-
Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine
-
CLI Command Summary By Mode
-
Preface
-
Using the Command-Line Interface
-
Exec Mode Commands
-
Configuration Mode Commands
-
Action List Modify Configuration Mode Commands
-
Authentication Group Configuration Mode Commands
-
Chaingroup Configuration Mode Commands
-
Class Map Configuration Mode Commands
-
Console Configuration Mode Commands
-
Context Configuration Mode Commands
-
CSR Parameters Configuration Mode Commands
-
DCI Configuration Mode Commands
-
Domain Configuration Mode Commands
-
FT Group Configuration Mode Commands
-
FT Interface Configuration Mode Commands
-
FT Peer Configuration Mode Commands
-
FT Track Host Configuration Mode Commands
-
Interface Configuration Mode Commands
-
KAL-AP UDP Configuration Mode Commands
-
LDAP Configuration Mode Commands
-
Line Configuration Mode Commands
-
Object Group Configuration Mode Commands
-
Optimize Configuration Mode Commands
-
Parameter Map Connection Configuration Mode Commands
-
Policy Map Configuration Mode Commands
-
Probe Configuration Mode Commands
-
RADIUS Configuration Mode Commands
-
Real Server Host Configuration Mode Commands
-
Role Configuration Mode Commands
-
Resource Configuration Mode Commands
-
Server Farm Host Configuration Mode Commands
-
SSL Proxy Configuration Mode Commands
-
Sticky HTTP Cookie Configuration Mode Commands
-
TACACS+ Configuration Mode Commands
-
VM Configuration Mode Commands
-
Feedback
Table Of Contents
show security internal event-history
show sticky cookie-insert group
CLI Commands
This chapter provides detailed information for the following types of CLI commands for the ACE:
•
Commands that you can enter after you log in to the ACE.
•
The description of each command includes the following:
•
•
Exec Mode Commands
You can access Exec mode commands immediately after you log in to an ACE. Many of these commands are followed by keywords that make them distinct commands (for example, show aaa, show access-list, show accounting, and so on). To increase readability of command syntax, these commands are presented separately in this command reference.
You can also execute Exec mode commands from any of the configuration modes using the do command. For example, to display the ACE running configuration from the Exec mode, use the show running-config command. To execute the same command from the configuration mode, use the do show running-config command.
backup
To backup the configuration files and dependent files in a context or in all contexts, use the backup command.
backup [all] [pass-phrase text_string] [exclude component]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The backup command has the following configuration guidelines and limitations:
•
•
•
•
•
•
•
•
•
Examples
To back up all contexts in the ACE, enter:
host1/Admin# backup all pass-phrase MY_PASS_PHRASERelated Commands
capture
To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command. As part of the packet capture process, you specify whether to capture packets from all interfaces or an individual VLAN interface.
capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
3.0(0)A1(5)
The buffer size was limited to 5000 KB.
A2(1.0)
The stop option was introduced.
A1(7)
This command was introduced.
A3(1.0)
The stop option was introduced.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The packet capture function enables access control lists (ACLs) to control which packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.
To capture packets for both IPv6 and IPv4 in the same buffer, configure the capture command twice: once with an IPv6 ACL and once with an IPv4 ACL.
Under high traffic conditions, you may observe up to 64 packets printing on the console after you enter the stop keyword. These additional messages can occur because the packets were in transit or buffered before you entered the stop keyword.
The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.
The ACE does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in flash memory, use the copy capture command.
Examples
To start the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1host1/Admin# capture CAPTURE1 startTo stop the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 stopRelated Commands
changeto
To move from one context on the ACE to another context, use the changeto command.
changeto context_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.3)
You can apply the changeto feature to a rule for a user-defined role.
A1(7)
This command was introduced.
A3(2.2)
You can apply the changeto feature to a rule for a user-defined role.
Usage Guidelines
This command requires the changeto feature in your user role, and as found in all of the predefined user roles. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
The command prompt indicates the context that you are currently in (see the following example).
The predefined user role that is enforced after you enter the changeto command is that of the Admin context and not that of the non-Admin context.
You cannot add, modify, or delete objects in a custom domain after you change to a non-Admin context.
•
•
User-defined roles configured with the changeto feature retain their privileges when accessing different contexts.
Examples
To change from the Admin context to the context CTX1, enter:
host1/Admin# changeto CTX1host1/CTX1#Related Commands
checkpoint
To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command.
checkpoint {create | delete | rollback} name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If the running-configuration file has the no ft auto-sync command configured and the checkpoint has the ft auto-sync command configured, a checkpoint rollback will fail with the following message:
Warning : 'no ft auto-sync' & 'ft auto-sync' conflict detected - Rollback will failFailing Scenario - running config has 'no ft auto-sync' / checkpoint has 'ft auto-sync'Examples
To create the checkpoint CP102305, enter:
host1/Admin# checkpoint create CP102305Related Commands
clear access-list
To clear access control list (ACL) statistics, use the clear access-list command.
clear access-list name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the access control list ACL1, enter:
host1/Admin# clear access-list ACL1Related Commands
(config) access-list ethertype
(config) access-list extendedclear accounting log
To clear the accounting log, use the clear accounting log command.
clear accounting log
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the accounting log, enter:
host1/Admin# clear accounting logRelated Commands
show accounting log
(config) aaa accounting defaultclear acl-merge statistics
To clear the ACL-merge statistics, use the clear acl-merge statistics command.
clear acl-merge statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the ACL-merge statistics, enter:
host1/Admin# clear acl-merge statisticsRelated Commands
clear arp
To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP processes, use the clear arp command.
clear arp [no-refresh | {statistics [vlan number] [interface_name]}]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised with the vlan option.
A1(7)
This command was introduced.
A3(1.0)
This command was revised with the vlan option.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you enter the clear arp command with no option, it clears all learned ARP entries and then refreshes the ARP entries.
Examples
To clear the ARP statistics, enter:
host1/Admin# clear arp statisticsTo clear the ARP learned entries and then refresh the ARP entries, enter:
host1/Admin# clear arpRelated Commands
clear buffer stats
To clear the control plane buffer statistics, use the clear buffer stats command.
clear buffer stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane buffer statistics, enter:
host1/Admin# clear buffer statsRelated Commands
clear capture
To clear an existing capture buffer, use the clear capture command.
clear capture name
Syntax Description
Command Modes
Exec
Admin and user context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the dir command to view the capture files that you copied to the disk0: file system using the copy capture command.
Examples
To clear the capture buffer CAPTURE1, enter:
host1/Admin# clear capture CAPTURE1Related Commands
clear cde
(ACE module only) To clear the classification and distribution engine (CDE) statistics and interrupt counts, use the clear cde command.
clear cde {interrupt | stats}
Syntax Description
Command Modes
Exec
Admin context
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the CDE interrupt counts, enter:
host1/Admin# clear cde interruptRelated Commands
clear cfgmgr internal history
To clear the Configuration Manager internal history, use the clear cfgmgr internal history command.
clear cfgmgr internal history
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the Configuration Manager internal history, enter:
host1/Admin# clear cfgmgr internal historyRelated Commands
clear conn
To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn command.
clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip | dest_port}} | id number np number | rserver name [port_number] serverfarm sfarm_name]
Syntax Description
all
(Optional) Clears all connections that go through the ACE, originate with the ACE, or terminate with the ACE.
flow
(Optional) Clears the connection that matches the specified flow descriptor.
prot_number
Protocol number of the flow.
icmp
Specifies the flow types using ICMP.
tcp
Specifies the flow types using TCP.
udp
Specifies the flow types using UDP.
source_ip
Source IP address of the flow.
source_port
Source port of the flow.
dest_ip
Destination IP address of the flow.
dest_port
Destination port of the flow.
id number
(Optional) Clears the connection with the specified connection ID number as displayed in the output of the show conn command.
np number
Clears all the connections to the specified network processor with the specified connection ID.
rserver name
(Optional) Clears all connections to the specified real server.
port_number
(Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535.
serverfarm sfarm_name
(Optional) Clears all connections to the specified real server associated with this server farm.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised.
A1(7)
This command was introduced.
A3(1.0)
This command was revised.
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear only the connections that go through the ACE (flows that pass through the ACE between the originating network host and the terminating network host), use the clear conn command without any keywords. When you do not include any keywords, the connections that terminate or originate with the ACE are not cleared.
Examples
To clear the connections for the real server RSERVER1, enter:
host1/Admin# clear conn rserver RSERVER1Related Commands
clear cores
To clear all of the core dumps stored in the core: file system, use the clear cores command.
clear cores
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Note
To view the list of core files in the core: file system, use the dir core: command.
To save a copy of a core dump to a remote server before clearing it, use the copy capture command.
To delete a specific core dump file from the core: file system, use the delete core: command.
Examples
To clear all core dumps, enter:
host1/Admin# clear coresRelated Commands
clear crypto session-cache
To clear the session cache information in the context, use the clear crypto session-cache command.
clear crypto session-cache [all]
Syntax Description
all
(Optional) Clears the session cache information for all contexts. This option is available in the Admin context only.
Command Modes
Exec
Admin and user context. The all option is available in the Admin context only.
Command History
Usage Guidelines
This command has no usage guidelines.
Examples
To clear the session cache information in the context, enter:
host1/Admin# clear crypto session-cacheRelated Commands
This command has no related commands.
clear dc
(ACE module only) To clear the daughter card interrupt and register statistics on the ACE module, use the clear dc command.
clear dc dc_number {controller {interrupts | stats} | interrupt}
Syntax Description
Command Modes
Exec
Admin context only.
Command History
Usage Guidelines
This command requires the Admin user role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear the daughter card 1 controller interrupt statistics, enter:
host1/Admin# clear dc 1 controller interruptsRelated Commands
clear debug-logfile
To remove a debug log file, use the clear debug-logfile command.
clear debug-logfile filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To clear the debug log file DEBUG1, enter:
host1/Admin# clear debug-logfile DEBUG1Related Commands
clear fifo stats
To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command.
clear fifo stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane FIFO statistics, enter:
host1/Admin# clear fifo statsRelated Commands
clear ft
To clear the various fault-tolerant (FT) statistics, use the clear ft command.
clear ft {all | ha-stats | hb-stats | history {cfg_cntlr | ha_dp_mgr | ha_mgr} | track-stats [all]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear all fault-tolerant statistics, enter:
host1/Admin# clear ft allRelated Commands
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interfaceclear icmp statistics
To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics command.
clear icmp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the ICMP statistics, enter:
host1/Admin# clear icmp statisticsRelated Commands
clear interface
To clear the interface statistics, use the clear interface command.
clear interface [bvi number | vlan number | gigabitEthernet slot_number/port_number]
Syntax Description
Command Modes
Exec
BVI and VLAN—Admin and user contexts
(ACE appliance only) Ethernet data port—Admin context only
Command History
Usage Guidelines
This command requires the interface feature in your user role. In addition, the Ethernet data port interface command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear all of the interface statistics, enter the clear interface command without using the optional VLAN and BVI keywords.
Examples
ACE Module Example
To clear all of the interface statistics for VLAN 212, enter:
host1/Admin# clear interface vlan 212ACE Appliance Example
To clear the statistics for Ethernet port 3, enter:
host1/Admin# clear interface gigabitEthernet 1/3Related Commands
clear ip
To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip command.
clear ip [dhcp relay statistics | statistics]
Syntax Description
dhcp relay statistics
(Optional) Clears all of the DHCP relay statistics.
statistics
(Optional) Clears all of the statistics associated with IP normalization, fragmentation, and reassembly.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional keywords.
Examples
To clear all of the IP normalization, fragmentation, and reassembly statistics, enter:
host1/Admin# clear ip statisticsRelated Commands
clear ipv6
To clear the Dynamic Host Configuration Protocol (DHCP) relay and neighbor discovery statistics, use the clear ipv6 command.
clear ipv6 {dhcp relay statistics | {neighbors [no-refresh | vlan vlan_id ipv6_address [no-refresh] | ipv6_address [no-refresh]]}}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear all the DHCPv6 statistics, enter:
host1/Admin# clear ipv6 dhcp relay statisticsRelated Commands
clear line
To close a specified virtual terminal (VTY) session, use the clear line command.
clear line vty_name
Syntax Description
vty_name
Name of a VTY session. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To terminate the VTY session VTY1, enter:
host1/Admin# clear line VTY1Related Commands
(ACE module only) (config) line console
(config) line vtyclear logging
To clear information stored in the logging buffer, use the clear logging command.
clear logging [disabled | rate-limit]
Syntax Description
disabled
(Optional) Clears the logging buffer of "disabled" messages.
rate-limit
(Optional) Clears the logging buffer of "rate-limit configuration" messages.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear all of the information stored in the logging buffer, enter the clear logging command without using either of the optional keywords.
Examples
To clear all of the information stored in the logging buffer, enter:
host1/Admin# clear loggingRelated Commands
clear netio stats
To clear the control plane network I/O statistics, use the clear netio stats command.
clear netio stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the control plane network I/O statistics, enter:
host1/Admin# clear netio statsRelated Commands
clear np
To clear the network processor interrupt error statistics that appear when you enter the show np number interrupts command, use the clear np command.
clear np number interrupts
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the network processor interrupt error statistics, enter:
host1/Admin# clear np 1 interruptsRelated Commands
clear ntp statistics
(ACE appliance only) To clear the NTP statistics that display when you enter the show ntp command, use the clear ntp command.
clear ntp statistics {all-peers | io | local | memory}
Syntax Description
all-peers
Clears all peer statistics.
io
Clears the I/O statistics.
local
Clears the local statistics.
memory
Clears the memory statistics.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the NTP memory statistics, enter:
host1/Admin# clear ntp statistics memoryRelated Commands
clear probe
To clear the probe statistics displayed through the show probe command, use the clear probe command.
clear probe name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear all the statistics for the probe HTTP1, enter:
host1/Admin# clear probe HTTP1Related Commands
clear processes log
To clear the statistics for the processes log, use the clear processes log command.
clear processes log {all | pid id}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the list of process identifiers assigned to each of the processes running on the ACE, use the show processes command.
Examples
To clear all the statistics for the processes log, enter:
host1/Admin# clear processes log allRelated Commands
clear rserver
To clear the real server statistics of all instances of a particular real server regardless of the server farms that it is associated with, use the clear rserver command.
clear rserver name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you have redundancy configured, then you need to explicitly clear real-server statistics on both the active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE's statistics at the old values.
