{
	"id": "8bfbb1d7-28cf-4823-8b78-ac1c20afaecc",
	"created_at": "2026-04-06T00:22:03.915844Z",
	"updated_at": "2026-04-10T03:35:21.474522Z",
	"deleted_at": null,
	"sha1_hash": "2d02ac863d0ae0babe6d0ab502eb25f3dc7d52a5",
	"title": "Cisco IOS Configuration Fundamentals Command Reference - F through K [Support]",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 341968,
	"plain_text": "Cisco IOS Configuration Fundamentals Command Reference - F\r\nthrough K [Support]\r\nPublished: 2025-12-16 · Archived: 2026-04-02 12:45:32 UTC\r\nF through K\r\nF through K\r\nfactory-reset all\r\nTo erase all the user-configured data, use the factory-reset all command in EXEC mode:\r\nfactory-reset all\r\nSyntax Description\r\nSyntax Description\r\nThis command has no keywords or arguments.\r\nCommand Modes\r\nEXEC mode\r\nCommand History\r\nRelease Modification\r\nCisco IOS XE Bengaluru Release\r\n17.6.1\r\nThis command was introduced on ASR 900, ASR 920, and NCS 4200\r\nplatforms.\r\nUsage Guidelines\r\nThe command erases the following data:\r\nAll writable file systems and personal data\r\nOBFL logs\r\nUser data and startup configuration\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 1 of 79\n\nROMMON variables\r\nUser credentials\r\nLicense information\r\nExamples\r\nThe following example shows the configuration of the command:\r\nRouter\u003eenable\r\nRouter\u003efactory-reset all\r\nfactory-reset keep-licensing-info\r\nTo erase all the user-configured data except the licensing information, use the factory-reset keep-licensing-info\r\ncommand in EXEC mode:\r\nfactory-reset keep-licensing-info\r\nSyntax Description\r\nSyntax Description\r\nThis command has no keywords or arguments.\r\nCommand Modes\r\nEXEC mode\r\nCommand History\r\nRelease Modification\r\nCisco IOS XE Bengaluru Release\r\n17.6.1\r\nThis command was introduced on ASR 900, ASR 920, and NCS 4200\r\nplatforms.\r\nUsage Guidelines\r\nThis command erases the following user-configured data:\r\nAll writable file systems and personal data\r\nOBFL logs\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 2 of 79\n\nUser data and startup configuration\r\nROMMON variables\r\nUser credentials\r\nExamples\r\nThe following example shows the configuration of the command:\r\nenable\r\nfactory-reset keep-licensing-info\r\nfactory-reset all secure 3-pass\r\nTo erase all data using the the National Industrial Security Program Operating Manual (DoD 5220.22-M) Wiping\r\nStandard, use the factory-reset all secure 3-pass-DoD 5220-22-M command in EXEC mode:\r\nfactory-reset all-secure 3-pass-DoD 5220-22-M\r\nSyntax Description\r\nSyntax Description\r\nThis command has no keywords or arguments.\r\nCommand Modes\r\nEXEC mode\r\nCommand History\r\nRelease Modification\r\nCisco IOS XE Bengaluru Release\r\n17.6.1\r\nThis command was introduced on ASR 900, ASR 920, and NCS 4200\r\nplatforms.\r\nUsage Guidelines\r\nThe commands erases the following data\r\nAll writable file systems and personal data using the the National Industrial Security Program Operating\r\nManual (DoD 5220.22-M) Wiping Standard:\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 3 of 79\n\nOBFL logs\r\nUser data and startup configuration\r\nROMMON variables\r\nUser credentials\r\nLicense information\r\nExamples\r\nThe following example shows the configuration of the command:\r\nenable\r\nfactory-reset all-secure 3-pass\r\nDoD 5220-22-M\r\nfile privilege\r\nTo configure a new file privilege level for users use the file privilege command in global configuration mode. To\r\nreset the file privilege level of the files to the default and remove the file privilege level configuration from the\r\nrunning configuration file, use the no form of this command.\r\nfile privilege level level\r\nno file privilege level level\r\nSyntax Description\r\nlevel\r\nSpecifies the file privilege level for the files. The level argument must be a number from 0 to 15.\r\nUsers with privilege level equal to greater than the file privilege level can access the files under the\r\nfile system.\r\nCommand Default\r\nBy default the privilege level is set to 15.\r\nCommand Modes\r\nGlobal configuration (config#)\r\nCommand History\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 4 of 79\n\nRelease Modification\r\n15.2(2)T This command was introduced.\r\nExamples\r\nThe following example, shows how to set the file privilege level to 3 and verify the change using the show\r\nrunning-config command.\r\nDevice(config)# file privilege ?\r\n \u003c0-15\u003e Privilege level\r\nDevice(config)# file privilege 3\r\nDevice(config)# end\r\nDevice# show running-config | i file priv\r\nfile privilege 3\r\nRelated Commands\r\nCommand Description\r\nprivilege level Sets the default privilege level for a line.\r\nfile prompt\r\nTo specify the level of prompting, use the file prompt command in global configuration mode.\r\nfile prompt prompt [alert | noisy | quiet]\r\nSyntax Description\r\nalert (Optional) Prompts only for destructive file operations. This is the default.\r\nnoisy (Optional) Confirms all file operation parameters.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 5 of 79\n\nquiet (Optional) Seldom prompts for file operations.\r\nCommand Default\r\nalert\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n11.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nUse this command to change the amount of confirmation needed for different file operations.\r\nThis command affects only prompts for confirmation of operations. The router will always prompt for missing\r\ninformation.\r\nExamples\r\nThe following example configures confirmation prompting for all file operations:\r\nRouter(config)# file prompt noisy\r\n \r\nfile verify auto\r\nTo enable automatic image verification, use the file verify auto command in global configuration mode. To disable\r\nautomatic image verification, use the no form of this command.\r\nfile verify auto\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 6 of 79\n\nno file verify auto\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nImage verification is not automatically applied to all images that are copied or reloaded onto a router.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n12.2(18)S This command was introduced.\r\n12.0(26)S This command was integrated into Cisco IOS Release 12.0(26)S.\r\n12.2(14)SX\r\nThis command was integrated into Cisco IOS Release 12.2(14)SX and implemented on the\r\nSupervisor Engine 720.\r\n12.2(17d)SXB Support was added for the Supervisor Engine 2.\r\n12.3(4)T This command was integrated into Cisco IOS Release 12.3(4)T.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nImage verification is accomplished by verifying the compressed Cisco IOS image checksum.\r\nImage verification allows users to automatically verify the integrity of all Cisco IOS images. Thus, users can be\r\nsure that the image is protected from accidental corruption, which can occur at any time during transit, starting\r\nfrom the moment the files are generated by Cisco until they reach the user.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 7 of 79\n\nThe file verify auto command enables image verification globally; that is, all images that are to be copied (via the\r\ncopy command) or reloaded (via the reload command) are automatically verified. Although both the copy and\r\nreload commands have a /verify keyword that enables image verification, you must issue the keyword each time\r\nyou want to copy or reload an image. The file verify auto command enables image verification by default so you\r\nno longer have to specify image verification multiple times.\r\nIf you have enabled image verification by default but prefer to disable verification for a specific image copy or\r\nreload, the /noverify keyword along with either the copy or the reload command will override the file verify auto\r\ncommand.\r\nExamples\r\nThe following example shows how to enable automatic image verification:\r\nRouter(config)# file verify auto\r\nRelated Commands\r\nCommand Description\r\ncopy Copies any file from a source to a destination.\r\ncopy/noverify Disables the automatic image verification for the current copy operation.\r\nreload Reloads the operating system.\r\nverify\r\nVerifies the checksum of a file on a Flash memory file system or computes an MD5\r\nsignature for a file.\r\nformat\r\nTo format a Class A, Class B, or Class C flash memory file system, use the format command in privileged EXEC\r\nor diagnostic mode.\r\nClass B and Class C Flash File Systems\r\nformat filesystem1:\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 8 of 79\n\nClass A Flash File System\r\nformat [spare spare-number] filesystem1: [ [filesystem2:] [monlib-filename] ]\r\nSyntax Description\r\nspare\r\n(Optional) Reserves spare sectors as specified by the spare-number argument when you\r\nformat flash memory.\r\nspare-number(Optional) Number of the spare sectors to reserve in formatted flash memory. Valid values are\r\nfrom 0 to 16. The default value is 0.\r\nfilesystem1 :\r\nFlash memory to format, followed by a colon.\r\nValid values for use with the Cisco 7600 series router are disk0: disk1: , bootflash: , slot0: ,\r\nsup-slot0: , and sup-bootflash: ; see the “Usage Guidelines” section for additional\r\ninformation.\r\nValid values for use with the ASR 1000 Series Routers are bootflash: , harddisk: , stby-harddisk: , obfl: , and usb [0 1 ]; .\r\nfilesystem2 :\r\n(Optional) File system containing the monlib file to use for formatting the argument\r\nfilesystem1 followed by a colon.\r\nmonlib-filename\r\n(Optional) Name of the ROM monitor library file (monlib file) to use for formatting the\r\nfilesystem1 argument. The default monlib file is the one bundled with the system software.\r\nDual Route Switch Processors (RSP) High System Availability (HSA) Functionality\r\nWhen this command is used with Dual RSPs and you do not specify the monlib-filename\r\nargument, the system takes the ROM monitor library file from the secondary image bundle. If\r\nyou specify the monlib-filename argument, the system assumes that the files reside on the\r\nsecondary devices.\r\nCommand Default\r\nspare-number : 0monlib-filename: The monlib file bundled with the system software\r\nCommand Modes\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 9 of 79\n\nPrivileged EXEC (#)\r\nDiagnostic (diag)\r\nCommand History\r\nRelease Modification\r\n11.0 This command was introduced.\r\n12.2(14)SX Support for this command was added for the Supervisor Engine 720.\r\n12.2(17d)SXB\r\nSupport for this command on the Supervisor Engine 2 was extended to Release\r\n12.2(17d)SXB.\r\n12.3(14)T\r\nSupport for Class B flash (USB flash and USB eToken) file systems was added as part\r\nof the USB Storage feature.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nCisco IOS XE\r\nRelease 2.1\r\nThis command was introduced on the Cisco ASR 1000 Series Routers and the\r\nfollowing enhancements were introduced:\r\nThis command was introduced in diagnostic mode for the first time. The\r\ncommand can be entered in both privileged EXEC and diagnostic mode on the\r\nCisco ASR 1000 Series Routers.\r\nThe harddisk: , obfl: , stby-harddisk: , stby-usb [0 -1 ]: and usb[0-1]: filesystem1\r\n: options were introduced.\r\n12.2YST This command was integrated into Cisco IOS Release 12.2YST.\r\nUsage Guidelines\r\nReserve a certain number of memory sectors as spares, so that if some sectors fail, most of the flash memory card\r\ncan still be used. Otherwise, you must reformat the flash card after some of the sectors fail.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 10 of 79\n\nUse this command to format Class A, B, or C flash memory file systems. The Cisco 7600 series router supports\r\nonly Class A and Class C flash file systems.\r\nIn some cases, you might need to insert a new Personal Computer Memory Card Industry Association (PCMCIA)\r\nflash memory or flash PC card and load images or backup configuration files onto it. Before you can use a new\r\nflash memory or flash PC card, you must format it.\r\nSectors in flash memory or flash PC cards can fail. Reserve certain flash memory or flash PC sectors as “spares”\r\nby using the optional spare-number argument on the format command to specify 0 to 16 sectors as spares. If you\r\nreserve a small number of spare sectors for emergencies, you can still use most of the flash memory or flash PC\r\ncard. If you specify 0 spare sectors and some sectors fail, you must reformat the flash memory or flash PC card,\r\nthereby erasing all existing data.\r\nThe monlib file is the ROM monitor library. The ROM monitor uses this file to access files in the flash file\r\nsystem. The Cisco IOS system software contains a monlib file. Use the show disk0: all command to display\r\nmonlib file details.\r\nWhen this command is used with HSA and you do not specify the monlib-filename argument , the system takes\r\nthe ROM monitor library file from the secondary image bundle. If you specify the monlib-filename argument , the\r\nsystem assumes that the files reside on the secondary devices.\r\nIn the command syntax, the filesystem1 : argument specifies the device to format and the filesystem2 : argument\r\nspecifies the optional device containing the monlib file used to format the filesystem1 : argument. The device\r\ndetermines which monlib file to use, as follows:\r\nIf you omit the optional filesystem2 : and monlib-filename arguments, the system formats the filesystem1 :\r\nargument using the monlib file already bundled with the system software.