Cisco IOS XE Catalyst SD-WAN Qualified Command Re

Book Contents Log in
Command References /
Cisco IOS XE Catalyst SD-WAN

Quali7ed Command Reference
Bias-Free Language
Chapter: Global Conguration
Commands
Updated: August 22, 2023
Chapter Contents
clock
cong-transaction
crypto isakmp diagnose error
hostname
line
login authentication
login on-success log
mac address-table aging-time
mac address-table static
memory free low-watermark processor
platform qfp utilization monitor load
platform-resource
sdwan
service password-recovery
service tcp-small-servers
service timestamps
service udp-small-servers
speed
stopbits
transport input
transport output
username
clock
Set the timezone to use on the local device.
clock timezone timezone hours-o.set
Syntax Description
timezone Set the timezone on the device. timezone

timezone is one of the timezones in the tz database
(also called tzdata, the
zoneinfo database, or the IANA timezone
database).
Default: UTC
hours- Hours oset from Coordinated Universal

o.set Time (UTC). Range is from –23 to +23.
Command Default
UTC
Command Modes
Global conguration (cong)
Release Modi4cation
Cisco IOS XE Command qualied for use in

Release 17.2.1v Cisco vManage CLI templates.
Usage Guidelines
For usage guidelines, see the Cisco IOS XE clock
timezone command.
Examples
Device(config)# clock timezone UTC 20
cong-transaction
To enter global conguration mode on a Cisco IOS XE
Catalyst SD-WAN device, use the con4g-transaction
command in privileged EXEC mode.
con4g-transaction
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command Modes
Privileged EXEC (#)
Command History
Release Modi4cation
Catalyst SD-WAN Cisco SD-WAN Manager CLI
Release 17.2.1v templates.
Usage Guidelines
Use this command to enter global conguration mode
on a Cisco IOS XE Catalyst SD-WAN device.
Commands entered in this mode are written to the
running conguration le, but saved in the running
cong after commit.
Example
The following example shows how to enter global
conguration mode from privileged EXEC and set an ip
address for a name server, then commit changes.
Device# config-transaction
Device(config)# ip name-server 10.255.1.
Device(config)# commit
Table 1. Related Commands

Commands Description
commit Submits changes and writes
to memory.
end Cancels and exits out to
privileged EXEC mode.
yes Sends yes.
no Sends no.
cancel Cancels changes.
crypto isakmp diagnose error

To set the count of display errors for Internet Security
Association and Key Management Protocol (ISAKMP),
use the crypto isakmp diagnose error command in
global conguration mode. To remove the ISAKMP
error count, use the no form of this command.
crypto isakmp diagnose error count
no crypto isakmp diagnose error count
Syntax Description
count Sets error counters.
Command Default
ISAKMP error diagnostic is enabled by default.
Command Modes
Command History
Release Modi4cation
Usage Guidelines
IKE is a hybrid protocol that implements the Oakley key
exchange and key exchange inside the framework. IKE
is a key management protocol standard that is used in
conjunction to congure basic VPNs. IPsec can be
congured without IKE, but IKE enhances IPsec by
providing additional features, exibility, and ease of
conguration for the IPsec standard.
Example
The following example shows how to congure the
crypto diagnose error count to 10.
Device(config)# crypto isakmp diagnose e
hostname
To specify or modify the hostname for the network
server, use the hostname command in global
conguration mode.
hostname name
Syntax Description
name New hostname for the network server.
Command Default
The default hostname is Router.
Command Modes
Command History
Release Modi4cation

Usage Guidelines
For usage guidelines, see the Cisco IOS XE hostname
command.
line
To identify a specic line for conguration and enter
line conguration collection mode, use the line
command in global conguration mode. To remove
conguration from a specic line, use the no form of
this command.
line { auto-consolidation | aux | con 0 | range | vty

line-number }
no line { auto-consolidation aux | con 0 | range | vty

line-number }
auto- Enable or disable auto-consolidation

consolidation of terminal lines.
aux (Optional) Auxiliary EIA/TIA-232 DTE

port. Must be addressed as relative
line 0. The auxiliary port can be used
for modem support and
asynchronous connections.
con 0 Console 0 terminal line. The console

port is DCE.
vty Virtual terminal line for remote

console access.
range Range of lines with rst line number

and last line number.
line-number Relative number of the virtual

terminal line (or the rst line in a
contiguous group) that you want to
congure when the line type is
specied. Numbering begins with
zero.
You can either congure a single line
or a range.
Command Default
There is no default line.
Command Modes
Global conguration
Command History
Release Modi4cation

