gRPC Commands

This module describes the commands used to use the gRPC Protocol to define network operations with data models.

For detailed information about gRPC concepts, configuration tasks, and examples, see the Use gRPC Protocol to Define Network Operations with Data Models in the Cisco 8000 Series Router module in the Programmability Configuration Guide for Cisco 8000 Series Routers.

gRPC encodes requests and responses in binary. gRPC is extensible to other content types along with Protobuf. The Protobuf binary data object in gRPC is transported over HTTP/2.

clear gnsi path authorization counters

To clear the gNSI path authorization counters, use the clear gnsi path authorization counters command in Global Configuration mode.

clear gnsi path authorization counters [ path XPath | server-name server-name ]

Syntax Description

XPath

Provide the XPath for which authorization counters can be cleared.

server-name

The server's IP address from where authorization counters can be cleared.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.2.11

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the clearing of gNSI path authorization counters on the router:

Router# clear gnsi path authorization counters
Router# 

grpc

To configure network devices and view operational data, use the grpc command in the XR Config mode. To remove the grpc protocol, use the no form of this command.

grpc { address-family | certificate-authentication | dscp | local-connection | max-concurrent-streams | max-request-per-user | max-request-total | max-streams | max-streams-per-user | tls-max-version | tls-min-version | no-tls | tlsv1-disable | tls-cipher | tls-mutual | tls-trustpoint | service-layer | vrf }

Syntax Description

address-family

Specifies the address family identifier type.

certificate-authentication

It enables certificate-based authentication.

dscp

Specifies QoS marking DSCP on transmitted gRPC.

local-connection

It enables grpc server over unix socket.

max-concurrent-streams

Specifies the limit on the maximum concurrent streams per gRPC connection to be applied on the server.

max-request-per-user

Specifies the maximum concurrent requests per user.

max-request-total

Specifies the maximum concurrent requests in total.

max-streams

Specifies the maximum number of concurrent gRPC requests. The maximum subscription limit is 128 requests. The default is 32 requests.

max-streams-per-user

Specifies the maximum concurrent gRPC requests for each user. The maximum subscription limit is 128 requests. The default is 32 requests.

tls-max-version

Specifies the maximum version that TLS supports. It supports 1.0, 1.1, 1.2, and 1.3

tls-min-version

Specifies the minimum version that TLS supports. It supports 1.0, 1.1, 1.2, and 1.3

no-tls

It disable transport layer security (TLS). The TLS is enabled by default.

tlsv1-disable

It disable TLS version 1.0

tls-cipher

It enable the gRPC TLS cipher suites.

tls-mutual

Specifies the mutual authentication.

tls-trustpoint

It configure trustpoint.

service-layer

It enable the grpc service layer configuration.

vrf

It enable server vrf.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

This command is supported on Cisco IOS XR 64-bit OS.

Task ID

Task ID

Operations

config-services

read

Examples

The following example shows how to enable gRPC over an HTTP/2 connection:


Router#configure
Router(config)#grpc
Router(config-grpc)#port <port-number>

gnmi

To create a gRPC listener with the default or IANA ratified gNMI port of 9339, use the gnmi command in Global Configuration Mode.

gnmi port portnum

Syntax Description

portnum

Specifies the server listening port for the gRPC service.

  • gNMI service port: default: 9339, range: 57344-57999

Command Default

None

Command Modes

Global Configuration Mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

Unconfiguring gNMI will disable requests on port 9339.

The allowed ports within this range are 9339 (IANA ratified port) and 57344-57999 (Linux application port range)

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to configure gNMI as a submode under gRPC and committing this configuration would create a gRPC listener with the default or IANA ratified gNMI port of 9339.

Router(config-grpc)gnmi
Router(config-grpc-gnmi)commit

Verify the submode configuration.

Router#show running-config grpc
grpc
  gnmi
!

The port command under gNMI submode allows the port to be modified in the port range or IANA ratified port.

Router(config-grpc)#gnmi
Router(config-grpc-gnmi)#port 9339
Router(config-grpc-gnmi)#commit

Verify the port number.

Router#show running-config grpc
grpc
  gnmi
    port 9339
!

grpc aaa accounting history-memory

To configure the maximum memory allocated for cached accounting history records, use the grpc aaa accounting history-memory command in the XR Config mode.

This command should be used in conjunction with the queue-size parameter to effectively limit the EMSD memory used by cached accounting history records. The approximate worst case memory usage would be (N+1)* history-memory, where N is the number of collectors connected.

grpc aaa accounting history-memory size

Syntax Description

size

Specifies the maximum memory allocated for cached accounting history records.

Command Default

The default size of the history memory is 40 MB. The size range is 1-400 MB.

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.4.1

The command was introduced.

Usage Guidelines

None

Task ID

Task ID Operation

config-services

read, write

Examples

This example configures the maximum memory allocated for cached accounting history records to the specified size.

Router(config)#grpc aaa accounting history-memory 20

This example displays the memory configuration specified in the previous example.

Router(config)#show
Tue Jul 23 06:12:38.693 UTC
!! Building configuration...
!! IOS XR Configuration 24.4.1.17I
grpc
 aaa accounting history-memory 20
!
end

RP/0/RP0/CPU0:ios(config)#commit
Tue Jul 23 06:12:41.336 UTC
Router(config)#

Use the show gnsi acctz statistics command to display the maximum queue size configured using the grpc aaa accounting queue-size command.

grpc aaa accounting queue-size

To configure the number of accounting records in a queue, use the grpc aaa accounting queue-size command in the XR Config mode.

grpc aaa accounting queue-size size

Syntax Description

size

Specifies the number of accounting history records in a queue. The default value is 40, and it ranges from 1—512.

Command Default

None

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.3.1

The command was introduced.

Usage Guidelines

None

Task ID

Task ID Operation

config-services

read, write

Examples

This example configures the maximum size for history record processing queues to the specified value.

Router# configure
Router(config)# grpc aaa accounting queue-size 30
Router(config)# end

Use the show gnsi acctz statistics command to display the specified queue size with the maximum history memory configured using the grpc aaa accounting history-memory command.

grpc max-concurrent-streams

To specify a limit on the number of concurrent streams per gRPC connection to be applied on the server, use the grpc max-concurrent-streams command in the XR Config mode. To restore the default value, use the no form of this command.

grpc max-concurrent-streams limit

Syntax Description

max-concurrent-streams limit

Specifies the limit on the number of concurrent streams per gRPC connection to be applied on the server. The range is from 1 to 128. The command default is 32.

Command Default

By default, the maximum concurrent streams per gRPC connection is 32.

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to set the limit of the number of concurrent streams per gRPC connection to 40:

Router#configure
Router(config)#grpc max-concurrent-streams 40

grpc certificate common-name

To allow the router (tunnel client) to dial out to a collector (tunnel server), use the grpc command in the XR Config mode. To remove the gRPC service, use the no form of this command.

grpc certificate common-name WORD

Syntax Description

WORD

Specifies the common name when certificate is generated, default: ems.cisco.com .

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to specify a common-name:

Router(config)#grpc
Router(config-grpc)#certificate common-name
Router(config-grpc)#commit

grpc tls-max-version

To configure the maximum supported TLS version, use the grpc tls-max-version command in the XR Config mode.

grpc tls-max-version limit

Syntax Description

tls-max-version version number

Specifies the maximum supported TLS version per gRPC connection.

TLS maximum version can be 1.0, 1.1, 1.2, or 1.3. The default maximum version for TLS is 1.3.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

You set the tlsv1-disable command to disable the TLS version 1.0. You can also achieve this by setting the tls-min-version to greater than 1.0.

From Release 24.1.1, the tlsv1-disable command is deprecated.

If you use the tlsv1-disable command, you can't use the tls-min-version and the tls-max-version commands.

If you use the tls-min-version and the tls-max-version commands, you can't use the tlsv1-disable command.

When you set the tlsv1-disable command, the tls-max-version command displays:
Invalid argument: Cannot set tls-min-version while tlsV1-disable is set.
When you configure the tls-max-version command, the tlsv1-disable command displays:

!!% Invalid argument: Cannot set tlsV1-disable while tls-min-version is set.
!!% tlsV1-disable CLI is deprecated.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to set the tls-max-version .

Router# configure
Router(config)# grpc tls-max-version 1.2
Router# end

grpc tls-min-version

To configure the minimum supported TLS version, use the grpc tls-min-version command in the XR Config mode.

grpc tls-min-version limit

Syntax Description

tls-min-version version number

Specifies the minimum supported TLS version per gRPC connection.

TLS minimum version can be 1.0, 1.1, 1.2, or 1.3. The default minimum version for TLS is 1.0.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

You set the tlsv1-disable command to disable the TLS version 1.0. You can also achieve this by setting the tls-min-version to greater than 1.0.

From Release 24.1.1, the tlsv1-disable command is deprecated.

If you use the tlsv1-disable command, you can't use the tls-min-version and the tls-max-version commands.

If you use the tls-min-version and the tls-max-version commands, you can't use the tlsv1-disable command.

