-
Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T
-
Introduction
-
CFR Commands: absolute through clock timezone
-
CFR Commands: clock update-calendar through escape-character
-
CFR Commands: event application through ip ftp passive
-
CFR Commands: major rising through periodic
-
CFR Commands: ping through service sequence-numbers
-
CFR Commands: service slave-log through show
tee -
CFR Commands: show context through show ip sla monitor total-statistics
-
CFR Commands [12.3T]: 'show kron schedule' through 'show rtr collection-statistics'
-
CFR Commands: show rtr configuration through snmp-server enable informs
-
CFR Commands: snmp-server enable traps through statistics-distribution-interval
-
CFR Commands: stopbits through ttl ip
-
CFR Commands: type dhcp through xsm vdm
-
Appendix: ASCII Character Set and Hex Values (12.3T CF CR)
-
Table Of Contents
cns notifications encapsulation
default-value exec-character-bits
default-value special-character-bits
distributions-of-statistics-kept
clock update-calendar
To perform a one-time update of the hardware clock (calendar) from the software clock, use the clock update-calendar command in user EXEC or privileged EXEC mode.
clock update-calendar
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXEC
Command History
Usage Guidelines
Some platforms have a hardware clock (calendar) in addition to a software clock. The hardware clock is battery operated, and runs continuously, even if the router is powered off or rebooted.
If the software clock and hardware clock are not synchronized, and the software clock is more accurate, use this command to update the hardware clock to the correct date and time.
Examples
The following example copies the current date and time from the software clock to the hardware clock:
Router> clock update-calendarRelated Commands
cns config cancel
To remove a partial Cisco Networking Services (CNS) configuration from the list of outstanding partial configurations, use the cns config cancel command in EXEC mode.
cns config cancel queue-id
Syntax Description
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Incremental (partial) configurations take place in two steps:
1.
The configuration agent receives the partial configuration. It checks the configuration commands for syntax, publishes the success or failure of the read and syntax-check operation to the sync-status subject "cisco.cns.config.sync-status," and stores the configuration.
2.
Use the cns config cancel command in error scenarios where the second event message is not received and you need to remove the configuration from the list of outstanding configurations. Currently the maximum number of outstanding configurations is one.
Examples
The following example shows the process of checking the existing outstanding CNS configurations and cancelling the configuration with the queue-id of 1:
Router# show cns config outstandingThe outstanding configuration information:queue id identifier config-id1 identifierREAD config_idREADRouter# cns config cancel 1Router# show cns config outstandingThe outstanding configuration information:queue id identifier config-idRelated Commands
cns config connect-intf
Note
To specify the interface for connecting to the Cisco Networking Services (CNS) configuration engine, use the cns config connect-intf command in global configuration mode. To disable this interface for the connection, use the no form of this command.
cns config connect-intf type number [ping-interval seconds] [retries number]
no cns config connect-intf type number
Syntax Description
Defaults
The ping interval defaults to 10 seconds.
The number of retries defaults to 5.Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to connect to the CNS configuration engine using a specific type of interface. You must specify the interface type but need not specify the interface number; the router's bootstrap configuration finds the connecting interface, regardless of the slot in which the card resides or the modem dialout line for the connection, by trying different candidate interfaces or lines until it successfully pings the registrar.
Use this command to enter CSN Connect-interface configuration mode (config-cns-conn-if). Then use one of the following bootstrap-configuration commands to connect to the registrar for initial configuration:
•
•
The config-cli command accepts the special directive character "&," which acts as a placeholder for the interface name. When the configuration is applied, the & is replaced with the interface name. Thus, for example, if we are able to connect using FastEthernet0/0, the config-cli ip route 0.0.0.0 0.0.0.0 & command generates the ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 command. Similarly, the config-virtual terminal line (vty) cns id & ipaddress command generates the cns id FastEthernet0/0 ipaddress command.
Examples
In the following example, the user connects to a configuration engine using the asynchronous interface and issues a number of commands:
Router(config)# cns config connect-intf AsyncRouter(config-cns-conn-if)# config-cli encapsulation pppRouter(config-cns-conn-if)# config-cli ip unnumbered FastEthernet0/0Router(config-cns-conn-if)# config-cli dialer rotary-group 0Router(config-cns-conn-if)# line-cli modem InOut...Router(config-cns-conn-if)# exitThese commands result in the following configuration being applied:
line 65modem InOut...interface Async65encapsulation pppdialer in-banddialer rotary-group 0Related Commands
cns config initial
To enable the CNS configuration agent and initiate a download of the initial configuration, use the cns config initial command in global configuration mode. To remove an existing cns config initial command from the running configuration of the routing device, use the no form of this command.
cns config initial {host-name | ip-address} [encrypt] [port-number] [page page] [syntax-check] [no-persist] [source ip-address] [status url] [event] [inventory]
no cns config initial
Syntax Description
Defaults
The port number defaults to 80 with no encryption and 443 with encryption.
Default web page of the initial configuration is /cns/config.asp.Command Modes
Global configuration
Command History
Usage Guidelines
Use this command when a basic configuration—called a bootstrap configuration—is added to multiple routers before being deployed. When a router is initially powered (or each time a router is reloaded when the no-persist keyword is used) the cns config initial command will cause a configuration file—called an initial configuration—for the router to be downloaded from the configuration server. The initial configuration can be unique for each router.
When the configuration has been received by the router, each line of the configuration will be applied in the same order as it was received. If the Cisco IOS parser has an error with one of the lines of the configuration, then all the configuration up to this point will be applied to the router, but none of the configuration beyond the error will be applied. If an error occurs, the command will retry until it successfully completes. Once the configuration has successfully completed the cns config initial command will be removed from the running configuration. By default, NVRAM will be updated except when the no-persist keyword is configured.
When this command is used with the event keyword, a single message will be published on the event bus after the configuration is complete. When this command is used with the status keyword, a single message will be published to the URL specified after the configuration is complete. The event bus or URL will display one of the following status messages:
•
•
Examples
The following example shows how to enable the CNS configuration agent and initiate an initial configuration:
Router# cns config initial 10.19.4.5 page /cns/config/first.aspRelated Commands
ccns config notify
To notify CNS agents of configuration changes on Cisco IOS devices, use the cns config notify command in global configuration mode. To disable notifications, use the no form of this command.
cns config notify {all | diff} [interval minutes] [no_cns_events] [old-format]
no cns config notify {all | diff} [interval minutes] [no-cns-events] [old-format]
Syntax Description
Defaults
The interval defaults to 5 minutes.
Command Modes
Global configuration
Command History
12.2(8)T
This command was introduced.
12.2(11)T
The diff keyword was removed.
12.3(1)
The diff and old-format keywords were added.
Usage Guidelines
When the cns config notify command is enabled, commands entered in configuration mode are detected. If the all keyword is specified, the command is stored for future notification. If the diff keyword is specified, the command is stored for future notification if the software determines that the command will cause a configuration change. The diff keyword also allows the software to store information about the command including previous configuration states, source of the change (for example, a telnet user), and the time of configuration.
The stored information is formatted in XML and sent as part of a CNS config agent change notification event. A CNS config agent change notification event is sent to the CNS Event Bus when configuration mode is exited or no activity from that source has occurred for the configured interval time.
You must enable the CNS event agent using the cns event command before configuring this command. If the CNS event agent is not configured, the notification event will be queued and sent when the CNS event agent is enabled. If the CNS config notify queue is full, subsequent events are dropped and a "lost" CNS config change notification is sent when the CNS event agent is enabled.
Use the no_cns_events for applications that already record configuration changes sent to the routing device through the CNS Event Bus.
Use the old-format keyword to generate XML output—only the entered command and previous configuration state—that is compatible with the versions of this commands when the diff keyword was removed.
Examples
The following example detects configuration changes for all configuration commands:
Router(config)# cns config notify allRelated Commands
cns config partial
To start the CNS configuration agent and accept a partial configuration, use the cns config partial command in global configuration mode. To shut down the CNS partial configuration agent, use the no form of this command.
cns config partial {ip-address | host-name} [encrypt] [port-number] [source ip-address] [inventory]
no cns config partial
Syntax Description
Defaults
The port number defaults to 80 with no encryption and 443 with encryption.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to start the CNS partial configuration agent. You must enable the CNS event agent using the cns event command before configuring this command. The CNS event agent sends an event with the subject "cisco.mgmt.cns.config.load" to specify whether configuration data can be pushed to the CNS partial configuration agent or pulled from a configuration server by the CNS partial configuration agent.
In the push model, the event message delivers the configuration data to the partial configuration agent.
In the pull model, the event message triggers the partial configuration agent to pull the configuration data from the CNS configuration engine. The event message contains information about the CNS configuration engine, not the actual configuration data. The host name or IP address is the address of the CNS configuration engine from which the configuration is pulled. Use the cns trusted-server command to specify which CNS configuration engines can be used by the CNS partial configuration agent.
When the configuration has been received by the router, each line of the configuration will be applied in the same order as it was received. If the IOS parser has an error with one of the lines of the configuration, then all the configuration up to this point will be applied to the router, but none of the configuration beyond the error will be applied. If an error occurs, the command will retry until it successfully completes. In the pull mode, the command will not retry after an error. By default, NVRAM will be updated except when the no-persist keyword is configured.
A single message will be published on the CNS Event Bus after the partial configuration is complete. The CNS Event Bus will display one of the following status messages:
•
•
•
Examples
The following example shows how to configure the CNS partial configuration agent to accept events from the event gateway at 172.28.129.22. The CNS partial configuration agent will connect to the CNS configuration server at 172.28.129.22, port number 80. The CNS partial configuration agent requests are redirected to a configuration server at 172.28.129.40, port number 80.
Router(config)# cns event 172.28.129.22Router(config)# cns trusted-server config 172.28.129.40Router(config)# cns config partial 172.28.129.22Related Commands
cns config retrieve
To request the configuration of a routing device, use the cns config retrieve command in EXEC mode.
cns config retrieve {ip-address | host-name} [encrypt] [port-number] [page page] [overwrite-startup] [syntax-check] [no-persist] [source ip-address] [event] [inventory]
Syntax Description
Defaults
The port number defaults to 80 with no encryption and 443 with encryption.
Default web page of the initial configuration is /cns/config.asp.Command Modes
EXEC
Command History
Usage Guidelines
Use this command to request the configuration of a device from a configuration server. Use the cns trusted-server command to specify which configuration server can be used (trusted).
When the configuration has been received by the router, each line of the configuration will be applied in the same order as it was received. If the IOS parser has an error with one of the lines of the configuration, then all the configuration up to this point will be applied to the router, but none of the configuration beyond the error will be applied. If an error occurs, the command will not retry.
A single message will be published on the event bus after the partial configuration is complete. The event bus will display one of the following status messages:
•
•
•
The cns config retrieve command can be used with Command Scheduler commands (for example, kron policy-list and cli commands) in environments where it is not practical to use the CNS event agent and the cns config partial command. Configured within the cli command, the cns config retrieve command can be used to poll the configuration server to detect configuration changes.
Examples
The following example shows how to request a configuration from a trusted server at 10.1.1.1:
Router(config)# cns trusted-server all 10.1.1.1Router(config)# cns config retrieve 10.1.1.1Related Commands
cns connect
To enter Cisco Networking Services (CNS) connect configuration mode and define the parameters of a CNS connect profile for connecting to the CNS configuration engine, use the cns connect command in global configuration mode. To disable the CNS connect profile, use the no form of this command.
cns connect name [ping-interval interval-seconds] [retries number-retries] [timeout timeout-seconds] [sleep sleep-seconds]
no cns connect name [ping-interval interval-seconds] [retries number-retries] [timeout timeout-seconds] [sleep sleep-seconds]
Syntax Description
Defaults
No CNS connect profiles are defined.
Command Modes
Global configuration
Command History
12.3(2)XF
This command was introduced.
12.3(8)T
This command was integrated into Cisco IOS Release 12.3(8)T.
