-
Cisco IOS XR Virtual Firewall Command Reference, Release 3.7
-
Preface
-
Virtual Firewall Commands on Cisco IOS XR Software
-
Class Map Commands
-
Access Control List Commands
-
Policy Map Commands
-
Virtual Firewall Interface Commands
-
Virtualization Commands
-
Authentication and Accounting Commands
-
High Availability Commands
-
TCP/IP Normalization and IP Reassembly Parameters Commands
-
Parameter Map Commands
-
Terminal and Session Commands
-
System and File Management Commands
-
SNMP Commands
-
Logging Commands
-
VASI Commands on Cisco IOS XR Software
-
Index
-
Table Of Contents
System and File Management Commands on the Virtual Firewall
show security internal event-history
system internal snapshot service
System and File Management Commands on the Virtual Firewall
This module describes a variety of commands that are used to view system status and configurations, as well as to manipulate system files and directories.
Note
The commands described in this module are SanOS (Linux) commands used on the VFW application. Before you can access any of these commands, you must attach from the route processor to the VFW application using the service firewall attach location command. For more information, see the "Attaching to the VFW Application" section in Cisco IOS XR Virtual Firewall Configuration Guide.
banner motd
To specify a message to display as the message-of-the-day banner when a user connects to the VFW application command-line interface (CLI), use the banner motd command in configuration mode. To delete or replace a banner or a line in a multiline banner, use the no form of this command.
banner motd text
no banner motd text
Syntax Description
Defaults
No default behavior or values
Command Modes
Configuration
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To replace a banner or a line in a multiline banner, use the no banner motd command before adding the new lines.
To add multiple lines in a message-of-the-day banner, precede each line by the banner motd command. The VFW application appends each line to the end of the existing banner. If the text is empty, the VFW application adds a carriage return (CR) to the banner.
You can include tokens in the form $(token) in the message text. Tokens are replaced with the corresponding configuration variable. For example:
•
•
To use the $(hostname) in single line banner motd input, ensure that you include double quotes (") around the $(hostname) so that the $ is interpreted as a special character for the beginning of a variable in the single line. For example:
switch/Admin(config)# banner motd #Welcome to "$(hostname)"...#Do not use the double quote character (") or the percent sign character (%) as a delimiting character in a single-line message string. Do not use the delimiting-character in the message string.
For multiline input, double quotes (") are not required for the token, because the input mode is different from single-line mode. The VFW application treats the double quote character (") as is when you operate in multiline mode.
Examples
The following example shows how to add a message-of-the-day banner:
firewall/Admin(config)# banner motd #Welcome to the "$(hostname)".firewall/Admin(config)# banner motd Contact me at admin@admin.com for anyfirewall/Admin(config)# banner motd issues.#Related Commands
capture
To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command in EXEC mode. As part of the packet capture process, you specify whether to capture packets from all interfaces or from an individual interface.
capture buffer_name {{all | interface interface_name} access-list name [bufsize buf_size [circular-buffer]] | remove | start | stop}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The packet capture function enables access control lists (ACLs) to control what packets are captured by the VFW application on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the VFW application sees a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.
The capture packet function works on an individual context basis. The VFW application traces only the packets that belong to the context where you execute the capture command. The context ID is passed along with the packet, which can be used to isolate packets that belong to a specific context. To trace the packets for a single, specific context, use the changeto command and enter the capture command for the new context.
The VFW application does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in flash memory, use the copy capture command.
Examples
The following example shows how to start the packet capture function for CAPTURE1:
firewall/Admin# access-list ACL1 line 10 extended permit ip any anyfirewall/Admin# capture CAPTURE1 interface xyz access-list ACL1firewall/Admin# capture CAPTURE1 startThe following example shows how to stop the packet capture function for CAPTURE1:
firewall/Admin# capture CAPTURE1 stopRelated Commands
checkpoint
To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command in EXEC mode.
checkpoint {create | delete | rollback} name
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to create the checkpoint CP102305:
firewall/Admin# checkpoint create CP102305Related Commands
clear buffer stats
To clear the control plane buffer statistics, use the clear buffer stats command in EXEC mode.
clear buffer stats
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The clear buffer stats command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples
The following example shows how to clear the control plane buffer statistics:
firewall/Admin# clear buffer statsRelated Commands
clear capture
To clear an existing capture buffer, use the clear capture command in EXEC mode.
clear capture name
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Use the dir command to view the capture files you copied to the disk0: file system using the copy capture command.