When you set the tlsv1-disable command, the tls-min-version command displays:
Invalid argument: Cannot set tls-min-version while tlsV1-disable is set.
When you configure the tls-min-version command, the tlsv1-disable command displays:

!!% Invalid argument: Cannot set tlsV1-disable while tls-min-version is set.
!!% tlsV1-disable CLI is deprecated.

The tls-min-version can't be greater than tls-max-version .

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to set the tls-min-version .

Router#configure
Router(config)#grpc tls-min-version 1.2

grpc tunnel

To allow the router (tunnel client) to dial out to a collector (tunnel server), use the grpc tunnel command in the XR Config mode. To remove the gRPC tunnel service, use the no form of this command.

grpc tunnel { destination IP-address domain name | port port-ID | address-family ipv4 ipv6 | target address | source ipv4 virtual ipv6 virtual }

Syntax Description

destination IP-address or domain name

Specifies the gRPC tunnel destination.

port port-ID

Specifies the destination port.

address-family ipv4 or ipv6

Specifies the address-family (AF) for the returned addresses from DNS. Only applicable to domain name.

target address

Specifies the target name to register the tunnel service.

source ipv4 virtual or ipv6 virtual

Specifies the virtual IP address family.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 7.10.1

Keywords source ipv4 virtual address , source ipv6 virtual address , address-family ipv4 , and address-family ipv6 were added to this command.

Release 7.5.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to set up a virtual IPv4 or IPv6 or both as source address:

Router(config)#grpc
Router(config-grpc)#tunnel
Router(config-grpc-tunnel)#destination 192.168.0.1 port 59500
Router(config-grpc-tunnel-dest)#target xr
Router(config-grpc-tunnel-dest)#source ipv4 virtual address
Router(config-grpc-tunnel-dest)#source ipv6 virtual address
Router(config-grpc-tunnel-dest)#source-interface MgmtEth 0/RP0/CPU0/0

The following example shows how to set up FQDN as gRPC tunnel destination (IPv4):

Router#config
Router(config)#grpc
Router(config-grpc)#tunnel
Router(config-grpc-tunnel)#destination test.tunnel.dn port 59500
Router(config-grpc-tunnel-dest)#address-family ipv4 
Router(config-grpc-tunnel-dest)#target xr
Router(config-grpc-tunnel-dest)#commit

grpc p4rt

To enable programming the data plane elements using Programming Protocol-independent Packet Processors (P4) Runtime API, use the grpc p4rt command in the XR Config mode. To remove the P4Runtime API, use the no form of this command.

grpc p4rt

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to enable P4Runtime service:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# grpc p4rt
RP/0/RP0/CPU0:router(config-grpc-p4rt)# commit

grpc p4rt interface

To assign unique port identifiers to configure P4Runtime programming on the router, use the grpc p4rt interface command in the XR Config mode. To remove the P4Runtime port identifier configuration for the interfaces, use the no form of this command.

grpc p4rt interface type location port-id port-identifier

Syntax Description

type

Specifies the interface type. For more information, use the question mark (? ) online help function.

location

Specifies the physical or virtual interface in rack/slot/instance/port/breakout or rack/slot/interface/port format.

port-id port-identifier

Assigns a unique numeric identifier to each physical port on the router. The port ID is a unique 32-bit identifier. The range is 1 to 4294967039.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to configure the interfaces HundredGigE0/0/0/24, HundredGigE0/0/0/25 and HundredGigE0/0/0/26 with port IDs 3, 6 and 7 respectively for P4Runtime:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# grpc p4rt
RP/0/RP0/CPU0:router(config-grpc-p4rt)# location 0/0/CPU0 npu-id 0 device-id 1000000
RP/0/RP0/CPU0:router(config-grpc-p4rt)#location 0/0/CPU0 npu-id 1 device-id 1000001
RP/0/RP0/CPU0:router(config-grpc-p4rt)#location 0/1/CPU0 npu-id 2 device-id 1000002
RP/0/RP0/CPU0:router(config-grpc-p4rt)#location 0/1/CPU0 npu-id 3 device-id 1000011

grpc p4rt location

To assign unique identifiers for each Network Processing Unit (NPU) in the system to configure P4Runtime programming on the router, use the grpc p4rt location command in the XR Config mode. To remove the P4Runtime device identifier configuration for the NPUs, use the no form of this command.

grpc p4rt location node-id npu-id npu-identifier device-id device-identifier

Syntax Description

node-id

Specifies the card location on the specified node in rack/slot/module notation.

npu-id npu-identifier

Specifies the NPU identifier on the card. The npu-id is a unique value in the range of 0 to 7.

device-id device-identifier

Assigns a unique device identifier to each device in the system. The device-id is a unique 64-bit identifier. The range is 1 to 18446744073709551615.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to configure the NPU ID and device ID for nodes 0/0/CPU0 and 0/1/CPU0:


RP/0/RP0/CPU0:router## configure
RP/0/RP0/CPU0:router(config)# grpc p4rt
RP/0/RP0/CPU0:router(config-grpc-p4rt)# location 0/0/CPU0 npu-id 0 device-id 1000000
RP/0/RP0/CPU0:router(config-grpc-p4rt)# location 0/0/CPU0 npu-id 1 device-id 1000001
RP/0/RP0/CPU0:router(config-grpc-p4rt)# location 0/1/CPU0 npu-id 2 device-id 1000002
RP/0/RP0/CPU0:router(config-grpc-p4rt)# location 0/1/CPU0 npu-id 3 device-id 1000011

gnsi load service authorization policy

To instruct the router to load the service authorization policy file into its memory and update the policy, use the gnsi load service authorization policy command in Global Configuration Mode.

gnsi load service authorization policy file_path

Syntax Description

file-path

Specifies the path of the policy file.

Command Default

Enabled, by default

Command Modes

Global Configuration Mode

Command History

Release

Modification

Release 7.11.1

This command was introduced.

Usage Guidelines

A policy file which has no specified or the policy is invalid, the default behavior will transition to the zero-policy behavior. Zero-policy allows all gRPC services to all the users if their profiles are configured.

Task ID

Task ID Operation
config-services

read, write

Examples

This example shows how to activate the authorization policy test.json in the router.

Router(config)#gnsi load service authorization policy /disk0:/test.json
Successfully loaded policy

grpc gnsi service certz ssl-profile-id

To instruct the router to load the certz.proto, use the grpc gnsi service certz ssl-profile-id command in Global Configuration Mode. To disable the SSL profiles configured with certz.proto, use the no form of the command.

grpc gnsi service certz ssl-profile-id ssl-profile name

Syntax Description

ssl-profile name

Specifies the SSL-profile name for which certz. proto needs to be activated.

Command Default

None

Command Modes

Global Configuration Mode

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

If Certz. proto is not active, then gNOI cert.proto is taken into consideration. If niether certz.proto nor cert.proto is active, then TLS trustpoint's data is considered.

Task ID

Task ID Operation
config-services

read, write

Examples

This example shows how to activate the certz.proto in the router.

Router(config)#grpc gnsi service certz ssl-profile-id gNxI
Router(config)#commit

port (gRPC)

To set custom ports for gNMI, gRIBI, and P4RT services within the defined range, including default IANA ports like 9339, 9340, and 9559 (respectively), use the port command under the service submode.

port portnum

Syntax Description

portnum

Specifies the server listening port for the gRPC service.

  • gNMI service port: default: 9339, range: 57344-57999

  • gRIBI service port: default: 9340, range: 57344-57999

  • p4RT service port: default: 9559, range: 57344-57999

Command Default

None

Command History

Release

Modification

Release 24.1.1

This command was introduced.

Usage Guidelines

Disabling the port command will cause the service to use the default or IANA port.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to configure a port for any available gRPC service (gNMI, P4RT, gRIBI) :

For P4RT service:

Router(config-grpc)#p4rt
Router(config-grpc-p4rt)#port 9559
Router(config-grpc-p4rt)#commit

Verify the port number.

Router#show running-config grpc
grpc
  p4rt
    port 9559
!

script exec

To execute a script provided by Cisco, use the script exec command in XR EXEC mode.

script exec { auto-update file-name remote-server-path condition [ manual | on-run | schedule ] | file-name }

Syntax Description

auto-update

It enables routers to automatically update the local copy of the scripts with the latest copy of the scripts on the server.

manual

It enables routers to update the scripts at any specific time.

on-run

It enables routers to update the scripts during run time.

Only the exec scripts support the on-run option.

schedule

It enables routers to update the scripts at a scheduled time.

The schedule option does not support SCP protocol.

file-name

Specifies the file name of the script file. The script file must be in .py format.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.5.1

This command was introduced.

Usage Guidelines

The script EXEC command opens the script utility, which allows you to execute Cisco-supplied scripts. The script utility can read standard terminal input from the user if the script you run requires input from the user.


Note


The script utility is designed to run only Cisco-supplied scripts. You cannot execute script files that lack Cisco signatures or that have been corrupted or modified.


When you run the script, the script is downloaded and the checksum is automatically configured on the router.

