What happens to the history table and log files when the device loses power?
|
The operational command reference pages describe the CLI commands that you use to display the properties and operational status of vSmart controllers, vEdge routers, and vBond orchestrators in the overlay network. When you log in to the CLI on a Cisco vEdge device, you are in operational mode. Show
In the CLI, operational commands are organized alphabetically, and many commands are organized into functional hierarchies. The top-level operational commands and command hierarchies are:
To filter operational command output, use the filters described in Command Filters for CLI Operational Commands. Clear the cflowd flows in all VPNs (on vEdge routers only). clear app cflowd flow-allCommand HistoryRelease Modification 14.3 Command introduced. ExamplesClear the cflowd flows in a specific VPN (on vEdge routers only). clear app cflowd flows vpn vpn-id [flow-property] Syntax Descriptionflow-property Specific Flow To Clear: Narrow down the exact flow to clear. flow-property can be one of: dest-ip prefix/length dest-port port-number (0 through 65535) dscp dscp-value (0 through 255) ip-proto protocol-number (0 through 255) src-ip prefix/length src-port port-number (0 through 65535) vpn vpn-id VPN: Specify the VPN in which to clear all cflowd flows. Command HistoryRelease Modification 14.3 Command introduced. ExamplesClear all DPI flows on the vEdge router (on vEdge routers only). clear app dpi all Command HistoryRelease Modification 15.2 Command introduced. ExamplesClear specific applications in a particular VPN on the vEdge router (on vEdge routers only). clear app dpi apps vpn vpn-id [application name] [source-prefix prefix | length] Syntax Descriptionapplication name Application Name: Name of the application to clear. source-prefix prefix|length Source IP address: Source IP prefix for the application or applications to clear. vpn vpn-id VPN: VPN in which the application participates. Command HistoryRelease Modification 15.2 Command introduced. ExamplesClear specific DPI flows in a particular VPN on the vEdge router (on vEdge routers only). clear app dpi flows vpn vpn-id [destination-prefix prefix/length] [destination-port number] [ip-protocol protocol] [source-prefix prefix/length] [src-port number] Syntax Descriptiondestination-prefix prefix/length source-prefix prefix/length IP Prefix: Destination or source IP prefix of the flow. destination-port number source-port number Port Number: Destination or source port number of the flow. ip-protocol protocol Protocol: Destination or source port number of the flow. vpn vpn-id VPN: VPN in which the flow participates. Command HistoryRelease Modification 15.2 Command introduced. ExamplesClear the information logged about flows (on vEdge routers only). After you issue this command, collection of information about the flow resumes immediately. clear app log flows [dest-ip prefix] [dest-port number] [ip-proto number] [src-ip prefix] [src-port number] vpn vpn-id Syntax Descriptionnone Clear information logged about all flows on the router. dest-ip prefix Destination IP Prefix: Clear information logged about flows with the specified destination IP prefix. dest-port number Destination Port Number: Clear information logged about flows with the specified destination port number. ip-protocol number IP Protocol: Clear information logged about flows with the specified IP protocol number. src-ip prefix Source IP Prefix: Clear information logged about flows with the specified source IP prefix. src-port number Source Port Number: Clear information logged about flows with the specified source port number. vpn vpn-id Specific VPN: Clear the logged flows in the specified VPN. Command HistoryRelease Modification 16.3 Command introduced. ExamplesRefresh dynamically created IPv4 entries in the Address Resolution Protocol (ARP) cache (on vEdge routers and vSmart controllers only). To clear IPv6 entries in the ARP cache, use the clear ipv6 neighbor command. clear arp [interface interface-name] [ip-address] [vpn vpn-id ] Syntax Descriptionnone Refresh all dynamic ARP cache entries. interface interface-name Interface: Refresh the dynamic ARP cache entries associated with the specific interface. ip-address IP Address: Refresh the dynamic ARP cache entries for the specified IP address. vpn vpn-id VPN: Refresh the dynamic ARP cache entries for the specific VPN. Command HistoryRelease Modification 14.1 Command introduced. ExamplesClear the counters for BFD transitions (on vEdge routers only). clear bfd transitions Command HistoryRelease Modification 15.1.1 Command introduced. ExamplesReset the peering sessions with a specific BGP neighbor in a VPN (on vEdge routers only). clear bgp neighbor ip-address vpn vpn-id [soft (in | out)] Syntax Descriptionip-addressvpn vpn-id Neighbor Address and VPN: Reset the connection to the specific BGP neighbor in the specified VPN. soft (in | out) Soft Reset: Perform a reset when the routing policy changes so that the new policy can take effect. With a soft reset, the route table is reconfigured and reactivated, but the BGP session itself is not reset. Use the in option to generate inbound route table updates from the BGP neighbor, and use the out option to have the local router send a new set of updated to the BGP neighbor. Command HistoryRelease Modification 14.1 Command introduced. ExamplesClear the MAC addresses that this vEdge router has learned (on vEdge routers only). The router restarts its MAC address learning process, performing flooding until all the MAC addresses are relearned. clear bridge mac Command HistoryRelease Modification 15.3 Command introduced. ExamplesClear the computations performed by Cloud OnRamp for SaaS (formerly called CloudExpress service) (on vEdge routers only). Cloud OnRamp for SaaS computations include application loss, latency, and best interface. clear cloudexpress computations [application application] Syntax Description(none) Clear all computations for all applications in all VPNs configured with Cloud OnRamp for SaaS. application Specific Application: Clear computations for a specific application configured for Cloud OnRamp for SaaS. Values: amazon_aws, box_net, concur, dropbox, google_apps, gotomeeting, intuit, jira, office365, oracle, salesforce, sap, sugar_crm, webex, zendesk, zoho_crm Command HistoryRelease Modification 16.3 Command introduced. 17.1 Removed vpn command option. ExamplesClear the Cloud OnRamp for SaaS computationsReset the DTLS connections from the local device to all Cisco SD-WAN devices. clear control connections  Note This command will reset all the Bidirectional Forwarding Detection (BFD) tunnels on the device. Command HistoryRelease Modification 14.2 Command introduced. ExamplesErase the connection history on the local device. clear control connections-historyExamplesCommand HistoryRelease Modification 16.1 Command introduced. To reset port-hop back to the base port on Cisco vEdge devices, use the clear control port-index command in privileged EXEC mode. clear control port-index Syntax DescriptionThis command has no keywords or arguments. Command DefaultThis command has no default behavior. Command ModesPrivileged EXEC (#) Command HistoryReleaseModificationCisco SD-WAN Release 20.6.1This command was introduced. Usage GuidelinesUse the clear control port-index command to reach back to 12346 base port on all the WAN interfaces. The following example shows how to clear the port-hopping bucket index: Delete the core files on the local device. Core files are saved in the /var/crash directory on the local device. clear crash number Syntax Description(none) Clear all core and information files on the device. number Specific Core File: Clear the specific core file. number is the index number listed in the show crash output. Command HistoryRelease Modification 15.2 Command introduced. ExamplesClear the bindings to DHCP servers (on vEdge routers only). clear dhcp server-bindings vpn vpn-id interface interface-name [client-mac mac-address] Syntax Descriptioninterface interface-name Interface to DHCP Server: Interface to use to reach the DHCP server. client-mac client-mac MAC Address of DHCP Server: Clear the entry for a single DHCP host based on the host's MAC address. vpn vpn-id VPN: Clear the DHCP bindings in a specific VPN. Command HistoryRelease Modification 14.3 Command introduced. 15.1 client-mac option added. Clear IPv4 DHCP state on the local device (on vEdge routers and vSmart controllers only). clear dhcp state interface interface-name [vpn vpn-id] Syntax Descriptioninterface interface-name Clear the DHCP state of a specific interface. vpn vpn-id Clear the DHCP state of an interface in the specified VPN. Command HistoryRelease Modification 14.3 Command introduced. ExamplesClear the cache of DNS entries on the local device. Use this command to clear stale entries from the DNS cache. The DNS cache is populated when the device establishes a connection with the vBond orchestrator. For a vEdge router, this connection is transient, and the DNS cache is cleared when its connection to the vBond orchestrator is closed. For a vSmart controller, the connection to a vBond orchestrator is permanent. clear dns cache Command HistoryRelease Modification 15.3 Command introduced. ExamplesDeauthenticate a client connected on an 802.1X or 802.11i interface (on vEdge routers only). Reauthentication occurs automatically if the client attempts to use the interface again. clear dot1x client mac-address interface interface-name Syntax Descriptionmac-address Client MAC Address: MAC address of the client to deauthenticate. To determine a client's MAC address, use the show dot1x clients command. interface interface-name Interface Name: Interface through which the client is reachable. To determine the interface name, use the show dot1x interfaces command. Command HistoryRelease Modification 16.3 Command introduced. Zero IGMP statistics (on vEdge routers only). clear igmp statistics [vpn vpn-id] Syntax Description(none) Clear IGMP statistics for all VPNs. vpn vpn-idVPN: Clear IGMP statistics in a specific VPN. Command HistoryRelease Modification 14.3 Command introduced. ExamplesClear all the certificates on the local device, including the public and private keys and the root certificate, and return the device to the factory-default state. clear installed-certificates Command HistoryRelease Modification 14.1 Command introduced. ExamplesZero interface statistics. clear interface statistics [interface interface-name] [queue queue-number] [vpn vpn-id] Syntax Description(none) Zero the statistics on all interfaces and all queues. queue queue-number Interface Queue: Zero the statistics on the specified queue. interface interface-name Specific Interface: Zero the statistics on the specified interface. vpn vpn-id VPN: Zero the interface statistics for interfaces in a specific VPN. Command HistoryRelease Modification 14.1 Command introduced. ExamplesClear the statistics for a particular group, source, or VPN from the Multicast Forwarding Information Base (MFIB) (on vEdge routers only). clear ip mfib record group group-address source source-address vpn vpn-id [upstream-iif interface-name] [upstream-tunnel ip-address] Syntax Descriptiongroup group-address source source-address vpn vpn-id Clear Statistics from the MFIB: Clear the statistics for a particular group, source, or VPN from the MFIB. upstream-iif interface-name Upstream Interface: Clear the MFIB statistics for the specified upstream interface. upstream-tunnel ip-address Upstream Tunnel: Clear the MFIB statistics for the specified tunnel to a remote system. Command HistoryRelease Modification 14.2 Command introduced. ExamplesClear the NAT translational filters (on vEdge routers only). clear ip nat filter [parameter] Syntax Descriptionparameter Filter Parameter: Clear NAT translation filters associated with the specified parameter. parameter can be nat-ifname, nat-vpn-id, private-dest-address, private-dest-port, private-source-address, private-source-port, private-vpn-id, and proto. These parameters correspond to some of the column headers in the show ip nat filter command output. Command HistoryRelease Modification 14.2 Command introduced. ExamplesClear the NAT translational interface statistics (on vEdge routers only). clear ip nat statistics [interface interface-name] [vpn vpn-id] Syntax Descriptioninterface interface-name vpn vpn-id Specific Interface: Clear NAT translation statistics associated with the specified interface. vpn vpn-id Specific VPN: Clear NAT translation statistics associated with the specified VPN. Command HistoryRelease Modification 14.2 Command introduced. ExamplesRefresh dynamically created IPv6 entries in the Address Resolution Protocol (ARP) cache (on vEdge routers and vSmart controllers only). To clear IPv4 entries in the ARP cache, use the clear arp command. clear ipv6 neighbor [interface interface-name] [ip-address] [vpn vpn-id] Syntax Description(none) Refresh all dynamic ARP cache entries. interface interface-name Interface: Refresh the dynamic ARP cache entries associated with the specific interface. ip-address IP Addresss: Refresh the dynamic ARP cache entries for the specified IP address. vpn vpn-id VPN: Refresh the dynamic ARP cache entries for the specific VPN. Command HistoryRelease Modification 16.3 Command introduced. ExamplesReset the OMP peering sessions with a specific peer (on vSmart controllers and vEdge routers only). When you reset a peering session, the routes to that peer are removed from the OMP route table, and they are reinstalled when the peer comes back up. clear omp peer ip-address [soft (in |out)] Syntax Description(none) Reset the specific peering session. soft in |out Refresh the Peering Session: Re-apply the inbound or outbound policy to the specific peering session. Command HistoryRelease Modification 14.1 Command introduced. ExamplesClear the history of connections and connection attempts made by the vBond orchestrator (on vBond orchestrators only). clear orchestrator connections-history Command HistoryRelease Modification 16.1 Command introduced. ExamplesShow orchestrator connections-historyReset OSPF in a VPN (on vEdge routers only). clear ospf all vpn vpn-id Syntax Descriptionvpn vpn-id VPN: Reset OSPF in the specified VPN. Command HistoryRelease Modification 14.1 Command introduced. ExamplesDelete the entries in the OSPF link-state database learned from OSPF neighbors (on vEdge routers only). Use this command for troubleshooting OSPF or to reset the link-state database if you suspect that it has been corrupted. clear ospf database vpn vpn-id Syntax Descriptionvpn vpn-id VPN: Clear the OSPF link-state database of entries from the specified VPN. Command HistoryRelease Modification 14.2 Command introduced. ExamplesClear the mappings of multicast groups to RPs (on vEdge routers only). clear pim rp-mapping [vpn vpn-id] Syntax Description(none) Clear all group-to-RP mappings. vpn vpn-id VPN: Clear the group-to-RP mappings for a specific VPN. Command HistoryRelease Modification 14.3 Command introduced. ExamplesClear all PIM-related statistics on the router, and relearn all PIM neighbors and joins (on vEdge routers only). clear pim statistics [vpn vpn-id] Syntax Description(none) Clear all PIM statistics, neighbors, and joins, and then relearn them. vpn vpn-id VPN: Clear the PIM statistics, neighbors, and joins in the specified VPN, and then relearn them. Command HistoryRelease Modification 14.2 Command introduced. ExamplesClear the policer out-of-specification (OOS) packet statistics (on vEdge routers only). A policed packet is out of specification when the policer does not allow it to pass. Depending on the policer configuration, these packets are either dropped or they are remarked, which sets the packet loss priority (PLP) value on the egress interface to high. clear policer statistics Command HistoryRelease Modification 16.3 Command introduced. ExamplesClear the policer OOS packet statisticsReset all counters for IPv4 access lists or data policies (on vSmart controllers and vEdge routers only). clear policy (access-list acl-name | app-route-policy policy-name | data-policy policy-name) Syntax Descriptionaccess-list acl-name Access List Counters: Zero the counters associated with the specified access list. app-route-policy policy-name Application-Aware Routing Policy Counter: Zero the counters associated with the specified application-aware routing policy. data-policy policy-name Data Policy Counters: Zero the counters associated with the specified data policy. Command HistoryRelease Modification 14.1 Command introduced. Zero the statistics about the packets processed by zone-based firewalls (on vEdge routers only). clear policy zbfw global-statistics Command HistoryRelease Modification 18.2 Command introduced. ExamplesClear the statistics about packets that the router has processed with zone-based firewallsClear the session flow information for zone pairs configured with a zone-based firewall policy (on vEdge routers only). show policy zbfw sessions [name pair-name] Syntax Description(none) Clear the session flow entries for all zone pairs. name pair-name Zone Pair Name: Clear the session flow entries for the specified zone pair. Command HistoryRelease Modification 18.2 Command introduced. ExamplesClear all session flow informationZero PPPoE statistics. clear pppoe statistics Command HistoryRelease Modification 15.3.3 Command introduced. ExamplesClear an installed proxy certificate and reset the control connections that are associated with the proxy (on vEdge routers only). clear reverse-proxy context Command HistoryRelease Modification 18.2 Command introduced. ExamplesClear the installed proxy certificate on a vEdge routerClear system-wide forwarding statistics. clear system statistics Command HistoryRelease Modification 14.1 Command introduced. ExamplesSet the time and date on the device. If you have configured NTP on the device, the NTP time overwrites the time and date that you set with the clock command. clock set date ccyy-mm-dd clock set time hh:mm:ss.sss Syntax Descriptionccyy-mm-dd Date: Set the date by specifying four-digit year, two-digit month, and two-digit day. The year can be from 2000 to 2060. hh:mm:ss.sss Time: Set the time by two-digit hour (using a 24-hour clock), two-digit minute, two-digit seconds, and an optional three-digit hundredths of seconds. Note You must set the time and date in a single command, but the order in which you specify them does not matter. Command HistoryRelease Modification 14.1 Command introduced. ExamplesConfirm or cancel a pending commit operation. You issue this commit command from operational mode. You establish a pending commit operation by using the commit confirmed configuration session management command. commit (abort | confirm) [persist-id id] Syntax Descriptionconfirm Confirm a Pending Commit Operation: Confirm a pending commit operation that was issued with the commit confirmed configuration command. You must confirm the commit operation with the time specified with the commit confirmed command; otherwise, the commit is canceled. abort Halt a Pending Commit Operation: Halt a pending commit operation that was issued with the commit confirmed command. This is the default operation for a pending commit operation. The commit is also canceled if the CLI session is terminated before you issue a commit confirm command. persist-id id Token to Identify the Pending Commit Operation: If you specified a token, id, when you initiated the pending commit operation, specify that token to either cancel or confirm the commit. Command HistoryRelease Modification 14.1 Command introduced. ExamplesHave the CLI automatically complete a command name when you type an unambiguous string and then press the space bar, or have the CLI list all possible completions when you type an ambiguous string and then press the space bar. complete-on-space (false | true) Syntax Descriptionfalse Do Not Perform Command Completion: Do not have the CLI perform command completion when you press the space bar. This is the default setting. true Perform Command Completion: Have the CLI perform command completion when you press the space bar. Command HistoryRelease Modification 14.1 Command introduced. 14.2 Default changed from true to false in Release 14.2. ExamplesEnter configuration mode for vEdge devices. In configuration mode, you are editing a copy of the running configuration, called the candidate configuration, not the actual running configuration. Your changes take effect only when you issue a commit command. Note Cisco IOS XE routers such as aggregation and integrated services routers should use the command config-transaction to enter configuration mode. The config terminal command is not supported on SD-WAN routers. config (exclusive | no-confirm | shared | terminal) Syntax Description(none) Edit a private copy of the running configuration. This private copy is not locked, so another user could also edit it at the same time. terminal Allow Editing from This Terminal Only: Edit a private copy of the running configuration. This private copy is not locked, so another user could also edit it at the same time. no-confirm Do Not Allow a Commit Confirmation: Edit a private copy of the running configuration and do not allow the commit confirmed command to be used to commit the configuration. exclusive Exclusive Edit: Lock the running configuration and the candidate configuration, and edit the candidate configuration. No one else can edit the candidate configuration as long as it is locked. shared Shared Edit: Edit the candidate configuration without locking it. This option allows another person to edit the candidate configuration at the same time. Command HistoryRelease Modification 14.1 Command introduced. ExamplesEnable and disable debugging mode for all or selected software function. Debug output is placed in the /var/log/tmplog/vdebug file on the local device. [no] debug all [no] debug aaa login (radius | tacacs) [no] debug bgp (all | events | fsm | ipcs | packets) vpn vpn-id [no] debug cflowd (cli | events | ipc | misc | pkt_tx) [level (high | low)] [no] debug chmgr all [no] debug cloudexpress (events | ftm | omp | rtm | ttm) [level (high | low)] [no] debug confd (developer-log [level (high | low)] | snmp) [no] debug config-mgr (events | pppoe | ra) [level (high | low)] [no] debug dbgd (events) [no] debug dhcp-client (all | events | packets) [no] debug dhcp-helper (all | events | packets) [no] debug fpm (all | config | dpi | policy | ttm) [no] debug ftm all[no] debug igmp (config | events | fsm | ipc | packets) [level (high | low)] [no] debug iked (all | confd | error | events | misc) [level (high | low)] [no] debug netconf traces[no] debug omp (all | events | ipcs | packets) [no] debug ospf (all | events | ipcs | ism | lsa | nsm | nssa | packets) vpn vpn-id [no] debug pim (auto-rp | events | fsm | ipcs | packets) [level (high | low)] vpn vpn-id [no] debug platform software sdwan tracker [no] debug resolver events [level (high | low)] [no] debug rtm (events | ipc | next-hop | packets | rib) vpn vpn-id [no] debug snmp events [level (high | low)] [no] debug sysmgr all [no] debug transport events [level (high | low)] [no] debug tcpd [level (high | low)] [no] debug ttm events [no] debug vrrp (all | events | packets) vpn vpn-id Syntax Description[no] debug all All: Control debugging for all software functions that can be debugged. [no] debug aaa login (radius | tacacs) AAA Login via RADIUS or TACACS: Control debugging for login attempts using RADIUS or TACACS. [no] debug bgp (all | events | fsm | ipcs | packets) vpn vpn-id BGP: Control debugging for BGP:
[no] debug cflowd (cli | events | ipc | misc | pkt_tx) [level (high | low)] Cflowd Traffic Flow Monitoring: Control debugging for cflowd:
[no] debug chmgr all Chassis Manager: Control debugging for the chassis manager. [no] debug cloudexpress (events | ftm | omp | rtm | ttm) [level (high | low)] Cloud OnRamp for SaaS: Control debugging for Cloud OnRamp for SaaS (formerly CloudExpress service).
[no] debug config-mgr (events | pppoe | ra) [level (high | low)] Configuration Manager: Control debugging for the configuration manager.
[no]debug dbgd events Debugger Process: Control debugging for the debugger process itself.
[no] debug dhcp-client (all | events | packets) DHCP Client: Control the debugging of Dynamic Host Configuration Protocol (DHCP) client activities.
[no] debug dhcp-helper (all | events | packets) DHCP Helper: Control the debugging of Dynamic Host Configuration Protocol (DHCP) helper activities.
[no] debug fpm (all | config | dpi | policy | ttm) Forwarding Policy Manager: Control debugging for the forwarding policy manager:
[no] debug ftm all[no] debug igmp (config | events | fsm | ipc | packets) [level (high | low)] Forwarding Table Manager: Control debugging for the forwarding table manager operations. [no] debug ftm all[no] debug igmp (config | events | fsm | ipc | packets) [level (high | low)] IGMP: Control debugging for IGMP.
[no] debug iked (all | confd | error | events | misc) [level (high | low)] IKE: Control debugging for the forwarding policy manager.
[no] debug netconf traces[no] debug omp (all | events | ipcs | packets) Netconf: Enable and disable Netconf activity to log all Netconf configuration messages between the local device and the vManage NMS. Netconf debug messages are logged to the /var/log/confd/netconf.trace file. [no] debug netconf traces[no] debug omp (all | events | ipcs | packets) OMP: Control the debugging of OMP.
[no] debug ospf (all | events | ipcs | ism | lsa | nsm | nssa | packets) vpn vpn-id OSPF: Control the debugging of OSPF.
[no] debug pim (auto-rp | events | fsm | ipcs | packets) [level (high | low)] vpn vpn-id PIM: Control debugging for PIM.
[no] debug platform software sdwan tracker Service chaining: (Cisco IOS XE SD-WAN devices) Display the service log for the tracker, which probes service devices periodically to test whether the devices are reachable. [no] debug resolver events [level (high | low)] Resolver: Control debugging for all resolver process events. The resolver process handles a plethora of tasks, including tracking ARP, MAC addresses, DNS, and connected interfaces.
[no] debug rtm (events | ipc | next-hop | packets | rib) vpn vpn-id Route Table Manager: Control debugging for the route table manager.
[no] debug snmp events [level (high | low)] SNMP: Control debugging for all SNMP events.
[no] debug sysmgr all System Manager: Control debugging for the system manager. [no] debug tcpd [level (high | low)][no] debug ttm events TCP Optimization Process: Control debugging for TCP optimization.
[no] debug transport events [level (high | low)] Transport Process: Control debugging for all vtracker transport process events. The vtracker process pings the vBond orchestrator every second.
[no] debug ttm events Tunnel Table Manager: Control debugging for all tunnel table manager events. [no] debug vrrp (all | events | packets) vpn vpn-id VRRP: Control debugging for the Virtual Router Redundancy Protocol (VRRP).
Command HistoryRelease Modification 14.1 Command introduced. 16.3 Starting with Release 16.3, output is placed in the /var/log/tmplog/vdebug file, not the /var/log/vdebug file. Cisco IOS XE Release 17.3.1a Added debug platform software sdwan tracker . To enable packet tracing on Cisco vEdge devices, use the debug packet-trace condition command in privileged EXEC mode. debug packet-trace condition [ start | stop ] [bidirectional ] [circular ] [ destination-ip ip-address ] [global-stat ] [ ingress-if interface ] [logging ] [ source-ip ip-address ] [ vpn-id vpn-id ] Syntax Descriptionbidirectional(Optional) Enables bidirectional flow debug for source IP and destination IP. circular(Optional) Enables circular packet tracing. In this mode, the 1024 packets in the buffer are continuously over-written. clear(Optional) Clears all debug configurations and packet tracer memory. destination-ip(Optional) Specifies destination IPv4 address. global-stat(Optional) Specifies the match on select global statistic counter name. ingress-if(Optional) Specifies ingress interface name. Note: It is must to choose VPN to configure the interface. logging(Optional) Enables packet tracer debug logging. source-ip(Optional) Specifies source IP address. start(Optional) Starts conditional debugging. stop(Optional) Stops conditional debugging. vpn-id(Optional) Enables packet tracing for the specified VPN. Command DefaultNone Command ModesPrivileged EXEC (#) Command HistoryReleaseModificationCisco SD-WAN Release 20.5.1 This command was introduced. Cisco SD-WAN Release 20.8.1 A new keyword global-stat is added. Usage GuidelinesThe parameters after the keywords start and stop in the command syntax can be configured in any order. ExampleThe following example shows how to configure conditions for packet tracing: Enable and disable debugging mode for vdaemon software function. Debug output is placed in the /var/log/tmplog/vdebug file on the local device. debug vdaemon { all | confd | error | events | hello | misc | packets } [ high | low ] no debug vdaemon { all | confd | error | events | hello | misc | packets } [ high | low ] Syntax Description{all | confd | error | events | hello | misc | packets} {high | low}vDaemon Process: Control debugging for vDaemon, the Cisco SD-WAN software process:
Command HistoryReleaseModification14.1 Command introduced. 16.3 Starting with Release 16.3, output is placed in the /var/log/tmplog/vdebug file, not the /var/log/vdebug file. Cisco SD-WAN Release 20.5.1 Added hello keyword for debug vdaemon command. Enable and disable debugging mode for vdaemon software function. Debug output is placed in the /var/log/tmplog/vdebug file on the local device. debug vdaemon peer public-ip ip-address public-port port-address facility { all | confd | error | events | hello | misc | packet } level { high | low } no debug vdaemon peer public-ip ip-address public-port port-address facility { all | confd | error | events | hello | misc | packet } level { high | low } Syntax Descriptionpublic-ip ip-addressSpeicifes peer public ip address. public-port port-addressSpecifies peer public port address. Range: 0 to 65535 facility{all | confd | error | events | hello | misc | packet}Facility: Control debugging of miscellaneous vdaemon actions:
Set the detail of the comments logged by the debugging operation. The default level, low , provides comments sufficient to help you understand the actions that are occurring. The level high provides greater detail for the live debugging that might typically be performed by the Cisco engineering team. Command HistoryRelease Modification Cisco SD-WAN Release 20.5.1 This command was introduced. The following is a sample output for debug vdaemon peer command. Verbose logs for a particular peer can be enabled, and hello log is displayed: Display the contents of a file on the Cisco SD-WAN device. file show filename Syntax Descriptionfilename Name of a Directory: Name of a file on the Cisco SD-WAN device. Command HistoryRelease Modification 14.1 Command introduced. ExamplesSet the number of history items that the CLI tracks in operational mode. show history number Syntax Descriptionshow history number Number of History Items: Set the number of commands tracked by the CLI history. number can be a value from 0 through 1000. The default is 100 commands. To disable the history feature, set the number to 0. no history Return to Default Number of History Items: Restore the default history queue length of 100 commands. Command HistoryRelease Modification 14.1 Command introduced. ExamplesSet how long the CLI is inactive on a device before the user is logged out. If a user is connected to the device via an SSH connection, the SSH connection is closed after this time expires. idle-timeout seconds Syntax Descriptionidle-timeout seconds Timeout Value: Number of seconds that the CLI is idle before the user is logged out of the CLI. A value of 0 (zero) sets the time to infinity, so the user is never logged out. Range: 0 through 8192 seconds. Default: 1800 seconds (30 minutes). Command HistoryRelease Modification 14.1 Command introduced. ExamplesStop a job that is monitoring a file on the local device. This command is the same as the UNIX kill command. job stop job-number Syntax Descriptionjob-number Job Number: Number of the job to stop. This number is in the JOBS column in the show jobs command output. Command HistoryRelease Modification 15.4 Command introduced. ExamplesStop the job that is monitoring a fileTerminate the current CLI session, a specific CLI session, or the session of a specific user. logout [session session-number] [user username] Syntax Description(none) Terminate the current CLI session. session session-number Specific Session: Terminate a specific CLI session. user username Specific User: Terminate the CLI session of a specific user. Command HistoryRelease Modification 14.1 Command introduced. ExamplesTo monitor and control the event trace function for a Cisco SD-WAN subsystem, use the monitor event-trace command in the privileged EXEC mode. Event trace provides the functionality to capture the SD-WAN traces between the viptela daemons and SD-WAN subsystems. monitor event-trace sdwan { clear | continuous | disable | dump | | enable | one-shot } Syntax Descriptionsdwan Name of the Cisco SD-WAN subsystem that is the subject of the event trace. To get a list of components that support event tracing, use the monitor event-trace ? command. clear Clears existing trace messages for the specified component from memory on the networking device. continuous Displays the latest event trace entries. disable Turns off event tracing for the specified component. dump The trace messages are saved in binary format. enable Enables event tracing for the specified component. one-shot Clears any existing trace information from memory, starts event tracing again, and disables the trace when the trace reaches the size specified. Command DefaultThe event trace function is disabled by default. Command ModesPrivileged EXEC Global Configuration Mode Command HistoryRelease Modification Cisco IOS XE Release 17.2.1r This command was introduced. Usage GuidelinesThe amount of data collected from the trace depends on the trace message size configured using the monitor event-trace command in global configuration mode for each instance of a trace. Use the show monitor event-trace command to display trace messages. Use the monitor event-trace sdwan dump command to save trace message information for a single event. By default, trace information is saved in binary format. The following example shows the privileged EXEC commands to stop event tracing, clear the current contents of memory, and reenable the trace function for the component. This example assumes that the tracing function is configured and enabled on the networking device. The following example shows how the monitor event-trace one-shot command accomplishes the same function as the previous example except in one command. In this example, once the size of the trace message file has been exceeded, the trace is terminated. The following example shows the command for writing trace messages for an event in binary format. In this example, the trace messages for the SD-WAN component are written to a file. Begin monitoring a file on the local device. When a file is monitored, any logging information is displayed on the console as it is added to the file. monitor start filename Syntax Descriptionfilename Filename To Monitor: Name of the file to monitor. Command HistoryRelease Modification 15.4 Command introduced. ExamplesStart and stop monitoring a file, and view the files that are being monitoredStop monitoring a file on the local device. When a file is monitored, any logging information is displayed on the console as it is added to the file. monitor stop filename Syntax Descriptionfilename File to Monitor: Name of the file to monitor. Command HistoryRelease Modification 15.4 Command introduced. ExamplesStart and stop monitoring a file, and view the files that are being monitoredPerform a DNS lookup. nslookup [vpn-id vpn-id] dns-name Syntax Descriptiondns-name DNS Name: Perform a DNS lookup to map a fully qualified domain name to one or more IP addresses. dns-name can be a hostname string, or an IPv4 or IPv6 address. vpn-id vpn-id VPN: Specify the VPN into which to send the ping packets. If you omit the VPN identifier, the default is VPN 0, which is the transport VPN. Command HistoryRelease Modification 14.1 Command introduced. 16.3 In Release 16.3, added support for IPv6 addresses in VPN 0. ExamplesControl the pagination of command output. paginate (false | true) Syntax Descriptionfalse Display Command Output Continuously: Display all command output continuously, regardless of the CLI screen height. true Paginate Command Output:Display all command output one screen at a time. To display the next screen of output, press the space bar. Pagination is the default setting. Command HistoryRelease Modification 14.1 Command introduced. ExamplesVerify that a network device is reachable on the network, by sending ICMP ECHO_REQUEST packets to them. This command is effectively identical to the standard UNIX ping command. ping (hostname | ip-address) ping vpn vpn-id (hostname | ip-address) ping [count number] [rapid] [size bytes] [source (interface-name | ip-address)] [wait seconds] vpn vpn-id (hostname | ip-address) Syntax Description(hostname | ip-address) Device to Ping: Name or IPv4 or IPv6 address of the host to ping. For an IPv4 address in a service VPN, you can ping the primary and the secondary addresses. count number Number of Ping Requests to Send: Number of ping requests to send. If you do not specify a count, the command operates until you interrupt it by typing Control-C. rapid Rapid Pinging: Send five ping requests in rapid succession and display abbreviated statistics, only for packets transmitted and received, and percentage of packets lost. size bytes Size of Ping Request Packets: Size of the packet to send. Default: 64 bytes (56 bytes of data plus 8 bytes of ICMP header). source (interface-name | ip-address) Source of Ping Packets: Interface or IP address from which to send to ping packets. You cannot specify the loopback0 interface in this option. wait seconds Time to Wait between Each Ping Packet: Time to wait for a response to a ping packet. Default: 1 second. vpn vpn-id VPN in which to Ping: Specify the VPN into which to send the ping packets. Command HistoryRelease Modification 14.1 Command introduced. 16.3 Added support for IPv6 host addresses in VPN 0. 17.2.2 Added support for pinging secondary IPv4 addresses. ExamplesSet the operational prompt. prompt1 string Syntax Descriptionstring Operational Prompt: Set the operational prompt. The prompt can contain regular ASCII characters and the following special characters. Enclose the entire string in quotation marks:
Command HistoryRelease Modification 14.1 Command introduced. ExamplesSet the configuration mode prompt. prompt2 string Syntax DescriptionstringOperational Prompt: "string" Set the operational prompt. The prompt can contain regular ASCII characters and the following special characters. Enclose the entire string in quotation marks:
Command HistoryRelease Modification 14.1 Command introduced. ExamplesReboot the Cisco SD-WAN device. Any user can issue the reboot command, but the underlying logging mechanism does not log the user name. If you subsequently issue a show reboot history command, it shows that the reboot request was issued by an unnamed user. Note You cannot issue the reboot command while a software upgrade is in progress. reboot [now] reboot other-boot-partition [no-sync] Syntax Description(none) Reboot the device. The software prompts you to confirm that you really want to reboot. now Reboot Immediately: Reboot the device immediately, with no prompt asking you to confirm that you want to reboot. other-boot-partition Reboot and Use the Software Image on the Other Disk Partition: (Available in releases 15.3 and earlier.) When rebooting the device, start the software image that is installed on the other disk partition. The software prompts you to confirm that you really want to reboot. If the other partition cannot be mounted or if the directory on the other partition is unreadable, an error message is displayed and the reboot operation is canceled. other-boot-partition no-sync Switch to the Other Software Image without Rebooting: (Available in releases 15.3 and earlier.) Switch to the software image that is installed on the other disk partition without rebooting the device. If the other partition cannot be mounted or if the directory on the other partition is unreadable, an error message is displayed and the switch operation is canceled. Command HistoryRelease Modification 14.1 Command introduced. 14.2 Starting with the 14.2 release, you cannot issue the reboot command when a software upgrade is in progress. 15.3 Starting with the 15.3 release, the reboot other-boot-partition command prompts for confirmation. 15.4 Starting with 15.4 release, the reboot other-boot-partition command is replaced with the request software activate command. ExamplesRebootshow boot-partitionreboot other-boot-partitionReset the account of a user whose account is locked. An account becomes locked when the user can no longer log in to a Cisco SD-WAN device. request aaa unlock-user username Syntax Descriptionusername Account To Reset: Name of the user account. NoteYour account gets locked even if no password is entered multiple times. When you do not enter anything in the password field, it is considered as invalid or wrong password. Command HistoryRelease Modification 15.4 Command introduced. ExamplesvManage EquivalentCollect system status information in a compressed tar file, to aid in troubleshooting and diagnostics. This tar file, which is saved in the user's home directory, contains the output of various commands and the contents of various files on the local device, including syslog files, files for each process (daemon) running on the device, core files, and configuration rollback files. For aid in troubleshooting, send the file to Cisco SD-WAN customer support. If your Cisco SD-WAN device contains a large number of crash log files, it might take a few minutes for the request admin-tech command to complete. On a single device, you can run only one request admin-tech command at a time. If a command is in progress, the device does not let a second one start. When a process (daemon) on a Cisco SD-WAN device fails and that failure results in the device rebooting, the device automatically runs a request admin-tech exclude-cores exclude-logs file before the the device is rebooted. To retrieve the admin-tech file from the Cisco SD-WAN device, use SCP. To do this, you must have login access to the device. To copy the file from the Cisco SD-WAN device, enter the shell from the Cisco SD-WAN CLI and issue a command in the following format: request admin-tech [delete-filename filename] [exclude-cores] [exclude-logs] [exclude-tech] Tools ► Operational Commands ► Select device ► More Actions icon ► Admin Tech Syntax Description(none) Collect all system status information, including core files, log files, and the process (daemon) and operational-related files that are stored in the /var/tech directory on the local device. exclude-cores Do Not Include Core Files: Do not include any core files in the compressed tar file. Core files are stored in the /var/crash directory on the local device. exclude-logs Do Not Include Log Files: Do not include any log files in the compressed tar file. Log files are stored in the /var/log directory on the local device. exclude-logs Do Not Include Process-Related Files: Do not include any process (daemon) and operational-related files in the compressed tar file. These files are stored in the /var/tech directory on the local device. Command HistoryRelease Modification 14.1 Command introduced. 16.1 Added support for running only one request admin-tech command at a time. 16.3 Added delete-file-name, exclude-cores, exclude-logs, and exclude-tech options. 17.1 Added automatic collection of admin-tech information after a process fails. ExamplesCreate an admin tech file and copy it to a user's home directory on a host in the network. For the SCP command, you must specify the full pathname of where to place the copied file.Install a certificate on the Cisco SD-WAN device (on vSmart controllers and vBond orchestrators only). request certificate install file-path [vpn vpn-id] Syntax Descriptionfile-path Path to Certificate File: Install the certificate in specified filename. The file can be in a your home directory on the local device, or it can be on a remote device reachable through VPN 0 and using FTP, HTTP, SCP, or TFTP. If you are using SCP, you are prompted for the directory name and filename. No file path name is provided. file-path can be one of the following:
vpn vpn-id Specific VPN: VPN in which the certificate file is located. When you include this option, one of the interfaces in the specified VPN is used to retrieve the file. The interfaces on a vSmart controller are only in VPN 0, the VPN reserved for the control plane, so you can omit this option because vSmart images are always retrieved from VPN 0. Command HistoryRelease Modification 14.1 Command introduced. Install a vSmart software image on a vSmart controller container host (on vSmart controller container hosts only). request container image install filename [vpn vpn-id] Syntax Descriptionfilename Name of vSmart Software Image: Install the vSmart controller software image in the specified filename. The file can be in your home directory on the local device, or it can be on a remote device reachable through FTP, HTTP, SCP, or TFTP. If you are using SCP, you are prompted for the directory name and filename. No file path name is provided. filename has the format viptela-release-number-x86_64.tar.gz. vpn vpn-id When you include this option, one of the interfaces in the specified VPN is used to retrieve the software image. The interfaces on a vSmart controller are only in VPN 0, the VPN reserved for the control plane, so you can omit this option because vSmart images are always retrived from VPN 0. When you include this option, one of the interfaces in the specified VPN is used to retrieve the software image. The interfaces on a vSmart controller are only in VPN 0, the VPN reserved for the control plane, so you can omit this option because vSmart images are always retrived from VPN 0. Command HistoryRelease Modification 16.2 Command introduced. Create a temporary tunnel to use when debugging a failed control connection (on vEdge routers only). One case when you might want to create a temporary tunnel is when a control connection fails to come up because of firewall rules or NAT issues. The Cisco SD-WAN software's forwarding process drops failed connections, so creating a temporary one allows you to triage the problem. request control-tunnel add local-private-ip ip-address local-private-port port-number remote-public-ip ip-address remote-public-port port-number Syntax Descriptionlocal-private-port ip-address port-number Local Private IP Address and Port Number: Private IP address and port number for the local side of the tunnel connection. port-number can be a value from 0 through 65535. remote-public-ip ip-address remote-public-port port-number Remote Public IP Address and Port Number: Public IP address and port number for the remote side of the tunnel connection. can be a value from 0 through 65535. port-number Command HistoryRelease Modification 16.1 Command introduced. ExamplesDelete a temporary tunnel that you created to debug a failed control connection (on vEdge routers only). One case when you might want to create a temporary tunnel is when a control connection fails to come up because of firewall rules or NAT issues. The Cisco SD-WAN software's forwarding process drops failed connections, so creating a temporary one allows you to triage the problem. request control-tunnel delete local-private-ip ip-address local-private-port port-number remote-public-ip ip-address remote-public-port port-number Syntax Descriptionlocal-private-ip ip-address local-private-port port-number Local Private IP Address and Port Number: Private IP address and port number for the local side of the tunnel connection. port-number can be a value from 0 through 65535. remote-public-ip ip-address remote-public-port port-number Remote Public IP Address and Port Number: Public IP address and port number for the remote side of the tunnel connection. port-number can be a value from 0 through 65535. Command HistoryRelease Modification 16.1 Command introduced. Send the certificate serial number of a vManage NMS or a vSmart controller to the vBond orchestrator (on vManage NMSs only). request controller add serial-num number Syntax Descriptionnumber Serial Number: Certificate serial number to send to the vManage or vSmart controller. Command HistoryRelease Modification 15.4 Command introduced to replace the request vsmart add serial-num command. Usage GuidelinesNote The request controller add serial-num command to add serial numbers is not supported on Cisco SD-WAN 20.x releases as changes are not persistent across reboots. You can add serial numbers through Cisco vManage. For more details on controller serial numbers, see . request controller delete serial-num—Delete a vSmart serial number from the vSmart controller serial number file on the local device. request controller delete serial-num number Syntax Descriptionnumber Serial Number: vSmart serial number to delete from the vSmart serial number file on the local device. Command HistoryRelease Modification 15.4 Command introduced to replace the request vsmart delete serial-num command. Usage GuidelinesNote The request controller delete serial-num command to delete serial numbers is not supported on Cisco SD-WAN 20.x releases as changes are not persistent across reboots. You can delete serial numbers through Cisco vManage. request controller-upload serial-file—Upload the controller certificate serial number file to the local device (on vManage NMSs only). The local device retains these serial numbers even after you reboot it. request controller-upload serial-file filename [vpn vpn-id]Syntax Descriptionfilename Name of Certificate File: Install the specified file containing the list of serial numbers for the vManage NMSs and vSmart controllers in the overlay network. The file can be in your home directory on the local device, or it can be on a remote device reachable through FTP, HTTP, SCP, or TFTP. If you are using SCP, you are prompted for the directory name and filename. No file path name is provided. vpn vpn-id Specific VPN: VPN in which the certificate file is located. When you include this option, one of the interfaces in the specified VPN is used to retrieve the file. The interfaces on a vSmart controller are only in VPN 0, the VPN reserved for the control plane, so you can omit this option because vSmart images are always retrieved from VPN 0. Command HistoryRelease Modification 15.4 Command introduced to replace the request vsmart-upload serial-file command. request csr upload—Upload a certificate signing request (CSR) to the Cisco SD-WAN device (on vSmart controllers and vBond orchestrators only). request csr upload path [regen-rsa] [regen-uuid] [vpn vpn-id]Syntax Descriptionpath Path to Certificate File: Upload the CSR in the file at the specified path. The path can be in a directory on the local device or on a remote device reachable through FTP, HTTP, SCP, or TFTP. If you are using SCP, you are prompted for the directory name and filename. No file path name is provided. regen-rsa (Optional) Regenerate RSA Key Pair: Generate a new RSA public-private key pair. The RSA key pair is stored in the server.key file in the /usr/share/viptela directory on the local device. regen-uuid (Optional) Regenerate UUID: Generate a new CSR with a unique UUID that is different from the previous UUID. You can specify this option only on a vBond orchestrator virtual machine (VM). The option is not available on vEdge router hardware, because the router's UUID is its chassis number. vpn vpn-id (Optional) Specific VPN: VPN in which the CSR file is located. When you include this option, one of the interfaces in the specified VPN is used to retrieve the file. The interfaces on a vSmart controller are only in VPN 0, the VPN reserved for the control plane, so you can omit this option because vSmart images are always retrieved from VPN 0. Command HistoryRelease Modification 14.1 Command introduced. 14.2 Added the org-name and regen-rsa options. 15.3Removed the org-name option. The command now prompts for the organization name. 17.1 Added support for multitenancy. ExamplesWhen the vBond orchestrator or vSmart controller is part of a software multitenant architecture, the command also prompts for the service provider organization name.request device—Add or delete a vEdge router chassis number on the vBond orchestrator that is acting as a ZTP server. request device add chassis-number number strong>serial-numbernumber validity [invalid | valid] vbond ip-address org-name name [port port-number] [enterprise-root-ca path] request device delete chassis-number number chassis-number number Chassis Number: vEdge router chassis number. validity invalid | valid Device Validity: Whether the vEdge router is allowed to join the overlay network (valid) or is not allowed (invalid). enterprise-root-ca path Enterprise Root CA: Path to the enterprise root CA. The path can be an HTTP, FTP, or TFTP path. org-name name Organization Name: Name of your organization as specified in the device certificates. port port-number Port on the vBond Orchestrator: Port to use on the vBond orchestrator to reach the WAN network. strong>serial-numbernumber Serial Number: vEdge router serial number. Command HistoryRelease Modification 14.3 Command introduced. Examplesrequest device—Add vEdge router chassis numbers by uploading a file that contains the device information onto the vBond orchestrator that is acting as a ZTP server. request device-upload chassis-file file-path [vpn vpn-id]chassis-file file-path Filename: Name of a CSV file containing the chassis information required by the ZTP server. file-path can be one of the following:
Each row in the CSV file must contain the following information for each vEdge router:
file-path vpn vpn-id VPN: vpn vpn-id VPN in which the remote server is located. Command HistoryRelease Modification 14.3 Command introduced. ExamplesThe following example uploads the device information from the local router. Here, the root CA path is omitted, but the comma preceding its value is required.request download—Download a software image or other file to the Cisco SD-WAN device (on vEdge routers and vSmart controllers only). request download [vpn vpn-id] filenameSyntax Descriptionfilename Name of Software Image or File: Download a software image or other file to the local Cisco SD-WAN device. The file can be on a remote device reachable through FTP, HTTP, HTTPS, SCP, or TFTP. If you are using SCP, you are prompted for the directory name and filename; no file path name is provided. The file is placed in your home directory on the local device. vpn vpn-id Specific VPN: VPN in which the remote device containing the file to be downloaded is located. When you include this option, one of the interfaces in the specified VPN is used to retrieve the software image. Command HistoryRelease Modification 15.3.3 Command introduced on vEdge 100 routers. 15.4 Available on all routers and on vSmart controllers. request execute—Execute a shell command from within the Cisco SD-WAN CLI. request execute [vpn vpn-id] command (in Releases 15.4 and later) request execute [vpn vpn-id] "command" (in Releases 15.3 and earlier) Syntax Descriptioncommand Command: Run the specified command in the UNIX shell while still remaining in the Cisco SD-WAN CLI. In Releases 15.3 and earlier, you must enclose the command within quotation marks. vpn vpn-id VPN: Specific to the VPN in which to execute the command. The default vpn-id is VPN 0. Command HistoryRelease Modification 14.1 Command introduced. 15.4 Enclosing the shell command in quotation marks is no longer necessary. ExamplesTo open an SSH connection from a vManage NMS to an IOS XE router, you must specify the port number, which is 830: How many packets per minutes are required to keep two machines synchronized to an accuracy of a millisecond of each other?NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other.
Which command should you use when configuring the ISP interface on the router?The ISP dictates that the router use DHCP to receive its IP address and other configuration information. Which command should you use? Ip address dhcp.
What is the router that provides clocking when connecting two routers in a back to back configuration through their serial ports called?Serial interfaces on the router are typically a removable card called a WAN interface card (WIC). The CSU is a device that provides the clocking function. This function physically controls the speed and timing that the router's serial interfaces use to send and receive bits over the serial cable.
Which tool can be used to verify network layer connectivity?1. Ping. The most commonly used network tool when network troubleshooting is the ping utility. This utility is used to provide a basic connectivity test between the requesting host and a destination host.
|