Examples
The following example shows how to clear the capture buffer CAPTURE1:
firewall/Admin# clear capture CAPTURE1Related Commands
clear cores
To clear all the core dumps stored in the core: file system, use the clear cores command in EXEC mode.
clear cores
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The VFW application creates a core dump when it experiences a fatal error. Core dump information is for Cisco Technical Support use only. We recommend contacting Cisco Technical Support for assistance in interpreting the information in the core dump.
To view the list of core files in the core: file system, use the dir core: command.
To save a copy of a core dump to a remote server before clearing it, use the copy capture command.
To delete a specific core dump file from the core: file system, use the delete core: command.
Examples
The following example shows how to clear all core dumps:
firewall/Admin# clear coresRelated Commands
clear debug-logfile
To remove a debug log file, use the clear debug-logfile command in EXEC mode.
clear debug-logfile filename
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The VFW application debug commands are intended for use by trained Cisco Technical Support personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco Technical Support personnel.
Examples
The following example shows how to clear the debug log file DEBUG1:
firewall/Admin# clear debug-logfile DEBUG1Related Commands
clear fifo stats
To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command in EXEC mode.
clear fifo stats
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The clear fifo stats command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to clear the control plane FIFO statistics:
firewall/Admin# clear fifo statsRelated Commands
Displays the packet first in, first out (FIFO) statistics for the Pkt-Fifo module.
clear netio stats
To clear the control plane network I/O statistics, use the clear netio stats command in EXEC mode.
clear netio stats
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The clear netio stats command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to clear the control plane network I/O statistics:
firewall/Admin# clear netio statsRelated Commands
clear processes log
To clear processes log statistics, use the clear processes command in EXEC mode.
clear processes log {all | pid id}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To display the list of process identifiers assigned to each of the processes running on the VFW application, use the show processes command.
Examples
The following example shows how to clear all the processes log statistics:
firewall/Admin# clear processes allRelated Commands
Displays the general information about all the processes running on the VFW application.
clear screen
To clear the display screen, use the clear screen command in EXEC mode.
clear screen
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to clear the display screen:
firewall/Admin# clear screenRelated Commands
This command has no related commands.
clear startup-config
To clear the startup configuration of the current context, use the clear startup config command in EXEC mode.
clear startup-config
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Clearing the startup configuration does not affect the context running-configuration.
To clear the startup configuration, you can also use the write erase command.
Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. When you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration:
•
•
Examples
The following example shows how to clear the startup configuration:
firewall/Admin# clear startup-configRelated Commands
clear vnet stats
To control plane virtual network (VNET) device statistics, use the clear vnet stats command in EXEC mode.
clear vnet stats
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The clear vnet stats command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to clear the VNET statistics:
firewall/Admin# clear vnet statsRelated Commands
clear xlate
To clear global address to local address mapping information based on global address, global port, local address, local port, interface address as global address, and Network Address Translation (NAT) type, use the clear xlate command in EXEC mode.
clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface] [state static] [portmap]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
When you enter the clear xlate command, the VFW application releases sessions that are using the translations (XLATEs).
If you configured redundancy, then you need to explicitly clear XLATEs on both the active and the standby VFW applications. Clearing XLATEs on the active module alone leaves the standby module's XLATEs at the old mappings.
Examples
The following example shows how to clear all static translations:
firewall/Admin# clear xlate state staticRelated Commands
configure
To access configuration mode and configure the VFW, use the configure command in EXEC mode.
configure [terminal]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires one or more features assigned to your user role that allow configuration, such as AAA, interface, or fault-tolerant. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To return to the EXEC mode from the configuration mode, use the exit command.
To execute a command in EXEC mode from any of the configuration modes, use the do version of the command.
Examples
The following example shows how to access configuration mode:
firewall/Admin# configurefirewall/Admin(config)#Related Commands
copy capture
To copy an existing context packet capture buffer as the source file in the VFW application compact flash to another file system, use the copy capture command in EXEC mode.
copy capture capture_name disk0: [path/]destination_name
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the VFW application and free up memory.
Examples
The following example shows how to copy the packet capture buffer to a file in disk0: called MYCAPTURE1:
firewall/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1Related Commands
Clears an existing capture buffer.
Displays the packet information that the VFW application traces as part of the packet capture function.
copy core
To copy and save a core file to a remote server, use the copy core: command in EXEC mode.
copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.
