Systech Solutions LTD.

• port <port number>
  (Optional) The network access server port to use for POD requests. If no port is specified, port 1700 is used.
• auth-type
  (Optional) The type of authorization required for disconnecting sessions.
  • any
    Session that matches all of the attributes sent in the POD packet is disconnected. The POD packet may contain one or more of four key attributes (user-name, framed-IP-address, session-ID, and session-key).
  • all
    Only a session that matches all four key attributes is disconnected. All is the default.
  • session-key
    Session with a matching session-key attribute is disconnected. All other attributes are ignored.

• <string>
  The secret text string that is shared between the network access server and the client workstation. This secret string must be the same on both systems.

This command is now documented as of 12.2(8)T.

Modem CD dropped unexpectedly. 
User exceeded timelimit
ARAP connection was terminated. 
v42_input running (may be low memory)
v42_output running (may be low memory)
Force Quit pak v42bisflush C
Carrier dropped during startup

Sucessfull call:

wg1r1#csim start 089150
csim: called number = 089150, loop count = 1 ping count = 0
csim err csimDisconnected recvd DISC cid(21)
csim: loop = 1, failed = 1
csim: call attempted = 1, setup failed = 1, tone failed = 0

Call to an undefined number:

wg1r1#csim start 089151
csim: called number = 089151, loop count = 1 ping count = 0

csim err:csim_do_test Error peer not found

Example output during ISAKMP SA establishment:

6w3d: ISAKMP cookie gen for src 62.245.147.66 dst 195.244.119.2
6w3d: ISAKMP cookie B5FCAD89 B2BD7BFF
6w3d: ISAKMP: find_me
        a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
        b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 B2BD7BFF
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b 00000000 00000000
6w3d: ISAKMP: compare
        a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
        b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 9BEC22F8
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b DB28B716 6D61AE4F
6w3d: ISAKMP cookie gen for src 195.244.119.2 dst 62.245.147.66
6w3d: ISAKMP cookie 10FA17FE 2C76366D
6w3d: ISAKMP: find_me
        a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
        b=(src 0.0.0.0 dst 0.0.0.0 state 0, init 0)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b 10FA17FE 2C76366D
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b 00000000 00000000
6w3d: ISAKMP: compare
        a=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
        b=(src 62.245.147.66 dst 195.244.119.2 state 0, init 1)
6w3d: my_cookie a B5FCAD89 9BEC22F8
6w3d: my_cookie b B5FCAD89 9BEC22F8
6w3d: his_cookie a DB28B716 6D61AE4F
6w3d: his_cookie b DB28B716 6D61AE4F

Example output during ISAKMP SA establishment:

6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809F0880 809F8A34
                  809F301C 809F33DC 809F5228 801710CC
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809F8494 809F87C0
                  809F8C20 809F301C 809F33DC 809F5228 801710CC
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_NO_STATE
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 72):
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d: -Traceback= 80A36FE0 80A3A5C0 80A3D41C 809FF460 80A00E0C
                  80A01070 809FBEBC 809F99B8 809F468C 809F51C8 801710CC
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 204):
6w3d:           KE payload
6w3d:           NONCE payload
6w3d:           VENDOR payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_SA_SETUP
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_SA_SETUP
6w3d: ISAKMP: Main Mode packet contents (flags 0, len 184):
6w3d:           KE payload
6w3d:           NONCE payload
6w3d: ISAKMP: Main Mode packet contents (flags 1, len 64):
6w3d:           ID payload
6w3d:           HASH payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) MM_KEY_EXCH
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) MM_KEY_EXCH
6w3d: ISAKMP: Main Mode packet contents (flags 1, len 68):
6w3d:           ID payload
6w3d:           HASH payload
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 168):
6w3d:           HASH payload
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d:           NONCE payload
6w3d:           ID payload
6w3d:           ID payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) QM_IDLE     
6w3d: ISAKMP (0:1): received packet from 195.244.119.2 (I) QM_IDLE   
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 172):
6w3d:           HASH payload
6w3d:           SA payload
6w3d:             PROPOSAL
6w3d:               TRANSFORM
6w3d:           NONCE payload
6w3d:           ID payload
6w3d:           ID payload
6w3d: ISAKMP: Quick Mode packet contents (flags 1, len 52):
6w3d:           HASH payload
6w3d: ISAKMP (0:1): sending packet to 195.244.119.2 (I) QM_IDLE

Jan 13 14:56:03.240: Se0/1:15 DDR: Creating holdq 626B1B9C
Jan 13 14:56:03.240: DDR: Assigning holdq 626B1B9C to 627923F8
Jan 13 14:56:09.208: DDR: Assigning holdq 626B1B9C to 61B667F4
Jan 13 14:56:09.208: DDR: freeing dialer holdq 626B1B9C (Ref ptr 61B667F4)
Jan 13 14:56:09.208: DDR: Dialing failed, 0 packets unqueued and discarded
Jan 13 14:56:09.208: : 2 packets unqueued and discarded

ctalkb#debug oir
Online Insertion and Removal debugging is on
2w3d: OIR: Process woke, ‘Event’, stall=2, usec=0xB6835B36
        -Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Shutdown pulled interface for Serial5/0
        -Traceback= 600E30C4 60409204 604096C8 603B6D2C 603B6D18
2w3d: %OIR-6-REMCARD: Card removed from slot 5, interfaces disabled
        -Traceback= 60409748 603B6D2C 603B6D18
2w3d: OIR: Remove hwidbs for slot 5
        -Traceback= 60409368 60409750 603B6D2C 603B6D18
2w3d: OIR: Process woke, ‘Event(max not running)’, stall=3, usec=0xD0115C9E
        -Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: Process woke, ‘Timer(max running)’, stall=3, usec=0xDDBB56D6
        -Traceback= 6040967C 603B6D2C 603B6D18
2w3d: OIR: (Re)Init card 5, retry_count=3
        -Traceback= 60409894 603B6D2C 603B6D18
2w3d: %OIR-6-INSCARD: Card inserted in slot 5, interfaces administratively shut down
        -Traceback= 604098BC 603B6D2C 603B6D18

You will be prompted for a password. It has the following format:

• VTY
• VTY
• HW
• FW
• SW

That is, the VTY password followed by the VTY password again, followed by the hardware version, followed by the software version(no spaces, do not type the dots in the versions).

