WARNING! These commands are not required to be known for the CCIE - rather, they are diagnostic tools for TAC and engineering/devtest to find problems with routers and switches. Again, yo do not need to know these for the exam, and what's more, they come without backup information (documentation) or any warranties. Note that some of these were previously undocumented, but are now... I'm not going to take the time to pull them out unless someone sends me a nastygram.
Note: Many of these commands are pulled from a great website, http://www.boerland.com/dotu/. Go there for updates to this list.
***********************[A]*************************
aaa accounting delay-start
[12.1] [hidden] global configuration command aaa accounting delay-start delays creation of the PPP Network start record until the peer IP address is known.
aaa authorization address-authorization-exec
[12.1] [hidden] configuration command forces address authorzation for PPP when started from an exec.
aaa group server {radius | tacacs+} server-group-name server (ip-address-1) [auth-port (port-number)] [acct-port (port-number)] server (ip-address-2) [auth-port (port-number)] [acct-port port-number] deadtime (minutes) pick-method [next | load-balanced | round-robin]
[hidden] Pick-method server-group configuration command used to specify an alternate method of selecting servers when one is not responding. As of 12.0(3)T the load-balanced and round-robin alternatives may be specified butmay not be implemented. The load-balanced keyword indicates that the initial host is selected load-balanced. The round-robin keyword indicates that the initial host is selected in a round-robin method with all servers being retried before starting from the beginning of the list of servers. The next keyword indicates that the list of servers is stepped through sequentially with each request always starting with the first server in the list. This last option is the default method of operation.
aaa nas port description text
[hidden] global configuration command causes the specified text to appear in TACACS+ accounting records with the attribute nas-description and the value of the text specified in the command. This command is useful during debugging allowing one to specify information about the environment or configuration in which the accounting record was generated.
access-list number remark (comment)
and
ip access-list extended name remark (comment)
[12.1] Option to add comments about the access list. This keyword is documented under Bug Id CSCdk14543.
atm allow-max-vci
Interface command, will allow the cisco 7000 use VCI's above 1023.
***********************[B]*************************
bgp common-administration
bgp dynamic-med-interval
bgp process-dpa
***********************[C]*************************
carrier delay (value)
[12.1] Modifies the carrier delay time. A value of 0 disables the carrier delay.
clear ip eigrp [as] event
Clear IP-EIGRP event logs.
clear ip eigrp [as] logging
Stop IP-EIGRP event logging.
clear profile
Clears CPU profiling.
clear startup-config
Same as erase startup-config
clear vtemplate
Resets the virtual templates.
clockrate {1200 | [...]| 2015232 }
There is an anomaly between what is documented, what is displayed and what is entered for this command. The documentation indicates the command is clock rate and this is what IOS shows as the valid command in configuration mode. However, a configuration display shows the command as clockrate as this is how is saved in nvram. In addition, older rom monitors do not understand the newer clock rate command which would cause problems. What actually happens here is that clockrate is implemented as a hidden command and is not completed by pressing tab and nor is there any help generated for it. But both clockrate and clock rate are accepted and there should be no problem in cutting and pasting the configurations.
config overwrite
copy core
Does a full core dump, as write core but with more options.
csim start (number)
Emulates a voice call.
***********************[D]*************************
debug buffer
Additional buffer debugging.
debug crypto isakmp detail
Crypto ISAKMP internals debugging.
debug crypto isakmp packet
Crypto ISAKMP packet debugging.
debug dialer detailed
debug ip ospf monitor
Debug command which show opsf database sync
debug ip packet ... dump
Outputs a hex and ASCII dump of the packet's contents.
debug ipx private
debug isdn code
debug oir
Debug online insertion and removal
debug parser mode
debug sanity
debug subsys
Debug discrete subsystems.
dialer mult-map-same-name
Useful if you have dialup clients using the same chap/pap username.
dhcp-server import all
Take all DHCP client info from the "ip address dhcp" client and assume that info for our DHCP server.
debug snmp {bag | dll | io | mib { all | by-mib-name } | packets | sysdb | timers}
***********************[E]*************************
exception-slave dump X.X.X.X
exception-slave protocol tftp
exception-slave corefile
execption memory fragment (amount)
Will reload router when no more fragment mem is available. DOCUMENTED:in Version 12.1(2)E
***********************[F]*************************
***********************[G]*************************
gdb kernel
gdb examine pid
gdb debug pid
(Cisco's comment: gdb commands are for debugging, only useful to cisco engineers who have a symbol table for the IOS image in question).