Examples
To clear the statistics for the real server RS1, enter:
host1/Admin# clear rserver RS1Related Commands
clear rtcache
To clear the route cache, use the clear rtcache command.
clear rtcache
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the route cache, enter:
host1/Admin# clear rtcacheRelated Commands
This command has no related commands.
clear screen
To clear the display screen, use the clear screen command.
clear screen
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the display screen, enter:
host1/Admin# clear screenRelated Commands
This command has no related commands.
clear serverfarm
To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command.
clear serverfarm name [inband | predictor | retcode]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised.
A2(1.3)
The predictor option was added.
A4(1.0)
The inband option was added.
A1(7)
This command was introduced.
A3(1.0)
This command was revised. The predictor option was added.
A4(1.0)
The inband option was added.
Usage Guidelines
This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the statistics for the server farm SFARM1, enter:
host1/Admin# clear serverfarm SFARM1Related Commands
clear service-policy
To clear the service policy statistics, use the clear service-policy command.
clear service-policy policy_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the statistics for the service policy HTTP1, enter:
host1/Admin# clear service-policy HTTP1Related Commands
clear ssh
To clear a Secure Shell (SSH) session or clear the public keys of all SSH hosts, use the clear ssh command.
clear ssh {session_id | hosts}
Syntax Description
session_id
Identifier of the SSH session to clear, terminating the session.
hosts
Clears the public keys of all trusted SSH hosts. This keyword is available to all users in all contexts.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To obtain the specific SSH session ID value, use the show ssh session-info command.
Examples
To clear the SSH session with the identifier 345, enter:
host1/Admin# clear ssh 345Related Commands
(config) ssh key
(config) ssh maxsessionsclear startup-config
To clear the startup configuration of the current context, use the clear startup-config command.
clear startup-config
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Clearing the startup configuration does not affect the context running-configuration.
The clear startup-config command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command.
To clear the startup configuration, you can also use the write erase command.
Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. Once you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration:
•
•
Examples
To clear the startup configuration, enter:
host1/Admin# clear startup-configRelated Commands
clear stats
To clear the statistical information stored in the ACE buffer, use the clear stats command.
clear stats {all | connection | {crypto [client | server [alert | authentication | cipher | termination]]} | http | inspect | kalap | loadbalance [radius | rdp | rtsp | sip] | optimization | probe | resource-usage | sticky}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A4(1.0)
The crypto keyword and client | server [alert | authentication | cipher | termination] options were added.
Usage Guidelines
This command requires the loadbalance, inspect, NAT, connection, sticky, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you have redundancy configured, then you need to explicitly clear sticky statistics on both the active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE's statistics at the old values.
Examples
To clear sticky statistics, enter:
host1/Admin# clear stats stickyRelated Commands
clear sticky database
To clear dynamic sticky database entries, use the clear sticky database command.
clear sticky database {active-conn-count min value1 max value2 | all | group group_name | time-to-expire min value3 max value4 | type {hash-key value5 | http-cookie value6 | ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5}}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command does not clear static sticky database entries. To clear static sticky database entries, use the no form of the appropriate sticky configuration mode command. For example, enter
(config-sticky-cookie) static cookie-value or (config-sticky-header) static header-value.Examples
To clear all dynamic sticky database entries in the Admin context, enter:
host1/Admin# clear sticky database allRelated Commands
clear syn-cookie
To clear the SYN cookie statistics, use the clear syn-cookie command. To clear SYN cookie statistics for all VLANs that are configured in the current context, enter the command with no arguments.
clear syn-cookie [vlan number]
Syntax Description
vlan number
(Optional) Instructs the ACE to clear SYN cookie statistics for the specified interface. Enter an integer from 2 to 2024.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no usage guidelines.
Examples
To clear SYN cookie statistics for VLAN 100, enter:
host1/C1# clear syn-cookie vlan 100
Related Commands
clear tcp statistics
To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command.
clear tcp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the TCP statistics, enter:
host1/Admin# clear tcp statisticsRelated Commands
clear telnet
To clear a Telnet session, use the clear telnet command.
clear telnet session_id
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To obtain the specific Telnet session identification number, use the show telnet command.
Examples
To clear the Telnet session with the identification number of 236, enter:
host1/Admin# clear telnet 236Related Commands
clear udp statistics
To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command.
clear udp statistics
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To clear the UDP statistics, enter:
host1/Admin# clear udp statisticsRelated Commands
clear user
To clear a user session, use the clear user command.
clear user name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the list of users that are currently logged in to the ACE, use the show users command.
Examples
To log out the user USER1, enter:
host1/Admin# clear user USER1Related Commands
clear vnet stats
To clear control plane virtual network (VNET) device statistics, use the clear vnet stats command.
clear vnet stats
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To clear the VNET statistics, enter:
host1/Admin# clear vnet statsRelated Commands
clear xlate
To clear the global address to the local address mapping information based on the global address, global port, local address, local port, interface address as global address, and NAT type, use the clear xlate command.
clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface vlan number] [state static] [portmap]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you enter this command, the ACE releases sessions that are using the translations (Xlates).
If you configure redundancy, then you need to explicitly clear Xlates on both the active and the standby ACEs. Clearing Xlates on the active ACE does not clear Xlates in the standby ACE.
Examples
To clear all static translations, enter:
host1/Admin# clear xlate state staticRelated Commands
clock set
(ACE appliance only) To set the time and the date for an ACE, use the clock set command in Exec mode.
clock set hh:mm:ss DD MONTH YYYY
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you enter this command, the ACE displays the current configured date and time.
If you want to use the Network Time Protocol (NTP) to automatically synchronize the ACE system clock to an authoritative time server (such as a radio clock or an atomic clock), see Chapter 1, Setting Up the ACE, in the Administration Guide, Cisco ACE Application Control Engine. In this case, the NTP time server automatically sets the ACE system clock.
If you previously configured NTP on an ACE, the ACE prevents you from using the clock set command and displays an error message. To manually set the ACE system clock, remove the NTP peer and NTP server from the configuration before setting the clock on an ACE.
Examples
For example, to specify a time of 1:38:30 and a date of October 7, 2008, enter:
host1/Admin# clock set 01:38:30 7 Oct 2008Wed Oct 7 01:38:30 PST 2008Related Commands
compare
To compare an existing checkpoint with the running-configuration file, use the compare command.
compare checkpoint_name
Syntax Description
checkpoint_name
Specifies the name of an existing checkpoint. The compare function defaults to comparing the specified checkpoint with the running-config.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If the checkpoint configuration is the same as the running-config, the output of this command is:
Checkpoint config is same as running configIf the checkpoint configuration is different from the running-config, the output will be the difference between the two configurations.
Examples
To compare the CHECKPOINT_1 checkpoint with the running-config, enter the following command:
host1/Admin# compare CHECKPOINT_1Related Commands
configure
To change from the Exec mode to the configuration mode, use the configure command.
configure [terminal]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires one or more features assigned to your user role, such as the AAA, interface, or fault-tolerant features. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To return to the Exec mode from the configuration mode, use the exit command.
To execute an Exec mode command from any of the configuration modes, use the do version of the command.
Examples
To change to the configuration mode from the Exec mode, enter:
host1/Admin# configurehost1/Admin(config)#Related Commands
copy capture
To copy an existing context packet capture buffer as the source file in the ACE compact flash to another file system, use the copy capture command.
copy capture capture_name disk0: [path/]destination_name
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the ACE and free memory.
Examples
To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter:
host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1Related Commands
copy checkpoint
To copy a checkpoint file to a remote server, use the copy checkpoint command.
copy checkpoint:filename disk0:[path/]filename | image:image_name | startup-config | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy a checkpoint file from the ACE to a remote FTP server, enter:
host1/Admin# copy checkpoint:CHECKPOINT1.txt ftp://192.168.1.2Enter the destination filename[]? [CHECKPOINT1.txt]Enter username[]? user1Enter the file transfer mode[bin/ascii]: [bin]Password:Passive mode on.Hash mark printing on (1024 bytes/hash mark).
Note
Related Commands
copy core:
To copy a core file to a remote server, use the copy core: command.
copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy a core file from the ACE to a remote FTP server, enter:
host1/Admin# copy core:np0_crash.txt ftp://192.168.1.2Enter the destination filename[]? [np0_crash.txt]Enter username[]? user1Enter the file transfer mode[bin/ascii]: [bin]Password:Passive mode on.Hash mark printing on (1024 bytes/hash mark).
Note
Related Commands
copy disk0:
To copy a file from one directory in the disk0: file system of flash memory to another directory in disk0: or a network server, use the copy disk0: command.
copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | image:image_filename | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy the file called SAMPLEFILE to the MYSTORAGE directory in flash memory, enter:
host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILERelated Commands
copy ftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote File Transfer Protocol (FTP) server to a location on the ACE, use the copy ftp: command.
copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To copy a startup-configuration file from a remote FTP server to the ACE, enter:
host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy image:
To copy an ACE software system image from flash memory to a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy image: command.
copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
ACE Module Example
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2ACE Appliance Example
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:c4710ace-mz.A3_1_0.bin ftp://192.168.1.2Related Commands
copy licenses
To create a backup license file for the ACE licenses in the .tar format and copy it to the disk0: file system, use the copy licenses command.
copy licenses disk0:[path/]filename.tar
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To copy the installed software licenses to the disk0: file system, enter:
host1/Admin# copy licenses disk0:mylicenses.tarRelated Commands
copy probe:
To copy scripted probe files from the probe: directory to the disk0: file system on the ACE or a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy probe: command.
copy probe:probe_filename {disk0:[path/]filename | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To copy a probe file to a remote FTP server, enter:
host1/Admin# copy probe:IMAP_PROBE ftp://192.168.1.2Related Commands
copy running-config
To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration file in flash memory (nonvolatile memory) or a network server, use the copy running-config command.
copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
To copy the running configuration to the startup configuration, you can also use the write memory command.
Examples
To save the running-configuration file to the startup-configuration file in flash memory on the ACE, enter:
host1/Admin# copy running-config startup-configRelated Commands
copy startup-config
To merge the contents of the startup configuration file into the running configuration file or copy the startup configuration file to a network server, use the copy startup-config command.
copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
•
•
•
Examples
To merge the contents of the startup-configuration file into the running-configuration file in flash memory, enter:
host1/Admin# copy startup-config running-configRelated Commands
copy sftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote Secure File Transfer Protocol (SFTP) server to a location on the ACE, use the copy sftp: command.
copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To copy a startup-configuration file from a remote SFTP server to the ACE, enter:
host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
copy tftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote Trivial File Transfer Protocol (TFTP) server to a location on the ACE, use the copy tftp: command.
copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To copy a startup-configuration file from a remote TFTP server to the ACE, enter:
host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
crypto crlparams
To configure signature verification on a Certificate Revocation List (CRL) to determine that it is from a trusted certificate authority, use the crypto crlparams command.
crypto crlparams crl_name cacert ca_cert_filename
no crypto crlparams crl_name
Syntax Description
crl_name
Name of an existing CRL.
ca_cert_filename
Name of the CA certificate file used for signature verification.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To configure signature verification on a CRL, enter:
host1/Admin(config)#crypto crlparams CRL1 cacert MYCERT.PEMTo remove signature verification from a CRL, enter:
host1/Admin(config)#no crypto crlparams CRL1Related Commands
crypto delete
To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete command.
crypto delete {filename | all}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The all option does not delete the preinstalled sample certificate and key files. When you use the all keyword, the ACE prompts you with the following message to verify the deletion:
This operation will delete all crypto files for this context from the disk, but will not interrupt existing SSL services. If new SSL files are not applied SSL services will be disabled upon next vip inservice or device reload.Do you wish to proceed? (y/n) [n]To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
You cannot delete the ACE cisco-sample-key and cisco-sample-cert files.
Examples
To delete the key pair file MYRSAKEY.PEM, enter:
host1/Admin# crypto delete MYRSAKEY.PEMRelated Commands
crypto export
To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen, use the crypto export command.
crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You cannot export a certificate or key pair file that you marked as nonexportable when you imported the file to the ACE.
The remote server variables listed after the terminal keyword in the "Syntax Description" are used by the ACE only when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). We recommend using SFTP as it provides the most security.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter:
host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEMUser password: ****Writing remote file /usr/keys/mykey.pemhost1/Admin#Related Commands
crypto generate csr
To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command.
crypto generate csr csr_params key_filename
Syntax Description
csr_params
CSR parameters file that contains the distinguished name attributes. The ACE applies the distinguished name attributes contained in the CSR parameters file to the CSR.
To create a CSR parameters file, use the (config) crypto csr-params command in the configuration mode.
key_filename
RSA key pair filename that contains the key on which the CSR is built. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. It is the public key that the ACE embeds in the CSR. Ensure that the RSA key pair file is loaded on the ACE for the current context. If the appropriate key pair does not exist, the ACE logs an error message.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs it to the screen. Most major certificate authorities have web-based applications that require you to cut and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file.
Note
After submitting your CSR to the CA, you will receive your signed certificate in one to seven business days. When you receive your certificate, use the crypto import command to import the certificate to the ACE.
Examples
To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in the file MYRSAKEY_1.PEM, enter:
host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEMRelated Commands
crypto generate key
To generate an RSA key pair file, use the crypto generate key command.
crypto generate key [non-exportable] bitsize filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To generate the RSA key pair file MYRSAKEYS.PEM with a bit size of 1536, enter:
host1/Admin# crypto generate key 1536 MYRSAKEYS.PEMRelated Commands
crypto import
To import certificate or key pair files to the ACE or terminal screen from a remote server, use the crypto import command.
crypto import [non-exportable] {bulk sftp [passphrase passphrase] ip_addr username remote_url} | {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} | terminal local_filename [passphrase passphrase]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(2.0)
The bulk keyword was introduced.
A1(7)
This command was introduced.
A4(1.0)
The bulk keyword was introduced.
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Because a device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both corresponding file types: the certificate file and its corresponding key pair file.
The remote server variables listed after the passphrase variable in the Syntax Description table are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). If you select one of these transport types and do not define the remote server variables, the ACE prompts you for the variable information. We recommend using SFTP because it provides the most security.
The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width. Of these methods, we recommend SFTP because it is secure.
This bulk keyword imports files with the names that they have on the remote server and does not allow you to rename the files.
