Undocumented Cisco Commands
Here is a list of the undocumented commands that
can be entered into Cisco Routers. These were commands that Cisco either
created and were not fully functional or Cisco doesn't want us to know
about. Some of these commands only work on certain versions of IOS,
however, I have found that many of them work well on all versions. If you
find errors or have additional commands that you have discovered, please let me
know and I will post them here.
General Commands:
snmp-server priority low
ip spd enable
Enable
selective packet discard (spd) to drop certain less-important types of packets
if the router gets busy. This keeps
the router forwarding user traffic first and network management traffic last
during high congestion times. Attacks
to overload the router with management traffic will be mitigated with this
global configuration command.
service nagle
Enables the NAGLE congestion control algorithm. This is supported in
some, but not other versions of IOS.
ttcp
Can generate TCP packets to test
links
In 11.1, but not 11.3
Check out http://www.ccci.com/tools/ttcp/index.html
or http://www.ccci.com/product/network_mon/tnm31/ttcp.htm
ip nat service
test crash
no ip gratuitous-arps
show idb - 11.2 - shows interface
descriptor block information
show isdn active
show isdn history
standby use-bia - HSRP
no service password-recovery
Wipes out the current config and sends the user to setup
configuration if the traditional password recovery method is used
Low Level VIP config mode:
if con <slot #>
console
vip-slot0# ?
vip-slot0# test atm 0
to exit type "Ctrl-C" three times
show ip cache - ?
set ip cache policy
ip security
extended-ignored
ipx sap-interval passive
show interface eth 0 stats
Yields other statistics about that
interface
show interface eth 0 switching
Gives stats on how the packets are switches
(fast/SSE/process) on that interface
Preferred Transport None:
line vty 0 (also for con or aux)
preferred transport none
This sequence forces you to type "telnet
<hostname>" thus avoiding the
wait for a hostname resolution for telnet
session when you really typed a
bad command. This is from the terminal
server code Cisco had.
Bob Martin
Speaking from personal experience, it is
also very useful for blocking
outbound telnet when using TACACS+ command
authorization. Say, for
instance, you work in a NOC for a large
insurance company. They place
routers in agent offices, which have no
liability to the actual company.
The tranport preferred none command will
allow tacacs+ to block telnet from
these end node routers, so if somebody
breaks into a router, they can't get
any where else without bringing down the
server, which would trigger an
event to the NOC.
Richard Rees
A Bunch of EIGRP commands:
show ip eigrp events
show ip eigrp event [as]
[start# end#]
IP-EIGRP Events
show ip eigrp sia-event [as]
[start# end#]
IP-EIGRP SIA event
show ip eigrp timers
[as]
IP-EIGRP Timers
clear ip eigrp [as]
event
Clear IP-EIGRP event logs
clear ip eigrp [as]
logging
Stop IP-EIGRP event logging
Some EIGRP router sub-commands (i.e. under
"router eigrp xx")
[no] eigrp
event-logging
Controls logging of eigrp events on
a per bases
[no] eigrp event-log-size
Set event log sixe to events; 0
deletes event log buffers
[no] command resets event log and
SIA log size to 500 events
[no] eigrp log-event-type
[dual] [xmit] [transport]
Configure the set of event types to
log
[no] eigrp
kill-everyone
Kill all adjacencies on an SIA
event or a neighbor down event
[no] eigrp
log-neighbor-changes
Log changes in peer status of
neighbors
Donnie Savage
Some OSPF Commands:
show ip ospf stat
Shows detail of the last ten SPF algorithm
runs with a reason for the run
Adrian Sinclair
show ip ospf event
show ip ospf maxage
show ip ospf bad-checksum
show ip ospf delete
Alex D. Zinin
ip flow-cache feature-accelerate
xxxxx(config)#ip flow-cache ?
active-timeout Specify the active flow
timeout
entries
Specify the number of entries in the flow cache
feature-accelerate Enable flow based feature acceleration
Oliver J. Albrecht
One command that I used to diagnose a memory leak was "SHOW CHUNK"
Dave Greer
show region - Darrel Hinshaw
Does anybody know what the command "service internal" is on
the Lightstream
> 1010 coder (version 11.3.5(WA48D))?