When you select a destination file system using ftp:, sftp:, or tftp:, the VFW application:
•
•
•
Examples
The following example shows how to copy a core file from the VFW application to a remote FTP server:
firewall/Admin# copy core:ixp0_crash.txt ftp://192.168.1.2Enter the destination filename[]? [ixp0_crash.txt]Enter username[]? user1Enter the file transfer mode[bin/ascii]: [bin]Password:Passive mode on.Hash mark printing on (1024 bytes/hash mark).
Note
Related Commands
copy disk0
To copy a file from one directory in the disk0: file system of flash memory to another directory in disk0: or a network server, use the copy disk0: command in EXEC mode.
copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the VFW application:
•
•
•
Examples
The following example shows how to copy the file called SAMPLEFILE to the MYSTORAGE directory in flash memory:
firewall/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILERelated Commands
copy ftp
To copy a file, software image, running-configuration file, or startup-configuration file from a remote FTP server to a location on the VFW application, use the copy ftp: command in EXEC mode.
copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to copy a startup-configuration file from a remote FTP server to the VFW application:
firewall/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
Displays the running-configuration information associated with the current context.
Displays the startup-configuration information associated with the current context.
copy image
To copy a VFW application software system image from flash memory to a remote server using FTP, SFTP, or TFTP, use the copy image: command in EXEC mode.
copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the VFW application:
•
•
•
Examples
The following example shows how to save a software system image to a remote FTP server:
firewall/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2Related Commands
copy running-config
To copy the contents of the running-configuration file in RAM (volatile memory) to the startup-configuration file in flash memory (nonvolatile memory) or a network server, use the copy running-config command in EXEC mode.
copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the VFW application:
•
•
•
To copy the running configuration to the startup configuration, you can also use the write memory command.
Examples
The following example shows how to save the running-configuration file to the startup-configuration file in flash memory on the VFW application:
firewall/Admin# copy running-config startup-configRelated Commands
copy sftp
To copy a file, software image, running-configuration file, or startup-configuration file from a remote SFTP server to a location on the VFW application, use the copy sftp: command in EXEC mode.
copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name]| running-config | startup-config}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to copy a startup-configuration file from a remote SFTP server to the VFW application:
firewall/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
Displays the running-configuration information associated with the current context.
Displays the startup-configuration information associated with the current context.
copy startup-config
To merge the contents of the startup-configuration file into the running-configuration file or copy the startup-configuration file to a network server, use the copy startup-config command in EXEC mode.
copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
When you select a destination file system using ftp:, sftp:, or tftp:, the VFW application:
•
•
•
Examples
The following example shows how to merge the contents of the startup-configuration file into the running-configuration file in flash memory:
firewall/Admin# copy startup-config running-configRelated Commands
Displays the startup-configuration information associated with the current context.
copy tftp
To copy a file, software image, running-configuration file, or startup-configuration file from a remote TFTP server to a location on the VFW application, use the copy tftp: command in EXEC mode.
copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name]| running-config | startup-config}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to copy a startup-configuration file from a remote TFTP server to the VFW application:
firewall/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-configRelated Commands
Displays the running-configuration information associated with the current context.
Displays the startup-configuration information associated with the current context.
debug
To enable the VFW application debugging functions, use the debug command in EXEC mode.
debug {aaa | access-list | all | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr | fifo | fm | ha_dp_mgr | ha_mgr | hardware | hm | ifmgr | ip | ldap | logfile | nat-download | pktcap | radius | routemgr | security | snmp | ssl | syslogd | system | tacacs+ | virtualization}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command is available to roles that allow debugging and available to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The VFW application debug commands are intended for use by trained Cisco Technical Support personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco Technical Support personnel.
Examples
The following example shows how to enable all the debugging functions:
firewall/Admin# debug allRelated Commands
delete
To delete a specified file in a VFW application file system, use the delete command in EXEC mode.
delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
If you do not specify a filename with the specified file system, the VFW application prompts you for a file name.
To display the list of files that reside in a file system, use the dir command.
Examples
The following example shows how to delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system:
firewall/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZRelated Commands
dir
To display the contents of a specified VFW application file system, use the dir command in EXEC mode.
dir {core: | disk0:[path/][filename] | image:[filename] | volatile:[filename]}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To delete a file from a file system, use the delete command.
To delete all core dumps, use the clear cores command.