12.3(9)
This command was integrated into Cisco IOS Release 12.3(9).
Usage Guidelines
Use the cns connect command to enter CNS connect configuration mode and define the parameters of a CNS connect profile for connecting to the CNS configuration engine. Then use the following CNS connect commands to create a CNS connect profile:
•
•
A CNS connect profile specifies the discover commands and associated template commands that are to be applied to a router's configuration. When multiple discover and template commands are configured in a CNS connect profile, they are processed in the order in which they are entered.
Note
Examples
The following example shows how to create a CNS connect profile named profile-1:
Router (config)# cns connect profile-1Router (config-cns-conn)# discover interface SerialRouter (config-cns-conn)# template template-1Router (config-cns-conn)# exitRouter (config)#In this example, the following sequence of events occurs for each serial interface when the cns connect profile-1 command is processed:
1.
2.
3.
4.
Related Commands
cns event
To configure the Cisco Networking Services (CNS) event gateway, which provides CNS event services to Cisco IOS clients, use the cns event command in global configuration mode. To remove the specified event gateway from the gateway list, use the no form of this command.
cns event {host-name | ip-address} [port-number] [encrypt] [backup] [failover-time seconds] [keepalive seconds retry-count] [source ip-address] [clock-timeout time] [reconnect time]
no cns event {host-name | ip-address} [port-number] [encrypt] [backup] [failover-time seconds] [keepalive seconds retry-count] [source ip-address] [clock-timeout time] [reconnect time]
Syntax Description
Command Default
The event gateway default port number is 11011 with no encryption or 11012 with encryption.
The default number of seconds to wait for a primary gateway route is 3.
The clock timeout default is 10 minutes.
The reconnection time default is 3600 seconds.Command Modes
Global configuration
Command History
Usage Guidelines
The CNS event agent must be enabled before any of the other CNS agents are configured because the CNS event agent provides a transport connection to the CNS Event Bus for all other CNS agents. The other CNS agents use the connection to the CNS Event Bus to send and receive messages. The CNS event agent does not read or modify the messages.
The failover-time keyword is useful if you have a backup CNS event gateway configured. If the CNS event agent is trying to connect to the gateway and it discovers that the route to the backup is available before the route to the primary gateway, the seconds argument specifies how long the CNS event agent will continue to search for a route to the primary gateway before attempting to link to the backup gateway.
Unless you are using a bandwidth-constrained link, you should set a keepalive timeout and retry count. Doing so allows the management network to recover gracefully should a Cisco IE2100 configuration engine fail. Without the keepalive data, such a failure requires manual intervention on every device. The seconds multiplied by the retry-count determines the length of idle time before the CNS event agent will disconnect and attempt to reconnect to the gateway. Cisco recommends a minimum retry-count of 2.
If the optional source keyword is used, the source IP address might be a secondary IP address of a specific interface to allow a management network to run on top of a production network.
If network connectivity between the Cisco IOS router running the CNS Event Agent and the gateway is absent, the Event Agent goes into an exponential backoff retry mode and gets stuck at the maximum limit (which may be hours). The reconnect-time keyword allows a configurable upper limit of the maximum retry timeout.
Examples
The following example shows how to set the address of the primary CNS event gateway to the configuration engine software running on IP address 10.1.2.3, port 11011, with a keepalive of 60 seconds and a retry count of 5:
Router(config)# cns event 10.1.2.3 11011 keepalive 60 5Related Commands
cns id
Sets the unique event ID or config ID router identifier.
show cns event status
Displays status information about the CNS event agent.
cns exec
To enable and configure the CNS exec agent, which provides CNS exec services to Cisco IOS clients, use the cns exec command in global configuration mode. To disable the use of CNS exec agent services, use the no form of this command.
cns exec [host-name | ip-address] [port-number] [encrypt [enc-port-number]] [source ip-address]
no cns exec {host-name | ip-address} [port-number] [encrypt [enc-port-number]] [source ip-address]
Syntax Description
Defaults
The default exec server port number is 80.
The default encrypted exec server port number is 443.Command Modes
Global configuration
Command History
Usage Guidelines
The CNS exec agent allows a remote application to execute an EXEC mode command-line interface (CLI) command on a Cisco IOS device by sending an event message containing the command. A restricted set of EXEC CLI commands—show commands—are supported.
In previous Cisco IOS Releases the CNS exec agent was enabled when the CNS configuration agent was enabled through the cns config partial command.
Examples
The following example shows how to enable the CNS exec agent with an IP address of 10.1.2.3 for the exec agent server, a port number of 93, and a source IP address of 172.17.2.2:
Router(config)# cns exec 10.1.2.3 93 source 172.17.2.2Related Commands
cns event
Enables and configures CNS event agent services.
show cns event subject
Displays a list of CNS event agent subjects that are subscribed to by applications.
cns id
To set the unique event ID, config ID, or image ID Cisco IOS device identifier used by CNS services, use the cns id command in global configuration mode. To set the identifier to the host name of the Cisco IOS device, use the no form of this command.
If ID Choice Is IP Address or MAC Address
cns id type number {dns-reverse | ipaddress | mac-address} [event] [image]
no cns id type number {dns-reverse | ipaddress | mac-address} [event] [image]
If ID Choice Is Anything Else
cns id {hardware-serial | hostname | string string} [event] [image]
no cns id {hardware-serial | hostname | string string} [event] [image]
Syntax Description
Defaults
The system defaults to the host name of the Cisco IOS device as the unique ID.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to set the unique ID to the CNS configuration agent, which then pulls the initial configuration template to the Cisco IOS device during bootup.
You can set one or all three IDs: the config ID value for CNS configuration services, the event ID value for CNS event services, and the image ID value for CNS image agent services. To set all values, use the command three times.
To set the CNS event ID to the host name of the Cisco IOS device, use the no form of this command with the event keyword. To set the CNS config ID to the host name of the Cisco IOS device, use the no form of this command without the event keyword. To set the CNS image ID to the host name of the Cisco IOS device, use the no form of this command with the image keyword.
Examples
The following example shows how to pass the host name of the Cisco IOS device as the config ID value:
Router(config)# cns id hostnameThe following example shows how to pass the hardware serial number of the Cisco IOS device as the event ID value:
Router(config)# cns id hardware-serial eventThe following example shows how to pass the IP address of Ethernet interface 0/1 as the image ID value:
Router(config)# cns id ethernet 0/1 imageRelated Commands
cns event
Enables the CNS event gateway, which provides CNS event services to Cisco IOS clients.
cns image
To configure the CNS image agent services, use the cns image command in global configuration mode. To disable the use of CNS image agent services, use the no form of this command.
cns image [server server-url [status status-url]]
no cns image [server server-url [status status-url]]
Syntax Description
Defaults
When configured, the CNS image agent always listens for image events on the CNS Event Bus server.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the cns image command to start the CNS image agent process and to listen for image-related events on the CNS Event Bus.
If the optional server details are specified, the CNS image agent uses the server URL to contact the image management server. If no server details are specified, the URL for the image server must be supplied using one of the following three methods. The first method is to specify the image server using the server options on the cns image retrieve command. The second method is to use the server configured by the CNS event agent and stored as an image server event that can be received from the CNS Event Bus. The third method does not require a server URL because it uses CNS Event Bus mode.
If the optional status details are not specified, the status messages are sent as events on the CNS Event Bus.
Examples
The following example shows how to enable the CNS image agent services and configure a path to the image distribution server and a status messages server:
Router(config)# cns image server https://10.20.2.3:8080/cns/imageserver/ status https://10.20.2.3:8080/cns/imageserver/messages/Related Commands
cns image password
To configure a password to use with the CNS image agent services, use the cns image password command in global configuration mode. To disable the use of a password, use the no form of this command.
cns image password image-password
no cns image password image-password
Syntax Description
Defaults
No password is used with the CNS image agent services.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to create a password that is sent along with the image ID in all CNS image agent messages. The receiver of these messages can use this information to authenticate the sending device. This password may be different from the username and password used for HTTP basic authentication configured with other CNS image agent commands.
Examples
The following example shows how to configure a password to be used for the CNS image agent services:
Router(config)# cns image password textabcRelated Commands
cns id
Specifies the unique event ID, config ID, or image ID used by CNS services.
cns image retrieve
To contact a CNS image distribution server and download a new image if a new image exists, use the cns image retrieve command in privileged EXEC mode.
cns image retrieve [server server-url [status status-url]]
Syntax Description
Defaults
If the server keyword and server-url argument are not specified, the server path configured in the cns image command is used. If no server path has been configured, an error is displayed.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
You must enable the CNS image agent services using the cns image command before configuring this command.
Use this command to poll an image distribution server and download a new image to the Cisco IOS device if a new image exists.
Examples
The following example shows how to configure the CNS image agent to access the image distribution server at 10.19.2.3 and download a new image if a new image exists:
Router# cns image retrieve server https://10.20.2.3:8080/cns/imageserver/ status https://10.20.2.3:8080/cns/imageserver/messages/Related Commands
cns image retry
To set the CNS image upgrade retry interval, use the cns image retry command in global configuration mode. To restore the default value, use the no form of this command.
cns image retry seconds
no cns image retry seconds
Syntax Description
Defaults
Retry interval is 60 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to set an interval after which the CNS image agent will retry an image upgrade operation if the original upgrade attempt failed.
Examples
The following example shows how to set the CNS image upgrade interval to 240 seconds:
Router(config)# cns image retry 240Related Commands
cns inventory
To enable the CNS inventory agent—that is, to send an inventory of the router's line cards and modules to the CNS configuration engine—and enter CNS inventory mode, use the cns inventory command in global configuration mode. To disable the CNS inventory agent, use the no form of this command.
cns inventory
no cns inventory
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
12.2(8)T
This command was introduced.
12.3(1)
The config, event, and notify oir keywords were removed.
Usage Guidelines
Use this command with the announce config and transport event CNS inventory configuration mode commands to specify when to notify the CNS configuration engine of changes to the router's port-adaptor and interface inventory. A transport must be specified in CNS inventory configuration mode before any of the CNS inventory commands are executed.
Examples
The following example shows how to enable the CNS inventory agent and enter CNS inventory configuration mode:
Router(config)# cns inventoryRouter(cns_inv)#Related Commands
cns mib-access encapsulation
To specify whether Cisco Networking Services (CNS) should use nongranular (SNMP) or granular (XML) encapsulation to access MIBs, use the cns mib-access encapsulation command in global configuration mode. To disable the currently specified encapsulation, use the no form of this command.
cns mib-access encapsulation {snmp | xml [size bytes]}
no cns mib-access encapsulation {snmp | xml}
Syntax Description
Defaults
For XML encapsulation, a maximum size of 3072 bytes.
Command Modes
Global configuration
Command History
12.2(8)T
This command was introduced on Cisco 2600 series and Cisco 3600 series routers.
Examples
The following example specifies that XML be used to access MIBs:
Router(config)# cns mib-access encapsulation xmlRelated Commands
cns notifications encapsulation
Specifies whether CNS notifications should be sent using nongranular (SNMP) or granular (XML) encapsulation.
cns notifications encapsulation
To specify whether Cisco Networking Services (CNS) notifications should be sent using nongranular (SNMP) or granular (XML) encapsulation, use the cns notifications encapsulation command in global configuration mode. To disable the currently specified encapsulation, use the no form of this command.
cns notifications encapsulation {snmp | xml}
no cns notifications encapsulation {snmp | xml}
Syntax Description
snmp
Uses nongranular (SNMP) encapsulation to send notifications.
xml
Uses granular (XML) encapsulation to send notifications.
Defaults
This command is disabled.
Command Modes
Global configuration
Command History
12.2(8)T
This command was introduced on Cisco 2600 series and Cisco 3600 series routers.