  • If on-run option is configured, running the script run command downloads the script.

  • If manual option is configured, then you must run script update Exec command.

  • If schedule option is selected, then the script is automatically updated after the specified interval.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example displays sample3.py script is automatically updated from the remote server at http://10.23.255.205:


Router# configure
Router(config)# script exec auto-update sample3.py http://10.23.255.205 condition manual

show grpc certificate

To display the active gRPC certificate management policies on the router, use the show grpc certificate command in EXEC mode.

show grpc certificate

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC mode

Command History

Release

Modification

Release 24.1.1

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the active gRPC certificate management policies on the router. The below-mentioned command output is truncated version.

Router#show grpc certificate
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 32 (0x20)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=localhost,O=OpenConfig,C=US
        Validity
            Not Before: Nov  8 08:49:38 2023 GMT
            Not After : Mar 22 08:49:38 2025 GMT
        Subject: CN=ems,O=OpenConfig,C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:ea:6a:6c:25:be:9f:15:71:ce:74:89:03:ec:ef:
                    0b:3b:de:58:a8:7e:28:b8:cf:b3:82:91:b4:5c:42:
                    e7:d8:28:98:35:bd:35:60:a7:4e:f8:77:02:46:5f:
                    27:a4:16:cf:3c:e3:24:28:69:9c:22:1e:e3:52:96:
                    71:87:7c:40:0c:1f:dd:30:ea:dc:40:ca:93:00:54:
                    5e:de:20:54:5b:f4:2f:9f:19:6f:71:61:28:69:3d:
                    97:26:ab:e1:5f:53:3c:f1:a2:c3:14:f4:01:90:1a:
                    .
                    .
                    .
                    
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Authority Key Identifier: 
                keyid:0A:A8:9A:6A:23:34:AE:CA:96:00:2C:F3:04:38:14:E3:D4:8D:77:BD

            X509v3 Subject Alternative Name: 
                DNS, IP Address:64.103.223.56
    Signature Algorithm: sha256WithRSAEncryption
         b9:89:ec:60:3d:8d:7d:9c:dc:08:56:89:99:44:92:98:45:b6:
         97:ba:e3:e5:f2:48:b2:44:8d:db:23:bb:a1:c0:62:79:78:18:
         d7:55:f6:4a:67:5b:75:e0:c0:0b:52:51:07:36:d5:6c:c7:67:
         48:86:8d:dd:70:1c:9f:7c:a1:7b:aa:a5:4e:e1:ad:cf:4c:e5:
         81:db:92:cf:88:70:5a:1c:8d:de:0d:e8:b3:05:de:b9:04:4d:
         23:e1:de:66:e5:08:bd:2e:31:0a:07:a6:c0:00:3a:38:2f:00:
         .
         .
         .

show grpc services

Use the show grpc services command in the XR EXEC mode to display all gNSI and gRPC services with their release numbers on the router.

show grpc services

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 24.3.1

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

config-services

read

Examples

This example displays all gNSI and gRPC services with their release numbers on the router.

Router#show grpc services 
Tue Jul 23 00:07:20.406 UTC

Registered gRPC Services: 20
Service:                                                       Version:
grpc                                                           v1.64.0
gnmi                                                           v0.10.0
gnsi                                                           v1.4.5
attestz                                                        v0.2.0
bootz                                                          v0.3.1
gribi                                                          v0.1.1
p4runtime                                                      v1.4.0
gnoi.system                                                    v1.1.0
gnoi.bgp                                                       v0.1.0
gnoi.healthz                                                   v1.3.0
gnoi.factory_reset                                             v0.1.0
gnoi.mpls                                                      v0.1.0
gnoi.layer2                                                    v0.1.0
gnoi.diag                                                      v0.1.0
gnoi.file                                                      v0.1.0
gnoi.cert                                                      v0.2.0
gnoi.packet_link_qualification                                 v1.1.0
gnoi.os                                                        v0.1.4
gnoi.wavelength_router                                         v0.2.0
gnoi.otdr                                                      v0.1.0

Note


Starting with Cisco IOS XR Release 24.4.1, AcctzStream, which is a server-streaming service, replaces the existing bidirectional streaming service, Acctz, introduced in Cisco IOS XR Release 24.3.1.


show gnsi acctz statistics

To display the detailed statistics for GNSI Acctz accounting, use the show gnsi acctz statistics command in the XR EXEC mode.

This command provides these information:

  • per service counter

  • drop counter

  • rate of accounting events

  • history

  • connected collectors

  • collector per service record counters

show gnsi acctz statistics

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 24.3.1

The command was introduced.

Release 24.4.1

The command was modified to include counters and processing required at various stages.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

config-services

read, write

Examples

This example displays detailed statistics for GNSI Acctz accounting with the maximum history memory size specified in the grpc aaa accounting history-memory command and the maximum queue size specified in the grpc aaa accounting queue-size command configuration examples respectively.