Examples
The following example shows how to display the contents of the drive0: file system:
firewall/Admin# dir disk0:Related Commands
end
To exit from configuration mode and return to EXEC mode, use the end command in configuration mode.
end
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Configuration
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
You can also press Ctrl-Z or enter the exit command to exit configuration mode.
Examples
The following example shows how to exit from configuration mode and return to EXEC mode:
firewall/Admin(config)# endfirewall/Admin#Related Commands
Exits out of EXEC mode and logs out of the CLI session.
Exits from the current configuration mode and returns to the previous mode.
exit
To exit EXEC mode and log out of the CLI session, use the exit command in EXEC mode.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to log out of an active CLI session:
firewall/Admin# exitRelated Commands
Exits from configuration mode and returns to EXEC mode.
Exits from the current configuration mode and returns to the previous mode.
exit (config)
To exit from the current configuration mode and return to the previous mode, use the exit command in the appropriate configuration mode.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
All configuration modes
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
In configuration mode, the exit command transitions to the EXEC mode.
In all other configuration modes, the exit command transitions to the previous configuration mode.
You can also press Ctrl-Z, enter the end command, or enter the exit command to exit configuration mode.
Examples
The following example shows how to exit from configuration mode and return to EXEC mode:
firewall/Admin(config)# exitfirewall/Admin#The following example shows how to exit from interface configuration mode and return to configuration mode:
firewall/Admin(config-if)# exitfirewall/Admin(config)#Related Commands
Exits from configuration mode and returns to EXEC mode.
Exits out of EXEC mode and logs out of the CLI session.
format disk0:
To erase all data stored on the flash memory and reformat it with the FAT16 version of the file allocation table, use the format disk0: command in EXEC mode. All user-defined configuration information is erased and the VFW application returns to the factory default settings.
format disk0:
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Before you reformat the flash memory, consider saving a copy of the following VFW application operation and configuration attributes to a remote server:
•
•
•
•
•
After you reformat the flash memory, perform the following actions:
•
•
–
–
Examples
The following example shows how to reformat flash memory:
firewall/Admin# format disk0:Related Commands
gunzip
To uncompress (unzip) LZ77 coded files residing in the disk0: file system, use the gunzip command in EXEC mode.
gunzip disk0:[path/]filename.gz
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file zipped by the gzip (GNU zip) compression utility.
To display a list of available zipped files on disk0:, use the dir command.
Examples
The following example shows how to unzip a series of compressed files from the file FILES_NEW in the disk0: file system:
firewall/Admin# gunzip disk0:FILES_NEW.gzRelated Commands
hostname
To specify a hostname for the VFW application, use the hostname command in configuration mode. Use the no form of this command to reset the hostname to the default of switch.
hostname name
no hostname name
Syntax Description
name
New host name for the VFW application. Enter a case-sensitive text string that contains from 1 to 32 alphanumeric characters.
Defaults
No default behavior or values
Command Modes
Configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see Cisco Virtual Firewall Configuration Guide.
The hostname command can be used in the Admin context only.
The hostname is used for the command-line prompts and default configuration filenames. If you establish sessions to multiple devices, the hostname helps you keep track of where you enter commands.
By default, the hostname for the VFW application is firewall.
Examples
The following example shows how to change the hostname of the VFW application from switch to VFW_1:
switch/Admin(config)# hostname VFW_1VFW_1/Admin(config)#Related Commands
This command has no related commands.
mkdir disk0:
To create a new directory in disk0:, use the mkdir disk0: command in EXEC mode.
mkdir disk0:[path/]directory_name
Syntax Description
[path/]directory_name
Name you assign the new directory. Specify the optional path if you want to create a directory within an existing directory.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
If a directory with the same name already exists, the VFW application does not create the new directory and the "Directory already exists" message appears.
Examples
The following example shows how to create a directory in disk0: called TEST_DIRECTORY:
firewall/Admin# mkdir disk0:TEST_DIRECTORYRelated Commands
Displays the contents of a specified VFW application file system.
Removes a directory from the disk0: file system.
move disk0:
To move a file between directories in the disk0: file system, use the move disk0: command in EXEC mode.
move disk0:[source_path/]filename disk0:[destination_path/]filename
Syntax Description
source_path/
Path of the source directory
destination_path/
Path of the destination directory
filename
Name of the file to move in the disk0: file system
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
If a file with the same name already exists in the destination directory, that file is overwritten by the file you move.
