Router Products Command Reference
System Management Commands
Download this chapter
System Management CommandsSystem Management Commands
give_us_feedback

Table Of Contents

System Management Commands

aaa accounting

aaa authentication arap

aaa authentication enable default

aaa authentication local-override

aaa authentication login

aaa authentication ppp

aaa authorization

aaa new-model

alias

arap authentication

buffers

buffers huge size

calendar set

cdp enable

cdp holdtime

cdp run

cdp timer

clear cdp counters

clear cdp table

clock calendar-valid

clock read-calendar

clock set

clock summer-time

clock timezone

clock update-calendar

custom-queue-list

downward-compatible-config

enable

enable last-resort

enable password

enable secret

enable use-tacacs

fair-queue

hostname

ip bootp server

load-interval

logging

logging buffered

logging console

logging facility

logging monitor

logging on

logging synchronous

logging trap

login authentication

ntp access-group

ntp authenticate

ntp authentication-key

ntp broadcast

ntp broadcast client

ntp broadcastdelay

ntp clock-period

ntp disable

ntp master

ntp peer

ntp server

ntp source

ntp trusted-key

ntp update-calendar

ping (privileged)

ping (user)

ppp authentication

ppp use-tacacs

priority-group

priority-list default

priority-list interface

priority-list protocol

priority-list queue-limit

privilege level (global)

privilege level (line)

prompt

queue-list default

queue-list interface

queue-list protocol

queue-list queue byte-count

queue-list queue limit

scheduler allocate

scheduler interval

service exec-wait

service finger

service hide-telnet-address

service nagle

service password-encryption

service tcp-keepalives

service tcp-small-servers

service telnet-zero-idle

service timestamps

service udp-small-servers

show aliases

show buffers

show calendar

show cdp

show cdp entry

show cdp interface

show cdp neighbors

show cdp traffic

show clock

show context

show environment

show environment all

show environment last

show environment table

show logging

show memory

show ntp associations

show ntp status

show privilege

show processes

show processes memory

show protocols

show queueing

show snmp

show stacks

show tech-support

snmp-server access-policy

snmp-server chassis-id

snmp-server community

snmp-server contact

snmp-server context

snmp-server enable

snmp-server host

snmp-server location

snmp-server packetsize

snmp-server party

snmp-server queue-length

snmp-server system-shutdown

snmp-server tftp-server-list

snmp-server trap-authentication

snmp-server trap-source

snmp-server trap-timeout

snmp-server view

snmp trap link-status

tacacs-server attempts

tacacs-server authenticate

tacacs-server extended

tacacs-server host

tacacs-server key

tacacs-server last-resort

tacacs-server notify

tacacs-server optional-passwords

tacacs-server retransmit

tacacs-server timeout

test flash

test interfaces

test memory

trace (privileged)

trace (user)

username


System Management Commands

This chapter describes the commands used to manage the router system and its performance on the network. In general, system or network management falls into the following categories. The commands that perform the tasks in these management categories are described in this chapter unless specified otherwise.

Configuration Management

The configuration of network devices determines the behavior of the network. To manage device configurations, you need to list and compare configuration files on running devices, store configuration files on network servers for shared access, and perform software installations and upgrades. (Configuration management commands required to perform these tasks are described in the chapter entitled "System Image, Microcode Image, and Configuration File Load Commands.")

Other configuration management tasks include naming the router, setting router time services, configuring for synchronous logging of unsolicited messages and debug output, configuring a router for weighted fair queueing, and configuring SNMP support. Configuration management commands required to perform these tasks are described this chapter.

Security Management

To manage security on the network, you need to restrict access to the system. You can do so on several different levels:

Assign and encrypt passwords to restrict access to terminal lines, login connections, or privileged EXEC mode.

Establish one of three versions of Terminal Access Controller Access Control System (TACACS) protection for network servers that have shared access: TACACS, extended TACACS, or TACACS+, which is coupled with the Authentication, Authorization, and Accounting (AAA) model.

Restrict login connections to specific users with a username authentication system.

Control access on serial interfaces with Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP).