***********************[H]*************************
hangup
Alias for "quit"
***********************[I]*************************
ip cef accounting per-prefix non-recursive prefix-length
if-con (slot number)
Attach to a vip console.
if-quit
Gets out of if-con mode.
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ip forwarding accounting prefix-length
ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval
ip forwarding traffic-statistics update-rate
[no] ip gratuitous-arps
This disables unsolicited ARP replies that are useful to signal to a second (redundant) router on the same LAN segment that a remote gateway is present or has changed.
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
Legacy form of ip local pool, for backwards compatability
ip ospf interface-retry (x)
Retry for ospf process
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
ip tftp boot-interface
ip tmstats bin [internal | external]
When ip cef accounting non-recursive is configured
isdn network
Tell a router to be the "master" on T1-CCS link using isdn switch-type primary-ni
ipx flooding-unthrottled
[12.1] Global configuratiom command, specifies that NLSP flooding should be unthrottled.
ipx netbios-socket-input-checks
[12.1] Global configuration command limits the input of non-type 20 netbios broadcast packets.
ipx potential-pseudonode
[12.1] Global configuration command specifies to keep backup route and service data for NLSP potential pseudocode.
ipx saps follow-route-paths
[12.1] An undocumented global configuration command. See Bug Id CSCdm12190
ipx server-split-horizon-on-server-paths
[12.1] Global configuratiom command specifies that split horizon SAP occurs on server, not route, paths. This command is documented in Bug Id CSCdm12190
ipx update interval {rip | sap} {seconds | passive | changes-only}
[12.1] The undocumented passive keyword specifies to listen but does not send normal periodic SAP updates nor flashes/changes updates. Queries will still be replied to. The update interval is set to the same interval as changes-only. The passive keyword is documented under Bug Id CSCdj59918.
isdn {n200 | t200 | t203} (number)
Changes the value of various layer 2 ISDN timer settings. The number parameter is milliseconds for t200 and t203 and the maximum number of retransmits for the keyword n200. The current value of ISDN timers can be displayed using the show isdn timers EXEC command.The values of the timer settings depend on the switch type and typically are used only for homologation purposes. The typical value for t200 is 1 second, for t203 is 10 seconds and for n200 is 3 retransmits.
***********************[J]*************************
***********************[K]*************************
***********************[L]*************************
llc attach [interface]
llc close aaaa
llc offset aaaa
llc open [interface]
llc send aaaa
logging event {link-status | subif-link-status}
The no form of the undocumented logging event link-status interface commmand is used to turn off sending up, down and change messages for an interface to the syslog. This is very useful on live systems since these systems generate so many of these messages that other important messages are often hard to see. This is a companion command to the documented command no snmp trap link-status which prevents sending the associated snmp trap.
loopback diag
loopback dec
loopback test
loopback micro-linear
loopback motorola
***********************[M]*************************
memory scan
Parity check for 7500 RSP's.
modem log {cts | dcd | dsr | dtr | ri | rs232 | rts | tst}
[12.1] Configuration command is used to specify which rs232 log events are to be saved for display by the show modem log command. When performing log analysis, various RS232 events fill the log within seconds rendering it useless for analysis (see Bug Id CSCdk86001). This command helps to filter out unwanted entries in the log.
modem-mgmt csm debug-rbs
[12.1] Turns on debugging for Channelized T1 links in the AS5x00 series, providing info about ABCD bits in phone call supervision. Documented, here. Debug cas replaced this 'broken' command. INTERNAL privileged EXEC command enables robbed bit signaling debugging within CSM. Issuing the command once turns on rbs debugging. Issuing the command a second time turns on special rbs debugging. Issuing the command using the no-debug-rbs keyword turns off all degugging. This command is useful in looking at modem pooling and channelized T1s. To make this command available, the service internal global configuration command must be issued first.
multilink bundle-name {authenticated | both | endpoint}
[12.1] This undocumented global configuration command selects the method for naming multilink bundles. Authenticated specifies using the peer's authenticated name, endpoint specifies using the peer's endpoint discriminator and both specifies using both the peer's authenticated name and endpoint discriminator.
***********************[N]*************************
[no] environment-monitor
Disable environment monitoring.