Examples
The following example shows how to move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:
firewall/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILERelated Commands
ping
To verify the connectivity of a remote host or server by sending echo messages from the VFW application, use the ping (packet internet groper) command in EXEC mode.
ping target_ip
Syntax Description]
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The ping program sends an echo request packet to an address from the current context on the VFW application, and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and path, and whether the host can be reached or is functioning.
To terminate a ping session before reaches its timeout value, type the Ctrl-C escape sequence.
Examples
The following example shows how to ping the FTP server with an IP address of 196.168.1.2, using the default ping session values:
firewall/Admin# ping 196.168.1.2Related Commands
rmdir disk0:
To remove a directory from the disk0: file system, use the rmdir disk0: command in EXEC mode.
rmdir disk0:directory
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command.
Examples
The following example shows how to remove the directory TEST_DIRECTORY from disk0:
firewall/Admin# rmdir disk0:TEST-DIRECTORYRelated Commands
Deletes a specified file in a VFW application file system.
Displays the contents of a specified VFW application file system.
Creates a new directory in disk0:.
show banner motd
To display the configured banner message of the day, use the show banner motd command in EXEC mode.
show banner motd
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To configure the banner message, use the banner command in configuration mode.
Examples
The following example shows how to display the message of the day:
firewall/Admin# show banner motdRelated Commands
Specifies a message to display as the message-of-the-day banner when a user connects to the VFW application CLI.
show buffer
To display the buffer manager module messages, use the show buffer command in EXEC mode.
show buffer {events-history | stats | usage}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show buffer command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display the control plane buffer event history:
firewall/Admin# show buffer events-history1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa02) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000[102] total blocks=151682 (ctrl=75841, data=75841)Related Commands
show capture
To display the packet information that the VFW application traces as part of the packet capture function, use the show capture command in EXEC mode.
show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
For all types of received packets, the console display is in tcpdump format.
To copy the capture buffer information as a file in flash memory, use the copy capture command.
Examples
The following example shows how to display the captured packet information contained in packet capture buffer CAPTURE1:
switch/Admin# show capture CAPTURE1Related Commands
Copies an existing context packet capture buffer as the source file in the VFW application compact flash to another file system.
show checkpoint
To display information relating to the configured checkpoints, use the show checkpoint command in EXEC mode.
show checkpoint {all | detail name}
Syntax Description
all
Displays a list of all existing checkpoints.
detail name
Displays the running configuration of the specified checkpoint.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the running configuration for the checkpoint MYCHECKPOINT:
firewall/Admin# show checkpoint detail MYCHECKPOINTRelated Commands
show clock
To display the current date and time settings of the system clock, use the show clock command in EXEC mode.
show clock
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To configure the system clock setting, use the clock command in the configuration mode.
Examples
The following example shows how to display the current clock settings:
firewall/Admin# show clockFri Feb 24 20:08:14 UTC 2006Related Commands
This command has no related commands.
show copyright
To display the software copyright information for the VFW application, use the show copyright command in EXEC mode.
show copyright
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the VFW application software copyright information:
firewall/Admin# show copyrightRelated Commands
This command has no related commands.
show debug
To display the debug flags, use the show debug command in EXEC mode.
show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp | fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the debug feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The VFW application debug commands are intended for use by trained Cisco Technical Support personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco Technical Support personnel.
Examples
The following example shows how to display the VSHD debugging flags:
firewall/Admin# show debug vshdRelated Commands
show fifo
To display the packet first in, first out (FIFO) statistics for the Pkt-Fifo module, use the show fifo command in EXEC mode.
show fifo {event-history | registers | stats}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show fifo command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display the control plane packet FIFO registers:
firewall/Admin# show fifo registersRelated Commands
show file
To display the contents of a specified file in a directory in persistent memory (flash memory) or volatile memory (RAM), use the show file command in EXEC mode.
show file {disk0:|volatile:[directory/]filename} [cksum | md5sum]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the contents of file FILE1 stored in the directory MYFILES in disk0:
firewall/Admin# show file disk0:MYFILES/FILE1Related Commands
show ip
To display the IP statistics, use the show ip command in EXEC mode.
show ip {dhcp relay {conf | information policy | statistics} | fib [ixp {1 | 2 {dest-ip ip_address}} | summary | wr dest-ip ip_address] | route [summary | internal {event-history dbg | memory}] | traffic}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The internal and fib keywords are intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display all IP route entries:
firewall/Admin# show ip routeRelated Commands
No related commands.
show netio
To display the control plane network I/O information, use the show netio command in EXEC mode.