\r\nIf you omit only the optional filesystem2 : argument, the system formats the filesystem1 : argument using\r\nthe monlib file from the device you specified with the cd command.\r\nIf you omit only the optional monlib-filename argument, the system formats filesystem1 : using the\r\nfilesystem2 : monlib file.\r\nWhen you specify both arguments--filesystem2 : and monlib-filename -- the system formats the filesystem1\r\n: argument using the monlib file from the specified device.\r\nYou can specify the filesystem1 : arguments’s own monlib file in this argument. If the system cannot find a\r\nmonlib file, it terminates its formatting.\r\nNote\r\nMost platforms do not support booting from images stored on flash memory cards . You should\r\nreboot your device only from integrated memory locations, such as NVRAM.\r\nCisco 7600 Series Router Notes\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 11 of 79\n\nThe bootflash: , slot0: , sup-slot0: , and sup-bootflash: keywords are supported on Cisco 7600 series routers that\r\nare configured with a Supervisor Engine 2.\r\nUse the format command to format Class A or C flash memory file systems.\r\nThe disk0: and disk1: keywords are for Class C file systems.\r\nThe bootflash: , slot0: , sup-slot0: , and sup-bootflash: keywords are for Class A file systems.\r\nThe disk0: keyword is supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2 only.\r\nCisco ASR 1000 Series Routers Notes\r\nThis command is available in both privileged EXEC and diagnostic mode on the Cisco ASR 1000 Series Routers.\r\nExamples\r\nThe following example shows how to format a flash memory card that is inserted in slot 0:\r\nRouter# format slot0:\r\nRunning config file on this device, proceed? [confirm] y\r\nAll sectors will be erased, proceed? [confirm] y\r\nEnter volume id (up to 31 characters): \u003cReturn\u003e\r\nFormatting sector 1 (erasing)\r\nFormat device slot0 completed\r\nWhen the console returns to the privileged EXEC prompt, the new flash memory card is formatted and ready for\r\nuse.\r\nThis following example shows how to format a CompactFlash PC card that is inserted in slot 0:\r\nRouter# format disk0:\r\nRunning config file on this device, proceed? [confirm] y\r\nAll sectors will be erased, proceed? [confirm] y\r\nEnter volume id (up to 31 characters): \u003cReturn\u003e\r\nFormatting sector 1 (erasing)\r\nFormat device disk0 completed\r\nWhen the console returns to the EXEC prompt, the new CompactFlash PC card is formatted and ready for use.\r\nThis follwing example shows how a format operation cleans up the disk and writes the monitor library on the disk\r\nfilesystem:\r\nRouter# format formatdisk:\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 12 of 79\n\nFormat operation may take a while. Continue? [confirm]\r\nFormat operation will destroy all data in \"bootdisk:\". Continue? [confirm]\r\nHash Computation: 100%Done!\r\nComputed Hash SHA2: DFBA87256310DC8A7B7BF8158451F7F4\r\n 0AC333C9B396D9D0E42DDBD542C30E08\r\n F3946DDE692AF04F0B20F29BE51C49C4\r\n 1B631790A542D81F9A7C90ABC2426960\r\n \r\nEmbedded Hash SHA2: DFBA87256310DC8A7B7BF8158451F7F4\r\n 0AC333C9B396D9D0E42DDBD542C30E08\r\n F3946DDE692AF04F0B20F29BE51C49C4\r\n 1B631790A542D81F9A7C90ABC2426960\r\n \r\nDigital signature successfully verified in file Monlib\r\nWriting Monlib sectors....\r\nMonlib write complete\r\nFormat: All system sectors written. OK...\r\nFormat: Total sectors in formatted partition: 1000881\r\nFormat: Total bytes in formatted partition: 512451072\r\nFormat: Operation completed successfully.\r\nFormat of bootdisk: complete\r\nRelated Commands\r\nCommand Description\r\ncd Changes the default directory or file system.\r\ncopy Copies any file from a source to a destination.\r\ndelete Deletes a file on a flash memory device.\r\nshow disk0: all Displays ATA MONLIB file information for disk0.\r\nshow file systems Lists available file systems.\r\nsqueeze Permanently deletes flash files by squeezing a Class A flash file system.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 13 of 79\n\nCommand Description\r\nundelete Recovers a file marked “deleted” on a Class A or Class B flash file system.\r\nfsck\r\nTo check a File Allocation Table (FAT)-based disk, a flash file system, or a Class C file system for damage and to\r\nrepair any problems, use the fsck command in privileged EXEC or diagnostic mode.\r\nSupported Platforms Other than the Cisco 7600 Series and Cisco ASR1000 Series Routers\r\nfsck [/ nocrc] [/ automatic] [/ all] [/ force] [filesystem:]\r\nCisco 7600 Series Routers\r\nfsck [/ automatic] [/ all] [/ force] [filesystem:]\r\nCisco ASR 1000 Series Routers\r\nfsck [/ all] [/ force] [filesystem:]\r\nSyntax Description\r\n/nocrc\r\n(Optional) This keyword is available for Class C flash file systems only. Omits cyclic\r\nredundancy checks (CRCs).\r\n/automatic\r\n(Optional) This keyword is available for Advanced Technology Attachment (ATA) FAT-based\r\ndisks only. Specifies that the check and repair actions should proceed automatically. This option\r\ncan be used to skip the prompts for each check and repair action.\r\nNote\r\n \r\nThis command also specifies the automatic mode for the Cisco 7600 series router;\r\nsee the “Usage Guidelines” section for additional information.\r\n/ all (Optional) Specifies that all partitions on the disk be checked for problems.\r\n/force (Optional) Ensures forced termination of simultaneous file operations on the same device.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 14 of 79\n\nfilesystem\r\n:\r\nThe file system prefix indicating the disk to be checked. The colon (:) is required. Typically, the\r\nfile system prefix will be disk0: or disk1: . In case of dual processors, the file system on the\r\nredundant supervisor engine can also be specified.\r\nCommand Default\r\nA FAT-based disk, flash file system, or Class C file system is not checked for damage and repaired. If you do not\r\nenter the /automatic keyword, command-line interface (CLI) prompts for actions are issued. For the Cisco 7600\r\nseries router, if you do not specify the disk0: keyword, the current file system is checked.\r\nThis command is available in both privileged EXEC and diagnostic mode on the Cisco ASR1000 series routers.\r\nCommand Modes\r\nPrivileged EXEC (#) Diagnostic (diag)\r\nCommand History\r\nRelease Modification\r\n11.3 AA This command was introduced.\r\n12.0(22)S\r\nThis command was implemented on the Cisco 7000 family of routers and on the Cisco\r\n10000 series router and the Gigabit Switch Router (GSR) to support ATA disks.\r\n12.2(13)T This command was integrated into Cisco IOS Release 12.2(13)T.\r\n12.2(14)SX\r\nThis command was modified. Support for this command was added for the Supervisor\r\nEngine 720.\r\n12.2(17d)SXB\r\nThis command was modified. Support for this command on the Supervisor Engine 2\r\nwas extended to Release 12.2(17d)SXB.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 15 of 79\n\nRelease Modification\r\nCisco IOS XE\r\nRelease 2.1\r\nThis command was introduced on the Cisco ASR 1000 Series Routers and the\r\nfollowing enhancements were introduced:\r\nThis command was introduced in diagnostic mode for the first time. The\r\ncommand can be entered in both privileged EXEC and diagnostic mode on the\r\nCisco ASR 1000 series routers.\r\nThe /all option was introduced.\r\nThe harddisk: , obfl: , stby-harddisk: , stby-usb [0 -1 ]: ,and usb [0 -1 ]:\r\nfilesystem : options were introduced.\r\n15.0(1)M This command was modified. The /force keyword was added.\r\nUsage Guidelines\r\nSupported Platforms Other than Cisco 7600 Series Router\r\nThis command performs all steps necessary to remove corrupted files and reclaim unused disk space. Changes\r\ninclude checking for incorrect file sizes, cluster loops, and so on. The default form of this command issues\r\nmultiple prompts to confirm each of the changes. However, you can skip these prompts by using the /automatic\r\nkeyword when issuing the command.\r\nWhen you use the /automatic keyword you are prompted to confirm that you want the automatic option. Prompts\r\nfor actions will be skipped, but all actions performed are displayed to the terminal (see the example below).\r\nThis command works with ATA Personal Computer Memory Card Industry Association (PCMCIA) cards\r\nformatted in Disk Operating System (DOS), or for Class C flash file systems.\r\nNote\r\nOnly one partition (the active partition) is checked in the ATA disk.\r\nCisco 7600 Series Router\r\nThe disk0: or slavedisk0: file systems are the only file systems in the Cisco 7600 series routers on which you can\r\nrun the File-System-Check ( fsck) utility. The slavedisk0: file system appears in redundant supervisor engine\r\nsystems only.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 16 of 79\n\nThis command is valid only on Class C flash file systems and only on PCMCIA ATA flash disks and\r\nCompactFlash disks.\r\nThe output for the fsck slavedisk0: command is similar to the fsck disk0: command output.\r\nIf you do not enter any arguments, the current file system is used. Use the pwd command to display the current\r\nfile system.\r\nIf you enter the disk0: or slavedisk0: keyword, the fsck utility checks the selected file system for problems. If a\r\nproblem is detected, a prompt is displayed asking if you want the problem fixed.\r\nIf you enter the /automatic keyword, you are prompted to confirm that you want the automatic mode. In automatic\r\nmode, problems are fixed automatically and you are not prompted to confirm.\r\nIf you do not specify the /force keyword, any simultaneous file operations on the same device are not terminated.\r\nInstead, an error message stating files are open for read or write access appears. If you specify the /force keyword,\r\nthe fsck utility terminates files that are open for read or write access and continues to check for problems.\r\nThe table below lists the checks and actions that are performed by the fsck utility.\r\nTable 1. fsck Utility Checks and Actions\r\nChecks Actions\r\nChecks the boot sector and the partition\r\ntable and reports the errors.\r\nNo action.\r\nValidates the media with the signature in\r\nthe last 2 bytes of the first sector (0x55 and\r\n0xaa, respectively).\r\nNo action.\r\nChecks the os_id to find whether this is a\r\nFAT-12 or FAT-16 file system (valid values\r\ninclude 0, 1, 4, and 6).\r\nNo action.\r\nChecks the number of FAT’s field (correct\r\nvalues are 1 and 2).\r\nNo action.\r\nChecks these values:\r\nn_fat_sectors cannot be less than 1.\r\nNo action.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 17 of 79\n\nChecks Actions\r\nn_root_entries cannot be less than\r\n16.\r\nn_root_sectors cannot be less than 2.\r\nbase_fat_sector,\r\nn_sectors_per_cluster, n_heads,\r\nn_sectors_per_track is not 0.\r\nChecks the files and FAT for these errors:\r\nChecks the FAT for invalid cluster\r\nnumbers.\r\nIf the cluster is a part of a file chain, the cluster is changed to\r\nend of file (EOF). If the cluster is not part of a file chain, it is\r\nadded to the free list and unused cluster chain. The table below\r\nlists valid cluster numbers; numbers other than those listed in\r\nthe table below are invalid numbers.\r\nChecks the file’s cluster chain for loops.\r\nIf the loop is broken, the file is truncated at the cluster where\r\nthe looping occurred.\r\nChecks the directories for nonzero size\r\nfields.\r\nIf directories are found with nonzero size fields, the size is\r\nreset to zero.\r\nChecks for invalid start cluster file\r\nnumbers.\r\nIf the start cluster number of a file is invalid, the file is\r\ndeleted.\r\nChecks files for bad or free clusters.\r\nIf the file contains bad or free clusters, the file is truncated at\r\nthe last good cluster; an example is the cluster that points to\r\nthis bad/free cluster.\r\nChecks to see if the file’s cluster chain is\r\nlonger than indicated by the size fields.\r\nIf the file’s cluster chain is longer than indicated by the size\r\nfields, the file size is recalculated and the directory entry is\r\nupdated.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 18 of 79\n\nChecks Actions\r\nChecks to see if two or more files share the\r\nsame cluster (crosslinked).\r\nIf two or more files are crosslinked, you are prompted to\r\naccept the repair, and one of the files is truncated.\r\nChecks to see if the file’s cluster chain is\r\nshorter than is indicated by the size fields.\r\nIf the file’s cluster chain is shorter than is indicated by the size\r\nfields, the file size is recalculated and the directory entry is\r\nupdated.\r\nChecks to see if there are any unused\r\ncluster chains.\r\nIf unused cluster chains are found, new files are created and\r\nlinked to that file with the name fsck-start cluster\r\nThe table below lists the valid cluster numbers. Numbers other than those listed in the table below are invalid\r\nnumbers.\r\nTable 2. Valid Cluster Numbers\r\nCluster FAT-12 FAT-16\r\nNext entry in the chain 2-FEF 2-FFEF\r\nLast entry in chain FF8-FFF FFF8-FFFF\r\nAvailable cluster 0 0\r\nBad Cluster FF7 FFF7\r\nExamples\r\nExamples\r\nThe following example shows sample output from the fsck command in automatic mode:\r\nRouter# fsck /automatic disk1:\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 19 of 79\n\nProceed with the automatic mode? [yes] y\r\nChecking the boot sector and partition table...