Catalyst 5000 series with Supervisor-Engine II and III and Catalyst 6000 series with Supervisor I and II:

Format for the password is:

• VTY
• HW
• FW
• SW
• VTY

That is, the VTY password followed by the VTY password again, followed by the hardware version, followed by the software version (no spaces, do not type the dots in the versions).

• <secs-between-runs> is 0-2147483 number of seconds between ager runs, default = 60 seconds. If the period between ager invalidation runs is set to 0, the ager process is disabled entirely.
• <fraction-low-memory> is 2-50 1/<fraction-low-memory> of cache to age per run (low memory), default = 4.
• <fraction> is 3-100 1/<fraction> of cache to age per run (normal), default = 20.

Configures the ager of the fast switching cache. Aaron Leonard <Aar...@cisco.com> recommended “20 3 3″ on cisco-nas in the light of recent CodeRed attacks, i.e. make the ager more aggressive to prevent excessive cache growth.

• <minimum-delay> is 0-300 seconds.
• <maximum-delay> is 1-300 seconds.
• <quiet-interval> is 1-600 seconds.

Use “no ip cache-invalidate-delay” to disable the delay altogether. See this posting from cisco-nas:

Date: Fri, 28 Apr 2000 10:07:03 -0700 (PDT)
From: Aaron Leonard <Aar...@cisco.com>
Subject: Re: CN: telnet DoS (CSCdm70743)
To: Cisc...@datasys.net
Message-id: <01JO...@Cisco.COM>
References: <01JO...@Cisco.COM>
Reply-To: Cisc...@datasys.net

It’s hidden, and you have to configure “service internal” in order
to bring it into existence.  I.e.

as5300-1(config)#service internal
as5300-1(config)#no ip cache-invalidate-delay

It’s generally recommended for systems running 12.0T/12.1 code if
they have lots of interfaces (>300) and are not doing CEF.

The motivation for this command is a timing problem where OSPF fails to determine the state of an interface. The solution was for OSPF to poll the interface for a while to verify its state. The hidden command allows us to lengthen the polling period on routers that have a large number of interfaces. The polls occur every 10 seconds and the command controls the number of polls that will be done. With a setting of 0 retries there will be no extra polling.

Default number of retries is 10.

Date: Thu, 11 Sep 2003 09:34:53 -0700 (PDT)
From: Aaron Leonard <Aar...@cisco.com>
Subject: Re: [cisco-nas] IP Route Profile
In-reply-to: “Your message dated Wed, 10 Sep 2003 22:21:02 -0500″
        <10e701c37813$bad83870$5370cd41@dellbert>
To: “Beprojects.com” <i...@beprojects.com>
Cc: cisc...@puck.nether.net

[...]

“ip route profile” was implemented way back in late ‘96 by CSCdi76662.
However we have historically refrained from documenting this (CSCdk01634,
CSCdz19775) as this has been declared to be a hidden command that “should
not be used by customers”.
                                                                                                            
However, in fact this is NOT a hidden command … so I’ve just now
gone ahead and reopened CSCdz19775.

Introduction

The Route Table Profiling feature was developed to assist network engineers
in monitoring routing table fluctuations, which may be the result of route
flapping, network failure, or network service restoration.  This feature was
added in CSCdi76662 to the 11.1CC train of Cisco IOS.

The Route Table Profiling feature is an undocumented and unsupported
feature.  There is no MIB support provided.

Configuration
                                                                                                         
The Route Table Profiling feature is enabled globally.  The command is “ip
route profile” in global configuration mode.  This feature can be disabled
with the command “no ip route profile” in global configuration mode.
                                                                                                         
Routing table change statistics can be viewed with the “show ip
route profile” command in exec mode.

This command is documented in DDTS CSCdm12190. From the release note:

By default, split horizon blocks information about periodic SAPs from being advertised by a router to the same interface on which the best route to that SAP is learned. But in the case where the SAP may be learned from interfaces other than (or in addition to) the interface on which the best route to that SAP is learned, enabling “ipx server-split-horizon-on-server-paths” will reduce unnecessary periodic SAP updates as that SAP will not be advertised to the interface(s) where it was learned from; this will also prevent potential “SAP loop” in the network.

See also “ipx sap-interval”.

See CSCdv04268 for availability information.

I assume you have preauthentication already configured? By default, we
send Service-Type = Outbound-User. In 12.1(4)T and later, you can
configure the (hidden) command “radius send service-type call-check”
to change the value from Outbound-User to Call-Check. I submitted
CSCdt85947 to get the command unhidden and documented. Here is the
release-note I attached:

The command “radius send service-type call-check” is hidden. This
command is available in 12.1(4)T and later and is used to change the
value of the Service-Type RADIUS attribute the access server sends
when doing pre-authentication. The default is to send Outbound-User
(5). With this command configured, we will send Call-Check (10). This
is useful in a multi-vendor environment as well as when migrating an
existing RADIUS database for use withe Cisco access server.

The hidden command “radius-server unique-ident” can be used to try to ensure that RADIUS session IDs are unique across IOS boots. It will have the side effect of automatically writing the IOS configuration to NVRAM some time after booting.