show netio {clients | event-history | stats}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show netio command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display control plane network I/O client information:
firewall/Admin# show netio event-history1) Event:E_DEBUG, length:73, at 921762 usecs after Sat Jan 1 00:04:55 2000[105] ed_request_encap: Sending ARP_RESOLUTION for 75.0.0.6, in context 02) Event:E_DEBUG, length:78, at 921752 usecs after Sat Jan 1 00:04:55 2000[105] ed_egress_route_lookup: Route lookup failure -96 for 75.0.0.6, context 0Related Commands
show np
To display the hardware information stored on the three network processors, use the show np command in EXEC mode.
show np np_number {access-list {node interface interface_name {in | out} node_address | resource | root interface interface_name {in | out} | syslog {lineno-table | name-table} | trace interface interface_name {in | out} protocol prot_number source source_ip source_port destination dest_ip dest_port} | cpu | interface {icmlookup [all] | iflookup [all]} | me-stats ucdump_option | memory | nat {bitmap map_id | dest_nat policy_id | implicit-pat | policies | src-nat policy_id interface_id}}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the ACL or interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show np command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display the access-list information from the hardware, using network processor 0:
firewall/Admin# show np 0 access-listThe following example shows how to display Micro Engine statistics for a ucdump utility (-b, which instructs the VFW application to dump fastpath buffer memory):
firewall/Admin# show np me-stats -bFastpath thread buffers=================================ME:1 thread:0 addr:0x0010 particle:0x00000000 len:78 rx_seq=70018 0x8500004e 0x00608034 0x0000001e 0x00101e07 ...N .`.4 .... ....001c 0x0000ffff 0xffffffff 0x00059a3b 0x9a390800 .... .... ...; .9..0020 0x4500002c 0xa4540000 0xff11fd64 0x0c010105 E.., .T.. ...d ....0024 0x0c010101 0xc350c352 0x00185db6 0x000100f0 .... .P.R ..]. ....0028 0x00000008 0x00000000 0x00000064 0x00000000 .... .... ...d ....Related Commands
Displays the general information about all the processes running on the VFW application.
show processes
To display the general information about all the processes running on the VFW application, use the show processes command in EXEC mode. The show processes command displays summary CPU information for the SiByte 1250 Processor.
show processes [cpu | log [details | pid process_id] | memory]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Admin users (users with an Admin role), across all contexts
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show processes command is available only to Admin users (users with an Admin role) across all contexts. The displayed system processes information is at the CPU system level (the total CPU usage) and is not on a per-context level.
Examples
The following example shows how to display processes memory information for the SiByte 1250 Processor:
firewall/Admin# show processes memRelated Commands
show running-config
To display the running-configuration information associated with the current context, use the show running-config command in EXEC mode.
show running-config [aaa | access-list | class-map | context | dhcp | domain | ft | interface | parameter-map | policy-map | resource-class | role]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show running-config command is a context-sensitive command. The VFW application creates a running configuration for each context you create; therefore, to display the running-config of a specific context, you must execute the show running-config command from within the desired context. If you need to change to another context before executing the show running-config command, use the changeto command or log directly in to the desired context.
Use the copy capture command to:
•
•
•
Examples
The following example shows how to display the entire running configuration:
firewall/Admin# show running-configRelated Commands
show security internal event-history
To display the security event history information, use the show security internal event-history command in EXEC mode.
show security internal event-history {errors | msgs}
Syntax Description
errors
Displays the debug error logs of the security manager.
msgs
Displays the message logs of the security manager.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show security internal event-history command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display the error logs of the security manager:
firewall/Admin# show security internal event-history errorsRelated Commands
This command has no related commands.
show startup-config
To display the startup-configuration information associated with the current context, use the show startup-config command in EXEC mode.
show startup-config
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
To clear the startup configuration, use the clear startup-config command.
To copy the running configuration to the startup configuration, or to copy the startup configuration to the running configuration, use the copy running-config command.
Examples
The following example shows how to display the startup-configuration information:
firewall/Admin# show startup-configRelated Commands
show stats
To display the statistical information relating to the operation of the VFW application, use the show stats command in EXEC mode.
show stats [connection | http | inspect]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display all the VFW application statistical information:
firewall/Admin# show statsThe following example shows how to display HTTP protocol inspection statistics:
firewall/Admin# show stats inspect http+------------------------------------------++--------- HTTP Inspect statistics --------++------------------------------------------+Total request/response : 0Total allow decisions : 0Total drop decisions : 0Total logging decisions : 0Table 3 describes the fields in the show stats inspect http command output.