Examples
The following example shows how to specify that granular notifications should be sent:
Router(config)# cns notifications encapsulation xmlRelated Commands
cns mib-access encapsulation
Specifies whether CNS should use granular (XML) or nongranular (SNMP) encapsulation to access MIBs.
cns template connect
To enter Cisco Networking Services (CNS) template connect configuration mode and define the name of a CNS connect template, use the cns template connect command in global configuration mode. To disable the CNS connect template, use the no form of this command.
cns template connect name
no cns template connect name
Syntax Description
Defaults
No CNS connect templates are defined.
Command Modes
Global configuration
Command History
12.3(2)XF
This command was introduced.
12.3(8)T
This command was integrated into Cisco IOS Release 12.3(8)T.
12.3(9)
This command was integrated into Cisco IOS Release 12.3(9).
Usage Guidelines
Use the cns template connect command to enter CNS template connect configuration mode and define the name of the CNS connect template to be configured. Then use the cli command to specify the command lines of the CNS connect template.
Note
Note
Examples
The following example shows how to configure a CNS connect template named template1:
Router (config)# cns template connect template-1Router (config-templ-conn)# cli command-1Router (config-templ-conn)# cli command-2Router (config-templ-conn)# cli no command-3Router (config-templ-conn)# exitRouter (config)#When the template1 template is applied, the following commands are sent to the router's parser:
command-1command-2no command-3When the template1 template is removed from the router's configuration after an unsuccessful ping attempt to the CNS configuration engine, the following commands are sent to the router's parser:
no command-1no command-2command-3Related Commands
cns trusted-server
To specify a trusted server for CNS agents, use the cns trusted-server command in global configuration mode. To disable the use of a trusted server for a CNS agent, use the no form of this command.
cns trusted-server {all-agents | config | event | exec | image} hostname | ip-address
no cns trusted-server {all-agents | config | event | exec | image}
Syntax Description
Defaults
all-agents
Command Modes
Global configuration
Command History
Usage Guidelines
Use the cns trusted-server command to specify a trusted server for an individual CNS agent or all the CNS agents. In previous Cisco IOS Releases CNS agents could connect to any server and this could expose the system to security violations. An attempt to connect to a server not on the list will result in an error message being displayed. For backwards compatibility the configuration of a server address using the configuration command-line interface (CLI) for a CNS agent will result in an implicit trust of the server. The implicit trusted server commands apply only to commands in configuration mode, not EXEC mode commands.
Use this command when a CNS agent will redirect its response to a server address that is not explicitly configured on the command line for the specific CNS agent. For example, the CNS exec agent may have one server configured but receive a message from the CNS Event Bus that overrides the configured server. The new server address has not been explicitly configured so the new server address is not a trusted server. An error will be generated when the CNS exec agent tries to respond to this new server address unless the cns trusted-server command has been configured for the new server address.
Examples
The following example shows how to configure server 10.19.2.5 as a trusted server for the CNS event agent:
Router# cns trusted-server event 10.19.2.5The following example shows how to configure server 10.2.2.8 as an implicit trusted server for the CNS image agent:
Router# cns image server 10.2.2.8 status 10.2.2.8Related Commands
cns config
Configures CNS configuration agent services.
cns event
Enables and configures CNS event agent services.
cns image
Configures CNS image agent services.
config-cli
Note
To connect to the Cisco Networking Services (CNS) configuration engine using a specific type of interface, use the config-cli command in CNS Connect-interface configuration mode.
config-cli type [number]
Syntax Description
Defaults
No command lines are specified to configure the interface.
Command Modes
CNS Connect-interface configuration
Command History
Usage Guidelines
Begin by using the cns config connect-intf command to enter CNS Connect-interface configuration (config-cns-conn-if) mode. Then use either this or its companion CNS bootstrap-configuration command to connect to the CNS configuration engine for initial configuration:
•
•
Immediately after either of the commands, enter additional configuration commands as appropriate.
Examples
The following example enters CNS Connect-interface configuration mode, connects to a configuration engine using an asynchronous interface, and issues a number of commands:
Router(config)# cns config connect-intf AsyncRouter(config-cns-conn-if)# config-cli encapsulation pppRouter(config-cns-conn-if)# config-cli ip unnumbered FastEthernet0/0Router(config-cns-conn-if)# config-cli dialer rotary-group 0Router(config-cns-conn-if)# line-cli modem InOutRouter(config-cns-conn-if)# line-cli...Router(config-cns-conn-if)# exitThese commands apply to the following configuration:
line 65modem InOut...interface Async65encapsulation pppdialer in-banddialer rotary-group 0Related Commands
cns config connect-intf
Specifies the interface for connecting to the CNS configuration engine.
line-cli
Connects to the CNS configuration engine using a modem dialup line.
config-register
To change the configuration register settings, use the config-register command in global configuration mode.
config-register value
Syntax Description
Defaults
Refer to the documentation for your platform for the default configuration register value. For many newer platforms, the default is 0x2102, which causes the router to boot from Flash memory and the Break key to be ignored.
Command Modes
Global configuration
Command History
Usage Guidelines
This command applies only to platforms that use a software configuration register.
The lowest four bits of the configuration register (bits 3, 2, 1, and 0) form the boot field. The boot field determines if the router boots manually, from ROM, or from Flash or the network.
To change the boot field value and leave all other bits set to their default values, follow these guidelines:
•
•
•
For more information about the configuration register bit settings and default filenames, refer to the appropriate router hardware installation guide.
Examples
In the following example, the configuration register is set to boot the system image from Flash memory:
config-register 0x2102Related Commands
configure confirm
To confirm replacement of the current running configuration with a saved Cisco IOS configuration file, use the configure confirm command in privileged EXEC mode.
configure confirm
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
12.3(7)T
This command was introduced.
12.2(25)S
This command was integrated into Cisco IOS Release 12.2(25)S.
Usage Guidelines
The configure confirm command is used only if the time seconds keyword and argument of the configure replace command are specified. If the configure confirm command is not entered within the specified time limit, the configuration replace operation will automatically be reversed (in other words, the current running configuration file will be restored back to the configuration state that existed prior to entering the configure replace command).
Examples
The following example shows the use of the configure replace command with the time seconds keyword and argument. You must enter the configure confirm command within the specified time limit to confirm replacement of the current running configuration file:
Router# configure replace nvram:startup-config time 120This will apply all necessary additions and deletionsto replace the current running configuration with thecontents of the specified configuration file, which isassumed to be a complete configuration, not a partialconfiguration. Enter Y if you are sure you want to proceed. ? [no]: YTotal number of passes: 1Rollback DoneRouter# configure confirmRelated Commands
configure memory
To configure the system from the system memory, use the configure memory command in privileged EXEC mode.
configure memory
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
On all platforms except Class A Flash file system platforms, this command executes the commands located in the configuration file in NVRAM (the "startup configuration file").
On Class A Flash file system platforms, if you specify the configure memory command, the router executes the commands pointed to by the CONFIG_FILE environment variable. The CONFIG_FILE environment variable specifies the location of the configuration file that the router uses to configure itself during initialization. The file can be located in NVRAM or any of the Flash file systems supported by the platform.
When the CONFIG_FILE environment variable specifies NVRAM, the router executes the NVRAM configuration only if it is an entire configuration, not a distilled version. A distilled configuration is one that does not contain access lists.
To view the contents of the CONFIG_FILE environment variable, use the show bootvar EXEC command. To modify the CONFIG_FILE environment variable, use the boot config command and then save your changes by issuing the copy system:running-config nvram:startup-config command.
Examples
In the following example, a router is configured from the configuration file in the memory location pointed to by the CONFIG_FILE environment variable:
Router# configure memoryRelated Commands
configure network
The configure network command was replaced by the copy {rcp | tftp} running-config command in Cisco IOS Release 11.0. To maintain backward compatibility, the configure network command continues to function in Cisco IOS Release 12.2(11)T for most systems, but support for this command may be removed in a future release.
The copy {rcp | tftp} running-config command was replaced by the copy {ftp: | rcp: | tftp:}[filename] system:running-config command in Cisco IOS Release 12.1.
The copy {ftp: | rcp: | tftp:}[filename] system:running-config command specifies that a configuration file should be copied from a FTP, rcp, or TFTP source to the running configuration. See the description of the copy command in this chapter for more information.
configure overwrite-network
The configure overwrite-network has been replaced by the copy {ftp-url | rcp-url | tftp-url} nvram:startup-config command. See the description of the copy command in the "Cisco IOS File System Commands" chapter for more information.
configure replace
To replace the current running configuration with a saved Cisco IOS configuration file, use the configure replace command in privileged EXEC mode.
configure replace target-url [list] [force] [time seconds] nolock
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
When configuring more than one keyword option, use the following rules:
•
•
If the current running configuration is replaced with a saved Cisco IOS configuration file that contains commands unaccepted by the Cisco IOS software parser, an error message will be displayed listing the commands that were unaccepted. The total number of passes performed in the configuration replace operation is also displayed.
Note
The running configuration lock is automatically cleared at the end of the configuration replace operation. It is not expected that you should need to clear the lock manually during the replace operation, but as a protection against any unforeseen circumstances, you can manually clear the lock using the clear configuration lock command. You can also display any locks that may be currently applied to the running configuration using the show configuration lock command.
Examples
This section contains the following examples:
•
•
•
•
Replacing the Current Running Configuration with a Saved Cisco IOS Configuration File
The following example shows how to replace the current running configuration with a saved Cisco IOS configuration file named disk0:myconfig. Note that the configure replace command interactively prompts you to confirm the operation.
Router# configure replace disk0:myconfigThis will apply all necessary additions and deletionsto replace the current running configuration with thecontents of the specified configuration file, which isassumed to be a complete configuration, not a partialconfiguration. Enter Y if you are sure you want to proceed. ? [no]: YTotal number of passes: 1Rollback DoneIn the following example, the list keyword is specified in order to display the command lines that were applied during the configuration replace operation:
Router# configure replace disk0:myconfig listThis will apply all necessary additions and deletionsto replace the current running configuration with thecontents of the specified configuration file, which isassumed to be a complete configuration, not a partialconfiguration. Enter Y if you are sure you want to proceed. ? [no]: Y!Pass 1!List of Commands:no snmp-server community public rosnmp-server community mystring roendTotal number of passes: 1Rollback DoneReverting to the Startup Configuration File
The following example shows how to revert to the Cisco IOS startup configuration file. This example also shows the use of the optional force keyword to override the interactive user prompt.
Router# configure replace nvram:startup-config forceTotal number of passes: 1Rollback DonePerforming a Configuration Replace Operation with the configure confirm Command
The following example shows the use of the configure replace command with the time seconds keyword and argument. You must enter the configure confirm command within the specified time limit in order to confirm replacement of the current running configuration file. If the configure confirm command is not entered within the specified time limit, the configuration replace operation will automatically be reversed (in other words, the current running configuration file will be restored back to the configuration state that existed prior to entering the configure replace command).
Router# configure replace nvram:startup-config time 120This will apply all necessary additions and deletionsto replace the current running configuration with thecontents of the specified configuration file, which isassumed to be a complete configuration, not a partialconfiguration. Enter Y if you are sure you want to proceed. ? [no]: YTotal number of passes: 1Rollback DoneRouter# configure confirmPerforming a Configuration Rollback Operation
The following example shows how to make changes to the current running configuration and then roll back the changes. As part of the configuration rollback operation, you must save the current running configuration before making changes to the file. In this example, the archive config command is used to save the current running configuration. Note that the generated output of the configure replace command indicates that only one pass was performed to complete the rollback operation.