If you attempt to import a file that has the same filename of an existing local file, the ACE module does not overwrite the existing file. Before importing the updated file, you must either delete the local file or rename the imported file.
The ACE supports 4096 certificates and 4096 keys.
The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter:
host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM MYKEY.PEMPassword: ********Passive mode on.Hash mark printing on (1024 bytes/hash mark).#Successfully imported file from remote server.host1/Admin#This example shows how to use the terminal keyword to allow pasting of the certificate information to the file MYCERT.PEM:
host1/Admin# crypto import terminal MYCERT.PEMEnter PEM formatted data ending with a blank line or "quit" on a line by itself--------BEGIN CERTIFICATE-----------------------MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENBMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3-----------END CERTIFICATE------------------------QUIThost1/Admin#This example shows how to use the bulk keyword to import all of the RSA key files from an SFTP server:
host1/Admin# crypto import bulk sftp 1.1.1.1 JOESMITH /USR/KEYS/*.PEMInitiating bulk import. Please wait, it might take a while...Connecting to 1.1.1.1...Password: password...Bulk import complete. Summary:Network errors: 0Bad file URL: 0Specified local files already exists: 0Invalid file names: 1Failed reading remote files: 5Failed reading local files: 0Failed writing local files: 0Unknown errors: 0Successfully imported: 10host1/Admin#Related Commands
crypto verify
To compare the public key in a certificate with the public key in a key pair file, and to verify that they are identical, use the crypto verify command.
crypto verify key_filename cert_filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If the public key in the certificate does not match the public key in the key pair file, the ACE logs an error message.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command.
Examples
To verify that the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match, enter:
host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEMkeypair in myrsakey.pem matches certificate in mycert.pemThis example shows what happens when the public keys do not match:
host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEMKeypair in myrsakey2.pem does not match certificate in mycert.pemhost1/Admin#Related Commands
debug
To enable the ACE debugging functions, use the debug command.
debug {aaa | access-list | accmgr | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr [rhi-info] | clock | fifo | fm | gslb | ha_dp_mgr | ha_mgr | hm | ifmgr | ip | ipcp | lcp | ldap | license | logfile | mtsmon | nat-download | netio | ntp | pfmgr | pktcap | portmgr | radius | routemgr | scp | scripted_hm | security | sme | snmp | ssl | syslogd | system | tacacs+ | time | tl | virtualization | vnet}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised.
A4(1.0)
The rhi-info option was added.
A1(7)
This command was introduced.
A3(1.0)
This command was revised.
A4(1.0)
The hardware and optimize options was removed.
Usage Guidelines
This command is available to roles that allow debugging and to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To enable access-list debugging, enter:
host1/Admin# debug access-listRelated Commands
delete
To delete a specified file in an ACE file system, use the delete command.
delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you do not specify a filename with the file system keyword, the ACE prompts you for a filename.
To display the list of files that reside in a file system, use the dir command.
Examples
To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:
host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZRelated Commands
dir
To display the contents of a specified ACE file system, use the dir command.
dir {core: | disk0:[path/][filename] | image:[filename] | probe:[filename] | volatile:[filename]}
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
The probe: option was introduced.
A1(7)
This command was introduced.
A3(1.0)
The probe: option was introduced.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To delete a file from a file system, use the delete command.
To delete all core dumps, use the clear cores command.
Examples
ACE Module Example
To display the contents of the disk0: file system, enter:
host1/Admin# dir disk0:ACE Appliance Example
To display the contents of the image: file system, enter:
switch/Admin# dir image:176876624 Aug 08 2008 14:15:31 c4710ace-mz.A3_1_0.bin176876624 Jun 9 14:15:31 2008 c4710ace-mz.A1_8_0A.binUsage for image: filesystem896978944 bytes total used11849728 bytes free908828672 bytes totalRelated Commands
dm
(ACE Appliance only) To verify the state of the Device Manager (DM), restart it when it is inoperative, or upload a lifeline file to a TFTP server, use the dm command.
dm {help | {lifeline tftp host port}| reload | status}
Syntax Description
Command Modes
Exec
Admin context
Command History
A1(7)
This command was introduced.
A3(2.6)
This command is no longer hidden
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the status of the DM, enter:
host1/Admin# dm statusRelated Commands
This command has no related commands.
exit
To exit out of Exec mode and log out the CLI session, use the exit command.
exit
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To log out of an active CLI session, enter:
host1/Admin# exitRelated Commands
This command has no related commands.
format flash:
To erase all data stored in the Flash memory and reformat it with the ACE module FAT16 filesystem or the ACE appliance third extended filesystem (ext3) as the base file system, use the format flash: command. All user-defined configuration information is erased and the ACE returns to the factory-default settings.
format flash:
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
A4(1.0)
This command was introduced and replaced the format disk0: command.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
(ACE appliance only) The ACE performs the following verification sequence prior to reformatting Flash memory:
•
•
•
–
–
Before you reformat the Flash memory, you should save a copy of the following ACE operation and configuration attributes to a remote server:
•
•
•
•
•
•
•
After you reformat the Flash memory, perform the following actions:
•
•
•
–
–
•
–
–
Examples
For example, to erase all information in Flash memory and reformat it, enter:
host1/Admin# format flash:Warning!! This will erase everything in the compact flash including startup configs for all the contexts and reboot the system!!Do you wish to proceed anyway? (yes/no) [no] yesIf the ACE fails to extract a system image from the Grub bootloader, it prompts you to provide the location of an available system image to backup:
Failed to extract system image Information from Grubbackup specific imagefile? (yes/no) [no] yesEnter Image name: scimi-3.binSaving Image [scimi-3.bin]Formatting the cf.....Unmounting ext3 filesystems...Unmounting FAT filesystems...Unmounting done...Unmounting compact flash filesystems...format completed successfullyRestoring Image backupimage/scimi-3.binkjournald starting. Commit interval 5 secondsREXT3 FS on hdb2, internal journalEXT3-fs: mounted filesystem with ordered data mode.starting graceful shutdownswitch/Admin# Unmounting ext3 filesystems...Unmounting FAT filesystems...Unmounting done...Related Commands
copy capture
copy ftp:
copy tftp:
copy sftp:
crypto export
crypto import
dir
licenseft switchover
To purposely cause a failover to make a particular context active, use the ft switchover command.
ft switchover [all [force] | force | group_id [force]]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
Added the all keyword.
A1(7)
This command was introduced.
A3(1.0)
Added the all keyword.
A3(2.2)
This command is disabled by default for the network-monitor role.
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT group, which forces a switchover.
You may need to force a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully become the active member of the FT group, a switchover occurs. To use this command, you must configure the no preempt command in FT group configuration mode.
The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context:
•
•
When you specify the ft switchover command, there may be brief periods of time when the configuration mode is enabled on the new active group member to allow the administrator to make configuration changes. However, these configuration changes are not synchronized with the standby group member and will exist only on the active group member. We recommend that you refrain from making any configuration changes after you enter the ft switchover command until the FT states stabilize to ACTIVE and STANDBY_HOT. Once the FT group reaches the steady state of ACTIVE and STANDBY_HOT, any configuration changes performed on the active group member will be incrementally synchronized to the standby group member, assuming that configuration synchronization is enabled.
Examples
To cause a switchover from the active ACE to the standby ACE of FT group1, enter:
host1/Admin# ft switchover 1Related Commands
gunzip
To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe script files), use the gunzip command.
gunzip disk0:[path/]filename.gz
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file that is zipped by the gzip (GNU zip) compression utility.
To display a list of available zipped files on disk0:, use the dir command.
Examples
To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file system, enter:
host1/Admin# gunzip disk0:PROBE_SCRIPTS.gzRelated Commands
invoke context
To display the context running configuration information from the Admin context, use the invoke context command.
invoke context context_name show running-config
Syntax Description
Command Modes
Exec
Admin context
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the running configuration for the C1 user context from the Admin context, enter:
host1/Admin# invoke context C1 show running-configRelated Commands
This command has no related commands.
license
To install, update, or uninstall licenses on the ACE, use the license command.
license {install disk0:[path/]filename [target_filename] | uninstall {name | all} | update disk0:[path/]permanent_filename demo_filename}
Syntax Description
Command Modes
Exec
Admin context only
Command History
3.0(0)A1(2)
This command was introduced.
A4(1.0)
Added the all keyword to the uninstall option
A1(7)
This command was introduced.
A4(1.0)
Added the all keyword to the uninstall option
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
After you receive a demo or permanent software license key in an e-mail from Cisco Systems, you must copy the license file to a network server and then use the copy tftp command in Exec mode to copy the file to the disk0: file system on the ACE.
To update an installed demo license with a permanent license, use the license update command. The demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage command.
To back up license files, use the copy licenses command
Caution
For more information about the types of ACE licenses available and how to manage the licenses on your ACE, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To install a new permanent license, enter:
host1/Admin# license install disk0:ACE-VIRT-020.LICTo uninstall a license, enter:
host1/Admin# license uninstall ACE-VIRT-20.LICACE Module Example
To update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-VIRT-250.LIC ACE-VIRT-250-demo.LICACE Appliance Example
To update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-AP-VIRT-020.lic ACE-AP-VIRT-020-DEMO.licRelated Commands
mkdir disk0:
To create a new directory in disk0:, use the mkdir disk0: command.
mkdir disk0:[path/]directory_name
Syntax Description
[path/]directory_name
Name that you assign to the new directory. Specify the optional path if you want to create a directory within an existing directory.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If a directory with the same name already exists, the ACE does not create the new directory and the "Directory already exists" message appears.
Examples
To create a directory in disk0: called TEST_DIRECTORY, enter:
host1/Admin# mkdir disk0:TEST_DIRECTORYRelated Commands
move disk0:
To move a file between directories in the disk0: file system, use the move disk0: command.
move disk0:[source_path/]filename disk0:[destination_path/]filename
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If a file with the same name already exists in the destination directory, that file is overwritten by the file that you move.
Examples
To move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:, enter:
host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILERelated Commands
np session
(ACE module only) To execute network processor-related commands, use the np session command.
np session {disable | enable}
Syntax Description
disable
Disables sessions to the network processor from the supervisor engine.
enable
Enables sessions to the network processor from the supervisor engine.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To enable sessions to the network processor from the supervisor engine, enter:
host1/Admin# np session enableRelated Commands
This command has no related commands.
ping
To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the ping command.
ping [ip | ipv6 [system_address [count count [size size [timeout time]]]]]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A4(1.0)
The size option was increased from 452 to 1440.
A5(1.0)
Added IPv6 support.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ping command sends an echo request packet to an address from the current context on the ACE and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and the path, and whether the host can be reached or is functioning.
To terminate a ping session before it reaches its timeout value, press Ctrl-C.
Examples
IPv6 Example
To send a ping to the IPv6 loopback address 0:0:0:0:0:0:0:1, enter the following command:
host1/Admin# ping ::1PING 0:0:0:0:0:0:0:1(::1) 56 data bytes64 bytes from ::1: icmp_seq=1 ttl=255 time=0.039 ms64 bytes from ::1: icmp_seq=2 ttl=255 time=0.000 ms64 bytes from ::1: icmp_seq=3 ttl=255 time=0.000 ms64 bytes from ::1: icmp_seq=4 ttl=255 time=0.108 ms64 bytes from ::1: icmp_seq=5 ttl=255 time=0.126 ms--- 0:0:0:0:0:0:0:1 ping statistics ---5 packets transmitted, 5 received, 0% packet loss, time 8002msrtt min/avg/max/mdev = 0.000/0.054/0.126/0.053 msTo abnormally terminate a ping session, press Ctrl-C.
IPv4 Example
To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter:
host1/Admin# ping 196.168.1.2Related Commands
reload
To reload the configuration on the ACE, use the reload command.
reload
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command.
Caution
Examples
To execute a soft reboot, enter:
host1/Admin# reloadThis command will reboot the systemSave configurations for all the contexts. Save? [yes/no]: [yes]Related Commands
reprogram bootflash
(ACE module only) To reprogram the field upgradable (FUR) partition of the ROM monitor (rommon) image on the ACE, use the reprogram bootflash command.
reprogram bootflash {default-image {disk0:[path/]filename | image:[path/]filename} | fur-image {disk0:[path/]filename | image:[path/]filename} | invalidate-fur-image | validate-fur-image}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The reprogram bootflash command is intended for use by trained Cisco personnel only. Entering this command may cause unexpected results. Do not attempt to use the reprogram bootflash command without guidance from Cisco support personnel.
Examples
To reprogram the rommon image FUR partition on the image: file system, enter:
host1/Admin# reprogram bootflash fur-image image:sb-ace.NOV_11Related Commands
This command has no related commands.
restore
To restore the configuration files and dependent files in a context or in all contexts, use the restore command.
restore {[all] disk0:archive_filename} [pass-phrase text_string] [exclude {licenses | ssl-files}]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The restore command has the following configuration guidelines and limitations:
•
•
–
–
–
–
–
–
•
•
•
–
–
•
•
Examples
To restore a backup archive in the Admin context, enter:
host1/Admin# restore disk0:switch_Admin_07_July_2009_11_08_04_AM.tgz pass-phrase MY_PASS_PHRASERelated Commands
rmdir disk0:
To remove a directory from the disk0: file system, use the rmdir disk0: command.
rmdir disk0:directory
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command.
Examples
To remove the directory TEST_DIRECTORY from disk0:, enter:
host1/Admin# rmdir disk0:TEST-DIRECTORYRelated Commands
setup
(ACE appliance only) To initiate a special setup script that guides you through the basic process of configuring an Ethernet port on the ACE as the management port to access the Device Manager GUI, use the setup command.
setup
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The setup script is intended primarily as the means to guide you though a basic configuration of the ACE to quickly access the Device Manager. Use the setup command when the ACE boots without a startup-configuration file. This situation may occur when the ACE is new and the appliance was not configured upon initial startup. The setup script guides you through configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports.
After you specify a gigabit Ethernet port, the port mode, and management VLAN, the setup script automatically applies the following default configuration:
•
•
•
•
•
•
The ACE provides a default answer in brackets [ ] for each question in the setup script. To accept a default configuration prompt, press Enter, and the ACE accepts the setting. To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence.
When completed, the setup script prompts you to apply the configuration settings.