\r\nChecking FAT, Files and Directories...\r\nStart cluster of file disk1:/file1 is invalid, removing file\r\nFile disk1:/file2 has a free/bad cluster, truncating...\r\nFile disk1:/file2 truncated.\r\nFile disk1:/file3 has a free/bad cluster, truncating...\r\nFile disk1:/file3 truncated.\r\nFile disk1:/file4 has a invalid cluster, truncating...\r\nFile disk1:/file4 truncated.\r\nFile disk1:/file5 has a invalid cluster, truncating...\r\nFile disk1:/file5 truncated.\r\nFile disk1:/file6 has a invalid cluster, truncating...\r\nFile disk1:/file6 truncated.\r\nFile size of disk1:/file7 is not correct, correcting it\r\nFile disk1:/file8 cluster chain has a loop, truncating it\r\nFile disk1:/file8 truncated.\r\nFile disk1:/file9 cluster chain has a loop, truncating it\r\nFile disk1:/file9 truncated.\r\nFile disk1:/file16 has a free/bad cluster, truncating...\r\nFile disk1:/file16 truncated.\r\nFile disk1:/file20 has a free/bad cluster, truncating...\r\nFile disk1:/file20 truncated.\r\nReclaiming unused space...\r\nCreated file disk1:/fsck-4 for an unused cluster chain\r\nCreated file disk1:/fsck-41 for an unused cluster chain\r\nCreated file disk1:/fsck-73 for an unused cluster chain\r\nCreated file disk1:/fsck-106 for an unused cluster chain\r\nCreated file disk1:/fsck-121 for an unused cluster chain\r\nCreated file disk1:/fsck-132 for an unused cluster chain\r\nCreated file disk1:/fsck-140 for an unused cluster chain\r\nCreated file disk1:/fsck-156 for an unused cluster chain\r\nCreated file disk1:/fsck-171 for an unused cluster chain\r\nCreated file disk1:/fsck-186 for an unused cluster chain\r\nCreated file disk1:/fsck-196 for an unused cluster chain\r\nCreated file disk1:/fsck-235 for an unused cluster chain\r\nCreated file disk1:/fsck-239 for an unused cluster chain\r\nUpdating FAT...\r\nfsck of disk1: complete\r\nExamples\r\nThis example shows how to run a check of the current file system:\r\nRouter# fsck\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 20 of 79\n\nChecking the boot sector and partition table...\r\n Checking FAT, Files and Directories...\r\n Files\r\n 1) disk0:/FILE3 and\r\n 2) disk0:/FILE2\r\n have a common cluster.\r\n Press 1/2 to truncate or any other character to ignore[confirm] q\r\n Ignoring this error and continuing with the rest of the check...\r\n Files\r\n 1) disk0:/FILE5 and\r\n 2) disk0:/FILE4\r\n have a common cluster.\r\n Press 1/2 to truncate or any other character to ignore[confirm] 1\r\n File disk0:/FILE5 truncated.\r\n Files\r\n 1) disk0:/FILE7 and\r\n 2) disk0:/FILE6\r\n have a common cluster.\r\n.\r\n.\r\n.\r\n1) disk0:/FILE15 and\r\n 2) disk0:/FILE13\r\n have a common cluster.\r\n Press 1/2 to truncate or any other character to ignore[confirm] i\r\n Ignoring this error and continuing with the rest of the check...\r\n Reclaiming unused space...\r\n Created file disk0:/fsck-11 for an unused cluster chain\r\n Created file disk0:/fsck-20 for an unused cluster chain\r\n Created file disk0:/fsck-30 for an unused cluster chain\r\n Created file disk0:/fsck-35 for an unused cluster chain\r\n Created file disk0:/fsck-40 for an unused cluster chain\r\n Created file disk0:/fsck-46 for an unused cluster chain\r\n Created file disk0:/fsck-55 for an unused cluster chain\r\n Created file disk0:/fsck-62 for an unused cluster chain\r\n Created file disk0:/fsck-90 for an unused cluster chain\r\n Updating FAT...\r\n fsck of disk0: complete\r\nRelated Commands\r\nCommand Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 21 of 79\n\nCommand Description\r\ncd Changes the default directory or file system.\r\npwd Shows the current setting of the cd command.\r\nfull-help\r\nTo get help f or the full set of user-level commands, use the full-help command in line configuration mode.\r\nfull-help\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nDisabled\r\nCommand Modes\r\nLine configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe full-help command enables (or disables) an unprivileged user to see all of the help messages available. It is\r\nused with the show ? command.\r\nExamples\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 22 of 79\n\nIn the following example, the show ? command is used first with full-help disabled. Then full-help is enabled for\r\nthe line, and the show ? command is used again to demonstrate the additional help output that is displayed.\r\nRouter\u003e show ?\r\n bootflash Boot Flash information\r\n calendar Display the hardware calendar\r\n clock Display the system clock\r\n context Show context information\r\n dialer Dialer parameters and statistics\r\n history Display the session command history\r\n hosts IP domain-name, lookup style, nameservers, and host table\r\n isdn ISDN information\r\n kerberos Show Kerberos Values\r\n modemcap Show Modem Capabilities database\r\n ppp PPP parameters and statistics\r\n rmon rmon statistics\r\n sessions Information about Telnet connections\r\n snmp snmp statistics\r\n terminal Display terminal configuration parameters\r\n users Display information about terminal lines\r\n version System hardware and software status\r\nRouter\u003e enable\r\nPassword:\u003cletmein\u003e\r\nRouter# configure terminal\r\nEnter configuration commands, one per line. End with CNTL/Z.\r\nRouter(config)# line console 0\r\nRouter(config-line)# full-help\r\nRouter(config-line)# exit\r\n \r\nRouter#\r\n%SYS-5-CONFIG_I: Configured from console by console\r\nRouter# disable\r\nRouter\u003e show ?\r\n access-expression List access expression\r\n access-lists List access lists\r\n aliases Display alias commands\r\n apollo Apollo network information\r\n appletalk AppleTalk information\r\n arp ARP table\r\n async Information on terminal lines used as router interfaces\r\n bootflash Boot Flash information\r\n bridge Bridge Forwarding/Filtering Database [verbose]\r\n bsc BSC interface information\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 23 of 79\n\nbstun BSTUN interface information\r\n buffers Buffer pool statistics\r\n calendar Display the hardware calendar\r\n .\r\n .\r\n .\r\n translate Protocol translation information\r\n ttycap Terminal capability tables\r\n users Display information about terminal lines\r\n version System hardware and software status\r\n vines VINES information\r\n vlans Virtual LANs Information\r\n whoami Info on current tty line\r\n x25 X.25 information\r\n xns XNS information\r\n xremote XRemote statistics\r\nRelated Commands\r\nCommand Description\r\nhelp Displays a brief description of the help system.\r\nhelp\r\nTo display a brief description of the help system, use the help command in any command mode.\r\nhelp\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nNo default behavior or values.\r\nCommand Modes\r\nUser EXEC\r\nPrivileged EXEC\r\nAll configuration modes\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 24 of 79\n\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe help command provides a brief description of the context-sensitive help system, which functions as follows:\r\nTo list all commands available for a particular command mode, enter a question mark (?) at the system\r\nprompt.\r\nTo obtain a list of commands that begin with a particular character string, enter the abbreviated command\r\nentry immediately followed by a question mark (?). This form of help is called word help , because it lists\r\nonly the keywords or arguments that begin with the abbreviation you entered.\r\nTo list the keywords and arguments associated with a command, enter a question mark (?) in place of a\r\nkeyword or argument on the command line. This form of help is called command syntax help , because it\r\nlists the keywords or arguments that apply based on the command, keywords, and arguments you have\r\nalready entered.\r\nExamples\r\nIn the following example, the help command is used to display a brief description of the help system:\r\nRouter#\r\n help\r\nHelp may be requested at any point in a command by entering\r\na question mark '?'. If nothing matches, the help list will\r\nbe empty and you must backup until entering a '?' shows the\r\navailable options.\r\nTwo styles of help are provided:\r\n1. Full help is available when you are ready to enter a\r\n command argument (e.g. 'show ?') and describes each possible\r\n argument.\r\n2. Partial help is provided when an abbreviated argument is entered\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 25 of 79\n\nand you want to know what arguments match the input\r\n (e.g. 'show pr?'.)\r\nThe following example shows how to use word help to display all the privileged EXEC commands that begin with\r\nthe letters “co.” The letters entered before the question mark are reprinted on the next command line to allow the\r\nuser to continue entering the command.\r\nRouter# co?\r\nconfigure connect copy\r\nRouter# co\r\nThe following example shows how to use command syntax help to display the next argument of a partially\r\ncomplete access-list command. One option is to add a wildcard mask. The \u003ccr\u003e symbol indicates that the other\r\noption is to press Enter to execute the command without adding any more keywords or arguments. The characters\r\nentered before the question mark are reprinted on the next command line to allow the user to continue entering the\r\ncommand or to execute that command as it is.\r\nRouter(config)# access-list 99 deny 131.108.134.234 ?\r\n A.B.C.D Mask of bits to ignore\r\n \u003ccr\u003e\r\nRouter(config)# access-list 99 deny 131.108.134.234\r\nRelated Commands\r\nCommand Description\r\nfull-help Enables help for the full set of user-level commands for a line.\r\nhidekeys\r\nTo suppress the display of password information in configuration log files, use the hidekeys command in\r\nconfiguration change logger configuration mode. To allow the display of password information in configuration\r\nlog files, use the no form of this command.\r\nhidekeys\r\nno hidekeys\r\nSyntax Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 26 of 79\n\nThis command has no arguments or keywords.\r\nCommand Default\r\nPassword information is displayed.\r\nCommand Modes\r\nConfiguration change logger configuration (config-archive-log-config)\r\nCommand History\r\nRelease Modification\r\n12.3(4)T This command was introduced.\r\n12.2(25)S This command was integrated into Cisco IOS Release 12.2(25)S.\r\n12.2(27)SBC This command was integrated into Cisco IOS Release 12.2(27)SBC.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\n12.2(33)SB\r\nThis command was integrated into Cisco IOS Release 12.2(33)SB and\r\nimplemented on the Cisco 10000 series.\r\nCisco IOS XE Release\r\n3.9S\r\nThis command was integrated into Cisco IOS XE Release 3.9S.\r\nUsage Guidelines\r\nEnabling the hidekeys command increases security by preventing password information from being displayed in\r\nconfiguration log files.\r\nExamples\r\nThe following example shows how to prevent password information from being displayed in configuration log\r\nfiles:\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 27 of 79\n\nDevice# configure terminal\r\n!\r\nDevice(config)# archive\r\nDevice(config-archive)# log config\r\nDevice(config-archive-log-config)# hidekeys\r\nDevice(config-archive-log-config)# end\r\nRelated Commands\r\nCommand Description\r\narchive Enters archive configuration mode.\r\nlog config Enters configuration change logger configuration mode.\r\nlogging enable Enables the logging of configuration changes.\r\nlogging size Specifies the maximum number of entries retained in the configuration log.\r\nnotify syslog Enables the sending of notifications of configuration changes to a remote syslog.\r\nshow archive log config Displays entries from the configuration log.\r\nhistory\r\nTo enable the command history function, use the history command in line configuration mode. To disable the\r\ncommand history function, use the no form of this command.\r\nhistory\r\nno history\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 28 of 79\n\nCommand Default\r\nEnabled with ten command lines in the buffer.\r\nCommand Modes\r\nLine configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe command history function provides a record of EXEC commands that you have entered. This function is\r\nparticularly useful for recalling long or complex commands or entries, including access lists.\r\nTo change the number of command lines that the system will record in its history buffer, use the history size line\r\nconfiguration command.\r\nThe history command enables the history function with the last buffer size specified or, if there was not a prior\r\nsetting, with the default of ten lines. The no history command disables the history function.\r\nThe show history EXEC command will list the commands you have entered, but you can also use your keyboard\r\nto display individual commands. The table below lists the keys you can use to recall commands from the\r\ncommand history buffer.\r\nTable 3. History Keys\r\nKey(s) Functions\r\nCtrl-P or Up\r\nArrow1\r\nRecalls commands in the history buffer in a backward sequence, beginning with the most\r\nrecent command. Repeat the key sequence to recall successively older commands.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 29 of 79\n\nKey(s) Functions\r\nCtrl-N or\r\nDown Arrow1\r\nReturns to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow. Repeat the key sequence to recall successively more recent commands.\r\n1\r\n The arrow keys function only with ANSI-compatible terminals.