|
|
This chapter describes the commands used to manage the communication server system and its performance on the network.
For system management configuration tasks and examples, refer to the chapter entitled "Managing the System" in the Access and Communication Servers Configuration Guide.
Use the buffers global configuration command to make adjustments to initial buffer pool settings and to the limits at which temporary buffers are created and destroyed. Use the no buffers command to return the buffers to their default size.
buffers {small | middle | big | large | huge} {permanent | max-free | min-free | initial} number| small | Small buffer size. |
| middle | Medium buffer size. |
| big | Big buffer size. |
| large | Large buffer size. |
| huge | Huge buffer size. |
| permanent | Number of permanent buffers that the system tries to allocate. Permanent buffers are normally not deallocated by the system. |
| max-free | Maximum number of free or unallocated buffers in a buffer pool. |
| min-free | Minimum number of free or unallocated buffers in a buffer pool. |
| initial | Number of additional temporary buffers that should be allocated when the system is reloaded. This can be used to ensure that the system has necessary buffers immediately after reloading in a high-traffic environment. |
| number | Number of buffers to be allocated. |
The default number of the buffers in a pool is determined by the hardware configuration and can be displayed with the EXEC show buffers command.
Global configuration
It is normally not necessary to adjust these parameters; do so only after consulting with technical support personnel. Improper settings could adversely impact system performance.
When building the receive rings for the serial and Ethernet interfaces on a communication server, if a buffer request fails (that is, there is not enough of that buffer size left in the pool), the interface is marked as down and the initialization is abandoned at that point.
You can attempt to tune the buffer pool allocation to deal with this problem. The buffer pool to tune depends on the type of encapsulation used by the interfaces. Correspondingly, the ring size changes with the size of the buffer required. Table 5-1 lists the mapping between buffer and ring size on the communication server.
| Maximum Transmission Unit (MTU) | Receive Ring Size |
|---|---|
| MTU < 1524 | 32 |
| 1524 < MTU < 5024 | 8 |
| 5024 < MTU < 18024 | 4 |
In the following example, the system will try to keep at least 50 small buffers free:
buffers small min-free 50
buffers huge size
show buffers
Use the buffers huge size global configuration command to dynamically resize all huge buffers to the value you specify. Use the no buffers huge size command to restore the default buffer values.
buffers huge size number| number | Number of buffers to be allocated |
18024 buffers
Global configuration
Use this command only after consulting with technical support personnel. The buffer size cannot be lowered below the default.
In the following example, the system will resize huge buffers to 20000 bytes:
buffers huge size 20000
buffers
show buffers
To manually set the system clock, use the clock set EXEC command.
clock set hh:mm:ss day month year| hh:mm:ss | Current time in hours (military format), minutes, and seconds |
| day | Current day (by date) in the month |
| month | Current month (by name) |
| year | Current year (no abbreviation) |
EXEC
Generally, if the system is synchronized by a valid outside timing mechanism, such as an NTP clock source, you need not set the system clock. Use this command if no other time sources are available. The time specified in this command is relative to the configured time zone.
In the following example, the system clock is manually set to 1:32 p.m. on July 23, 1993:
clock set 13:32:00 23 July 1993
calendar set
clock read-calendar
clock summer-time
clock timezone
To configure the system to switch to summer time (daylight savings time) automatically, use one of the formats of the clock summer-time global configuration command. Use the no form of this command to configure the communication server not to automatically switch to summer time.
clock summer-time zone recurring [week day month hh:mm week day month hh:mm [offset]]| zone | Name of the time zone (PDT, ...) to be displayed when summer time is in effect |
| week | Week of the month (1 to 5 or last) |
| day | Day of the week (Sunday, Monday ...) |
| date | Date of the month (1 to 31) |
| month | Month (January, February, ...) |
| year | Year (1993 to 2035) |
| hh:mm | Time (military format) in hours and minutes |
| offset | (Optional) Number of minutes to add during summer time (default is 60) |
Summer time is disabled. If clock summer-time zone recurring is specified without parameters, the summer time rules default to United States rules. Default of offset is 60.
Global configuration
Use this command if you want to automatically switch to summer time (for display purposes only). Use the recurring form of the command if the local summer time rules are of this form. Use the date form to specify a start and end date for summer time if you cannot use the first form.
In both forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the Southern Hemisphere.
In the following example, summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00:
clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00
If you live in a place where summer time does not follow the pattern in the first example, you could set it to start on October 12, 1993 at 02:00, and end on April 28, 1994 at 02:00, with the following example:
clock summer-time date 12 October 1993 2:00 28 April 1994 2:00
calendar set
clock timezone
To set the time zone for display purposes, use the clock timezone global configuration command. To set the time to Coordinated Universal Time (UTC), use the no clock timezone command.
clock timezone zone hours [minutes]| zone | Name of the time zone to be displayed when standard time is in effect |
| hours | Hours offset from UTC |
| minutes | (Optional) Minutes offset from UTC |
UTC
Global configuration
The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.
In the following example, the time zone is set to Pacific Standard Time and is offset 8 hours behind UTC:
clock timezone PST -8
calendar set
clock set
clock summer-time
show clock
To assign a custom queue list to an interface, use the custom-queue-list interface configuration command. To remove a specific list or all list assignments, use the no form of this command.
custom-queue-list list| list | Number of the custom queue list you want to assign to the interface. An integer from 1 to 10. |
No custom queue list is assigned.
Interface configuration
You can assign only one queue list per interface. Use this command in place of the priority-list command (not in addition to it). Custom queuing allows a fairness that is not provided with priority queuing. With custom queuing, you can control the interfaces' available bandwidth when it is unable to accommodate the aggregate traffic enqueued. Associated with each output queue is a configurable byte count, which specifies how many bytes of data should be delivered from the current queue by the system before the system moves on to the next queue. When a particular queue is being processed, packets are sent until the number of bytes sent exceeds the queue byte count or until the queue is empty.
In the following example, custom queue list number 3 is assigned to serial interface 0:
interface serial 0 custom-queue-list 3
queue-list default
queue-list interface
queue-list protocol
queue-list queue byte-count
queue-list queue limit
queue-list stun
To have the access server try to generate a configuration that is compatible with an earlier Cisco IOS release, use the downward-compatible-config global configuration command. To remove this feature, use the no form of this command.
downward-compatible-config version| version | Cisco IOS Release number, not earlier than 10.2. |
Disabled
Global configuration
In Cisco IOS Release 10.3, IP access lists changed format. Use this command to regenerate a configuration in a format prior to Release 10.3 if you are going to downgrade from a Release 10.3 or later to an earlier release. The earliest release this command accepts is 10.2.