[no] ppp chap ignoreous
For router with same hostname
[no] service auto-reset
On linecards
***********************[O]*************************
***********************[P]*************************
ppp direction {callin | callout | dedicated}
[12.1] Identifies the direction of ppp activity. PPP attempts to determine if a call is callin or a callout or a dedicated line. This is how it detects spoofed CHAP challenges. When an async interface is added to a dialer interface, ppp cannot detect the difference between a dedicated line and a callin. So it assumes that it is a callin. Adding the ppp direction dedicated overcomes this.
ppp ipcp accept-address
Interface command specifies that IOS is to revert to the previous operation regarding the acceptance of ip addresses from users. When enabled, the peer IP address will be accepted but is still subject to AAA verification, it will have precedence over any local address pool however. In IOS releases after 11.0(11), PPP IPCP negotiation was changed to accepts a remote peer's "Her" proposed address regardless, and the "Her" address is subsequently added to the IP routing table as a host route. With IOS Releases later than 11.0(11) the software checks the "Her" address against the corresponding dialer map and if the address is different than the IP address detailed within the dialer map, a NAK will be sent and the dialer map IP address will be added as a host route in the IP routing table.
ppp ipcp ignore-map
ppp lcp fast-start
[12.1] Interface configuration command specifies to ignore the carrier timer and start PPP when an LCP packet arrives.
ppp restart-timer (msec)
Interface configuration command modifies the default value (2 seconds) for the restart timer. The translate command also has a similar keyword, restart.
ppp timeout absolute (sec)
Determines how long PPP link can be up [default is infinity, configurable as 0] used under virtual-template interfaces.
ppp timeout idle (sec) [inbound | either]
Determines how long PPP can wait until bringing the link down if there is no traffic. Default is infinity, configurable as 0. Used under virtual-template interfaces.
profile (start) (stop) (granularity)
***********************[Q]*************************
***********************[R]*************************
radius-server attribute 44 on-for-access-req
Global configuration command sends attribute 44 in all access request packets. The command may be present in IOS 11.3(9+)AA (reference BugID CSCdk74429). This command is replaced by the radius-server attribute 44 include-in-access-req command.
radius-server attribute 6 on-for-login-auth
Global configuration command sends attribute 6 in all authentication packets (e.g., access requests). This command may be present in IOS 11.3(9+)T and 12.0(3+)T (reference BugID CSCdk81561).
radius-server attribute 6 support-multiple
Global configuration command specifies that IOS is to support multiple Service-Type values per Radius profile in violation of the RFC for Radius. This command was added in IOS 12.1(2.3)T2 and 12.1(3.3)T (reference BugID CSCdr60306).
radius-server authorization default framed-protocol ppp
Used to specify the default framed-protocol as PPP when this RADIUS attribute is missing.
radius-server authorization permit missing service-type
Global command is used to specify that a RADIUS entry without service-type information is permitted. It is used when RADIUS is being used as a database without regard to service-type.
radius-server attribute nas-port extended
Command is replaced by the radius-server attribute nas-port format b command in some releases of IOS. For this reason it may be hidden in the IOS configuration mode but documented. In these versions of IOS, the command will be accepted but ignored.
radius-server challenge-noecho
[12.1] global configuration command specifies that data echoing to the screen is disabled during Access-Challenge.
radius-server directed-request [restricted] [right-to-left]
Right-to-left keyword, which first appeared in IOS 12/0(7)T, enables right-to-left parsing of the user information (reference Bugid CSCdm77820).
radius-server extended-portnames
Global configuration command, which displays expanded interface information in the NAS-Port-Type attribute, has been replaced by the radius-server attribute nas-port extended command. This command configures RADIUS to expand the size of the NAS-Port attribute field to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the controlling interface; the lower 16 bits indicate the interface undergoing authentication. This command first appeared in IOS Release 11.1. It has been hidden in IOS 11.3+ and IOS 12.0+ since the command has been replaced (reference Bugid CSCdj06817).
radius-server host {hostname | ip-address} [auth-port (port-number)] [acct-port (port-number)] [timeout (seconds)] [retransmit (retries)] [key string] [ignore-acct-authenticator]
The ignore-acct-authenticator keyword specifies to ignore accounting authenticator errors and warn only (11.3(+)AA).
radius-server ipc-limit done limit
radius-server retry method round-robin
Global configuration command is used to specify an alternate method of selecting servers when one is not responding. As of 12.0(3)T alternates may not be defined and the round-robin alternative may not be implemented.
radius-server secret (string)
Global configuration command is used to specify the key shared with the RADIUS server. This command is hidden because it has been replaced with the radius-server key command (reference BugID CSCdi44081). This command first appeared in IOS Release 11.1.
radius-server unique-ident value
Global configuration command is used to set high order bits for the accounting identifier. The identifier field is a one octet field included in all RADIUS accounting packets which aids in matching requests and replies.
