Here is a list of the undocumented commands that can be entered into Cisco Routers. These were commands that Cisco either created and were not fully functional or Cisco doesn't want us to know about. Some of these commands only work on certain versions of IOS, however, I have found that many of them work well on all versions. If you find errors or have additional commands that you have discovered, please let me know and I will post them here.
snmp-server priority low
ip spd enable
Enable selective packet discard (spd) to drop certain less-important types of packets if the router gets busy. This keeps the router forwarding user traffic first and network management traffic last during high congestion times. Attacks to overload the router with management traffic will be mitigated with this global configuration command.
service nagle
Enables the NAGLE congestion control algorithm. This is supported in some, but not other versions of IOS.
ttcp
Can generate TCP packets to test links
In 11.1, but not 11.3
Check out http://www.ccci.com/tools/ttcp/index.html
or http://www.ccci.com/product/network_mon/tnm31/ttcp.htm
ip nat service
test crash
no ip gratuitous-arps
show idb - 11.2 - shows interface descriptor block information
show isdn active
show isdn history
standby use-bia - HSRP
no service password-recovery
Wipes out the current config and sends the user to setup
configuration if the traditional password recovery method is used
if con <slot #> console
vip-slot0# ?
vip-slot0# test atm 0
to exit type "Ctrl-C" three times
show ip cache - ?
set ip cache policy
ip security extended-ignored
ipx sap-interval passive
show interface eth 0 stats
Yields other statistics about that interface
show interface eth 0 switching
Gives stats on how the packets are switches (fast/SSE/process) on that interface
line vty 0 (also for con or aux)
preferred transport none
This sequence forces you to type "telnet <hostname>" thus avoiding the
wait for a hostname resolution for telnet session when you really typed a
bad command. This is from the terminal server code Cisco had.
Bob Martin
Speaking from personal experience, it is also very useful for blocking
outbound telnet when using TACACS+ command authorization. Say, for
instance, you work in a NOC for a large insurance company. They place
routers in agent offices, which have no liability to the actual company.
The tranport preferred none command will allow tacacs+ to block telnet from
these end node routers, so if somebody breaks into a router, they can't get
any where else without bringing down the server, which would trigger an
event to the NOC.
Richard Rees
show ip eigrp events
show ip eigrp event [as] [start# end#]
IP-EIGRP Events
show ip eigrp sia-event [as] [start# end#]
IP-EIGRP SIA event
show ip eigrp timers [as]
IP-EIGRP Timers
clear ip eigrp [as] event
Clear IP-EIGRP event logs
clear ip eigrp [as] logging
Stop IP-EIGRP event logging
Some EIGRP router sub-commands (i.e. under "router eigrp xx")
[no] eigrp event-logging
Controls logging of eigrp events on a per bases
[no] eigrp event-log-size
Set event log sixe to events; 0 deletes event log buffers
[no] command resets event log and SIA log size to 500 events
[no] eigrp log-event-type [dual] [xmit] [transport]
Configure the set of event types to log
[no] eigrp kill-everyone
Kill all adjacencies on an SIA event or a neighbor down event
[no] eigrp log-neighbor-changes
Log changes in peer status of neighbors
Donnie Savage
show ip ospf stat
Shows detail of the last ten SPF algorithm runs with a reason for the run
Adrian Sinclair
show ip ospf event
show ip ospf maxage
show ip ospf bad-checksum
show ip ospf delete
Alex D. Zinin
ip flow-cache feature-accelerate
xxxxx(config)#ip flow-cache ?
active-timeout Specify the active flow timeout
entries Specify the number of entries in the flow cache
feature-accelerate Enable flow based feature acceleration
Oliver J. Albrecht
One command that I used to diagnose a memory leak was "SHOW CHUNK"
Dave Greer
show region - Darrel Hinshaw
Does anybody know what the command "service internal" is on the Lightstream
> 1010 coder (version 11.3.5(WA48D))?