\r\nExamples\r\nIn the following example, the command history function is disabled on line 4:\r\nRouter(config)# line 4\r\n \r\nRouter(config-line)# no history\r\nRelated Commands\r\nCommand Description\r\nhistory size Sets the command history buffer size for a particular line.\r\nshow history Lists the commands you have entered in the current EXEC session.\r\nterminal\r\nhistory\r\nEnables the command history function for the current terminal session or changes the size of\r\nthe command history buffer for the current terminal session.\r\nhistory size\r\nTo change the command history buffer size for a particular line, use the history size command in line\r\nconfiguration mode. To reset the command history buffer size to ten lines, use the no form of this command.\r\nhistory size number-of-lines\r\nno history size\r\nSyntax Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 30 of 79\n\nnumber-of-lines\r\nSpecifies the number of command lines that the system will record in its history buffer. The\r\nrange is from 0 to 256. The default is 10.\r\nCommand Default\r\n10 command lines\r\nCommand Modes\r\nLine configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe history size command should be used in conjunction with the history and show history commands. The\r\nhistory command enables or disables the command history function. The show history command lists the\r\ncommands you have entered in the current EXEC session. The number of commands that the history buffer will\r\nshow is set by the history size command.\r\nNote\r\nThe history size command only sets the size of the buffer; it does not reenable the history function. If\r\nthe no history command is used, the history command must be used to reenable this function.\r\nExamples\r\nThe following example displays line 4 configured with a history buffer size of 35 lines:\r\nRouter(config)# line 4\r\nRouter(config-line)# history size 35\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 31 of 79\n\nRelated Commands\r\nCommand Description\r\nhistory Enables or disables the command history function.\r\nshow history Lists the commands you have entered in the current EXEC session.\r\nterminal history\r\nsize\r\nEnables the command history function for the current terminal session or changes the size\r\nof the command history buffer for the current terminal session.\r\nhold-character\r\nTo define the local hold character used to pause output to the terminal screen, use the hold-character command in\r\nline configuration mode. To restore the default, use the no form of this command.\r\nhold-character ascii-number\r\nno hold-character\r\nSyntax Description\r\nascii-number ASCII decimal representation of a character or control sequence (for example, Ctrl-P).\r\nCommand Default\r\nNo hold character is defined.\r\nCommand Modes\r\nLine configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 32 of 79\n\nRelease Modification\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe Break character is represented by zero; NULL cannot be represented. To continue the output, enter any\r\ncharacter after the hold character. To use the hold character in normal communications, precede it with the escape\r\ncharacter. See the “ASCII Character Set” appendix for a list of ASCII characters.\r\nExamples\r\nThe following example sets the hold character to Ctrl-S, which is ASCII decimal character 19:\r\nRouter(config)# line 8\r\nRouter(config-line)# hold-character 19\r\nRelated Commands\r\nCommand Description\r\nterminal hold-character Sets or changes the hold character for the current session.\r\nhostname\r\nTo specify or modify the hostname for the network server, use the hostname command in global configuration\r\nmode.\r\nhostname name\r\nSyntax Description\r\nname New hostname for the network server.\r\nCommand Default\r\nThe default hostname is Router.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 33 of 79\n\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\n12.2(33)SB This command was integrated into Cisco IOS Release 12.2(33)SB.\r\n12.2(33)SXI This command was integrated into Cisco IOS Release 12.2(33)SXI.\r\nCisco IOS XE Release\r\n2.5\r\nThis command was integrated into Cisco IOS XE Release 2.5.\r\n15.0(1)M4\r\nThis command was integrated into Cisco IOS Release 15.0(1)M4 and support for\r\nnumeric hostnames added.\r\nUsage Guidelines\r\nThe hostname is used in prompts and default configuration filenames.\r\nDo not expect case to be preserved. Uppercase and lowercase characters look the same to many internet software\r\napplications. It may seem appropriate to capitalize a name the same way you might do in English, but conventions\r\ndictate that computer names appear all lowercase. For more information, refer to RFC 1178, Choosing a Name for\r\nYour Computer .\r\nThe name must also follow the rules for ARPANET hostnames. They must start with a letter, end with a letter or\r\ndigit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer.\r\nCreating an all numeric hostname is not recommended but the name will be accepted after an error is returned.\r\nRouter(config)#hostname 123\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 34 of 79\n\n% Hostname contains one or more illegal characters.\r\n123(config)#\r\nA hostname of less than 10 characters is recommended. For more information, refer to RFC 1035, Domain\r\nNames--Implementation and Specification .\r\nOn most systems, a field of 30 characters is used for the hostname and the prompt in the CLI. Note that the length\r\nof your hostname may cause longer configuration mode prompts to be truncated. For example, the full prompt for\r\nservice profile configuration mode is:\r\n(config-service-profile)#\r\n \r\nHowever, if you are using the hostname of “Router,” you will only see the following prompt (on most systems):\r\nRouter(config-service-profil)#\r\n \r\nIf the hostname is longer, you will see even less of the prompt:\r\nBasement-rtr2(config-service)#\r\n \r\nKeep this behavior in mind when assigning a name to your system (using the hostname global configuration\r\ncommand). If you expect that users will be relying on mode prompts as a CLI navigation aid, you should assign\r\nhostnames of no more than nine characters.\r\nThe use of a special character such as '\\'(backslash) and a three or more digit number for the character setting like\r\nhostname , results in incorrect translation:\r\nRouter(config)#\r\nRouter(config)#hostname \\99\r\n% Hostname contains one or more illegal characters.\r\nExamples\r\nThe following example changes the hostname to “host1”:\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 35 of 79\n\nRouter(config)# hostname host1\r\nhost1(config)#\r\nRelated Commands\r\nCommand Description\r\nsetup\r\nEnables you to make major changes to your configurations, for example, adding a protocol suit,\r\nmaking major addressing scheme changes, or configuring newly installed interfaces.\r\nhw-module reset\r\nTo reset a module by turning the power off and then on, use the hw-module reset command in privileged EXEC\r\nmode.\r\nhw-module module num reset\r\nSyntax Description\r\nmodule\r\nnum\r\nApplies the command to a specific module; see the “Usage Guidelines” section for valid\r\nvalues.\r\nCommand Default\r\nThis command has no default settings.\r\nCommand Modes\r\nPrivileged EXEC\r\nCommand History\r\nRelease Modification\r\n12.2(14)SX This command was introduced on the Supervisor Engine 720.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 36 of 79\n\nRelease Modification\r\n12.2(17d)SXB This command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\n12.2(31)SB2 This command was integrated into Cisco IOS 12.2(31)SB2.\r\nUsage Guidelines\r\nThe num argument designates the module number. Valid values depend on the chassis that is used. For example, if\r\nyou have a 13-slot chassis, valid values for the module number are from 1 to 13.\r\nExamples\r\nThis example shows how to reload a specific module:\r\nRouter#\r\nhw-module module 3 reset\r\nhw-module shutdown\r\nTo shut down the module, use the hw-module shutdown command in privileged EXEC mode.\r\nhw-module module num shutdown\r\nSyntax Description\r\nmodule\r\nnum\r\nApplies the command to a specific module; see the “Usage Guidelines” section for valid\r\nvalues.\r\nCommand Default\r\nThis command has no default settings.\r\nCommand Modes\r\nPrivileged EXEC\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 37 of 79\n\nCommand History\r\nRelease Modification\r\n12.2(14)SX Support for this command was introduced on the Supervisor Engine 720.\r\n12.2(17d)SXB\r\nSupport for this command on the Supervisor Engine 2 was extended to Release\r\n12.2(17d)SXB.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThis command is supported on the SSL Services Module and the NAM.\r\nIf you enter the hw-module shutdown command to shut down the module, you will have to enter the no power\r\nenable module command and the power enable module command to restart (power down and then power up) the\r\nmodule.\r\nExamples\r\nThis example shows how to shut down and restart the module:\r\nRouter# hw-module module 3 shutdown\r\nRouter# no power enable module 3\r\nRouter# power enable module 3\r\ninsecure\r\nTo configure a line as insecure, use the insecure command in line configuration mode. To disable this function, use\r\nthe no form of this command.\r\ninsecure\r\nno insecure\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 38 of 79\n\nCommand Default\r\nDisabled\r\nCommand Modes\r\nLine configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nUse this command to identify a modem line as insecure for DEC local area transport (LAT) classification.\r\nExamples\r\nIn the following example, line 10 is configured as an insecure dialup line:\r\nRouter(config)# line 10\r\nRouter(config-line)# insecure\r\ninstall\r\nTo install Software Maintenance Upgrade (SMU) packages, use the install command in privileged EXEC mode.\r\ninstall {abort | activate | file {bootflash: | flash: | harddisk: | webui:} [auto-abort-timer timer timer prompt-level\r\n{all | none}] | add file {bootflash: | flash: | ftp: | harddisk: | http: | https: | pram: | rcp: | scp: | tftp: | webui:}\r\n[activate [auto-abort-timer timer prompt-level {all | none}commit]] | commit | auto-abort-timer stop | deactivate\r\nfile {bootflash: | flash: | harddisk: | webui:} | label id {description description | label-name name} | remove {file\r\n{bootflash: | flash: | harddisk: | webui:} | inactive } | | rollback to {base | committed | id {install-ID } | label {label-name}}}\r\nSyntax Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 39 of 79\n\nabort Aborts the current install operation.\r\nactivate\r\nValidates whether the SMU is added through the install add command.\r\nThis keyword runs a compatibility check, updates package status, and if\r\nthe package can be restarted, it triggers post-install scripts to restart the\r\nnecessary processes, or triggers a reload for non-restartable packages.\r\nfile Specifies the package to be activated.\r\n{bootflash: | flash: | harddisk: |\r\nwebui:}\r\nSpecifies the location of the installed package.\r\nauto-abort-timer timer\r\n(Optional) Installs an auto-abort timer.\r\nThe timer is set by the activate keyword and removed by the commit\r\nkeyword. After the expiry of the install auto-abort timer command, a\r\ndevice can be rolled back to a stage before the install commit command is\r\nused.\r\nprompt-level {all | none}\r\n(Optional) Prompts the user about installation activities.\r\nFor example, the activate keyword, automatically triggers a reload for\r\npackages that require a reload. Before activating the package, a message\r\nwill prompt users as to whether they want to continue.\r\nThe all keyword allows you to enable prompts. The none keyword disable\r\nprompts.\r\nadd\r\nCopies files from a remote location (via FTP, TFTP) to a device and\r\nperforms Software Maintenance Upgrade (SMU) compatibility check for\r\nthe platform and image versions.\r\nThis keyword runs base compatibility checks to ensure that a specified\r\npackage is supported on a platform. It also adds an entry in the package\r\nfile, so that the status can be monitored and maintained.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 40 of 79\n\n{ bootflash: | flash: |ftp:\r\n|harddisk: |http: |https: | pram:\r\n|rcp: | scp: | tftp: |webui:}\r\nSpecifies the package to be added.\r\ncommit\r\nMakes SMU changes persistent over reloads.\r\nYou can do a commit after activating a package, while the system is up, or\r\nafter the first reload. If a package is activated, but not committed, it\r\nremains active after the first reload, but not after the second reload.\r\nauto-abort-timer stop\r\nStops the auto-abort timer.\r\nIf the roll back timer is not stopped through the command, the device rolls\r\nback to an older software version when rollback timer expires. Default:120\r\nminutes.\r\ndeactivate\r\nDeactivates an installed package.\r\nDeactivating a package also updates the package status and triggers a\r\nprocess restart or a reload.\r\nlabel id Specifies the id of the install point to label.\r\ndescription Adds a description to specified install point.\r\nlabel-name name Adds a description to specified install point.\r\nremove\r\nRemove installed packages.\r\nThe package file is removed from the file system. The remove keyword\r\ncan only be used on packages that are currently inactive.\r\ninactive Removes all inactive packages from the device.\r\nrollback\r\nRollbacks the SMU package to the base version, the last committed\r\nversion, or a known commit ID.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 41 of 79\n\nto base Returns to the base image.\r\ncommitted\r\nReturns to the installation state when the last commit operation was\r\nperformed.\r\nid install-ID\r\nReturns to the specific install point ID.\r\nValid values are from 1 to 4294967295.\r\nCommand Default\r\nPackages are not installed.\r\nCommand Modes\r\nPrivileged EXEC (#)\r\nCommand History\r\nRelease Modification\r\nCisco IOS XE Everest 16.6.1 This command was introduced.\r\nUsage Guidelines\r\nAn SMU is a package that can be installed on a system to provide a patch fix or security resolution to a released\r\nimage. This package contain a minimal set of files for patching the release along with some metadata that\r\ndescribes the contents of the package.\r\nPackages must be added prior to activating the SMU.\r\nA package must be deactivated, before it is removed from the device.\r\nExamples\r\nThe following example shows how to add an install package on a device:\r\nDevice# install add file tftp://172.16.0.1//tftpboot/folder1/isr4300-\r\nuniversalk9.2017-01-10_13.15.1.CSCxxx.SSA.dmp.bin\r\ninstall_add: START Sun Feb 26 05:57:04 UTC 2017\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 42 of 79\n\nDownloading file tftp://172.16.0.1//tftpboot/folder1/isr4300-universalk9.2017-01-10_13.15.1.\r\nCSCvb12345.SSA.dmp.bin\r\nFinished downloading file tftp://172.16.0.1//tftpboot/folder1/isr4300-universalk9.2017-01-10_13.15.1.\r\nCSCvb12345.SSA.dmp.bin to bootflash:isr4300-universalk9.2017-01-10_13.15.1.CSCvb12345.SSA.dmp.bin\r\nSUCCESS: install_add /bootflash/isr4300-universalk9.2017-01-10_13.15.1.CSCvb12345.SSA.dmp.bin\r\nSun Feb 26 05:57:22 UTC 2017\r\nThe following example shows how to activate an install package:\r\nDevice# install activate file bootflash:isr4300-universalk9.2017-01-10_13.15.1.\r\nCSCxxx.SSA.dmp.bin\r\ninstall_activate: START Sun Feb 26 05:58:41 UTC 2017\r\nDMP package.\r\nNetconf processes stopped\r\nSUCCESS: install_activate /bootflash/isr4300-universalk9.2017-01-10_13.15.1.CSCvb12345.SSA.dmp.bin\r\nSun Feb 26 05:58:58 UTC 2017\r\n*Feb 26 05:58:47.655: %DMI-4-CONTROL_SOCKET_CLOSED: SIP0: nesd:\r\nConfd control socket closed Lost connection to ConfD (45): EOF on socket to ConfD.\r\n*Feb 26 05:58:47.661: %DMI-4-SUB_READ_FAIL: SIP0: vtyserverutild:\r\nConfd subscription socket read failed Lost connection to ConfD (45):\r\nEOF on socket to ConfD.\r\n*Feb 26 05:58:47.667: %DMI-4-CONTROL_SOCKET_CLOSED: SIP0: syncfd:\r\nConfd control socket closed Lost connection to ConfD (45): EOF on socket to ConfD.\r\n*Feb 26 05:59:43.269: %DMI-5-SYNC_START: SIP0: syncfd:\r\nExternal change to running configuration detected.\r\nThe running configuration will be synchronized to the NETCONF running data store.\r\n*Feb 26 05:59:44.624: %DMI-5-SYNC_COMPLETE: SIP0: syncfd:\r\nThe running configuration has been synchronized to the NETCONF running data store.\r\nThe following example shows how to commit an installed package:\r\nDevice# install commit\r\ninstall_commit: START Sun Feb 26 06:46:48 UTC 2017\r\nSUCCESS: install_commit Sun Feb 26 06:46:52 UTC 2017\r\nThe following example shows how to rollback to the base SMU package:\r\nDevice# install rollback to base\r\ninstall_rollback: START Sun Feb 26 06:50:29 UTC 2017\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 43 of 79\n\n7 install_rollback: Restarting impacted processes to take effect\r\n7 install_rollback: restarting confd\r\n*Feb 26 06:50:34.957: %DMI-4-CONTROL_SOCKET_CLOSED: SIP0: syncfd:\r\nConfd control socket closed Lost connection to ConfD (45): EOF on socket to ConfD.\r\n*Feb 26 06:50:34.962: %DMI-4-CONTROL_SOCKET_CLOSED: SIP0: nesd:\r\nConfd control socket closed Lost connection to ConfD (45): EOF on socket to ConfD.\r\n*Feb 26 06:50:34.963: %DMI-4-SUB_READ_FAIL: SIP0: vtyserverutild:\r\nConfd subscription socket read failed Lost connection to ConfD (45):\r\nEOF on socket to ConfD.Netconf processes stopped\r\n7 install_rollback: DMP activate complete\r\nSUCCESS: install_rollback Sun Feb 26 06:50:41 UTC 2017\r\n*Feb 26 06:51:28.901: %DMI-5-SYNC_START: SIP0: syncfd:\r\nExternal change to running configuration detected.\r\nThe running configuration will be synchronized to the NETCONF running data store.\r\n*Feb 26 06:51:30.339: %DMI-5-SYNC_COMPLETE: SIP0: syncfd:\r\nThe running configuration has been synchronized to the NETCONF running data store.\r\nRelated Commands\r\nCommand Description\r\nshow install Displays information about install packages.\r\ninternational\r\nIf you are using Telnet to access a Cisco IOS platform and you want to display 8-bit and multibyte international\r\ncharacters (for example, Kanji) and print the Escape character as a single character instead of as the caret and\r\nbracket symbols (^[), use the international command in line configuration mode. To display characters in 7-bit\r\nformat, use the no form of this command.\r\ninternational\r\nno international\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nDisabled\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 44 of 79\n\nCommand Modes\r\nLine configuration\r\nCommand History\r\nRelease Modification\r\n11.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nIf you are configuring a Cisco IOS platform using the Cisco web browser user interface (UI), this function is\r\nenabled automatically when you enable the Cisco web browser UI using the ip http server global configuration\r\ncommand.\r\nExamples\r\nThe following example enables a Cisco IOS platform to display 8-bit and multibyte characters and print the\r\nEscape character as a single character instead of as the caret and bracket symbols (^[) when you are using Telnet\r\nto access the platform:\r\nline vty 4\r\n international\r\nRelated Commands\r\nCommand Description\r\nterminal\r\ninternational\r\nPrints the Escape character as a single character instead of as the caret and bracket symbols\r\n(^[) for a current Telnet session in instances when you are using Telnet to access a Cisco\r\nIOS platform and you want to display 8-bit and multibyte international characters (for\r\nexample, Kanji).\r\nip bootp server\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 45 of 79\n\nTo enable the Bootstrap Protocol (BOOTP) service on your routing device, use the ip bootp server command in\r\nglobal configuration mode. To disable BOOTP services, use the no form of the command.\r\nip bootp server\r\nno ip bootp server\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nEnabled\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n11.2 This command was introduced.\r\n12.0(1)T\r\nThe DHCP relay agent and DHCP server features were introduced. BOOTP forwarding is\r\nnow handled by the DHCP relay agent implementation.\r\n12.2(8)T The ip dhcp bootp ignore command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nBy default, the BOOTP service is enabled. When disabled, the no ip bootp server command will appear in the\r\nconfiguration file.\r\nThe integrated Dynamic Host Configuration Protocol (DHCP) server was introduced in Cisco IOS Release\r\n12.0(1)T. Because DHCP is based on BOOTP, both of these services share the “well-known” UDP server port of\r\n67 (per RFC 951, RFC 1534, and RFC 2131; the client port is 68). To disable DHCP services (DHCP relay and\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 46 of 79\n\nDHCP server), use the no service dhcp command. To disable BOOTP services (in releases 12.2(8)T and later), but\r\nleave DHCP services enabled, use the ip dhcp bootp ignore command.\r\nIf both the BOOTP server and DHCP server are disabled, “ICMP port unreachable” messages will be sent in\r\nresponse to incoming requests on port 67, and the original incoming packet will be discarded. If DHCP is enabled,\r\nusing the no ip bootp server command by itself will not stop the router from listening on UDP port 67.\r\nNote\r\nAs with all minor services, the async line BOOTP service should be disabled on your system if you\r\ndo not have a need for it in your network. Any network device that has User Data Protocol (UDP),\r\nTCP, BOOTP, DHCP, or Finger services should be protected by a firewall or have the services\r\ndisabled to protect against Denial of Service attacks.\r\nExamples\r\nIn the following example, BOOTP and DHCP services are disabled on the router:\r\nRouter(config)# no ip bootp server\r\n \r\nRouter(config)# no service dhcp\r\nRelated Commands\r\nCommand Description\r\nip dhcp bootp\r\nignore\r\nConfigures the Cisco IOS DHCP server to selectively ignore and not reply to received\r\nBootstrap Protocol (BOOTP) request packets, allowing you continue using DHCP while\r\ndisabling BOOTP.\r\nservice dhcp\r\nEnables the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server and relay\r\nagent features.\r\nip finger\r\nTo configure a system to accept Finger protocol requests (defined in RFC 742), use the ip finger command in\r\nglobal configuration mode. To disable this service, use the no form of this command.\r\nip finger [rfc-compliant]\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 47 of 79\n\nno ip finger\r\nSyntax Description\r\nrfc-compliant(Optional) Configures the system to wait for “Return” or “/W” input when processing Finger\r\nrequests. This keyword should not be used for those systems.\r\nCommand Default\r\nDisabled\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n11.3 This command was introduced.\r\n12.1(5), 12.1(5)T This command was changed from being enabled by default to being disabled by default.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe Finger service allows remote users to view the output equivalent to the show users [wide ] command.\r\nWhen ip finger is configured, the router will respond to a telnet a.b.c.d finger command from a remote host by\r\nimmediately displaying the output of the show users command and then closing the connection.\r\nWhen the ip finger rfc-compliant command is configured, the router will wait for input before displaying anything\r\n(as required by RFC 1288). The remote user can then enter the Return key to display the output of the show users\r\nEXEC command, or enter /W to display the output of the show users wide EXEC command. After this\r\ninformation is displayed, the connection is closed.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 48 of 79\n\nNote As with all minor services, the Finger service should be disabled on your system if you do not have a\r\nneed for it in your network. Any network device that has UDP, TCP, BOOTP, or Finger services\r\nshould be protected by a firewall or have the services disabled to protect against Denial of Service\r\nattacks.\r\nBecause of the potential for hung lines, the rfc-compliant form of this command should not be configured for\r\ndevices with more than 20 simultaneous users.\r\nExamples\r\nThe following example disables the Finger protocol:\r\nRouter(config)# no ip finger\r\nip ftp passive\r\nTo configure the router to use only passive FTP connections, use the ip ftp passive command in global\r\nconfiguration mode . To allow all types of FTP connections, use the no form of this command.\r\nip ftp passive\r\nno ip ftp passive\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nAll types of FTP connections are allowed.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 49 of 79\n\nRelease Modification\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nExamples\r\nIn the following example, the router is configured to use only passive FTP connections:\r\nRouter(config)# ip ftp passive\r\n \r\nRelated Commands\r\nCommand Description\r\nip ftp password Specifies the password to be used for FTP connections.\r\nip ftp source-interface Specifies the source IP address for FTP connections.\r\nip ftp username Configures the username for FTP connections.\r\nip ftp password\r\nTo specify the password to be used for File Transfer Protocol (FTP) connections, use the ip ftp password\r\ncommand in global configuration mode. To return the password to its default, use the no form of this command.\r\nip ftp password [type] password\r\nno ip ftp password\r\nSyntax Description\r\ntype\r\n(Optional) Type of encryption to use on the password. A value of 0 disables encryption. A value\r\nof 7 indicates proprietary encryption.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 50 of 79\n\npassword Password to use for FTP connections.\r\nCommand Default\r\nThe router forms a password username @routername .domain . The variable username is the username associated\r\nwith the current session, routername is the configured host name, and domain is the domain of the router.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nNote\r\nAny software that supports RFC1738 does not allow user name, path, or filename with pattern %xy,\r\nwhere (where x and y are any two hexa values 0-f, 0-F)\r\nExamples\r\nThe following example configures the router to use the username “red” and the password “blue” for FTP\r\nconnections:\r\nRouter(config)# ip ftp username red\r\n \r\nRouter(config)# ip ftp password blue\r\n \r\nRelated Commands\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 51 of 79\n\nCommand Description\r\nip ftp password Specifies the password to be used for FTP connections.\r\nip ftp source-interface Specifies the source IP address for FTP connections.