Catalyst SD-WAN Cisco vManage CLI
Cisco IOS XE Additional parameters

Catalyst SD-WAN qualied: auto-consolidation
Release 17.10.1a , aux and range .
Usage Guidelines
For usage guidelines, see the Cisco IOS line
command.
The terminal from which you locally congure the

router is attached to the console port. To congure line
parameters for the console port, enter the following:
line console 0
The following example starts conguration for virtual

terminal lines 0 to 4:
line vty 0 4
The following example conguration shows how to

disable auto-consolidation:
line auto-consolidation
To congure line parameters for the auxiliary port,

enter the following:
line aux 0
The following example starts conguration for a range

of lines:
line range 1 5
login authentication
To enable authentication, authorization, and
accounting (AAA) authentication for logins, use the
login authentication command in line conguration
mode. To return to the default specied by the aaa
authentication login command, use the no form of this
command.
login authentication { default }
no login authentication { default }
Syntax Description
default Uses the default list created with the aaa

authentication login command.
Command Default
Uses the default set with aaa authentication login .
Command Modes
Line conguration (cong-line)
Command History
Release Modi4cation

Release 17.2.1r Cisco vManage CLI templates.
Usage Guidelines
The default option for login authentication

Note command is available only if you enter the line
conguration mode using the line console
command.
For usage guidelines, see the Cisco IOS XE login

authentication command.
The following example species that the default AAA

authentication is to be used on the line:
line con 0
login authentication default
login on-success log

To generate a syslog message for successful login
attempts, use the login on-success log command in
global conguration mode. To remove the syslog
setting, use the no form of this command.
login on-success log [ every | number ]
no login on-success log [ every | number ]
Syntax Description
every Optional command.

number The number of successful login attempts.
The range is from 0 to 65535.
Command Default
Every successful login attempt is logged.
Command Modes
Command History
Release Modi4cation
Usage Guidelines
Use the login on-success log command to generate a
syslog message on every successful login attempt, or
on any number of successful logins attempts up to
65535.
Example
The following example shows how to congure the
syslog message to log every 10th successful login
attempt.
Device(config)# login on-success log eve
Table 2. Related Commands

Commands Description
login on-success log Logs every successful
login.
mac address-table aging-time

To congure the maximum aging time for entries in the
Layer 2 table, use the mac address-tableaging-time
command in global conguration mode. To reset
maximum aging time to the default setting, use the no
form of this command.
mac address-table aging-time seconds
no mac-address-table aging-time seconds
Syntax Description
seconds MAC address table entry maximum age.

Aging time is counted from the last time
that the switch detected the MAC address.
The default value is 300 seconds.
Command Default
The default aging time is 300 seconds.
Command Modes
Command History
Release Modi4cation

Usage Guidelines
The aging time entry will take the specied value. Valid
entries are from 10 to 1000000 seconds.
This command cannot be disabled.
The following example shows how to congure aging

time to 300 seconds:
mac address-table aging-time 300
mac address-table static

To add static entries to the MAC address table or to
disable Internet Group Multicast Protocol (IGMP)
snooping for a particular static multicast MAC address,
use the mac address-table static command in global
conguration mode. To remove entries proled by the
combination of specied entry information, use the no
mac address-table static mac-address vlan vlan-id

interface type slot / port
no mac-address-table static mac-address vlan

vlan-id interface type slot/port
Syntax Description
mac- Address to add to the MAC address

aadress table.
vlan Species the VLAN associated with the

vlan-id MAC address entry. The range is from 2
to 100.
interface Species the interface type and the slot

type and port to be congured.
slot/port On the Catalyst switches, thetype and
or number arguments should specify the
interface interface type and the slot / port or slot /
type subslot / port numbers (for example,
number interface pos 5/0 or interface ATM
8/0/1).
Command Default
Static entries are not added to the MAC address table.
Command Modes
Command History
Release Modi4cation
Cisco IOS XE Catalyst Command qualied for use