Related Commands
show system
To display the VFW application system information, use the show system command in EXEC mode.
show system {cpuhog | error-id {hex_id | list} | internal | kmemtrack | resources | skbtrack | uptime}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display system resource information:
firewall/Admin# show system resourcesRelated Commands
This command has no related commands.
show tech-support
To display information that is useful to technical support when reporting a problem with your VFW application, use the show tech-support command in EXEC command.
show tech-support [details]
Syntax Description
details
(Optional) Provides detailed information for each of the show commands described below in the "Usage Guidelines" section.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show tech-support command is useful when collecting a large amount of information about your VFW application for troubleshooting purposes with Cisco Technical Support. The output of this command can be provided to technical support representatives when reporting a problem.
The show tech-support command displays the output of several show commands at once. The output from this command varies, depending on your configuration. The default output of the show tech-support command includes the output of the following commands:
•
•
•
Explicitly set the terminal length command to 0 (zero) to disable auto-scrolling and enable manual scrolling.
Use the tac-pac command in EXEC mode to redirect the output of the show tech-support command to a file that you can then send to the disk0: file system on the VFW application or to a remote server using File Transfer Protocol (FTP), Secure Copy Protocol (SCP), Secure Transfer Protocol (SFTP), or Trivial Transfer Protocol (TFTP).
Examples
The following example shows how to display the summary version of the technical support report:
firewall/Admin# show tech-support`show clock`Thu Mar 6 11:59:22 PST 2008`show system uptime`System start time: Fri Feb 22 02:06:57 2008System uptime: 13 days, 9 hours, 52 minutes, 25 secondsKernel uptime: 13 days, 9 hours, 51 minutes, 13 seconds`show running-config`Generating configuration....version 3.7.0.13Iaccess-list a1 line 8 extended permit tcp host 2.2.2.2 eq www host 3.3.3.3 eq wwwinterface i1interface management m1domain d2domain d3username ciscoSupport password 5 $1$ADSJELHX$5ueYedT9N.yZdE2gr/Mc71 role Admin domain default-domainusername admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain default-domainusername www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin domain default-domainusername user1 password 5 $1$3cAJlyK1$IwgNI6mibD1tiVRwsbI7X0 role Network-Monitor domain default-domain`show interface`i1 is administratively downFT status is non-redundantDescription:not setLast cleared: neverActive IP address not set0 unicast packets input, 0 bytes0 broadcast0 input errors, 0 unknown, 0 ignored0 unicast packets output, 0 bytes0 broadcast0 output errors, 0 ignoredm1 is administratively downFT status is non-redundantDescription:not setLast cleared: neverActive IP address not setActive IP address not setPeer IP address not set0 unicast packets input, 0 bytes0 broadcast0 input errors, 0 unknown, 0 ignored0 unicast packets output, 0 bytes0 broadcast0 output errors, 0 ignored`dir core:`Usage for core: filesystem1068032 bytes total used202029056 bytes free203097088 total bytes..Related Commands
show vnet
To display the virtual network (VNET) device information, use the show vnet command in EXEC mode.
show vnet {event-history | stats}
Syntax Description
event-history
Displays a historic log of the most recent debug VNET messages.
stats
Displays detailed counters for various VNET event occurrences.
Defaults
No default behavior or values
Command Modes
EXEC
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The show vnet command can be used in the Admin context only.
The show vnet command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to display control plane VNET device statistics:
firewall/Admin# show vnet statsRelated Commands
sleep
To wait the specified number of seconds before accepting any additional commands, use the sleep command in EXEC mode.
sleep seconds
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Usage Guidelines
This command has no user-role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The sleep command can be used in scripts to configure the script to wait a certain amount of time before continuing with the script.
Examples
The following example shows how to configure a script to wait 5 minutes before continuing:
firewall/Admin# sleep 300system internal snapshot service
To generate a debug snapshot of a service, use the system internal snapshot service command in EXEC mode.
system internal snapshot service {name}
Syntax Description
name
Name of a system service for which you want to take a snapshot. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
Defaults
No default behavior or values
Command Modes
EXEC
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin role in the Admin context. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The system internal snapshot service command can be used in the Admin context only.
This command is intended for use by trained Cisco Technical Support personnel for troubleshooting purposes only.
