
For information about the fields in the show domain command output, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
Examples
To display the domain configuration report for the domain D1, enter:
host1/Admin# show domain D1Related Commands
show fifo
To display the packet first in, first out (FIFO) statistics for the Pkt-Fifo module, use the show fifo command.
show fifo {event-history | registers | stats} [|] [>]
Syntax Description
event-history
Displays a historic log of the most recent debug messages generated by the Pkt-Fifo module.
registers
Displays the state of all the registers associated with the transmit and receive hardware engines.
stats
Displays detailed counters for the various Pkt-Fifo module event occurrences.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
3.0(0)A1(2)
This command was introduced.
3.0(0)A1(5)
Interrupt statistics were added to the output of the stats keyword.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the