SD-WAN Release in Cisco vManage CLI
17.4.1a templates.
Usage Guidelines
For usage guidelines, see the Cisco IOS XE mac
address-table static command.
The following example shows how to add static entries

to the MAC address table:
Device(config)# mac-address-table static
memory free low-watermark

processor
To set a low free memory threshold, use the memory
free low-watermark processor command in global
conguration mode. To remove a low free memory
threshold, use the no form of this command.
memory free low-watermark processor threshold
Syntax Description
threshold Species threshold in kilobytes of free

processor.
The range is from 0 to 4294967295.
Command Default
None
Command Modes
Command History
Release Modi4cation
Usage Guidelines
When a router is overloaded by processes, the amount
of available memory might fall to levels insucient for
it to issue critical notications. Use the memory free
low-watermark processor command to reserve a
region of memory to be used by the router for issuing
critical notications.
Example
The following example shows how to congure a
memory threshold for the router.
Device(config)# memory free low-watermar
platform qfp utilization monitor

load
To set the default value for CPU utilization monitoring,
use the platform qfp utilization monitor load
command in global conguration mode. To remove the
platform qfp utilization monitor load, use the no form
of this command.
platform qfp utilization monitor load load
Syntax Description
load The range is from 0 to 65535, and from range

50 to 90 can be either set to Packets Per
Second (PPS) or a percent.
Command Default
The default value for this command is set to 80%.
Command Modes
Command History
Release Modi4cation
Usage Guidelines
The qfp monitoring is set to 80 percent by default,
therefore when the CPU is running at 80 percent or
above it will start to log warning and error messages.
This default value can be changed to a smaller/larger
percent or globally.
Example
The following examples shows how to congure a
platform qfp utilization monitor load value to 75% and
60535 pps.
Device(config)# platform qfp utilization

Device(config)# platform qfp utilization
platform-resource
To select a template for core allocation, use the
platform-resource command in conguration mode.
To remove this conguration, use the no form of this
command.
platform-resource [ service-plane-heavy | data-

plane-heavy ]
no platform-resource
Syntax Description
service- (Optional) Species using service

plane-heavy plane heavy template.
data-plane- (Optional) Species using data plane

heavy heavy template.
Command Default
Platform resource template is not congured.
Command Modes
Command History
Release Modi4cation
17.5.1a templates.
The following example shows how to congure vCPU

distribution across the service plane.
Device(config)# platform resource servic
sdwan
To enter the SD-WAN conguration mode (cong-
sdwan) on a Cisco IOS XE SD-WAN device, enter the
sdwan command in the global conguration mode.
sdwan
Syntax Description
This comand has no keywords or arguments.
Command Default
None
Command Modes
Command History
Release Modi4cation
17.4.1a templates.
Example
Device# config-transaction
Device(config)# sdwan
To enable password recovery capability, use the
service password-recovery command in global
conguration mode. To disable password recovery
capability, use the no service password-recovery
[strict] command.
no service password-recovery [strict]
Syntax Description
[strict] (Optional) Restricts device recovery.
Command Default
Password recovery capability is enabled.
Command Modes
Global conguration
Command History
Release Modi4cation
Release 17.6.1a Cisco vManage CLI templates.
Usage Guidelines
For usage guidelines, see the Cisco IOS XE service
password-recovery command.
Example
The following example shows how to disable
password recovery capability using the no service
password-recovery strict command:
Device# configure terminal

Device(config)# no service password-reco
WARNING:
Executing this command will disable the
Do not execute this command without anot
Are you sure you want to continue? [yes]
.
.
To enable small TCP servers such as the Echo, use the
service tcp-small-servers command in global
conguration mode. To disable the TCP server, use the
no form of this command.
no service tcp-small-servers
Command Default
TCP small servers are disabled.
Command Modes
Command History
Release Modi4cation

17.3.1a templates.
Usage Guidelines
For usage guidelines, see the Cisco IOS XE service tcp
small servers command.
The following example shows how to enable small

TCP servers:
Device(config)# service tcp-small-server
service timestamps
To congure the system to apply a time stamp to
debugging messages or system logging messages,
use the service timestamps command in global
conguration mode. To disable this service, use the no
service timestamps [ debug | log ] [ uptime |

datetime | msec ] [ localtime ] [ show-timezone ] [
year ]
no service timestamps [ debug | log ]
Syntax Description
debug (Optional) Indicates time-stamping for

debugging messages.
log (Optional) Indicates time-stamping for

system logging messages.
uptime (Optional) Species that the time stamp

should consist of the time since the
system was last rebooted. For example
“4w6d” (time since last reboot is 4 weeks
and 6 days).
This is the default time-stamp format