Examples
The following example shows how to take a snapshot of a service:
firewall/Admin# system internal snapshot serviceRelated Commands
This command has no related commands.
tac-pac
To save Cisco Technical Support information to a local or remote location, use the tac-pac command in EXEC mode.
tac-pac [ftp://server/path[/filename] | scp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | disk0:[path/]filename]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The Cisco Technical Support information that the VFW application saves when using the tac-pac command is the same information that you can display using the show tech-support command.
If you do not specify a directory on a file system, the default is the root directory.
Examples
The following example shows how to save Cisco Technical Support information to SFTP server 196.168.1.2:
firewall/Admin# tac-pac sftp:196.168.1.2/TACFILES/Related Commands
Displays information that is useful to technical support when reporting a problem with your VFW application.
timeout xlate
To configure an idle timeout for Network Address Translation (NAT), use the timeout xlate command in configuration mode. To reset the idle timeout to the default of 10800 seconds (3 hours), use the no form of this command.
timeout xlate seconds
no timeout xlate
Syntax Description
seconds
The time in seconds that the VFW application waits to free up the XLATE slot after it becomes idle. Enter an integer from 60 to 2147483.
Defaults
The default idle timeout is 10800 seconds (3 hours).
Command Modes
Configuration
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to specify an idle timeout of 120 seconds (2 minutes):
firewall/Admin(config)# timeout xlate 120Related Commands
traceroute
To trace the route an IP packet takes to a network host from the VFW application, use the traceroute command in EXEC mode.
traceroute [ip_address [size packet]]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The traceroute command traces the route an IP packet follows to an Internet host by launching User Datagram Protocol (UDP) probe packets with a small time to live (TTL), then listening for an Internet Control Message Protocol (ICMP) "time exceeded" reply from a gateway.
Examples
The following example shows how to display the route a packet takes from the VFW application to a network host with the IP address 196.126.1.2:
firewall/Admin# traceroute 196.126.1.2Related Commands
Verifies the connectivity of a remote host or server by sending echo messages from the VFW application.
undebug all
To disable all debugging, use the undebug all command in EXEC mode.
undebug all
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command is available to all user roles that allow debugging and is not available to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The VFW application debug commands are intended for use by trained Cisco Technical Support personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco Technical Support personnel.
Examples
The following example shows how to disable all debugging:
firewall/Admin# undebug allRelated Commands
untar disk0:
To untar a single file with a .tar extension in the disk0: file system, use the untar disk0: command in EXEC mode.
untar disk0:[path/]filename
Syntax Description
[path/]filename
Name of the .tar file on the disk0: file system. The filename must end with a .tar extension.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to untar the mytarfile.tar file on disk0:
firewall/Admin# untar disk0:mytarfile.tarRelated Commands
write
To manage persistent and nonpersistent configuration information, use the write command in EXEC mode.
write {erase | memory [all] | terminal}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
The different versions of this command require the following user role or feature in your user role:
•
•
•
For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
If you intend to use the write memory command to save the contents of the running-configuration file for the current context to the startup-configuration file, be sure to also specify this command in the Admin context. This step is important to save changes to the Admin context startup-configuration file; the Admin context startup-configuration file contains all configurations used to create each user context.
To write the running configuration to the startup configuration, you can also use the copy running-config startup-config command. To erase the startup configuration, you can also use the clear startup-config command. To display the running configuration, you can also use the show running-config command.
Examples
The following example shows how to write the running configuration to the startup configuration:
firewall/Admin# write memoryRelated Commands
Clears the startup configuration of the current context.
Displays the running-configuration information associated with the current context.
xml-show
To enable the display of raw XML request show command output in XML format, use the xml-show command in EXEC mode.
xml show {off | on | status}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
By default, XML responses automatically appear in XML format if the corresponding CLI show command output supports the XML format. However, if you are running commands on the CLI console or you are running raw XML responses from NMS, the XML responses appear in regular CLI display format.
You can enable the display of raw XML request show command output in XML format by performing one of the following actions:
•
•
Specification of the xml-show on command is not required if you are running true XML.
For details on the show command output supported in XML format, consult the VFW application DTD file, cisco_ace.dtd, that is included as part of the software image. The VFW application DTD File contains the information on the XML attributes for those show commands that support XML format.
The off and on keywords affect only the current CLI session in use; they are session-based functions.
Examples
The following example shows how to enable the display of raw XML request show command output in XML format from the CLI:
firewall/Admin# xml-show onRelated Commands
This command has no related commands.