When the router parses the command “radius-server unique-ident” it sets the unique-ident variable to (n+1) and all accouting records have a prefix of (n+1). When you look at the configuration or write the configuration to NVRAM, it is also shows “radius-server unique-ident”.

If the box is reloaded, upon booting the router will parse “radius-server unique-ident” and then set the unique-ident variable to (n+2) and all accounting records have a prefix of (n+2). When you look at the configuration or write the configuration to NVRAM, is will show “radius-server unique-ident”.

Example output:

Switch(config)#service unsupported-transceiver
 Warning: When Cisco determines that a fault or defect can be traced to
 the use of third-party transceivers installed by a customer or reseller,
 then, at Cisco’s discretion, Cisco may withhold support under warranty or
 a Cisco support program. In the course of providing support for a Cisco
 networking product Cisco may require that the end user install Cisco
 transceivers if Cisco determines that removing third-party parts will
 assist Cisco in diagnosing the cause of a support issue.

Packets should be treated consistently on all platforms for a given configuration. This fix addresses the consistency issue when QoS Mod CLI is configured via the “service-policy” command on the 7500 vs the other IOS platforms.

After this fix, each packet will be matched for a matching class under the policy-map until a match is found. Matching terminates at the first matching class and all features configured under the class act on the packet. In the current IOS releases, matching happens across all classes under a policy until the first matching class is found for every configured QoS feature.

To maintain backward compatibility a hidden knob called “service-policy classify-per-feature” knob is introduced. When configured, the behaviour reverts to the current existing behaviour. By way of this fix, the default behaviour will be common for all platforms. This fix is going to affect 7200 and other non-distributed platforms only.

Possible category names (most certainly depending on CatOS version):

acct, acl, all, bdd, cdp, config, dhcp, diag, dns, dot1x, drip, dtp, dupflash, dupnvram, dynvlan, earl, envmon, eobc, epld, essr, evmgr, fabric, fcp, fddi, fib, filesys, fpoe, garp, gvrp, hamgr, http, inband, ipc, kerberos, l3age, l3sup, lane, ld, llc, ltl, mbuf, mcast, mdg, memdbg, mls, mlsm, modport, ntp, nvsync, oob, pagp, protfilt, pruning, privatevlan, qde, qos, radius, redundancy, rsfc, rsvp, rtios, rtipc, rticc, runtimecfg, scp, security, slp, snmp, span, spantree, ssh, syncmgr, synfig, syslog, tacacs, test, tftp, tftpd, udld, verb, vlanmgr, vmps, vtp.

• <level> = 0..15, 0 to disable, default is 1
• <level> = 0..255 for inband only

A level of 6 is normally a good start.

Warning: Can produce losts of output depending on your configuration and the level chosen.

Displays various statistics about the ACL subsystem and associated hardware components. There are some interesting counters like compilation errors and also usage counters for various tables (different masks, subnets, etc). Useful when you can’t commit your ACL with a TCAM error message.

ACL: local stats table
Messaging
———————————————————-
rxScpMsg:              0
rxScpMsgAbort:         0
rxAclMsg:              1257
rxAclMsgAbort:         0
aclMsgUnknownType:     0
outOfSequence:         0
appIdMisUse:           0
intfConfError:         0
msgSendFailed:         1
appIdDifferAfterSwover:0
ignoreRaclOverride:    1
draco-id:  65535-ffffffff-ffffffff
draco-id:  33-ffffffff-ffffffff

Resources
———————————————————-
ACL malloc fail:       0
noLou:                 0
noMask:                0
noCapmap:              0
tcamFull:              0
compilerErr:           18
noLabel:               0
louExpandGt:           0
louExpandLt:           0
louExpandNeq:          0
louExpandRange:        0
freeListRebuild:       0

Acl engine stats
———————————————————-
perseusL3Parity:       0
perseusSequenceErr:    0
perseusLabelOverflow:  0
perseusCamLookupErr:   0
perseusDbusErr:        0
perseusCpuParityErr:   0
perseusIPChecksumErr:  1
perseusShortPacketErr: 0
perseusCpuTmout:       0
**lookup fifo undeflow:0
Hardware resource usage for ACL Tcam: label:3.73%, lou:20.31%,
mask:11.86%, value:4.4%

Acl manager stats
———————————————————-
aclRestarted:          F
Sec vacl restore done: T
Lda vacl restore done: T
Qos acl restore done:  T
Feature intf count:    0

HA stats
———————————————————-
activeHaCopyFail:      0
Gsync_count:           1
Sleep on gsync      Gsync done          Wakeup on gsync
14:58:43            14:58:45            14:58:45
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
000:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00
00:00:00            00:00:00            00:00:00

This command will display the number of times the ECBs have reset since last power on, a number of 1 for each ECB is normal. Numbers in the hundreds or thousands mean you need to call Cisco for replacement boards.

    Switch#sh controller switch
    Switch registers:

    Device Type : 0×00040273
    Congestion Threshold : 0×00000E95
    Peak Total Allocation : 0×0000001A
    Total Allocation : 0×00000000
    Peak Total Bandwidth : 0×00000020
    Total Bandwidth : 0×00000000
    Total Bandwidth Limit : 0×000003DE
    Lower Bandwidth Limit : 0×000003DE
    Switch Mode : 0×00040000

    Switch#

The Total Bandwidth Limit varies between different 2900XL and 3500XL models. When the Total Bandwidth reaches the Total Bandwidth Limit value, the switch has reached its full bandwidth capacity and begins to drop packets. The Peak Total Bandwidth is the highest value attained by the Total Bandwidth since the last time the show controller switch command was executed. Note, the values for the above parameters are in hexadecimal.