for both debugging messages and
logging messages.
The format for uptime varies
depending on how much time has
elapsed:
HHHH :MM :SS (HHHH hours: MM

minutes: SS seconds) for the rst
24 hours
D dHH h (D days HH hours) after
the rst day
W wD d (W weeks D days) after the
rst week
datetime (Optional) Species that the time stamp

should consist of the date and time.
The time-stamp format for datetime is

MMM DD HH:MM:SS, where MMM is
the month, DD is the date, HH is the
hour (in 24-hour notation), MM is the
minute, and SS is the second.
If the datetime keyword is specied,
you can optionally add the msec
localtime , show-timezone , or year
keywords.
If the service timestamps datetime
command is used without addtional
keywords, time stamps will be shown
using UTC, without the year, without
milliseconds, and without a time zone
name.
msec (Optional) Includes milliseconds in the

time stamp, in the format HH: DD: MM:
SS. mmm , where .mmm is milliseconds
localtime (Optional) Time stamp relative to the local

time zone.
year (Optional) Include the year in the date-

time format.
show- (Optional) Include the time zone name in

timezone the time stamp.
Note If the localtime keyword option is

not used (or if the local time zone
has not been congured using
the clock timezone command),
time will be displayed in
Coordinated Universal Time
(UTC).
Command Default
Time stamps are applied to debug and logging
messages.
Command Modes
Command History
Release Modi4cation

17.3.1a templates.
Usage Guidelines
timestamps command.
In the following example, the router begins with time-

stamping disabled. Then, the default time-stamping is
enabled (uptime time stamps applied to debug
output). Then, the default time-stamping for logging is
enabled (uptime time stamps applied to logging
output).
Router# show running-config | include ti
no service timestamps debug uptime

no service timestamps log uptime
Router# config terminal
Device(config)# service timestamps
! issue the show running-config command
! shows that debug timestamping is enabl

service timestamps debug uptime
no service timestamps log uptime
! enable timestamps for logging messages
Router(config)# service timestamps log
Router(config)# do show run | inc time
service timestamps debug uptime

service timestamps log uptime
Router(config)# service sequence-numbers
Router(config)# end
000075: 5w0d: %SYS-5-CONFIG_I: Configure

! The following is a level 5 system logg
! The leading number comes from the ser
! 4w6d indicates the timestamp of 4 week
In the following example, the user enables time-

stamping on logging messages using the current time
and date in Coordinated Universal Time/Greenwich
Mean Time (UTC/GMT), and enables the year to be
shown.
Router(config)# service timestamps log d
Router(config)# end
! The following line shows the timestamp
.Mar 22 2004 23:13:25 UTC: %SYS-5-CONFIG
To enable small User Datagram Protocol (UDP) servers
such as the Echo, use the service udp-small-servers
command in global conguration mode. To disable the
UDP server, use the no form of this command.
no service udp-small-servers
Command Default
UDP small servers are disabled.
Command Modes
Command History
Release Modi4cation

17.3.1a templates.
Usage Guidelines
udp small servers command.
The following example shows how to enable small

UDP:
Router(config)# service udp-small-server
speed
To congure the speed for a Fast Ethernet or Gigabit
Ethernet interface, use the speed command in line
conguration mode. To return to the default
conguration, use the no form of this command.
speed speed-range
no speed speed-range
Syntax Description
speed- Congures the interface to transmit at the

range specied speed range.
Command Default
None
Command Modes
Command History
Release Modi4cation

Usage Guidelines
For usage guidelines, see the Cisco IOS XE speed
command.
The following is an example of this command
Device# configure terminal

Device(config)# line con 0
Device(config-line)# speed 9600
stopbits
To congure the stop bits for the console port, use the
stopbits command. To revert to the default, use the
no form of this command.
stopbits { 1 }
no stopbits { 1 }
Syntax Description
1 Species one stop bit.
Command Default
1 stop bit
Command Modes
Terminal line conguration mode (cong)
Command History
Release Modi4cation

Usage Guidelines
You can congure the console port only from a session
on the console port.
This example shows how to congure the number of

stop bits for the console port:
line con 0
stopbits 1
transport input
To dene which protocols to use to connect to a
specic line of the router, use the transport input
command in line conguration mode. To change or
remove the protocol, use the no form of this
command.
transport input { ssh }
no transport input { ssh }
Syntax Description
ssh (Optional) Selects the Secure Shell (SSH)

protocol.
Command Default
No protocols are allowed on the auxiliary (AUX),
console, tty, and vty lines.
Command Modes
Command History
Release Modi4cation