When this command is configured, the router attempts to generate a configuration that is compatible with the specified version. Currently, this command affects only IP access lists.
Under some circumstances, the software might not be able to generate a fully backward-compatible configuration. In such a case, the software issues a warning message whenever it tries to write a configuration that is not downward compatible.
The following example, the router will attempt to generate a configuration file compatible with Cisco IOS Release 10.2:
downward-compatible-config 10.2
A dagger (+) indicates that the command is documented in another chapter.
access-list (extended)+
access-list (standard)+
To specify what happens if the TACACS servers used by the enable command do not respond, use the enable last-resort global configuration command. The no form of this command restores the default.
enable last-resort {password | succeed}| password | Allows users to enable by entering the privileged command level password. |
| succeed | Allows users to enable without further question. |
Default action is to fail.
Global configuration
In the following example, if the TACACS servers do not respond to the enable command, the user can enable by entering the privileged level password:
enable last-resort password
A dagger (+) indicates that the command is documented in another chapter.
enable +
To assign a password for the privileged command level, use the enable password global configuration command.
enable password password| password | Case-sensitive character string that specifies the line password prompted for in response to the EXEC command enable. The first character cannot be a number. The string can contain any alphanumeric characters, including spaces, up to 80 characters. You cannot specify the password in the format number-space-anything. The space after the number causes problems. |
No password is assigned.
Global configuration
When you use the enable command at the console terminal, the EXEC will not prompt you for a password if the privileged mode password is not set. Additionally, if the enable password is not set and the line 0 (console) password is not set, then it is only possible to enter privileged mode on the console terminal. This feature allows you to use physical security rather than passwords to protect privileged mode if you choose.
If the enable password is not set and the line 0 (console) password is set, it is possible to enter privileged command mode in two ways: either without having to enter a password at the console terminal, or if you are using any other line, by entering the console line password when prompted.
The commands enable password and enable-password are synonymous.
The following example sets the password secretword for the privileged command level on all lines, including the console:
enable password secretword
A dagger (+) indicates that the command is documented in another chapter.
login +
login tacacs +
password +
To specify an additional layer of security over the enable password command, use the enable secret command. Use the no form of the command to turn off the enable secret function.
enable secret password| password | The enable secret password. This password should be different from the password created with the enable password command for additional security. |
Disabled
Global configuration
Use the enable secret command in conjunction with the enable password command to provide an additional layer of security over the enable password. This process provides better security in two ways: first, by enforcing the use of an additional password; second, by storing this second password using a non-reversible cryptographic function. This encryption method is especially useful in environments where the password crosses a network or is stored on a TFTP server.
If you use the same password for enable password and enable secret, you will receive an error message warning you that this practice is not recommended. The system will prompt you again for a password. You can reenter the password you use for enable password, and the system will accept it the second time. But if you do, you undermine the additional security that the enable secret command provides.
The following example specifies an enable secret password of gobbledeegook:
enable secret gobbledeegook
After specifying an enable secret password, users must enter this password to gain access. Any passwords set through enable password will no longer work.
Password: gobbledeegook
To enable use of TACACS to determine whether a user can access the privileged command level, use the enable use-tacacs global configuration command. Use the no enable use-tacacs command to disable TACACS verification.
enable use-tacacsThis command has no arguments or keywords.
Disabled
Global configuration
When you add this command to the configuration file, the EXEC enable command prompts for a new username and password pair. This pair is then passed to the TACACS server for authentication. If you are using extended TACACS, it also will pass any already-existing UNIX user identification code to the server.
 | Caution If you use the enable use-tacacs command, you must also use the tacacs-server authenticate enable command, or else you will be locked out of the communication server. |
The following example sets TACACS verification on the privileged EXEC-level login sequence:
enable use-tacacs tacacs-server authenticate enable
tacacs-server authenticate enable
To specify or modify the host name for the network server, use the hostname global configuration command.
hostname name| name | New host name for the network server; the name is case sensitive. |
The factory-assigned default host name is cs.
Global configuration
The order of display at startup is the message-of-the-day (MOTD) banner, then login and password prompts, then the EXEC banner.
The host name is used in prompts and default configuration filenames. The setup command facility also prompts for a host name at startup.
The following example changes the host name to sandbox:
hostname sandbox
To log messages to a syslog server host, use the logging global configuration command. The no logging command deletes the syslog server with the specified address from the list of syslogs.
logging host| host | Name or IP address of the host to be used as a syslog server |
No messages are logged to a syslog server host.
Global configuration
This command identifies a syslog server host to receive logging messages. By issuing this command more than once, you build a list of syslog servers that receive logging messages.
The following example logs messages to a host named johnson:
logging johnson
logging trap
service timestamps
To log messages to an internal buffer, use the logging buffered global configuration command. The no logging buffered command cancels the use of the buffer and writes messages to the console terminal, which is the default.
logging bufferedThis command has no arguments or keywords.
The communication server displays all messages to the console terminal.
Global configuration
This command copies logging messages to an internal buffer instead of writing them to the console terminal. The buffer is circular in nature, so newer messages overwrite older messages.
To display the messages that are logged in the buffer, use the EXEC command show logging. The first message displayed is the oldest message in the buffer.
The following example illustrates how to enable logging to an internal buffer:
logging buffered
To limit messages logged to the console based on severity, use the logging console global configuration command. To disable logging to the console terminal, use the no form of the command.
logging console level| level | Limits the logging of messages displayed on the console terminal to the specified level and levels below it. See Table 5-2 for a list of the level keywords. |
The debugging level
Global configuration
Specifying one of the level names shown in Table 5-2 causes messages at that level and numerically lower levels to be displayed at the console terminal.