***********************[S]*************************
scheduler max-task-time 200
Last value in milliseconds.
scheduler heapcheck process
scheduler heapcheck poll
scheduler run-degraded
service internal
Allows additional debugs that are not normally available.
service slave-coredump
service log backtrace
Provides traceback with every logging instance.
set destination-preference
show alignment
show asp
show async bootp
No extended data will be sent in BOOTP responses.
show bridge group verbose
Shows additional information on each port that the bridge group is enabled.
show caller
show chunk [summary]
show counters [slot/port]
show compress hardware
show controller vip (slotno) log
show controller vip (slotno) tech
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show idb
show interface status
show interface switching
show interface (int) stat
show interfaces switching
show interfaces (int) switching
Shows switching path information for the interface
show ip cef internal
show ip eigrp event [as] [start# end#]
show ip eigrp sia-event [as] [start# end#]
show ip eigrp timers [as]
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf events
show ip ospf maxage-list
show ip ospf statistics
show ipx backup [network]
show ipx cache cbus
show ipx cache hash
show ipx eigrp event [event-number]
show ipx eigrp sia-event
show ipx private cache-history aaa
show ipx urd [0-fffffffe]
show isdn {active | history | memory | services | status [dsl | serial number] | timers}
active: Displays current call information, including called number, the time until the call is disconnected, AOC charging units used during the call, and whether the AOC information is provided during calls or at end of calls. history: Displays historic and current call information, including the called number, the time until the call is disconnected, AOC charging time units used during the call, and whether the AOC information is provided during calls or at the end of calls. status serial number: Displays the status of a specific ISDN PRI interface created and configured as a serial interface.
show isis timers
show isis tree
show isis tree level-2
show isis private
show list
show list nonempty
show llc
show media
show media access-lists
show modem mapping
show parity
show parser
show parser links
show parser modes
show parser unresolved
show proc all-events
Shows all process events
show profile
Shows cpu profiling.
show profile detail
Shows cpu profiling.
show profile terse
Shows cpu profiling.
show refuse-message
show region (address)
Shows image layout at given address.
show registry cr | brief | statistics | registry-name
show rsh
show rsh-disable-commands
show rsp
show slip
show smrp private | request |response
show snapshot private
show snmp chassis
show snmp contact
show snmp community
show snmp location
show snmp mib [detailed | dll]
show snmp newcom
show snmp view
show sum
Show current stored image checksum
show timers
Show timers for timer command in config mode.
show traffic
Shows the current backplane utilization and peak utilization for all three busses.
show queueing interface (interface)
Gives queueing information on a per interface basis
snmp-server priority {low | normal | high}
Global configuration command can be used to change the priority of SNMP processes. To avoid extensive polling, use the priority should be set to low . All SNMP queries sent to a router are prioritized as either low or medium priority, depending on the version of code run by the route processor. This means that processes with a higher priority than the SNMP process will be serviced before SNMP. So, regardless of SNMP polling intensity, routing processes will generally be processed before SNMP requests because route processes are "high" priority. You can view the priorities of each of the router's processes by doing a show process and looking in the Q column (L == Low, M == Medium, H == High). See Cisco's website for documentation. This command has no impact on the priority of the snmp trap process.
[no] snmp-server sparse-tables
Get the complete SNMP MIB table. On controller interface you get without this command e.g. no out bytes counter. With these commands you get every object with SNMP get-next.
[no] sscop quick-poll Suppose to help recover if sscop has problems, global command.
***********************[T]*************************
tclsh
Unverified but very interesting, you can program with loop control, expressions, etc from the IOS CLI. Prerelease?
telnet timeout
test appletalk
[12.1] The test appletalk command will enter appletalk test mode. The sub-commands available in this mode are:
***********************[U]*************************
***********************[V]*************************
vpdn aaa override-server {hostname | ip-address}
[12.1] Global configuration command specifies the name or ip address of a designated AAA server to be used for VPDN authorization.
***********************[W]*************************
who
Alias for show users
write core
Does a full core dump, reboots router
Filesystem - interesting hidden files
cd system:/vfiles and 'dir' and there are three files available:
tmasinfo
tmstats.ascii
tmstast.binary
tmstats.ascii: