CISCO ROUTER 中的隐含命令

henda

[A]
aaa accounting delay-start
[12.1] [hidden] global configuration command aaa accounting delay-start delays creation of the PPP Network start record until the peer IP address is known.

aaa authorization address-authorization-exec
[12.1] [hidden] configuration command forces address authorzation for
PPP when started from an exec.

aaa group server {radius | tacacs+} server-group-name
server ip-address-1 [auth-port port-number] [acct-port port-number]
server ip-address-2 [auth-port port-number] [acct-port port-number]
deadtime minutes pick-method [next | load-balanced | round-robin]
[hidden] pick-method server-group configuration command is used to specify an alternate method of selecting servers when one is not responding. As of 12.0(3)T
the load-balanced and round-robin alternatives may be specified but
may not be implemented. The Load-balanced keyword indicates that the initial host is selected load-balanced. The Round-robin keyword
indicates that the initial host is selected in a round-robin method
with all servers being retried before starting from the beginnng of
the list of servers. The Next keyword indicates that the list of
servers is stepped through sequentially with each request always
starting with the first server in the list. This last option is the
default method of operation.

aaa nas port description text
[hidden] global configuration command causes the specified text to
appear in TACACS+ accounting records with the attribute nas-description
and the value of the text specified in the command.
This command is useful during debugging allowing one to specify
information about the environment or configuration in which the
accounting record was generated.

access-list number remark comment
and
ip access-list extended name
remark comment
[12.1]To add comments about the access list. This keyword is documented
under Bug Id CSCdk14543.

atm allow-max-vci
interface command, will allow the cisco 7000 use VCI's above 1023.

[B]

boot system rom
CONFIG

boot module
CONFIG

bgp common-administration

bgp dynamic-med-interval

bgp process-dpa

[C]

carrier delay value
[12.1] Modifies the carrier delay time. A value of 0 disables the
carrier delay

clear ip eigrp [as] event
Clear IP-EIGRP event logs

clear ip eigrp [as] logging
Stop IP-EIGRP event logging

clear profile
Clears CPU profiling

clear startup-config
same as erase startup-config)

clear vtemplate
reset virtual templates

clock rate { 1200 | [...]| 2015232 }
[hidden] There is an anomaly between what is documented, what is
displayed and what is entered for this command. The documentation
indicates the command is clock rate and this is what IOS shows as
the valid command in configuration mode. However, a configuration
display shows the command as clockrate as this is how is is saved in
nvram. In addition, older rom monitors do not understand the newer
clock rate command which would cause problems. What actually happens
here is that clockrate is implemented as a hidden command and is not
completed by pressing tab and nor is there any help generated for it.
But both clockrate and clock rate are accepted and there should
be no problem in cutting and pasting the configurations.

config overwrite

copy core ?
Does a full core dump, as write core but with more options
csim start  
Emulate a voice call

[D]

debug buffer
Additional buffer debugging

debug crypto isakmp detail
Crypto ISAKMP internals debugging

debug crypto isakmp packet
Crypto ISAKMP packet debugging

debug dialer detailed

debug ip ospf monitor
Debug command which show opsf database sync

debug ip packet ... dump
Outputs a hex & ASCII dump of the packet's contents

debug ipx private

debug isdn code

debug oir
Debug online insertion and removal

debug parser mode

debug sanity

debug subsys
Debug discrete subsystems

dialer mult-map-same-name
useful if you have dialup clients using the same chap/pap username

dhcp-server import all
take all DHCP client info from the "ip address dhcp" client
and assume that info for our DHCP server.

debug snmp {bag | dll | io | mib { all | by-mib-name } | packets |
sysdb | timers}

[E]
exception-slave dump X.X.X.X
CONFIG
exception-slave protocol tftp
CONFIG
exception-slave corefile
CONFIG
execption memory fragment  
CONFIG: Will reload router when no more fragment mem is avail
DOCUMENTED: in Version 12.1(2)E

[F]

[G]
gdb kernel
gdb examine pid
gdb debug pid
(ciscos comment: gdb commands are for debugging, only useful to cisco
engineers who have a symbol table for the IOS image in question.)

[H]
hangup
alias for "quit"

[I]
ip cef accounting per-prefix non-recursive prefix-length
if-con  
Attach to a vip console; if-quit (gets out of if-con mode)
ip address dhcp
On eth[x], for cablemodems?
ip forwarding accounting adjacency-update
ip forwarding accounting non-recursive
ip forwarding accounting per-prefix
ip forwarding accounting prefix-length
ip forwarding switch
ip forwarding traffic-statistics
ip forwarding traffic-statistics load-interval
ip forwarding traffic-statistics update-rate
[no] ip gratuitous-arps
This disables unsolicited ARP replies that are useful to signal to
a second (redundant) router on the same LAN segment that a remote
gateway is present or has changed.
ip igmp
ip igmp immediate-leave
ip igmp immediate-leave group-list
ip local-pool
Legacy form of ip local pool, for backwards compatability
ip ospf interface-retry [x]
Retry for ospf process
ip ospf-name-lookup
ip slow-converge
ip spd
ip spd mode
ip spd mode aggressive
ip spd queue
ip spd queue max-threshold
ip spd queue min-threshold
ip tftp boot-interface
CONFIG
ip tmstats bin internal | external
CONFIG, when ip cef accounting non-recursive is configured
isdn network
tell router to be the "master" on T1-CCS link using isdn switch-type
primary-ni
ipx flooding-unthrottled
[12.1] global configuratiom command specifies that NLSP flooding should
be unthrottled.
ipx netbios-socket-input-checks
[12.1] global configuratiom command limits the input of non-type 20
netbios bc packets
ipx potential-pseudonode
[12.1] global configuration command specifies to keep backup route and
service data for NLSP potential pseudocode.
ipx saps follow-route-paths
[12.1] An undocumented global configuration command. See Bug Id
SCdm12190 for details.
ipx server-split-horizon-on-server-paths
[12.1] global configuratiom command specifies that split horizon SAP
occurs on server, not route, paths. This command is documented in Bug Id
CSCdm12190.
ipx update interval {rip | sap} {seconds | passive | changes-only}
[12.1] The undocumented passive keyword specifies to listen but does not
send normal periodic SAP updates nor flashes/changes updates. Queries
will still be replied to. The update interval is set to the same
interval as changes-only. The passive keyword is documented under Bug
Id CSCdj59918.
isdn {n200 | t200 | t203} number
[hidden] commands change the value of various layer 2 ISDN timer
settings. The number parameter is milliseconds for t200 and t203 and
the maximum number of retransmits for the keyword n200. The current
value of ISDN timers can be displayed using the show isdn
timers EXEC command.The values of the timer settings depend on the
switch type and typically are used only for homologation purposes.
The typical value for t200 is 1 second, for t203 is 10 seconds and
for n200 is 3 retransmits.

[J]

[K]

[L]
llc attach [interface]
llc close aaaa
llc offset aaaa
llc open [interface]
llc send aaaa
logging event {link-status | subif-link-status}
The no form of the undocumented logging event link-status interface
commmand is used to turn off sending up, down and change messages for an
interface to the syslog. This is very useful on live systems since
these systems generate so many of these messages that other important
messages are often hard to see. This is a companion command to the
documented command no snmp trap link-status which prevents sending the
associated snmp trap.
loopback diag
CONFIG
loopback dec
CONFIG: at dec chip
loopback test
CONFIG
loopback micro-linear
CONFIG
loopback motorola
CONFIG

[M]
memory scan
Parity check for 7500 RSPs
modem log {cts | dcd | dsr | dtr | ri | rs232 | rts | tst}
[12.1] configuration command is used to specify which rs232 log events
are to be saved for display by the show modem log command. When
performing log analysis, various RS232 events fill the log within
seconds rendering it useless for analysis (see Bug Id CSCdk86001).
This command helps to filter out unwanted entries in the log.
modem-mgmt csm debug-rbs
[12.1] turns on debugging for Channelized T1 links in the AS5x00
series, providing info about ABCD bits in phone call supervision.
Documented, here. Debug cas replaced this 'broken' command.
INTERNAL privileged EXEC command enables robbed bit signaling debugging
within CSM. Issuing the command once turns on rbs debugging. Issueing
the command a second time turns on special rbs debugging. Issuing
the command using the no-debug-rbs keyword turns off all degugging.
This command is useful in looking at modem pooling and channelized
T1s. To make this command available, the service internal global
configuration command must be issued first.
multilink bundle-name {authenticated | both | endpoint}
[12.1] This undocumented global configuration command selects the method
for naming multilink bundles. "authenticated" specifies using the
peer's authenticated name, "endpoint" specifies using the peer's
endpoint discriminator and "both" specifies using both the peer's
authenticated name and endpoint discriminator.

[N]
[no] environment-monitor
Disable environment monitoring
[no] ppp chap ignoreous
For router with same hostname
[no] service auto-reset
On linecards
[no] service password-recovery
For the daring people  

[O]

[P]
ppp direction {callin | callout | dedicated}
[12.1] [hidden] identify the direction of ppp activity. PPP attempts to
determine if a call is callin or a callout or a dedicated line. This is
how it detects spoofed CHAP challenges. When an async interface is
added to a dialer interface, ppp cannot detect the difference between
a dedicated line and a callin. So it assumes that it is a callin.
Adding the ppp direction dedicated overcomes this.
ppp ipcp accept-address
[hidden] interface command specifies that IOS is to revert to the
previous operation regarding the acceptance of ip addresses from
users. When enabled, the peer IP address will be accepted but is still
subject to AAA verification, it will have precedence
over any local address pool however. In IOS releases after 11.0(11),
PPP IPCP negotiation was changed to accepts a remote peer's
"Her" proposed address regardless, and the "Her" address is
subsequently added to the IP routing table as a host route.
With IOS Releases later than 11.0(11) the software checks the
"Her" address against the corresponding dialer map and if the address
is different than the IP address detailed within the dialer map,
a NAK will be sent and the dialer map IP address will be added as
a host route in the IP routing table.
ppp ipcp ignore-map
ppp lcp fast-start
[12.1] interface configuration command specifies to ignore the carrier
timer and start PPP when an LCP packet arrives.
ppp restart-timer msec
[hidden] interface configuration command modifies the default value
(2 seconds) for the restart timer. The translate command also has a
similar keyword, restart.
ppp timeout absolute  
Determines how long PPP link can be up [default is infinity, configurable as 0] used under virtual-template interfaces.
ppp timeout idle  inbound
ppp timeout idle  either
Determines how long PPP can wait until bringing the link down if there
is no traffic. [default is infinity, configurable as 0] used under
virtual-template interfaces.
profile   

[Q]

[R]
radius-server attribute 44 on-for-access-req
[hiden] global configuration command sends attribute 44 in all access
request packets. The command may be present in IOS 11.3(9+)AA
(reference BugID CSCdk74429). This command is replaced by the
radius-server attribute 44 include-in-access-req command.
radius-server attribute 6 on-for-login-auth
[hidden] global configuration command sends attribute 6 in all
authentication packets (e.g., access requests). This command may be
present in IOS 11.3(9+)T and 12.0(3+)T (reference
BugID CSCdk81561).
radius-server attribute 6 support-multiple
[hidden] global configuration command specifies that IOS is to support
multiple Service-Type values per Radius profile in violation of the
RFC for Radius. This command was added in IOS
12.1(2.3)T2 and 12.1(3.3)T (reference BugID CSCdr60306).
radius-server authorization default framed-protocol ppp
[hidden] used to specify the default framed-protocol as PPP when this
RADIUS attribute is missing.
radius-server authorization permit missing service-type
[hidden] global command is used to specify that a RADIUS entry without
service-type information is permitted. It is used when RADIUS is being
used as a database without regard to service-type.
radius-server attribute nas-port extended
[hidden?] command is replaced by the radius-server attribute nas-port
format b command in some releases of IOS. For this reason it may be
hidden in the IOS configuration mode but documented. In these
versions of IOS, the command will be accepted but ignored.
radius-server challenge-noecho
[12.1] global configuration command specifies that data echoing to the
screen is disabled during Access-Challenge.
radius-server directed-request [restricted] [right-to-left]
[hidden] right-to-left keyword, which first appeared in IOS 12/0(7)T,
enables right-to-left parsing of the user information (reference
Bugid CSCdm77820).
radius-server extended-portnames
[hidden] global configuration command, which displays expanded interface
information in the NAS-Port-Type attribute, has been replaced by the
radius-server attribute nas-port extended command.
This command configures RADIUS to expand the size of the NAS-Port
attribute field to 32 bits.
The upper 16 bits of the NAS-Port attribute display the type and number
of the controlling interface; the lower 16 bits indicate the
interface undergoing authentication.
This command first appeared in IOS Release 11.1. It has been hidden in
IOS 11.3+ and IOS 12.0+ since the command has been replaced
(reference Bugid CSCdj06817).
radius-server host {hostname | ip-address} [auth-port port-number]
[acct-port port-number] [timeout seconds] [retransmit retries]
[key string] [ignore-acct-authenticator]
[hidden] ignore-acct-authenticator keyword specifies to ignore
accounting authenticator errors and warn only (11.3(+)AA).
radius-server ipc-limit done limit
[hidden]
radius-server retry method round-robin
[hidden] global configuration command is used to specify an alternate
method of selecting servers when one is not responding. As of 12.0(3)T
alternates may not be defined and the round-robin alternative may not
be implemented.
radius-server secret string
[hidden] global configuration command is used to specify the key shared
with the RADIUS server. This command is hidden because it has been
replaced with the radius-server key command (reference
BugID CSCdi44081). This command first appeared in IOS Release 11.1.
radius-server unique-ident value
[hidden] global configuration command is used to set high order bits for
the accounting identifier. The identifier field is a one octet field
included in all RADIUS accounting packets which aids in matching
requests and replies.

