Undocumented Cisco Commands
$Revision: 1.89 $ $Date: 2005/08/29 22:22:17 $

The data in this document has been gathered from a variety of sources:

If you have any suggestions or additions to this list please contact me at lf@elemental.net.

Index
[no] ip spd queue {min-threshold | max-threshold} <n> (IOS) show banff-reset (XID/CatOS, Catalyst 5000 series with NFFC)
[no] spd enable (IOS) show caller (IOS)
aaa accounting delay-start (IOS) show chunk [summary] (IOS)
aaa authorization console (IOS (>= 12.1(10.6))) show controller switch (Cat 2900XL/3500XL, IOS)
aaa pod server [port <port number>] [auth-type {any | all | session-key}] server-key <string> (IOS (>= 11.3(7)AA)) show epc ... (IOS)
ais-enable (IOS) show epc acl lookup {in|out} ... (IOS (Cat 2948G-L3, 4908G-L3, 8540))
arap logging debug-extensions (IOS) show epc acl tcam2acl interface <interface> {in|out} (IOS (Cat 2948G-L3, 4908G-L3, 8540))
bgp common-administration (IOS) show epc ip-address interface <interface> all-entries (IOS (Cat 2948G-L3))
bgp maxas-limit <1 - 2000> (IOS) show epc patricia <ingress-interface> ipucast detail (IOS)
bgp redistribute-internal (IOS) show epc patricia <interface> mac (IOS (Cat 2948G-L3, 4908G-L3))
bridge-group <bridge-num> subscriber-loop-control (IOS) show idb (IOS)
clear ip eigrp [<as>] events (IOS) show inband (XID/CatOS)
clear ip eigrp [<as>] logging (IOS) show interface cable <x>/0 privacy statistic (IOS)
clock source free-running|line primary (IOS) show interfaces [<interface-name>] stats (IOS)
csim (IOS) show interfaces [<interface-name>] switching (IOS)
debug buffer (IOS) show ip cef [<network> [<netmask>]] internal (IOS)
debug crypto isakmp detail (IOS) show ip eigrp events [<as-num>] [<start-num>] [<end-num>] (IOS)
debug crypto isakmp packet (IOS) show ip eigrp sia-event (IOS)
debug dialer detailed (IOS) show ip eigrp timers [<as-num>] (IOS)
debug dialer holdq (IOS) show ip ospf bad-checksum (IOS)
debug ip ospf monitor (IOS) show ip ospf delete-list (IOS)
debug ip packet [detail] [<access-list>] dump (IOS) show ip ospf events (IOS)
debug isdn q931 l3 (IOS) show ip ospf maxage-list (IOS)
debug mica {tx|rx} <slot>/<port> (IOS) show ip ospf statistic (IOS)
debug modem csm (IOS) show ip route hash (IOS)
debug oir (IOS) show ip route profile (IOS)
debug parser mode (IOS) show ip spd (IOS)
debug sanity (IOS) show isdn memory detail (IOS)
dialer disable-multiencaps (IOS) show isdn service [<dsl> | <interface-name>] detail (IOS)
dialer mult-map-same-name (IOS) show isdn status detail (IOS)
eigrp event-log-site <n> (IOS) show isis private (IOS)
eigrp event-logging (IOS) show isis timers (IOS)
eigrp kill-everyone (IOS) show isis tree (IOS)
eigrp log-event-type [dual] [xmit] [transport] (IOS) show list [none] (IOS)
enable engineer (XDI/CatOS) show mbuf (XID/CatOS)
frame-relay fecn-create (IOS) show memory big (IOS)
gdb {kernel | pid <pid-num> | {examine | debug} <pid-num>} (IOS) show mls nfde (XID/CatOS)
h323 h245 tunnel defer (IOS) show mls status (Cat 6000 Native IOS)
if-console <slot-num> [console|debug] (7000/7500 Series, IOS) show mmc np5400 [config|flows|get|indications|ports|queue|registers|stat|send] [...] (IOS (Cat 2948G-L3, 4908G-L3))
ip cache-ager <secs-between-runs> <fraction-low-memory> <fraction> (IOS (>=10.3(8) and >=11.0(3))) show mpls interfaces internal all (IOS)
ip cache-invalidate-delay <minimum-delay> <maximum-delay> <quit-interval> (IOS (>=10.3(8) and >=11.0(3))) show msfc (IOS (Cat 6k hybrid))
ip ospf interface-retry <retries> (IOS) show msfc (CatOS (Cat 6k hybrid))
ip route profile (IOS) show msfc nvram (IOS (Cat 6k hybrid))
ipc-console <slot-num> <cpu> (Catalyst 6000/6500 Series, IOS) show parser modes (IOS)
ipx sap-interval {<n>|passive} (IOS (>=11.2)) show parser unresolved (IOS)
ipx server-split-horizon-on-server-paths (IOS) show polaris fibmgr usage (CatOS (Cat 6k hybrid))
ipx update interval {rip | sap} passive (IOS (>=11.3(1.3))) show region (IOS)
isdn incoming progress [validate|accept] (IOS (>= 12.1(3.3)T)) show region address <address> (IOS)
modem-mgmt csm debug rbs (IOS) show slip (IOS)
mpls traffic-eng multicast-intact (IOS) show snmp chassis (IOS)
multilink queuing bypass-fifo (IOS) show snmp community (IOS)
neighbor <ip-address> don't-capability-negotiate (IOS) show snmp host (IOS)
no logging snmp-authfail (IOS) show snmp location (IOS)
no ppp microcode (IOS) show snmp mib (IOS)
no snmp-server sparse-tables (IOS) show snmp newcom (IOS)
ppp dnis <number> [<number> ...] (IOS) show snmp notify (IOS)
ppp ipcp accept-address (IOS) show sum (IOS)
ppp ipcp dns|wins {accept | a.b.c.d [e.f.g.h] [accept]} (IOS) show sum (IOS)
ppp ipcp ignore-map (IOS) show tcam ... (Cat 6000 Native IOS)
ppp ipcp unique-address (IOS) snmp-server priority {low | normal | high} (IOS)
ppp max-configure <num> (IOS) spd headroom <n> (IOS)
priv () tcam priority high|low|medium (Cat 6000 Native IOS)
ps -c (XDI/CatOS) test aaa group radius <username> <password> (IOS)
radius send service-type call-check (IOS (>= 12.1(4)T)) test aim eeprom slot <n> (IOS)
radius-server authorization default Framed-Protocol ppp (IOS) test crash (IOS)
radius-server authorization permit missing Service-Type (IOS) test mbus power <slot> on|off (GSR IOS)
radius-server unique-ident (IOS) test ppp echotimeout <interface-name> (IOS)
service download-fl (GSR IOS) test transmit (IOS)
service internal (IOS) tracy_close <module> <port> (XID/CatOS with WS-X6608-T1 or WS-X6608-E1)
service log backtrace (IOS) tracy_start <module> <port> (XID/CatOS with WS-X6608-T1 or WS-X6608-E1)
service unsupported-transceiver (IOS) traffic-shape fecn-create (IOS)
service-policy classify-per-feature (IOS) ttcp (Cisco 7200/7500, IOS)
set trace <category> <level> (XID/CatOS) tx-queue-limit (IOS)
set trace monitor {enable|disable} (XID/CatOS) virtual-template <template-num> pre-clone <num> (IOS)
show acl stats (XID/CatOS) vpdn ip udp ignore checksum (IOS)
show alignment (IOS) vpdn {l2f|l2tp} session table-size <size> (IOS)
Command Name Configuration Mode Platform / Software
[no] ip spd queue {min-threshold | max-threshold} <n> config  IOS 
Sets lower and upper ip process-level queue thresholds for SPD. With SSE based SPD, lower precedence packets are randomly dropped when the queue size hits min-threshold. The drop probability increases linearly with the queue size until max-threshold is reached, at which point all lower precedence packets are dropped. For regular SPD, lower precedence packets are dropped when the queue size reaches min-threshold. Defaults are 50 and 75, respectively. These values were not based on real life experience and may need some tuning.  
Reference: Cisco ISP Esssentials
[no] spd enable config  IOS 
Enable or disable the selective packet discard (SPD) feature. Command is called "ip spd enable" in 11.1CC.  
Reference: Cisco ISP Esssentials, CSCdk31898
aaa accounting delay-start config  IOS 
If you want to see IP addresses in the AAA start records, then you will want "aaa accounting delay-start" which is hidden but universally used.  
Reference:
aaa authorization console config  IOS (>= 12.1(10.6)) 
This hidden commands enables authorization for the console port. Otherwise authorization on the console ports always succeeds. Aaron Leonard submitted CSCdp33836 and CSCdp33841 to get this command documented.  
Reference: Dennis Peng <dpeng@cisco.com>, <20010510092606.I19846@sj-cse-320.cisco.com> and Aaron Leonard <aaron@cisco.com>, <20010510094014.K19846@sj-cse-320.cisco.com> on cisco-nas, as well as CSCdi82030
aaa pod server [port <port number>] [auth-type {any | all | session-key}] server-key <string> config  IOS (>= 11.3(7)AA) 

Syntax Description

  • port <port number>

    (Optional) The network access server port to use for POD requests. If no port is specified, port 1700 is used.

  • auth-type

    (Optional) The type of authorization required for disconnecting sessions.

    • any

      Session that matches all of the attributes sent in the POD packet is disconnected. The POD packet may contain one or more of four key attributes (user-name, framed-IP-address, session-ID, and session-key).

    • all

      Only a session that matches all four key attributes is disconnected. All is the default.

    • session-key

      Session with a matching session-key attribute is disconnected. All other attributes are ignored.

  • <string>

    The secret text string that is shared between the network access server and the client workstation. This secret string must be the same on both systems.

This command is now documented as of 12.2(8)T.

 
Reference:
ais-enable config-if  IOS 
IOS version 12.0(7.1) includes a hidden command to enable generation of AIS alarm on tx line when LOS is detected on rx line. This is a kludge to workaround other vendor's ATM switches (Newbridge) that don't generate F4/F5 OAM AIS cells when F3 RDI is received. This command is only supported on the PA-A3 port adapter. The hidden interface command "ais-enable" will enable AIS alarm assertion when an LOS alarm occurs.  
Reference: CSCdm37634
arap logging debug-extensions config  IOS 
This DDTS adds a hidden command, "arap logging debug-extensions" which effectively negates the changes from CSCdi57713. Messages that re-appear:
Modem CD dropped unexpectedly.  
User exceeded timelimit 
ARAP connection was terminated.  
v42_input running (may be low memory) 
v42_output running (may be low memory) 
Force Quit pak v42bisflush C
Carrier dropped during startup
 
Reference: CSCdi68276, CSCdi57713
bgp common-administration config-router bgp  IOS 
 
Reference:
bgp maxas-limit <1 - 2000> config-router bgp  IOS 
This command should be used in router configuration mode; by default there is no limit. If the number of ASes in the AS_PATH exceeds the limit, the UPDATE will be stored in the BGP table, but not used in the bestpath selection or propagated.  
Reference: CSCdr54230, CSCdu00679
bgp redistribute-internal config-router bgp  IOS 
Normally redistributing BGP into another protocol only redistributes EBGP routes. Using this command will also redistribute IBGP routes. Hidden in IOS versions prior to 12.1.  
Reference:
bridge-group <bridge-num> subscriber-loop-control config-if  IOS 
Bridge between two machines on the same subinterface.  
Reference:
clear ip eigrp [<as>] events privileged exec  IOS 
Clear IP EIGRP event logs.  
Reference:
clear ip eigrp [<as>] logging privileged exec  IOS 
Stop IP EIGRP event logging.  
Reference:
clock source free-running|line primary config-controller  IOS 
Generate or sample clock rate from the line.  
Reference:
csim exec  IOS 

With the command csim you can emulate a voice call. It's like sombody calls the specified number. Usefull, if you don't have physically access to the telephone:

Sucessfull call:

wg1r1#csim start 089150
csim: called number = 089150, loop count = 1 ping count = 0
csim err csimDisconnected recvd DISC cid(21) 
csim: loop = 1, failed = 1 
csim: call attempted = 1, setup failed = 1, tone failed = 0

Call to an undefined number:

wg1r1#csim start 089151
csim: called number = 089151, loop count = 1 ping count = 0 

csim err:csim_do_test Error peer not found 
 
Reference:
debug buffer privileged exec  IOS 
Debug buffer management.  
Reference: Phrack, Volume 0xa, Issue 0x38
debug crypto isakmp detail privileged exec  IOS 

Crypto ISAKMP internals debugging.

Example output during ISAKMP SA establishment:

6w3d: ISAKMP cookie gen for src 62.245.147.66 dst 195.244.119.2
6w3d: ISAKMP cookie B5FCAD89 B2BD7BFF
6w3d: ISAKMP: find_me 
	a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 
	b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0) 
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 B2BD7BFF
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b 00000000 00000000
6w3d: ISAKMP: compare 
	a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 
	b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 9BEC22F8
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b DB28B716 6D61AE4F
6w3d: ISAKMP cookie gen for src 195.244.119.2 dst 62.245.147.66
6w3d: ISAKMP cookie 10FA17FE 2C76366D
6w3d: ISAKMP: find_me 
	a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 
	b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0) 
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b 10FA17FE 2C76366D
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b 00000000 00000000
6w3d: ISAKMP: compare 
	a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 
	b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1) 
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 9BEC22F8
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b DB28B716 6D61AE4F
 
Reference:
debug crypto isakmp packet privileged exec  IOS 

Crypto ISAKMP packet debugging.

Example output during ISAKMP SA establishment:

6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809F0880 809F8A34 
		  809F301C 809F33DC 809F5228 801710CC
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809F8494 809F87C0 
		  809F8C20 809F301C 809F33DC 809F5228 801710CC
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809FF460 80A00E0C
		  80A01070 809FBEBC 809F99B8 809F468C 809F51C8 801710CC
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 204):
6w3d:           KE payload
6w3d:           NONCE payload
6w3d:           VENDOR payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_SA_SETUP
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_SA_SETUP
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 184):
6w3d:           KE payload
6w3d:           NONCE payload
6w3d: ISAKMP: Main Mode packet contents (flags 1, len 64):
6w3d:           ID payload
6w3d:           HASH payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_KEY_EXCH
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_KEY_EXCH
6w3d: ISAKMP: Main Mode packet contents (flags 1, len 68):
6w3d:           ID payload
6w3d:           HASH payload
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 168):
6w3d:           HASH payload
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d:           NONCE payload
6w3d:           ID payload
6w3d:           ID payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) QM_IDLE      
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) QM_IDLE    
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 172):
6w3d:           HASH payload
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d:           NONCE payload
6w3d:           ID payload
6w3d:           ID payload
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 52):
6w3d:           HASH payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) QM_IDLE
 
Reference:
debug dialer detailed privileged exec  IOS 
Enable some additional debugging for the DDR subsystem.  
Reference:
debug dialer holdq privileged exec  IOS 

Activate debugging output for dialer hold queue events.

Jan 13 14:56:03.240: Se0/1:15 DDR: Creating holdq 626B1B9C
Jan 13 14:56:03.240: DDR: Assigning holdq 626B1B9C to 627923F8
Jan 13 14:56:09.208: DDR: Assigning holdq 626B1B9C to 61B667F4
Jan 13 14:56:09.208: DDR: freeing dialer holdq 626B1B9C (Ref ptr 61B667F4)
Jan 13 14:56:09.208: DDR: Dialing failed, 0 packets unqueued and discarded
Jan 13 14:56:09.208: : 2 packets unqueued and discarded
 
Reference:
debug ip ospf monitor privileged exec  IOS 
OSPF SPF monitoring debugging. Hmm, seems to show synchronization between OSPF routing process and routing table. Furthermore it shows LSA changes and so can be used to debug why a link marked as OSPF demand circuit is brought up for example.  
Reference:
debug ip packet [detail] [<access-list>] dump privileged exec  IOS 
Dumps packets contents for process switched packets.  
Reference:
debug isdn q931 l3 privileged exec  IOS 
This command will show additional information on ISDN Layer 3, i.e. the corresponding call reference number in all ISDN messages.  
Reference: Project DOTU
debug mica {tx|rx} <slot>/<port> privileged exec  IOS 
Dump data from a MICA digital modem. Probably only supported on the Cisco Access Server series (e.g. AS5300).  
Reference:
debug modem csm privileged exec  IOS 
Modem Management Call Switching Module debugging.  
Reference:
debug oir privileged exec  IOS 

Activate OIR debugging.

ctalkb#debug oir
Online Insertion and Removal debugging is on
2w3d: OIR: Process woke, 'Event', stall=2, usec=0xB6835B36 
	-Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Shutdown pulled interface for Serial5/0 
	-Traceback= 600E30C4 60409204 604096C8 603B6D2C 603B6D18
2w3d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled 
	-Traceback= 60409748 603B6D2C 603B6D18
2w3d: OIR: Remove hwidbs for slot 5 
	-Traceback= 60409368 60409750 603B6D2C 603B6D18
2w3d: OIR: Process woke, 'Event(max not running)', stall=3, usec=0xD0115C9E
	-Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Process woke, 'Timer(max running)', stall=3, usec=0xDDBB56D6
	-Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: (Re)Init card 5, retry_count=3 
	-Traceback= 60409894 603B6D2C 603B6D18
2w3d: %OIR-6-INSCARD: Card inserted in slot 5, interfaces administratively shut down 
	-Traceback= 604098BC 603B6D2C 603B6D18
 
Reference: Phrack, Volume 0xa, Issue 0x38
debug parser mode privileged exec  IOS 
Aug  7 21:58:44.207 MEST: Look up of parser mode 'route-map' succeeded
Aug  7 21:58:45.923 MEST: Look up of parser mode 'configure' succeeded
 
Reference: Phrack, Volume 0xa, Issue 0x38
debug sanity privileged exec  IOS 
With this command every buffer that is used in the system is sanity-checked when it is allocated and when it is freed. This can sometimes be used to pinpoint memory corruption problems when analyzing a core dump which was generated with this debug option in effect.  
Reference:
dialer disable-multiencaps config-if  IOS 
Revert to premultiencapsulation on the dialer profile.  
Reference: CSCdp95164
dialer mult-map-same-name config-if  IOS 
If distinct dialer maps to different destinations share the same remote name, traffic will fail to pass on the 2nd and subsequent sessions. This ability is implemented 1n 12.0T as a hidden command. dialer mult-map-same-name allows 2 users to dial in to the dialer with the same ppp user_name. It's behaviour with other dialer features is currently unpredictable and should be used with caution.  
Reference: CSCdk28459 - allow multi users w/ same name
eigrp event-log-site <n> config-router eigrp  IOS 
Set size of event log. Setting it to zero deletes event log buffers. Default log buffer size is 500 events.  
Reference:
eigrp event-logging config-router eigrp  IOS 
Controls logging of EIGRP events.  
Reference:
eigrp kill-everyone config-router eigrp  IOS 
Kill all adjacencies on an SIA or a neighbor down event.  
Reference:
eigrp log-event-type [dual] [xmit] [transport] config-router eigrp  IOS 
Configure the set of EIGRP event types to log.  
Reference:
enable engineer exec  XDI/CatOS 

Catalyst 5000 series with Supervisor Engine I:

You will be prompted for a password. It has the following format:

  • VTY
  • VTY
  • HW
  • FW
  • SW
That is, the VTY password followed by the VTY password again, followed by the hardware version, followed by the software version(no spaces, do not type the dots in the versions).

Catalyst 5000 series with Supervisor-Engine II and III and Catalyst 6000 series with Supervisor I and II:

Format for the password is:

  • VTY
  • HW
  • FW
  • SW
  • VTY

That is, the VTY password followed by the VTY password again, followed by the hardware version, followed by the software version (no spaces, do not type the dots in the versions).

 
Reference:
frame-relay fecn-create config-map-class  IOS 

This hidden command enables setting the FECN bit in all outgoing packets that have been delayed due to traffic shaping.

 
Reference:
gdb {kernel | pid <pid-num> | {examine | debug} <pid-num>} privileged exec  IOS 
Seems to activate some internal debugger. Maybe for access via remote gdb. Probably only useful with a symbol table and an IOS image compiled for debugging.  
Reference: Phrack, Volume 0xa, Issue 0x38; Project DOTU
h323 h245 tunnel defer voice service voip  IOS 
 
Reference:
if-console <slot-num> [console|debug] privileged exec  7000/7500 Series, IOS 
Open connection to the VIP console. Lots of useful commands there, especially showing memory and cpu usage.  
Reference:
ip cache-ager <secs-between-runs> <fraction-low-memory> <fraction> config  IOS (>=10.3(8) and >=11.0(3)) 

It's hidden, and you have to configure "service internal" in order to bring it into existence.

  • <secs-between-runs> is 0-2147483 number of seconds between ager runs, default = 60 seconds. If the period between ager invalidation runs is set to 0, the ager process is disabled entirely.
  • <fraction-low-memory> is 2-50 1/<fraction-low-memory> of cache to age per run (low memory), default = 4.
  • <fraction> is 3-100 1/<fraction> of cache to age per run (normal), default = 20.

Configures the ager of the fast switching cache. Aaron Leonard <Aaron@cisco.com> recommended "20 3 3" on cisco-nas in the light of recent CodeRed attacks, i.e. make the ager more aggressive to prevent excessive cache growth.

 
Reference: <01K7Y45PW1PA9KWFH9@Cisco.COM> and http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
ip cache-invalidate-delay <minimum-delay> <maximum-delay> <quit-interval> config  IOS (>=10.3(8) and >=11.0(3)) 

Requires "service internal".

  • <minimum-delay> is 0-300 seconds.
  • <maximum-delay> is 1-300 seconds.
  • <quiet-interval> is 1-600 seconds.

Use "no ip cache-invalidate-delay" to disable the delay altogether. See this posting from cisco-nas:

Date: Fri, 28 Apr 2000 10:07:03 -0700 (PDT)
From: Aaron Leonard <Aaron@cisco.com>
Subject: Re: CN: telnet DoS (CSCdm70743)
To: Cisco-NAS@datasys.net
Message-id: <01JORKP9PBPIA2AL39@Cisco.COM>
References: <01JOHR9QY432A2AAVQ@Cisco.COM>
Reply-To: Cisco-NAS@datasys.net

It's hidden, and you have to configure "service internal" in order
to bring it into existence.  I.e.

as5300-1(config)#service internal
as5300-1(config)#no ip cache-invalidate-delay

It's generally recommended for systems running 12.0T/12.1 code if
they have lots of interfaces (>300) and are not doing CEF.
 
Reference: <01JORKP9PBPIA2AL39@Cisco.COM> and http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
ip ospf interface-retry <retries> config-if  IOS 

From Cisco DE (slightly edited):

The motivation for this command is a timing problem where OSPF fails to determine the state of an interface. The solution was for OSPF to poll the interface for a while to verify its state. The hidden command allows us to lengthen the polling period on routers that have a large number of interfaces. The polls occur every 10 seconds and the command controls the number of polls that will be done. With a setting of 0 retries there will be no extra polling.

Default number of retries is 10.

 
Reference:
ip route profile config  IOS 

As disclosed by Aaron Leonard from Cisco on cisco-nas:

Date: Thu, 11 Sep 2003 09:34:53 -0700 (PDT)
From: Aaron Leonard <Aaron@cisco.com>
Subject: Re: [cisco-nas] IP Route Profile
In-reply-to: "Your message dated Wed, 10 Sep 2003 22:21:02 -0500"
        <10e701c37813$bad83870$5370cd41@dellbert>
To: "Beprojects.com" <info@beprojects.com>
Cc: cisco-nas@puck.nether.net

[...]

"ip route profile" was implemented way back in late '96 by CSCdi76662. 
However we have historically refrained from documenting this (CSCdk01634,
CSCdz19775) as this has been declared to be a hidden command that "should
not be used by customers".
                                                                                                             
However, in fact this is NOT a hidden command ... so I've just now
gone ahead and reopened CSCdz19775.

Introduction

The Route Table Profiling feature was developed to assist network engineers
in monitoring routing table fluctuations, which may be the result of route
flapping, network failure, or network service restoration.  This feature was
added in CSCdi76662 to the 11.1CC train of Cisco IOS.

The Route Table Profiling feature is an undocumented and unsupported
feature.  There is no MIB support provided.

Configuration
                                                                                                          
The Route Table Profiling feature is enabled globally.  The command is "ip
route profile" in global configuration mode.  This feature can be disabled
with the command "no ip route profile" in global configuration mode.
                                                                                                          
Routing table change statistics can be viewed with the "show ip
route profile" command in exec mode.
 
Reference: CSCdi76662
ipc-console <slot-num> <cpu> privileged exec  Catalyst 6000/6500 Series, IOS 
Open connection to the FlexWAN console. FlexWANs contain two CPUs so you can connect to either CPU 0 or CPU 1.  
Reference:
ipx sap-interval {<n>|passive} config-if  IOS (>=11.2) 
Set the IPX SAP advertising interval to n or to passive mode.  
Reference:
ipx server-split-horizon-on-server-paths config  IOS 
This global configuratiom command specifies that split horizon SAP occurs on server paths.

This command is documented in DDTS CSCdm12190. From the release note:

By default, split horizon blocks information about periodic SAPs from being advertised by a router to the same interface on which the best route to that SAP is learned. But in the case where the SAP may be learned from interfaces other than (or in addition to) the interface on which the best route to that SAP is learned, enabling "ipx server-split-horizon-on-server-paths" will reduce unnecessary periodic SAP updates as that SAP will not be advertised to the interface(s) where it was learned from; this will also prevent potential "SAP loop" in the network.

 
Reference: CSCdm12190
ipx update interval {rip | sap} passive config  IOS (>=11.3(1.3)) 

The undocumented passive keyword specifies to listen but not send normal periodic SAP or RIP updates nor flash update caused by changes. Queries will still be replied to. The update interval is set to the same interval as changes-only.

See also "ipx sap-interval".

 
Reference: CSCdj59918
isdn incoming progress [validate|accept] config-if  IOS (>= 12.1(3.3)T) 
Controls whether IOS sends an INVALID information element message when it receives an invalid PROGRESS IE.  
Reference: CSCdt12611
modem-mgmt csm debug rbs privileged exec  IOS 
Debug RBS trunks. Only available if "service internal" configured. Equivalent to "debug cas" on later IOS versions (>= 12.0(7)T).  
Reference:
mpls traffic-eng multicast-intact config-router  IOS 
Use hop-by-hop routing instead of MPLS TE tunnels to transport multicast traffic. See CSCdm63234 for details.  
Reference: CSCdm63234
multilink queuing bypass-fifo config-if  IOS 
 
Reference:
neighbor <ip-address> don't-capability-negotiate config-router bgp  IOS 
Turns off CAPABILITY parameters in BGP Open message.  
Reference:
no logging snmp-authfail config  IOS 

Turn off the %SNMP-3-AUTHFAIL message.

See CSCdv04268 for availability information.

 
Reference: CSCdv04268
no ppp microcode config-if  IOS 
On a cisco 805, "ip tcp header-compression" configured on the serial async interface and on the dialer interface linked to it, results in VERY long response time for TCP sessions. Workaround: Remove "ip tcp header-compression" or enable the hidden command "no ppp microcode" on the serial interface or configure IP directly on the serial interface (no dialer interface).  
Reference: CSCdp32980
no snmp-server sparse-tables config  IOS 
Fully populate all SNMP tables even if an object id is not applicable in a specific case.  
Reference:
ppp dnis <number> [<number> ...] config-if  IOS 
Skip authentication entirely for PPP per DNIS.  
Reference: CSCdk45054
ppp ipcp accept-address config-if  IOS 
It is possible to revert to the previous operation using the hidden interface command ppp ipcp accept-address. When enabled the peer IP address will be accepted but is still subject to AAA verification, it will have precedence over any local address pool however.  
Reference: CSCdj04128
ppp ipcp dns|wins {accept | a.b.c.d [e.f.g.h] [accept]} config-if  IOS 
 
Reference: CSCdm62097, CSCdk01128
ppp ipcp ignore-map config-if  IOS 
Don't assign same IP address to peers with the same name. Instead get a fresh address.  
Reference: CSCdm18764 - don't assign peer IP addr from map
ppp ipcp unique-address config-if  IOS 
Assigns a unique IP address even if the same user (identified by the username) has multiple links open. Standard behaviour is to assigned the same IP address. See "dialer mult-map-same-name", too.  
Reference:
ppp max-configure <num> config-if  IOS 
Maximum number if configure requests to send.  
Reference:
priv ROMMON   
Enable private commands in the ROMMON. Sometimes a password is required.  
Reference:
ps -c privileged exec  XDI/CatOS 
Show process listing and CPU usage.  
Reference:
radius send service-type call-check config  IOS (>= 12.1(4)T) 
From: Dennis Peng <dpeng@cisco.com>
To: "scott.list" <scott.list@mlec.net>
Cc: cisco-nas@external.cisco.com
Message-ID: <20010331195613.D28415@sj-cse-320.cisco.com>

I assume you have preauthentication already configured? By default, we
send Service-Type = Outbound-User. In 12.1(4)T and later, you can
configure the (hidden) command "radius send service-type call-check"
to change the value from Outbound-User to Call-Check. I submitted
CSCdt85947 to get the command unhidden and documented. Here is the
release-note I attached:

The command "radius send service-type call-check" is hidden. This
command is available in 12.1(4)T and later and is used to change the
value of the Service-Type RADIUS attribute the access server sends
when doing pre-authentication. The default is to send Outbound-User
(5). With this command configured, we will send Call-Check (10). This
is useful in a multi-vendor environment as well as when migrating an
existing RADIUS database for use withe Cisco access server.
 
Reference: CSCdt85947
radius-server authorization default Framed-Protocol ppp config  IOS 
This hidden command assumes that the RADIUS Framed-Protocol attribute is PPP when no Framed-Protocol attribute is present in a RADIUS server reply packet.  
Reference: Dennis Peng <dpeng@cisco.com>, <20020404165144.GE5919@sj-cse-320.cisco.com> on cisco-nas
radius-server authorization permit missing Service-Type config  IOS 
This hidden command seems to allow RADIUS server replies in which the Service-Type attribute is missing.  
Reference: Dennis Peng <dpeng@cisco.com>, <20020404165144.GE5919@sj-cse-320.cisco.com> on cisco-nas
radius-server unique-ident config  IOS 

Directly from the DDTS release note:

The hidden command "radius-server unique-ident" can be used to try to ensure that RADIUS session IDs are unique across IOS boots. It will have the side effect of automatically writing the IOS configuration to NVRAM some time after booting.

When the router parses the command "radius-server unique-ident" it sets the unique-ident variable to (n+1) and all accouting records have a prefix of (n+1). When you look at the configuration or write the configuration to NVRAM, it is also shows "radius-server unique-ident".

If the box is reloaded, upon booting the router will parse "radius-server unique-ident" and then set the unique-ident variable to (n+2) and all accounting records have a prefix of (n+2). When you look at the configuration or write the configuration to NVRAM, is will show "radius-server unique-ident".

 
Reference: CSCdu77149
service download-fl config  GSR IOS 
Force the GRP to download its own version of the Fabric Downloader to the line card before attempting to start Cisco IOS.  
Reference: http://www.cisco.com/warp/public/63/17.html
service internal config  IOS 
Activate some Cisco commands normally used for internal testing.  
Reference:
service log backtrace config  IOS 
Supply a backtrace with every messaged logged. Probably to find out where a certain message is generated.  
Reference: Phrack, Volume 0xa, Issue 0x38
service unsupported-transceiver config  IOS 

Enables the use of third-party SFP or GBIC modules on Cisco switches but note the warning below.

Example output:

Switch(config)#service unsupported-transceiver
 Warning: When Cisco determines that a fault or defect can be traced to
 the use of third-party transceivers installed by a customer or reseller,
 then, at Cisco's discretion, Cisco may withhold support under warranty or
 a Cisco support program. In the course of providing support for a Cisco
 networking product Cisco may require that the end user install Cisco
 transceivers if Cisco determines that removing third-party parts will
 assist Cisco in diagnosing the cause of a support issue.
 
Reference: Saku Ytti on cisco-nsp
service-policy classify-per-feature config  IOS 

From CSCds43683:

Packets should be treated consistently on all platforms for a given configuration. This fix addresses the consistency issue when QoS Mod CLI is configured via the "service-policy" command on the 7500 vs the other IOS platforms.

After this fix, each packet will be matched for a matching class under the policy-map until a match is found. Matching terminates at the first matching class and all features configured under the class act on the packet. In the current IOS releases, matching happens across all classes under a policy until the first matching class is found for every configured QoS feature.

To maintain backward compatibility a hidden knob called "service-policy classify-per-feature" knob is introduced. When configured, the behaviour reverts to the current existing behaviour. By way of this fix, the default behaviour will be common for all platforms. This fix is going to affect 7200 and other non-distributed platforms only.

 
Reference: CSCds43683
set trace <category> <level> privileged exec  XID/CatOS 

Enable tracing of the specified subsystem.

Possible category names (most certainly depending on CatOS version):
acct, acl, all, bdd, cdp, config, dhcp, diag, dns, dot1x, drip, dtp, dupflash, dupnvram, dynvlan, earl, envmon, eobc, epld, essr, evmgr, fabric, fcp, fddi, fib, filesys, fpoe, garp, gvrp, hamgr, http, inband, ipc, kerberos, l3age, l3sup, lane, ld, llc, ltl, mbuf, mcast, mdg, memdbg, mls, mlsm, modport, ntp, nvsync, oob, pagp, protfilt, pruning, privatevlan, qde, qos, radius, redundancy, rsfc, rsvp, rtios, rtipc, rticc, runtimecfg, scp, security, slp, snmp, span, spantree, ssh, syncmgr, synfig, syslog, tacacs, test, tftp, tftpd, udld, verb, vlanmgr, vmps, vtp.

  • <level> = 0..15, 0 to disable, default is 1
  • <level> = 0..255 for inband only
A level of 6 is normally a good start.

Warning: Can produce losts of output depending on your configuration and the level chosen.

 
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
set trace monitor {enable|disable} privileged exec  XID/CatOS 
 
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show acl stats privileged exec  XID/CatOS 

Comment by Francois on this command:

Displays various statistics about the ACL subsystem and associated hardware components. There are some interesting counters like compilation errors and also usage counters for various tables (different masks, subnets, etc). Useful when you can't commit your ACL with a TCAM error message.

ACL: local stats table
Messaging
----------------------------------------------------------
rxScpMsg:              0
rxScpMsgAbort:         0
rxAclMsg:              1257
rxAclMsgAbort:         0
aclMsgUnknownType:     0
outOfSequence:         0
appIdMisUse:           0
intfConfError:         0
msgSendFailed:         1
appIdDifferAfterSwover:0
ignoreRaclOverride:    1
draco-id:  65535-ffffffff-ffffffff
draco-id:  33-ffffffff-ffffffff


Resources
----------------------------------------------------------
ACL malloc fail:       0
noLou:                 0
noMask:                0
noCapmap:              0
tcamFull:              0
compilerErr:           18
noLabel:               0
louExpandGt:           0
louExpandLt:           0
louExpandNeq:          0
louExpandRange:        0
freeListRebuild:       0


Acl engine stats
----------------------------------------------------------
perseusL3Parity:       0
perseusSequenceErr:    0
perseusLabelOverflow:  0
perseusCamLookupErr:   0
perseusDbusErr:        0
perseusCpuParityErr:   0
perseusIPChecksumErr:  1
perseusShortPacketErr: 0
perseusCpuTmout:       0
**lookup fifo undeflow:0
Hardware resource usage for ACL Tcam: label:3.73%, lou:20.31%,
mask:11.86%, value:4.4%


Acl manager stats
----------------------------------------------------------
aclRestarted:          F
Sec vacl restore done: T
Lda vacl restore done: T
Qos acl restore done:  T
Feature intf count:    0


HA stats
----------------------------------------------------------
activeHaCopyFail:      0
Gsync_count:           1
Sleep on gsync      Gsync done          Wakeup on gsync
14:58:43            14:58:45            14:58:45
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
000:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
 
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show alignment privileged exec  IOS 
Displays statistics about spurious memory accesses and aligment errors. Also includes stack tracebacks.  
Reference:
show banff-reset privileged exec  XID/CatOS, Catalyst 5000 series with NFFC 

There is a quiet recall on some Catalyst 5000 series switches that have the EARL 1 chip NFFC and a data rate that exceeds 80MBS across the backplane because of a defect that causes the ECB to reset continuously. Usually users will report a network slowdown.

This command will display the number of times the ECBs have reset since last power on, a number of 1 for each ECB is normal. Numbers in the hundreds or thousands mean you need to call Cisco for replacement boards.

 
Reference: From Heinz Ulm's web site
show caller exec  IOS 
Show a lot of information about calls in a NAS environment. Lots of subcommands here.  
Reference:
show chunk [summary] privileged exec  IOS 
There is the traditional malloc/free memory management in place on the cisco. there is also chunk allocation. the main benefit of chunk allocation over its predecessor is that memory overhead is only paid by the large chunk (which is then carved up into smaller pieces) instead of by each individual malloced block.  
Reference: Phrack, Volume 0xa, Issue 0x38
show controller switch exec  Cat 2900XL/3500XL, IOS 

The show controller switch command provides indicative information regarding the total switch utilization. An example is presented below:

    Switch#sh controller switch
    Switch registers:

    Device Type : 0x00040273
    Congestion Threshold : 0x00000E95
    Peak Total Allocation : 0x0000001A
    Total Allocation : 0x00000000
    Peak Total Bandwidth : 0x00000020
    Total Bandwidth : 0x00000000
    Total Bandwidth Limit : 0x000003DE
    Lower Bandwidth Limit : 0x000003DE
    Switch Mode : 0x00040000

    Switch#

The Total Bandwidth Limit varies between different 2900XL and 3500XL models. When the Total Bandwidth reaches the Total Bandwidth Limit value, the switch has reached its full bandwidth capacity and begins to drop packets. The Peak Total Bandwidth is the highest value attained by the Total Bandwidth since the last time the show controller switch command was executed. Note, the values for the above parameters are in hexadecimal.

The Congestion Threshold value is used as conservative value for the maximum global buffer utilization. When the buffer utilization noted by Total Allocation reaches this value, the switch may drop frames. The Peak Total Allocation value shows the highest value attained by the Total Allocation since the last time the show controller switch command was executed. It is possible for the Peak Total Allocation and/or the Total Allocation to be greater than Congestion Threshold. If the Total Allocation reaches or is over the Congestion Threshold amount, the switch is experiencing considerable network activity near its full capacity.

The global buffer utilization may be adversely effected by several configuration issues, described below:

1.Speed mismatch between an ingress and egress port; for example, several 100 megabit clients transferring files to a server connected to the switch at 10 megabits, half-duplex.

2.Multiple input ports feeding a single output port.

3.Duplex mismatch on multiple ports.

4.Numerous ports that are experiencing collisions and/or output errors due to half-duplex configuration or over-subscription of a slow link.

 
Reference: http://www.cisco.com/warp/customer/473/19.html
show epc ... privileged exec  IOS 

From a Catalyst 2048G-L3 (also applies to the Catalyst 4908G-L3 and probably in parts to the Catalyst 8500 series):

gepard#show epc ?
E-PAM show comands:
  IF-entry          IF Entry in IF-Table
  VC-entry          VC Entry in VC-Table
  VLAN-entry        VLAN Entry in VLAN-Table
  aal5              aal5 statistics
  acl               ACL FPGA related debug commands
  adm               Show contents of ADM in IOS
  age-timer         Aging Timer
  atm-debug-status  ATM debug statistics
  atmup_ipmcast     Show Multicast VC leg to external VC mapping
  caller-stats      Caller Stats at a merge-point
  caller-tags       Caller Tags
  cam               Show contents of E-PAM CAM
  card              Show information managed by CARD 
  coredb            show coredb
  counters          Counters of all epif-ports
  discards          discard statistics
  exvc-entry        External VC Entry in VC-Table
  fe-channel        FE-Channel Membership Information 
  fpga              Access ACL FPGA resources
  freecam           Free space in CAM
  ifmapping         Interface mapping to CAM IF number
  ip-address        Show adjacency entries in line cards
  ip-prefix         Show IP prefix entries (compare to CEF output)
  ipmcast           Show IP Multicast table in E-PAM CAM
  ipx-node          Show IPX node entry in E-PAM CAM
  ipx-prefix        Show IPX prefix in E-PAM CAM
  jaguar-fpga-epld  Access ACL2 EPLD Addresses with WID=2
  lec-ipx           Show LEC Local IPX Information
  lsipc             Show LSIPC information
  mac               Show MAC address in E-PAM
  macfilter         Show MAC filter address database
  mailbox           Read the mailbox value
  mem               Show contents of packet memory in E-PAM
  patricia          Show Patricia tree in E-PAM CAM
  port-qos          Show current port qos configuration
  queuing           queueing statistics
  register          print contents of EPIF register 
  ri-register       Show last reported contents of EPIF RI register
  sm                Show 1483 Local static map information
  spd               selective packet drop statistics
  status            Status of all epif-ports
  switching         VC switching statistics
  tcam              TCAM related commands
  ucode             uCode images on all epif-ports
  udp-flood         Show LS UDP-flooding information

Some of these commands are documented as part of the Catalyst 8540 documentation but are also useful on the Catalyst 2948G-L3 which seems to be based (at least partly) on the same hardware platform as the Catalyst 8540.

See: http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/11_ey/trouble/l3_net.htm

 
Reference:
show epc acl lookup {in|out} ... privileged exec  IOS (Cat 2948G-L3, 4908G-L3, 8540) 
Displays whether the ACL would permit or deny a specific IP packet on a particular interface.  
Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
show epc acl tcam2acl interface <interface> {in|out} privileged exec  IOS (Cat 2948G-L3, 4908G-L3, 8540) 
Displays the ACL entries programmed in the TCAM for a particular interface.  
Reference: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/12_1/lhouse/sw_confg/8500acl.htm
show epc ip-address interface <interface> all-entries privileged exec  IOS (Cat 2948G-L3) 

Shows the IP adjacencies installed in the CAM hardware:

gepard#show epc ip-address interface FastEthernet 1 all-entries 
IPaddr: 192.168.60.116  MACaddr: 0090.27b7.24d7  FastEthernet14(17)
IPaddr: 192.168.60.117  MACaddr: 0090.27d1.d47a  FastEthernet15(18)
IPaddr: 192.168.60.112  MACaddr: 00d0.b720.6fc9  FastEthernet10(13)
IPaddr: 192.168.60.113  MACaddr: 00d0.b720.750f  FastEthernet11(14)
IPaddr: 192.168.60.114  MACaddr: 00d0.b720.7357  FastEthernet12(15)
IPaddr: 192.168.60.115  MACaddr: 00d0.b720.755e  FastEthernet13(16)
IPaddr: 192.168.60.125  MACaddr: 0050.0457.edbf  FastEthernet19(22)
IPaddr: 10.232.4.202    MACaddr: 0009.b7b4.0700  Port-channel1.2(60)
IPaddr: 192.168.60.120  MACaddr: 0090.27c3.f042  FastEthernet5(8)
IPaddr: 192.168.60.100  MACaddr: 0002.b3ac.5470  GigabitEthernet50(53)
IPaddr: 192.168.60.101  MACaddr: 0002.b3ac.5470  GigabitEthernet50(53)
IPaddr: 192.168.60.102  MACaddr: 0090.27d1.88bf  FastEthernet4(7)
IPaddr: 192.168.60.103  MACaddr: 0090.27d1.88bf  FastEthernet4(7)
IPaddr: 192.168.60.99   MACaddr: 6080.0f3c.0000 
IPaddr: 192.168.60.110  MACaddr: 0090.27dd.f9a6  FastEthernet8(11)
IPaddr: 192.168.60.111  MACaddr: 00d0.b708.adb3  FastEthernet9(12)
IPaddr: 192.168.61.21   MACaddr: 0800.20ee.4ead  FastEthernet46(49)
IPaddr: 192.168.60.20   MACaddr: 0030.6e11.0157  FastEthernet37(40)
IPaddr: 192.168.60.21   MACaddr: 0030.6e11.139f  FastEthernet38(41)
IPaddr: 192.168.60.22   MACaddr: 0002.b3ac.5454  GigabitEthernet49(52)
IPaddr: 192.168.61.22   MACaddr: 0800.20ec.6709  FastEthernet46(49)
IPaddr: 192.168.60.23   MACaddr: 0002.b3ac.53f5  FastEthernet43(46)
IPaddr: 192.168.60.30   MACaddr: 00e0.18c2.baf9  FastEthernet21(24)
IPaddr: 192.168.60.25   MACaddr: 0030.6e12.099a  FastEthernet39(42)
IPaddr 192.168.60.26 missing
[...]
   Total number of IP adjacency entries: 46
   Missing IP adjacency entries: 1
 
Reference: http://www.cisco.com/warp/public/473/48.html
show epc patricia <ingress-interface> ipucast detail privileged exec  IOS 

Seems to show the FIB stored in the CAM memory of a specific ingress port.

Example output provided by Hank:

cs-c2948gl3-13a#sh epc patricia interface FastEthernet 3 ipucast detail
1# Synthetic entry: CAM location: 0x202B NAP location: 0x202C
    IP Prefix:224.0.0.0 MySubnet  LB:Disabled  Network Entry:Valid
2# Synthetic entry: CAM location: 0x2038 NAP location: 0x0000
3# Synthetic entry: CAM location: 0x202F NAP location: 0x2035
    IP Prefix:192.168.128.255 MySubnet  LB:Disabled  Network Entry:Valid
4# HOST Entry CAM location: 0x2030 NAP location: 0x0000
    IP addr:192.168.128.2   Host  IF Number:6 Entry:Valid
    Mac Addr:0090.a65c.63ff
5# Synthetic entry: CAM location: 0x2050 NAP location: 0x2032
    IP Prefix:192.168.128.0 MySubnet  LB:Disabled  Network Entry:Valid
    IP Prefix:192.168.128.1 MySubnet  LB:Disabled  Host Entry:Valid
6# Synthetic entry: CAM location: 0x203C NAP location: 0x2037
    IP Prefix:192.168.105.0 MySubnet  LB:Disabled  Network Entry:Valid
    IP Prefix:192.168.128.0 MySubnet  LB:Disabled  Network Entry:Valid
7# Synthetic entry: CAM location: 0x203F NAP location: 0x203E
    IP Prefix:192.168.105.255 MySubnet  LB:Disabled  Network Entry:Valid
8# HOST Entry CAM location: 0x2046 NAP location: 0x0000
    IP addr:192.168.105.8   Host  IF Number:5 Entry:Valid
    Mac Addr:0001.968e.33b0
9# Synthetic entry: CAM location: 0x2045 NAP location: 0x2040
    IP Prefix:192.168.105.2   LB:Disabled  Network Entry:Valid
    Nexthop CAM locations: 0x2046   0x0000
    Nexthop 1:
      IP addr:192.168.105.8   Host  Entry:Valid FastEthernet2 (5)
      Mac Addr:0001.968e.33b0
10# Synthetic entry: CAM location: 0x2033 NAP location: 0x203D
    IP Prefix:192.168.105.0 MySubnet  LB:Disabled  Network Entry:Valid
    IP Prefix:192.168.105.1 MySubnet  LB:Disabled  Host Entry:Valid
11# CAM location: 0x201B  ROOT
  IP Patricia Tree Summary:
    Number of IP entries: 18
    Number of Host Entries: 2
    Number of Network Entries: 10
    Number of Good Synthetic entries: 7
    Number of Dirty Synthetic entries: 1
 
Reference: Contributed by Hank Nussbacher <hank@att.net.il>
show epc patricia <interface> mac privileged exec  IOS (Cat 2948G-L3, 4908G-L3) 

Layer 2 forwarding table entries for a given MAC address in a bridge group are viewed using the show bridge bridge-group-number command.

However, bridge table entries on the Catalyst 2948G-L3 and 4908G-L3 switches are actually formed internally of at least two entries, one on the source interface (where the device with that MAC resides) and one on each destination interface (the interface where, based on the destination MAC in the frame, the traffic sourced from that MAC is destined). This is because the learning process for populating the bridging tables on the Catalyst 2948G-L3 and 4908G-L3 switches is actually distributed on a per-port basis rather than on a switch-wide basis.

gepard#show epc patricia interface FastEthernet 9 mac 
1# MAC addr:0000.0000.0000  VC:0 Entry: 
2# MAC addr:0900.2b01.0001 MyMAC
3# MAC addr:0180.c200.0000 MyMAC
4# MAC addr:0100.5e00.0006 MyMAC
5# MAC addr:0100.5e00.0005 MyMAC
6# MAC addr:0100.5e00.0002 MyMAC
7# MAC addr:0100.0ccc.cccd MyMAC
8# MAC addr:0100.0ccc.cccc MyMAC
9# MAC addr:00e0.18c2.baf9  IF Number:24 Entry:Remote
10# MAC addr:00d0.b720.755e  IF Number:16 Entry:Remote
11# MAC addr:00d0.b720.7357  IF Number:15 Entry:Remote
12# MAC addr:00d0.b720.6fc9  IF Number:13 Entry:Remote
13# MAC addr:00d0.b720.750f  IF Number:14 Entry:Remote
14# MAC addr:0090.27dd.f9a6  IF Number:11 Entry:Remote
15# MAC addr:0090.27d1.d47a  IF Number:18 Entry:Remote
16# MAC addr:0090.27c3.f042  IF Number:8 Entry:Remote
17# MAC addr:0090.27b7.24d7  IF Number:17 Entry:Remote
18# MAC addr:00d0.b708.adb3  IF Number:12 Entry:Local
19# MAC addr:0030.6e12.099b  IF Number:59 Entry:Remote
[...]
29# MAC addr:0002.b3ac.5474  IF Number:59 Entry:Remote
30# MAC addr:0003.9f17.980f HsrpMAC
31# MAC addr:0001.428b.d280  IF Number:4 Entry:Remote
32# MAC addr:0000.0c07.ac00 HsrpMAC
 Total number of MAC entries: 32
 
Reference: http://www.cisco.com/warp/public/473/47.html
show idb privileged exec  IOS 

Show list of assigned software und hardware Interface Descriptor Blocks (IDBs). Later IOS versions show the maximum number of software IDBs, too.

vxr15#sh idb

Maximum number of IDBs 3000

26 SW IDBs allocated (2368 bytes each)

22 HW IDBs allocated (4064 bytes each)
HWIDB#1   1   FastEthernet0/0 (HW IFINDEX, Ether)
...
 
Reference:
show inband privileged exec  XID/CatOS 

Comment by Francois:

This command outputs statistics about the internal Catalyst 6000 memory channel (interface between two supervisors in a redundant configuration). Can help to diagnose this kind of error: 'InbandPingProcessFailure:Module 1 not responding over inband'.

         Inband FX1000 Control Information

  General Ctrl Regs:
    RegsBase: 42000000
     DevCtrl: 003C0001     DevStatus: 0000000F
      TxCtrl: 000400FA        RxCtrl: 0000821E

  Tx Ctrl Regs:
     TxDBase: 019AF000       TxDSize: 00002000
     TxDHead:  383       TxDTail:  383
       TxIpg: 00A00810

  Rx Ctrl Regs:
     RxDBase: 019AA000       RxDSize: 00004000
     RxDHead:  993       RxDTail:  990

             Inband PCI Information

    DeviceID: 1000          VendorID: 8086
      Status: 0200           Command: 0116
   ClassCode: 020000        Revision: 03
     Latency: FC           CacheLine: 08
    BaseAddr: 42000004
 NonSwapAddr: 00000000      SwapAddr: 02000000


               Inband Driver Information

  Transmit:
     FirstTxD: A19AF000(   0)    LastTxD: A19B0FF0( 511)
       TxHead: A19B0850( 389)     TxTail: A19B0850( 389)
     FreeTxDs: 00000512
  Receive:
     FirstRxD: A19AA000(   0)    LastRxD: A19ADFF0(1023)
       RxHead: A19ADDF0( 991)     RxTail: A19ADDE0( 990)
     FreeRxDs: 00001023
  System:
    SpurIntrs: 00000000       OutofMbufs: 00000000
   TotalMbufs: 00013088        TotalMCls: 00005536
    FreeMbufs: 00011532         FreeMCls: 00004043
      MacAddr: 00D0017957FF      Resynch: 00000000


                Inband FX1000 Statistics

  Transmit:
       TxPkts: 61337989          TxBytes: 2412393989
   Inband Stuck Count: 00000000
     Pkts/Sec: 00000000       QueuedPkts: 00000000
     LateColl: 00000000       ExcessColl: 00000000
         Ovfl: 00000000         OvflRate: 00000000
   JmboPktDrp: 00000000       MaxPktRcvd: 00000000

       Detail Tx Pkt Info   (clear on read)
           64: 00000000           65-127: 50108072
      128-255: 04559900          256-511: 00910493
     512-1023: 00000600        1024-1522: 00988696
        Bcast: 00000000            Mcast: 00000033
       # pkts: 56567761

  Receive:
       RxPkts: 43941855          RxBytes: 2483893904
     Pkts/Sec: 00000000        SeqErrInt: 00000000
         Ovfl: 00000000         OvflRate: 00000000
        OvInt: 00000000        OvIntRate: 00000000
      CrcErrs: 00000000         SymbErrs: 00000000
   ISLCrcErrs: 00000000          SeqErrs: 00000000
       DescOv: 00000000       DescOvRate: 00000000
      LenErrs: 00314103         DefrPkts: 00000000

       Detail Rx Pkt Info   (clear on read)
           64: 00000000           65-127: 17144848
      128-255: 25105957          256-511: 00849533
     512-1023: 00497913        1024-1522: 00029504
        Bcast: 00000000            Mcast: 00840799
     Good pkt: 43627755        Undersize: 00000000
       NoBuff: 00000000            Frags: 00000000
     Oversize: 00314103           Jabber: 00000000
       # pkts: 43941858
 
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show interface cable <x>/0 privacy statistic privileged exec  IOS 

This hidden command may be used to view statistics on the number of SIDs using baseline privacy on a particular cable interface.

Here is an example output of this command.

CMTS# show interface cable 4/0 privacy statistic
CM key Chain Count : 12
CM Unicast key Chain Count : 12
CM Mucast key Chain Count : 3

 
Reference: http://www.cisco.com/warp/public/109/docsis_bpi.shtml
show interfaces [<interface-name>] stats exec  IOS 
Show statistics on the switching path used (per interface or all).  
Reference:
show interfaces [<interface-name>] switching exec  IOS 
Produces detailed output on the switching paths used on a particular interface (or on all interfaces). Also shows SPD statistics.  
Reference:
show ip cef [<network> [<netmask>]] internal privileged exec  IOS 

Especially shows information about the CEF load sharing logic.

router#show ip cef 141.1.0.0 255.255.0.0 internal
141.1.0.0/16, version 10758832, per-destination sharing
0 packets, 0 bytes
  via 194.221.43.81, 0 dependencies, recursive
    next hop 194.77.146.254, GigabitEthernet4/0/0 via 194.221.43.80/30
    valid adjacency

  Recursive load sharing using 194.221.43.80/30
  Load distribution: 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 (refcount 48739)

  Hash  OK  Interface                 Address         Packets
  1     Y   GigabitEthernet0/0/0      195.244.119.164       0
  2     Y   GigabitEthernet4/0/0      194.77.146.254        0
  3     Y   GigabitEthernet0/0/0      195.244.119.164       0
  4     Y   GigabitEthernet4/0/0      194.77.146.254        0
  5     Y   GigabitEthernet0/0/0      195.244.119.164       0
  6     Y   GigabitEthernet4/0/0      194.77.146.254        0
  7     Y   GigabitEthernet0/0/0      195.244.119.164       0
  8     Y   GigabitEthernet4/0/0      194.77.146.254        0
  9     Y   GigabitEthernet0/0/0      195.244.119.164       0
  10    Y   GigabitEthernet4/0/0      194.77.146.254        0
  11    Y   GigabitEthernet0/0/0      195.244.119.164       0
  12    Y   GigabitEthernet4/0/0      194.77.146.254        0
  13    Y   GigabitEthernet0/0/0      195.244.119.164       0
  14    Y   GigabitEthernet4/0/0      194.77.146.254        0
  15    Y   GigabitEthernet0/0/0      195.244.119.164       0
  16    Y   GigabitEthernet4/0/0      194.77.146.254        0
 
Reference: Project DOTU
show ip eigrp events [<as-num>] [<start-num>] [<end-num>] privileged exec  IOS 
Show history of events for the EIGRP routing process.  
Reference:
show ip eigrp sia-event privileged exec  IOS 
Show SIA (stuck in active) events from the event history.  
Reference:
show ip eigrp timers [<as-num>] privileged exec  IOS 
List of timers associated with a EIGRP routing process.  
Reference:
show ip ospf bad-checksum privileged exec  IOS 
 
Reference:
show ip ospf delete-list privileged exec  IOS 
 
Reference:
show ip ospf events privileged exec  IOS 
Show history of events for the OSPF routing process.  
Reference:
show ip ospf maxage-list privileged exec  IOS 
 
Reference:
show ip ospf statistic privileged exec  IOS 
Show timing statistics about the SPF algorithm.  
Reference:
show ip route hash exec  IOS 

David writes: "The only usefulness of this seems to be to identify the larger hash buckets and hence provide feedback to Cisco if the hash algorithm is producing a particularly bad distribution into some buckets."

Example output:

router#show ip route hash

 nettable:
 Bucket     Majornets  Subnettted   Subnets
 ------------------------------------------
 0           17          1           3
[...]
 4095        18          0           0

 supernettable:

 0           16
[...]
 4095        6

 Routing table summary:
 Total nets:        159234
 Total major nets:  67731
 Total super nets:  38199
 
Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
show ip route profile privileged exec  IOS 

See "ip route profile".

aspen#show ip route profile
IP routing table change statistics:
Frequency of changes in a 5 second sampling interval
-------------------------------------------------------------
Change/   Fwd-path  Prefix   Nexthop  Pathcount  Prefix
interval  change    add      change   change     refresh
-------------------------------------------------------------
0         196       215      433      490        394
1         99        98       34       0          27
2         54        45       10       0          27
3         22        19       5        0          2
4         17        17       1        1          0
5         51        48       2        0          0
10        18        16       4        0          0
15        8         8        0        0          0
20        3         3        2        0          0
25        4         4        0        0          41
30        8         9        0        0          0
[...]
3905      1         1        0        0          0
7030      1         1        0        0          0
10155     0         0        0        0          0
13280     0         0        0        0          0
Overflow  5         5        0        0          0
 
Reference: CSCdi76662
show ip spd config  IOS 

Shows SPD mode, current and max size of IP process level input queue, and status of external (SSE) SPD. SPD mode will be one of disabled, normal, random drop, or full drop. The priority queue is where high-precedence packets go.

labR4#show ip spd            
Current mode: normal.
Queue min/max thresholds: 73/74, Headroom: 100, Extended Headroom: 10
IP normal queue: 0, priority queue: 0.
SPD special drop mode: none
 
Reference: Cisco ISP Esssentials
show isdn memory detail exec  IOS 
Shows additional memory information.  
Reference:
show isdn service [<dsl> | <interface-name>] detail exec  IOS 
Shows additional table named "Source of Service state" and outputs the free channel mask (also shown by show isdn status).  
Reference: Josh Duffek <jduffek@cisco.com> on cisco-nas, <026e01c189a1$b8229a60$4d721eac@cisco.com>
show isdn status detail exec  IOS 
Shows additional status information, i.e. call reference id.  
Reference:
show isis private privileged exec  IOS 
ctalkb#sh isis private
ISIS: FastPSNP cache (hits/misses): 0/4002
ISIS: LSPIX validations (full/skipped): 216271/490412
ISIS: LSP HT=0 checksum errors received: 0
 
Reference: Phrack, Volume 0xa, Issue 0x38
show isis timers privileged exec  IOS 

Useful in that it provides a brief overview of execution flow in the IS-IS process. Shows you the frequency of things like L1/L2 hello etc.

ctalkb#sh isis timers
  Hello Process
    Expiration    Type
|        0.856  (Parent)
  |        0.856  L2 Hello (Ethernet3/0)
  |        6.352  L1 Hello (Ethernet3/0)
  |        6.940  Adjacency

  Update Process
    Expiration    Type
|        1.060  (Parent)
  |        1.060  Ager
  |        1.352  L2 CSNP (Ethernet3/0)
  |        8.616  L1 CSNP (Ethernet3/0)
  |     3:25.860  (Parent)
    |     3:25.860  LSP refresh
    |     9:02.160  LSP lifetime
    |     9:24.568  LSP lifetime
    |    17:16.084  LSP lifetime
  |    20:58.536  Dynamic Hostname cleanup    
 
Reference: Phrack, Volume 0xa, Issue 0x38
show isis tree privileged exec  IOS 

Shows path and depth taken to get to other level 1/2 intermediate systems.

ctalkb#sh isis tree
IS-IS Level-2 AVL Tree
Current node = X.X.X.00-00, depth = 0, bal = 0
  Go down left
Current node = X.X.Y.00-00, depth = 1, bal = 0
---> Hit node X.X.Y.00-00
  Back up to X.X.X.00-00
Current node = X.X.X.00-00, depth = 0, bal = 0
---> Hit node X.X.X.00-00
  Go down right
Current node = X.X.X.02-00, depth = 1, bal = 0
---> Hit node X.X.X.02-00
  Back up to X.X.X.00-00    
 
Reference: Phrack, Volume 0xa, Issue 0x38
show list [none] privileged exec  IOS 
ctalkb#show list
List Manager:
     1415 lists known, 1561 lists created

   ID   Address  Size/Max   Name
    1  613EE970    11/-     Region List
    2  613EEE98     1/-     Processor
    3  613EFDE8     1/-     I/O
    4  613F0D38     1/-     I/O-2
    5  6149EDD0     0/-     Sched Critical
    6  6149ED90     0/-     Sched High
    7  6149EB00     0/-     Sched Normal   
ctalkb#show list none
List Manager:
     1415 lists known, 1561 lists created

   ID   Address  Size/Max   Name
    1  613EE970    11/-     Region List
    2  613EEE98     1/-     Processor
    3  613EFDE8     1/-     I/O
    4  613F0D38     1/-     I/O-2
    9  6149ED10    82/-     Sched Idle
   11  61499A50     8/-     Sched Normal (Old)
   12  6149CC10     1/-     Sched Low (Old)     
 
Reference: Phrack, Volume 0xa, Issue 0x38
show mbuf privileged exec  XID/CatOS 
Catalyst 5000: The main issue to observe with this command is whether the switch is being starved for memory. Within the display, "clusters" is the number of buffers that are available for NMP to process incoming packets, which include any broadcast/multicast, management traffic. "clfree" is the number of buffers that are available for the NMP at any given time. If this is zero then this means that NMP has no buffers to process any incoming frames. "lowest clfree" determines the lowest watermark that NMP has hit at any time. If this value is zero but clfree is nonzero, then this means that at one instance NMP ran out of buffers. This can be because of a broadcast of a multicast storm in the management VLAN.  
Reference:
show memory big privileged exec  IOS 
R1#show memory big
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor     148364    15428764     4550340    10878424    10832564    10875604
25 largest free blocks in the system (biggest to lowest)
10875604, 1424, 644, 500, 108, 36, 28, 28, 28, 24, 5897388, 52466600, 5743730,
0, 0, 0, 1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446.

Count of firstfit: 7, bestfit: 2215118, maxout1: 0 maxout2: 0

I/O    4000000     2097152      398396     1698756     1641680     1698588
25 largest free blocks in the system (biggest to lowest)
1698588, 84, 84, 0, 0, 0, 0, 0, 0, 0, 5897388, 52466600, 5743730, 0, 0, 0,
1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446.

Count of firstfit: 0, bestfit: 366, maxout1: 0 maxout2: 0
 
Reference: Project DOTU
show mls nfde privileged exec  XID/CatOS 
NDE related info:
    NDE enable             : TRUE
    Current Export Version : 7
    IP address             : 192.168.212.65    UDP port: 9996

    Flows in nde buffer    : 0
    Nde flow limit         : 27
    Flow sequence          : 26695012
    Unused flows           : 3591516
    Non Ip Sc              : 0
    Filter mismatch        : 0
    Packets sent           : 0
    Flows dropped at swover: 109788930

Comment by Francois on the output above:

This command allows to debug NetFlow data export on Catalyst 6000. 'Flows in nde buffer' should grow until a threshold and then get flushed to the collector ('Packets sent'). In this particular case, the Catatyst 6000 series switch is hit by a bug which renders flow exports impossible and so the counter keeps rising.

 
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show mls status exec  Cat 6000 Native IOS 
Show multilayer switching status.  
Reference: New product training Catalyst 6000
show mmc np5400 [config|flows|get|indications|ports|queue|registers|stat|send] [...] privileged exec  IOS (Cat 2948G-L3, 4908G-L3) 
 
Reference:
show mpls interfaces internal all privileged exec  IOS 
Displays detailed information about all of the MPLS interfaces in the router. If the used IOS image supports the MPLS Egress NetFlow Accounting Feature then the output shows if MPLS Egress NetFlow Accounting is enabled on the interface.  
Reference: Contributed by David Luyer <david_luyer@pacific.net.au>
show msfc privileged exec  IOS (Cat 6k hybrid) 

On a MSFC1:

TORUMSFC1# show msfc
Network IO Interrupt Throttling:
 throttle count=1149, timer count=1149
 active=0, configured=1
 netint usec=4000, netint mask usec=400

Interrupt Registers:
        Revision: 1, Slot 1
        Control : 0x1C
        Enable  : 0x3F
        Status  : 0x0

RSFC CPU IDPROM:
IDPROM image:

  (FRU is 'MSFC Cat6k daughterboard')

IDPROM image block #0:
  hexadecimal contents of block:
  00: AB AB 01 90 12 98 01 00 00 02 60 03 00 CF 43 69    .............Ci
  10: 73 63 6F 20 53 79 73 74 65 6D 73 00 00 00 00 00    sco Systems.....
  20: 00 00 57 53 2D 46 36 4B 2D 4D 53 46 43 00 00 00    ..WS-F6K-MSFC...
[...]
 
Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
show msfc privileged exec  CatOS (Cat 6k hybrid) 
TORUSW6509 (enable) show msfc
MSFC Auto port state: enabled
 
Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
show msfc nvram privileged exec  IOS (Cat 6k hybrid) 

Dumps the ROMMON NVRAM portion on a MSFC1.

TORUMSFC1# show msfc nvram
000: AA 55 01 00 02 DF EF F5 78 77 FB BF 00 00 00 00 .U......xw......
010: 00 00 00 00 01 02 FE FD FE ED FA CE 00 00 00 00 ................
[...]
 
Reference: Contributed by Gerry Murray <Gerry.Murray@computershare.com>
show parser modes privileged exec  IOS 
ctalkb#show parser modes
Parser modes:
Name                Prompt              Top       Alias   Privilege
exec                                    0x60EFB294TRUE    TRUE
configure           config              0x60EFABACTRUE    TRUE
interface           config-if           0x60EF7AECTRUE    TRUE
subinterface        config-subif        0x60EF7AECTRUE    FALSE
null-interface      config-if           0x60EFB368TRUE    TRUE
line                config-line         0x60EF3F84TRUE    TRUE         
 
Reference: Phrack, Volume 0xa, Issue 0x38
show parser unresolved privileged exec  IOS 
ctalkb#sh parser un
Unresolved parse chains:
   40
   40
  198
  198
  322      
 
Reference: Phrack, Volume 0xa, Issue 0x38
show polaris fibmgr usage privileged exec  CatOS (Cat 6k hybrid) 

Displays some useful about the FIB TCAM and the adjacency table when using the PFC2.

Example output:

[...]
Total FIB entries:        262144
Allocated FIB entries:     13894
Free FIB entries:         248250
FIB entries used for IP ucast:   13853
FIB entries used for IPX     :       1
FIB entries used for IP mcast:      40

Total adjacencies:        262144
Allocated adjacencies:      1365
Free adjacencies:         260779
Adjacencies used for IP ucast (FIB)           :     288
Adjacencies used for IPX (FIB)                :       3
Adjacencies used for IP mcast (FIB)           :      36
Adjacencies used for IP mcast (Netflow)       :       0
Adjacencies used for Policy Routing           :    1023
Adjacencies used for Feature Manager (Netflow):       0
Adjacencies used for Local Director           :       0
Adjacencies used for Diagnostics              :       5
Adjacencies used for FTEP                     :      10
[...]
 
Reference: Contributed by Francois Baligant <francois.baligant@be.wanadoo.com>
show region privileged exec  IOS 

Displays how the memory is partitioned into different regions.

From a cisco 7140:

maple#show region
Region Manager:

      Start         End     Size(b)  Class  Media  Name
 0x0B800000  0x0BFFFFFF     8388608  Iomem  R/W    iomem2
 0x20000000  0x23FFFFFF    67108864  Iomem  R/W    iomem
 0x5B800000  0x5BFFFFFF     8388608  Iomem  R/W    iomem2:(iomem2_cwt)
 0x60000000  0x6B7FFFFF   192937984  Local  R/W    main
 0x60008950  0x612D4D8C    19711037  IText  R/O    main:text
 0x612D6000  0x6137A3BF      672704  IData  R/W    main:data
 0x6137A3C0  0x6155A57F     1966528  IBss   R/W    main:bss
 0x6155A580  0x6B7FFFFF   170547840  Local  R/W    main:heap
 0x70000000  0x73FFFFFF    67108864  Iomem  R/W    iomem:(iomem_cwt)
 0x80000000  0x8B7FFFFF   192937984  Local  R/W    main:(main_k0)
 0xA0000000  0xAB7FFFFF   192937984  Local  R/W    main:(main_k1)
 
Reference: Inside Cisco IOS Software Architectures
show region address <address> privileged exec  IOS 

Show to which region a certain address belongs.

From a cisco 7140:

maple#show region address 0x6137A3BF
Address 0x6137A3BF is located physically in :

  Name  : data
  Class : IData
  Media : R/W
  Start : 0x612D6000
  End   : 0x6137A3BF
  Size  : 0x000A43C0
 
Reference: Inside Cisco IOS Software Architectures
show slip exec  IOS 
alder#show slip
Async protocol statistics:

 Int           Local          Remote Qd     InPack     OutPac Inerr  Drops  MTU
  97   10.0.0.1                 None  0      17593     368518     0   1071 1500
  98   10.0.0.1                 None  0      19774     384754     0   1995 1500
[...]
 113   10.0.0.1                 None  0      19107     362360     0    817 1500
 114   10.0.0.1                 None  0      19438     428691     0   1424 1500


  Rcvd: 341389 packets, 7115582 bytes
        0 format errors, 139791 checksum errors, 0 overrun
  Sent: 6920660 packets, 640291923 bytes, 31864 dropped
 
Reference:
show snmp chassis privileged exec  IOS 
Display SNMP chassis id.  
Reference:
show snmp community privileged exec  IOS 

Shows a list of communities that IOS knows about.

oak#show snmp community
ILMI ILMI volatile active
public public volatile active
 
Reference:
show snmp host privileged exec  IOS 
Show list of host receiving traps.  
Reference:
show snmp location privileged exec  IOS 
Show snmp location.  
Reference:
show snmp mib privileged exec  IOS 
Show list of implemented MIBs.  
Reference:
show snmp newcom privileged exec  IOS 
 
Reference:
show snmp notify privileged exec  IOS 
router#show snmp notify
snmpNotifyName : trap
tag: trap	type: trap
 nonvolatile
 
Reference:
show sum privileged exec  IOS 
Show current stored image checksum.  
Reference:
show sum exec  IOS 
router>show sum
New checksum of 0xEDE08607 matched original checksum
 
Reference:
show tcam ... exec  Cat 6000 Native IOS 
cosmos#show tcam ?
and-or           and-or keyword
capability-map   capability-map keyword
detail		 detail keyword
dynamic-entries  dynamic entries keyword
first		 first keyword [further arguments required]
label            label keyword [further arguments required]
lou              lou keyword
redirects        redirect indices keyword
region		 region keyword
start            start keyword
statistics       statistics keyword
type             type keyword [further arguments required]
vlan             vlan keyword [further arguments required]
window           window keyword [further arguments required]
Some of these keywords must or can have further arguments.  
Reference: New product training Catalyst 6000
snmp-server priority {low | normal | high} config  IOS 
Global configuration command can be used to change the priority of SNMP processes. To avoid extensive polling, the priority should be set to low . All SNMP queries sent to a router are prioritized as either low or medium priority, depending on the version of code run by the route processor. This means that processes with a higher priority than the SNMP process will be serviced before SNMP. So, regardless of SNMP polling intensity, routing processes will generally be processed before SNMP requests because route processes are high priority.  
Reference:
spd headroom <n> config  IOS 
Default value is 100. Specifies how many high-precedence packets we will enqueue over the normal input hold queue limit. This is to reserve room for incoming high precedence packets. Is "ip spd headroom" in 11.1CC.  
Reference: Cisco ISP Esssentials, CSCdk31898
tcam priority high|low|medium config-if  Cat 6000 Native IOS 
If TCAM is full, interfaces with a higher priority will be prefered when loading access-lists etc. into the TCAM.  
Reference: New product training Catalyst 6000
test aaa group radius <username> <password> privileged exec  IOS 
Send a test authentication request.
alder#test aaa group radius test test  
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.

alder#test aaa group radius  mon mon
Attempting authentication test to server-group radius using radius
User was successfully authenticated.

Sends the following RADIUS attributes:

Wed Aug  1 21:00:19 2001
        NAS-IP-Address = 194.221.19.47
        NAS-Port-Type = Async
        User-Name = "mon"
        Timestamp = 996692419
 
Reference:
test aim eeprom slot <n> privileged exec  IOS 
cisco#test aim eeprom slot 1
 AIM Slot [1]:
 Use NMC93C46 ID EEPROM [y]:
 AIM Slot 1 eeprom (? for help)[?]:  ?
  d - dump eeprom contents
  e - erase all locations (to 1)
  p - primitive access
  q - exit eeprom test
  z - zero eeprom

  'c' rules of radix type-in and display apply.

 AIM Slot 1 eeprom (? for help)[?]:  d
  Slot 1, 0x00:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x08:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x10:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x18:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x20:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x28:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x30:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x38:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x40:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x48:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x50:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x58:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x60:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x68:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x70:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0x78:  FF  FF  FF  FF  FF  FF  FF  FF
 
Reference: Contributed by Damjan Marion <Damjan.Marion@iskon.hr>
test crash privileged exec  IOS 
Trigger all kinds of crashes. Test crashinfo functionality. Test RSP failover.  
Reference:
test mbus power <slot> on|off privileged exec  GSR IOS 
Turn power of GSR linecard on or off.  
Reference:
test ppp echotimeout <interface-name> privileged exec  IOS 
Test PPP LCP echo timeout. Seems to simulate a PPP LCP echo timeout on the router where this command is issued. After this command line protocol changes to down, PPP parameteres are renegotiated and the line comes up again.  
Reference:
test transmit privileged exec  IOS 
ctalkb#test transmit
interface: Ethernet3/0
total frame size [100]:
1) To this interface
2) To another interface
9) Ask for everything
Choice: 2
Encapsulation Type:
1) Ethertype
2) SAP
3) SNAP
4) SNAP (Cisco OUI)
5) SNAP (EtherV2 OUI)
6) Novell 802.3
Choice: 1
Protocol type:
1) IP
2) XNS
3) IPX
9) Ask for everything
Choice: 1                 
 
Reference: Phrack, Volume 0xa, Issue 0x38
tracy_close <module> <port> exec  XID/CatOS with WS-X6608-T1 or WS-X6608-E1 
Stops the tracing output started with "tracy_start". See "tracy_start".  
Reference: From Heinz Ulm's web site, originally from Martin Gagnon, Canada
tracy_start <module> <port> exec  XID/CatOS with WS-X6608-T1 or WS-X6608-E1 
Displays tracing information useful for debugging the Cisco 6608 Gateway. The output is identical to the one produced by the Dick Tracy debugging tool from Cisco.  
Reference: From Heinz Ulm's web site, originally from Martin Gagnon, Canada
traffic-shape fecn-create config-if  IOS 

This hidden command enables setting the FECN bit in all outgoing packets that have been delayed due to traffic shaping.

Requirements: GTS must be enabled and the interface has to be set to frame-relay encapsulation.

 
Reference:
ttcp privileged exec  Cisco 7200/7500, IOS 

Start a TCP data server/receiver for TCP performance testing between two Cisco 7500 router:

Router#ttcp
transmit or receive [receive]: transmit
Target IP address: 1.1.1.1
perform tcp half close [n]:
send buflen [8192]:
send nbuf [2048]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
buffering on writes [y]:
show tcp information at end [n]:

ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp  -> 1.1.1.1
%Connect failed: Destination unreachable; gateway or host down

Router#ttcp
transmit or receive [receive]:
perform tcp half close [n]:
receive buflen [8192]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
rcvwndsize [4128]:
delayed ACK [y]:
show tcp information at end [n]:

ttcp-r: buflen=8192, align=16384/0, port=5001
rcvwndsize=4128, delayedack=yes  tcp

From the Open Forum:

Question: When using the Cisco hidden command ttcp (to generate traffic), what do the following values for this command mean:

perform tcp half close [n]
send bufflen [8192]:
send nbuf [2048]
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
show tcp information at end [n]:

Answer:

Half close is regarding the tcp syn-ack; send bufflen is the size of the packet to be sent; send nbuf is the number of packets sent; bufalign is create a ''matrix'' of sent data in either a linear or non-linear model of testing throughput and pattern analysis; setoffset is the offset of created data in the packet; port is the tcp/udp port the data is sent on, and sinkmode tells the device to ignore other network traffic or not.

 
Reference:
tx-queue-limit config-if  IOS 
Hidden command which seems to be an alias for the documented tx-ring-limit command.  
Reference: CSCdk17210
virtual-template <template-num> pre-clone <num> config  IOS 

Pre-clone specified number of Virtual-Access interfaces. Hidden in 12.1 mainline. Visible in 12.1T.

Where <template-num> is the vtemplate number and <num> is the number of sessions you wish to pre-clone. Please note that with l2tp [by default], if you choose to pre-clone you are limited to the number of sessions you pre-cloned. i.e. if you pre-clone 1000 sessions, you cannot set up more then 1000 sessions for the given virtual-template.

 
Reference:
vpdn ip udp ignore checksum config  IOS 

This command tells the router to ignore the checksum on UDP packets used by L2TP/L2F and can be used to temporarily reduce CPU load.

This probably is per the suggestion in RFC 2661, section 8.1: "The default for any L2TP implementation is that UDP checksums MUST be enabled for both control and data messages. An L2TP implementation MAY provide an option to disable UDP checksums for data messages. It is recommended that UDP checksums always be enabled on control packets."

And Dennis Peng from Cisco added the following note (on cisco-nas): Verification of the UDP checksum forces us into the process switching path which will result in increased CPU usage. By default, Cisco LAC's will not set the UDP checksum, so in a Cisco to Cisco environment, you don't need this command. But other vendors may set the UDP checksum, so in a multi-vendor environment, it is probably a good idea to include it. One big vendor which sets the UDP checksum is Microsoft, their L2TP client does this.

 
Reference: Contributed by Ash Garg <Ash@telstra.net>
vpdn {l2f|l2tp} session table-size <size> config  IOS 

This command sets the number of buckets on the hash table used for looking up multiplex IDs (session IDs in L2TP speak; both use a 16-bit namespace) and so finding the session control data structures. Each tunnel has its own MID lookup table. <size> can range from 16 to 2048 but cannot be greater than the number L2F/L2TP interfaces available (which is platform dependent). The default number of buckets is platform dependent. If <size> is not a power of two it is rounded down to the next power of two.

Some performance might be gained by increasing the hash table size and so reducing the number of collisions at the expense of increased memory usage.

 
Reference: Credits: Ash Garg <Ash@telstra.net>, Dennis Peng <dpeng@cisco.com>