Not only on Lightstreams, though... ;)
This command switches on some code branches, containing additional checks
and debug outputs. Should not be used unless you are working with TAC upon
very hideous bug. Consumes significant portion of CPU...
Basil (Vasily) Dolmatov
'serv inter' allows you to enable some additional debugs that are not
normally
available. I don't think that having the command in your config has any
important CPU impact. The debugs you can enable are a different story...
Santiago Alvarez
service internal - Lawrence Rebarchik
Interface looopback 0
ip ospf network point-to-point /*
put this command on the loopback to make the lo0 not a host(/32) route
Many Others: (Submitted by Dirk Riemenschneider)
bgp common-administration
bgp dynamic-med-interval
bgp process-dpa
clear ip eigrp [as]
event
Clear IP-EIGRP event logs
clear ip eigrp [as]
logging
Stop IP-EIGRP event logging
config overwrite
copy core ?
does a full core dump, reboots router, as write core but
with more options
debug dialer detailed
debug ip packet ...
dump
Outputs a hex & ASCII dump of the packet's contents
debug isdn code
debug sanity
if-con
<n>
attach to a vip console
if-cons
ip forwarding
ip forwarding accounting
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ip forwarding accounting prefix-length
ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval
ip forwarding traffic-statistics update-rate
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
memory scan
Parity check for 7500 RSPs
modem-mgmt csm debug-rbs
no service password-recovery
for the daring people :-)
[router bgp ASN]
neighbor <customer-router> translate-update [nlri multicast
unicast]
redistribute between BGP and MBGP
bgp redistribute-internal
redistribute I-BGP routes in the other routing-protocol
service internal
some additional debugs that are not normally available
set destination-preference
show alignment
show asp
show caller
show chunk
show chunk summary
show controller vip <slotno> log
show controller vip <slotno> tech
show fib
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show hardware
show idb
show interface statis
show interface switching
show interfaces stat
show interface <int> stat
show interfaces switching
show int <int> switching
show ip eigrp event [as] [start#
end#] IP-EIGRP Events
show ip eigrp sia-event [as] [start# end#] IP-EIGRP
SIA event
show ip eigrp timers
[as]
IP-EIGRP Timers
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf ev
show ip ospf events
show ip ospf maxage
show ip ospf maxage
show ip ospf statistics
show isdn active
show isdn history
show list
show list nonempty
show llc
show media
show media access-lists
show modem mapping
show parity
show parser
show parser links
show parser modes
show parser unresolved
show profile
show profile detail
show profile terse
show refuse-message
show region
show region address
show rsh
show rsh-disable-commands
show rsp
show slip
show slot
show snmp mib
show sum
show timers
snmp-server priority low
config command
test
crash
makes the router crash
test ipc misc
test ipx capacity x y z
generated IPX RIP and SAPs
Enterprise feature set (11.2+)
where x is the network address to begin at.
where y is the number of advertisements
where z is the interface IPX address that is reachable from
test mbus power [slot] [on off]
ttcp
write core
does a full core dump, reboots router
router bgp ...
bgp redistribute-internal
Usage:
Redistributing BGP into another
protocol only redistributes E-BGP routes. Using
this command in the BGP
configuration will also redistribute I-BGP routes in
the other routing-protocol.
---------------
neighbor xxx.xxx.xxx.xxx
remove-private-as
If an as path made up of private as
numbers is passed to an external neighbors,
the private as's are dropped.
Private as's are in the range 64512 to 65535
-----------------
For routers that are not able to do
MBGP and you need those BGP routes into
MBGP you need the following command
on router B.
router bgp 103
neighbor <cust-router remote-as
<customer-as
neighbor <cust-router
translate-update [nlri multicast unicast]
If you configure the
"translate-update" command with 'nlri multicast' all
routes from this neighbor go into
the MBGP table. If you configure both, they go into
both tables. If you need to control
specificly which route should go into MBGP
and BGP, configure the
'translate-update' command without any NLRI, and
configure a route map to do it.
ipx sap-interval passive
no ip gratuitous-arps
sh con cxbus
Needed when one is BGP peering with a Bay/Nortel router:
router bgp <AS>
neighbor <IP ADDR> dont-capability-negotiate
Craig J. LaCava
Commands on Cat 5500/RSMs:
ps -c/-s/-p - Urszula
The "show biga" and "show portreg" commands
are technically documented, but
are usually buried in the release notes somewhere and not included in the
user manual.