Note
You first save the current running configuration in the configuration archive as follows:
Router# archive configYou then enter configuration changes as shown in the following example:
Router# configure terminalRouter(config)# user netops2 password rainRouter(config)# user netops3 password snowRouter(config)# exitAfter having made changes to the running configuration file, assume you now want to roll back these changes and revert to the configuration that existed before the changes were made. The show archive command is used to verify the version of the configuration to be used as a target file. The configure replace command is then used to revert to the target configuration file as shown in the following example:
Router# show archiveThere are currently 1 archive configurations saved.The next archive file will be named disk0:myconfig-2Archive # Name01 disk0:myconfig-1 <- Most Recent2345678910Router# configure replace disk0:myconfig-1Total number of passes: 1Rollback DoneRelated Commands
configure terminal
To enter global configuration mode, use the configure terminal command in privileged EXEC mode.
configure terminal
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to enter global configuration mode. Note that commands in this mode are written to the running configuration file as soon as you enter them (using the Enter key/Carriage Return).
After you enter the configure command, the system prompt changes from <router-name># to <router-name>(config)#, indicating that the router is in global configuration mode. To leave global configuration mode and return to privileged EXEC mode, type end or press Ctrl-Z.
To view the changes to the configuration you have made, use the more system:running-config command or show running-config command in EXEC mode.
Examples
In the following example, the user enters global configuration mode:
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#Related Commands
confreg
To change the configuration register settings while in ROM monitor mode, use the confreg command in ROM monitor mode.
confreg [value]
Syntax Description
value
(Optional) Hexadecimal value that represents the 16-bit configuration register value that you want to use the next time the router is restarted. The value range is from 0x0 to 0xFFFF.
Defaults
Refer to your platform documentation for the default configuration register value.
Command Modes
ROM monitor
Command History
Usage Guidelines
Not all versions in the ROM monitor support this command. Refer to your platform documentation for more information on ROM monitor mode.
If you use this command without specifying the configuration register value, the router prompts for each bit of the configuration register.
The lowest four bits of the configuration register (bits 3, 2, 1, and 0) form the boot field. The boot field determines if the router boots manually, from ROM, or from Flash or the network.
To change the boot field value and leave all other bits set to their default values, follow these guidelines:
•
•
•
For more information about the configuration register bit settings and default filenames, refer to the appropriate router hardware installation guide.
Examples
In the following example, the configuration register is set to boot the system image from Flash memory:
confreg 0x210FIn the following example, no configuration value is entered, so the system prompts for each bit in the register:
rommon 7 > confregConfiguration Summaryenabled are:console baud: 9600boot: the ROM Monitordo you wish to change the configuration? y/n [n]: yenable "diagnostic mode"? y/n [n]: yenable "use net in IP bcast address"? y/n [n]:enable "load rom after netboot fails"? y/n [n]:enable "use all zero broadcast"? y/n [n]:enable "break/abort has effect"? y/n [n]:enable "ignore system config info"? y/n [n]:change console baud rate? y/n [n]: yenter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400 [0]: 0change the boot characteristics? y/n [n]: yenter to boot:0 = ROM Monitor1 = the boot helper image2-15 = boot system[0]: 0Configuration Summaryenabled are:diagnostic modeconsole baud: 9600boot: the ROM Monitordo you wish to change the configuration? y/n [n]:You must reset or power cycle for new config to take effect.rommon 8>context
To associate a Simple Network Management Protocol (SNMP) context with a particular Virtual Private Network (VPN) routing/forwarding instance (VRF), use the context command in VRF configuration mode. To disassociate an SNMP context from a VPN, use the no form of this command.
context context-name
no context context-name
Syntax Description
Defaults
No SNMP contexts are associated with VPNs.
Command Modes
VRF configuration
Command History
Usage Guidelines
Use this command to associate an SNMP context with a VPN. Use the snmp-server context command to create an SNMP context. Associate a VPN with a context so that the VPN's specific MIB data exists in that context. You must also associate a VPN group with the context of the VPN using the snmp-server group command with the context context-name keyword and argument.
SNMP contexts provide VPN users with a secure way of accessing MIB data. When a VPN is associated with a context, that VPN's specific MIB data exists in that context. Associating a VPN with a context enables service providers to manage networks with multiple VPNs. Creating and associating a context with a VPN enables a provider to prevent the users of one VPN from accessing information about users of other VPNs on the same networking device.
Examples
The following example shows how to create an SNMP context named context1 and associate the context with the VRF named vrf1:
Router(conifg)# snmp-server context1Router(config)# ip vrf vrf1Router(config-vrf)# rd 100:120Router(config-vrf)# context context1Related Commands
continue (ROM monitor)
To return to EXEC mode from ROM monitor mode, use the continue command in ROM monitor mode.
continue
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
ROM monitor
Command History
Usage Guidelines
Use this command to return to EXEC mode from ROM monitor mode, to use the system image instead of reloading. On older platforms, the angle bracket (< >) indicates that the router is in ROM monitor mode. On newer platforms, rommon number> is the default ROM monitor prompt. Typically, the router is in ROM monitor mode when you manually load a system image or perform diagnostic tests. Otherwise, the router will most likely never be in this mode.
Caution
Examples
In the following example, the continue command switches the router from ROM monitor to EXEC mode:
> continueRouter#Related Commands
copy
To copy any file from a source to a destination, use the copy command in privileged EXEC mode.
copy [/erase] [/verify | /noverify] source-url destination-url
Syntax Description
The exact format of the source and destination URLs varies according to the file or directory location. You may enter either an alias keyword for a particular file or a filename that follows the standard Cisco IOS file system syntax (filesystem:[/filepath][/filename]).
Table 17 shows two keyword shortcuts to URLs.
The following tables list URL prefix keywords by file system type. The available file systems will vary by platform. If you do not specify a URL prefix keyword, the router looks for a file in the current directory.
Table 18 lists URL prefix keywords for Special (opaque) file systems. Table 19 lists them for remote file systems, and Table 20 lists them for local writable storage.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The fundamental function of the copy command is to allow you to copy a file (such as a system image or configuration file) from one location to another location. The source and destination for the file is specified using a Cisco IOS File System URL, which allows you to specify any supported local or remote file location. The file system being used (such as a local memory source, or a remote server) dictates the syntax used in the command.
You can enter on the command line all necessary source- and destination-URL information and the username and password to use, or you can enter the copy command and have the router prompt you for any missing information.
For local file systems, two commonly used aliases exist for the system:running-config and nvram:startup-config files; these aliases are running-config and startup-config, respectively.
Timesaver
The entire copying process may take several minutes and differs from protocol to protocol and from network to network.
The colon is required after the file system URL prefix keywords (such as flash). In some cases, file system prefixes that did not require colons in earlier software releases are allowed for backwards compatibility, but use of the colon is recommended.
In the URL syntax for ftp:, http:, https:, rcp:, scp: and tftp:, the location is either an IP address or a host name. The filename is specified relative to the directory used for file transfers.
The following sections contain usage guidelines for the following topics:
•
•
•
•
•
•
•
•
•
Understanding Invalid Combinations of Source and Destination
Some invalid combinations of source and destination exist. Specifically, you cannot copy:
•
•
•
Understanding Character Descriptions
Table 21 describes the characters that you may see during processing of the copy command.
Understanding Partitions
You cannot copy an image or configuration file to a Flash partition from which you are currently running. For example, if partition 1 is running the current system image, copy the configuration file or image to partition 2. Otherwise, the copy operation will fail.
You can identify the available Flash partitions by entering the show file system EXEC command.
Using rcp
The rcp requires a client to send a remote username upon each rcp request to a server. When you copy a configuration file or image between the router and a server using rcp, the Cisco IOS software sends the first valid username it encounters in the following sequence:
1.
2.
3.
4.
For the rcp copy request to process, an account must be defined on the network server for the remote username. If the network administrator of the destination server did not establish an account for the remote username, this command will not run. If the server has a directory structure, the configuration file or image is written to or copied from the directory associated with the remote username on the server. For example, if the system image resides in the home directory of a user on the server, specify that username as the remote username.
If you are writing to the server, the rcp server must be properly configured to accept the rcp write request from the user on the router. For UNIX systems, add an entry to the .rhosts file for the remote user on the rcp server. Suppose the router contains the following configuration lines:
hostname Rtr1ip rcmd remote-username User0If the router IP address translates to Router1.company.com, then the .rhosts file for User0 on the rcp server should contain the following line:
Router1.company.com Rtr1Refer to the documentation for your rcp server for more details.
If you are using a personal computer as a file server, the computer must support the remote shell protocol (rsh).
Using FTP
The FTP protocol requires a client to send a username and password with each FTP request to a remote FTP server. Use the ip ftp username and ip ftp password global configuration commands to specify a default username and password for all copy operations to or from an FTP server. Include the username in the copy command syntax if you want to specify a username for that copy operation only.
When you copy a file from the router to a server using FTP, the Cisco IOS software sends the first valid username that it encounters in the following sequence:
1.
2.
3.
The router sends the first valid password in the following list:
1.
2.
3.
The username and password must be associated with an account on the FTP server. If you are writing to the server, the FTP server must be properly configured to accept the FTP write request from the user on the router.
If the server has a directory structure, the configuration file or image is written to or copied from the directory associated with the username on the server. For example, if the system image resides in the home directory of a user on the server, specify that username as the remote username.
Refer to the documentation for your FTP server for details on setting up the server.
Using HTTP(S)
Copying a file to or from a remote HTTP or HTTPS server, to or from a local file system, is performed using the embedded Secure HTTP client that is integrated in Cisco IOS software. The HTTP client is enabled by default.
Downloading files from a remote HTTP or HTTPS server is performed using the HTTP client integrated in Cisco IOS software.
If a username and password are not specified in the copy command syntax, the system uses the default HTTP client username and password, if configured.
When you copy a file from a remote HTTP(S) server, the Cisco IOS software sends the first valid username that it encounters in the following sequence:
1.
2.
3.
The router sends the first valid password in the following list:
1.
2.
3.
Storing Images on Servers
Use the copy flash: destination-url command (for example, copy flash: tftp:) to copy a system image or boot image from Flash memory to a network server. You can use the copy of the image as a backup copy. Also, you can also use the image backup file to verify that the image in Flash memory is the same as that in the original file.
Copying from a Server to Flash Memory
Use the copy destination-url flash: command (for example, copy tftp: flash:) to copy an image from a server to Flash memory.
On Class B file system platforms, the system provides an option to erase existing Flash memory before writing onto it.
Note
Verifying Images
When copying a new image to your router, you should confirm that the image was not corrupted during the copy process. You can verify the integrity of the image in any of the following ways:
•
Caution
•
•
•
Copying a Configuration File from a Server to the Running Configuration
Use the copy {ftp: | rcp: | scp: | tftp:} running-config command to load a configuration file from a network server to the running configuration of the router. (Note that running-config is the alias for the system:running-config keyword.) The configuration will be added to the running configuration as if the commands were typed in the command-line interface (CLI). Thus, the resulting configuration file will be a combination of the previous running configuration and the loaded configuration file, with the loaded configuration file having precedence.
You can copy either a host configuration file or a network configuration file. Accept the default value of host to copy and load a host configuration file containing commands that apply to one network server in particular. Enter network to copy and load a network configuration file containing commands that apply to all network servers on a network.
Copying a Configuration File from a Server to the Startup Configuration
Use the copy {ftp: | rcp: | scp: | tftp:} nvram:startup-config command to copy a configuration file from a network server to the router startup configuration. These commands replace the startup configuration file with the copied configuration file.
Storing the Running or Startup Configuration on a Server
Use the copy system:running-config {ftp: | rcp: | scp: | tftp:} command to copy the current configuration file to a network server using FTP, rcp, scp, or TFTP. Use the copy nvram:startup-config {ftp: | rcp: | scp: | tftp:} command to copy the startup configuration file to a network server.
The configuration file copy can serve as a backup copy.
Saving the Running Configuration to the Startup Configuration
Use the copy system:running-config nvram:startup-config command to copy the running configuration to the startup configuration.
Note
If you issue the copy system:running-config nvram:startup-config command from a bootstrap system image, a warning will instruct you to indicate whether you want your previous NVRAM configuration to be overwritten and configuration commands to be lost. This warning does not appear if NVRAM contains an invalid configuration or if the previous configuration in NVRAM was generated by a bootstrap system image.
On all platforms except Class A file system platforms, the copy system:running-config nvram:startup-config command copies the currently running configuration to NVRAM.
On the Class A Flash file system platforms, the copy system:running-config nvram:startup-config command copies the currently running configuration to the location specified by the CONFIG_FILE environment variable. This variable specifies the device and configuration file used for initialization. When the CONFIG_FILE environment variable points to NVRAM or when this variable does not exist (such as at first-time startup), the software writes the current configuration to NVRAM. If the current configuration is too large for NVRAM, the software displays a message and stops executing the command.
When the CONFIG_FILE environment variable specifies a valid device other than nvram: (that is, flash:, bootflash:, slot0:, or slot1:), the software writes the current configuration to the specified device and filename, and stores a distilled version of the configuration in NVRAM. A distilled version is one that does not contain access list information. If NVRAM already contains a copy of a complete configuration, the router prompts you to confirm the copy.
Using CONFIG_FILE, BOOT, and BOOTLDR Environment Variables
For the Class A Flash file system platforms, specifications are as follows:
•
•
•
•
To view the contents of environment variables, use the show bootvar EXEC command. To modify the CONFIG_FILE environment variable, use the boot config global configuration command. To modify the BOOTLDR environment variable, use the boot bootldr global configuration command. To modify the BOOT environment variable, use the boot system global configuration command. To save your modifications, use the copy system:running-config nvram:startup-config command.
When the destination of a copy command is specified by the CONFIG_FILE or BOOTLDR environment variable, the router prompts you for confirmation before proceeding with the copy. When the destination is the only valid image in the BOOT environment variable, the router also prompts you for confirmation before proceeding with the copy.
Using the Copy Command with the Dual RSP Feature
The Dual RSP feature allows you to install two Route Switch Processor (RSP) cards in a single router on the Cisco 7507 and Cisco 7513 platforms.
On a Cisco 7507 or Cisco 7513 router configured for Dual RSPs, if you copy a file to nvram:startup-configuration with automatic synchronization disabled, the system prompts whether you also want to copy the file to the slave startup configuration. The default answer is yes. If automatic synchronization is enabled, the system automatically copies the file to the slave startup configuration each time you use a copy command with nvram:startup-configuration as the destination.
Examples
The following examples illustrate uses of the copy command:
•
•
•
•
•
•
•
•
•
•
•
Verifying the Integrity of the Image Before It Is Copied Example
The following example shows how to specify image verification before copying an image:
Router# copy /verify tftp://10.1.1.1/jdoe/c7200-js-mz disk0:Destination filename [c7200-js-mz]?Accessing tftp://10.1.1.1/jdoe/c7200-js-mz...Loading jdoe/c7200-js-mz from 10.1.1.1 (via FastEthernet0/0):!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![OK - 19879944 bytes]19879944 bytes copied in 108.632 secs (183003 bytes/sec)Verifying file integrity of disk0:/c7200-js-mz ................................................................................................................................................................................... .......................................................................................... ......................Done!Embedded Hash MD5 :CFA258948C4ECE52085DCF428A426DCDComputed Hash MD5 :CFA258948C4ECE52085DCF428A426DCDCCO Hash MD5 :44A7B9BDDD9638128C35528466318183Signature Verified
Copying an Image from a Server to Flash Memory Examples
The following examples use a copy rcp:, copy tftp:, or copy ftp: command to copy an image file from a server to Flash memory:
•
•
•
Copying an Image from a Server to Flash Memory Example
The following example copies a system image named file1 from the remote rcp server with an IP address of 172.16.101.101 to Flash memory. On Class B file system platforms, the Cisco IOS software allows you to first erase the contents of Flash memory to ensure that enough Flash memory is available to accommodate the system image.
Router# copy rcp://netadmin@172.16.101.101/file1 flash:file1Destination file name [file1]?Accessing file 'file1' on 172.16.101.101...Loading file1 from 172.16.101.101 (via Ethernet0): ! [OK]Erase flash device before writing? [confirm]Flash contains files. Are you sure you want to erase? [confirm]Copy 'file1' from serveras 'file1' into Flash WITH erase? [yes/no] yesErasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee...erasedLoading file1 from 172.16.101.101 (via Ethernet0): ![OK - 984/8388608 bytes]Verifying checksum... OK (0x14B3)Flash copy took 0:00:01 [hh:mm:ss]Copying an Image from a Server to a Flash Memory Using Flash Load Helper Example
The following example copies a system image into a partition of Flash memory. The system will prompt for a partition number only if there are two or more read/write partitions or one read-only and one read/write partition and dual Flash bank support in boot ROMs. If the partition entered is not valid, the process terminates. You can enter a partition number, a question mark (?) for a directory display of all partitions, or a question mark and a number (?number) for directory display of a particular partition. The default is the first read/write partition. In this case, the partition is read-only and has dual Flash bank support in boot ROM, so the system uses Flash Load Helper.
Router# copy tftp: flash:System flash partition information:Partition Size Used Free Bank-Size State Copy-Mode1 4096K 2048K 2048K 2048K Read Only RXBOOT-FLH2 4096K 2048K 2048K 2048K Read/Write Direct[Type ?<no> for partition directory; ? for full directory; q to abort]Which partition? [default = 2]**** NOTICE ****Flash load helper v1.0This process will accept the copy options and then terminatethe current system image to use the ROM based image for the copy.Routing functionality will not be available during that time.If you are logged in via telnet, this connection will terminate.Users with console access can see the results of the copy operation.---- ******** ----Proceed? [confirm]System flash directory, partition 1:File Length Name/status1 3459720 master/igs-bfpx.100-4.3[3459784 bytes used, 734520 available, 4194304 total]Address or name of remote host [255.255.255.255]? 172.16.1.1Source file name? master/igs-bfpx-100.4.3Destination file name [default = source name]?Loading master/igs-bfpx.100-4.3 from 172.16.1.111: !Erase flash device before writing? [confirm]Flash contains files. Are you sure? [confirm]Copy 'master/igs-bfpx.100-4.3' from TFTP serveras 'master/igs-bfpx.100-4.3' into Flash WITH erase? [yes/no] yesCopying an Image from a Server to a Flash Memory Card Partition Example
The following example copies the file c3600-i-mz from the rcp server at IP address 172.23.1.129 to the Flash memory card in slot 0 of a Cisco 3600 series router, which has only one partition. As the operation progresses, the Cisco IOS software prompts you to erase the files on the Flash memory PC card to accommodate the incoming file. This entire operation takes 18 seconds to perform, as indicated at the end of the example.
Router# copy rcp: slot0:PCMCIA Slot0 flashPartition Size Used Free Bank-Size State Copy Mode1 4096K 3068K 1027K 4096K Read/Write Direct2 4096K 1671K 2424K 4096K Read/Write Direct3 4096K 0K 4095K 4096K Read/Write Direct4 4096K 3825K 270K 4096K Read/Write Direct[Type ?<no> for partition directory; ? for full directory; q to abort]Which partition? [default = 1]PCMCIA Slot0 flash directory, partition 1:File Length Name/status1 3142288 c3600-j-mz.test[3142352 bytes used, 1051952 available, 4194304 total]Address or name of remote host [172.23.1.129]?Source file name? /tftpboot/images/c3600-i-mzDestination file name [/tftpboot/images/c3600-i-mz]?Accessing file '/tftpboot/images/c3600-i-mz' on 172.23.1.129...Connected to 172.23.1.129Loading 1711088 byte file c3600-i-mz: ! [OK]Erase flash device before writing? [confirm]Flash contains files. Are you sure you want to erase? [confirm]Copy '/tftpboot/images/c3600-i-mz' from serveras '/tftpboot/images/c3600-i-mz' into Flash WITH erase? [yes/no] yesErasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erasedConnected to 172.23.1.129Loading 1711088 byte file c3600-i-mz: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Verifying checksum... OK (0xF89A)Flash device copy took 00:00:18 [hh:mm:ss]Saving a Copy of an Image on a Server Examples
The following examples use copy commands to copy image files to a server for storage:
•
•
•
•
•
Copy an Image from Flash Memory to an rcp Server Example
The following example copies a system image from Flash Memory to an rcp server using the default remote username. Because the rcp server address and filename are not included in the command, the router prompts for it.
Router# copy flash: rcp:IP address of remote host [255.255.255.255]? 172.16.13.110Name of file to copy? gsxxwriting gsxx - copy completeCopy an Image from Flash Memory to an SSH Server Using scp Example
The following example shows how to use scp to copy a system image from Flash Memory to a server that supports SSH:
Router# copy flash:c4500-ik2s-mz.scp scp://user1@host1/Address or name of remote host [host1]?Destination username [user1]?Destination filename [c4500-ik2s-mz.scp]?Writing c4500-ik2s-mz.scpPassword:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Before you can use the server-side functionality, SSH, authentication, and authorization must be properly configured so the router can determine whether a user is at the right privilege level. The scp server-side functionality is configured with the ip scp server enable command.
Copy an Image from a Partition of Flash Memory to a Server Example
The following example copies an image from a particular partition of Flash memory to an rcp server using a remote username of netadmin1.
The system will prompt if there are two or more partitions. If the partition entered is not valid, the process terminates. You have the option to enter a partition number, a question mark (?) for a directory display of all partitions, or a question mark and a number (?number) for a directory display of a particular partition. The default is the first partition.
Router# configure terminalRouter# ip rcmd remote-username netadmin1Router# endRouter# copy flash: rcp:System flash partition information:Partition Size Used Free Bank-Size State Copy-Mode1 4096K 2048K 2048K 2048K Read Only RXBOOT-FLH2 4096K 2048K 2048K 2048K Read/Write Direct[Type ?<number> for partition directory; ? for full directory; q to abort]Which partition? [1] 2System flash directory, partition 2:File Length Name/status1 3459720 master/igs-bfpx.100-4.3[3459784 bytes used, 734520 available, 4194304 total]Address or name of remote host [ABC.CISCO.COM]?Source file name? master/igs-bfpx.100-4.3Destination file name [master/igs-bfpx.100-4.3]?Verifying checksum for 'master/igs-bfpx.100-4.3' (file # 1)... OKCopy 'master/igs-bfpx.100-4.3' from Flash to serveras 'master/igs-bfpx.100-4.3'? [yes/no] yes!!!!...Upload to server doneFlash copy took 0:00:00 [hh:mm:ss]Copying an Image from a Flash Memory File System to an FTP Server Example
The following example copies the file c3600-i-mz from partition 1 of the Flash memory card in slot 0 to an FTP server at IP address 172.23.1.129:
Router# show slot0: partition 1PCMCIA Slot0 flash directory, partition 1:File Length Name/status1 1711088 c3600-i-mz[1711152 bytes used, 2483152 available, 4194304 total]Router# copy slot0:1:c3600-i-mz ftp://myuser:mypass@172.23.1.129/c3600-i-mzVerifying checksum for '/tftpboot/cisco_rules/c3600-i-mz' (file # 1)... OKCopy '/tftpboot/cisco_rules/c3600-i-mz' from Flash to serveras 'c3700-i-mz'? [yes/no] yes!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Upload to server doneFlash device copy took 00:00:23 [hh:mm:ss]Copying an Image from Boot Flash Memory to a TFTP Server Example
The following example copies an image from boot Flash memory to a TFTP server:
Router# copy bootflash:file1 tftp://192.168.117.23/file1Verifying checksum for 'file1' (file # 1)... OKCopy 'file1' from Flash to serveras 'file1'? [yes/no]y!!!!...Upload to server doneFlash copy took 0:00:00 [hh:mm:ss]Copying a Configuration File from a Server to the Running Configuration Example
The following example copies and runs a configuration filename host1-confg from the netadmin1 directory on the remote server with an IP address of 172.16.101.101:
Router# copy rcp://netadmin1@172.16.101.101/host1-confg system:running-configConfigure using host1-confg from 172.16.101.101? [confirm]Connected to 172.16.101.101Loading 1112 byte file host1-confg:![OK]Router#%SYS-5-CONFIG: Configured from host1-config by rcp from 172.16.101.101Copying a Configuration File from a Server to the Startup Configuration Example
The following example copies a configuration file host2-confg from a remote FTP server to the startup configuration. The IP address is172.16.101.101, the remote username is netadmin1, and the remote password is ftppass.
Router# copy ftp://netadmin1:ftppass@172.16.101.101/host2-confg nvram:startup-configConfigure using rtr2-confg from 172.16.101.101?[confirm]Connected to 172.16.101.101Loading 1112 byte file rtr2-confg:![OK][OK]Router#%SYS-5-CONFIG_NV:Non-volatile store configured from rtr2-config by FTP from 172.16.101.101Copying the Running Configuration to a Server Example
The following example specifies a remote username of netadmin1. Then it copies the running configuration file named rtr2-confg to the netadmin1 directory on the remote host with an IP address of 172.16.101.101.
Router# configure terminalRouter(config)# ip rcmd remote-username netadmin1Router(config)# endRouter# copy system:running-config rcp:Remote host[]? 172.16.101.101Name of configuration file to write [Rtr2-confg]?Write file rtr2-confg on host 172.16.101.101?[confirm]Building configuration...[OK]Connected to 172.16.101.101Copying the Startup Configuration to a Server Example
The following example copies the startup configuration to a TFTP server:
Router# copy nvram:startup-config tftp:Remote host[]? 172.16.101.101Name of configuration file to write [rtr2-confg]? <cr>Write file rtr2-confg on host 172.16.101.101?[confirm] <cr>![OK]Saving the Current Running Configuration Example
The following example copies the running configuration to the startup configuration. On a Class A Flash file system platform, this command copies the running configuration to the startup configuration specified by the CONFIG_FILE variable.
copy system:running-config nvram:startup-configThe following example shows the warning that the system provides if you try to save configuration information from bootstrap into the system:
Router(boot)# copy system:running-config nvram:startup-configWarning: Attempting to overwrite an NVRAM configuration writtenby a full system image. This bootstrap software does not supportthe full configuration command set. If you perform this command now,some configuration commands may be lost.Overwrite the previous NVRAM configuration?[confirm]Enter no to escape writing the configuration information to memory.
Moving Configuration Files to Other Locations Examples
On some routers, you can store copies of configuration files on a Flash memory device. Five examples follow:
•
•
•
•
•
Copying the Startup Configuration to a Flash Memory Device Example
The following example copies the startup configuration file (specified by the CONFIG_FILE environment variable) to a Flash memory card inserted in slot 0:
copy nvram:startup-config slot0:router-confgCopying the Running Configuration to a Flash Memory Device Example
The following example copies the running configuration from the router to the Flash memory PC card in slot 0:
Router# copy system:running-config slot0:berlin-cfgBuilding configuration...5267 bytes copied in 0.720 secsCopying to the Running Configuration from a Flash Memory Device Example
The following example copies the file named ios-upgrade-1 from the Flash memory card in slot 0 to the running configuration:
Router# copy slot0:4:ios-upgrade-1 system:running-configCopy 'ios-upgrade-1' from flash deviceas 'running-config' ? [yes/no] yesCopying to the Startup Configuration from a Flash Memory Device Example
The following example copies the router-image file from the Flash memory to the startup configuration:
copy flash:router-image nvram:startup-configCopying a Configuration File from one Flash Device to Another Example
The following example copies the file running-config from the first partition in internal Flash memory to the Flash memory PC card in slot 1. The checksum of the file is verified, and its copying time of 30 seconds is displayed.
Router# copy flash: slot1:System flashPartition Size Used Free Bank-Size State Copy Mode1 4096K 3070K 1025K 4096K Read/Write Direct2 16384K 1671K 14712K 8192K Read/Write Direct[Type ?<no> for partition directory; ? for full directory; q to abort]Which partition? [default = 1]System flash directory, partition 1:File Length Name/status1 3142748 dirt/images/mars-test/c3600-j-mz.latest2 850 running-config[3143728 bytes used, 1050576 available, 4194304 total]PCMCIA Slot1 flash directory:File Length Name/status1 1711088 dirt/images/c3600-i-mz2 850 running-config[1712068 bytes used, 2482236 available, 4194304 total]Source file name? running-configDestination file name [running-config]?Verifying checksum for 'running-config' (file # 2)... OKErase flash device before writing? [confirm]Flash contains files. Are you sure you want to erase? [confirm]Copy 'running-config' from flash: deviceas 'running-config' into slot1: device WITH erase? [yes/no] yesErasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased![OK - 850/4194304 bytes]Flash device copy took 00:00:30 [hh:mm:ss]Verifying checksum... OK (0x16)Copying a File from a Remote Web Server Examples
In the following example, the file config1 is copied from a remote server to Flash memory using HTTP:
Router# copy http://www.example.com:8080/configs/config1 flash:config1In the following example, a default username and password for HTTP Client communications is configured, and then the file sample.scr is copied from a secure HTTP server using HTTPS:
Router# configure terminalRouter(config)# ip http client username joeuserRouter(config)# ip http client password letmeinRouter(config)# endRouter# copy https://www.example_secure.com/scripts/sample.scr flash:In the following example, an HTTP proxy server is specified before using the copy http:// command:
Router# configure terminalRouter(config)# ip http client proxy-server edge2 proxy-port 29Router(config)# endRouter# copy http://www.example.com/configs/config3 flash:/configs/config3Copying an Image from the Master RSP Card to the Slave RSP Card Example
The following example copies the router-image file from the Flash memory card inserted in slot 1 of the master RSP card to slot 0 of the slave RSP card in the same router:
Router# copy slot1:router-image slaveslot0:Related Commands
copy erase flash
The copy erase flash command has been replaced by the erase flash:command. See the description of the erase command for more information.
On some platforms, use can use the copy /erase source-url flash: syntax to erase the local Flash file system before copying a new file into Flash. See the desciption of the copy command for details on this option.
copy http://
The copy http:// command is documented as part of the copy command.
copy https://
The copy https:// command is documented as part of the copy command.
cpu interrupt
To enter the CPU owner configuration mode and set thresholds for interrupt level CPU utilization, use the cpu interrupt command in resource policy node configuration mode. To disable this function, use the no form of this command.
cpu interrupt
no cpu interrupt
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Resource policy node configuration
Command History
Usage Guidelines
This command allows you to enter the CPU owner configuration mode and set rising and falling values for critical, major, and minor thresholds.
Examples
The following example shows how to enter CPU owner configuration mode:
Router(config-res-policy-node)# cpu interruptRelated Commands
cpu process
To enter the CPU owner configuration mode and set thresholds for process level CPU utilization, use the cpu process command in resource policy node configuration mode. To disable this function, use the no form of this command.
cpu process
no cpu process
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Resource policy node configuration
Command History
Usage Guidelines
This command allows you to enter the CPU owner configuration mode and set rising and falling values for critical, major, and minor thresholds.
Examples
The following example shows how to enter CPU owner configuration mode:
Router(config-res-policy-node)# cpu processRelated Commands
cpu total
To enter the CPU owner configuration mode and set thresholds for total CPU utilization, use the cpu total command in resource policy node configuration mode. To disable this function, use the no form of this command.
cpu total
no cpu total
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Resource policy node configuration
Command History
Usage Guidelines
This command allows you to enter the CPU owner configuration mode and set rising and falling values for critical, major, and minor thresholds.
Examples
The following example shows how to enter the CPU owner configuration mode:
Router(config-res-policy-node)# cpu totalRelated Commands
critical rising
To set critical level threshold values for the buffer, CPU, and memory ROs, use the critical rising command in buffer owner configuration mode, CPU owner configuration mode, or memory owner configuration mode. To disable this function, use the no form of this command.
critical rising rising-threshold-value [interval interval-value] [falling falling-threshold-value [interval interval-value]] [global]
no critical rising
Syntax Description
Command Default
Disabled
Command Modes
Buffer owner configuration mode
CPU owner configuration mode
Memory owner configuration mode
Command History
Usage Guidelines
The interval is the dampening or observation interval time in seconds during which the variations in the rising and falling threshold values are not notified to the RUs. That is, the interval is the time the system waits to check whether the threshold value stabilizes or not. The interval is set to avoid unnecessary and unwanted threshold notifications. If an interval is not specified, the system takes a default value of 5 seconds.
This command allows you to configure three types of thresholding:
•
•
•
System Global Thresholding
System global thresholding is used when the entire resource reaches a specified value. That is, RUs are notified when the total resource utilization goes above or below a specified threshold value. The notification order is determined by the priority of the RU. The RUs with a lower priority will be notified first, so that these low-priority RUs are expected to reduce the resource utilization. This order prevents the high-priority RUs from getting affected with unwanted notifications.
You can set rising and falling threshold values. For example, if you have set a total CPU utilization threshold value of 90% as the rising critical value and 20% as falling critical value, then when the total CPU utilization crosses the 90% mark, a critical Up notification is sent to all the RUs and when the total CPU utilization falls below 20%, a critical Down notification is sent to all the RUs.
Similarly, if you have set a total buffer usage count threshold value of 90% as the rising critical value and 20% as falling critical value, then when the total buffer usage count crosses the 90% mark, a critical Up notification is sent to all the RUs and when the total buffer usage count falls below 20%, a critical Down notification is sent to all the RUs.
In the same way, if you have set a total I/O memory usage threshold value of 90% as the rising critical value and 20% as falling critical value, then when the total memory usage crosses the 90% mark, a critical Up notification is sent to all the RUs and when the total memory usage falls below 20%, a critical Down notification is sent to all the RUs.
User Local Thresholding
User local thresholding is used when a specified RU exceeds the configured limits. The user local thresholding method prevents a single RU from monopolizing the resources. That is, the specified RU is notified when the resource utilization of the specified RU goes above or below a configured threshold value. For example, if you have set a CPU utilization threshold value of 90% as the rising critical value and 20% as falling critical value, then when the CPU utilization of the specified RU crosses the 90% mark, a critical Up notification is sent to that RU only and when the CPU utilization of the specified RU falls below 20%, a critical Down notification is sent to that RU only. The same method applies to buffer and memory ROs also.
Per User Global Thresholding
Per user global thresholding is used when the entire resource reaches a specified value. This value is unique for each RU and notification is sent only to the specified RU. User global thresholding is similar to user local thresholding, except that the global resource usage is compared against the thresholds. That is, only the specified RU is notified when the total resource utilization goes above or below a configured threshold value. For example, if you have set a CPU utilization threshold value of 90% as the rising critical value and 20% as falling critical value, then when the total CPU utilization crosses the 90% mark, a critical Up notification is sent to the specified RU only and when the total CPU utilization falls below 20%, a critical Down notification is sent to the specified RU only. The same method applies to buffer and memory ROs also.