Router#show gnsi acctz statistics
Tue Jul 23 05:59:28.755 UTC
Acctz History Buffer:
  Total Records                    : 80029
  Total History Truncation         : 0
    Grpc Service Records:
      GNMI                         : 80002
      GNOI                         : 0
      GNSI                         : 4
      GRIBI                        : 0
      P4RT                         : 0
      Unspecified                  : 0
    Cmd Service Records:
      Shell                        : 0
      Cli                          : 23
      Netconf                      : 0
      Unspecified                  : 0
  History snapshot:
    Max Memory Size                : 20 MB
    Memory Used                    : 0 MB
    Max Number Of Records          : 30
    Records Used                   : 30
gRPC Accounting Queue:
  Grpc services:
    GNMI                           : 80002 sent, 0 dropped, 0 truncated
    GNOI                           : 0 sent, 0 dropped, 0 truncated
    GNSI                           : 4 sent, 0 dropped, 4 truncated
    GRIBI                          : 0 sent, 0 dropped, 0 truncated
    P4RT                           : 0 sent, 0 dropped, 0 truncated
    Unspecified                    : 0 sent, 0 dropped, 0 truncated
  Queue Rate:
    Input                          : 80000
    Output                         : 80000
    Drop                           : 0
  Stats:
    Queue Buffer Used              : 0 MB
    Queue Enqueue                  : 80006
    Queue Dequeue                  : 80006
    Queue Drops                    : 0
    Queue Max Time                 : 14311 usec
    Queue Min Time                 : 1 usec
    Queue Avg Time                 : 504 usec
  Channel Stats:
    Queue Channel Size             : 512
    Queue Channel Length           : 0
    Queue Inuse Size               : 0
    Queue Size                     : 30
    Queue Low Water Mark           : 1
    Queue Water Mark               : false
    Queue Channel Closed           : false
    Queue Status                   : 2
    Queue Enqueue Count            : 80006
    Queue Decrement Count          : 80006
    Queue Retry Count              : 0
    Queue Retry Full Count         : 0
  Errors:
    Queue Init Failure             : 0
    Queue Update Failure           : 0
    Queue Dequeue Failure          : 0
    Queue Invalid Parameters       : 0
SendtoAAA Accounting Queue:
  Grpc services:
    GNMI                           : 80002 sent, 0 dropped, 0 truncated
    GNOI                           : 0 sent, 0 dropped, 0 truncated
    GNSI                           : 4 sent, 0 dropped, 0 truncated
    GRIBI                          : 0 sent, 0 dropped, 0 truncated
    P4RT                           : 0 sent, 0 dropped, 0 truncated
    Unspecified                    : 0 sent, 0 dropped, 0 truncated
  Queue Rate:
    Input                          : 80000
    Output                         : 80000
    Drop                           : 0
  Stats:
    Queue Buffer Used              : 0 MB
    Queue Enqueue                  : 80006
    Queue Dequeue                  : 80006
    Queue Drops                    : 0
    Queue Max Time                 : 66549 usec
    Queue Min Time                 : 1 usec
    Queue Avg Time                 : 2544 usec
  Channel Stats:
    Queue Channel Size             : 512
    Queue Channel Length           : 0
    Queue Inuse Size               : 0
    Queue Size                     : 40
    Queue Low Water Mark           : 1
    Queue Water Mark               : false
    Queue Channel Closed           : false
    Queue Status                   : 2
    Queue Enqueue Count            : 80006
    Queue Decrement Count          : 80006
    Queue Retry Count              : 0
    Queue Retry Full Count         : 0
  Errors:
    Queue Init Failure             : 0
    Queue Update Failure           : 0
    Queue Dequeue Failure          : 0
    Queue Invalid Parameters       : 0
Cmd Accounting Queue:
  Cmd services:
    Shell                          : 0 sent, 0 dropped, 0 truncated
    Cli                            : 23 sent, 0 dropped, 0 truncated
    Netconf                        : 0 sent, 0 dropped, 0 truncated
    Unspecified                    : 0 sent, 0 dropped, 0 truncated
  Queue Rate:
    Input                          : 2
    Output                         : 2
    Drop                           : 0
  Stats:
    Queue Buffer Used              : 0 MB
    Queue Enqueue                  : 23
    Queue Dequeue                  : 23
    Queue Drops                    : 0
    Queue Max Time                 : 248 usec
    Queue Min Time                 : 26 usec
    Queue Avg Time                 : 94 usec
  Channel Stats:
    Queue Channel Size             : 512
    Queue Channel Length           : 0
    Queue Inuse Size               : 0
    Queue Size                     : 40
    Queue Low Water Mark           : 1
    Queue Water Mark               : false
    Queue Channel Closed           : false
    Queue Status                   : 2
    Queue Enqueue Count            : 23
    Queue Decrement Count          : 23
    Queue Retry Count              : 0
    Queue Retry Full Count         : 0
  Errors:
    Queue Init Failure             : 0
    Queue Update Failure           : 0
    Queue Dequeue Failure          : 0
    Queue Invalid Parameters       : 0
Client Stats:
  Number Of Clients                : 2
  History Truncation Events        : 0
  Client Idle Timeouts             : 0
  Record Requests                  : 4
  Record Responses                 : 80029
Collectors:
  Collector Statistics:
    IP                             : 192.168.122.1
    Port                           : 25906
    Total                          : Records: 80029, Drops: 0
    Total History Truncation       : 0
    Grpc Service Records:
      gNMI                         : Records: 80002, Drops: 0
      gNOI                         : Records: 0, Drops: 0
      gNSI                         : Records: 4, Drops: 0
      gRIBI                        : Records: 0, Drops: 0
      P4RT                         : Records: 0, Drops: 0
      Unspecified                  : Records: 0, Drops: 0
    Cmd Service Records:
      Shell                        : Records: 0, Drops: 0
      CLI                          : Records: 23, Drops: 0
      Netconf                      : Records: 0, Drops: 0
      Unspecified                  : Records: 0, Drops: 0
   gRPC Stream Stats:
    gRPC Stream Status             : 2
    gRPC Send Status               : 1
    gRPC Send Error Channel Length : 0
    gRPC Send Errors               : 0
    gRPC Send Enqueue Count        : 80029
    gRPC Send Close Count          : 0
    gRPC Stream Send Count         : 80029
    gRPC Stream Send Error Count   : 0
  Send Channel Stats:
    Queue Channel Size             : 512
    Queue Channel Length           : 0
    Queue Inuse Size               : 0
    Queue Size                     : 40
    Queue Low Water Mark           : 0
    Queue Water Mark               : false
    Queue Channel Closed           : false
    Queue Status                   : 2
    Queue Enqueue Count            : 80029
    Queue Decrement Count          : 80029
    Queue Retry Count              : 0
    Queue Retry Full Count         : 0
  Collector Statistics:
    IP                             : 192.168.122.1
    Port                           : 25912
    Total                          : Records: 80029, Drops: 0
    Total History Truncation       : 0
    Grpc Service Records:
      gNMI                         : Records: 80002, Drops: 0
      gNOI                         : Records: 0, Drops: 0
      gNSI                         : Records: 4, Drops: 0
      gRIBI                        : Records: 0, Drops: 0
      P4RT                         : Records: 0, Drops: 0
      Unspecified                  : Records: 0, Drops: 0
    Cmd Service Records:
      Shell                        : Records: 0, Drops: 0
      CLI                          : Records: 23, Drops: 0
      Netconf                      : Records: 0, Drops: 0
      Unspecified                  : Records: 0, Drops: 0
   gRPC Stream Stats:
    gRPC Stream Status             : 2
    gRPC Send Status               : 1
    gRPC Send Error Channel Length : 0
    gRPC Send Errors               : 0
    gRPC Send Enqueue Count        : 80029
    gRPC Send Close Count          : 0
    gRPC Stream Send Count         : 80029
    gRPC Stream Send Error Count   : 0
  Send Channel Stats:
    Queue Channel Size             : 512
    Queue Channel Length           : 0
    Queue Inuse Size               : 0
    Queue Size                     : 40
    Queue Low Water Mark           : 0
    Queue Water Mark               : false
    Queue Channel Closed           : false
    Queue Status                   : 2
    Queue Enqueue Count            : 80029
    Queue Decrement Count          : 80029
    Queue Retry Count              : 0
    Queue Retry Full Count         : 0
Accounting Stats:
  Grpc Accounting                  : 80006
  Cmd Accounting                   : 23
Error Stats:
  AAA Dequeue Failed               : 0
  AAA Payload Failed               : 0
  Send To AAA Failed               : 0
  gRPC Dequeue Failed              : 0
  Cmd Dequeue Failed               : 0
  Accounting Payload Failed        : 0
  Record Create Failed             : 0
  Get RPC Failed                   : 0
  Get Method Failed                : 0
  Serialize Payload Failed         : 0
  Record Response Payload Failed   : 0
  Get Local Info Failed            : 0
  Get Remote Info Failed           : 0
  Get Username Failed              : 0
  Locald Invalid Service Type      : 0

show gnsi service authorization policy

To display the active gRPC service authorization policies on the router, use the show gnsi service authorization policy command in Global Configuration mode.

show gnsi service authorization policy

Syntax Description

This command has no keywords or arguments.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 7.11.1

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the policy which is active on the router:

Router#show gnsi service authorization policy
Wed Jul 19 10:56:14.509 UTC{
    "version": "1.0",
    "created_on": 1700816204,
    "policy": {
        "name": "authz",
        "allow_rules": [
            {
                "name": "allow all gNMI for all users",
                "request": {
                    "paths": [
                        "*"
                    ]
                },
                "source": {
                    "principals": [
                        "*"
                    ]
                }
            }
        ],
        "deny_rules": [
            {
                "name": "deny gNMI set for oper users",
                "request": {
                    "paths": [
                        "/gnmi.gNMI/*"
                    ]
                },
                "source": {
                    "principals": [
                        "User1"
                    ]
                }
            }
        ]
    }
}

show gnsi path authorization counters

To view the gNSI path authorization counters such as number of accepted, rejected authorizations, use the show gnsi path authorization counters command in Global Configuration mode.

show gnsi path authorization counters [ path XPath | server-name server-name ]

Syntax Description

XPath

Provide the XPath for which authorization counters can be retrieved.

server-name

The server's IP address from where authorization counters can be retrieved.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.2.11

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the policy which is active on the router:

Router# show gnsi path authorization counters 
Mon Apr  1 08:05:46.297 UTC
----------------Pathz Counters Info--------------

/system/config/hostname:
                                        Read                              Write
Rejects :                                  0                                  0
   Last :                                N/A                                N/A
Accepts :                                  0                                  3
   Last :                                N/A    Mon, 01 Apr 2024 08:05:25 +0000
Total path records received 1

Router# show gnsi path authorization counters server-name 64.103.223.33
Mon Apr  1 08:33:25.194 UTC
----------------Pathz Counters Info--------------

/:
                                        Read                              Write
Rejects :                                  0                                  2
   Last :                                N/A    Mon, 01 Apr 2024 08:32:37 +0000
Accepts :                                  0                                  0
   Last :                                N/A                                N/A

/system/config/hostname:
                                        Read                              Write
Rejects :                                  0                                  6
   Last :                                N/A    Mon, 01 Apr 2024 08:32:36 +0000
Accepts :                                  0                                  0
   Last :                                N/A                                N/A
Total path records received 2
Router#
Router# show gnsi path authorization counters path /system/config/hostname
Mon Apr  1 08:32:46.468 UTC
----------------Pathz Counters Info--------------

/system/config/hostname:
                                        Read                              Write
Rejects :                                  0                                  6
   Last :                                N/A    Mon, 01 Apr 2024 08:32:36 +0000
Accepts :                                  0                                  0
   Last :                                N/A                                N/A
Total path records received 1
Router#

show gnsi path authorization policy

To view the running gNSI path authorization policy on the router, use the show gnsi path authorization policy command in Global Configuration mode.

show gnsi path authorization policy

Syntax Description

This command has no keywords or arguments.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.2.11

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the gnsi path authorization policy which is active on the router:

Router# show gnsi path authorization policy 
Mon Apr  1 04:29:37.905 UTC
version:"1" created_on:1711946719670313 policy:{rules:{user:"cafyauto" path:{origin:"openconfig" elem:{name:"system"} elem:{name:"config"} elem:{name:"hostname"}} action:ACTION_PERMIT mode:MODE_WRITE}}
Router# 

show gnsi path authorization statistics

To view the gNSI path authorization statistics on the router, use the show gnsi path authorization statistics command in Global Configuration mode.

show gnsi path authorization statistics

Syntax Description

This command has no keywords or arguments.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.2.11

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the gNSI path authorization statistics on the router:

Router# show gnsi path authorization statistics 
Mon Apr  1 04:29:23.259 UTC
----------------Pathz Info--------------
Engine:
 
  State:
    Active Policy:
      Version                  : 1
      Created On (UTC)         : Wed, 09 Dec 54251401 07:58:33 +0000
    Sandbox Policy:
      Version                  : N/A
      Created On (UTC)         : N/A
    Policy Rotation in Progress: False
 