Not only on Lightstreams, though... ;)
This command switches on some code branches, containing additional checks
and debug outputs. Should not be used unless you are working with TAC upon
very hideous bug. Consumes significant portion of CPU...
Basil (Vasily) Dolmatov
'serv inter' allows you to enable some additional debugs that are not normally
available. I don't think that having the command in your config has any
important CPU impact. The debugs you can enable are a different story...
service internal - Lawrence Rebarchik
Interface looopback 0
ip ospf network point-to-point /* put this command on the loopback to make the lo0 not a host(/32) route
bgp common-administration
bgp dynamic-med-interval
bgp process-dpa
clear ip eigrp [as] event Clear IP-EIGRP event logs
clear ip eigrp [as] logging Stop IP-EIGRP event logging
config overwrite
copy core ?
debug dialer detailed
debug ip packet ... dump Outputs a hex & ASCII dump of the packet's contents
debug isdn code
debug sanity
if-con <n> attach to a vip console
if-cons
ip forwarding
ip forwarding accounting
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ip forwarding accounting prefix-length
ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval
ip forwarding traffic-statistics update-rate
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
memory scan
modem-mgmt csm debug-rbs
no service password-recovery
[router bgp ASN]
neighbor <customer-router> translate-update
[nlri multicast unicast]
bgp redistribute-internal
service internal
set destination-preference
show alignment
show asp
show caller
show chunk
show chunk summary
show controller vip <slotno> log
show controller vip <slotno> tech
show fib
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show ipv6 cef internal
show fib not-fib-switched
show hardware
show idb
show interface statis
show interface switching
show interfaces stat
show interface <int> stat
show interfaces switching
show int <int> switching
show ip eigrp event [as] [start# end#] IP-EIGRP Events
show ip eigrp sia-event [as] [start# end#] IP-EIGRP SIA event
show ip eigrp timers [as] IP-EIGRP Timers
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf ev
show ip ospf events
show ip ospf maxage
show ip ospf maxage
show ip ospf statistics
show isdn active
show isdn history
show list
show list nonempty
show llc
show media
show media access-lists
show modem mapping
show parity
show parser
show parser links
show parser modes
show parser unresolved
show profile
show profile detail
show profile terse
show refuse-message
show region
show region address
show rsh
show rsh-disable-commands
show rsp
show slip
show slot
show snmp mib
show sum
show timers
snmp-server priority low
test crash makes the router crash
test ipc misc
test ipx capacity x y z
test mbus power [slot] [on off]
ttcp
write core
router bgp ...
bgp
redistribute-internal
Usage:
Redistributing BGP into another protocol only redistributes E-BGP routes. Using
this command in the BGP configuration will also redistribute I-BGP routes in
the other routing-protocol.
---------------
neighbor xxx.xxx.xxx.xxx remove-private-as
If an as path made up of private as numbers is passed to an external neighbors,
the private as's are dropped. Private as's are in the range 64512 to 65535
-----------------
For routers that are not able to do MBGP and you need those BGP routes into
MBGP you need the following command on router B.
router bgp 103
neighbor <cust-router remote-as <customer-as
neighbor <cust-router translate-update [nlri multicast unicast]
If you configure the "translate-update" command with 'nlri multicast' all
routes from this neighbor go into the MBGP table. If you configure both, they go into
both tables. If you need to control specificly which route should go into MBGP
and BGP, configure the 'translate-update' command without any NLRI, and
configure a route map to do it.
ipx sap-interval passive
no ip gratuitous-arps
sh con cxbus
Needed when one is BGP peering with a Bay/Nortel router:
router bgp <AS>
neighbor <IP ADDR> dont-capability-negotiate
Craig J. LaCava
Commands on Cat 5500/RSMs:
ps -c/-s/-p - Urszula
The "show biga" and "show portreg" commands are technically documented, but
are usually buried in the release notes somewhere and not included in the
user manual.