The EXEC command show logging displays the addresses and levels associated with the current logging setup, as well as any other logging statistics.
| Level Name | Level | Description | Syslog Definition |
|---|---|---|---|
| emergencies | 0 | System unusable | LOG_EMERG |
| alerts | 1 | Immediate action needed | LOG_ALERT |
| critical | 2 | Critical conditions | LOG_CRIT |
| errors | 3 | Error conditions | LOG_ERR |
| warnings | 4 | Warning conditions | LOG_WARNING |
| notifications | 5 | Normal but significant condition | LOG_NOTICE |
| informational | 6 | Informational messages only | LOG_INFO |
| debugging | 7 | Debugging messages | LOG_DEBUG |
The following example changes the level of messages displayed to the console terminal to alerts, which means alerts and emergencies are displayed:
logging console alerts
logging facility
To configure the syslog facility in which error messages are sent, use the logging facility global configuration command. To revert to the default of local7, use the no form of this command.
logging facility facility-type| facility-type | Logging facility type. See Table 5-3 for the facility-type keywords. |
local7
Global configuration
| Keyword | Description |
|---|---|
| auth | Authorization system |
| cron | Cron facility |
| daemon | System daemon |
| kern | Kernel |
| local0-7 | Reserved for locally defined messages |
| lpr | Line printer system |
| Mail system | |
| news | USENET news |
| sys9 | System use |
| sys10 | System use |
| sys11 | System use |
| sys12 | System use |
| sys13 | System use |
| sys14 | System use |
| syslog | System log |
| user | User process |
| uucp | UNIX-to-UNIX copy system |
The following example configures the syslog facility to Kernel:
logging facility kern
logging console
To limit messages logged to the terminal lines (monitors) based on severity, use the logging monitor global configuration command. Use the no form of this command to disable logging to terminal lines other than the console line.
logging monitor level| level | One of the level keywords listed in Table 5-2 |
debugging
Global configuration
Specifying a level causes messages at that level and numerically lower levels to be displayed to the monitor.
This command limits the logging messages displayed on terminal lines other than the console line to messages with a level at or above the specified level.
The following example specifies that only messages of the levels errors, critical, alerts, and emergencies be displayed on terminals:
logging monitor errors
A dagger (+) indicates that the command is documented in another chapter.
terminal monitor +
To control logging of error messages, use the logging on global configuration command. This command enables or disables message logging to all destinations except the console terminal. The no logging on command enables logging to the console terminal only.
logging onThis command has no arguments or keywords.
The communication server logs messages to the console terminal.
Global configuration
The following example shows how to direct error messages to the console terminal only:
no logging on
| level | |
| severity-level-number | (Optional) Message severity level. Messages with a severity level equal to or higher than this value are printed asynchronously. When specifying a severity level number, consider that for the logging system, low numbers indicate greater severity and high numbers indicate lesser severity. The default value is 2. |
| all | (Optional) Specifies that all messages are printed asynchronously, regardless of the severity level. |
| limit | |
| number-of-buffers | (Optional) Number of buffers to be queued for the terminal after which new messages are dropped. The default value is 20. |
This feature is turned off by default.
If you do not specify a severity level, the default value of 2 is assumed.
If you do not specify the maximum number of buffers to be queued, the default value of 20 is assumed.
Line configuration
When synchronous logging of unsolicited messages and debug output is turned on, unsolicited router output is displayed on the console or printed after solicited router output is displayed or printed. Unsolicited messages and debug output is displayed on the console after the prompt for user input is returned. This is to keep unsolicited messages and debug output from being interspersed with solicited router output and prompts. After the unsolicited messages are displayed, the console displays the user prompt again.
When specifying a severity level number, consider that for the logging system, low numbers indicate greater severity and high numbers indicate lesser severity.
When a terminal line's message-queue limit is reached, new messages are dropped from the line, although these messages might be displayed on other lines. If messages are dropped, the notice "%SYS-3-MSGLOST number-of-messages due to overflow" follows any messages that are displayed. This notice is displayed only on the terminal that lost the messages. It is not sent to any other lines, any logging servers, or the logging buffer.
| Caution By configuring abnormally large message-queue limits and setting the terminal to "terminal monitor" on a terminal that is accessible to intruders, you expose yourself to "denial of service" attacks. An intruder could carry out the attack by putting the terminal in synchronous output mode, making a Telnet connection to a remote host, and leaving the connection idle. This could cause large numbers of messages to be generated and queued, and these messages would consume all available RAM. Although unlikely to occur, you should guard against this type of attack through proper configuration. |
The following example identifies a line and configures synchronous logging for that line, then it does this for another line:
line 0 4 logging synchronous level 6 line 2 logging synchronous level 7 limit 70000
A dagger (+) indicates that the command is documented in another chapter.
line +
To limit messages logged to the syslog servers based on severity, use the logging trap global configuration command. Use the no form of this command to disable logging to syslog servers.
logging trap level| level | One of the level keywords listed in Table 5-2 |
informational
Global configuration
The EXEC command show logging displays the addresses and levels associated with the current logging setup. The command output also includes ancillary statistics. This command limits the logging of error messages sent to syslog servers to only those messages at the specified level.
Table 5-2 lists the syslog definitions that correspond to the debugging message levels. Additionally, there are four categories of messages generated by the software, as follows:
Use the logging and logging trap commands to send messages to a UNIX syslog server.
The following example logs messages to a host named johnson and limits messages logged to the syslog server.
logging johnson logging trap notifications
logging
To control access to the system's Network Time Protocol (NTP) services, use the ntp access-group global configuration command. To remove access control to the system's NTP services, use the no form of this command.
ntp access-group {query-only | serve-only | serve | peer} access-list-number| query-only | Allows only NTP control queries. See RFC 1305 (NTP version 3). |
| serve-only | Allows only time requests. |
| serve | Allows time requests and NTP control queries, but does not allow the system to synchronize to the remote system. |
| peer | Allows time requests and NTP control queries and allows the system to synchronize to the remote system. |
| access-list-number | Number (1 to 99) of a standard IP access list. |
No access control (full access granted to all systems)
Global configuration
The access group options are scanned in the following order from least restrictive to most restrictive:
Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. If tighter security is desired, use the NTP authentication facility.
In the following example, the system is configured to allow itself to be synchronized by a peer from access list 99. However, the system restricts access to allow only time requests from access list 42.
ntp access-group peer 99 ntp access-group serve-only 42
A dagger (+) indicates that the command is documented in another chapter.
access-list +
To enable Network Time Protocol (NTP) authentication, use the ntp authenticate global configuration command. Use the no form of this command to disable the feature.
ntp authenticateThis command has no keywords or arguments.
No authentication
Global configuration
Use this command if you want authentication. If this command is specified, the system will not synchronize to a system unless it carries one of the authentication keys specified in the ntp trusted-key command.