The Congestion Threshold value is used as conservative value for the maximum global buffer utilization. When the buffer utilization noted by Total Allocation reaches this value, the switch may drop frames. The Peak Total Allocation value shows the highest value attained by the Total Allocation since the last time the show controller switch command was executed. It is possible for the Peak Total Allocation and/or the Total Allocation to be greater than Congestion Threshold. If the Total Allocation reaches or is over the Congestion Threshold amount, the switch is experiencing considerable network activity near its full capacity.

The global buffer utilization may be adversely effected by several configuration issues, described below:

1.Speed mismatch between an ingress and egress port; for example, several 100 megabit clients transferring files to a server connected to the switch at 10 megabits, half-duplex.

2.Multiple input ports feeding a single output port.

3.Duplex mismatch on multiple ports.

4.Numerous ports that are experiencing collisions and/or output errors due to half-duplex configuration or over-subscription of a slow link.

gepard#show epc ?
E-PAM show comands:
  IF-entry          IF Entry in IF-Table
  VC-entry          VC Entry in VC-Table
  VLAN-entry        VLAN Entry in VLAN-Table
  aal5              aal5 statistics
  acl               ACL FPGA related debug commands
  adm               Show contents of ADM in IOS
  age-timer         Aging Timer
  atm-debug-status  ATM debug statistics
  atmup_ipmcast     Show Multicast VC leg to external VC mapping
  caller-stats      Caller Stats at a merge-point
  caller-tags       Caller Tags
  cam               Show contents of E-PAM CAM
  card              Show information managed by CARD
  coredb            show coredb
  counters          Counters of all epif-ports
  discards          discard statistics
  exvc-entry        External VC Entry in VC-Table
  fe-channel        FE-Channel Membership Information
  fpga              Access ACL FPGA resources
  freecam           Free space in CAM
  ifmapping         Interface mapping to CAM IF number
  ip-address        Show adjacency entries in line cards
  ip-prefix         Show IP prefix entries (compare to CEF output)
  ipmcast           Show IP Multicast table in E-PAM CAM
  ipx-node          Show IPX node entry in E-PAM CAM
  ipx-prefix        Show IPX prefix in E-PAM CAM
  jaguar-fpga-epld  Access ACL2 EPLD Addresses with WID=2
  lec-ipx           Show LEC Local IPX Information
  lsipc             Show LSIPC information
  mac               Show MAC address in E-PAM
  macfilter         Show MAC filter address database
  mailbox           Read the mailbox value
  mem               Show contents of packet memory in E-PAM
  patricia          Show Patricia tree in E-PAM CAM
  port-qos          Show current port qos configuration
  queuing           queueing statistics
  register          print contents of EPIF register
  ri-register       Show last reported contents of EPIF RI register
  sm                Show 1483 Local static map information
  spd               selective packet drop statistics
  status            Status of all epif-ports
  switching         VC switching statistics
  tcam              TCAM related commands
  ucode             uCode images on all epif-ports
  udp-flood         Show LS UDP-flooding information

Some of these commands are documented as part of the Catalyst 8540 documentation but are also useful on the Catalyst 2948G-L3 which seems to be based (at least partly) on the same hardware platform as the Catalyst 8540.

See: http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/11_ey/trouble/l3_net.htm

gepard#show epc ip-address interface FastEthernet 1 all-entries
IPaddr: 192.168.60.116  MACaddr: 0090.27b7.24d7  FastEthernet14(17)
IPaddr: 192.168.60.117  MACaddr: 0090.27d1.d47a  FastEthernet15(18)
IPaddr: 192.168.60.112  MACaddr: 00d0.b720.6fc9  FastEthernet10(13)
IPaddr: 192.168.60.113  MACaddr: 00d0.b720.750f  FastEthernet11(14)
IPaddr: 192.168.60.114  MACaddr: 00d0.b720.7357  FastEthernet12(15)
IPaddr: 192.168.60.115  MACaddr: 00d0.b720.755e  FastEthernet13(16)
IPaddr: 192.168.60.125  MACaddr: 0050.0457.edbf  FastEthernet19(22)
IPaddr: 10.232.4.202    MACaddr: 0009.b7b4.0700  Port-channel1.2(60)
IPaddr: 192.168.60.120  MACaddr: 0090.27c3.f042  FastEthernet5(8)
IPaddr: 192.168.60.100  MACaddr: 0002.b3ac.5470  GigabitEthernet50(53)
IPaddr: 192.168.60.101  MACaddr: 0002.b3ac.5470  GigabitEthernet50(53)
IPaddr: 192.168.60.102  MACaddr: 0090.27d1.88bf  FastEthernet4(7)
IPaddr: 192.168.60.103  MACaddr: 0090.27d1.88bf  FastEthernet4(7)
IPaddr: 192.168.60.99   MACaddr: 6080.0f3c.0000
IPaddr: 192.168.60.110  MACaddr: 0090.27dd.f9a6  FastEthernet8(11)
IPaddr: 192.168.60.111  MACaddr: 00d0.b708.adb3  FastEthernet9(12)
IPaddr: 192.168.61.21   MACaddr: 0800.20ee.4ead  FastEthernet46(49)
IPaddr: 192.168.60.20   MACaddr: 0030.6e11.0157  FastEthernet37(40)
IPaddr: 192.168.60.21   MACaddr: 0030.6e11.139f  FastEthernet38(41)
IPaddr: 192.168.60.22   MACaddr: 0002.b3ac.5454  GigabitEthernet49(52)
IPaddr: 192.168.61.22   MACaddr: 0800.20ec.6709  FastEthernet46(49)
IPaddr: 192.168.60.23   MACaddr: 0002.b3ac.53f5  FastEthernet43(46)
IPaddr: 192.168.60.30   MACaddr: 00e0.18c2.baf9  FastEthernet21(24)
IPaddr: 192.168.60.25   MACaddr: 0030.6e12.099a  FastEthernet39(42)
IPaddr 192.168.60.26 missing
[...]
   Total number of IP adjacency entries: 46
   Missing IP adjacency entries: 1