Threshold Violations
The Cisco IOS device sends out error messages whenever a threshold is violated. The following examples help you understand the error message pattern when different threshold violations occur in buffer, CPU, and memory ROs:
System Global Threshold Violation in Buffer RO
The threshold violation in buffer RO for a system global threshold shows the following output:
System global threshold-Violation (keywords Critical, Major and Minor alone will vary accordingly)==========================================================================================00:15:11: %SYS-4-GLOBALBUFEXCEED: Buffer usage has gone above global buffer Critical thresholdconfigured <value> Current usage :<value>For example:
00:15:11: %SYS-4-GLOBALBUFEXCEED: Buffer usage has gone above global buffer Critical thresholdconfigured 144 Current usage :145System global threshold- Recovery (keywords Critical, Major and Minor alone will vary accordingly)==========================================================================================00:17:10: %SYS-5-GLOBALBUFRECOVER: Buffer usage has gone below global buffer Critical thresholdconfigured <value> Current usage :<value>For example:
00:17:10: %SYS-5-GLOBALBUFRECOVER: Buffer usage has gone below global buffer Critical thresholdconfigured 90 Current usage :89Per User Global Threshold Violation in Buffer RO
The threshold violation in buffer RO for a user global threshold shows the following output:
User global threshold - Violation (keywords Critical, Major and Minor alone will vary accordingly)==========================================================================================00:24:04: %SYS-4-RESGLOBALBUFEXCEED: Buffer usage has gone above buffer Critical threshold configured by resource user <user-name>configured 144 Current usage :145User global threshold - Recovery (keywords Critical, Major and Minor alone will vary accordingly)==========================================================================================00:25:08: %SYS-4-RESGLOBALBUFRECOVER: Buffer usage has gone below buffer Critical threshold configured by resource user <user-name>configured 126 Current usage :125User Local Threshold Violation in Buffer RO
The threshold violation in buffer RO for a user local threshold shows the following output:
User local threshold - Violation (keywords Critical, Major and Minor alone will vary accordingly)=========================================================================================00:31:15: %SYS-4-RESBUFEXCEED: Resource user user_1 has exceeded the buffer Critical threshold. configured 108 Current usage :109User local threshold- Recovery (keywords Critical, Major and Minor alone will vary accordingly)=========================================================================================00:31:05: %SYS-5-RESBUFRECOVER: Resource user user_1 has recovered after exceeding the buffer Critical threshold. configured 90 Current usage :89System Global Threshold Violation in CPU RO
The threshold violation in CPU RO for a system global threshold shows the following output:
System global threshold- Violation(1) keywords Critical, Major and Minor will vary accordingly(2) keywords total, process and interrupt will vary accordingly )==========================================================================================00:19:36: %SYS-4-CPURESRISING: System is seeing global cpu util 19% at total level more than the configured minor limit 11%System global threshold - Recovery(1) keywords Critical, Major and Minor will vary accordingly(2) keywords total, process and interrupt will vary accordingly==========================================================================================00:20:56: %SYS-6-CPURESFALLING: System is no longer seeing global high cpu at total level for the configured minor limit 10%, current value 4%Per User Global Threshold Violation in CPU RO
The threshold violation in CPU RO for a user global threshold shows the following output:
User global threshold - Violation(1) keywords Critical, Major and Minor will vary accordingly(2) keywords total, process and interrupt will vary accordingly==========================================================================================00:14:21: %SYS-4-CPURESRISING: Resource user <user-name> is seeing global cpu util 11% at total level more than the configured minor limit 6 %For example:
00:14:21: %SYS-4-CPURESRISING: Resource user Test-proc-14:99s:1w:100n is seeing global cpu util 11% at total level more than the configured minor limit 6%User global threshold- Recovery(1) keywords Critical, Major and Minor will vary accordingly(2) keywords total, process and interrupt will vary accordingly==========================================================================================00:14:46: %SYS-6-CPURESFALLING: Resource user <user-name> is no longer seeing global high cpu at total level for the configured critical limit 9%, current value 4%For example:
00:14:46: %SYS-6-CPURESFALLING: Resource user Test-proc-14:99s:1w:100n is no longer seeing global high cpu at total level for the configured critical limit 9%, current value 4%User Local Threshold Violation in CPU RO
The threshold violation in CPU RO for a user local threshold shows the following output:
User local threshold - Violation (keywords Critical, Major and Minor will vary accordingly - only process level)==========================================================================================00:12:11: %SYS-4-CPURESRISING: Resource user <user-name> is seeing local cpu util 15% at process level more than the configured minor limit 6%For example:
00:12:11: %SYS-4-CPURESRISING: Resource user Test-proc-9:85s:15w:100n is seeing local cpu util 15% at process level more than the configured minor limit 6%User local threshold- Recovery (keywords Critical, Major and Minor will vary accordingly - only process level)==========================================================================================00:13:11: %SYS-6-CPURESFALLING: Resource user <user-name> is no longer seeing local high cpu at process level for the configured critical limit 9%, current value 3%System Global Threshold Violation in Memory RO
The threshold violation in memory RO for a system global threshold shows the following output:
System global threshold - Violation (keywords Critical, Major and Minor alone will vary accordingly )(If violation happens in IO memory pool will be : I/O)==========================================================================================13:53:22: %SYS-5-GLOBALMEMEXCEED: Global Memory has exceeded the Minor thresholdPool: Processor Used: 422703520 Threshold: 373885200For example:
13:54:03: %SYS-5-GLOBALMEMEXCEED: Global Memory has exceeded the Critical thresholdPool: Processor Used: 622701556 Threshold: 467356500System global threshold - Recovery (keywords Critical, Major and Minor alone will vary accordingly)(If recovery happens in IO memory pool will be : I/O)==========================================================================================%SYS-5-GLOBALMEMRECOVER: Global Memory has recovered after exceeding Minor thresholdPool: Processor Used: 222473448 Threshold: 355190940For example:
13:50:41: %SYS-5-GLOBALMEMRECOVER: Global Memory has recovered after exceeding Critical thresholdPool: Processor Used: 222473152 Threshold: 443988675Per User Global Threshold Violation in Memory RO
The threshold violation in memory RO for a user global threshold shows the following output:
User global threshold - Violation (keywords Critical, Major and Minor alone will vary accordingly)(If violation happens in IO memory pool will be : I/O)==========================================================================================00:53:14: %SYS-4-RESGLOBALMEMEXCEED: Global Memory has exceeded the Minor threshold configure by resource user <XYZ>Pool: Processor Used: 62273916 Threshold: 62246820User global threshold - Recovery (keywords Critical, Major and Minor alone will vary accordingly)(If recovery happens in IO memory pool will be : I/O)==========================================================================================00:32:56: %SYS-4-RESGLOBALMEMRECOVER: Global Memory has recovered after exceeding the Critical threshold configure by resource user <XYZ>Pool: Processor Used: 329999508 Threshold: 375865440User Local Threshold Violation in Memory RO
The threshold violation in memory RO for a user local threshold shows the following output:
User local threshold- Violation (keywords Critical, Major and Minor alone will vary accordingly)=========================================================================================01:05:42: %SYS-4-RESMEMEXCEED: Resource user <XYZ> has exceeded the Critical memory thresholdPool: Processor Used: 103754740 Threshold: 103744700User local threshold - Recovery (keywords Critical, Major and Minor alone will vary accordingly)=========================================================================================00:44:43: %SYS-5-RESMEMRECOVER: Resource user <XYZ> has recovered after exceeding the Critical memory thresholdPool: Processor Used: 328892280 Threshold :375865440Examples
Configuring Critical Rising Values for System Global Thresholding
The following example shows how to configure the critical threshold values for system global thresholding with critical rising threshold of 90% at an interval of 12 seconds and critical falling threshold of 20% at an interval of 10 seconds:
Router(config-owner-cpu)# critical rising 90 interval 12 falling 20 interval 10 globalRouter(config-owner-buffer)# critical rising 90 interval 12 falling 20 interval 10 globalRouter(config-owner-memory)# critical rising 90 interval 12 falling 20 interval 10 globalConfiguring Critical Rising Values for User Local Thresholding
The following example shows how to configure the critical threshold values for user local thresholding with critical rising threshold of 90% at an interval of 12 seconds and critical falling threshold of 20% at an interval of 10 seconds:
Router(config-owner-cpu)# critical rising 90 interval 12 falling 20 interval 10Router(config-owner-buffer)# critical rising 90 interval 12 falling 20 interval 10Router(config-owner-memory)# critical rising 90 interval 12 falling 20 interval 10Configuring Critical Rising Values for Per User Global Thresholding
The following example shows how to configure the critical threshold values for per user global thresholding with critical rising threshold of 90% at an interval of 12 seconds and critical falling threshold of 20% at an interval of 10 seconds:
Router(config-owner-cpu)# critical rising 90 interval 12 falling 20 interval 10 globalRouter(config-owner-buffer)# critical rising 90 interval 12 falling 20 interval 10 globalRouter(config-owner-memory)# critical rising 90 interval 12 falling 20 interval 10 globalRelated Commands
crypto mib topn
To configure TopN sampling parameters, use the crypto mib topn command in global configuration mode. To disable TopN sampling, use the no form of this command.
crypto mib topn [interval seconds] [stop seconds]
no crypto mib topn [interval seconds] [stop seconds]
Syntax Description
Defaults
interval: 300 seconds, stop: continuous sampling (0 seconds)
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to rank objects according to your chosen criteria. You will not see the stop parameter setting after enabling the show running configuration command if the stop parameter is set at a value greater than zero. Otherwise, the current sampling parameters are recorded in the active configuration (if sampling is enabled), and sampling occurs continuously (at the specified intervals) until, and after, the device is rebooted. This command should be disabled if your criteria queries performed by XSM clients (such as VPN Device Manager [VDM]) are not to be processed.
"Crypto MIB" commands apply to characteristics of the IP Security (IPSec) MIBs. TopN (topn) is a special subset of the IPSec MIB Export (IPSMX) interface that provides a set of queries that allows ranked reports of active Internet Key Exchange (Ike) or IPSec tunnels to be obtained depending on certain criteria. While the VPN Device Manager (VDM) application retrieves and presents the data elements defined in the Ike and IPSec MIBs, the application does not use the SNMP interface.
Examples
The following example shows the crypto mib topn command being enabled with an interval frequency of 240 seconds and a designated stop time of 1200 seconds (20 minutes). At that time, the assigned sampling ceases.
crypto mib topn interval 240 stop 1200Related Commands
databits
To set the number of data bits per character that are interpreted and generated by the router hardware, use the databits command in line configuration mode. To restore the default value, use the no form of the command.
databits {5 | 6 | 7 | 8}
no databits
Syntax Description
5
Five data bits per character.
6
Six data bits per character.
7
Seven data bits per character.
8
Eight data bits per character. This is the default.
Defaults
Eight data bits per character
Command Modes
Line configuration
Command History
Usage Guidelines
The databits line configuration command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity generation is in effect, specify 8 data bits per character. The other keywords are supplied for compatibility with older devices and generally are not used.
Examples
The following example sets the number of data bits per character to seven on line 4:
Router(config)# line 4Router(config-line)# databits 7Related Commands
data-character-bits
To set the number of data bits per character that are interpreted and generated by the Cisco IOS software, use the data-character-bits command in line configuration mode. To restore the default value, use the no form of this command.
data-character-bits {7 | 8}
no data-character-bits
Syntax Description
Defaults
Eight data bits per character
Command Modes
Line configuration
Command History
Usage Guidelines
The data-character-bits line configuration command is used primarily to strip parity from X.25 connections on routers with the protocol translation software option. The data-character-bits line configuration command does not work on hard-wired lines.
Examples
The following example sets the number of data bits per character to seven on virtual terminal line (vty) 1:
Router(config)# line vty 1Router(config-line)# data-character-bits 7Related Commands
terminal data-character-bits
Sets the number of data bits per character that are interpreted and generated by the Cisco IOS software for the current line and session.
data-pattern
To specify the data pattern in a Cisco IOS IP Service Level Agreements (SLAs) operation to test for data corruption, use the data pattern command in the appropriate submode of IP SLA monitor configuration or RTR configuration mode. To remove the data pattern specification, use the no form of this command.
data-pattern hex-pattern
no data-pattern hex-pattern
Syntax Description
Defaults
The default hex-pattern is ABCD.
Command Modes
IP SLA Monitor Configuration
Frame Relay configuration (config-sla-monitor-frameRelay)
UDP echo configuration (config-sla-monitor-udp)RTR Configuration
Frame Relay configuration (config-rtr-frameRelay)
UDP echo configuration (config-rtr-udp)
Note
Command History
Usage Guidelines
The data-pattern command allows users to specify an alphanumeric character string to verify that operation payload does not get corrupted in either direction (source-to-destination [SD] or destination-to-source [DS]).