The following example enables NTP authentication:
ntp authenticate
ntp authentication-key
ntp trusted-key
To define an authentication key for Network Time Protocol (NTP), use the ntp authentication-key global configuration command. Use the no form of this command to remove the authentication key for NTP.
ntp authentication-key number md5 value| number | Key number (1 to 4294967295) |
| md5 | Key type |
| value | Key value (an arbitrary string of up to eight characters) |
No authentication key is defined for NTP.
Global configuration
Use this command to define authentication keys for use with other NTP commands in order to provide a higher degree of security. Currently, only the key type md5 is supported.
The following example sets authentication key 10 to aNiceKey:
ntp authentication-key 10 md5 aNiceKey
ntp authenticate
ntp peer
ntp server
ntp trusted-key
To specify that a specific interface should send Network Time Protocol (NTP) broadcast packets, use the ntp broadcast interface configuration command. Use the no form of this command to disable this capability.
ntp broadcast [version number]| version number | (Optional) Number from 1 to 3 indicating the NTP version |
Disabled
Interface configuration
In the following example, Ethernet interface 0 is configured to send NTP version 2 packets:
interface ethernet 0 ntp broadcast version 2
ntp broadcast client
ntp broadcastdelay
To allow the system to receive NTP broadcast packets on an interface, use the ntp broadcast client interface configuration command. Use the no form of this command to disable this capability.
ntp broadcast clientThis command has no arguments or keywords.
Disabled
Interface configuration
Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.
In the following example, the communication server synchronizes to NTP packets broadcasted on Ethernet interface 1:
interface ethernet 1ntp broadcast client
ntp broadcast
ntp broadcastdelay
To set the estimated round-trip delay between the communication server and a Network Time Protocol (NTP) broadcast server, use the ntp broadcastdelay global configuration command. Use the no form of this command to revert to the default value.
ntp broadcastdelay microseconds| microseconds | Estimated round-trip time (in microseconds) for NTP broadcasts. The range is from 1 to 999999. |
3000 microseconds
Global configuration
Use this command when the communication server is configured as a broadcast client and the round-trip delay on the network is other than 3000 microseconds.
In the following example, the estimated round-trip delay between the communication server and the broadcast client is set to 5000 microseconds:
ntp broadcastdelay 5000
ntp broadcast
ntp broadcast client
As NTP compensates for the error in the system clock, it keeps track of the correction factor for this error. The system automatically saves this value into the system configuration using the ntp clock-period global configuration command. The system uses the no form of this command to revert to the default.
ntp clock-period value| value | Amount to add to the system clock for each clock hardware tick (in units of 2-32 seconds). |
17179869 (4 milliseconds)
Global configuration
If a write memory command is entered to save the configuration to nonvolatile memory, this command will automatically be added to the configuration. It is a good idea to use the write memory command after NTP has been running for a week or so; this will help NTP synchronize more quickly if the system is restarted.
Do not enter this command; it is documented for informational purposes only. The system automatically generates this command as Network Time Protocol (NTP) determines the clock error and compensates.
To prevent an interface from receiving Network Time Protocol (NTP) packets, use the ntp disable interface configuration command. To enable receipt of NTP packets on an interface, use the no form of this command.
ntp disableThis command has no arguments or keywords.
Enabled
Interface configuration
This command provides a simple method of access control.
In the following example, Ethernet interface 0 is prevented from receiving NTP packets:
interface ethernet 0 ntp disable
To configure the communication server as a Network Time Protocol (NTP) master clock to which peers synchronize themselves when an external NTP source is not available, use the ntp master global configuration command. To disable the master clock function, use the no ntp master command.
ntp master [stratum]| stratum | (Optional) Number from 1 to 15. Indicates the NTP stratum number that the system will claim. |
By default, the master clock function is disabled. When enabled, the default stratum is 8.
Global configuration
Because our implementation of NTP does not support directly attached radio or atomic clocks, the communication server is normally synchronized, directly or indirectly, to an external system that has such a clock. In a network without Internet connectivity, such a time source may not be available. The ntp master command is used in such cases.
If the communication server has ntp master configured, and it cannot reach any clock with a lower stratum number, the communication server will claim to be synchronized at the configured stratum number, and other communication servers will be willing to synchronize to it via NTP.
| Caution Use this command with extreme caution. It is very easy to override valid time sources using this command, especially if a low stratum number is configured. Configuring multiple machines in the same network with the ntp master command can cause instability in timekeeping if the machines do not agree on the time. |
In the following example, the communication server is configured as an NTP master clock to which peers can synchronize:
ntp master 10
clock calendar-valid
To configure the communication server's system clock to synchronize a peer or to be synchronized by a peer, use the ntp peer global configuration command. To disable this capability, use the no form of this command.
ntp peer ip-address [version number] [key keyid] [source interface] [prefer]| ip-address | IP address of the peer providing, or being provided, the clock synchronization. |
| version | (Optional) Defines the Network Time Protocol (NTP) version number. |
| number | (Optional) NTP version number (1 to 3). |
| key | (Optional) Defines the authentication key. |
| keyid | (Optional) Authentication key to use when sending packets to this peer. |
| source | (Optional) Names the interface. |
| interface | (Optional) Name of the interface from which to pick the IP source address. |
| prefer | (Optional) Makes this peer the preferred peer that provides synchronization. |
No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.
Global configuration
Use this command if you want to allow this communication server to synchronize with the peer, or vice versa. Using the prefer keyword will reduce switching back and forth between peers.
If you are using the default version of 3 and NTP synchronization does not occur, try using NTP version number 2. Many NTP servers on the Internet run version 2.
In the following example, the communication server is configured to allow its system clock to be synchronized with the clock of the peer (or vice versa) at IP address 131.108.22.33 using NTP version 2. The source IP address will be the address of Ethernet interface 0.
ntp peer 131.108.22.33 version 2 source Ethernet 0
ntp authentication-key
ntp server
ntp source
To allow the communication server's system clock to be synchronized by a time server, use the ntp server global configuration command. To disable this capability, use the no form of this command.
ntp server ip-address [version number] [key keyid] [source interface] [prefer]| ip-address | IP address of the time server providing the clock synchronization. |
| version | (Optional) Defines the Network Time Protocol (NTP) version number. |
| number | (Optional) NTP version number (1 to 3). |
| key | (Optional) Defines the authentication key. |
| keyid | (Optional) Authentication key to use when sending packets to this peer. |
| source | (Optional) Identifies the interface from which to pick the IP source address. |
| interface | (Optional) Name of the interface from which to pick the IP source address. |
| prefer | (Optional) Makes this server the preferred server that provides synchronization. |
No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.
Global configuration
Use this command if you want to allow this communication server to synchronize with the specified server. The server will not synchronize to this communication server.
Using the prefer keyword will reduce switching back and forth between servers.
If you are using the default version of 3 and NTP synchronization does not occur, try using NTP version number 2. Many NTP servers on the Internet run version 2.
In the following example, the communication server is configured to allow its system clock to be synchronized with the clock of the peer at IP address 128.108.22.44 using NTP version 2:
ntp server 128.108.22.44 version 2
ntp authentication-key
ntp peer
ntp source
To use a particular source address in Network Time Protocol (NTP) packets, use the ntp source global configuration command. Use the no form of this command to remove the specified source address.
ntp source interface| interface | Any valid system interface name |
Source address is determined by the outgoing interface.
Global configuration
Use this command when you want to use a particular source IP address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword is present on an ntp server or ntp peer command, that value overrides the global value.
In the following example, the communication server is configured to use the IP address of Ethernet interface 0 as the source address of all outgoing NTP packets:
ntp source ethernet 0
ntp peer
ntp server
If you want to authenticate the identity of a system to which Network Time Protocol (NTP) will synchronize, use the ntp trusted-key global configuration command. Use the no form of this command to disable authentication of the identity of the system.
ntp trusted-key key-number| key-number | Key number of authentication key to be trusted |
Disabled
Global configuration
If authentication is enabled, use this command to define one or more key numbers (corresponding to the keys defined with the ntp authentication-key command) that a peer NTP system must provide in its NTP packets, in order for this system to synchronize to it. This provides protection against accidentally synchronizing the system to a system that is not trusted, since the other system must know the correct authentication key.
In the following example, the system is configured to synchronize only to systems providing authentication key 42 in its NTP packets:
ntp authenticate ntp authentication-key 42 md5 aNiceKey ntp trusted-key 42
ntp authenticate
ntp authentication-key
Use the ping (packet internet groper) user EXEC command to diagnose basic network connectivity on IP and Novell IPX networks.
ping [protocol] {host | address}| protocol | (Optional) Protocol keyword, either ip or novell |
| host | Host name of system to ping |
| address | Address of system to ping |
User EXEC
The user-level ping feature provides a basic ping facility for users who do not have system privileges. This feature allows the communication server to perform the simple default ping functionality for a number of protocols. Only the nonverbose form of the ping command is supported for user-level pings. Unlike the privileged-level ping command, the values for the number of ping packets sent, the datagram size, and the timeout cannot be adjusted.
If the system cannot map an address for a host name, it will return an "%Unrecognized host or address" error message.
To abort a ping session, type the escape sequence (by default, Ctrl-^ X, which is done by simultaneously pressing the Ctrl, Shift, and 6 keys, letting go, then pressing the X key).
Table 5-4 describes the test characters that the ping facility sends.
| Char | Meaning |
|---|---|
| ! | Each exclamation point indicates receipt of a reply. |
| . | Each period indicates the network server timed out while waiting for a reply. |
| U | A destination unreachable error PDU was received. |
| C | A congestion experienced packet was received. |
| I | User interrupted test. |
| ? | Unknown packet type. |
| & | Packet lifetime exceeded. |
The following display shows sample ping output when you ping the IP host named donald:
cs> ping donald
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.31.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/3/4 ms
Table 5-7 describes the default ping fields shown in the display.
ping (privileged)
Use the ping (packet internet groper) privileged EXEC command to diagnose basic network connectivity on IP and Novell IPX networks.
ping [protocol] {host | address}| protocol | (Optional) Protocol keyword, either ip or novell |
| host | Host name of system to ping |
| address | Address of system to ping |
Privileged EXEC
The ping program sends an echo request packet to an address, then awaits a reply. Ping output can help you evaluate path-to-host reliability, delays over the path, and whether the host can be reached or is functioning.
Depending upon the protocol type, You can adjust values for the number of ping packets to be sent, the datagram size, the timeout interval, additional command to include, and the sizes of the echo packets being sent.
After you enter the ping command in privileged mode, the system prompts for one of the following keywords: ip or ipx. The default protocol is IP.
If you enter a host name or address on the same line as the ping command, the default action is taken as appropriate for the protocol type of that name or address.
To abort a ping session, type the escape sequence (by default, Ctrl-^ X, which is done by simultaneously pressing the Ctrl, Shift, and 6 keys, letting go, then pressing the X key).
Table 5-6 describes the test characters that the ping facility sends.
| Char | Meaning |
|---|---|
| ! | Each exclamation point indicates receipt of a reply. |
| . | Each period indicates the network server timed out while waiting for a reply. |
| U | A destination unreachable error PDU was received. |
| C | A congestion experienced packet was received. |
| I | User interrupted test. |
| ? | Unknown packet type. |
| & | Packet lifetime exceeded. |
While the precise dialog varies somewhat from protocol to protocol, all are similar to the ping session using default values shown in the following display:
cs#pingProtocol [ip]: Target IP address:192.31.7.27Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.31.7.27, timeout is 2 seconds: !!!!! Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms
Table 5-7 describes the default ping fields shown in the display.
ping (user)
To enable Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) on a serial interface, use the ppp authentication interface configuration command. Use the no form of the command to disable this encapsulation.
ppp authentication {chap | pap} [if-needed]| chap | Enable CHAP on a serial interface. |
| pap | Enable PAP on a serial interface. |
| if-needed | (Optional) Do not perform CHAP or PAP authentication if user has already provided authentication. This option is available only on asynchronous interfaces. |
Disabled
Interface configuration
Once you have enabled CHAP or PAP, the local communication server requires a password from remote devices. If the remote device does not support CHAP or PAP, no traffic will be passed to that device.
If you are using autoselect on a tty line, you will probably want to use the ppp authentication command to turn on PPP authentication for the corresponding interface.
When you specify the if-needed option, PPP authentication will not be required when the user has already provided authentication. This option is useful in conjunction to the autoselect command.
The following example enables CHAP on asynchronous interface 4:
interface async 4 encapsulation ppp ppp authentication chap
A dagger (+) indicates that the command is documented in another chapter.
autoselect+
encapsulation ppp+
ppp use-tacacs+
username+
To enable TACACS for PPP authentication, use the ppp use-tacacs interface configuration command. Use the no form of this command to disable TACACS for PPP authentication.
ppp use-tacacs [single-line]| single-line | (Optional) Accept the username and password in the username field. This option applies only when using CHAP authentication. |
TACACS is not used for PPP authentication.
Interface configuration
This is a per-interface command. Use this command only when you have set up an extended TACACS server. This command requires the new extended TACACS server.
When CHAP authentication is being used, the ppp use-tacacs command with the single-line option specifies that if a username and password are specified in the username, separated by an asterisk (*), then a standard tacacs login query is performed using that username and password. If the username does not contain an asterisk, then normal CHAP authentication is performed using TACACS.
This feature is useful when integrating TACACS with other authentication systems that require a clear-text version of the user's password. Such systems include one-time password systems, token card systems, and others.
| Caution Normal CHAP authentications prevent the clear-text password from being transmitted over the link. When you use the single-line option, passwords will cross the link in the clear. |
If the username and password are contained in the CHAP password, then the CHAP secret is not used by the Cisco system. Because most PPP clients will require that a secret be specified, you can use any arbitrary string; the Cisco system will ignore it.
In the following example, asynchronous serial interface 1 is configured to use TACACS for CHAP authentication:
interface async 1 ppp authentication chap ppp use-tacacs
In the following example, asynchronous serial interface 1 is configured to use TACACS for PAP authentication:
interface async 1 ppp authentication pap ppp use-tacacs
A dagger (+) indicates that the command is documented in another chapter.
ppp authentication chap+
ppp authentication pap+
tacacs-server extended +
tacacs-server host+
To assign the specified priority list to an interface, use the priority-group interface configuration command. Use the no form of this command to remove the specified priority-group assignment.
priority-group list| list | Priority list number assigned to the interface |
None
Interface configuration
Only one list can be assigned per interface. Priority output queueing provides a mechanism to prioritize packets transmitted on an interface.
The following example causes packets on serial interface 0 to be classified by priority list 1:
interface serial 0 priority-group 1
priority-list
priority-list interface
priority-list queue-limit
priority-list stun
To assign a priority queue for those packets that do not match any other rule in the priority list, use the priority-list default global configuration command. Use the no form of this command to return to the default or assign normal as the default.
priority-list list-number default {high | medium | normal | low}| list-number | Arbitrary integer between 1 and 10 that identifies the priority list selected by the user |
| high | medium | normal | low | Priority queue level |
The normal queue is assumed if you use the no form of the command.
Global configuration
The following example sets the priority queue for those packets that do not match any other rule in the priority list to a low priority:
priority-list 1 default low
priority-group
show queueing
To establish queuing priorities on packets entering from a given interface, use the priority-list interface global configuration command. Use the no priority-list command with the appropriate arguments to remove an entry from the list.
priority-list list-number interface interface-type interface-number {high | medium || list-number | Arbitrary integer between 1 and 10 that identifies the priority list selected by the user |
| interface-type | Name of the interface |
| interface-number | Number of the specified interface |
| high | medium | normal | low | Priority queue level |
No queuing priorities are established.
Global configuration
The following example sets any packet type entering on Ethernet interface 0 to a medium priority:
priority-list 3 interface ethernet 0 medium
priority-group
show queueing
To establish queuing priorities based upon the protocol type, use the priority-list protocol global configuration command. Use the no form of this command with the appropriate list number to remove an entry from the list.
priority-list list-number protocol protocol-name {high | medium | normal | low}| list-number | Arbitrary integer between 1 and 10 that identifies the priority list selected by the user. |
| protocol-name | Specifies the protocol type: arp, compressedtcp, ip, ipx, pad, and x25. |
| high | medium | normal | low | Priority queue level. |
| queue-keyword keyword-value | Possible keywords are gt, lt, list, tcp, and udp. See Table 5-8. |
No queuing priorities are established.
Global configuration
When using multiple rules for a single protocol, remember that the system reads the priority settings in order of appearance. When classifying a packet, the system searches the list of rules specified by priority-list commands for a matching protocol type. When a match is found, the packet is assigned to the appropriate queue. The list is searched in the order it is specified, and the first matching rule terminates the search.
Use Table 5-8, Table 5-9, and Table 5-10 to configure the queuing priorities for your system.
| Option | Description |
|---|---|
| gt byte-count | Specifies a greater-than count. The priority level assigned goes into effect when a packet exceeds the value entered for the argument byte-count. The size of the packet must also include additional bytes due to MAC encapsulation on the outgoing interface. |
| lt byte-count | Specifies a less-than count. The priority level assigned goes into effect when a packet size is less than the value entered for byte-count. The size of the packet must also include additional bytes due to MAC encapsulation on the outgoing interface. |
| list list-number | Assigns traffic priorities according to a specified list when used with IP or IPX. The list-number argument is the access list number as specified by the access-list global configuration command for the specified protocol-name. |
| tcp port | Assigns the priority level defined to TCP segments originating from or destined to a specified port (for use with the IP protocol only). Table 5-9 lists common TCP services and their port numbers. |
| udp port | Assigns the priority level defined to UDP packets originating from or destined to the specified port (for use with the IP protocol only). Table 5-10 lists common UDP services and their port numbers. |
| Service | Port |
|---|---|
| Telnet | 23 |
| SMTP | 25 |
| Service | Port |
|---|---|
| TFTP | 69 |
| NFS | 2049 |
| SNMP | 161 |
| RPC | 111 |
| DNS | 53 |
Use the no priority-list global configuration command followed by the appropriate list-number argument and the protocol keyword to remove a priority list entry assigned by protocol type.