Example output provided by Hank:

cs-c2948gl3-13a#sh epc patricia interface FastEthernet 3 ipucast detail
1# Synthetic entry: CAM location: 0×202B NAP location: 0×202C
    IP Prefix:224.0.0.0 MySubnet  LB:Disabled  Network Entry:Valid
2# Synthetic entry: CAM location: 0×2038 NAP location: 0×0000
3# Synthetic entry: CAM location: 0×202F NAP location: 0×2035
    IP Prefix:192.168.128.255 MySubnet  LB:Disabled  Network Entry:Valid
4# HOST Entry CAM location: 0×2030 NAP location: 0×0000
    IP addr:192.168.128.2   Host  IF Number:6 Entry:Valid
    Mac Addr:0090.a65c.63ff
5# Synthetic entry: CAM location: 0×2050 NAP location: 0×2032
    IP Prefix:192.168.128.0 MySubnet  LB:Disabled  Network Entry:Valid
    IP Prefix:192.168.128.1 MySubnet  LB:Disabled  Host Entry:Valid
6# Synthetic entry: CAM location: 0×203C NAP location: 0×2037
    IP Prefix:192.168.105.0 MySubnet  LB:Disabled  Network Entry:Valid
    IP Prefix:192.168.128.0 MySubnet  LB:Disabled  Network Entry:Valid
7# Synthetic entry: CAM location: 0×203F NAP location: 0×203E
    IP Prefix:192.168.105.255 MySubnet  LB:Disabled  Network Entry:Valid
8# HOST Entry CAM location: 0×2046 NAP location: 0×0000
    IP addr:192.168.105.8   Host  IF Number:5 Entry:Valid
    Mac Addr:0001.968e.33b0
9# Synthetic entry: CAM location: 0×2045 NAP location: 0×2040
    IP Prefix:192.168.105.2   LB:Disabled  Network Entry:Valid
    Nexthop CAM locations: 0×2046   0×0000
    Nexthop 1:
      IP addr:192.168.105.8   Host  Entry:Valid FastEthernet2 (5)
      Mac Addr:0001.968e.33b0
10# Synthetic entry: CAM location: 0×2033 NAP location: 0×203D
    IP Prefix:192.168.105.0 MySubnet  LB:Disabled  Network Entry:Valid
    IP Prefix:192.168.105.1 MySubnet  LB:Disabled  Host Entry:Valid
11# CAM location: 0×201B  ROOT
  IP Patricia Tree Summary:
    Number of IP entries: 18
    Number of Host Entries: 2
    Number of Network Entries: 10
    Number of Good Synthetic entries: 7
    Number of Dirty Synthetic entries: 1

However, bridge table entries on the Catalyst 2948G-L3 and 4908G-L3 switches are actually formed internally of at least two entries, one on the source interface (where the device with that MAC resides) and one on each destination interface (the interface where, based on the destination MAC in the frame, the traffic sourced from that MAC is destined). This is because the learning process for populating the bridging tables on the Catalyst 2948G-L3 and 4908G-L3 switches is actually distributed on a per-port basis rather than on a switch-wide basis.

gepard#show epc patricia interface FastEthernet 9 mac
1# MAC addr:0000.0000.0000  VC:0 Entry:
2# MAC addr:0900.2b01.0001 MyMAC
3# MAC addr:0180.c200.0000 MyMAC
4# MAC addr:0100.5e00.0006 MyMAC
5# MAC addr:0100.5e00.0005 MyMAC
6# MAC addr:0100.5e00.0002 MyMAC
7# MAC addr:0100.0ccc.cccd MyMAC
8# MAC addr:0100.0ccc.cccc MyMAC
9# MAC addr:00e0.18c2.baf9  IF Number:24 Entry:Remote
10# MAC addr:00d0.b720.755e  IF Number:16 Entry:Remote
11# MAC addr:00d0.b720.7357  IF Number:15 Entry:Remote
12# MAC addr:00d0.b720.6fc9  IF Number:13 Entry:Remote
13# MAC addr:00d0.b720.750f  IF Number:14 Entry:Remote
14# MAC addr:0090.27dd.f9a6  IF Number:11 Entry:Remote
15# MAC addr:0090.27d1.d47a  IF Number:18 Entry:Remote
16# MAC addr:0090.27c3.f042  IF Number:8 Entry:Remote
17# MAC addr:0090.27b7.24d7  IF Number:17 Entry:Remote
18# MAC addr:00d0.b708.adb3  IF Number:12 Entry:Local
19# MAC addr:0030.6e12.099b  IF Number:59 Entry:Remote
[...]
29# MAC addr:0002.b3ac.5474  IF Number:59 Entry:Remote
30# MAC addr:0003.9f17.980f HsrpMAC
31# MAC addr:0001.428b.d280  IF Number:4 Entry:Remote
32# MAC addr:0000.0c07.ac00 HsrpMAC
 Total number of MAC entries: 32

vxr15#sh idb

Maximum number of IDBs 3000

26 SW IDBs allocated (2368 bytes each)

22 HW IDBs allocated (4064 bytes each)
HWIDB#1   1   FastEthernet0/0 (HW IFINDEX, Ether)
…

This command outputs statistics about the internal Catalyst 6000 memory channel (interface between two supervisors in a redundant configuration). Can help to diagnose this kind of error: ‘InbandPingProcessFailure:Module 1 not responding over inband’.