Examples
To run the setup script from the CLI, enter:
host1/Admin# setupThis script will perform the configuration necessary for a user to manage the ACE Appliance using the ACE Device Manager.The management port is a designated Ethernet port which has access to the same network as your management tools including the ACE Device Manager. You will be prompted for the Port Number, IP Address, Netmask and Default Route (optional). Enter 'ctrl-c' at any time to quit the scriptWould you like to enter the basic configuration (yes/no): yEnter the Ethernet port number to be used as the management port (1-4):? [1]: 3Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 192.168.1.10Enter the management port Netmask(n.n.n.n): [255.255.255.0]: 255.255.255.2Enter the default route next hop IP Address (n.n.n.n) or <enter> to skip this step: 172.16.2.1Summary of entered values:Management Port: 3Ip address 192.168.1.10Netmask: 255.255.255.2Default Route: 172.16.2.1Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]: dDetailed summary of entered values:interface gigabit/Ethernet 1/3switchport access vlan 1000no shutaccess-list ALL extended permit ip any any class-map type management match-any remote_accessmatch protocol xml-https anymatch protocol dm-telnet anymatch protocol icmp anymatch protocol telnet anymatch protocol ssh anymatch protocol http anymatch protocol https anymatch protocol snmp anypolicy-map type management first-match remote_mgmt_allow_policyclass remote_accesspermitinterface vlan 1000ip address 192.168.1.10 255.255.255.0access-group input ALLservice-policy input remote_mgmt_allow_policyno shutdownssh key rsaip route 0.0.0.0 0.0.0.0 172.16.2.1Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]: yConfiguration successfully applied. You can now manage this ACE Appliance by entering the url 'https://192.168.1.10' into a web browser to access the Device Manager GUI.Related Commands
This command has no related commands.
set dc
(ACE module only) To set the daughter card console access to the master or the slave network processor, use the set dc command.
set dc dc_number console {master | slave}
Syntax Description
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To set the daughter card 1 console access to the slave network processor, enter:
host1/Admin# set dc 1 console slaveSwitched the console access to slave network processorRelated Commands
set sticky-ixp
(ACE module only) This command has been deprecated in software version A4(1.0).
Command History
A2(1.0)
This command was introduced.
A4(1.0)
This command was removed from the software.
show
To display ACE statistical and configuration information, use the show command.
show keyword [| {begin pattern | count | end | exclude pattern | include pattern | next | prev}] [> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}]
Syntax Description
Command Modes
Exec
Command History
Usage Guidelines
The features required in your user role to execute a specific show command are described in the "Usage Guidelines" section of the command. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Most commands have an associated show command. For example, the associated show command for the interface command in configuration mode is the show interface command. Use the associated show command to verify changes that you make to the running configuration.
The output of the show command may vary depending on the context that you enter the command from. For example, the show running-config command displays the running-configuration for the current context only.
To convert show command output from the ACE to XML for result monitoring by an NMS, use the xml-show command.
Examples
To display the current running configuration, enter:
host1/Admin# show running-configRelated Commands
show aaa
To display AAA accounting and authentication configuration information for the current context, use the show aaa command.
show aaa {accounting | authentication [login error-enable] | groups} [|] [>]
Syntax Description
accounting
Displays accounting configuration information.
authentication
Displays authentication configuration information.
login error-enable
(Optional) Displays the status of the login error message configuration.
groups
Displays the configured server groups.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show aaa command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
To display the accounting configuration information, enter:
host1/Admin# show aaa accountingdefault: localRelated Commands
(config) aaa accounting default
(config) aaa authentication loginshow access-list
To display statistics associated with a specific access control list (ACL), use the show access-list command.
show access-list name [detail] [|] [>]
Syntax Description
name
Name of an existing ACL. Enter the name as an unquoted text string.
detail
Displays detailed information for the specified ACL.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised with the detail option.
A1(7)
This command was introduced.
A3(1.0)
This command was revised with the detail option.
Usage Guidelines
This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACL information that the ACE displays when you enter the show access-list command includes the ACL name, the number of elements in the ACL, the operating status of the ACL (ACTIVE or NOT ACTIVE), any configured remarks, the ACL entry, and the ACL hit count.
For information about the fields in the show access-list command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
To display statistical and configuration information for the ACL ACL1, enter:
host1/Admin# show access-list ACL1Related Commands
clear access-list
show running-config(config) access-list ethertype
(config) access-list extended
(config) access-list remark
(config) access-list resequenceshow accounting log
To display AAA accounting log information, use the show accounting log command.
show accounting log [size] [all] [|] [>]
Syntax Description
size
(Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to 250000. The default is 250000 bytes.
all
(Optional) Displays the accounting logs of all contexts in the ACE. This option is available only in the Admin context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A4(1.0)
The all option was added.
A1(7)
This command was introduced.
A4(1.0)
The all option was added.
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show accounting log command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
To display the contents of the accounting log file, enter:
host1/Admin# show accounting logRelated Commands
(config) aaa accounting default
show acl-merge
The ACE merges individual ACLs into one large ACL called a merged ACL. The ACL compiler then parses the merged ACL and generates the ACL lookup mechanisms. A match on this merged ACL can result in multiple actions. To display statistics related to merged ACLs, use the show acl-merge command.
show acl-merge {acls {vlan number | internal vlan 1 | 4095} {in | out} [summary]} | {event-history} | {match {acls {vlan number | internal vlan 1 | 4095} {in | out} ip_address1 ip_address2 protocol src_port dest_port}} | {merged-list {acls {vlan number | internal vlan 1 | 4095}{in | out} [non-redundant | summary]}} | {statistics} [|] [>]
Syntax Description
acls
Displays various feature ACLs and their entries before the merge.
vlan number
Specifies the interface on which the ACL was applied.
internal vlan 1 | 4095
Displays the ACL merge information for internal VLAN 1 or 4095 (ACE appliance).
in | out
Specifies the direction in which the ACL was applied to network traffic: incoming or outgoing.
summary
(Optional) Displays summary information before or after the merge.
event-history
Displays the ACL merge event-history log.
match
Displays the ACL entry that matches the specified tuple.
ip_address1
Source IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
ip_address2
Destination IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
protocol
Protocol specified in the ACL.
src_port
Source port specified in the ACL.
dest_port
Destination port specified in the ACL.
merged-list
(Optional) Displays the merged ACL.
non-redundant
(Optional) Displays only those ACL entries that have been downloaded to a network processor.
statistics
Displays ACL merge node failure statistics and other merge and compiler errors.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the acl-merge feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a redundant configuration. The number assigned depends on the order in which the ACLs are applied to the VLANs. This number can be different on the two ACEs. The ACL merged list could be different on the two ACEs depending on when redundancy is enabled.
Examples
To display the ACL merge information for VLAN 401, enter:
host1/Admin# show acl-merge acls vlan 401 in summaryRelated Commands
This command has no related commands.
show action-list
To display information about an action list configuration, use the show action-list command in Exec mode. The show action-list command output displays all modify HTTP and ACE appliance optimization action list configurations and configured values.
show action-list [list_name] [|] [>]
Syntax Description
list_name
(Optional) Identifier of an existing action list as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter an action list name, the ACE displays all configured action lists.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show action-list command output, see the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance and the Server Load-Balancing Guide, Cisco ACE Application Control Engine.
Examples
To display configuration information for the ACT_LIST1 action list, enter:
host1/Admin# show action-list ACT_LIST1Related Commands
show running-config
(config) action-list type modify http
(ACE appliance only) (config) action-list type optimization httpshow arp
To display the current active IP address-to-MAC address mapping in the Address Resolution Protocol (ARP) table, statistics, or inspection or timeout configuration, use the show arp command.
show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>]
Syntax Description
inspection
(Optional) Displays the ARP inspection configuration.
internal event-history dbg
(Optional) Displays the ARP internal event history. The ACE debug commands are intended for use by trained Cisco personnel only. Do not attempt to use these commands without guidance from Cisco support personnel.
statistics
(Optional) Displays the ARP statistics for all VLAN interfaces.
vlan vlan_number
(Optional) Displays the statistics for the specified VLAN number.
timeout
(Optional) Displays the ARP timeout values.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show arp command without options displays the active IP address-to-MAC address mapping in the ARP table.
For information about the fields in the show arp command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine.
Examples
To display the current active IP address-to-MAC address mapping in the ARP table, enter:
host1/Admin# show arpRelated Commands
show backup
To display backup errors (in the case of a failed backup) or the backup status, use the show backup command.
show backup errors | status [details] [|] [>]
Syntax Description
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the status of an ongoing backup, enter:
host1/Admin# show backup status detailBackup Archive: host1_2010_09_16_21_34_03.tgzType : FullStart-time : Thu Sep 16 21:34:03 2010Finished-time : Thu Sep 16 21:34:18 2010Status : SUCCESSCurrent vc : ct3Completed : 4/4------------------------+---------------+--------------------------+------------Context component Time Status------------------------+---------------+--------------------------+------------Admin Running-cfg Thu Sep 16 21:34:04 2010 SUCCESSAdmin Startup-cfg Thu Sep 16 21:34:04 2010 SUCCESSAdmin Checkpoints Thu Sep 16 21:34:07 2010 SUCCESSAdmin Cert/Key Thu Sep 16 21:34:07 2010 SUCCESSAdmin License Thu Sep 16 21:34:07 2010 SUCCESSAdmin Probe script Thu Sep 16 21:34:07 2010 N/Act1 Running-cfg Thu Sep 16 21:34:12 2010 SUCCESSct1 Startup-cfg Thu Sep 16 21:34:12 2010 SUCCESSct1 Checkpoints Thu Sep 16 21:34:12 2010 N/Act1 Cert/Key Thu Sep 16 21:34:12 2010 SUCCESSct1 Probe script Thu Sep 16 21:34:12 2010 N/Act2 Running-cfg Thu Sep 16 21:34:13 2010 SUCCESSct2 Startup-cfg Thu Sep 16 21:34:13 2010 SUCCESSct2 Checkpoints Thu Sep 16 21:34:13 2010 N/Act2 Cert/Key Thu Sep 16 21:34:13 2010 SUCCESSct2 Probe script Thu Sep 16 21:34:13 2010 N/Act3 Running-cfg Thu Sep 16 21:34:13 2010 SUCCESSct3 Startup-cfg Thu Sep 16 21:34:13 2010 SUCCESSct3 Checkpoints Thu Sep 16 21:34:13 2010 N/Act3 Cert/Key Thu Sep 16 21:34:13 2010 SUCCESSct3 Probe script Thu Sep 16 21:34:13 2010 N/ARelated Commands
show banner motd
To display the configured banner message of the day, use the show banner motd command.
show banner motd [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure the banner message, use the banner command in the configuration mode.
For information about the fields in the show banner motd command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the message of the day, enter:
host1/Admin# show banner motdRelated Commands
show bootvar
To display the current BOOT environment variable and configuration register setting, use the show bootvar command. This command is available only in the Admin context.
show bootvar [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To set the BOOT environment variable, use the boot system image: command in the configuration mode.
For information about the fields in the show bootvar command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
ACE Module Example
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvarBOOT variable = "disk0:c6ace-t1k9-mzg.3.0.0_A0_2.48.bin"Configuration register is 0x1ACE Appliance Example
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvarBOOT variable = "disk0:c4710ace-mz.A5_1_0.bin"Configuration register is 0x1Related Commands
This command has no related commands.
show buffer
To display the buffer manager module messages, use the show buffer command.
show buffer {events-history | stats | usage} [|] [>]
Syntax Description
events-history
Displays a historic log of the most recent messages generated by the buffer manager event history.
stats
Displays detailed counters for various buffer manager event occurrences.
usage
Displays the number of buffers currently being held (allocated but not freed) by each buffer module. The usage keyword also shows an estimate of the number of times a particular buffer module has freed the same buffer more than once (this condition indicates a software error). Displays the Hi watermark field which allows more visibility for buffer usage when monitoring high watermarks
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the control plane buffer event history, enter:
host1/Admin# show buffer events-history1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa02) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000[102] total blocks=151682 (ctrl=75841, data=75841)Related Commands
show capture
To display the packet information that the ACE traces as part of the packet capture function, use the show capture command.
show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status] [|] [>]
Syntax Description
buffer_name
Name of the packet capture buffer. Specify an unquoted text string with no spaces from 1 to 80 alphanumeric characters.
detail
(Optional) Displays additional protocol information for each packet.
connid connection_id
(Optional) Displays protocol information for a specified connection identifier.
range packet_start packet_end
(Optional) Displays protocol information for a range of captured packets.
status
(Optional) Displays capture status information for each packet.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For all types of received packets, the console display is in tcpdump format.
To copy the capture buffer information as a file in flash memory, use the copy capture command.