Patrick Douglas
Engineer Mode:
Enable engineer also allows you to access undocumented commands.
do a show ver to get the version number of the HW, FW and SW off the
Supervisor card. On the Torrance Lab switch, it's:
1 2 WS-X5009 010968808 Hw : 3.1
Fw : 2.2(2)
Fw1: 2.2(1)
Sw : 4.2(2)
type "enable engineer"
The password is : passwordHWFWSWenablepassword. So, if the password is
"pass", and the enable password is "epass", the enable
engineer password is
"pass312242epass"
The number of additional commands varies by IOS version. Do a ? to see
what
else you get.
Jonathon D. Paul
Engineer Mode:
To use this mode, first determine the software versions on your switch.
Below is an extract from 'show version':
Module Ports Model Serial # Hw Fw Fw1 Sw
------ ----- ---------- --------- ------ ------- ------- ------
1 2 WS-X5009 003127015<?color><?param ffff,0000,0000>
1<?/color>.<?color><?param
ffff,0000,0000>8<?/color><?color><?param
ffff,0000,0000> 2<?/color>.<?color><?param
ffff,0000,0000>1<?/color> 2.1<?color><?param
ffff,0000,0000> 2<?/color>.<?color><?param
ffff,0000,0000>4<?/color>(5)
Note the hardware, firmware and software versions above. Concatenate these
(marked above in red) to form a six digit number (ignore full stops, Fw1 and
Sw subrelease). e.g. 182124 from above.
Type 'enable engineer'. You will be prompted for a password.
The password is the concatenation of telnet password, 'magic' number from
above and enable password.
i.e. If telnet password is 'password' and enable password is 'enable', then
the enable engineer password for this switch is 'password182124enable'.
Matthew Coy, Network Systems Consultant
In your switch, do a sh ver. From the output, take numbers underneath
the Hw, Fw, and Sw headings of the line cards (not the RSM, if you have
one). For example, mine is as follows:
Module Ports Model Serial #
Hw Fw
Fw1 Sw
------ ----- ---------- --------- ------ ------- ------- --------------
1 2 WS-X5530
008146920 1.5 3.1(2) 3.1(2) 3.1(1)
So I would take the following numbers (no periods, no minor rev #s): 153131
Using your telnet password and enable password, put them together and type the
following: (we'll use telnet and enable as the passwords)
enable engineer
at the password prompt, type the following:
telnet153131enable
Your prompt now changes to:
hostname (debug-eng)
and you have access to the commands.
Keith Booe
whichbus tells you which bus a particular card is on but that is not as
cool as enable engineer !
Jon Diamond
show counters
<mod/port>
Some GSR goodies:
1. To log into the line card, for 7500, you use "if-con" command;
but you
use "attach" for GSR
2. dCEF is always enabled by default and can NOT be removed.
3. IOS only supports IP.
4. You can upgrade the whole IOS, or only mircrocode on selected line card.
Sometimes you need to upgrade images on chips, so use "upgrade
all" command.
5. The back plane consists of SFC and CSC. Try to install two CSC, otherwise
one CSC blows up, you lose 3/4 back plane bandwidth.
check the release notes on CCO. Everything is there.
Yifan (Eric) Wang
Others:
set option errport enable
VoIP Command:
You can do a "csim start ####" to test.
#### = extension you want to dial.
<sh snmp mib>
"service internal" on an LS1010
'show interface xxx switching'
ipx sap-interval passive
From the CIM - Basic Voice over IP CDROM:
-
modem-mgmt csm debug-rbs
This is an undocumented Cisco IOS® command because it is a hidden
command. You won't find it listed in the regular IOS® command
reference. It is used specifically to debug in-band signaling and is
available in IOS versions 11.3 through 12.0. This command is included
because it is common knowledge and is used frequently in debugging CAS.
In the IOS, this command will eventually be replaced with
debug cas from IOS version 12.0.
Bert Boerland's Document the Undocumented site:
Any Others?
If anyone knows of any others I would definitely like to hear about them.
Just e-mail them to me at Scott
Hogg
Page last updated 4/16/2002