  Stats:
    Rotations in Progress Count: 0
    Policy Rotations           : 0
    Policy Rotation Errors     : 0
    Policy Upload Requests     : 0
    Policy Upload Errors       : 0
    Policy Finalize            : 0
    Policy Finalize Errors     : 0
    Probe Requests             : 0
    Probe Errors               : 0
    Get Requests               : 0
    Get Errors                 : 0
    Policy Unmarshall Errors   : 0
    Sandbox Policy Errors      : 0
 
  Counters:
    No Policy Auth Requests    : 0
    gNMI Path Leaves           : 0
    gNMI Authorizations        : 0
    gNMI Set Path Permit       : 0
    gNMI Set Path Deny         : 0
    gNMI Get Path Permit       : 0
    gNMI Get Path Deny         : 0
 
  Errors:
    Path To String             : 0
    Origin Type                : 0
    Bad Mode                   : 0
    Bad Action                 : 0
    JSON Flatten               : 0
    String To Path             : 0
    Join Paths                 : 0
    Nil Path                   : 0
    Nil SetRequest             : 0
    Empty User                 : 0
    Probe Internal             : 0
    Path Counters:
      Increment                : 0
      Find                     : 0
      Clear                    : 0
      Walk                     : 0

show p4rt devices

To view the status of P4Runtime devices, use the show p4rt devices command in EXEC mode.

show p4rt devices device-id location npu-location npu-id npu-id

Syntax Description

device-id

Specifies the 64-bit device identifier as a decimal value in the range of 1 to 18446744073709551615.

location npu-location

Specifies the location of the Network Processing Unit (NPU) device.

npu-id npu-id

Specifies the unique NPU identifier in the range of 0 to 7.

Command Default

None

Command Modes

EXEC mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read

Examples

This example shows how to view the status of devices configured for P4Runtime:


RP/0/RP0/CPU0:router# show p4rt devices
Wed May 17 17:11:43.670 UTC
----------------P4RT Devices--------------
Device Id                                 : 1000000
    Node Id                               : 0/0/CPU0 (0x0)
    NPU Id                                : 0x0
    Internal Tx State                     : 1
    Max Election Id                       : 0,0
    Shutdown Requested                    : no
    Sessions count                        : 0
    P4Info Hash Value                     : 0x0
    P4Info Ref Count                      : 0
    Protocol Stats:
        New Primary Count                 : 0
        Last Session Id                   : 0
        Successfull FwdConfig             : 0
        Unsuccessfull FwdConfig           : 0
        Not Primary FwdConfig             : 0
    Write Stats:
        Successfull Write                 : 0
        Unsuccessfull Write               : 0
        Not Primary Write                 : 0
        Failed Precondition Write         : 0
        Successfull Write Entries         : 0
        Unsuccessfull Write Entries       : 0
    Read Stats:
        Successfull Read                  : 0
        Unsuccessfull Read                : 0
        Failed Precondition Read          : 0
        Successfull Read Entries          : 0
    Inject Stats:
        Primary Packets                   : 0
        Primary Drops                     : 0
        Failed Precondition               : 0
        Non Primary Drops                 : 0
        Bad Packet Length                 : 0
        Bad Packet Metadata               : 0
    Punt Queue Stats:
        Size                              : 0
        Inserted                          : 0
        Removed                           : 0
        Full Drops                        : 0
        Drained Drops                     : 0
    Punt Stats:
        Total Primary Packets             : 0
        Primary Packet Errors             : 0
          
  Table Entries                           : 0
          
  Sessions:
      None found
          
          
Device Id                                 : 1000001
    Node Id                               : 0/1/CPU0 (0x100)
    NPU Id                                : 0x3
    Internal Tx State                     : 1
    Max Election Id                       : 0,0
    Shutdown Requested                    : no
------------------ Truncated for brevity -------------------
    

show p4rt interfaces

To view the status of P4Runtime interfaces, use the show p4rt interfaces command in XR EXEC mode.

show p4rt interfaces type location

Syntax Description

type

Specifies the interface type. For more information, use the question mark (? ) online help function.

location

Specifies the physical or virtual interface in rack/slot/instance/port/breakout or rack/slot/interface/port format.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read

Examples

This example shows how to view the status of interfaces configured for P4Runtime:


RP/0/RP0/CPU0:router# show p4rt interfaces
Wed May 17 16:53:01.459 UTC
----------------P4RT Interface--------------
Interface Name     : HundredGigE0/0/0/24
    Handle         : 0x250
    P4RT Port-id   : 3
    Node-id        : 0/0/CPU0 (0x0)
    NPU-id         : 0x0
    FSM State      : SPIO_ATTACHED
    RefCnt         : 3
    Flags          : 0xd

Interface Name     : HundredGigE0/0/0/25
    Handle         : 0x258
    P4RT Port-id   : 6
    Node-id        : 0/0/CPU0 (0x0)
    NPU-id         : 0x1
    FSM State      : SPIO_ATTACHED
    RefCnt         : 3
    Flags          : 0xd

Interface Name     : HundredGigE0/0/0/26
    Handle         : 0x260
    P4RT Port-id   : 7
    Node-id        : 0/0/CPU0 (0x0)
    NPU-id         : 0x1
    FSM State      : SPIO_ATTACHED
    RefCnt         : 3
    Flags          : 0xd
    

show p4rt state

To view the global state of P4Runtime gRPC service configured on the router, use the show p4rt state command in XR EXEC mode.

show p4rt state

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read

Examples

This example shows how to view the global state of P4Runtime service configured on the router:


RP/0/RP0/CPU0:router# show p4rt state
Wed May 17 17:24:56.802 UTC
----------------P4RT state--------------
Global:
    Thread cerrno              : Success
    State                      : CONFIGURED
    Configured                 : Yes

Interface Manager:
    Connected                  : Yes

SPIO:
    Initialized                : Yes
    Thread cerrno              : Success
    Thread running             : Yes
    Thread asked to stop       : No
    Resync in Progress         : No

NETIO:
    Connected                  : Yes

LPTS:
    Client cerrno              : Success
    

show p4rt stats

To view the P4Runtime statistics, use the show p4rt stats command in XR EXEC mode.

show p4rt stats

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read

Examples

This example shows how to view the global state of P4Runtime services configured on the router:


RP/0/RP0/CPU0:router# show p4rt stats
Wed May 17 17:34:14.611 UTC
----------------P4RT stats--------------
Global:
    Ifname Objects               : 3
    ID Objects                   : 3
    IfHandle Objects             : 3
    Stale Interface Objects      : 0
  Inject Stats:
    Added to Internal Queue      : 0
    Internal Queue Full Drops    : 0

SPIO:
    Interface Attach OK          : 3
    Interface Attach Error       : 0
    Interface Resync OK          : 0
    Interface Resync Error       : 0
  Punt Stats:
    Packets                      : 0
    Added to Device Queue        : 0
    Ifhandle Errors              : 0
    Egress Ifhandle Lookup Errors: 0
    Egress Ifhandle Errors       : 0
    Packet Len Errors            : 0
    Bad Punt Reason Errors       : 0
    Packet Buf Errors            : 0
    Bad Device Errors            : 0
    Device Queue Full Drops      : 0
  Inject Stats:
    SPIO Errors                  : 0
    SPIO Delivered               : 0
          
NETIO:    
  Inject Stats:
    Bad Packet Len Errors        : 0
    Packet Buffer Memory Error   : 0
    Bad IP Packet Error          : 0
    Pak API Error                : 0
    Netio Send Error             : 0
    Netio Down Error             : 0
    Netio Delivered              : 0
          
LPTS:     
  Write:  
    Attempts                     : 0
    Errors                       : 0
    Entries:
        Attempts                 : 0
        Errors                   : 0
        Skipped (gRPC Parse)     : 0
        Opcode Errors            : 0
        Punt type Errors         : 0
        Not Suppported Punt type : 0
        LPTS Client Errors       : 0
        LPTS Client Success      : 0
  Read:   
    Attempts                     : 0
    Errors                       : 0
    Entries:
        Destination Errors       : 0
        Node_id Errors           : 0
        Npu_id Errors            : 0
        Attribute Errors         : 0
        Read                     : 0

show p4rt trace

To view the trace information of P4Runtime configuration, use the show p4rt trace command in XR EXEC mode.

show p4rt trace { all | lib }

Syntax Description

all

Displays trace data for all P4Runtime library.

lib

Displays trace data for general P4Runtime library.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.10.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read

Examples

This example shows how to view the trace information for P4Runtime configuration:


RP/0/RP0/CPU0:router# show p4rt trace all
Wed May 17 17:40:28.774 UTC
111 wrapping entries (6528 possible, 896 allocated, 0 filtered, 111 total)
May 17 15:08:47.499 p4rt/lib_slow 0/RP0/CPU0 t18073 Code(224) Thread Init: 'Slow Trace Started'
May 17 15:08:47.499 p4rt/lib_slow 0/RP0/CPU0 t18073 Code(249) Thread Init: Parent 'thread Barrier WAITING'
May 17 15:08:47.502 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(218) Thread Init: 'p4rt thread EVMGR ok'
May 17 15:08:47.502 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(219) Thread Init: 'Role pulse handler attached'
May 17 15:08:47.502 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(256) Role changed to: 'ACTIVE'
May 17 15:08:47.502 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(226) Thread Init: 'p4rt thread debug ok'
May 17 15:08:47.502 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(240) DB: 'DB Initialized ok'
May 17 15:08:47.512 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(232) EDM Init: 'EDM sysdb reg ok'
May 17 15:08:47.512 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(233) EDM Init: 'EDM conn id ok'
May 17 15:08:47.512 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(356) OC EDM: OC EDM connect
May 17 15:08:47.522 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(359) OC EDM: Interface EDM registration successful
May 17 15:08:47.522 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(360) OC EDM: Platform EDM register
May 17 15:08:47.529 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(361) OC EDM: Platform EDM registration successful
May 17 15:08:47.529 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(238) OC EDM: Conn Success
May 17 15:08:47.532 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(269) LPTS: 'LPTS client init OK'
May 17 15:08:47.532 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(257) Event: 'Client Connections Init'
May 17 15:08:47.535 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(236) IfMgr: 'IM callback registered'
May 17 15:08:47.535 p4rt/lib_event 0/RP0/CPU0 t18092 IfMgr: Code(4) - 'Connection UP'
May 17 15:08:47.535 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(238) IfMgr: 'Conn Success'
May 17 15:08:47.535 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(243) SPIO: 'spio Mutex ok'
May 17 15:08:47.535 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(244) SPIO: 'spio thread EVMGR ok'
May 17 15:08:47.535 p4rt/lib_slow 0/RP0/CPU0 t18092 Code(227) Thread Init: 'Stop pulse handler attached'
---------------------- Truncated for brevity -----------------------

show ssh server

To view the SSH server configuration and the host-certs, use the show ssh server command in the EXEC mode.

show ssh server { vrf | | vrf-name | configuration | | | gnsi configuration | | | authorized_keys user | user-name | authorized_principals user | user-name | ca_keys | host_keys | host-certs }

Syntax Description

vrf vrf-name

Displays all the active configurations on the router for a given VRF

gnsi

Displays all the finalized configurations on the router for a given VRF.

authorized_keys user user-name

Displays a user's public keys for authentication.

authorized_principals user user-namename

Displays the list of accepted principal names for a user's certificate authentication.

ca_keys user-name

Displays the trusted certificate authorities' public keys for user authentication.

host_keys

Displays various SSH private host keys (rsa, ecda, dsa, ed25519) if set up.

host-certs

Displays different public host certificates that match with the private host keys shown in host_keys.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification
Release 24.2.11

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Examples

The following example shows the gNSI configurations on the router:

Router# config
Router(config)# grpc port 57888
Router(config)# grpc no-tls
Router(config)# commit
Router(config)# end

To view the gNSI configuration on the router, use the show ssh server gnsi configuration command.

Router# show ssh server gnsi configuration
Wed May  1 14:45:29.008 UTC
----------------------------------------
AuthorizedKeysFile /etc/ciscossh/authorized_list/%u/authorized_keys
AuthorizedPrincipalsFile /etc/ciscossh/authorized_list/%u/authorized_principals
HostCertificate /etc/ciscossh/host_certs/ecdsa-sha2-nistp256-cert.pub
HostCertificate /etc/ciscossh/host_certs/ecdsa-sha2-nistp521-cert.pub
HostCertificate /etc/ciscossh/host_certs/ed25519-cert.pub
----------------------------------------

The following example shows the VRF configurations on the router:

Router# config
Router(config)# ssh server vrf default
Router(config)# commit
Router(config)# end

To view the server VRF configuration on the router, use the show ssh server vrf command.

Router# show ssh server vrf default configuration
----------------------------------------
UsePAM yes
HostKeyAlgorithms x509v3-ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,
rsa-sha2-256,ssh-rsa,ssh-dss
PermitRootLogin yes
MaxAuthTries 20
MaxSessions 16
RekeyLimit 1024M 60m
Subsystem sftp /pkg/bin/sftp-server
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
LoginGraceTime 30
ClientAliveInterval 60
AllowTcpForwarding no
MaxStartups 150
LogLevel DEBUG
IPQoS 0x40
HostKey   /pkg/ecdsa-sha2-nistp256
HostKey  /pkg/ecdsa-sha2-nistp384
HostKey  /pkg/ecdsa-sha2-nistp521
HostKey  /pkg/ed25519
HostKey  /pkg/rsa
HostKey  /pkg/dsa
HostKey  /pkg/x509v3-ssh-rsa
HostKey  /pkg/ssh-rsa-cert-v01
AcceptedAlgorithms x509v3-ssh-rsa,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,
x509v3-ecdsa-sha2-nistp521,x509v3-ssh-dss,ssh-rsa,ssh-rsa-cert-v01@openssh.com,
rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,
ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
Port 22
PidFile /var/run/sshd_default.pid

To view the server host-keys on the router, use the show ssh server host-keys command.

Router# show ssh server host-keys
Wed May  1 14:39:36.746 UTC
----------------------------------------
Key label: the_default
Type     : ED25519
Data     : ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMXlhKk4HixCE/HGwKGkbGwgLAT7ecm0fze7ZsQQIJw 
xxxx@vxr-slurm-146.xxxx.com

Key label: the_default
Type     : ECDSA General Curve Nistp256
Degree   : 256
Data     : ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA9mwnz5O1+
oV5m6Zdo3Mqmc6IjkxrCbt+E/vhK67/B8mEaGEO5JfFcJ7zHp905HsiLm0mYijS4zQCZNYRMcvNk= xxxx@vxr-slurm-146.xxxx.com

Key label: the_default
Type     : ECDSA General Curve Nistp521
Degree   : 521
Data     : ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBABjiqUtIXeBAfO
sur6xhCaX0865nf6Gp0gIQC/DzBNC1AJTtqZfQl4FMHPTkixAsHZ/7OVSh70tMgk4VzCHH+EmpAB5zIrz7fSzJFXSs9DJqw
75DxtOsjb/mcovLnHU2wfSiDD7qOjhyznL/VlAkKRq60aFK9w4r0qWW5L/infNDoDfvg== xxxx@vxr-slurm-146.xxxx.com

----------------------------------------
Router#

To view the host certificates on the router, use the show ssh server host-certs command.

Router# show ssh server host-certs
Wed May  1 13:56:21.596 UTC
----------------------------------------
Type : ecdsa-sha2-nistp521-cert
Data : ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEt
Y2VydC12MDFAb3BlbnNzaC5jb20AAAAgKjWh4uPFNKIr4uZV5maPUoOfyys/ncTyMpBbQZX+7KMAAAAI
bmlzdHA1MjEAAACFBABjiqUtIXeBAfOsur6xhCaX0865nf6Gp0gIQC/DzBNC1AJTtqZfQl4FMHPTk
ixAsHZ/7OVSh70tMgk4VzCHH+EmpAB5zIrz7fSzJFXSs9DJqw75DxtOsjb/mcovLnHU2wfSiDD7qOjhyznL/
VlAkKRq60aFK9w4r0qWW5L/infNDoDfvgAAAAAAAAAAAAAAAgAAAAVjaXNjbwAAAAAAAAAAZdQxHgAAAAB
n1loeAAAAAAAAAAAAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEA26xFTM/0hzlcDKmg6q17s8lk+
UqOqEm6FUytpKw/aPd4cBFNxGWO5BaiTQjTWSDLik9+rxmBF+vpBh4fScT64WDFHUx0OX9URaDl4cyK21
z1KUP7L607ypurZDqmsLuNHYH+nQgwCBJKQzd6/Ph2iuYxY5xhDCG8FzSrxyoMltHrL7gCey9fdO8+Jl
dTMADqp8SCvJjJcKuj0GJ68ut3pII4j0xZCTIMvQQ6ZmWSJgemN7xJLMUN4ZzJjGT1olDkq5kMEVP8pOk8
ylIQkOyRcmuNlBW126D/W58dYXdY5z/OcYWZTBQ1SSIE+Lwbt0RktJfVqrYn1aNq/f38KDyYVQAAARQAAAAM
cnNhLXNoYTItNTEyAAABAIc35ctjmPfOb3RRc3bD9gvHRzKzIO5mGbHxeH06qrNFyDxjPx/A02QydllRU1qjeH/
REAi38/RhUInEj75Iwi+f349xZx0bGacULZHMJWPYy2cGgx3e4WLF43Z3Zu09xSNzVCcUea71d21JhJGUAMWGl
ak86RLbOBvAESyYCCUG+jdNDBq7dfiaeJ05DvY33RRszfEf/4Cy6X8GYzyB/V0bmjrCllUkb56JNscNYweWCB
je2da5BwqxSbQUaLkD97Lad1Jjjeo8A/qrXMWVm71e9AAm1htKtlUusqEAwW1KmeZ4rbUkyTOJ3NaxdW/gEs4
uuAh58oweCaZyasv3ay0= lavms@vxr-slurm-146.cisco.com