For information about the fields in the show capture command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the captured packet information contained in packet capture buffer CAPTURE1, enter:
switch/Admin# show capture CAPTURE1Related Commands
show cde
(ACE module only) To display the classification and distribution engine (CDE) interface statistics, health, and register values, use the show cde command. This command includes statistics for the CDE daughter card interface, the CDE control plane interface, and the CDE switch fabric interface.
show cde {all | count | dist | hash index_number | health | interrupts | reg cde_number register | stats {cumulative | stats} | vlan vlan_number} [|] [>]
Syntax Description
all
Displays all CDE register values.
count
Displays the cumulative count of the CDE interrupts.
dist
Displays the CDE distribution type.
hash index_number
Displays the hash distribution table. Enter a value from 0 to 63.
health
Displays the CDE health, including the daughter card statistics.
interrupts
Displays the CDE interrupts.
reg
Displays the specified CDE register.
cde_number
CDE number (0 or 1).
register
Register value. Enter a hexadecimal value from 0x0 to 0x1d9.
stats
Displays the specified CDE statistics.
cumulative
Displays the cumulative CDE statistics from the last invocation of the show cde command.
delta
Displays the delta CDE statistics from the last invocation of the show cde command.
vlan vlan_number
Displays the VLAN distribution table for the specified VLAN. Enter the desired VLAN number from 0 to 4096.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display all of the CDE register values, enter:
host1/Admin# show cde allRelated Commands
show cfgmgr
To display the Configuration Manager internal information, use the show cfgmgr command.
show cfgmgr internal {history | {table {access-group | ace name| acl name| action-list | arp | class-map | context | icmp-vip | if-zone | interface | l2-ace | l2-acl | l3-rule| match-item | nat | nat-dynamic | nat-pool | nat-pool-data | nat-static | og name | og-data name | og-exp name | parameter-map | policy-map | probe | probe-instance | rserver | script-file | script-task | sfarm | sfarm-real | slb-policy | ssl-proxy | sticky-grp | sticky-static-grp | time-range | track-probe | vip} [all | context name | detail]} [|] [>]
Syntax Description
history
Displays the Configuration Manager debug log.
table
Displays the specified Configuration Manager internal table.
access-group
Displays the access group table.
ace name
Displays the specified ACE table.
acl name
Displays the specified ACL table.
action-list
Displays the action-list table.
arp
Displays the ARP table.
class-map
Displays the class map table.
context
Displays the context table.
icmp-vip
Displays the ICMP state in VIP table.
if-zone
Displays the if zone table.
interface
Displays the interface table.
l2-ace
Displays the Layer 2 ACE table.
l2-acl
Displays the Layer 2 ACL table.
l3-rule
Displays the Layer 3 rule table.
match-item
Displays the match-item table.
nat
Displays the NAT table.
nat-dynamic
Displays the NAT dynamic table.
nat-pool
Displays the NAT pool table.
nat-pool-data
Displays the NAT pool data table.
nat-static
Displays the NAT static table.
og name
Displays the specified Object Group table.
og-data name
Displays the specified Object Group Data table.
og-exp name
Displays the specified Object Group Expanded table.
parameter-map
Displays the parameter map table.
policy-map
Displays the policy map table.
probe
Displays the probe table.
probe-instance
Displays the probe instance table.
rserver
Displays the real server table.
script-file
Displays the script file table.
script-task
Displays the script task table.
sfarm
Displays the server farm table.
sfarm-real
Displays the server farm and real server table.
slb-policy
Displays the server load-balancing policy table.
ssl-proxy
Displays the SSL proxy table.
sticky-grp
Displays the sticky group table.
sticky-static-grp
Displays the static sticky table.
time-range
Displays the time-range table.
track-probe
Displays the track probe table.
vip
Display the VIP table.
all
Displays the internal table information for all the contexts.
context name
Displays the internal table information for the specified context.
detail
Displays the detailed Configuration Manager table information.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display real server table information, enter:
host1/Admin# show cfgmgr internal table rserverRelated Commands
show checkpoint
To display information relating to the configured checkpoints, use the show checkpoint command.
show checkpoint {all | detail name} [|] [>]
Syntax Description
all
Displays a list of all existing checkpoints. The show output includes checkpoint time stamps.
detail name
Displays the running configuration of the specified checkpoint.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show checkpoint command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the running configuration for the checkpoint MYCHECKPOINT, enter:
host1/Admin# show checkpoint detail MYCHECKPOINTRelated Commands
show clock
To display the current date and time settings of the system clock, use the show clock command.
show clock [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure the system clock setting, use the clock command in the configuration mode.
For information about the fields in the show clock command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the current clock settings, enter:
host1/Admin# show clockFri Feb 24 20:08:14 UTC 2006Related Commands
show conn
To display the connection statistics, use the show conn command.
show conn {address ip_address1 [ip_address2] [/prefix_length | netmask mask]] [detail]} | count | detail | {port number1 [number2] [detail]} | {protocol {tcp | udp} [detail]} | {rserver rs_name [port_number] [serverfarm sfarm_name1] [detail]} | {serverfarm sfarm_name2 [detail]} [|] [>]
Syntax Description
address ip_address1 [ip_address2]
Displays connection statistics for a single source or destination IPv4 or IPv6 address or, optionally, for a range of source or destination IPv4 or IPv6 addresses. To specify a range of IP addresses, enter an IP address for the lower limit of the range and a second IP address for the upper limit of the range.
/prefix_length
Displays connection statistics for the IPv6 address or range of IPv6 addresses that you specify. Enter an IPv6 prefix (for example, /64).
netmask mask
Specifies the network mask for the IPv4 address or range of IPv4 addresses that you specify. Enter a network mask in dotted-decimal notation (for example, 255.255.255.0).
count
Displays the total current connections to the ACE.
Note
detail
Displays detailed connection information.
Note
port number1 [number2]
Displays connection statistics for a single source or destination port or optionally, for a range of source or destination ports.
protocol {tcp | udp}
Displays connection statistics for TCP or UDP.
rserver rs_name
Displays connection statistics for the specified real server.
port_number
(Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535.
serverfarm sfarm_name1
(Optional) Displays connection statistics for the specified real server associated with this server farm.
serverfarm sfarm_name2
Displays connection statistics for the real servers associated with the specified server farm.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show conn command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
IPv6 Example
To display connection statistics for a range of IP addresses, enter:
host1/C1# show conn address 2001:DB8:1::15 2001:DB8:1::35/64IPv4 Example
To display connection statistics for a range of IP addresses, enter:
host1/C1# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0Related Commands
show context
To display the context configuration information, use the show context command.
show context [context_name | Admin] [|] [>]
Syntax Description
context_name
(Optional) Name of user-created context. The ACE displays just the specified context configuration information. The context_name argument is case sensitive. and is visible only from the admin context.
Admin
(Optional) Displays just the admin context configuration information. This keyword is visible only from the admin context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE displays different information for this command depending on the context that you are in when executing the command:
•
•
For information about the fields in the show context command output, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the Admin context and all user-context configuration information, enter:
host1/Admin# show contextTo display the configuration information for the user context CTX1, enter:
host1/Ctx1# show contextRelated Commands
show copyright
To display the software copyright information for the ACE, use the show copyright command.
show copyright [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show copyright command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the ACE software copyright information, enter:
host1/Admin# show copyrightRelated Commands
This command has no related commands.
show crypto
To display the summary and detailed reports on files containing Secure Sockets Layer (SSL) certificates, key pairs, chain and authentication groups, and statistics, use the show crypto command.
show crypto { aia-errors | authgroup {group_name| all} | cdp-errors | certificate {filename | all} | chaingroup {filename | all} | {crl {filename [detail]} | all | best-effort} | csr-params {filename | all} | files | key {filename | all} | ocspserver {name [detail] | all | best-effort} | session}} [|] [>]
Syntax Description
aia-errors
Displays the AuthorityInfoAccess (AIA) extension error statistics.
authgroup
Specifies the authentication group file type.
group_name
Name of the specific authentication group file.
all
Displays the summary report that lists all the files of the specified file type or certificates for each authentication group, or certificate revocation lists (CRLs) in the context.
cdp-errors
Displays the statistics for discrepancies in CRL Distribution Points (CDPs) for the certificates on the ACE; not context specific. A CDP indicates the location of the CRL in the form of a URL. CDP parsing in the certificate occurs only when best effort CRL is in use. The statistics include incomplete, malformed and missing information, and unrecognized transports and the number of times that the ACE ignores CDP errors as related to the (config-parammap-ssl) cdp-errors ignore command.
certificate
Specifies the certificate file type.
filename
Name of a specific file. The ACE displays the detailed report for the specified file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.
chaingroup
Specifies the chaingroup file type.
crl
Specifies the certificate revocation list configured in the context.
detail
(Optional) Displays detailed statistics for the downloading of the CRL including failure counters.
best-effort
Displays summarized information for all best-effort CRLs in ACE (a maximum of 16 CRLs).
csr-params
Specifies the Certificate Signing Request (CSR) parameter set.
files
Displays the summary report listing all of the crypto files loaded on the ACE, including certificate, chaingroup, and key pair files. The summary report also shows whether the file contains a certificate, a key pair, or both.
key
Specifies the key pair file type.
ocspserver name
Identifier of a configured OCSP server. The ACE displays Online Certificate Status Protocol (OCSP) information. You can use OCSP as an alternative to CRLs.
detail
Instructs the ACE to display detailed statistics for the specified OCSP server.
all
Displays statistics for all configured OCSP servers.
best-effort
Displays statistics for OCSP servers that were obtained on a best-effort basis by extracting the server information from the client packets.
session
Displays the number of cached TLS and SSL client and server session entries in the current context.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When using the show crypto certificate command and the certificate file contains a chain, the ACE displays only the bottom level certificate (the signers are not displayed).
For information about the fields in the show crypto command output, see the SSL Guide, Cisco ACE Application Control Engine.
Examples
To display the summary report that lists all of the crypto files, enter:
host1/Admin# show crypto filesTo display
Related Commands
crypto delete
crypto export
crypto import
crypto verify
(config) crypto csr-params
(config-parammap-ssl) cdp-errors ignoreshow dc
(ACE module only) To display the statistics for the daughter card hardware on the ACE ACE, use the show dc command.
show dc dc_number {console | controller {all | health | interrupts | reg register_number | stats {cumulative | delta}} | interrupts} [|] [>]
Syntax Description
dc_number
Number of the daughter card (1 or 2).
console
Displays whether the master or the slave network processor console is directed to the base board front panel for the specified daughter card. For example, if the master network processor is directed to the front panel, the following message appears: "mCPU console is directed to base board front panel." See the related set dc dc_number console command.
controller
Displays the register values for the specified daughter card CPU and the specified controller area.
all
Displays all controller register values for the specified daughter card CPU
health
Displays the controller health and statistics for the specified daughter card.
interrupts
Displays the controller interrupt statistics for the specified daughter card.
reg register_number
Displays the description, value, and register type for the specified controller register in the specified daughter card.
stats
Displays the controller statistics registers for the specified daughter card. You can instruct the ACE to display either cumulative stats since the last reboot or the change in stats since the last time you entered this command.
cumulative
Displays accumulated controller statistics since the last time you rebooted the ACE or entered the clear dc command.
delta
Displays the difference in controller statistics since the last time you entered this command.
interrupts
Displays the interrupt statistics for the specified daughter card.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
For information about the fields in the show dc command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the cumulative daughter card controller statistics, enter:
host1/Admin# show dc 1 controller stats cumulativeTnrpc call for INFO_VERN_REGISTERS SuccessSNO Verni Register Name Address Value---------------------------------------------------------0 VERNI_TXDCCTRLBPCNT_REG_ADDR 0x0024 01 VERNI_TXBCMBPCNT_REG_ADDR 0x0028 02 VERNI_CSR_CNTL_REG_ADDR 0x0080 03 VERNI_DCRX0_BYTCNT_L_REG_ADDR 0x3104 04 VERNI_DCRX0_BYTCNT_H_REG_ADDR 0x3100 05 VERNI_DCRX1_BYTCNT_L_REG_ADDR 0x3114 268579136 VERNI_DCRX1_BYTCNT_H_REG_ADDR 0x3110 07 VERNI_DCRX2_BYTCNT_L_REG_ADDR 0x3124 29840418578 VERNI_DCRX2_BYTCNT_H_REG_ADDR 0x3120 09 VERNI_DCRX3_BYTCNT_L_REG_ADDR 0x3134 010 VERNI_DCRX3_BYTCNT_H_REG_ADDR 0x3130 011 VERNI_DCRX4_BYTCNT_L_REG_ADDR 0x3144 012 VERNI_DCRX4_BYTCNT_H_REG_ADDR 0x3140 013 VERNI_DCRX5_BYTCNT_L_REG_ADDR 0x3154 1018242614 VERNI_DCRX5_BYTCNT_H_REG_ADDR 0x3150 015 VERNI_DCRX6_BYTCNT_L_REG_ADDR 0x3164 46190716 VERNI_DCRX6_BYTCNT_H_REG_ADDR 0x3160 017 VERNI_DCRX7_BYTCNT_L_REG_ADDR 0x3174 018 VERNI_DCRX7_BYTCNT_H_REG_ADDR 0x3170 019 VERNI_DCRX0_PKTCNT_REG_ADDR 0x3200 020 VERNI_DCRX1_PKTCNT_REG_ADDR 0x3204 27040021 VERNI_DCRX2_PKTCNT_REG_ADDR 0x3208 3318106622 VERNI_DCRX3_PKTCNT_REG_ADDR 0x320c 023 VERNI_DCRX4_PKTCNT_REG_ADDR 0x3210 024 VERNI_DCRX5_PKTCNT_REG_ADDR 0x3214 12031125 VERNI_DCRX6_PKTCNT_REG_ADDR 0x3218 494626 VERNI_DCRX7_PKTCNT_REG_ADDR 0x321c 027 VERNI_DCRX0_EPKTCNT_REG_ADDR 0x3300 028 VERNI_DCRX1_EPKTCNT_REG_ADDR 0x3304 029 VERNI_DCRX2_EPKTCNT_REG_ADDR 0x3308 030 VERNI_DCRX3_EPKTCNT_REG_ADDR 0x330c 031 VERNI_DCRX4_EPKTCNT_REG_ADDR 0x3310 032 VERNI_DCRX5_EPKTCNT_REG_ADDR 0x3314 033 VERNI_DCRX6_EPKTCNT_REG_ADDR 0x3318 034 VERNI_DCRX7_EPKTCNT_REG_ADDR 0x331c 035 VERNI_DCRX0_FCCNT_REG_ADDR 0x3400 036 VERNI_DCRX0_DROPCNT_REG_ADDR 0x3420 037 VERNI_DCRX1_FCCNT_REG_ADDR 0x3404 038 VERNI_DCRX1_DROPCNT_REG_ADDR 0x3424 039 VERNI_DCRX2_DROPCNT_REG_ADDR 0x3408 040 VERNI_DCRX3_DROPCNT_REG_ADDR 0x340c 041 VERNI_DCRX4_FCCNT_REG_ADDR 0x3410 042 VERNI_DCRX4_DROPCNT_REG_ADDR 0x3428 043 VERNI_DCRX5_FCCNT_REG_ADDR 0x3414 044 VERNI_DCRX5_DROPCNT_REG_ADDR 0x342c 045 VERNI_DCRX6_DROPCNT_REG_ADDR 0x3418 046 VERNI_DCRX7_DROPCNT_REG_ADDR 0x341c 047 VERNI_DCTX0_BYTCNT_L_REG_ADDR 0x4104 048 VERNI_DCTX0_BYTCNT_H_REG_ADDR 0x4100 049 VERNI_DCTX1_BYTCNT_L_REG_ADDR 0x4114 2958877450 VERNI_DCTX1_BYTCNT_H_REG_ADDR 0x4110 051 VERNI_DCTX2_BYTCNT_L_REG_ADDR 0x4124 1545740352 VERNI_DCTX2_BYTCNT_H_REG_ADDR 0x4120 053 VERNI_DCTX3_BYTCNT_L_REG_ADDR 0x4134 054 VERNI_DCTX3_BYTCNT_H_REG_ADDR 0x4130 055 VERNI_DCTX4_BYTCNT_L_REG_ADDR 0x4144 056 VERNI_DCTX4_BYTCNT_H_REG_ADDR 0x4140 057 VERNI_DCTX5_BYTCNT_L_REG_ADDR 0x4154 713935458 VERNI_DCTX5_BYTCNT_H_REG_ADDR 0x4150 059 VERNI_DCTX6_BYTCNT_L_REG_ADDR 0x4164 8260 VERNI_DCTX6_BYTCNT_H_REG_ADDR 0x4160 061 VERNI_DCTX7_BYTCNT_L_REG_ADDR 0x4174 062 VERNI_DCTX7_BYTCNT_H_REG_ADDR 0x4170 063 VERNI_DCTX0_PKTCNT_REG_ADDR 0x4200 064 VERNI_DCTX1_PKTCNT_REG_ADDR 0x4204 34510765 VERNI_DCTX2_PKTCNT_REG_ADDR 0x4208 15013866 VERNI_DCTX3_PKTCNT_REG_ADDR 0x420c 067 VERNI_DCTX4_PKTCNT_REG_ADDR 0x4210 068 VERNI_DCTX5_PKTCNT_REG_ADDR 0x4214 7758069 VERNI_DCTX6_PKTCNT_REG_ADDR 0x4218 170 VERNI_DCTX7_PKTCNT_REG_ADDR 0x421c 071 VERNI_DCTX0_EPKTCNT_REG_ADDR 0x4300 072 VERNI_DCTX1_EPKTCNT_REG_ADDR 0x4304 073 VERNI_DCTX2_EPKTCNT_REG_ADDR 0x4308 074 VERNI_DCTX3_EPKTCNT_REG_ADDR 0x430c 075 VERNI_DCTX4_EPKTCNT_REG_ADDR 0x4310 076 VERNI_DCTX5_EPKTCNT_REG_ADDR 0x4314 077 VERNI_DCTX6_EPKTCNT_REG_ADDR 0x4318 078 VERNI_DCTX7_EPKTCNT_REG_ADDR 0x431c 079 VERNI_DCTX0_CRCECNT_REG_ADDR 0x4400 080 VERNI_DCTX1_CRCECNT_REG_ADDR 0x4404 081 VERNI_DCTX2_CRCECNT_REG_ADDR 0x4408 082 VERNI_DCTX3_CRCECNT_REG_ADDR 0x440c 083 VERNI_DCTX4_CRCECNT_REG_ADDR 0x4410 084 VERNI_DCTX5_CRCECNT_REG_ADDR 0x4414 085 VERNI_DCTX6_CRCECNT_REG_ADDR 0x4418 086 VERNI_DCTX7_CRCECNT_REG_ADDR 0x441c 087 VERNI_SOP_ILL_CNT_REG_ADDR 0x4420 088 VERNI_SNKCH0_BYTCNT_L_REG_ADDR 0x5104 089 VERNI_SNKCH0_BYTCNT_H_REG_ADDR 0x5100 090 VERNI_SNKCH1_BYTCNT_L_REG_ADDR 0x5114 2958928691 VERNI_SNKCH1_BYTCNT_H_REG_ADDR 0x5110 092 VERNI_SNKCH2_BYTCNT_L_REG_ADDR 0x5124 1546636393 VERNI_SNKCH2_BYTCNT_H_REG_ADDR 0x5120 094 VERNI_SNKCH3_BYTCNT_L_REG_ADDR 0x5134 095 VERNI_SNKCH3_BYTCNT_H_REG_ADDR 0x5130 096 VERNI_SNKCH4_BYTCNT_L_REG_ADDR 0x5144 097 VERNI_SNKCH4_BYTCNT_H_REG_ADDR 0x5140 098 VERNI_SNKCH5_BYTCNT_L_REG_ADDR 0x5154 714140299 VERNI_SNKCH5_BYTCNT_H_REG_ADDR 0x5150 0100 VERNI_SNKCH6_BYTCNT_L_REG_ADDR 0x5164 82101 VERNI_SNKCH6_BYTCNT_H_REG_ADDR 0x5160 0102 VERNI_SNKCH7_BYTCNT_L_REG_ADDR 0x5174 0103 VERNI_SNKCH7_BYTCNT_H_REG_ADDR 0x5170 0104 VERNI_SNKCH0_PKTCNT_REG_ADDR 0x5200 0105 VERNI_SNKCH1_PKTCNT_REG_ADDR 0x5210 345107106 VERNI_SNKCH2_PKTCNT_REG_ADDR 0x5220 150138107 VERNI_SNKCH3_PKTCNT_REG_ADDR 0x5230 0108 VERNI_SNKCH4_PKTCNT_REG_ADDR 0x5240 0109 VERNI_SNKCH5_PKTCNT_REG_ADDR 0x5250 75532110 VERNI_SNKCH6_PKTCNT_REG_ADDR 0x5260 1111 VERNI_SNKCH7_PKTCNT_REG_ADDR 0x5270 0112 VERNI_SNKCH0_EPKTCNT_REG_ADDR 0x5300 0113 VERNI_SNKCH1_EPKTCNT_REG_ADDR 0x5310 0114 VERNI_SNKCH2_EPKTCNT_REG_ADDR 0x5320 0115 VERNI_SNKCH3_EPKTCNT_REG_ADDR 0x5330 0116 VERNI_SNKCH4_EPKTCNT_REG_ADDR 0x5340 0117 VERNI_SNKCH5_EPKTCNT_REG_ADDR 0x5350 0118 VERNI_SNKCH6_EPKTCNT_REG_ADDR 0x5360 0119 VERNI_SNKCH7_EPKTCNT_REG_ADDR 0x5370 0120 VERNI_SNK_GERRCNT_REG_ADDR 0x5400 0121 VERNI_SRCCH0_BYTCNT_L_REG_ADDR 0x6104 0122 VERNI_SRCCH0_BYTCNT_H_REG_ADDR 0x6100 0123 VERNI_SRCCH1_BYTCNT_L_REG_ADDR 0x6114 26857913124 VERNI_SRCCH1_BYTCNT_H_REG_ADDR 0x6110 0125 VERNI_SRCCH2_BYTCNT_L_REG_ADDR 0x6124 2984065605126 VERNI_SRCCH2_BYTCNT_H_REG_ADDR 0x6120 0127 VERNI_SRCCH3_BYTCNT_L_REG_ADDR 0x6134 0128 VERNI_SRCCH3_BYTCNT_H_REG_ADDR 0x6130 0129 VERNI_SRCCH4_BYTCNT_L_REG_ADDR 0x6144 0130 VERNI_SRCCH4_BYTCNT_H_REG_ADDR 0x6140 0131 VERNI_SRCCH5_BYTCNT_L_REG_ADDR 0x6154 10182426132 VERNI_SRCCH5_BYTCNT_H_REG_ADDR 0x6150 0133 VERNI_SRCCH6_BYTCNT_L_REG_ADDR 0x6164 461907134 VERNI_SRCCH6_BYTCNT_H_REG_ADDR 0x6160 0135 VERNI_SRCCH7_BYTCNT_L_REG_ADDR 0x6174 0136 VERNI_SRCCH7_BYTCNT_H_REG_ADDR 0x6170 0137 VERNI_SRCCH0_PKTCNT_REG_ADDR 0x6200 0138 VERNI_SRCCH1_PKTCNT_REG_ADDR 0x6210 270400139 VERNI_SRCCH2_PKTCNT_REG_ADDR 0x6220 33181387140 VERNI_SRCCH3_PKTCNT_REG_ADDR 0x6230 0141 VERNI_SRCCH4_PKTCNT_REG_ADDR 0x6240 0142 VERNI_SRCCH5_PKTCNT_REG_ADDR 0x6250 120311143 VERNI_SRCCH6_PKTCNT_REG_ADDR 0x6260 4946144 VERNI_SRCCH7_PKTCNT_REG_ADDR 0x6270 0145 VERNI_SRCCH0_EPKTCNT_REG_ADDR 0x6300 0146 VERNI_SRCCH1_EPKTCNT_REG_ADDR 0x6310 0147 VERNI_SRCCH2_EPKTCNT_REG_ADDR 0x6320 0148 VERNI_SRCCH3_EPKTCNT_REG_ADDR 0x6330 0149 VERNI_SRCCH4_EPKTCNT_REG_ADDR 0x6340 0150 VERNI_SRCCH5_EPKTCNT_REG_ADDR 0x6350 0151 VERNI_SRCCH6_EPKTCNT_REG_ADDR 0x6360 0152 VERNI_SRCCH7_EPKTCNT_REG_ADDR 0x6370 0153 CH0_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6400 8154 CH1_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6410 0155 CH2_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6420 0156 CH3_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6430 0157 CH4_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6440 0158 CH5_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6450 0159 CH6_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6460 0160 CH7_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6470 0Related Commands
show debug
To display the debug flags, use the show debug command.
show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp | fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd} [|] [>]
Syntax Description
aaa
Displays the 301 debug flags.
access-list
Displays the access-list debug flags.
arpmgr
Displays the Address Resolution Protocol (ARP) manager debug flags.
ascii-cfg
Displays the ASCII cfg debug flags.
bpdu
Displays the bridge protocol data unit (BPDU) debug flags.
buffer
Displays the CP buffer debug flags.
cfg_cntlr
Displays the configuration controller debug flags.
cfgmgr
Displays the configuration manager debug flags.
clock
(ACE module only) Displays the state of clock debug settings.
dhcp
Displays the Dynamic Host Configuration Protocol (DHCP) debug flags.
fifo
Displays the show packet first in, first out (FIFO) debug flags.
fm
Displays the feature manager debug flags.
fs-daemon
Displays the FS daemon debug flags.
ha_dp_mgr
Displays the high availability (HA) dataplane manager debug flags.
ha_mgr
Displays the HA manager debug flags.
hm
Displays the HM debug flags.
ifmgr
Displays the interface manager debug flags.
ipcp
Displays the kernel IP Control Protocol (IPCP) debug flags.
lcp
(ACE module only) Displays the LCP debug flags.
ldap
Displays the Lightweight Directory Access Protocol (LDAP) debug flags.
license
Displays the licensing debug flags.
logfile
Displays the contents of the logfile.
nat-download
Displays the Network Address Translation (NAT) download debug flags.
netio
Displays the CP net I/O debug flags.
pfmgr
Displays the platform manager debug flags.
pktcap
Displays the packet capture debug flags.
radius
Displays the Remote Authentication Dial-In User Service (RADIUS) debug flags.
routemgr
Displays the route manager debug flags.
scp
(ACE module only) Displays the Secure Copy Protocol (SCP) debug flags.
security
Displays the security/accounting debug flags.
sme
Displays the System Manager Extension (SME) debug flags.
snmp
Displays the Simple Network Management Protocol (SNMP) server debug flags.
ssl
Displays the Secure Sockets Layer (SSL) manager debug flags.
syslogd
Displays the syslogd debug flags.
system
Displays the system debug flags.
tacacs+
Displays the Terminal Access Controller Access Control System Plus (TACACS+) debug flags.
tl
Displays the CP buffer debug flags.
ttyd
Displays the TTYD debug flags.
virtualization
Displays the virtualization debug flags.
vnet
Displays the virtual network (VNET) driver debug flags.
vshd
Displays the VSHD debug flags.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the debug feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel.
Examples
To display the VSHD debug flags, enter:
host1/Admin# show debug vshdRelated Commands
show domain
To display the information about the configured domains in the ACE, use the show domain command.
show domain [name] [|] [>]
Syntax Description
name
(Optional) Name of an existing context domain. Specify a domain name to display the detailed configuration report that relates to the specified domain.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the complete domain configuration report that lists all of the configured domains, enter the show domain command without including the name argument.
For information about the fields in the show domain command output, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the domain configuration report for the domain D1, enter:
host1/Admin# show domain D1Related Commands
show download information
To display the state of the configuration download for each interface on the context, use the show download information command.
show download information [all] [summary]} [|] [>]
Syntax Description
all
Displays the configuration download status for all interfaces on all contexts (Admin context only).
summary
Displays the summary status of the download information for the context. When you include the all option with the summary option, this command displays the download summary status for all contexts.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context for the all option.
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If no option is included with this command, the status information for all interfaces in the current context is displayed.
You can execute the show download information command to monitor the progress of the download.
When you apply changes to a configuration file, the ACE downloads the configuration to its data plane. When you perform incremental changes, such as copying and pasting commands in a configuration, the ACE immediately performs the configuration download and does not display any terminal messages at the start or end of the download.
However, in the following situations, the ACE defers the configuration download until the entire configuration is applied to the context:
•
•
•
We recommend that you do not execute any configuration commands during the deferred download. The ACE does not deny you from entering configuration changes. But the changes will not occur until the download is completed. If the command times out during the download, the following message appears:
Config application in progress. This command is queued to the system.The ACE does not queue the command immediately, however, the ACE processes and executes the command when the download is completed even if the command times out.
Examples
To display the configuration download status for all contexts, enter:
host1/Admin# show download information allRelated Commands
This command has no related commands.
show eobc
(ACE module only) To display the Ethernet Out-of-Band Channel (EOBC) registers and statistics on the ACE, use the show eobc command.
show eobc {registers | stats} [|] [>]
Syntax Description
registers
Displays the EOBC registers.
stats
Displays the EOBC statistics.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
A2(2.3)
This command was introduced.
A2(3.1)
This command was introduced.
Usage Guidelines
This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the EOBC statistics, enter:
host1/Admin# show eobc statsRelated Commands
This command has no related commands.
show fifo
To display the packet first in, first out (FIFO) statistics for the Pkt-Fifo module, use the show fifo command.
show fifo {event-history | registers | stats} [|] [>]
Syntax Description
event-history
Displays a historic log of the most recent debug messages generated by the Pkt-Fifo module.
registers
Displays the state of all the registers associated with the transmit and receive hardware engines.
stats
Displays detailed counters for the various Pkt-Fifo module event occurrences.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
3.0(0)A1(2)
This command was introduced.
3.0(0)A1(5)
Interrupt statistics were added to the output of the stats keyword.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the control plane packet FIFO registers, enter:
host1/Admin# show fifo registersRelated Commands
show file
To display the contents of a specified file in a directory in persistent memory (flash memory) or volatile memory (RAM), use the show file command.
show file {disk0: | volatile:}[directory/]filename [cksum | md5sum] [|] [>]
Syntax Description
disk0:
Specifies the disk0 file system in persistent memory.
volatile:
Specifies the file system in volatile memory.