\r\nip ftp username Configures the username for FTP connections.\r\nip ftp source-interface\r\nTo specify the source IP address for File Transfer Protocol (FTP) connections, use the ip ftp source-interface\r\ncommand in global configuration mode. To use the address of the interface where the connection is made, use the\r\nno form of this command.\r\nip ftp source-interface interface-type interface-number\r\nno ip ftp source-interface\r\nSyntax Description\r\ninterface-type interface-numberThe interface type and number to use to obtain the source address for FTP\r\nconnections.\r\nCommand Default\r\nThe FTP source address is the IP address of the interface that the FTP packets use to leave the router.\r\nCommand Modes\r\nGlobal configuration (config)\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 52 of 79\n\nRelease Modification\r\n12.3(6)\r\nDestination address lookup in a Virtual Private Network (VPN) routing and forwarding\r\n(VRF) table was added for the transfer of FTP packets.\r\n12.3(8)T This command was integrated into Cisco IOS Release 12.3(8)T.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nUse this command to set the same source address for all FTP connections.\r\nIn Cisco IOS 12.3(6) and later releases, FTP is VRF-aware, which means that FTP transfer is supported across an\r\ninterface within a VRF instance. To specify a VRF as a source for FTP connections, the VRF must be associated\r\nwith the same interface that you configure with the ip ftp source-interface command. In this configuration, FTP\r\nlooks for the destination IP address for file transfer in the specified VRF table. If the specified source interface is\r\nnot up, Cisco IOS software selects the address of the interface closest to the destination as the source address.\r\nExamples\r\nThe following example shows how to configure the router to use the IP address associated with Ethernet interface\r\n0 as the source address on all FTP packets, regardless of which interface is actually used to send the packet:\r\nRouter\u003e enable\r\nRouter# configure terminal\r\nRouter(config)# ip ftp source-interface ethernet 0\r\nThe following example shows how to configure the router to use the VRF table named vpn1 to look for the\r\ndestination IP address for the transfer of FTP packets:\r\nRouter# configure terminal\r\nRouter(config)# ip ftp source-interface ethernet 0\r\nRouter(config)# ip vrf vpn1\r\nRouter(config-vrf)# rd 200:1\r\nRouter(config-vrf)# route-target both 200:1\r\nRouter(config-vrf)# interface ethernet 0\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 53 of 79\n\nRouter(config-if)# ip vrf forwarding vpn1\r\nRouter(config-if)# end\r\nRelated Commands\r\nCommand Description\r\nip ftp passive Configures the router to use only passive FTP connections.\r\nip ftp password Specifies the password to be used for FTP connections.\r\nip ftp username Configures the username for FTP connections.\r\nip ftp username\r\nTo configure the username for File Transfer Protocol (FTP) connections, use the ip ftp username command in\r\nglobal configuration mode . To configure the router to attempt anonymous FTP, use the no form of this command.\r\nip ftp username username\r\nno ip ftp username\r\nSyntax Description\r\nusername Username for FTP connections.\r\nCommand Default\r\nThe Cisco IOS software attempts an anonymous FTP.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 54 of 79\n\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe remote username must be associated with an account on the destination server.\r\nExamples\r\nIn the following example, the router is configured to use the username “red” and the password “blue” for FTP\r\nconnections:\r\nRouter(config)# ip ftp username red\r\n \r\nRouter(config)# ip ftp password blue\r\n \r\nRelated Commands\r\nCommand Description\r\nip ftp passive Configures the router to use only passive FTP connections.\r\nip ftp password Specifies the password to be used for FTP connections.\r\nip ftp source-interface Specifies the source IP address for FTP connections.\r\nip rarp-server\r\nTo enable the router to act as a Reverse Address Resolution Protocol (RARP) server, use the ip rarp-server\r\ncommand in interface configuration mode. To restore the interface to the default of no RARP server support, use\r\nthe no form of this command.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 55 of 79\n\nip rarp-server ip-address\r\nno ip rarp-server ip-address\r\nSyntax Description\r\nip-address\r\nIP address that is to be provided in the source protocol address field of the RARP response\r\npacket. Normally, this is set to whatever address you configure as the primary address for the\r\ninterface.\r\nCommand Default\r\nDisabled\r\nCommand Modes\r\nInterface configuration\r\nCommand History\r\nRelease Modification\r\n10.0 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThis feature makes diskless booting of clients possible between network subnets where the client and server are on\r\nseparate subnets.\r\nRARP server support is configurable on a per-interface basis, so that the router does not interfere with RARP\r\ntraffic on subnets that need no RARP assistance.\r\nThe Cisco IOS software answers incoming RARP requests only if both of the following two conditions are met:\r\nThe ip rarp-server command has been configured for the interface on which the request was received.\r\nA static entry is found in the IP ARP table that maps the MAC address contained in the RARP request to an\r\nIP address.\r\nUse the show ip arp EXEC command to display the contents of the IP ARP cache.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 56 of 79\n\nSun Microsystems, Inc. makes use of RARP and UDP-based network services to facilitate network-based booting\r\nof SunOS on it’s workstations. By bridging RARP packets and using both the ip helper-address interface\r\nconfiguration command and the ip forward-protocol global configuration command, the Cisco IOS software\r\nshould be able to perform the necessary packet switching to enable booting of Sun workstations across subnets.\r\nUnfortunately, some Sun workstations assume that the sender of the RARP response, in this case the router, is the\r\nhost that the client can contact to TFTP load the bootstrap image. This causes the workstations to fail to boot.\r\nBy using the ip rarp-server command, the Cisco IOS software can be configured to answer these RARP requests,\r\nand the client machine should be able to reach its server by having its TFTP requests forwarded through the router\r\nthat acts as the RARP server.\r\nIn the case of RARP responses to Sun workstations attempting to diskless boot, the IP address specified in the ip\r\nrarp-server interface configuration command should be the IP address of the TFTP server. In addition to\r\nconfiguring RARP service, the Cisco IOS software must be configured to forward UDP-based Sun portmapper\r\nrequests to completely support diskless booting of Sun workstations. This can be accomplished using\r\nconfiguration commands of the following form:\r\nip forward-protocol udp 111\r\ninterface\r\ninterface name\r\nip helper-address\r\ntarget-address\r\nRFC 903 documents the RARP.\r\nExamples\r\nThe following partial example configures a router to act as a RARP server. The router is configured to use the\r\nprimary address of the specified interface in its RARP responses.\r\narp 172.30.2.5 0800.2002.ff5b arpa\r\ninterface ethernet 0\r\nip address 172.30.3.100 255.255.255.0\r\nip rarp-server 172.30.3.100\r\nIn the following example, a router is configured to act as a RARP server, with TFTP and portmapper requests\r\nforwarded to the Sun server:\r\n! Allow the router to forward broadcast portmapper requests\r\nip forward-protocol udp 111\r\n! Provide the router with the IP address of the diskless sun\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 57 of 79\n\narp 172.30.2.5 0800.2002.ff5b arpa\r\ninterface ethernet 0\r\n! Configure the router to act as a RARP server, using the Sun Server's IP\r\n! address in the RARP response packet.\r\nip rarp-server 172.30.3.100\r\n! Portmapper broadcasts from this interface are sent to the Sun Server.\r\nip helper-address 172.30.3.100\r\nRelated Commands\r\nCommand Description\r\nip forward-protocol Speeds up flooding of UDP datagrams using the spanning-tree algorithm.\r\nip helper-address Forwards UDP broadcasts, including BOOTP, received on an interface.\r\nip rcmd domain-lookup\r\nTo reena ble the basic Domain Name Service (DNS) security check for rcp and rsh, use the ip rcmd domain-lookup command in global configuration mode. T o disable the basic DNS security check for remote copy\r\nprotocol (rcp) and remote shell protoco (rsh), use the no form of this command.\r\nip rcmd domain-lookup\r\nno ip rcmd domain-lookup\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nEnabled\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 58 of 79\n\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe abbreviation RCMD (remote command) is used to indicate both rsh and rcp.\r\nDNS lookup for RCMD is enabled by default (provided general DNS services are enabled on the system using the\r\nip domain-lookup command).\r\nThe no ip rcmd domain-lookup command is used to disable the DNS lookup for RCMD. The ip rcmd domain-lookup command is used to reenable the DNS lookup for RCMD.\r\nDNS lookup for RCMD is performed as a basic security check. This check is performed using a host\r\nauthentication process. When enabled, the system records the address of the requesting client. That address is\r\nmapped to a host name using DNS. Then a DNS request is made for the IP address for that host name. The IP\r\naddress received is then checked against the original requesting address. If the address does not match with any of\r\nthe addresses received from DNS, the RCMD request will not be serviced.\r\nThis reverse lookup is intended to help protect against spoofing. However, please note that the process only\r\nconfirms that the IP address is a valid “routable” address; it is still possible for a hacker to spoof the valid IP\r\naddress of a known host.\r\nThe DNS lookup is done after the TCP handshake but before the router (which is acting as a rsh/rcp server) sends\r\nany data to the remote client.\r\nThe no ip rcmd domain-lookup will turn off DNS lookups for rsh and rcp only. The no ip domain-lookup\r\ncommand takes precedence over the ip rcmd domain-lookup command. This means that if the no ip domain-lookup command is in the current configuration, DNS will be bypassed for rcp and rsh even if the ip rcmd\r\ndomain-lookup command is enabled.\r\nExamples\r\nIn the following example, the DNS security check is disabled for RCMD (rsh/rcp):\r\nRouter(config)# no ip rcmd domain-lookup\r\nRelated Commands\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 59 of 79\n\nCommand Description\r\nip domain-lookup Enables the IP DNS-based host name-to-address translation.\r\nip rcmd rcp-enable\r\nTo configure the Cisco IOS software to allow remote users to copy files to and from the router using remote copy\r\nprotocol (rcp), use the ip rcmd rcp-enable command in global configuration mode. To disable rcp on the device,\r\nuse the no form of this command.\r\nip rcmd rcp-enable\r\nno ip rcmd rcp-enable\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nCommand Default\r\nTo ensure security, the router is not enabled for rcp by default.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nTo allow a remote user to execute rcp commands on the router, you must also create an entry for the remote user\r\nin the local authentication database using the ip rcmd remote-host command.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 60 of 79\n\nThe no ip rcmd rcp-enable command does not prohibit a local user from using rcp to copy system images and\r\nconfiguration files to and from the router.\r\nTo protect against unauthorized users copying the system image or configuration files, the router is not enabled for\r\nrcp by default.\r\nExamples\r\nIn the following example, the rcp service is enabled on the system, the IP address assigned to the Loopback0\r\ninterface is used as the source address for outbound rcp and rsh packets, and access is granted to the user\r\n“netadmin3”on the remote host 172.16.101.101:\r\nRouter(config)# ip rcmd rcp-enable\r\n \r\nRouter(config)# ip rcmd source-interface Loopback0\r\n \r\nRouter(config)# ip rcmd remote-host router1 172.16.101.101 netadmin3\r\nRelated Commands\r\nCommand Description\r\nip rcmd remote-hostCreates an entry for the remote user in a local authentication database so that remote users\r\ncan execute commands on the router using rsh or rcp.\r\nip rcmd remote-host\r\nTo create an entry for the remote user in a local authentication database so that remote users can execute\r\ncommands on the router using remote shell protocol (rsh) or remote copy protocol (rcp), use the ip rcmd remote-host command in global configuration mode. To remove an entry for a remote user from the local authentication\r\ndatabase, use the no form of this command.\r\nip rcmd remote-host local-username {ip-address | host-name} remote-username [enable [level] ]\r\nno ip rcmd remote-host local-username {ip-address | host-name} remote-username [enable [level] ]\r\nSyntax Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 61 of 79\n\nlocal-username\r\nName of the user on the local router. You can specify the router name as the username. This\r\nname needs to be communicated to the network administrator or to the user on the remote\r\nsystem. To be allowed to remotely execute commands on the router, the remote user must\r\nspecify this value correctly.