Type : ecdsa-sha2-nistp256-cert
Data : ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2Vyd
C12MDFAb3BlbnNzaC5jb20AAAAgQDMsG2AcMkoXfaK9SGTtyuJ65sd0GuR7037ikt6Yo9IAAAAIbmlzdHAyNTYAAABBBA9
mwnz5O1+oV5m6Zdo3Mqmc6IjkxrCbt+E/vhK67/B8mEaGEO5JfFcJ7zHp905HsiLm0mYijS4zQCZNYRMcvNk
AAAAAAAAAAAAAAAIAAAAFY2lzY28AAAAJAAAABWNpc2NvAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZ
cAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAOiOhEHzx1mQXR84w/IoKLOSfq/XI0aFqHdQ4ysQu3nTxiQeqRJtdVSslQM2OZF+
iExpMl4ElZ9Y1pO1BbrMynRhSywx+vtfypBIONfqI/z+jj3uea9i8tf7XF43llt1zE/SuwG9koUb+UI/MhSjL4AUefc9
u4qqY1+OVjKvZe4OfSzQglbNAQWHzhngs1pTjEeYAM5w3zvlDN4SJkPaA41/cRYLj29LJOMhD8NuATfpKxjU55Ja/
cISsfQdQrsTXl+2cFl3vnVYL6JIqjBR9vX36fuKurlZLFx95y7D7lRAb0Nh8D1kbqM8H94LLOd850XfDC/ygOjthkh
MrKipBwX9NnHOE3pwXR7RLaVXNqso04rQCJJmltiQ6ujTfGbtBhvxh+v+uTGhIIcsnJ3ZPIjrsI4KoqaIWPsOkhHbzq
JGcMlJcs6DqfkTl6P/AUOCgo2ssUwaXIrG6sn9plipd27Pq0JvTrIcPdNce0hpr9jAWNpx9UGHeGGFXdXKWqSQh
wAAAZQAAAAMcnNhLXNoYTItNTEyAAABgLXLFmLOFZUUO1hb/c10F8NEe95I865wZ1GKPgF08so5B0yeufjcHuAGkVCC
aO6IYW6jmnfROF48kgmZO3Ri83fIs0McNk9Q0/zb6t2AcWGI/cZtzM2WxQJ0C9SZsIXMGvAK+JnG2CG8Ca7Pa25hCLyhm
Rt22ysGKyCAws1buFI+1AAhnIgoUkBpUiA9kwIBtZPT9dn5vezcmYfJfTgsa/X7mnSm6sfvrFprz6R4Zv6AtRqi6GkWA
g47UXPmo7lAjsIBgzryN1VpHm0uveWAIZu6zOLCCTiKTfqcitaIEbV0aZ5e0g72uB7T6RLhvyhwWaiZ3hqfgAiFqiTzO
omScKzM5+XTOwgW4stT5n8PqTxYXH3okHAlNH29ne8JcnFm9hxWgK8Ru9YxfTRqDO9sb2Z5XtSZEuBr9bUCLfmez4ZeY
ptRxm5tXYMhAevqrRovtMcRMyOsZCLqYANwEh+6n0J/xgkoHFEFY2G0W0gc+a9/Ag1QoQvqyDocYa42N9NLEg==
 xxxxx@vxr-slurm-146.cisco.com

Type : ed25519-cert
Data : ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29t
AAAAIAHRCCkOCw1xUoTS9LsmH05SeyxMo1xYumXSaHygo9fFAAAAILMXlhKk4HixCE/HGwKGkbGwgLAT7ecm0fze7ZsQQIJ
wAAAAAAAAAAAAAAACAAAABWNpc2NvAAAAAAAAAABl1DE2AAAAAGfWWjYAAAAAAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2
EAAAADAQABAAABAQDbrEVMz/SHOVwMqaDqrXuzyWT5So6oSboVTK2krD9o93hwEU3EZY7kFqJNCNNZIMuKT36vGYEX6+
kGHh9JxPrhYMUdTHQ5f1RFoOXhzIrbXPUpQ/svrTvKm6tkOqawu40dgf6dCDAIEkpDN3r8+HaK5jFjnGEMIbwXNKvHKgyW0
esvuAJ7L1907z4mV1MwAOqnxIK8mMlwq6PQYnry63ekgjiPTFkJMgy9BDpmZZImB6Y3vEksxQ3hnMmMZPWiUOSrmQwRU/
yk6TzKUhCQ7JFya42UFbXboP9bnx1hd1jnP85xhZlMFDVJIgT4vBu3RGS0l9WqtifVo2r9/fwoPJhVAAABFAAAAAxyc
2Etc2hhMi01MTIAAAEAFZeqNRf3YT9K+/Zqkh17fnh+TIT2GYPktlVmyZ364EQ9igkKeOTuvqg/TNCt3BBsdRMAPShxOWr+
qcvkU+Amk3u5oP3TbWKvqMA91T3t/ZP3Mo+C+7ONe2zcvC9Rj2JgMn0tcVFI464vNEnyqUcs2AAs/hppiCwdyXbm4kQKxkax
IukonW7E9PuBkV939L4K1VTvEn4S0nTRVPX0tFXO73dIW+BhjDec9NSE/+tJY0SsuvqlL80QV73K/gHv6cJ2QaNinMSBg84Eu/
SghQJO+092ocZSWQe4MiEg4Cgz/KjJhg4I4yyLbBNaL76aAt7k4VThl83QZFLDMU1a4UuT5g==xxxxx@vxr-slurm-146.cisco.com

To view the certificate authority keys on the router, use the show ssh server ca-keys command.

Router# show ssh server ca-keys                    
Wed May  1 15:06:21.094 UTC
----------------------------------------
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC83fcxKGF2i5umMS5Xc74mUxfRIMJLkawJk/BzRc1t+
/lEbD8G+eIMrwRTZ5c60mI/B0Cy1hzgAKKW5KXouBPDEVyIn3BBmYlqzHzenj1RXZYmUlS0lqcB2K2jFL7qzS9+Q+vv3l
+fHvDRMWW5sJnsdPatdY8X1ZOdNlUqwa6C/WcQ4b2FkEp4FctmrJfXv8lMbe+KqiPA1+fjXWH7douS7FDUj2bNEt
f35gcxcDptbLS8oCGvJ4fQCB9kkGpKBe20a+WUkwsoRhDz5Y2e4PUfWFV5AsgbegZmnPrXkqGb7KMf2L1uJgcyxZT+
HZilvSY5gP7FawbkEYTOmgWJEv3f sabgupta@bgl-ads-4100
----------------------------------------
Router#

To view the authorized keys for a user on the router, use the server authorized-keys user command.