[directory/]filename
Path and name of the specified file.
cksum
(Optional) Displays the cyclic redundancy check (CRC) checksum for the file. The checksum values compute a CRC for each named file. Use this command to verify that the files are not corrupted. You compare the checksum output for the received file against the checksum output for the original file.
md5sum
(Optional) Displays the MD5 checksum (electronic fingerprint) for the file. MD5 is the latest implementation of the Internet standards described in RFC 1321 and is useful for data security and integrity.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show file command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the contents of the file FILE1 stored in the directory MYFILES in disk0:, enter:
host1/Admin# show file disk0:MYFILES/FILE1Related Commands
show fragment
To display the IPv4 an IPv6 fragmentation and reassembly statistics for all interfaces in the ACE or the specified interface, use the show fragment command.
show fragment [vlan vlan_id] [|] [>]
Syntax Description
vlan vlan_id
(Optional) Specifies an existing interface.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A5(1.0)
Added IPv6 support.
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you omit the vlan vlan_id optional keyword and argument, you can display statistics for all interfaces in the ACE.
For information about the fields in the show fragment command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
To display the IPv4 and IPv6 fragmentation and reassembly statistics for VLAN 210, enter:
host1/Admin# show fragment vlan 210Related Commands
show ft
To display the fault-tolerant (ft), or redundancy, statistics per context, use the show ft command.
show ft {config-error [context_name]} | {group {brief | {[group_id] {detail | status | summary}}}} | {history {cfg_cntlr | ha_dp_mgr | ha_mgr}} | {idmap} | {memory [detail]} | {peer peer_id {detail | status | summary}} | {stats group_id} | {track group_id {detail | status | summary}} [|] [>]
Syntax Description
config-error [context_name]
Displays the commands that fail on the standby ACE during bulk synchronization in a redundant configuration. If all commands succeed on the standby ACE, the command displays the following message:
No bulk config apply errorsIn the Admin context, the optional context_name argument is the name of a user context. If you do not enter the argument, the command uses the Admin context. In a user context, this argument is not available.
group group_id
Displays FT group statistics for the specified FT group. In the Admin context, this keyword displays statistics for all FT groups in the ACE. Also, in the Admin context, you can specify an FT group number to display statistics for an individual group. In a user context, this keyword displays statistics only for the FT group to which the user context belongs.
brief
Displays the group ID, local state, peer state, context name, context ID of all the FT groups that are configured in the ACE, and the configuration synchronization status.
detail
Displays detailed information for the specified FT group or peer, including the configuration synchronization status of the running- and the startup-configuration files.
status
Displays the current operating status for the specified FT group or peer.
summary
Displays summary information for the specified FT group or peer.
history
Displays a history of internal redundancy software statistics (Admin context only).
cfg_cntlr
Displays the configuration controller debug log.
ha_dp_mgr
Displays the high availability (HA) dataplane manager debug log.
ha_mgr
Displays the HA manager debug log.
idmap
Displays the IDMAP table for all object types. In a redundancy configuration, the IDMAP table is used to map objects between the active and the standby ACEs for use in config sync and state replication.
memory [detail]
Displays summary HA manager memory statistics or optional detailed HA manager memory statistics (Admin context only).
peer peer_id
Specifies the identifier of the remote standby member of the FT group.
stats group_id
Displays redundancy statistics for the specified FT group.
track group_id
Displays redundancy statistics related to tracked items for all FT groups.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show ft {history | memory} command is available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed.
For detailed information about the fields in the show ft command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the detailed statistics for FT group GROUP1, enter:
host1/Admin# show ft group GROUP1 detailRelated Commands
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interfaceshow hardware
To display the ACE hardware details, such as the serial number and the hardware revision level of the ACE and the ACE module daughter card, use the show hardware command.
show hardware [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A4(1.0)
Added daughter card information.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show hardware command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display ACE hardware information, enter:
host1/Admin# show hardwareRelated Commands
show hyp
(ACE module only) To display the Hyperion backplane ASIC register values and statistics, use the show hyp command.
show hyp [reg reg_number | stats] [|] [>]
Syntax Description
reg reg_number
(Optional) Displays the specified Hyperion backplane ASIC register values. Enter a hexadecimal value from 0x0 to 0x6db.
stats
(Optional) Displays the Hyperion backplane ASIC statistics.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display the Hyperion backplane ASIC statistics, enter:
host1/Admin# show hyp statsRelated Commands
This command has no related commands.
show icmp statistics
To display the Internet Control Message Protocol (ICMP) statistics, use the show icmp statistics command.
show icmp statistics [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the clear icmp-statistics command to clear the ICMP statistics.
For information about the fields in the show icmp statistics command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display ICMP statistics, enter:
host1/Admin# show icmp statisticsRelated Commands
show interface
To display the interface information, use the show interface command.
show interface [bvi number | eobc | gigabitEthernet slot_number/port_number [counters] | internal {event-history {dbg | mts} | iftable [name] | port-vlantable | seciptable | vlantable [number]} port-channel channel_number | vlan number] [|] [>]
Syntax Description
bvi number
(Optional) Displays the information for the specified Bridge Group Virtual Interface (BVI).
eobc
(Optional, ACE module only) Displays the interface information for the Ethernet Out-of-Band channel (EOBC).
gigabitEthernet slot_number/port_number
(Optional, ACE appliance only) Displays the statistics for the specified gigabit Ethernet slot and port.
•
•
This keyword is available in the Admin context only.
counters
(ACE appliance only) Displays a summary of interface counters for the specified Ethernet data port related to the receive and transmit queues.
internal
(Optional) Displays the internal interface manager tables and events.
event-history
Displays event history information.
dbg
Displays debug history information.
mts
Displays message history information.
iftable
Displays the master interface table (Admin context only).
name
(Optional) Interface table name. If you specify an interface table name, the ACE displays the table information for that interface.
port-vlantable
(Optional, ACE appliance only) Displays the Ethernet port manager VLAN table.
seciptable
Displays the interface manager's (ifmgr) view of a logical interface and displays all the configured secondary IP addresses under an interface
vlantable
Displays the VLAN table (Admin context only).
number
(Optional) VLAN number. If you specify an interface number, the ACE displays the table information for that interface.
port-channel channel_number
(Optional, ACE appliance only) Displays the channel number assigned to a port-channel interface. Valid values are from 1 to 255. This keyword is available in the Admin context only.
vlan number
(Optional) Displays the statistics for the specified VLAN.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
BVI and VLAN interface—Admin and user contexts
(ACE appliance only) Ethernet data port, Ethernet management port, and port-channel interface—Admin context only
Command History
3.0(0)A1(2)
This command was introduced.
A2(3.1)
Added the seciptable option.
Usage Guidelines
This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
(ACE appliance only) In addition, the Ethernet data port, Ethernet management port, and port-channel interface command functions require the Admin user role.
(ACE appliance only) You can configure flow control on each Ethernet port of a Catalyst 6500 series switch. However, the ACE does not support flow control. If you connect an ACE to a Catalyst 6500 series switch, the flow control functionality is disabled on the ACE. The output of the show interface gigabitEthernet command on the ACE displays the "input flow-control is off, output flow control is off" flow-control status line as shown in the example above regardless of the state of flow control on the Catalyst 6500 series switch port to which the ACE is connected.
To display all of the interface statistical information, enter the show interface command without using any of the optional keywords.
The internal keyword and options are intended for use by trained Cisco personnel for troubleshooting purposes only.
For information about the fields in the show interface command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine.
Examples
To display all of the interface statistical information, enter:
host1/Admin# show interfaceACE Appliance Example
To view the configuration status for Ethernet data port 4, enter:
host1/Admin# show interface gigabitEthernet 1/4Related Commands
show inventory
To display the system hardware inventory, use the show inventory command.
show inventory [raw] [|] [>]
Syntax Description
raw
(Optional) Displays the hardware inventory report and information about each temperature sensor in the ACE.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the show inventory command to display information about the field-replaceable units (FRUs) in the ACE, including product IDs, serial numbers, and version IDs.
If you do not include the raw keyword, the ACE displays the hardware inventory report only.
For information about the fields in the show inventory command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the hardware inventory report, enter:
host1/Admin# show inventoryTo display the hardware inventory report and information about each temperature sensor, enter:
host1/Admin# show inventory rawRelated Commands
show ip
To display the IP statistics, use the show ip command.
show ip {dhcp relay {conf | information policy | statistics} | fib [np number {dest-ip ip_address}} | summary | wr dest-ip ip_address] | interface brief {[bvi | gigabitEthernet | port-channel | vlan] number} | route [summary | internal {event-history dbg | memory}] | traffic} [|] [>]
Syntax Description
dhcp relay
Specifies the Dynamic Host Configuration Protocol (DHCP) configuration information.
conf
Displays the DHCP relay configuration information.
information policy
Displays the relay agent information and the reforwarding policy status.
statistics
Displays the DHCP relay statistics.
fib
Displays the Forwarding Information Base (FIB) table for the context. This table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables.
np number dest-ip ip_address
(Optional) Displays the FIB information for a destination address on the specified ACE NP (network processor). For the number argument:
•
•
For the ip_address argument, enter the IPV4 address in dotted-decimal notation (for example, 172.27.16.10).
summary
(Optional) Displays the FIB table or route summary for the current context.
wr dest-ip ip_address
(Optional) Displays the FIB information for the specified wire region (0 only) and destination IP address. Enter the IPv4 address in dotted-decimal notation (for example, 172.27.16.10).
interface brief
Displays a brief configuration and status summary of all interfaces, a specified bridge group virtual interface (BVI), or a virtual LAN (VLAN), including the interface number, IP address, status, and protocol.
bvi
Displays the information for a specified BVI.
gigabitEthernet
Displays the information for an existing gigabit Ethernet (GE) port. Enter 1.
port-channel
Displays the information for an existing port-channel.
vlan
Displays the statistics for a specified VLAN number.
number
Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1. For a port channel, enter an integer from 1 to 255. For a VLAN, enter an integer from 2 to 4090.
route
Displays the route entries.
internal
(Optional) Specifies the internal route entries.
event-history dbg
Displays the event history statistics.
memory
Displays the mtrack output statistics.
traffic
Displays the IPv4 and IPv6 protocol statistics.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
Added the interface brief and related keywords.
A5(1.0)
Added IPv6 support for the traffic keyword.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The internal and fib keywords and options are intended for use by trained Cisco personnel for troubleshooting purposes only.
For information about the fields in the show ip command output, see the Security Guide, Cisco ACE Application Control Engine and the Routing and Bridging Guide, Cisco ACE Application Control Engine.
Examples
To display all IP route entries, enter:
host1/Admin# show ip routeRelated Commands
show ipcp
To display the Interprocess Communication Protocol (IPCP) statistics, use the show ipcp command. The ACE module uses the Interprocess Communication Protocol for communication between the control plane processor and the dataplane processors.
show ipcp {cde | clients | event-history | peek_poke} [|] [>]
Syntax Description
cde
Displays the following statistics:
•
•
clients
Displays the following statistics:
•
•
event-history
Displays the following statistics:
•
•
peek_poke
Displays the following statistics:
•
•
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
A1(7)
This command was introduced.
A4(1.0)
The pci option was removed.
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display IPCP statistics for the CDE interface, enter the following command:
host1/Admin# show ipcp cdeRelated Commands
This command has no related commands.
show ipv6
To display the IPv6 statistics, use the show ipv6 command.
show ipv6 {dhcp relay [statistics]} | {fib [{np number dest-ip ip_address} | summary | wr dest-ip ip_address]} | {interface [brief] [[bvi | vlan] number]} | neighbors | {route [summary | internal ktable]} [|] [>]
Syntax Description
dhcp relay
Specifies the Dynamic Host Configuration Protocol (DHCP) configuration information.
statistics
(Optional) Displays the DHCP relay statistics.
fib
Displays the Forwarding Information Base (FIB) table for the context. This table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables.
np number dest-ip ip_address
(Optional) Displays the FIB information for a destination address on the specified ACE NP (network processor). For the number argument:
•
•
For the ip_address argument, enter the IP address in dotted-decimal notation (for example, 172.27.16.10).
summary
(Optional) Displays the FIB table or route summary for the current context.
wr dest-ip ip_address
(Optional) Displays the FIB information for the specified wire region (0 only) and destination IP address. Enter the IP address in dotted-decimal notation (for example, 172.27.16.10).
interface
Displays the configuration and status of all interfaces, including the interface number, IP address, status, and protocol.
brief
Displays a brief configuration and status summary of all interfaces, a specified bridge group virtual interface (BVI), or a virtual LAN (VLAN), including the interface number, IP address, status, and protocol.
bvi
Displays the configuration and status information for a specified BVI.
vlan
Displays the configuration and status information for a specified VLAN number.
number
Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1. For a port channel, enter an integer from 1 to 255. For a VLAN, enter an integer from 2 to 4090.
neighbors
Displays information about the IPv6 neighbors, including the IPv6 address, MAC address, status (Up or Down), and more.
route
Displays the route entries.
internal
(Optional) Specifies the internal route entries.
ktable
Displays the IPv6 kernel route table entries.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
Added the interface brief and related keywords.
A5(1.0)
Added IPv6 support.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The internal and fib keywords and options are intended for use by trained Cisco personnel for troubleshooting purposes only.
For information about the fields in the show ipv6 command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine.
Examples
To display IPv6 interface summary information for VLAN 300, enter:
host1/Admin# show ipv6 interface brief vlan 300Related Commands
show kalap udp load
To display the latest load information for a VIP address, VIP-based tag, or a domain name provided to the KAL-AP request, use the show kalap udp load command in Exec mode.
show kalap udp load {all | domain domain | vip {ip_address | tag name}} [|] [>]
Syntax Description
all
Displays the latest load information for all VIP addresses, and VIP-based tags and domains with their associated VIP addresses and port numbers.
domain domain
Displays the latest load information for the specified domain name.
vip ip_address | tag name
Displays the latest load information for the specified VIP address or VIP tag name. For the ip_address argument, enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
A2(1.0)
This command was introduced.
A2(2.0)
The all keyword was added.
The vip tag name keyword and argument were added.
A3(1.0)
This command was introduced.
A4(1.0)
The tag name keyword and argument were added.