\r\nip-address\r\nIP address of the remote host from which the local router will accept remotely executed\r\ncommands. Either the IP address or the host name is required.\r\nhost-name\r\nName of the remote host from which the local router will accept remotely executed commands.\r\nEither the host name or the IP address is required.\r\nremote-usernameName of the user on the remote host from which the router will accept remotely executed\r\ncommands.\r\nenable\r\n[level ]\r\n(Optional) Enables the remote user to execute privileged EXEC commands using rsh or to\r\ncopy files to the router using rcp. The range is from 1 to 15. The default is 15. For information\r\non the enable level, refer to the privilege level global configuration command in the Release\r\n12.2 Cisco IOS Security Command Reference.\r\nCommand Default\r\nNo entries are in the local authentication database.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 62 of 79\n\nUsage Guidelines\r\nA TCP connection to a router is established using an IP address. Using the host name is valid only when you are\r\ninitiating an rcp or rsh command from a local router. The host name is converted to an IP address using DNS or\r\nhost-name aliasing.\r\nTo allow a remote user to execute rcp or rsh commands on a local router, you must create an entry for the remote\r\nuser in the local authentication database. You must also enable the router to act as an rsh or rcp server.\r\nTo enable the router to act as an rsh server, issue the ip rcmd rsh-enable command. To enable the router to act as\r\nan rcp server, issue the ip rcmd rcp-enable command.The router cannot act as a server for either of these protocols\r\nunless you explicitly enable the capacity.\r\nA local authentication database, which is similar to a UNIX .rhosts file, is used to enforce security on the router\r\nthrough access control. Each entry that you configure in the authentication database identifies the local user, the\r\nremote host, and the remote user. To permit a remote user of rsh to execute commands in privileged EXEC mode\r\nor to permit a remote user of rcp to copy files to the router, specify the enable keyword and level. For information\r\non the enable level, refer to the privilege level global configuration command in the Release 12.2 Cisco IOS\r\nSecurity Command Reference.\r\nAn entry that you configure in the authentication database differs from an entry in a UNIX .rhosts file in the\r\nfollowing aspect. Because the .rhosts file on a UNIX system resides in the home directory of a local user account,\r\nan entry in a UNIX .rhosts file need not include the local username; the local username is determined from the\r\nuser account. To provide equivalent support on a router, specify the local username along with the remote host and\r\nremote username in each authentication database entry that you configure.\r\nFor a remote user to be able to execute commands on the router in its capacity as a server, the local username, host\r\naddress or name, and remote username sent with the remote client request must match values configured in an\r\nentry in the local authentication file.\r\nA remote client host should be registered with DNS. The Cisco IOS software uses DNS to authenticate the remote\r\nhost’s name and address. Because DNS can return several valid IP addresses for a host name, the Cisco IOS\r\nsoftware checks the address of the requesting client against all of the IP addresses for the named host returned by\r\nDNS. If the address sent by the requester is considered invalid, that is, it does not match any address listed with\r\nDNS for the host name, then the software will reject the remote-command execution request.\r\nNote that if no DNS servers are configured for the router, then that device cannot authenticate the host in this\r\nmanner. In this case, the Cisco IOS software sends a broadcast request to attempt to gain access to DNS services\r\non another server. If DNS services are not available, you must use the no ip domain-lookup command to disable\r\nthe attempt to gain access to a DNS server by sending a broadcast request.\r\nIf DNS services are not available and, therefore, you bypass the DNS security check, the software will accept the\r\nrequest to remotely execute a command only if all three values sent with the request match exactly the values\r\nconfigured for an entry in the local authentication file.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 63 of 79\n\nExamples\r\nThe following example allows the remote user named netadmin3 on a remote host with the IP address\r\n172.16.101.101 to execute commands on router1 using the rsh or rcp protocol. User netadmin3 is allowed to\r\nexecute commands in privileged EXEC mode.\r\nRouter(config)# ip rcmd remote-host router1 172.16.101.101 netadmin3 enable\r\nRelated Commands\r\nCommand Description\r\nip rcmd rcp-enableConfigures the Cisco IOS software to allow remote users to copy files to and from the\r\nrouter.\r\nip domain-lookup Enables the IP DNS-based host name-to-address translation.\r\nip rcmd rsh-enableConfigures the router to allow remote users to execute commands on it using the rsh\r\nprotocol.\r\nip rcmd remote-username\r\nTo configure the remote username to be used when requesting a remote copy using remote copy protocol (rcp),\r\nuse the ip rcmd remote-username command in global configuration mode . To remove from the configuration the\r\nremote username, use the no form of this command.\r\nip rcmd remote-username username\r\nno ip rcmd remote-username username\r\nSyntax Description\r\nusername\r\nName of the remote user on the server. This name is used for rcp copy requests. All files and\r\nimages to be copied are searched for or written relative to the directory of the remote user’s\r\naccount, if the server has a directory structure, for example, as do UNIX systems.\r\nCommand Default\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 64 of 79\n\nIf you do not issue this command, the Cisco IOS software sends the remote username associated with the current\r\ntty process, if that name is valid, for rcp copy commands. For example, if the user is connected to the router\r\nthrough Telnet and the user was authenticated through the username command, then the software sends that\r\nusername as the remote username.\r\nNote\r\nThe remote username must be associated with an account on the destination server.\r\nIf the username for the current tty process is not valid, the Cisco IOS software sends the host name as the remote\r\nusername. For rcp boot commands, the Cisco IOS software sends the access server host name by default.\r\nNote\r\nFor Cisco, tty lines are commonly used for access services. The concept of tty originated with UNIX.\r\nFor UNIX systems, each physical device is represented in the file system. Terminals are called tty\r\ndevices (tty stands for teletype, the original UNIX terminal).\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nThe rcp protocol requires that a client send the remote username on an rcp request to the server. Use this command\r\nto specify the remote username to be sent to the server for an rcp copy request. If the server has a directory\r\nstructure, as do UNIX systems, all files and images to be copied are searched for or written relative to the\r\ndirectory of the remote user’s account.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 65 of 79\n\nNote Cisco IOS Release 10.3 added the ip keyword to rcmd commands. If you are upgrading from Release\r\n10.2 to Release 10.3 or a later release, this keyword is automatically added to any rcmd commands\r\nyou have in your Release 10.2 configuration files.\r\nExamples\r\nThe following example configures the remote username to netadmin1:\r\nRouter(config)# ip rcmd remote-username netadmin1\r\n \r\nRelated Commands\r\nCommand Description\r\nboot network\r\nrcp\r\nChanges the default name of the network configuration file from which to load\r\nconfiguration commands.\r\nboot system rcp Specifies the system image that the router loads at startup.\r\nbridge acquire Forwards any frames for stations that the system has learned about dynamically.\r\ncopy Copies any file from a source to a destination.\r\nip rcmd rsh-enable\r\nTo configure the router to allow remote users to execute commands on it using remote shell protocol (rsh), use the\r\nip rcmd rsh-enable command in global configuration mode. To disable a router that is enabled for rsh, use the no\r\nform of this command.\r\nip rcmd rsh-enable\r\nno ip rcmd rsh-enable\r\nSyntax Description\r\nThis command has no arguments or keywords.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 66 of 79\n\nCommand Default\r\nTo ensure security, the router is not enabled for rsh by default.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n10.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nrsh, used as a client process, gives users the ability to remotely get router information (such as status) without the\r\nneed to connect into the router and then disconnect. This is valuable when looking at many statistics on many\r\ndifferent routers.\r\nUse this command to enable the router to receive rsh requests from remote users. In addition to issuing this\r\ncommand, you must create an entry for the remote user in the local authentication database to allow a remote user\r\nto execute rsh commands on the router.\r\nThe no ip rcmd rsh-enable command does not prohibit a local user of the router from executing a command on\r\nother routers and UNIX hosts on the network using rsh. The no form of this command only disables remote access\r\nto rsh on the router.\r\nExamples\r\nThe following example enables a router as an rsh server:\r\nRouter(config)# ip rcmd rsh-enable\r\n \r\nRelated Commands\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 67 of 79\n\nCommand Description\r\nip rcmd remote-hostCreates an entry for the remote user in a local authentication database so that remote users\r\ncan execute commands on the router using rsh or rcp.\r\nip rcmd source-interface\r\nTo force remote copy protocol (rcp) or remote shell protocol (rsh) to use the IP address of a specified interface for\r\nall outgoing rcp/rsh communication packets, use the ip rcmd source-interface command in global configuration\r\nmode. To disable a previously configured ip rcmd source-interface command, use the no form of this command.\r\nip rcmd source-interface interface-id\r\nno ip rcmd source-interface interface-id\r\nSyntax Description\r\ninterface-id The name and number used to identify the interface. For example, Loopback2.\r\nCommand Default\r\nThe address of the interface closest to the destination is used as the source interface for rcp/rsh communications.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n11.3 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 68 of 79\n\nIf this command is not used, or if the interface specified in this command is not available (not up), the Cisco IOS\r\nsoftware uses the address of the interface closest to the destination as the source address.\r\nUse this command to force the system to tag all outgoing rcp/rsh packets with the IP address associated with the\r\nspecified interface. This address is used as the source address as long as the interface is in the up state.\r\nThis command is especially useful in cases where the router has many interfaces, and you want to ensure that all\r\nrcp and/or rsh packets from this router have the same source IP address. A consistent address is preferred so that\r\nthe other end of the connection (the rcp/rsh server or client) can maintain a single session. The other benefit of a\r\nconsistent address is that an access list can be configured on the remote device.\r\nThe specified interface must have an IP address associated with it. If the specified interface does not have an IP\r\naddress or is in a down state, then rcp/rsh reverts to the default. To avoid this, add an IP address to the subinterface\r\nor bring the interface to the up state.\r\nExamples\r\nIn the following example, Loopback interface 0 is assigned an IP address of 220.144.159.200, and the ip rcmd\r\nsource-interface command is used to specify that the source IP address for all rcp/rsh packets will be the IP\r\naddress assigned to the Loopback0 interface:\r\ninterface Loopback0\r\ndescription Loopback interface\r\nip address 220.144.159.200 255.255.255.255\r\nno ip directed-broadcast\r\n!\r\n.\r\n.\r\n.\r\nclock timezone GMT 0\r\nip subnet-zero\r\nno ip source-route\r\nno ip finger\r\nip rcmd source-interface Loopback0\r\nip telnet source-interface Loopback0\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 69 of 79\n\nip tftp source-interface Loopback0\r\nip ftp source-interface Loopback0\r\nip ftp username cisco\r\nip ftp password shhhhsecret\r\nno ip bootp server\r\nip domain-name net.galaxy\r\nip name-server 220.144.159.1\r\nip name-server 220.144.159.2\r\nip name-server 219.10.2.1\r\n!\r\n.\r\n.\r\n.\r\nRelated Commands\r\nCommand Description\r\nip rcmd remote-hostCreates an entry for the remote user in a local authentication database so that remote users\r\ncan execute commands on the router using rsh or rcp.