Note
IP SLAs Operation Configuration Dependence on Cisco IOS Release
The Cisco IOS command used to begin configuration for an IP SLAs operation varies depending on the Cisco IOS release you are running (see Table 22). You must configure the type of IP SLAs operation (such as User Datagram Protocol [UDP] jitter or Internet Control Message Protocol [ICMP] echo) before you can configure any of the other parameters of the operation.
The configuration mode for the data-pattern command varies depending on the Cisco IOS release you are running (see Table 22) and the operation type configured. For example, if you are running Cisco IOS Release 12.4 and the UDP echo operation type is configured, you would enter the data-pattern command in UDP echo configuration mode (config-sla-monitor-udp) within IP SLA monitor configuration mode.
Examples
The following examples show how to specify 1234ABCD5678 as the data pattern. Note that the Cisco IOS command used to begin configuration for an IP SLAs operation varies depending on the Cisco IOS release you are running (see Table 22).
IP SLA Monitor Configuration
ip sla monitor 1type udpEcho dest-ipaddr 10.0.54.205 dest-port 101data-pattern 1234ABCD5678!ip sla monitor schedule 1 life forever start-time nowRTR Configuration
rtr 1type udpEcho dest-ipaddr 10.0.54.205 dest-port 101data-pattern 1234ABCD5678!rtr schedule 1 life forever start-time nowRelated Commands
default-value exec-character-bits
To define the EXEC character width for either 7 bits or 8 bits, use the default-value exec-character-bits command in global configuration mode. To restore the default value, use the no form of this command.
default-value exec-character-bits {7 | 8}
no default-value exec-character-bits
Syntax Description
7
Selects the 7-bit ASCII character set. This is the default.
8
Selects the full 8-bit ASCII character set.
Defaults
7-bit ASCII character set
Command Modes
Global configuration
Command History
Usage Guidelines
Configuring the EXEC character width to 8 bits allows you to add graphical and international characters in banners, prompts, and so on. However, setting the EXEC character width to 8 bits can also cause failures. If a user on a terminal that is sending parity enters the help command, an "unrecognized command" message appears because the system is reading all 8 bits, although the eighth bit is not needed for the help command.
Examples
The following example selects the full 8-bit ASCII character set for EXEC banners and prompts:
Router(config)# default-value exec-character-bits 8Related Commands
default-value special-character-bits
To configure the flow control default value from a 7-bit width to an 8-bit width, use the default-value special-character-bits command in global configuration mode. To restore the default value, use the no form of this command.
default-value special-character-bits {7 | 8}
no default-value special-character-bits
Syntax Description
Defaults
7-bit character set
Command Modes
Global configuration
Command History
Usage Guidelines
Configuring the special character width to 8 bits allows you to add graphical and international characters in banners, prompts, and so on.
Examples
The following example selects the full 8-bit special character set:
Router(config)# default-value special-character-bits 8Related Commands
delete
To delete a file on a Flash memory device or NVRAM, use the delete command in EXEC mode.
delete url [/force | /recursive]
Syntax Description
url
Cisco IOS File System URL of the file to be deleted. Include the file system prefix, followed by a colon, and, optionally, the name of a file or directory. See Table 23 for list of supported URLs.
/force
(Optional) Deletes the specified file or directory without prompting you for verification.
Note
/recursive
(Optional) Deletes all files in the specified directory, as well as the directory itself.
Command Modes
EXEC
Command History
11.0
This command was introduced.
12.3(14)T
The usbflash[0-9]: and usbtoken[0-9]: options were added to the list of Cisco IOS File System URLs.
Usage Guidelines
If you attempt to delete the configuration file or image specified by the CONFIG_FILE or BOOTLDR environment variable, the system prompts you to confirm the deletion. Also, if you attempt to delete the last valid system image specified in the BOOT environment variable, the system prompts you to confirm the deletion.
When you delete a file in Flash memory, the software simply marks the file as deleted, but it does not erase the file. To later recover a "deleted" file in Flash memory, use the undelete EXEC command. You can delete and undelete a file up to 15 times.
To permanently delete all files marked "deleted" on a linear Flash memory device, use the squeeze EXEC command.
Table 23 contains a list of Cisco IOS File System URLs.
Examples
The following example deletes the file named test from the Flash card inserted in slot 0:
Router# delete slot0:testDelete slot0:test? [confirm]Related Commands
diag
To perform field diagnostics on a line card, on the Gigabit Route Processor (GRP), on the Switch Fabric Cards (SFCs), and on the Clock Scheduler Card (CSC) in Cisco 12000 series Gigabit Switch Routers (GSRs), use the diag command in privileged EXEC mode. To disable field diagnostics on a line card, use the no form of this command.
diag slot-number [halt | previous | post | verbose [wait] | wait]
no diag slot-number
Syntax Description
Defaults
No field diagnostics tests are performed on the line card.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The diag command must be executed from the GRP main console port.
Perform diagnostics on the CSC only if a redundant CSC is in the router.
Diagnostics will stop and ask you for confirmation before altering the router's configuration. For example, running diagnostics on a SFC or CSC will cause the fabric to go from full bandwidth to one-fourth bandwidth. Bandwidth is not affected by GRP or line card diagnostics.
The field diagnostic software image is bundled with the Cisco IOS software and is downloaded automatically from the GRP to the target line card prior to testing.
Caution
In normal mode, if a test fails, the title of the failed test is displayed on the console. However, not all tests that are performed are displayed. To view all the tests that are performed, use the verbose keyword.
After all diagnostic tests are completed on the line card, a PASSED or TEST FAILURE message is displayed. If the line card sends a PASSED message, the Cisco IOS software image on the line card is automatically reloaded unless the wait keyword is specified. If the line card sends a TEST FAILURE message, the Cisco IOS software image on the line card is not automatically reloaded.
If you want to reload the line card after it fails diagnostic testing, use the microcode reload slot global configuration command.
Note
If the line card fails the test, the line card is defective and should be replaced. In future releases this might not be the case because DRAM and SDRAM SIMM modules might be field replaceable units. For example, if the DRAM test failed you might only need to replace the DRAM on the line card.
For more information, refer to the Cisco 12000 series installation and configuration guides.
Examples
In the following example, a user is shown the output when field diagnostics are performed on the line card in slot 3. After the line card passes all field diagnostic tests, the Cisco IOS software is automatically reloaded on the card. Before starting the diagnostic tests, you must confirm the request to perform these tests on the line card because all activity on the line card is halted. The total/indiv. timeout set to 600/220 sec. message indicates that 600 seconds are allowed to perform all field diagnostics tests, and that no single test should exceed 220 seconds to complete.
Router# diag 3Running Diags will halt ALL activity on the requested slot. [confirm]Router#Launching a Field Diagnostic for slot 3Running DIAG config checkRUNNING DIAG download to slot 3 (timeout set to 400 sec.)sending cmd FDIAG-DO ALL to fdiag in slot 3(total/indiv. timeout set to 600/220 sec.)Field Diagnostic ****PASSED**** for slot 3Field Diag eeprom values: run 159 fial mode 0 (PASS) slot 3last test failed was 0, error code 0sending SHUTDOWN FDIAG_QUIT to fdiag in slot 3Board will reload...Router#In the following example, a user is shown the output when field diagnostics are performed on the line card in slot 3 in verbose mode:
Router# diag 3 verboseRunning Diags will halt ALL activity on the requested slot. [confirm]Router#Launching a Field Diagnostic for slot 3Running DIAG config checkRUNNING DIAG download to slot 3 (timeout set to 400 sec.)sending cmd FDIAG-DO ALL to fdiag in slot 3(total/indiv. timeout set to 600/220 sec.)FDIAG_STAT_IN_PROGRESS: test #1 R5K Internal CacheFDIAG_STAT_PASS test_num 1FDIAG_STAT_IN_PROGRESS: test #2 Sunblock OrderingFDIAG_STAT_PASS test_num 2FDIAG_STAT_IN_PROGRESS: test #3 Dram DatapinsFDIAG_STAT_PASS test_num 3...Field Diags: FDIAG_STAT_DONEField Diagnostic ****PASSED**** for slot 3Field Diag eeprom values: run 159 fial mode 0 (PASS) slot 3last test failed was 0, error code 0sending SHUTDOWN FDIAG_QUIT to fdiag in slot 3Board will reload...Router#Related Commands
dir
To display a list of files on a file system, use the dir command in EXEC mode.
dir [/all] [filesystem: ][file-url]
Syntax Description
Defaults
The default file system is specified by the cd command. When you omit the /all keyword, the Cisco IOS software displays only undeleted files.
Command Modes
EXEC
Command History
Usage Guidelines
Use the show (Flash file system) command to display more detail about the files in a particular file system.
Examples
The following is sample output from the dir command:
Router# dir slot0:Directory of slot0:/1 -rw- 4720148 Dec 29 2003 17:49:36 -08:00 hampton/nitro/c7200-j-mz2 -rw- 4767328 Jan 02 2004 18:42:53 -08:00 c7200-js-mz5 -rw- 639 Jan 03 2004 12:09:32 -08:00 rally7 -rw- 639 Jan 03 2004 12:37:13 -08:00 the_time20578304 bytes total (3104544 bytes free)Router# dir /all slot0:Directory of slot0:/1 -rw- 4720148 Dec 15 2003 17:49:36 -08:00 hampton/nitro/c7200-j-mz2 -rw- 4767328 Jan 02 2004 18:42:53 -08:00 c7200-js-mz3 -rw- 7982828 Jan 02 2004 18:48:14 -08:00 [rsp-jsv-mz]4 -rw- 639 Jan 03 2004 12:09:17 -08:00 the_time]5 -rw- 639 Jan 03 1994 12:09:32 -08:00 rally6 -rw- 639 Jan 03 1994 12:37:01 -08:00 [the_time]7 -rw- 639 Jan 03 1994 12:37:13 -08:00Table 24 describes the significant fields shown in the output.
Related Commands
disable
To exit privileged EXEC mode and return to user EXEC mode, or to exit to a lower privilege level, enter the disable command in EXEC mode.
disable [privilege-level]
Syntax Description
Command Modes
EXEC
Command History
Usage Guidelines
Up to 16 security levels can be configured using Cisco IOS software. If such levels are configured on a system, using this command with the privilege-level option allows you to exit to a lower security level. If a level is not specified, the user will exit to the user EXEC mode, which is the default.
Note
Examples
In the following example, the user enters privileged EXEC mode using the enable command, then exits back to user EXEC mode using the disable command. Note that the prompt for user EXEC mode is >, and the prompt for privileged EXEC mode is #.
Router> enablePassword: <letmein>Router# disableRouter>Related Commands
disconnect-character
To define a character to disconnect a session, use the disconnect-character command in line configuration mode. To remove the disconnect character, use the no form of this command.
disconnect-character ascii-number
no disconnect-character
Syntax Description
Defaults
No disconnect character is defined.
Command Modes
Line configuration
Command History
Usage Guidelines
See the "ASCII Character Set and Hex Values" appendix for a list of ASCII characters.
The Break character is represented by zero; NULL cannot be represented.
To use the session-disconnect character in normal communications, precede it with the escape character.
Examples
The following example defines the disconnect character for virtual terminal line 4 as Escape, which is decimal character 27:
Router(config)# line vty 4Router(config-line)# disconnect-character 27discover (cns)
To define the interface parameters within a Cisco Networking Services (CNS) connect profile for connecting to the CNS configuration engine, use the discover command in CNS connect configuration mode. To disable this functionality, use the no form of this command.
discover {line line-type | controller controller-type | interface [interface-type] | dlci [subinterface subinterface-number]}
no discover {line line-type | controller controller-type | interface [interface-type] | dlci [subinterface subinterface-number]}
Syntax Description
Defaults
No interface parameters within a CNS connect profile are defined.
Command Modes
CNS connect configuration
Command History
Usage Guidelines
First use the cns connect command to enter CNS connect configuration mode and define the parameters of a CNS connect profile for connecting to the