The following example assigns a high-priority level to traffic that matches IP access list 10:
priority-list 1 protocol ip high list 10
The following example assigns a medium-priority level to Telnet packets:
priority-list 4 protocol ip medium tcp 23
The following example assigns a medium-priority level to UDP Domain Name Service packets:
priority-list 4 protocol ip medium udp 53
The following example assigns a high-priority level to traffic that matches Ethernet type code access list 201:
priority-list 1 protocol bridge high list 201
priority-group
show queueing
To specify the maximum number of packets that can be waiting in each of the priority queues, use the priority-list queue-limit global configuration command. Use the no form of this command to select the normal queue.
priority-list list-number queue-limit high-limit medium-limit normal-limit low-limit| list-number | Arbitrary integer between 1 and 10 that identifies the priority list selected by the user. |
| high-limit medium-limit normal-limit low-limit | Priority queue maximum length. A value of 0 for any of the four arguments means that the queue can be of unlimited size for that particular queue. |
The default queue limit arguments are listed in Table 5-11.
| Priority Queue Argument | Packet Limits |
|---|---|
| high-limit | 20 |
| medium-limit | 40 |
| normal-limit | 60 |
| low-limit | 80 |
Global configuration
If a priority queue overflows, excess packets are discarded and quench messages can be sent, if appropriate, for the protocol.
The following example sets the maximum packets in the priority queue to 10:
priority-list 2 queue-limit 10 40 60 80
priority-group
show queueing
To customize the communication server prompt, use the prompt global configuration command. To revert to the default communication server prompt, use the no form of this command.
prompt string| string | Communication server prompt. It can consist of all printing characters and the escape sequences listed in Table 5-12 in the "Usage Guidelines" section. |
The default communication server prompt is either Router or the communication server name defined with the hostname global configuration command, followed by an angle bracket (>) for EXEC mode or a pound sign (#) for privileged EXEC mode.
Global configuration
You can include escape sequences when specifying the communication server prompt. All escape sequences are preceded by a %. Table 5-12 lists the valid escape sequences.
| Escape Sequence | Interpretation |
|---|---|
| %h | Communication server's host name. This is either Router or the name defined with the hostname global configuration command. |
| %n | TTY number of the EXEC user. |
| %p | Prompt character itself. It is either an angle bracket (>) for EXEC mode or a pound sign (#) for privileged EXEC mode. |
| %s | Space. |
| %t | Tab. |
| %% | % |
Specifying the command prompt %h has the same effect as issuing the no prompt command.
The following example changes the EXEC prompt to include the TTY number, followed by the communication server name and a space:
prompt TTY%n@%h%s
The following are examples of user and privileged EXEC prompts that result from the previous command:
TTY17@Router1 > TTY17SRouter1 #
hostname
To assign a priority queue for those packets that do not match any other rule in the queue list, use the queue-list default global configuration command. To restore the default value, use the
no form of this command.
| list-number | Number of the queue list. An integer from 1 to 10. |
| queue-number | Number of the queue. An integer from 1 to 10. |
Queue number 1
Global configuration
Queue number 0 is a system queue. It is emptied before any of the other queues are processed. The system enqueues high-priority packets, such as keepalives, to this queue.
In the following example, the default queue for list 10 is set to queue number 2:
queue-list 10 default 2
custom-queue-list
show queueing
To establish queuing priorities on packets entering on an interface, use the queue-list interface global configuration command. To remove an entry from the list, use the no form of this command.
queue-list list-number interface interface-type interface-number queue-number| list-number | Number of the queue list. An integer from 1 to 10. |
| interface-type | Required argument that specifies the name of the interface. |
| interface-number | Number of the specified interface. |
| queue-number | Number of the queue. An integer from 1 to 10. |
No queuing priorities are established.
Global configuration
In the following example, queue list 4 established queuing priorities for packets entering on interface tunnel 3. The queue number assigned is 10.
queue-list 4 interface tunnel 3 10
custom-queue-list
show queueing
To establish queuing priority based upon the protocol type, use the queue-list protocol global configuration command. Use the no form of this command with the appropriate list number to remove an entry from the list.
queue-list list-number protocol protocol-name queue-number queue-keyword keyword-value| list-number | Number of the queue list. An integer from 1 to 10. |
| protocol-name | Required argument that specifies the protocol type: arp, compressedtcp, ip, ipx, pad, and x25. |
| queue-number | Number of the queue. An integer from 1 to 10. |
| queue-keyword keyword-value | Possible keywords are gt, lt, list, tcp, and udp. See Table 5-8. |
No queuing priorities are established.
Global configuration
When classifying a packet, the system searches the list of rules specified by queue-list commands for a matching protocol type. When a match is found, the packet is assigned to the appropriate queue. The list is searched in the order it is specified, and the first matching rule terminates the search.
Use Table 5-8, Table 5-9, and Table 5-10 from the priority-list protocol command to configure custom queuing for your system.
The following example assigns traffic that matches IP access list 10 to queue number 1:
queue-list 1 protocol ip 1 list 10
The following example assigns Telnet packets to queue number 2:
queue-list 4 protocol ip 2 tcp 23
The following example assigns UDP Domain Name System packets to queue number 2:
queue-list 4 protocol ip 2 udp 53
The following example assigns traffic that matches Ethernet type code access list 201 to queue number 1:
queue-list 1 protocol bridge 1 list 201
custom-queue-list
show queueing
To designate the byte size allowed per queue, use the queue-list queue byte-count global configuration command. To return the byte size to the default value, use the no form of this command.
queue-list list-number queue queue-number byte-count byte-count-number| list-number | Number of the queue list. An integer from 1 to 10. |
|---|---|
| queue-number | Number of the queue. An integer from 1 to 10. |
| byte-count-number | Specifies the lower boundary on how many bytes the system allows to be delivered from a given queue during a particular cycle. |
1500 bytes
Global configuration
In the following example, queue list 9 establishes the byte-count as 1400 for queue number 10:
queue-list 9 queue 10 byte-count 1400
custom-queue-list
show queueing
To designate the queue length limit for a queue, use the queue-list queue limit global configuration command. To return the queue length to the default value, use the no form of this command.
queue-list list-number queue queue-number limit limit-number| list-number | Number of the queue list. An integer from 1 to 10. |
|---|---|
| queue-number | Number of the queue. An integer from 1 to 10. |
| limit-number | Maximum number of packets which can be enqueued at any time. Range is 0 to 32767 queue entries. |
20 entries
Global configuration
In the following example, the queue length of queue 10 is increased to 40:
queue-list 5 queue 10 limit 40
custom-queue-list
show queueing
To control the maximum amount of time that can elapse without running the lowest-priority system processes, use the scheduler-interval global configuration command. Use the no form of this command to restore the default.
scheduler-interval milliseconds| milliseconds | Integer that specifies the interval, in milliseconds. The minimum interval that you can specify is 500 milliseconds; there is no maximum value. |
500 milliseconds
Global configuration
The normal operation of the network server allows the switching operations to use as much of the central processor as is required. If the network is running unusually heavy loads that do not allow the processor the time to handle the routing protocols, give priority to the system process scheduler. High-priority operations are allowed to use as much of the central processor as needed.
