Runs the tcpdump packet analyzer and prints out a description of the contents of packets on a specified network interface that match the boolean expression.

string

Specifies an existing interface match string as an alaphanumeric stirng of 0 through 80 characters.

Connects to a remote host using the terminal-remote host protocol and a hostname or IPv4 address and port number.

host_name | host_ipv4_address

Identifies the remote node with which to attempt connection.

host_name : specifies the remote node using its logical host name which must be resolved via DNS lookup.

host_ipv4_address : specifies the remote node using its assigned IP address entered using the IPv4 dotted-decimal notation.

port port_num

Specifies a specific port for connect connection as an integer from 1025 through 10000.

Connects to a remote host using the terminal-remote host protocol and a hostname or an IPv6 address and port number.

host_name | host_ipv6_address

Identifies the remote node with which to attempt connection.

host_name : specifies the remote node using its logical host name which must be resolved via DNS lookup.

host_ipv6_address : specifies the remote node using its assigned IP address entered using the IPv6 colon-separated-hexadecimal notation.

port port_num

Specifies a specific port for connect connection as an integer from 1025 through 10000.

Sets the number of rows or columns for display output.

length lines | width characters

length lines : sets the terminal length in number of lines (rows) of text from 5 to 4294967295 lines or the special value of 0 (zero). The value 0 sets the terminal length to infinity.

width characters : sets the terminal width in number of characters from 5 to 512 characters.

Tests the alarm capabilities of the chassis.

audible | central-office { critical | major | minor }

audible : Tests the internal alarm on the ASR 5500 System Status Card (SSC) for 10 seconds. The alarm status is returned to its prior state, such as if the audible alarm was enabled prior to the test, the alarm will again be enabled following the test.

central-office { critical | major | minor } : Tests the specified central office alarm type.

Tests for Virtual Access Point Names (VAPNs) in GGSN networks.

msisdn range | imsi range

msisdn range : Tests VAPNs within a range of previously specified Mobile Subscribers Integrated Services Digital Network (MSISDN) identifiers.

imsi range : Tests VAPNs within a range of previously specified International Mobile Subscriber Identity (IMSI) numbers.

Tests the status of the Intelligent Policy Control Function (IPCF) BindMux Manager instance and also starts or stops the BindMux Manager instance on the chassis.

start

Starts the IPCF BindMux Manager on the chassis. If already an instance of IPCF BindMux Manager is running it prompts accordingly.

stop

Stops the IPCF BindMux Manager instance running on the chassis.

Tests a specified IPSec tunnel associated with an IP pool name.

pool_name destination-ip ip_address

ip pool pool_name : Specifies the name of an existing IP pool as an alphanumeric string of 1 through 32 characters.

destination-ip ip_address : Specifies a destination IP address in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation

Tests for the existence of a specified mobile tunnel.

callid call_id

Specifies the exact call instance ID which is to have trace data logged.as a 4-byte hexadecimal number.

imsi imsi_value

Specifies the International Mobile Subscriber Identity (IMSI) of the subscriber session to be monitored an integer from 1 though 15 characters.

ipaddr ip_address

Specifies the IP address of the subscriber session to be monitored in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

msid msid_num

Specifies the mobile subscriber identification number to be monitored as 7 to 16 digits of an IMSI, MIN, or RMI.

nai nai_value

Specifies the mobile session Network Access Identifier as an alphanumeric string of 1 through 256 characters. The NAI is the user identity submitted by the client during network access authentication.

Enables or disables the generation of a timestamp in response to each command entered. The timestamp does not appear in any logs as it is a CLI output only. This command affects the current CLI session only. Use the timestamps command in the Global Configuration Mode to change the behavior for all future CLI sessions.

no

Disables generation of timestamp output for each command entered. When omitted, the output of a timestamp for each entered command is enabled.

Collects information on the route data will take to a specified IPv4 host.

host_name | host_ip_address

Identifies the remote node to trace the route to.

host_name : specifies the remote node using its logical host name which must be resolved via DNS lookup.

host_ip_address : specifies the remote node using its assigned IP address entered using the IPv4 dotted-decimal notation.

count packets

Specifies the number of UDP probe packets to send. Default: 3

df

Indicates the packets for the tracing of the route should not be fragmented. If a packet requires fragmenting, it is dropped and the result is the ICMP response "Unreachable, Needs Fragmentation" is received.

maxttl max_ttl

Specifies the maximum time to live for the route tracing packets as an integer from 1 through 255. max_ttl must be greater than min_ttl whether min_ttl is specified or defaulted. Default: 30

The time to live (TTL) is the number of hops through the network; it is not a measure of time.

minttl min_ttl

Specifies the minimum time to live for the route tracing packets as an integer from 1 through 255. min_ttl must be less than max_ttl whether max_ttl is specified or defaulted. Default: 1

The time to live (TTL) is the number of hops through the network; it is not a measure of time.

port port_num

Specifies a specific port for connection as an integer from 1 through 65535. Default: 33434

size octet_count

Specifies the number of bytes for each packet as an integer from 40 through 32768. Default: 40

src { src_host_name | src_host_ip_address }

Specifies an IP address to use in the packets as the source node. Default: originating system's IP address

src_host_name : specifies the remote node using its logical host name which must be resolved via a DNS lookup.

src_host_ip_address : specifies the remote node using its assigned IP address specified entered using IPv4 dotted-decimal notation.

timeout seconds

Specifies the maximum time (in seconds) to wait for a response from each route tracing packet as an integer from 2 through 100. Default: 5

vrf vrf_name

Specifies the name of an existing virtual routing and forwarding (VRF) context associated with this route as an alphanumeric string of 1 through 63 characters. Associates a Virtual Routing and Forwarding (VRF) context with this static ARP entry.

grep grep_options | more

Pipes (sends) the output of this command to the specified command. You must specify a command to which the output of this command will be sent.

For details on the usage of grep and more , refer to the Regulating a Command's Output section of the Command Line Interface Overview chapter in this guide.

Collects information on the route data will take to a specified IPv6 host.

host_name | host_ipv6_address

Identifies the remote node to trace the route to.

host_name : specifies the remote node using its logical host name which must be resolved via DNS lookup.

host_ipv6_address : specifies the remote node using its assigned IP address entered using the IPv6 colon-separated-hexadecimal notation.

count packets

Specifies the number of UDP probe packets to send. Default: 3

maxttl max_ttl

Specifies the maximum time to live for the route tracing packets as an integer from 1 through 255. max_ttl must be greater than min_ttl whether min_ttl is specified or defaulted. Default: 30

The time to live (TTL) is the number of hops through the network; it is not a measure of time.

port port_num

Specifies a specific port for connection as an integer from 1 through 65535. Default: 33434

size octet_count

Specifies the number of bytes for each packet as an integer from 40 through 32768. Default: 40

src { src_host_name | src_host_ipv6_address }

Specifies an IP address to use in the packets as the source node. Default: originating system's IP address

src_host_name : specifies the remote node using its logical host name which must be resolved via a DNS lookup.

src_host_ipv6_address : specifies the remote node using its assigned IP address specified entered using IIPv6 colon-separated-hexadecimal notation.

timeout seconds

Specifies the maximum time (in seconds) to wait for a response from each route tracing packet as an integer from 2 through 100. Default: 5

vrf vrf_name

Specifies the name of an existing virtual routing and forwarding (VRF) context associated with this route as an alphanumeric string of 1 through 63 characters.

grep grep_options | more

Pipes (sends) the output of this command to the specified command. You must specify a command to which the output of this command will be sent.

For details on the usage of grep and more , refer to the Regulating a Command's Output section of the Command Line Interface Overview chapter in this guide.

Updates specified active charging option(s) for the matching sessions.

override-control rulebase-config

This keyword initiates batch processing of all active calls to apply Override Control (OC) or Inheritance after any rulebase changes, charging action changes and/or addition/deletion of ruledefs for all subscribers having OC or Inheritance feature enabled. Since this is the batch processing of all active calls, the command execution will be in the background even after the CLI command returns to the CLI prompt.

Important

Override Control is a license-controlled feature. A valid feature license must be installed prior to configuring this feature. For more information on the licensing requirements, contact your Cisco account representative. For more information on the command to enable this feature, refer to ACS Rulebase Configuration Mode Commands chapter in the Command Line Interface Reference.

Important

In this release, both Inheritance and the Override Control features are supported. Note that these two features should not be enabled simultaneously. If by mistake, these two features are enabled, only Override Control is applied.

In 17 and later releases, this CLI command is used to apply the overridden or inherited values after any ruledef, charging action and rulebase changes performed through the CLI commands in the respective configuration modes. This CLI command is necessary because the configuration changes are reflected immediately on any new PDN session that gets established. However, for the existing PDN sessions established before the configuration change, explicit execution of this CLI command is necessary. This will get all the PDN sessions in system in sync with respect to the required configuration changes.

Important

It is recommended that this CLI command is executed after all rulebase/charging action/ruledef changes are complete. So, this will help in one-time execution of the CLI to get all PDN sessions in sync.

Typically, this command is used whenever any rulebase, charging action or ruledef modification happens. Once this CLI command is executed, each subscriber will read the configuration and incorporate the rulebase or ruledef changes for Override Control. Until this CLI execution is complete, Inheritance or Override Control values will not be applied to the changes done in configuration for all existing calls. Charging and policy parameters configured at P-GW will apply during this period. Please follow recommended upgrade procedures to avoid this. For the upgrade procedure, contact your Cisco account representative.

In release 17, the batch processing will complete in 15 to 20 minutes depending on the call load in the system. In 18 and later releases, batch processing will complete in 1 to 3 minutes depending on the call load in the system.

If the override-control rulebase-config command has been issued multiple times, batch processing will be restarted and the latest rulebase/charging action/ruledef changes will be applied to all the active calls.

Important

In release 17, there was no restriction on the usage of the CLI command "update active-charging override-control rulebase-config " on a standby chassis. In release 18 and later, this CLI command is not allowed to be executed on the standby chassis.

switch-to-fw-and-nat-policy fw_nat_policy_name

Specifies an existing Firewall-and-NAT policy to switch to as an alphanumeric string of 1 through 63 characters.

switch-to-rulebase rulebase_name

Specifies an existing rulebase to switch to as an alphanumeric string of 1 through 63 characters.

switch-to-tpo-policy tpo_policy_name

Important

The Traffic Performance Optimization (TPO) in-line service is not supported in this release.

all

Updates rulebase/policy for all subscribers.

callid call_id

Updates rulebase/policy for the Call Identification number specified as an eight-digit hexadecimal number.

fw-and-nat-policy fw_nat_policy_name

Updates the rulebase/policy for sessions matching an existing Firewall-and-NAT policy specified as an alphanumeric string of 1 through 63 characters.

imsi imsi

Updates rulebase/policy for International Mobile Subscriber Identification (IMSI) specified here.

imsi must be 3 digits of MCC (Mobile Country Code), 2 or 3 digits of MNC (Mobile Network Code), and the rest with MSIN (Mobile Subscriber Identification Number). The total should not exceed 15 digits. For example, 123-45-678910234 can be entered as 12345678910234.

ip-address iP_address

Updates rulebase/policy for the IP address specified in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

msid msid

Updates rulebase/policy for an MSID specified as a string of 1 through 24 characters.

rulebase rulebase_name

Updates rulebase/policy for sessions matching an existing rulebase specified as an alphanumeric string of 1 through 63 characters.

tpo-policy tpo_policy_name

Important

The Traffic Performance Optimization (TPO) in-line service is not supported in this release.

username user_name

Updates rulebase/policy for user specified as a an alphanumeric of characters and/or wildcard characters ('$' and '*') of 1 through 127 characters.

-noconfirm

Executes the command without any additional prompt and confirmation from the user.

| { grep grep_options | more }

Pipes (sends) the output of this command to the specified command. You must specify a command to which the output of this command will be sent.

For details on the usage of grep and more , refer to the Regulating a Command's Output section of the Command Line Interface Overview chapter in the Command Line Interface Reference.

This command is obsolete.

When you update an IP Access list, this command forces the new version of the access list to be applied to any subscriber sessions that are currently using that list.

list_name

Specifies the name of an existing IP Access list that you want to apply to the subscriber as an alphanumeric string of 1 through 47 characters.

[ command_keyword ] [ filter_keywords ]

These are the same command keywords and filter keywords available for the show subscribers command.

-noconfirm

Executes the command without any additional prompt and confirmation from the user.

verbose

Show detailed information.

When you update an IP Access list, this command forces the new version of the access list to be applied to any subscriber sessions that are currently using that list.

list_name

Specifies the name of an existing IPv6 Access list that you want to apply to the subscriber as an alphanumeric string of 1 through 47 characters.

[ command_keyword ] [ filter_keywords ]

These are the same command keywords and filter keywords available for the show subscribers command.

-noconfirm

Executes the command without any additional prompt and confirmation from the user.

verbose

Show detailed information.

Updates the local user (administrative) database with current user information. Run this command immediately after creating, removing or editing administrative users.

Loads a specified plugin module from the Module Priority List with the lowest priority number. This will also copy the Module priority list onto the Version priority list. This function is associated with the patch process for accommodating dynamic software upgrades.

plugin_name

Specifies the name of an existing plugin module that you want to update as an alphanumeric string of 1 through 16 characters. If the named module is not known to the system, an error message is displayed.

Updates QoS profile information based on specific subscriber policy maps.

map_name

Specifies the name of an existing policy map as an alphanumeric string of 1 through 15 characters.

use-granted-profile-id id1 [ id2 ] [ id3 ]

Specifies the profile IDs to update. Up to three different profile IDs can be specified.

Each profile ID is specified as a hexadecimal value from 0x0 and 0xFFFF.

subscribers [ command_keyword ] [ filter_keywords ]

These are the same command keywords and filter keywords available for the show subscribers command.

[ -noconfirm ]

Updates matching subscribers without prompting for confirmation.

[ verbose ]

Displays details for the profile updates.

[ match-requested-profile-id ]

Sends session-updates only to profile-ids matching the profile-ids in the requested list.

grep grep_options | more

Pipes (sends) the output of this command to the specified command. You must specify a command to which the output of this command will be sent.

For details on the usage of grep and more , refer to the Regulating a Command's Output section of the Command Line Interface Overview chapter in this guide.

Updates the subscriber traffic flow template (TFT) associated with the flow ID and direction.

flow-id flow-id

Sends session updates only when the flow ID matches the flow-id and flow-direction. flow-id must be specified as an integer from 1 through 255.

flow-dir { forward | reverse }

Specifies the direction of the TFT flow.

subscribers [ command_keyword ] [ filter_keywords ] ]

These are the same command keywords and filter keywords available for the show subscribers command.

Updates database information for the specified Talos Security Intelligence server.

server_name

Specifies an existing Talos Intelligence Server name to be updated. server_name must be specified as a case-sensitive alphanumeric string from 1 through 31 characters.

force

Deletes the existing DB files before the Talos Intelligence server is queried. When this optional keyword is used, the latest files will always be downloaded and updated even if the system already has the most recent versions.

Upgrades the Static Rating Database (SRDB) for Category-based Content Filtering application.

upgrade content-filtering category database

Triggers the upgrade of the Category-based Content Filtering Static Rating Database (SRDB).

upgrade content-filtering category rater-pkg

Triggers manual upgrade of the Dynamic Content-Filtering Rater Package (rater.pkg file).

The rater.pkg file contains the models and feature counters that are used to return the dynamic content rating. The upgrade will trigger distribution of the rater.pkg to all the SRDBs.

Important

This command is customer specific. For more information, please contact your local sales representative.

This command allows you to upgrades a specified database.

uidh all

Upgrades UIDH databases.

uidh wl-url-host-db

Upgrades URL Host databases.

Upgrades the Tethering Detection feature's database(s).

all

Upgrades all Tethering Detection databases—OS, TAC and UA.

os-signature

Upgrades only the OS database.

tac

Upgrades only the TAC database.

ua-signature

Upgrades only the UA database.

- noconfirm

Executes the command without any prompts and confirmation from the user.

Upgrades the URL blockedlisting database.

-noconfirm

Executes the command without any additional prompt and confirmation from the user.