[S]
scheduler max-task-time 200
CONFIG: last val in milliseconds
scheduler heapcheck process
CONFIG: memory validation, after proc
scheduler heapcheck poll
CONFIG: memory valid after some poll
scheduler run-degraded
CONFIG: in a failure mode?
service internal
CONFIG: additional debugs that are not normally available
service slave-coredump
CONFIG
service log backtrace
CONFIG: provides traceback with every logging instance
set destination-preference
show alignment
show asciireg
On switches
show asp
show async bootp
No extended data will be sent in BOOTP responses
show biga
GLOBAL: catalyst 5000 release 5.5(1)
show bridge group verbose
shows additional information on each port that the bridge group is enabled
show caller
show chunk
show chunk summary
show counters [slot/port]
Shows all port counters
show compress hardware
show controller buffer fa# # (note, not the more common "fa#/#)
Catalyst 2900XL family 12.0(5.2)XU
show controller coronado #
Catalyst 2900XL family 12.0(5.2)XU
show controller delmar #
Catalyst 2900XL family 12.0(5.2)XU
show controller frank
Catalyst 2900XL family 12.0(5.2)XU
show controller razor
Catalyst 2900XL family 12.0(5.2)XU
show controller switch
Catalyst 2900XL family 12.0(5.2)XU, see also ciscosite.
show controller vip  log
show controller vip  tech
show fib drop
show fib interface
show fib interface detail
show fib interface loopback
show fib interface null
show fib interface statistics
show fib interface vlan
show fib linecard
show fib linecard detail
show fib not-cef-switched
show fib not-fib-switched
show idb
show inband
GLOBAL: catalyst 5000 release 5.5(1)
show interface statis
show interface switching
show interfaces stat
show interface  stat
show interfaces switching
show int  switching
Shows switching path information for the interface
show ip cef internal
show ip eigrp event [as] [start# end#]
IP-EIGRP Events
show ip eigrp sia-event [as] [start# end#]
IP-EIGRP SIA event
show ip eigrp timers [as]
IP-EIGRP Timers
show ip ospf bad-checksum
show ip ospf delete
show ip ospf delete-list
show ip ospf ev
show ip ospf events
show ip ospf maxage-list
show ip ospf statistics
show ipx backup [network]
show ipx cache cbus
show ipx cache hash
show ipx eigrp event [event-number]
shows past eigrp events
show ipx eigrp sia-event
shows past eigrp stuck in actives
show ipx private cache-history aaa
show ipx urd [0-fffffffe]
show isdn {active | history | memory | services | status [dsl | serial
number] | timers}
active: Displays current call information, including called number, the
time until the call is disconnected, AOC charging units used during the
call, and whether the AOC information is provided during calls or at end
of calls.
history: Displays historic and current call information, including the
called number, the time until the call is disconnected, AOC charging
time units used during the call, and whether the AOC information is
provided during calls or at the end of calls.
status serial number: Displays the status of a specific ISDN PRI
interface created and configured as a serial interface.
show isis timers
show isis tree
IS-IS link state database AVL tree
show isis tree level-2
show isis private
show list
show list nonempty
show llc
show mbuf
Catalyst 5000, The main issue to observe with this command is whether
the switch is being starved for memory. Within the display, "clusters"
is the number of buffers that are available for NMP to process
incoming packets, which include any broadcast/multicast, management
traffic. "clfree" is the number of buffers that are available for the
NMP at any given time.
If this is zero then this means that NMP has no buffers to process any
incoming frames. "lowest clfree" determines the lowest watermark that
NMP has hit at any time. If this value is zero but clfree is nonzero,
then this means that at one instance NMP ran out of buffers. This
can be because of a broadcast of a multicast storm in the management
vlan.
show media
show media access-lists
show modem mapping
show parity
show parser
show parser links
show parser modes
show parser unresolved
show portreg
On switches
show proc all-events
Shows all process events
show profile
Shows cpu profiling
show profile detail
Shows cpu profiling
show profile terse
Shows cpu profiling
show refuse-message
show region  
Shows image layout