Create access lists to filter traffic to and from specific destinations. Subsequent chapters that describe the routing protocols in detail define access lists. This section provides general guidelines for creating access lists.

Create security labels for Internet Protocol (IP) datagrams using the Internet Protocol Security Option (IPSO), as described in the chapter entitled "IP Commands."

Enable accounting for Internet Protocol (IP) access list violations and display the accounting data. For information on the IP accounting access-violations feature and commands, see the "Configuring IP" chapter of the Router Products Configuration Guide and the "IP Commands" chapter later in this publication.

Security management commands required to perform these tasks are described this chapter.

Fault Management

To manage network faults, you need to discover, isolate, and fix the problems. You can discover problems with the system's monitoring commands, isolate problems with the system's test commands, and resolve problems with other commands, including debug.

This chapter describes general fault management commands. For detailed troubleshooting procedures and a variety of scenarios, see the Troubleshooting Internetworking Systems guide. For complete details on all debug commands, see the Debug Command Reference publication.

System Performance Management

To manage system performance, you need to monitor and determine response time, error rates, and availability. Once these factors are determined, you can perform load-balancing and modify system parameters to enhance performance. For example, priority queuing allows you to prioritize traffic order. You can configure fast and autonomous switching to improve network throughput, as described in the "Configuring Interfaces" chapter of the Router Products Configuration Guide.

See the Internetwork Design Guide for additional information.

Accounting Management

Accounting management allows you to track both individual and group usage of network resources. You can then reallocate resources as needed. For example, you can change the system timers and configure TCP keepalives. See also the IP accounting feature in the "Configuring IP" chapter of the Router Products Configuration Guide. Additionally, the AAA/TACACS+ aaa accounting command allows you to set start-stop accounting for any or all of the listed functions for this command.

For system management configuration tasks and examples, refer to the chapter entitled "Managing the System" in the Router Products Configuration Guide.

Note   One or more of the commands that previously appeared this chapter have been replaced by new commands. See the Router Products Command Reference publication for command information. The old commands continue to perform their normal function in the current release, but support for them will cease in future releases.

aaa accounting

To enable AAA accounting of requested services for billing or security purposes when using TACACS+, use the aaa accounting global configuration command. Use the no form of this command to disable accounting.

aaa accounting {system | network | connection | exec | command level} {start-stop |
wait-start | stop-only} tacacs+
no aaa accounting {system | network | connection | exec | command level}

Syntax Description

system

Performs accounting for all system-level events not associated with users, such as reloads.

network

Runs accounting for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARAP.

connection

Runs accounting for outbound Telnet and rlogin.

exec

Runs accounting for EXECs (user shells). This keyword might return user profile information such as autocommand information.

command

Runs accounting for all commands at the specified privilege level.

level

The command level that should be accounted for. Valid entries are 0-15.

start-stop

Sends a start record accounting notice at the beginning of a process and a stop record at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether or not the start accounting record was received by the accounting server.

wait-start

As in start-stop, sends both a start and a stop accounting record to the accounting server. However, if you use the wait-start keyword, the requested user service does not begin until the start accounting record is acknowledged. A stop accounting record is also sent.

stop-only

Sends a stop record accounting notice at the end of the requested user process.

tacacs+

Mandatory. Enables the TACACS-style accounting.


Default

AAA accounting is not enabled.

Command Mode

Global configuration

Usage Guideline

The aaa accounting command allows you to set start-stop accounting for any or all of the functions listed in "Syntax Description." For minimal accounting control, issue the stop-only keyword, which sends a stop record accounting notice at the end of the requested user process. For additional accounting control, you can issue the start-stop command, where TACACS+ sends a start accounting notice at the beginning of the requested process and a stop accounting notice at the end of the process. You can further control access and accounting by issuing the wait-start command, which ensures that the start notice is received by the TACACS+ server before granting the user's process request. Accounting is done only to the TACACS+ server.

Note   This command, along with aaa authorization, replaces the tacacs-server authenticate command in previous versions of TACACS, and can be used only with AAA/TACACS+. This command can be used only with AAA TACACS+.