         Inband FX1000 Control Information

  General Ctrl Regs:
    RegsBase: 42000000
     DevCtrl: 003C0001     DevStatus: 0000000F
      TxCtrl: 000400FA        RxCtrl: 0000821E

  Tx Ctrl Regs:
     TxDBase: 019AF000       TxDSize: 00002000
     TxDHead:  383       TxDTail:  383
       TxIpg: 00A00810

  Rx Ctrl Regs:
     RxDBase: 019AA000       RxDSize: 00004000
     RxDHead:  993       RxDTail:  990

             Inband PCI Information

    DeviceID: 1000          VendorID: 8086
      Status: 0200           Command: 0116
   ClassCode: 020000        Revision: 03
     Latency: FC           CacheLine: 08
    BaseAddr: 42000004
 NonSwapAddr: 00000000      SwapAddr: 02000000

               Inband Driver Information

  Transmit:
     FirstTxD: A19AF000(   0)    LastTxD: A19B0FF0( 511)
       TxHead: A19B0850( 389)     TxTail: A19B0850( 389)
     FreeTxDs: 00000512
  Receive:
     FirstRxD: A19AA000(   0)    LastRxD: A19ADFF0(1023)
       RxHead: A19ADDF0( 991)     RxTail: A19ADDE0( 990)
     FreeRxDs: 00001023
  System:
    SpurIntrs: 00000000       OutofMbufs: 00000000
   TotalMbufs: 00013088        TotalMCls: 00005536
    FreeMbufs: 00011532         FreeMCls: 00004043
      MacAddr: 00D0017957FF      Resynch: 00000000

                Inband FX1000 Statistics

  Transmit:
       TxPkts: 61337989          TxBytes: 2412393989
   Inband Stuck Count: 00000000
     Pkts/Sec: 00000000       QueuedPkts: 00000000
     LateColl: 00000000       ExcessColl: 00000000
         Ovfl: 00000000         OvflRate: 00000000
   JmboPktDrp: 00000000       MaxPktRcvd: 00000000

       Detail Tx Pkt Info   (clear on read)
           64: 00000000           65-127: 50108072
      128-255: 04559900          256-511: 00910493
     512-1023: 00000600        1024-1522: 00988696
        Bcast: 00000000            Mcast: 00000033
       # pkts: 56567761

  Receive:
       RxPkts: 43941855          RxBytes: 2483893904
     Pkts/Sec: 00000000        SeqErrInt: 00000000
         Ovfl: 00000000         OvflRate: 00000000
        OvInt: 00000000        OvIntRate: 00000000
      CrcErrs: 00000000         SymbErrs: 00000000
   ISLCrcErrs: 00000000          SeqErrs: 00000000
       DescOv: 00000000       DescOvRate: 00000000
      LenErrs: 00314103         DefrPkts: 00000000

       Detail Rx Pkt Info   (clear on read)
           64: 00000000           65-127: 17144848
      128-255: 25105957          256-511: 00849533
     512-1023: 00497913        1024-1522: 00029504
        Bcast: 00000000            Mcast: 00840799
     Good pkt: 43627755        Undersize: 00000000
       NoBuff: 00000000            Frags: 00000000
     Oversize: 00314103           Jabber: 00000000
       # pkts: 43941858

Here is an example output of this command.

CMTS# show interface cable 4/0 privacy statistic
CM key Chain Count : 12
CM Unicast key Chain Count : 12
CM Mucast key Chain Count : 3

router#show ip cef 141.1.0.0 255.255.0.0 internal
141.1.0.0/16, version 10758832, per-destination sharing
0 packets, 0 bytes
  via 194.221.43.81, 0 dependencies, recursive
    next hop 194.77.146.254, GigabitEthernet4/0/0 via 194.221.43.80/30
    valid adjacency

  Recursive load sharing using 194.221.43.80/30
  Load distribution: 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 (refcount 48739)

  Hash  OK  Interface                 Address         Packets
  1     Y   GigabitEthernet0/0/0      195.244.119.164       0
  2     Y   GigabitEthernet4/0/0      194.77.146.254        0
  3     Y   GigabitEthernet0/0/0      195.244.119.164       0
  4     Y   GigabitEthernet4/0/0      194.77.146.254        0
  5     Y   GigabitEthernet0/0/0      195.244.119.164       0
  6     Y   GigabitEthernet4/0/0      194.77.146.254        0
  7     Y   GigabitEthernet0/0/0      195.244.119.164       0
  8     Y   GigabitEthernet4/0/0      194.77.146.254        0
  9     Y   GigabitEthernet0/0/0      195.244.119.164       0
  10    Y   GigabitEthernet4/0/0      194.77.146.254        0
  11    Y   GigabitEthernet0/0/0      195.244.119.164       0
  12    Y   GigabitEthernet4/0/0      194.77.146.254        0
  13    Y   GigabitEthernet0/0/0      195.244.119.164       0
  14    Y   GigabitEthernet4/0/0      194.77.146.254        0
  15    Y   GigabitEthernet0/0/0      195.244.119.164       0
  16    Y   GigabitEthernet4/0/0      194.77.146.254        0

Example output:

router#show ip route hash

 nettable:
 Bucket     Majornets  Subnettted   Subnets
 ——————————————
 0           17          1           3
[...]
 4095        18          0           0

 supernettable:

 0           16
[...]
 4095        6

 Routing table summary:
 Total nets:        159234
 Total major nets:  67731
 Total super nets:  38199

aspen#show ip route profile
IP routing table change statistics:
Frequency of changes in a 5 second sampling interval
————————————————————-
Change/   Fwd-path  Prefix   Nexthop  Pathcount  Prefix
interval  change    add      change   change     refresh
————————————————————-
0         196       215      433      490        394
1         99        98       34       0          27
2         54        45       10       0          27
3         22        19       5        0          2
4         17        17       1        1          0
5         51        48       2        0          0
10        18        16       4        0          0
15        8         8        0        0          0
20        3         3        2        0          0
25        4         4        0        0          41
30        8         9        0        0          0
[...]
3905      1         1        0        0          0
7030      1         1        0        0          0
10155     0         0        0        0          0
13280     0         0        0        0          0
Overflow  5         5        0        0          0

labR4#show ip spd           
Current mode: normal.
Queue min/max thresholds: 73/74, Headroom: 100, Extended Headroom: 10
IP normal queue: 0, priority queue: 0.
SPD special drop mode: none

ctalkb#sh isis timers
  Hello Process
    Expiration    Type
|        0.856  (Parent)
  |        0.856  L2 Hello (Ethernet3/0)
  |        6.352  L1 Hello (Ethernet3/0)
  |        6.940  Adjacency

  Update Process
    Expiration    Type
|        1.060  (Parent)
  |        1.060  Ager
  |        1.352  L2 CSNP (Ethernet3/0)
  |        8.616  L1 CSNP (Ethernet3/0)
  |     3:25.860  (Parent)
    |     3:25.860  LSP refresh
    |     9:02.160  LSP lifetime
    |     9:24.568  LSP lifetime
    |    17:16.084  LSP lifetime
  |    20:58.536  Dynamic Hostname cleanup   

ctalkb#sh isis tree
IS-IS Level-2 AVL Tree
Current node = X.X.X.00-00, depth = 0, bal = 0
  Go down left
Current node = X.X.Y.00-00, depth = 1, bal = 0
—> Hit node X.X.Y.00-00
  Back up to X.X.X.00-00
Current node = X.X.X.00-00, depth = 0, bal = 0
—> Hit node X.X.X.00-00
  Go down right
Current node = X.X.X.02-00, depth = 1, bal = 0
—> Hit node X.X.X.02-00
  Back up to X.X.X.00-00   

   ID   Address  Size/Max   Name
    1  613EE970    11/-     Region List
    2  613EEE98     1/-     Processor
    3  613EFDE8     1/-     I/O
    4  613F0D38     1/-     I/O-2
    5  6149EDD0     0/-     Sched Critical
    6  6149ED90     0/-     Sched High
    7  6149EB00     0/-     Sched Normal  
ctalkb#show list none
List Manager:
     1415 lists known, 1561 lists created

   ID   Address  Size/Max   Name
    1  613EE970    11/-     Region List
    2  613EEE98     1/-     Processor
    3  613EFDE8     1/-     I/O
    4  613F0D38     1/-     I/O-2
    9  6149ED10    82/-     Sched Idle
   11  61499A50     8/-     Sched Normal (Old)
   12  6149CC10     1/-     Sched Low (Old)    

Count of firstfit: 7, bestfit: 2215118, maxout1: 0 maxout2: 0

I/O    4000000     2097152      398396     1698756     1641680     1698588
25 largest free blocks in the system (biggest to lowest)
1698588, 84, 84, 0, 0, 0, 0, 0, 0, 0, 5897388, 52466600, 5743730, 0, 0, 0,
1, -1, 32, 0, 5743730, 1349000, 0, 5897456, 52556446, 52556446.

Count of firstfit: 0, bestfit: 366, maxout1: 0 maxout2: 0

    Flows in nde buffer    : 0
    Nde flow limit         : 27
    Flow sequence          : 26695012
    Unused flows           : 3591516
    Non Ip Sc              : 0
    Filter mismatch        : 0
    Packets sent           : 0
    Flows dropped at swover: 109788930

Comment by Francois on the output above:

This command allows to debug NetFlow data export on Catalyst 6000. ‘Flows in nde buffer’ should grow until a threshold and then get flushed to the collector (’Packets sent’). In this particular case, the Catatyst 6000 series switch is hit by a bug which renders flow exports impossible and so the counter keeps rising.

TORUMSFC1# show msfc
Network IO Interrupt Throttling:
 throttle count=1149, timer count=1149
 active=0, configured=1
 netint usec=4000, netint mask usec=400

Interrupt Registers:
        Revision: 1, Slot 1
        Control : 0×1C
        Enable  : 0×3F
        Status  : 0×0

RSFC CPU IDPROM:
IDPROM image:

  (FRU is ‘MSFC Cat6k daughterboard’)

IDPROM image block #0:
  hexadecimal contents of block:
  00: AB AB 01 90 12 98 01 00 00 02 60 03 00 CF 43 69    ………….Ci
  10: 73 63 6F 20 53 79 73 74 65 6D 73 00 00 00 00 00    sco Systems…..
  20: 00 00 57 53 2D 46 36 4B 2D 4D 53 46 43 00 00 00    ..WS-F6K-MSFC…
[...]

TORUMSFC1# show msfc nvram
000: AA 55 01 00 02 DF EF F5 78 77 FB BF 00 00 00 00 .U……xw……
010: 00 00 00 00 01 02 FE FD FE ED FA CE 00 00 00 00 …………….
[...]

Example output:

[...]
Total FIB entries:        262144
Allocated FIB entries:     13894
Free FIB entries:         248250
FIB entries used for IP ucast:   13853
FIB entries used for IPX     :       1
FIB entries used for IP mcast:      40

Total adjacencies:        262144
Allocated adjacencies:      1365
Free adjacencies:         260779
Adjacencies used for IP ucast (FIB)           :     288
Adjacencies used for IPX (FIB)                :       3
Adjacencies used for IP mcast (FIB)           :      36
Adjacencies used for IP mcast (Netflow)       :       0
Adjacencies used for Policy Routing           :    1023
Adjacencies used for Feature Manager (Netflow):       0
Adjacencies used for Local Director           :       0
Adjacencies used for Diagnostics              :       5
Adjacencies used for FTEP                     :      10
[...]