The following example changes the low-priority process schedule to an interval of 750 milliseconds:
scheduler-interval 750
To specify that line numbers be displayed and interpreted as decimal numbers rather than octal numbers, use the service decimal-tty global configuration command. Use the no form of this command to restore the default.
service decimal-ttyThis command has no arguments or keywords.
Octal line numbers on the ASM-CS; decimal numbers on the 500-CS and Cisco 2500 Series.
Global configuration
The following example shows how to display decimal rather than octal line numbers:
service decimal-tty
To delay the startup of the EXEC on noisy lines, use the service exec-wait global configuration command. Use the no form of this command to disable this feature.
service exec-waitThis command has no arguments or keywords.
Disabled
Global configuration
This command delays startup of the EXEC until the line has been idle (no traffic seen) for 3 seconds. The default is to enable the line immediately on modem activation.
This command is useful on noisy modem lines or when a modem attached to the line is configured to ignore MNP or V.42 negotiations, and MNP or V.42 modems may be dialing in. In these cases, noise or MNP/V.42 packets might be interpreted as usernames and passwords, causing authentication failure before the user gets a chance to type a username/password. The command is not useful on nonmodem lines or lines without some kind of login configured.
The following example delays the startup of the EXEC:
service exec-wait
To allow Finger protocol requests (defined in RFC 742) to be made of the network server, use the service finger global configuration command. This service is equivalent to issuing a remote show users command. The no service finger command removes this service.
service fingerThis command has no arguments or keywords.
Enabled
Global configuration
The following is an example of how to disable the Finger protocol:
no service finger
To enable the Nagle congestion control algorithm, use the service nagle global configuration command. Use the no form of this command to disable this feature.
service nagleThis command has no arguments or keywords.
Disabled
Global configuration
When using a standard TCP implementation to send keystrokes between machines, TCP tends to send one packet for each keystroke typed. On larger networks, many small packets use up bandwidth and contribute to congestion.
John Nagle's algorithm (RFC 896) helps alleviate the small-packet problem in TCP. In general, it works this way: The first character typed after connection establishment is sent in a single packet, but TCP holds any additional characters typed until the receiver acknowledges the previous packet. Then the second, larger packet is sent, and additional typed characters are saved until the acknowledgment comes back. The effect is to accumulate characters into larger chunks, and pace them out to the network at a rate matching the round-trip time of the given connection. This method is usually a good for all TCP-based traffic. However, do not use the service nagle command if you have XRemote users on X Window sessions.
The following example enables the Nagle algorithm on the communication server:
service nagle
To encrypt passwords, use the service password-encryption global configuration command. Use the no form of this command to disable this service.
service password-encryptionThis command has no arguments or keywords.
No encryption
Global configuration
The actual encryption process occurs when the current configuration is written or when a password is configured. Password encryption can be applied to both the privileged command password and to console and virtual terminal line access passwords.
When password encryption is enabled, the encrypted form of the passwords is displayed when a show configuration command is entered.
The following example causes password encryption to take place:
service password-encryption
To generate keepalive packets on idle network connections, use the service tcp-keepalives global configuration command. Use the no form of this command with the appropriate keyword to disable the keepalives.
service tcp-keepalives {in | out}| in | Generates keepalives on incoming connections (initiated by remote host). |
| out | Generates keepalives on outgoing connections (initiated by a user). |
Disabled
Global configuration
The following example generates keepalives on incoming TCP connections:
service tcp-keepalives in
To set the TCP window to zero (0) when the Telnet connection is idle, use the service telnet-zero-idle global configuration command. Use the no form of this command to disable this feature.
service telnet-zero-idleThis command has no arguments or keywords.
Disabled
Global configuration
Normally, data sent to noncurrent Telnet connections is accepted and discarded. When service telnet-zero-idle is enabled, if a session is suspended (that is, some other connection is made active or the EXEC is sitting in command mode), the TCP window is set to zero. This action prevents the remote host from sending any more data until the connection is resumed. Use this command when it is important that all messages sent by the host be seen by the users and the users are likely to use multiple sessions.
Do not use this command if your host will eventually time out and log out a TCP user whose window is zero.
The following example sets the TCP window to zero when the Telnet connection is idle:
service telnet-zero-idle
resume
To configure the system to timestamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
service timestamps [type uptime]| type | (Optional) Type of message to timestamp: debug or log. |
| uptime | (Optional) Timestamp with time since the system was rebooted. |
| datetime | Timestamp with the date and time. |
| msec | (Optional) Timestamp includes milliseconds with the date and time. |
| localtime | (Optional) Timestamp relative to the local time zone. |
| show-timezone | (Optional) Timestamp includes the time-zone name. |
No timestamping.
If service timestamps is specified with no arguments or keywords, the default is service timestamps debug uptime.
The default for service timestamps type datetime is to format the time in UTC, with no milliseconds and no time-zone name.
The command no service timestamps with no arguments or keywords disables timestamps for both debugging and logging messages.
Global configuration
Timestamps can be added to either debugging or logging messages independently. The uptime form of the command adds timestamps in the format HHHH:MM:SS, indicating the time since the system was rebooted. The datetime form of the command adds timestamps in the format
MMM DD HH:MM:SS, indicating the date and time according to the system clock. If the system clock has not been set, the date and time are preceded by an asterisk (*) to indicate that the date and time are probably not correct.
The following example enables timestamps on debugging messages, showing the time since reboot:
service timestamps debug uptime
The following example enables timestamps on logging messages, showing the current time and date relative to the local time zone, with the time zone name included:
service timestamps log datetime localtime show-timezone
clock set
debug (Refer to the Debug Command Reference publication.)
ntp
Use the show buffers EXEC command to display statistics for the buffer pools on the network server.
show buffers [interface]| interface | (Optional) Causes a search of all buffers that have been associated with that interface for longer than one minute. The contents of these buffers are printed to the screen. This option is useful in diagnosing problems where the input queue count on an interface is consistently nonzero. |
EXEC
The network server has one pool of queuing elements and five pools of packet buffers of different sizes. For each pool, the network server keeps counts of the number of buffers outstanding, the number of buffers in the free list, and the ma