Usage Guidelines
The output fields for the show kalap udp load all command display the VIP address, VIP tag with its associated VIP address and port number, or domain name with its associated VIP address and port number, its load value, and the time stamp.
Examples
To display the latest load information to the KAL-AP request for VIP address 10.10.10.10, enter:
host1/Admin# show kalap udp load vip 10.10.10.10To display the latest load information to the KAL-AP request for domain KAL-AP-TAG1, enter:
host1/Admin# show kalap udp load domain KAL-AP-TAG1To display the latest load information to the KAL-AP request for the VIP KAL-AP-TAG2 tag, enter:
host1/Admin# show kalap udp load vip tag KAL-AP-TAG2Related Commands
show lcp event-history
(ACE module only) To display the Line Card Process (LCP) debug event history information, use the show lcp event-history command.
show lcp event-history [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display LCP debug event history information, enter:
host1/Admin# show lcp event-historyRelated Commands
This command has no related commands.
show ldap-server
To display the configured Lightweight Directory Access Protocol (LDAP) server and server group parameters, use the show ldap-server command.
show ldap-server [groups] [|] [>]
Syntax Description
groups
(Optional) Displays configured LDAP server group information.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show ldap-server command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
To display the configured LDAP server groups, enter:
host1/Admin# show ldap-server groupsRelated Commands
(config) aaa group server
(config) ldap-server host
(config) ldap-server port
(config) ldap-server timeoutshow license
To display your ACE license information, use the show license command.
show license [brief | file filename | internal event-history | status | usage] [|] [>]
Syntax Description
brief
(Optional) Displays a filename list of currently installed licenses.
file filename
(Optional) Displays the file contents of the specified license.
internal event-history
(Optional) Displays a history of licensing-related events.
status
(Optional) Displays the status of licensed features.
usage
(Optional) Displays the usage table for all licenses.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Entering the show license command without any options and arguments displays all of the installed ACE license files and their contents.
For information about the fields in the show license command output, see the Administration Guide, Cisco ACE Application Control Engine.
To manage the licenses on your ACE, use the license command.
Examples
To display all of the installed ACE license files and their contents, enter:
host1/Admin# show licenseRelated Commands
show line
To display all of the configured console and virtual terminal line sessions, use the show line command.
show line [console [connected]] [|] [>]
Syntax Description
console
(Optional) Displays the configured console settings for the ACE.
connected
(Optional) Displays the physical connection status.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show line command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display all configured console and virtual terminal line sessions, enter:
host1/Admin# show lineACE Module Example
To display the configured console settings for the ACE, enter:
host1/Admin# show line consoleRelated Commands
(ACE module only) (config) line console
show logging
To display the current severity level and state of all syslog messages stored in the logging buffer, or to display information related to specific syslog messages, use the show logging command.
show logging [history | internal {event-history dbg | facility} | message [syslog_id | all | disabled] | persistent | queue | rate-limit | statistics] [|] [>]
Syntax Description
history
(Optional) Displays the logging history file.
internal
(Optional) Displays syslog internal messages.
event-history dbg
Displays the debug history for the syslog server.
facility
Displays the registered internal facilities for the syslog server.
message
(Optional) Displays a list of syslog messages that have been modified from the default settings. These are messages that have been assigned a different severity level or messages that have been disabled.
syslog_id
(Optional) Identifier of a specific system log message to display, specified by message ID, and identifies whether the message is enabled or disabled.
all
(Optional) Displays all system log message IDs and identifies whether they are enabled or disabled.
disabled
(Optional) Displays a complete list of suppressed syslog messages.
persistent
(Optional) Displays statistics for the log messages sent to flash memory on the ACE.
queue
(Optional) Displays statistics for the internal syslog queue.
rate-limit
(Optional) Displays the current syslog rate-limit configuration.
statistics
(Optional) Displays syslog statistics.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the show logging command, you must have the ACE buffer enabled as a logging output location. By default, logging to the local buffer on the ACE is disabled. To enable system logging to a local buffer and to limit the messages sent to the buffer based on severity, use the logging buffered configuration command from the desired context.
The show logging command lists the current syslog messages and identifies which logging command options are enabled.
To clear the ACE buffer of the logging information currently stored, use the clear logging command.
For information about the fields in the show logging command output, see the Security Guide, Cisco ACE Application Control Engine.
Examples
To display a complete list of disabled syslog messages, enter:
host1/Admin# show logging message disabledTo display the contents of the logging history buffer, enter:
host1/Admin# show logging historyTo display the contents of the internal facility messages buffer, enter:
host1/Admin# show logging internal facilityTo display statistics for the log messages sent to flash memory on the ACE, enter:
host1/Admin# show logging persistentTo display statistics for the internal syslog queue, enter:
host1/Admin# show logging queueTo display the current syslog rate-limit configuration, enter:
host1/Admin# show logging rate-limitTo display the current syslog statistics, enter:
host1/Admin# show logging statisticsRelated Commands
clear logging
(config) logging bufferedshow login timeout
To display the login session idle timeout value, use the show login timeout command.
show login timeout [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure the login timeout value, use the login timeout command in configuration mode.
For information about the fields in the show login timeout command output, see the Administration Guide, Cisco ACE Application Control Engine.
Examples
To display the login timeout value, enter:
host1/Admin#show login timeoutRelated Commands
show nat-fabric
To display the Network Address Translation (NAT) policy and pool information for the current context, use the show nat-fabric command.
show nat-fabric {policies | src-nat policy_id mapped_if | dst-nat static_xlate_id | nat-pools | implicit-pat| global-static} [|] [>]
Syntax Description
policies
Displays the NAT policies.
src-nat policy_id mapped_if
Displays the specified source NAT policy information. To obtain the values for the policy_id and mapped_if arguments, view the policy_id and mapped_if fields displayed by the show nat-fabric policies command.
dst-nat static_xlate_id
Displays the static address translation for the specified static XLATE ID. To obtain the value for the static_xlate_id argument, view the static_xlate_id field displayed by the show nat-fabric policies command.
nat-pools
Displays NAT pool information for a dynamic NAT policy.
implicit-pat
Displays the implicit PAT policies.
global-static
Displays global static NAT information when the static command in global configuration mode is configured.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
3.0(0)A1(2)
This command was introduced.
A2(1.0)
This command was revised with the global-static keyword.
A1(7)
This command was introduced.
A3(1.0)
This command was revised with the global-static keyword.
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
To obtain the values for the policy_id, mapped_if, and static_xlate_id arguments, view their respective fields displayed by the show nat-fabric policies command.
Examples
To display the implicit PAT policies, enter:
host1/Admin# show nat-fabric implicit-patRelated Commands
(ACE module only) (config) static
show netio
To display the control plane network I/O information, use the show netio command.
show netio {clients | event-history | stats} [|] [>]
Syntax Description
clients
Displays statistics for the applications that are transmitting and receiving packets through the Netio module.
event-history
Displays a historic log of the most recent debug network I/O messages.
stats
Displays detailed counters for various Netio event occurrences.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
To display control plane network I/O client information, enter:
host1/Admin# show netio event-history1) Event:E_DEBUG, length:73, at 921762 usecs after Sat Jan 1 00:04:55 2000[105] ed_request_encap: Sending ARP_RESOLUTION for 75.0.0.6, in context 02) Event:E_DEBUG, length:78, at 921752 usecs after Sat Jan 1 00:04:55 2000[105] ed_egress_route_lookup: Route lookup failure -96 for 75.0.0.6, context 0Related Commands
show nexus-device
To display the Nexus device connection statistics, use the show nexus-device command.
show nexus-device [name][detail]
Syntax Description
name
Configured identifier of the Nexus device. Enter the name of an existing Nexus device as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
detail
Displays an additional field for the IP address of the Nexus device.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin context only
Command History
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the Nexus device connection information, enter the following command:
host1/Admin# show nexus-device DC1Related Commands
show np
To display the hardware information stored on the four network processors (NPs), use the show np command.
show np np_number {access-list {node vlan vlan_number {in node_address | out node_address} | resource | root vlan vlan_number {in | out} | syslog {lineno-table [index_1 index_2 | all] | name-table [index_3 index_4 | all]} | trace vlan vlan_number in protocol prot_number | source source_ip source_port | destination dest_ip dest_port} | {adjacency [lower_index upper_index [all]} | {buffer stats {event-history | stats | usage}} | {cpu | internal [lower_index upper_index]] | reap]} | {interface {icmlookup [all] | iflookup}} | {interrupts} | {lb-stats {option}} | {mac-address-table} | {me-stats ucdump_option} | {memory} | {mtrie dest-ip dest_ip} | {nat {bitmap map_id | dst_nat policy_id | implicit-pat | policies | src-nat policy_id interface_id} | {reg} | {status} [|] [>]
Syntax Description
np_number
Network processor number, as follows:
•
–
–
–
–
•
–
–
access-list
Displays information related to the access control list (ACL).
node
Displays the contents of the hardware ACL node that is identified by the vlan_number.
vlan vlan_number
Specifies the number of the VLAN.
in
Specifies the inbound traffic flow.
out
Specifies the outbound traffic flow.
node_address
Address of the node.
resource
Displays information about the ACL resource usage.
root
Displays the hardware address of the root of the downloaded, aggregated ACL, identified by the vlan_number.
syslog
Displays the ACL syslog tables.
lineno-table
Displays the ACl syslog line-number table.
index_1 index_2
Range of indices to display. Enter an integer from 0 to 262143 for index_1 and index_2.
all
Specifies whether to display invalid entries.
name-table
Displays the ACL syslog namestring table.
index_3 index_4
Range of indices to display. Enter an integer from 0 to 16383 for index_3 and index_4.
trace
Traces a packet through a specific ACL.
protocol prot_number
Specifies a protocol number.
source
Specifies the source of the flow.
source_ip
Source IP address.
source_port
Source port number.
destination
Specifies the destination of a flow.
dest_ip
Destination IP address.
dest_port
Destination port number.
adjacency
Displays information related to the adjacent nodes.
lower_index
Lower index value. Enter a value from 1 to 32767.
upper_index
Upper index value. Enter a value from 1 to 32767.
all
Displays all entries, including invalid entries.
internal
Displays the internal information for adjacency structures.
buffer
Displays NP buffer usage available and status of ft switchover.
event-history
Displays control plane buffer event history.
stats
Displays control plane buffer statistics.
usage
Displays control plane buffer usage.
cpu
Displays information about the CPU processes. This command option is available only for a user with the Admin role in any context.
reap
(Optional, ACE appliance only) Retrieves the encap reap statistics.
interface
Displays information related to the interface tables.
icmlookup
Displays the ICM/OCM interface table from the CP (0) or the specified NP.
iflookup
Displays the fast path interface lookup table from the CP (0) or the specified NP.
Note
interrupts
(ACE module only) Displays the network processor interrupt error counters (for example, PIP, L2D, L2T, DRAM, and so on).
lb-stats
Displays load-balancing statistics similar to the LbInspectTool.
mac-address-table
Displays the MAC address table.
me-stats
Displays Micro Engine statistics for the network processors. This command option is available only for a user with the Admin role in any context.
ucdump_option
Options for the ucdump utility. The ucdump utility is a binary on Xscale which returns information about Micro Engine statistics. Specify --help as the ucdump_option argument to list all of the supported ucdump utility options. Enter up to 80 alphanumeric characters.
Note
memory
Displays information about the memory processes. This command option is available only for a user with the Admin role in any context.
mtrie dest-ip dest_ip
Displays Mtrie entry for the specified destination IP address.
nat
Displays information related to the network processor Network Address Translation (NAT) tables.
bitmap map_id
Specifies the NAT-pool bit-map table in the network processor.
dst_nat policy_id
Specifies the destination NAT policy.
implicit-pat
Specifies the implicit Port Address Translation (PAT) policy table.
policies
Specifies the full NAT policy table.
src-nat
Specifies the source NAT policy.
policy_id
Policy identifier number. Enter a value from 0 to 65535.
interface_id
Mapped interface identifier. Enter a value from 0 to 65535.
reg
(ACE module only) Displays information related to the network processor registers.
status
(ACE appliance only) Displays status information related to the specified network processor. You can only display the statistics for network processor 1.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Admin and user contexts
Command History
A1(7)
This command was introduced.
A4(1.1)
Added the buffer keyword and options.
Usage Guidelines
This command and its options require the access-list or interface feature in your user role, except for the cpu, me-stats, and memory options. These three options require that you have the Admin user role in any context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
(ACE appliance only) The show np 1 {me-stats | memory | status} is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed.
Examples
To display the access list information from the hardware using the network processor 1, enter:
host1/Admin# show np 1 access-listTo display Micro Engine statistics for a ucdump utility (-b, which instructs the ACE to dump fastpath buffer memory), enter:
host1/Admin# show np me-stats -bFastpath thread buffers=================================ME:1 thread:0 addr:0x0010 particle:0x00000000 len:78 rx_seq=70018 0x8500004e 0x00608034 0x0000001e 0x00101e07 ...N .`.4 .... ....001c 0x0000ffff 0xffffffff 0x00059a3b 0x9a390800 .... .... ...; .9..0020 0x4500002c 0xa4540000 0xff11fd64 0x0c010105 E.., .T.. ...d ....0024 0x0c010101 0xc350c352 0x00185db6 0x000100f0 .... .P.R ..]. ....0028 0x00000008 0x00000000 0x00000064 0x00000000 .... .... ...d ....Related Commands
show ntp
(ACE appliance only) To display information about the Network Time Protocol (NTP) statistics, use the show ntp command.
show ntp {peer-status | peers | statistics [io | local | memory | peer ip_address]} [|] [>]
Syntax Description
peer-status
Displays the status for all configured NTP servers and peers.
peers
Displays a listing of all peers.
statistics
Displays the NTP statistics.
io
(Optional) Displays information the input/output statistics.
local
(Optional) Displays the counters maintained by the local NTP.
memory
(Optional) Displays the statistical counters related to the memory code.
peer
(Optional) Displays the peer-peer statistical counters of the specified peer.
ip_address
Peer statistics for the specified IP address.
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
Command Modes
Exec
Command History
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To display the status for all configured NTP servers and peers, enter:
host1/Admin# show peer-statusTo display a listing of all peers, enter:
switch/Admin# show ntp peersRelated Commands
show optimization-global
To display information about the global optimization statistics, use the show optimization-global command.
show optimization-global [|] [>]
Syntax Description
|
(Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command.
>
(Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.