\r\nip telnet source-interface\r\nTo specify the IP address of an interface as the source address for Telnet connections, use the ip telnet source-interface command in global configuration mode. To reset the source address to the default for each connection,\r\nuse the no form of this command.\r\nip telnet source-interface interface\r\nno ip telnet source-interface\r\nSyntax Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 70 of 79\n\ninterface The interface whose address is to be used as the source for Telnet connections.\r\nCommand Default\r\nThe address of the closest interface to the destination is the source address.\r\nCommand Modes\r\nGlobal configuration\r\nCommand History\r\nRelease Modification\r\n11.1 This command was introduced.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nUse this command to set the IP address of an interface as the source for all Telnet connections.\r\nIf the specified interface is not up, the Cisco IOS software selects the address of the interface closest to the\r\ndestination as the source address.\r\nExamples\r\nThe following example forces the IP address for Ethernet interface 1 as the source address for Telnet connections :\r\nRouter(config)# ip telnet source-interface Ethernet1\r\nRelated Commands\r\nCommand Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 71 of 79\n\nCommand Description\r\nip radius source-interfaceForces RADIUS to use the IP address of a specified interface for all outgoing\r\nRADIUS packets.\r\nip tftp blocksize\r\nTo negotiate a transfer TFTP blocksize, use the ip tftp blocksize command in global configuration mode. To\r\ndisable this configuration, use the no form of this command.\r\nip tftp blocksize bytes\r\nno ip tftp blocksize\r\nSyntax Description\r\nbytes Size of the TFTP block, in bytes. The range is from 512 to 8192.\r\nCommand Default\r\nThe default TFTP blocksize is 512 bytes.\r\nCommand Modes\r\nGlobal configuration (config)\r\nCommand History\r\nRelease Modification\r\n12.2S This command was introduced for the 12.2S releases.\r\n15.1(1)SG This command was integrated into the 15.1(1)SG releases.\r\nCisco IOS XE Release 3.3SE This command was integrated into the Cisco IOS XE Release 3.3SE releases.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 72 of 79\n\nExamples\r\nThe following example shows how to set a 1024 byte TFTP blocksize:\r\nRouter\u003e enable\r\nRouter# configure terminal\r\nRouter(config)# ip tftp bblocksize 1024\r\nRelated Commands\r\nCommand Description\r\nip tftp min-timeout Specifies the minimum timeout period for retransmission of data.\r\nip tftp boot-interface\r\nTo use an interface for TFTP booting, use the ip tftp boot-interface command in global configuration mode. To\r\ndisable this configuration, use the no form of this command.\r\nip tftp boot-interface type number\r\nno ip tftp boot-interface\r\nSyntax Description\r\ntype The type of the interface to be used. You can choose from a list of interfaces.\r\nnumber\r\nThe related interface number. Each interface has a related range of numbers. For example, the\r\nVirtual Multipoint Interface has a range of interface numbers from 1 to 2147483647.\r\nCommand Default\r\nNo interface is used for TFTP booting.\r\nCommand Modes\r\nGlobal configuration (config)\r\nCommand History\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 73 of 79\n\nRelease Modification\r\n15.0(1)M This command was introduced in a release earlier than Cisco IOS 15.0(1)M.\r\nExamples\r\nThe following example shows how to ensure that an interface is used for TFTP booting:\r\nRouter\u003e enable\r\nRouter# configure terminal\r\nRouter(config)# ip tftp boot-interface\r\nRelated Commands\r\nCommand Description\r\nip tftp min-timeout Specifies the minimum timeout period for retransmission of data.\r\nip tftp min-timeout\r\nTo specify the minimum timeout period for retransmission of data using TFTP, use the ip tftp min-timeout\r\ncommand in global configuration mode. To disable, use the no form of this command.\r\nip tftp min-timeout seconds\r\nno ip tftp min-timeout\r\nSyntax Description\r\nseconds Specifies the timeout value, in seconds. The range is from 4 to 20.\r\nCommand Default\r\nThe default minimum timeout period for retransmission of data is 4 seconds.\r\nCommand Modes\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 74 of 79\n\nGlobal configuration (config)\r\nCommand History\r\nRelease Modification\r\n15.0(1)M This command was introduced in a release earlier than Cisco IOS 15.0(1)M.\r\nExamples\r\nThe following example shows how to specify the minimum timeout period for retransmission of data as 5\r\nseconds:\r\nRouter\u003e enable\r\nRouter# configure terminal\r\nRouter(config)# ip tftp min-timeout 5\r\nRelated Commands\r\nCommand Description\r\nip tftp boot-interface Ensures that an interface is used for TFTP booting.\r\nip tftp source-interface\r\nTo specify the IP address of an interface as the source address for TFTP connections, use the ip tftp source-interface command in global configuration mode. To return to the default, use the no form of this command.\r\nip tftp source-interface interface-type interface-number\r\nno ip tftp source-interface\r\nSyntax Description\r\ninterface-type interface-numberThe interface type and number whose address is to be used as the source for\r\nTFTP connections.\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 75 of 79\n\nCommand Default\r\nThe address of the closest interface to the destination is selected as the source address.\r\nCommand Modes\r\nGlobal configuration (config)\r\nCommand History\r\nRelease Modification\r\n11.1 This command was introduced.\r\n12.3(6)\r\nDestination address lookup in a Virtual Private Network (VPN) routing and forwarding\r\n(VRF) table was added for the transfer of TFTP packets.\r\n12.3(8)T This command was integrated into Cisco IOS Release 12.3(8)T.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nUse this command to set the IP address of an interface as the source for all TFTP connections.\r\nIf the specified interface is not up, the Cisco IOS software selects the address of the interface closest to the\r\ndestination as the source address.\r\nIn Cisco IOS 12.3(6) and later releases, TFTP is VRF-aware, which means that TFTP transfer is supported across\r\nan interface within a Virtual Private Network (VPN) routing and forwarding (VRF) instance. To specify a VRF as\r\na source for TFTP connections, the VRF must be associated with the same interface that you configure with the ip\r\ntftp source-interface command. In this configuration, TFTP looks for the destination IP address for file transfer in\r\nthe specified VRF table.\r\nExamples\r\nThe following example shows how to configure the router to use the IP address associated with loopback interface\r\n0 as the source address for TFTP connections :\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 76 of 79\n\nRouter# configure terminal\r\nRouter(config)# ip tftp source-interface loopback0\r\nThe following example shows how to configure the router to use the VRF table named vpn1 to look for the\r\ndestination IP address for TFTP connections. In this example, file transfer using TFTP is accomplished across an\r\ninterface within a VRF (VRF vpn1) link.\r\nRouter# configure terminal\r\nRouter(config)# ip tftp source-interface ethernet 1/0\r\nRouter(config)# ip vrf vpn1\r\nRouter(config-vrf)# rd 100:1\r\nRouter(config-vrf)# route-target both 100:1\r\nRouter(config-vrf)# interface ethernet 1/0\r\nRouter(config-if)# ip vrf forwarding vpn1\r\nRouter(config-if)# end\r\nRelated Commands\r\nCommand Description\r\nip ftp source-interface\r\nForces outgoing FTP packets to use the IP address of a specified interface as the\r\nsource address.\r\nip radius source-interfaceForces outgoing RADIUS packets to use the IP address of a specified interface as\r\nthe source address.\r\nip wccp web-cache accelerated\r\nTo enable the hardware acceleration for WCCP version 1, use the ip wccp web-cache accelerated command in\r\nglobal configuration mode. To disable hardware acceleration, use the no form of this command.\r\nip wccp web-cache accelerated [ [group-address groupaddress] | [redirect-list access-list] | [group-list access-list] | [password password]]\r\nno ip wccp web-cache accelerated\r\nSyntax Description\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 77 of 79\n\ngroup-address\r\ngroup-address\r\n(Optional) Directs the router to use a specified multicast IP address for communication\r\nwith the WCCP service group. See the “Usage Guidelines” section for additional\r\ninformation.\r\nredirect-list\r\naccess-list\r\n(Optional) Directs the router to use an access list to control traffic that is redirected to this\r\nservice group. See the “Usage Guidelines” section for additional information.\r\ngroup-list\r\naccess-list\r\n(Optional) Directs the router to use an access list to determine which cache engines are\r\nallowed to participate in the service group. See the “Usage Guidelines” section for\r\nadditional information.\r\npassword\r\npassword\r\n(Optional) Specifies a string that directs the router to apply MD5 authentication to\r\nmessages received from the service group specified by the service name given. See the\r\n“Usage Guidelines” section for additional information.\r\nCommand Default\r\nWhen this command is not configured, hardware acceleration for WCCPv1 is not enabled.\r\nCommand Modes\r\nGlobal configuration (config)\r\nCommand History\r\nRelease Modification\r\n12.2(17d)SXB\r\nSupport for this command on the Supervisor Engine 2 was extended to Cisco IOS Release\r\n12.2(17d)SXB.\r\n12.2(18)SXD1 This command was changed to support the Supervisor Engine 720.\r\n12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.\r\nUsage Guidelines\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 78 of 79\n\nThe group-address group-address option requires a multicast address that is used by the router to determine which\r\ncache engine should receive redirected messages. This option instructs the router to use the specified multicast IP\r\naddress to coalesce the “I See You” responses for the “Here I Am” messages that it has received on this group\r\naddress. In addition, the response is sent to the group address. The default is for no group-address to be\r\nconfigured, so that all “Here I Am” messages are responded to with a unicast reply.\r\nThe redirect-list access-list option instructs the router to use an access list to control the traffic that is redirected to\r\nthe cache engines of the service group that is specified by the service-name given. The access-list argument\r\nspecifies either a number from 1 to 99 to represent a standard or extended access list number, or a name to\r\nrepresent a named standard or extended access list. The access list itself specifies the traffic that is permitted to be\r\nredirected. The default is for no redirect-list to be configured (all traffic is redirected).\r\nThe group-list access-list option instructs the router to use an access list to control the cache engines that are\r\nallowed to participate in the specified service group. The access-list argument specifies either a number from 1 to\r\n99 to represent a standard access list number, or a name to represent a named standard access list. The access list\r\nspecifies which cache engines are permitted to participate in the service group. The default is for no group-list to\r\nbe configured, so that all cache engines may participate in the service group.\r\nThe password can be up to seven characters. When you designate a password, the messages that are not accepted\r\nby the authentication are discarded. The password name is combined with the HMAC MD5 value to create\r\nsecurity for the connection between the router and the cache engine.\r\nExamples\r\nThe following example shows how to enable the hardware acceleration for WCCP version 1:\r\nRouter(config)# ip wccp web-cache accelerated\r\nRelated Commands\r\nCommand Description\r\nip wccp version Specifies which version of WCCP to configure on your router.\r\nBack to Top\r\nSource: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nhttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668\r\nPage 79 of 79\n\nThe integrated 12.0(1)T. Because Dynamic Host DHCP is Configuration Protocol based on BOOTP, (DHCP) server both of these services was introduced share the “well-known” in Cisco IOS UDP Release server port of\n67 (per RFC 951, RFC 1534, and RFC 2131; the client port is 68). To disable DHCP services (DHCP relay and\n   Page 46 of 79",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668"
	],
	"report_names": [
		"F_through_K.html#wp2829794668"
	],
	"threat_actors": [
		{
			"id": "2864e40a-f233-4618-ac61-b03760a41cbb",
			"created_at": "2023-12-01T02:02:34.272108Z",
			"updated_at": "2026-04-10T02:00:04.97558Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "ETDA:WildCard",
			"tools": [
				"RustDown",
				"SysJoker"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "256a6a2d-e8a2-4497-b399-628a7fad4b3e",
			"created_at": "2023-11-30T02:00:07.299845Z",
			"updated_at": "2026-04-10T02:00:03.484788Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "MISPGALAXY:WildCard",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434923,
	"ts_updated_at": 1775792121,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2d02ac863d0ae0babe6d0ab502eb25f3dc7d52a5.pdf",
		"text": "https://archive.orkl.eu/2d02ac863d0ae0babe6d0ab502eb25f3dc7d52a5.txt",
		"img": "https://archive.orkl.eu/2d02ac863d0ae0babe6d0ab502eb25f3dc7d52a5.jpg"
	}
}