Patrick Douglas
Engineer Mode:
Enable engineer also allows you to access undocumented commands.
do a show ver to get the version number of the HW, FW and SW off the
Supervisor card. On the Torrance Lab switch, it's:
1 2 WS-X5009 010968808 Hw : 3.1
Fw : 2.2(2)
Fw1: 2.2(1)
Sw : 4.2(2)
type "enable engineer"
The password is : passwordHWFWSWenablepassword. So, if the password is
"pass", and the enable password is "epass", the enable engineer password is
"pass312242epass"
The number of additional commands varies by IOS version. Do a ? to see what
else you get.
Jonathon D.
Paul
Engineer Mode:
To use this mode, first determine the software versions on
your switch. Below is an extract from 'show version':
Module Ports Model Serial # Hw Fw Fw1 Sw
------ ----- ---------- --------- ------ ------- ------- ------
1 2 WS-X5009 003127015<?color><?param ffff,0000,0000>
1<?/color>.<?color><?param
ffff,0000,0000>8<?/color><?color><?param ffff,0000,0000>
2<?/color>.<?color><?param ffff,0000,0000>1<?/color>
2.1<?color><?param ffff,0000,0000>
2<?/color>.<?color><?param ffff,0000,0000>4<?/color>(5)
Note the hardware, firmware and software versions above. Concatenate these
(marked above in red) to form a six digit number (ignore full stops, Fw1 and Sw
subrelease). e.g. 182124 from above.
Type 'enable engineer'. You will be prompted for a password.
The password is the concatenation of telnet password, 'magic' number from above
and enable password.
i.e. If telnet password is 'password' and enable password is 'enable', then the
enable engineer password for this switch is 'password182124enable'.
Matthew Coy, Network Systems Consultant
In your switch, do a sh ver. From the
output, take numbers underneath the Hw, Fw, and Sw headings of the line cards
(not the RSM, if you have one). For example, mine is as follows:
Module Ports Model Serial #
Hw Fw
Fw1 Sw
------ ----- ---------- --------- ------ ------- ------- --------------
1 2 WS-X5530
008146920 1.5 3.1(2) 3.1(2) 3.1(1)
So I would take the following numbers (no periods, no minor rev #s): 153131
Using your telnet password and enable password, put them together and type the
following: (we'll use telnet and enable as the passwords)
enable engineer
at the password prompt, type the following:
telnet153131enable
Your prompt now changes to:
hostname (debug-eng)
and you have access to the commands.
Keith Booe
whichbus tells you which bus a particular card is on but that is not as cool as enable engineer !
Jon Diamond
Shows the backplane statistics
show traffic
Shows interface counters – I don’t know the command to clear these counters (clear counters only clears the “show interface” counters)
show counters <mod/port>
1. To log into the line card, for 7500, you use "if-con" command; but you
use "attach" for GSR
2. dCEF is always enabled by default and can NOT be removed.
3. IOS only supports IP.
4. You can upgrade the whole IOS, or only mircrocode on selected line card.
Sometimes you need to upgrade images on chips, so use "upgrade all" command.
5. The back plane consists of SFC and CSC. Try to install two CSC, otherwise
one CSC blows up, you lose 3/4 back plane bandwidth.
check the release notes on CCO. Everything is there.
Yifan (Eric) Wang
set option errport enable
VoIP Command:
You can do a "csim start ####" to test.
#### = extension you want to dial.
<sh snmp mib>
"service internal" on an LS1010
'show interface xxx switching'
ipx sap-interval passive
From the CIM - Basic Voice over IP CDROM:
test dhcp [allocate xxx.xxx.xxx.xxx] | [release] | [renew]
test crash [value] or <cr> to enter crash menu
test dsp memory
http://boerland.com/dotu
Document the undocumented
Project DOTU Web Site
http://www.madness.at/~mad/cisco_ios_udc.html
Yet another version
http://www.tech-forums.net/computer/topic/28883.html
Paulus Sugeng Widodo’s List
http://pauluz.tripod.com/Cisco/hiddencommand.htm
If anyone knows of any others I would definitely like to hear about them.
Just e-mail them to me at Scott Hogg
Page last updated 4/16/2002