Examples

In the following example, accounting is set for outbound Telnet and rlogin, and both a start and stop accounting notice is sent to the TACACS+ server: 

aaa accounting connection start-stop tacacs+

In the following example, accounting is set for privilege level 15 commands, with a wait-start restriction: 

aaa accounting command 15 wait-start tacacs+

Related Commands

aaa authorization
aaa new-model

aaa authentication arap

To enable an AAA authentication method for AppleTalk Remote Access (ARA) users using TACACS+, use the aaa authentication arap global configuration command. Use the no form of this command to disable this authentication.

aaa authentication arap {default | list-name} method1 [...[method4]]
no aaa authentication arap {default | list-name} method1 [...[method4]]

Syntax Description

default

Uses the listed methods that follow this argument as the default list of methods when a user logs in.

list-name

Character string used to name the following list of authentication methods tried when a user logs in.

method

One of the keywords described in .


Default

If the default list is not set, only the local user database is checked. This version has the same effect as the following command: 

aaa authentication arap default local

Command Mode

Global configuration

Usage Guideline

The list names and default that you set with the aaa authentication arap command are used with the arap authentication command. These lists can contain up to four authentication methods that are used when a user tries to log in with ARA.

Create a list by entering the aaa authentication arap list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method argument identifies the list of methods the authentication algorithm tries in the given sequence. You can enter up to four methods, which are described in .

To create a default list that is used if no list is specified in the arap authentication command, use the default keyword followed by the methods you wish to be used in default situations.

The additional methods of authentication are used only if the previous method returns an error, not if it fails.

Use the show running-config command to view lists of authentication methods.

Table 5-1 AAA Authentication ARAP Method Descriptions

Keyword
Description

if-needed

Does not authenticate if the user has already been authenticated on a TTY line.

line

Uses the line password for authentication.

local

Uses the local username database for authentication.

tacacs+

Uses TACACS+ authentication.


Note   This command cannot be used with TACACS or extended TACACS.

Examples

The following example creates a list called MIS-access, which first tries TACACS+ authentication and then none: 

aaa authentication arap MIS-access tacacs+ none

The following example creates the same list, but sets it as the default list that is used for all ARA protocol authentications if no other list is specified: 

aaa authentication arap default tacacs+ none

Related Commands

aaa authentication local-override
aaa new-model
arap authentication

aaa authentication enable default

To enable AAA authentication to determine if a user can access the privileged command level with TACACS+, use the aaa authentication enable default global configuration command. Use the no form of this command to disable this authorization method.

aaa authentication enable default method1 [...[method4]]
no aaa authentication enable default method1 [...[method4]]

Syntax Description

method

At least one and up to four of the keywords described in .


Default

If the default list is not set, only the enable password is checked. This version has the same effect as the following command: 

aaa authentication enable default enable

On the console, the enable password is used if it exists. If no password is set, the process will succeed anyway.

Command Mode

Global configuration

Usage Guideline

Use the aaa authentication enable default command to create a series of authentication methods that are used to determine if a user can access the privileged command level. You can specify up to four authentication methods. Method keywords are described in . The additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.

If a default authentication routine is not set for a function, the default is none and no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.

Table 5-2 AAA Authentication Enable Default Method Descriptions

Keyword
Description

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

none

Uses no authentication.

tacacs+

Uses TACACS+ authentication.


Note   This command cannot be used with TACACS or extended TACACS.

Example

The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, then AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication. 

aaa authentication enable default tacacs+ enable none

Related Commands

aaa authentication local-override
aaa authorization
aaa new-model
enable password

aaa authentication local-override

To have the router check the local user database for authentication before attempting another form of authentication, use the aaa authentication local-override global configuration command. Use the no form of this command to disable the override.

aaa authentication local-override
no aaa authentication local-override

Syntax Description

This command has no arguments or keywords.

Default

Override is disabled.

Command Mode

Global configuration

Usage Guideline

This command is useful when you want to configure an override to the normal authentication process for certain personnel such as system administrators.

When this override is set, the user is always prompted for the username. The system then checks to see if the entered username corresponds to a local account. If the username does not correspond to one in the local database, login proceeds with the methods configured with other aaa commands (such as aaa authentication login). Note when using this command that Username: is fixed as the first prompt.

Example

The following example enables AAA authentication override: 

aaa authentication local-override

Related Commands

aaa authentication arap
aaa authentication enable default
aaa authentication login
aaa authentication ppp
aaa new-model

aaa authentication login

To set AAA authentication at login when using TACACS+, use the aaa authentication login global configuration command. Use the no form of this command to disable AAA authentication.

aaa authentication login {default | list-name} method1 [...[method4]]
no aaa authentication login {default | list-name} method1 [...[method4]]

Syntax Description

default

Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.

list-name

Character string used to name the following list of authentication methods tried when a user logs in.

method

At least one and up to four of the keywords described in .


Default

If the default list is not set, only the local user database is checked. This version has the same effect as the following command: 

aaa authentication login default local

Note   On the console, login will succeed without any authentication checks if default is not set.

Command Mode

Global configuration

Usage Guideline

The default and optional list names that you create with the aaa authentication login command are used with the login authentication command.

Create a list by entering the aaa authentication list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method argument identifies the list of methods the authentication algorithm tries, in the given sequence. Method keywords are described in .

To create a default list that is used if no list is assigned to a line with the login authentication command, use the default argument followed by the methods you want in default situations.

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication will succeed even if all methods return an error, specify none as the final method in the command line.

If authentication is not specifically set for a line, the default is to deny access—no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.

Table 5-3 AAA Authentication Login Method Descriptions

Keyword
Description

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

local

Uses the local username database for authentication.

none

Uses no authentication.

tacacs+

Uses TACACS+ authentication.


Note   This command cannot be used with TACACS or extended TACACS.

Examples

The following example creates an AAA authentication list called MIS-access. This authentication first tries to contact a TACACS+ server. If no server is found, TACACS+ returns an error and AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication. 

aaa authentication login MIS-access tacacs+ enable none

The following example creates the same list, but sets it as the default list that is used for all login authentications if no other list is specified: 

aaa authentication login default tacacs+ enable none

Related Commands

aaa authentication local-override
aaa new-model
login authentication

aaa authentication ppp

To specify one or more AAA authentication methods for use on serial interfaces running Point-to-Point (PPP) when using TACACS+, use the aaa authentication ppp global configuration command. Use the no form of this command to disable authentication.

aaa authentication ppp {default | list-name} method1 [...[method4]]
no aaa authentication ppp {default | list-name} method1 [...[method4]]

Syntax Description

default

Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.

list-name

Character string used to name the following list of authentication methods tried when a user logs in.

method

At least one and up to four of the keywords described in .


Default

If the default list is not set, only the local user database is checked. This version has the same effect as the following command: 

aaa authentication ppp default local

Command Mode

Global configuration

Usage Guideline

The lists that you create with the aaa authentication ppp command are used with the ppp authentication command. These lists contain up to four authentication methods that are used when a user tries to log in to the serial interface.

Create a list by entering the aaa authentication ppp list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method argument identifies the list of methods the authentication algorithm tries in the given sequence. You can enter up to four methods. Method keywords are described in .

The additional methods of authentication are only used if the previous method returns an error, not if it fails. Specify none as the final method in the command line to have authentication succeed even if all methods return an error.

If authentication is not specifically set for a function, the default is none and no authentication is performed. Use the show running-config command to view lists of authentication methods.

Table 5-4 AAA Authentication PPP Method Descriptions

Keyword
Description

if-needed

Does not authenticate if user has already been authenticated on a TTY line.

local

Uses the local username database for authentication.

none

Uses no authentication.

tacacs+

Uses TACACS+ authentication.


Note   This command cannot be used with TACACS or extended TACACS.

Example

The following example creates an AAA authentication list called MIS-access for serial lines that use PPP. This authentication first tries to contact a TACACS+ server. If this action returns an error, the user is allowed access with no authentication. 

aaa authentication MIS-access ppp tacacs+ none

Related Commands

aaa authentication local-override
aaa new-model
ppp authentication

aaa authorization

To set parameters that restrict a user's network access based on TACACS+ authorization, use the aaa authorization global configuration command. To disable authorization for a function, use the no form of this command.

aaa authorization {network | connection | exec | command level} methods
no aaa authorization {network | connection | exec | command level}

Syntax Description

network

Performs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA protocol.

connection

Runs authorization for outbound Telnet and rlogin.

exec

Runs authorization to determine if the user is allowed to run an EXEC shell. This keyword might return user profile information such as autocommand information.

command

Runs authorization for all commands at the specified privilege level.

level

Specific command level that should be authorized. Valid entries are 0 through 15.

methods

lists the methods keywords.


Default

Authorization is disabled for all actions (equivalent to the keyword none).

Command Mode

Global configuration

Usage Guideline

Use the aaa authorization command to create a list of one and up to four authorization methods that can be used when a user accesses the specified function.

Note   This command, along with aaa accounting, replaces the tacacs-server suite of commands in previous versions of TACACS.

The additional methods of authorization are only used if the previous method returns an error, not if it fails. Specify none as the final method in the command line to have authorization succeed even if all methods return an error.

Table 5-5 AAA Authorization Method Descriptions

Keyword
Description

tacacs+

Requests authorization information from the TACACS+ server.

if-authenticated

Allows the user to access the requested function if the user is authenticated.

none

No authorization is performed.

local

Uses the local database for authorization.


If authorization is not specifically set for a function, the default is none and no authorization is performed.

The authorization command causes a request packet containing a series of attribute value pairs to be sent to the TACACS daemon as part of the authorization process. The daemon can:

accept the request as is

make changes to the request

refuse the request, and hence, refuse authorization

describes attribute value pairs associated with the aaa authorization command. Registered users can find more information about TACACS+ and attribute pairs on Cisco Information Online.

Table 5-6 Attribute Value Pairs for Authorization

Attribute Value
Description

service=arap

Authorization for AppleTalk Remote Access is being requested.

service=shell

Authorization for EXEC startup and command authorization is being requested.

service=ppp

Authorization for PPP is being requested.

service=slip

Authorization for SLIP is being requested.

protocol=lcp

Authorization for LCP is being requested (lower layer of PPP).

protocol=ip

Used with service=slip and service=slip to indicate which protocol layer is being authorized.

protocol=ipx

Used with service=ppp to indicate which protocol layer is being authorized.

protocol=atalk

Used with service=ppp or service=arap to indicate which protocol layer is being authorized.

protocol=vines

Used with service=ppp for VINES over PPP.

protocol=unknown

Used for undefined or unsupported conditions.

cmd=x

Used with service=shell, if cmd=NULL, this is an authorization request to start an EXEC. If cmd is not NULL, this is a command authorization request and will contain the name of the command being authorized. For example, cmd=telnet.

cmd-arg=x

Used with service=shell. When performing command authorization, the name of the command is given by a cmd=x pair for each argument listed. For example, cmd-arg=archie.sura.net.

acl=x

Used with service=shell and service=arap. For ARA, this pair contains an access list number. For service=shell, this pair contains an access class number. For example, acl=2.

inacl=x

Used with service=ppp and protocol=ip. Contains an IP input access list for SLIP or PPP/IP. For example, inacl=2.

outacl=x

Used with service=ppp and protocol=ip. Contains an IP output access list for SLIP or PPP/IP. For example, outacl=4.

addr=x

Used with service=slip, service=ppp, and protocol=ip. Contains the IP address that the remote host should use when connecting via SLIP or PPP/IP. For example, addr=172.30.23.11.

routing=x

Used with service=slip, service=ppp, and protocol=ip. Equivalent in function to the /routing flag in SLIP and PPP commands. Can either be true or false. For example, routing=true.

timeout=x

Used with service=arap. The number of minutes before an ARA session disconnects. For example, timeout=60.

autocmd=x

Used with service=shell and cmd=NULL. Specifies an autocommand to be executed at EXEC startup. For example, autocmd=telnet foo.com.

noescape=x

Used with service=shell and cmd=NULL. Specifies a noescape option to the username configuration command. Can be either true or false. For example, noescape=true.

nohangup=x

Used with service=shell and cmd=NULL. Specifies a nohangup option to the username configuration command. Can be either true or false. For example. nohangup=false.

priv-lvl=x

Used with service=shell and cmd=NULL. Specifies the current privilege level for command authorization as a number from 0 to 15. For example, priv-lvl=15.

zonelist=x

Used with service=arap. Specifies an AppleTalk zonelist for ARA. For example, zonelist=5.

addr-pool=x

Used with service=ppp and protocol=ip. Specifies the name of a local pool from which to get the address of the remote host.


Examples

The following example specifies that TACACS+-style of authorization is used for all network-related requests. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed and the request is successful. 

aaa authorization network tacacs+ none

The following example specifies that TACACS+-style of authorization is run for level 15 commands. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed and the request succeeds. 

aaa authorization command 15 tacacs+ none

Related Commands

aaa accounting
aaa new-model

aaa new-model

To enable the AAA access control model that includes TACACS+, issue the aaa new-model global configuration command. Use the no form of this command to disable this functionality.

aaa new-model
no aaa new-model

Syntax Description

This command has no arguments or keywords.

Default

AAA/TACACS+ is not enabled.

Command Mode

Global configuration

Usage Guideline

This command enables the AAA access control system and TACACS+. If you initialize this functionality and later decide to use TACACS or extended TACACS, issue the no version of this command and then enable the version of TACACS you want to use.

Example

The following example initializes AAA and TACACS+: 

aaa new-model

Related Commands

aaa accounting
aaa authentication arap
aaa authentication enable default
aaa authentication local-override
aaa authentication login
aaa authentication ppp
aaa authorization

alias

To create a command alias, use the alias global configuration command. Use the no alias command to delete all aliases in a command mode or to delete a specific alias, and to revert to the original command syntax.

alias mode alias-name alias-command-line
no alias mode [alias-name]

Syntax Description

mode

Command mode of the original and alias commands. See for a list of options for this argument.

alias-name

Command alias.

alias-command-line

Original command syntax.


Defaults

Default aliases are in EXEC mode as follows:

Command Alias
Original Command

h

help

lo

logout

p

ping

r

resume

s

show

w

where


Command Mode

Global configuration

Usage Guidelines

You can use simple words or abbreviations as aliases. The aliases in the Default section are predefined. They can be turned off using the no alias command.

shows the acceptable options for the mode argument in the alias global configuration command.

Table 5-7

Argument Options
Mode

configuration

Global configuration

controller

Controller configuration

exec

EXEC

hub

Hub configuration

interface

Interface configuration

ipx-router

IPX router configuration

line

Line configuration

map-class

Map class configuration

map-list

Map list configuration

route-map

Route map configuration

router

Router configuration


Mode Argument Options

See the summary of command modes in the user interface chapter in the Router Products Configuration Guide for more information about command modes.

When you use online help, command aliases are indicated by an asterisk (*), as follows: 

Router#lo?

*lo=logout  lock  login  logout

When you use online help, aliases that contain spaces (for example, telnet device.cisco.com 25) are displayed as follows: 

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#alias exec device-mail telnet device.cisco.com 25

Router(config)# end

Router# device-mail?

*device-mail="telnet device.cisco.com 25"

When you use online help, the alias is expanded and replaced with the original command, as shown in the following example with the td alias: 

Router(config)#alias exec td trace device

Router(config)#^Z

Router#t?

*td="trace device"  telnet  terminal  test  tn3270

trace

To list only commands and omit aliases, begin your input line with a space. In the following example, the alias td is not shown, because there is a space before the t? command line. 

Router# t?

telnet  terminal  test  tn3270  trace

As with commands, you can use online help to display the arguments and keywords that can follow a command alias. In the following example, the alias td is created to represent the command telet device. The /debug and /line switches can be added to telnet device to modify the command: 

Router(config)# alias exec td telnet device

Router(config)# ^Z

Router#td ?

      /debug     Enable telnet debugging mode

      /line      Enable telnet line mode

      ...

      whois      Whois port

      <cr>


Router# telnet device

You must enter the complete syntax for the alias command. Partial syntax for aliases are not accepted. In the following example, the parser does not recognize the command t as indicating the alias td. 

bones# t

% Ambiguous command:  "t"

Example

In the following example, the alias fixmyrt is created for the EXEC-mode command clear ip route 198.92.116.16. 

alias exec fixmyrt clear ip route 198.92.116.16

Related Command

show aliases

arap authentication

To enable TACACS+ authentication for ARA on a line, use the arap authentication line configuration command. Use the no form of the command to disable authentication for an ARA line.

arap authentication {default | list-name}
no arap authentication {default | list-name}

Caution   
If you use a list-name value that was not configured with the aaa authentication arap command, ARA protocol will be disabled on this line.

Syntax Description

default

Default list created with the aaa authentication arap command.

list-name

Indicated list created with the aaa authentication arap command.


Default

ARA protocol authentication uses the default set with aaa authentication arap command. If no default has been set, the local user database is checked.

Command Mode

Line configuration

Usage Guideline

This command is a per-line command that specifies the name of a list of AAA authentication methods to try at login. If no list is specified, the default list is used (whether or not it is specified in the command line). You create defaults and lists with the aaa authentication arap command. Entering the no version of arap authentication has the same effect as entering the command with the default argument.

Before issuing this command, create a list of authentication processes by using the aaa authentication arap global configuration command.

Example

The following example specifies that the TACACS+ authentication list called MIS-access is used on ARA line 7: 

line 7

arap authentication MIS-access

Related Command

aaa authentication arap

buffers

Use the buffers global configuration command to make adjustments to initial buffer pool settings and to the limits at which temporary buffers are created and destroyed. Use the no form of this command to return the buffers to their default size.

buffers {small | middle | big | verybig | large | huge | type number} {permanent | max-free
| min-free | initial} number
no buffers {small | middle | big | verybig | large | huge | type number} {permanent | max-free
 | min-free | initial} number

Syntax Description

small

Buffer size of this public buffer pool is 104 bytes.

middle

Buffer size of this public buffer pool is 600 bytes.

big

Buffer size of this public buffer pool is 1524 bytes.

verybig

Buffer size of this public buffer pool is 4520 bytes.

large

Buffer size of this public buffer pool is 5024 bytes.

huge

Default buffer size of this public buffer pool is 18024 bytes. This value can be configured with the buffers huge size command.

type

Interface type of the interface buffer pool. Value cannot be fddi.

number

Interface number of the interface buffer pool.

permanent

Number of permanent buffers that the system tries to create and keep. Permanent buffers are normally not trimmed by the system.

max-free

Maximum number of free or unallocated buffers in a buffer pool.

min-free

Minimum number of free or unallocated buffers in a buffer pool.

initial

Number of additional temporary buffers that are to be allocated when the system is reloaded. This keyword can be used to ensure that the system has necessary buffers immediately after reloading in a high-traffic environment.

number

Number of buffers to be allocated.


Default

The default number of buffers in a pool is determined by the hardware configuration and can be displayed with the EXEC show buffers command.

Command Mode

Global configuration

Usage Guidelines

Normally you need not adjust these parameters; do so only after consulting with technical support personnel. Improper settings can adversely impact system performance.

You cannot configure FDDI buffers.

Examples of Public Buffer Pool Tuning

In the following example, the system will try to keep at least 50 small buffers free: 

buffers small min-free 50

In the following example, the permanent buffer pool allocation for big buffers is increased to 200: 

buffers big permanent 200

Example of Interface Buffer Pool Tuning

A general guideline is to display buffers with the show buffers command, observe which buffer pool is depleted, and increase that one.