Router# show ssh server authorized-keys user user1
Wed May  1 14:29:48.644 UTC
----------------------------------------
pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC83fcxKGF2i5umMS5Xc74mUxfRIMJLkawJk/BzRc1t+/lEbD8G+eIMrwRTZ5c60mI/
B0Cy1hzgAKKW5KXouBPDEVyIn3BBmYlqzHzenj1RXZYmUlS0lqcB2K2jFL7qzS9+Q+vv3l+fHvDRMWW5sJnsdPatdY8X1ZOdNlUqwa6C/
WcQ4b2FkEp4FctmrJfXv8lMbe+KqiPA1+fjXWH7douS7FDUj2bNEtf35gcxcDptbLS8oCGvJ4fQCB9kkGpKBe20a+WUkwsoRhDz5Y2e4P
UfWFV5AsgbegZmnPrXkqGb7KMf2L1uJgcyxZT+HZilvSY5gP7FawbkEYTOmgWJEv3f rsavalue
from="192.0.2.1,192.0.2.22,192.0.2.33" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC83fcxKGF2i5um
MS5Xc74mUxfRIMJLkawJk/BzRc1t+/lEbD8G+eIMrwRTZ5c60mI/B0Cy1hzgAKKW5KXouBPDEVyIn3BBmYlqzHzenj1RXZYmUlS0lqcB2
K2jFL7qzS9+Q+vv3l+fHvDRMWW5sJnsdPatdY8X1ZOdNlUqwa6C/WcQ4b2FkEp4FctmrJfXv8lMbe+KqiPA1+fjXWH7douS7FDUj2bNEtf
35gcxcDptbLS8oCGvJ4fQCB9kkGpKBe20a+WUkwsoRhDz5Y2e4PUfWFV5AsgbegZmnPrXkqGb7KMf2L1uJgcyxZT+HZilvSY5gP7FawbkEYTOmgWJEv3f rsavalue
expiry-time="20241001" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC83fcxKGF2i5umMS5Xc74mUxfRIMJLkawJk/BzRc1t+/
lEbD8G+eIMrwRTZ5c60mI/B0Cy1hzgAKKW5KXouBPDEVyIn3BBmYlqzHzenj1RXZYmUlS0lqcB2K2jFL7qzS9+Q+vv3l+fHvDRMWW5sJnsdPatdY8X1ZOdNlUqwa6C/
WcQ4b2FkEp4FctmrJfXv8lMbe+KqiPA1+fjXWH7douS7FDUj2bNEtf35gcxcDptbLS8oCGvJ4fQCB9kkGpKBe20a+WUkwsoRhDz5Y2e4PUfWFV5Asgbeg
ZmnPrXkqGb7KMf2L1uJgcyxZT+HZilvSY5gP7FawbkEYTOmgWJEv3f rsavalue
expiry-time="20241001" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC83fcxKGF2i5umMS5Xc74mUxfRIMJLkawJk/BzRc1t+/
lEbD8G+eIMrwRTZ5c60mI/B0Cy1hzgAKKW5KXouBPDEVyIn3BBmYlqzHzenj1RXZYmUlS0lqcB2K2jFL7qzS9+Q+vv3l+f
HvDRMWW5sJnsdPatdY8X1ZOdNlUqwa6C/WcQ4b2FkEp4FctmrJfXv8lMbe+KqiPA1+fjXWH7douS7FDUj2bNEtf35gcxcDptbLS8oCGvJ4fQCB9kkGpKBe20a+
WUkwsoRhDz5Y2e4PUfWFV5AsgbegZmnPrXkqGb7KMf2L1uJgcyxZT+HZilvSY5gP7FawbkEYTOmgWJEv3f rsavalue
from="abcd" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC83fcxKGF2i5umMS5Xc74mUxfRIMJLkawJk/BzRc1t+/lEbD8G+eIMrwRTZ5c60mI/
B0Cy1hzgAKKW5KXouBPDEVyIn3BBmYlqzHzenj1RXZYmUlS0lqcB2K2jFL7qzS9+Q+vv3l+fHvDRMWW5sJnsdPatdY8X1ZOdNlUqwa6C/
WcQ4b2FkEp4FctmrJfXv8lMbe+KqiPA1+fjXWH7douS7FDUj2bNEtf35gcxcDptbLS8oCGvJ4fQCB9kkGpKBe20a+WUkwsoRhDz5Y2e4PUfWFV5AsgbegZmn
PrXkqGb7KMf2L1uJgcyxZT+HZilvSY5gP7FawbkEYTOmgWJEv3f rsavalue
----------------------------------------

To view the list of principals (identities) that are authorized for SSH access, use the show ssh server authorized-principals user command.

Router# show ssh server authorized-principals user user1
Wed May  1 14:37:37.933 UTC
----------------------------------------
pty cisco
from="192.0.2.1,192.0.2.22,192.0.2.32" lab
expiry-time="20241001" one
----------------------------------------

show tech-support gnsi

To collect diagnostic information of gNSI on the router, use the show tech-support gnsi command in Global Configuration mode.

show tech-support gnsi

Syntax Description

This command has no keywords or arguments.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.2.11

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the gNSI tech-support:

Router# show tech-support gnsi
Mon Apr  1 06:55:51.482 UTC
++ Show tech start time: 2024-Apr-01.065551.UTC ++
Mon Apr  1 06:55:52 UTC 2024 Waiting for gathering to complete
...
Mon Apr  1 06:56:01 UTC 2024 Compressing show tech output
Show tech output available at Router#: /harddisk:/showtech/showtech-mtb_sf2-gnsi-2024-Apr-01.065551.UTC.tgz
++ Show tech end time: 2024-Apr-01.065601.UTC ++

show tech-support gnsi command places the collected diagnostic information in a file, example Router#: /harddisk: /showtech/showtech-mtb_sf2-gnsi-2024-Apr-01.065551.

show tech-support script

To collect logs that contain debug information for logical traces and tech-support data, use the show tech-support script command in XR EXEC mode.

script tech-support script { file | filepath_filename | list-CLIs | time-out }

Syntax Description

file filepath_filename

Specifies the complete path to a file, including the filename to save the log.

list-CLIs

Creates a log zip file containing a list of all CLI commands executed as part of the tech-support script. The CLI commands are only listed, not executed.

time-out

Specifies the timeout value for each command in seconds ranging from 120-3600 seconds. By default, the timeout is 900 seconds.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.5.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example displays how to save the logical traces and tech-support data in the test file in the disk0 path:

Router# show tech-support script file disk0:/test.log
Wed Sep 25 07:11:39.915 PDT
++ Show tech start time: 2024-Sep-25.071140.PDT ++
Wed Sep 25 07:11:40 PDT 2024 Waiting for gathering to complete
......................
Wed Sep 25 07:12:49 PDT 2024 Compressing show tech output
Show tech output available at 0/RP0/CPU0 : /disk0:/test.log.tgz
++ Show tech end time: 2024-Sep-25.071250.PDT ++

show gnsi trace pathz

To trace the configured gNSI policy on the router, use the show gnsi trace pathz command in Global Configuration mode.

show gnsi trace pathz

Syntax Description

This command has no keywords or arguments.

Command Default

Enabled, by default

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 24.2.11

The command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example displays the gNSI trace data on the router:

Router# show gnsi trace pathz all 
Mon Apr  1 04:31:26.689 UTC
61 wrapping entries (21760 possible, 512 allocated, 0 filtered, 61 total)
Apr  1 04:07:09.681 gnsi/pathz 0/RP0/CPU0 t11383 Pathz: Code(178) 'Trying to load policy' '/mnt/rdsfs/ems/gnsi/pathz_policy.txt'
Apr  1 04:07:09.685 gnsi/pathz 0/RP0/CPU0 t11383 Pathz: Code(173) 'Set Sandbox policy' '1(54251382-02-18 11:34:58 +0000 UTC)'
Apr  1 04:07:09.685 gnsi/pathz 0/RP0/CPU0 t11383 Pathz: Code(179) 'Set Policy from' '/mnt/rdsfs/ems/gnsi/pathz_policy.txt'
Apr  1 04:07:09.685 gnsi/pathz 0/RP0/CPU0 t11383 Pathz: Code(249) 'Pathz Policy Clearing Counters' ' '
Apr  1 04:07:09.685 gnsi/pathz 0/RP0/CPU0 t11383 Pathz: Code (79): 'Engine Initialized'
Apr  1 04:08:05.761 gnsi/pathz 0/RP0/CPU0 t11794 Pathz: Code(63) 'Pathz.Get()' '5.38.4.111:52126'
Apr  1 04:08:05.761 gnsi/pathz_err 0/RP0/CPU0 t11794 Pathz ERROR: Code (65): 'Nil Policy'
Apr  1 04:08:05.788 gnsi/pathz 0/RP0/CPU0 t11480 Pathz: Code(63) 'Pathz.Get()' '5.38.4.111:52126'
Apr  1 04:08:05.788 gnsi/pathz 0/RP0/CPU0 t11480 Pathz: Code(176) 'Get' 'POLICY_INSTANCE_ACTIVE 1(1711946094752098)'
Apr  1 04:08:05.791 gnsi/pathz_deny 0/RP0/CPU0 t11481 Pathz DENY: Code(235) 'Upd/Rep Denied path' 'cafyauto@/system/config/hostname,|1,1711946094752098'
Apr  1 04:08:05.808 gnsi/pathz_deny 0/RP0/CPU0 t11383 Pathz DENY: Code(234) 'Del Denied path' 'cafyauto@/system/config/hostname,|1,1711946094752098'
Apr  1 04:08:05.821 gnsi/pathz_deny 0/RP0/CPU0 t11480 Pathz DENY: Code(235) 'Upd/Rep Denied path' 'cafyauto@/system/config/hostname,|1,1711946094752098'
Apr  1 04:08:07.348 gnsi/pathz_deny 0/RP0/CPU0 t11383 Pathz DENY: Code(235) 'Upd/Rep Denied path' 'cafyauto@/lldp/config/enabled,|1,1711946094752098'
Apr  1 04:08:08.205 gnsi/pathz 0/RP0/CPU0 t11383 Pathz: Code(63) 'Pathz.Get()' '5.38.4.111:52126'
Apr  1 04:08:08.205 gnsi/pathz_err 0/RP0/CPU0 t11383 Pathz ERROR: Code (65): 'Nil Policy'
Apr  1 04:08:08.221 gnsi/pathz 0/RP0/CPU0 t11480 Pathz: Code(63) 'Pathz.Get()' '5.38.4.111:52126'
Apr  1 04:08:08.221 gnsi/pathz 0/RP0/CPU0 t11480 Pathz: Code(176) 'Get' 'POLICY_INSTANCE_ACTIVE 1(1711946094752098)'
Apr  1 04:08:08.238 gnsi/pathz_deny 0/RP0/CPU0 t11481 Pathz DENY: Code(235) 'Upd/Rep Denied path' 'cafyauto@/system/config/hostname,|1,1711946094752098'
Apr  1 04:08:08.281 gnsi/pathz_deny 0/RP0/CPU0 t11480 Pathz DENY: Code(234) 'Del Denied path' 'cafyauto@/system/config/hostname,|1,1711946094752098'
Router#