From a cisco 7140:

maple#show region
Region Manager:

      Start         End     Size(b)  Class  Media  Name
 0×0B800000  0×0BFFFFFF     8388608  Iomem  R/W    iomem2
 0×20000000  0×23FFFFFF    67108864  Iomem  R/W    iomem
 0×5B800000  0×5BFFFFFF     8388608  Iomem  R/W    iomem2:(iomem2_cwt)
 0×60000000  0×6B7FFFFF   192937984  Local  R/W    main
 0×60008950  0×612D4D8C    19711037  IText  R/O    main:text
 0×612D6000  0×6137A3BF      672704  IData  R/W    main:data
 0×6137A3C0  0×6155A57F     1966528  IBss   R/W    main:bss
 0×6155A580  0×6B7FFFFF   170547840  Local  R/W    main:heap
 0×70000000  0×73FFFFFF    67108864  Iomem  R/W    iomem:(iomem_cwt)
 0×80000000  0×8B7FFFFF   192937984  Local  R/W    main:(main_k0)
 0xA0000000  0xAB7FFFFF   192937984  Local  R/W    main:(main_k1)

From a cisco 7140:

maple#show region address 0×6137A3BF
Address 0×6137A3BF is located physically in :

  Name  : data
  Class : IData
  Media : R/W
  Start : 0×612D6000
  End   : 0×6137A3BF
  Size  : 0×000A43C0

 Int           Local          Remote Qd     InPack     OutPac Inerr  Drops  MTU
  97   10.0.0.1                 None  0      17593     368518     0   1071 1500
  98   10.0.0.1                 None  0      19774     384754     0   1995 1500
[...]
 113   10.0.0.1                 None  0      19107     362360     0    817 1500
 114   10.0.0.1                 None  0      19438     428691     0   1424 1500

  Rcvd: 341389 packets, 7115582 bytes
        0 format errors, 139791 checksum errors, 0 overrun
  Sent: 6920660 packets, 640291923 bytes, 31864 dropped

oak#show snmp community
ILMI ILMI volatile active
public public volatile active

Some of these keywords must or can have further arguments.  

alder#test aaa group radius test test 
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.

alder#test aaa group radius  mon mon
Attempting authentication test to server-group radius using radius
User was successfully authenticated.

Sends the following RADIUS attributes:

Wed Aug  1 21:00:19 2001
        NAS-IP-Address = 194.221.19.47
        NAS-Port-Type = Async
        User-Name = “mon”
        Timestamp = 996692419

  ‘c’ rules of radix type-in and display apply.

 AIM Slot 1 eeprom (? for help)[?]:  d
  Slot 1, 0×00:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×08:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×10:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×18:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×20:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×28:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×30:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×38:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×40:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×48:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×50:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×58:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×60:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×68:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×70:  FF  FF  FF  FF  FF  FF  FF  FF
  Slot 1, 0×78:  FF  FF  FF  FF  FF  FF  FF  FF

Requirements: GTS must be enabled and the interface has to be set to frame-relay encapsulation.

Router#ttcp
transmit or receive [receive]: transmit
Target IP address: 1.1.1.1
perform tcp half close [n]:
send buflen [8192]:
send nbuf [2048]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
buffering on writes [y]:
show tcp information at end [n]:

ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp  -> 1.1.1.1
%Connect failed: Destination unreachable; gateway or host down

Router#ttcp
transmit or receive [receive]:
perform tcp half close [n]:
receive buflen [8192]:
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
rcvwndsize [4128]:
delayed ACK [y]:
show tcp information at end [n]:

ttcp-r: buflen=8192, align=16384/0, port=5001
rcvwndsize=4128, delayedack=yes  tcp

From the Open Forum:

Question: When using the Cisco hidden command ttcp (to generate traffic), what do the following values for this command mean:

perform tcp half close [n]
send bufflen [8192]:
send nbuf [2048]
bufalign [16384]:
bufoffset [0]:
port [5001]:
sinkmode [y]:
show tcp information at end [n]:

Answer:

Half close is regarding the tcp syn-ack; send bufflen is the size of the packet to be sent; send nbuf is the number of packets sent; bufalign is create a ”matrix” of sent data in either a linear or non-linear model of testing throughput and pattern analysis; setoffset is the offset of created data in the packet; port is the tcp/udp port the data is sent on, and sinkmode tells the device to ignore other network traffic or not.

Where <template-num> is the vtemplate number and <num> is the number of sessions you wish to pre-clone. Please note that with l2tp [by default], if you choose to pre-clone you are limited to the number of sessions you pre-cloned. i.e. if you pre-clone 1000 sessions, you cannot set up more then 1000 sessions for the given virtual-template.

This probably is per the suggestion in RFC 2661, section 8.1: “The default for any L2TP implementation is that UDP checksums MUST be enabled for both control and data messages. An L2TP implementation MAY provide an option to disable UDP checksums for data messages. It is recommended that UDP checksums always be enabled on control packets.”

And Dennis Peng from Cisco added the following note (on cisco-nas): Verification of the UDP checksum forces us into the process switching path which will result in increased CPU usage. By default, Cisco LAC’s will not set the UDP checksum, so in a Cisco to Cisco environment, you don’t need this command. But other vendors may set the UDP checksum, so in a multi-vendor environment, it is probably a good idea to include it. One big vendor which sets the UDP checksum is Microsoft, their L2TP client does this.

Some performance might be gained by increasing the hash table size and so reducing the number of collisions at the expense of increased memory usage.