In the following example, the permanent Ethernet 0 interface buffer pool on a Cisco 4000 is increased to 96 because the Ethernet 0 buffer pool is depleted: 

buffers ethernet 0 permanent 96

Related Commands

buffers huge size
show buffers

buffers huge size

Use the buffers huge size global configuration command to dynamically resize all huge buffers to the value you specify. Use the no form of this command to restore the default buffer values.

buffers huge size number
no buffers huge size number

Syntax Description

number

Size of huge buffers, in bytes.


Default

18024 bytes

Command Mode

Global configuration

Usage Guidelines

Use only after consulting with technical support personnel. The buffer size cannot be lowered below the default.

Example

In the following example, the system will resize huge buffers to 20000 bytes: 

buffers huge size 20000

Related Commands

buffers
show buffers

calendar set

To set the system calendar for a Cisco 7000 system or a Cisco 4500 system, use the calendar set EXEC command.

calendar set hh:mm:ss day month year
calendar set hh:mm:ss month day year

Syntax Description

hh:mm:ss

Current time in hours (military format), minutes, and seconds.

day

Current day (by date) in the month.

month

Current month (by name).

year

Current year (no abbreviation).


Command Mode

EXEC

Usage Guidelines

Once you set the Cisco 7000 calendar or the Cisco 4500 calendar, the system clock will be automatically set when the system is restarted or when the clock read-calendar EXEC command is issued. The calendar maintains its accuracy, even after a power failure or system reboot has occurred. The time specified in this command is relative to the configured time zone.

Example

In the following example, the system calendar is manually set to 1:32 p.m. on July 23, 1993: 

calendar set 13:32:00 23 July 1993

Related Commands

clock read-calendar
clock set
clock summer-time
clock timezone
clock update-calendar

cdp enable

To enable Cisco Discovery Protocol (CDP) on an interface, use the cdp enable interface configuration command. Use the no form of this command to disable CDP on an interface.

cdp enable
no cdp enable

Syntax Description

This command has no arguments or keywords.

Default

Enabled at the global level and on all supported interfaces.

Command Mode

Interface configuration

Usage Guidelines

CDP is enabled by default at the global level and on each interface in order to send or receive CDP information.

Note   The cdp enable, cdp timer, and cdp run commands affect the operation of the IP on demand routing feature (that is, the router odr global configuration command). For more information on the router odr command, see the "IP Routing Protocols Commands" chapter in the Network Protocols Command Reference, Part 1.

Example

In the following example, CDP is enabled on Ethernet interface 0: 

interface ethernet 0

cdp enable

Related Command

cdp run

cdp holdtime

To specify the amount of time the receiving device should hold a CDP packet from your router before discarding it, use the cdp holdtime global configuration command. Use the no form of this command to revert to the default setting.

cdp holdtime seconds
no cdp holdtime

Syntax Description

seconds

Specifies the hold time to be sent in the CDP update packets.


Default

180 seconds

Command Mode

Global configuration

Usage Guidelines

CDP packets are sent with time-to-live, or hold time, that is nonzero after an interface is enabled and a hold time of 0 immediately before an interface is idled down.

The CDP hold time must be set to a higher number of seconds than the time between CDP transmissions, which is set using the cdp timer command.

Example

In the following example, the CDP packets being sent from your device should be held by the receiving device for 60 seconds before being discarded. You might want to set the hold time lower than the default setting of 180 seconds if information about your device changes often and you want the receiving devices to purge this information more quickly. 

cdp holdtime 60

Related Commands

cdp timer
show cdp

cdp run

To enable CDP on your router, use the cdp run global configuration command. Use the no form of this command to disable CDP.

cdp run
no cdp run

Syntax Description

This command has no arguments or keywords.

Default

Enabled

Command Mode

Global configuration

Usage Guidelines

CDP is enabled on your router by default, which means the Cisco IOS software will receive CDP information. CDP also is enabled on supported interfaces by default. To disable CDP on an interface, use the cdp enable interface configuration command.

Note   The cdp enable, cdp timer, and cdp run commands affect the operation of the IP on demand routing feature (that is, the router odr global configuration command). For more information on the router odr command, see the "IP Routing Protocols Commands" chapter in the Network Protocols Command Reference, Part 1.

Example

In the following example, CDP is disabled for the router: 

no cdp run

Related C