Usage Guidelines
Cisco devices do not accept incoming network
connections to tty lines by default. You must specify an
incoming transport protocol or specify the transport
input all command before the line will accept incoming
connections.
The following example shows you how to set the

incoming protocol for the vty lines 0 to 32 to Telnet:
configure terminal
line vty 0 32
transport input ssh
exit
transport output
To determine the protocols that can be used for
outgoing connections from a line, use the transport
output command in line conguration mode. To
change or remove the protocol, use the no form of this
command.
transport output ssh
no transport output [ssh]
Syntax Description
ssh Species the Secure Shell (SSH) protocol.
Command Default
Telnet
Command Modes
Line conguration
Command History
Release Modi4cation

17.2.1r templates.
The following example selects the SSH protocol:
transport output ssh
username
To establish a username-based authentication system,
use the username command in global conguration
mode. To remove an established username-based
authentication, use the no form of this command.
username name [ privilege level secret { 0 | 5 | 9 } ]
no username name
Syntax Description
name Hostname, server name, user ID, or

command name. The name argument can
be only one word. Blank spaces and
quotation marks are not allowed.
0 Species that an unencrypted password

or secret (depending on the
conguration) follows.
5 Species that the type-5 encrypted

password follows.
9 Species that the type-9 encrypted

password follows.
secret Species a secret for the user.
secret For Challenge Handshake Authentication

Protocol (CHAP) authentication: species
the secret for the local router or the
remote device. The secret is encrypted
when it is stored on the local router. The
secret can consist of any string of up to
11 ASCII characters. There is no limit to
the number of username and password
combinations that can be specied,
allowing any number of remote devices to
be authenticated.
privilege (Optional) Sets the privilege level for the

privilege- user. Range: 0 to 15.
level
Command Default
No username-based authentication system is
established.
Command Modes
Command History
Release Modi4cation

Usage Guidelines
The username command provides username or
password authentication, or both, for login purposes
only.
In the following example, a privilege level 1 user is

denied access to privilege levels higher than 1:
username employee1 privilege 5
The following example shows how to create a local

user named admin with admin1234 for a secret with
(privilege 15).
Device(config)# username admin privilege
Was this Document Helpful?
Yes No Feedback
Customers Also Viewed

What does the "no platform punt-keepalive
disable-kernel-core" command mean?
Cisco Catalyst SD-WAN Getting Started

Guide --- Install and Upgrade Cisco IOS XE
Catalyst SD-WAN Release 17.2.1r and Later
Cisco Catalyst SD-WAN Getting Started

Guide --- Cisco Catalyst SD-WAN Overlay
Network Bring-Up Process
+ Show 3 More
Contact Cisco
Open a Support Case
(Requires a Cisco Service Contract)
Quick Links -
About Cisco
Contact Us
Careers
Connect with a partner
Resources and Legal -

Feedback
Help
Terms & Conditions
Privacy Statement
Cookies
Accessibility
Trademarks
Supply Chain Transparency
Newsroom
Sitemap
©2023 Cisco Systems, Inc.

Cisco IOS XE Catalyst SD-WAN Qualified Command Re

Uploaded by

Copyright:

Available Formats

Cisco IOS XE Catalyst SD-WAN Qualified Command Re

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco IOS XE Catalyst SD-WAN Qualified Command Re

Uploaded by

Copyright:

Available Formats

Book Contents Log in

Cisco IOS XE Catalyst SD-WAN

clock timezone timezone hours-o.set

timezone Set the timezone on the device. timezone

hours- Hours oset from Coordinated Universal

Cisco IOS XE Command qualied for use in

Device(config)# clock timezone UTC 20

Table 1. Related Commands

crypto isakmp diagnose error

crypto isakmp diagnose error count

no crypto isakmp diagnose error count

count Sets error counters.

Device(config)# crypto isakmp diagnose e

name New hostname for the network server.

Cisco IOS XE Command qualied for use in

line { auto-consolidation | aux | con 0 | range | vty

no line { auto-consolidation aux | con 0 | range | vty

auto- Enable or disable auto-consolidation

aux (Optional) Auxiliary EIA/TIA-232 DTE

con 0 Console 0 terminal line. The console

vty Virtual terminal line for remote

range Range of lines with rst line number

line-number Relative number of the virtual

Cisco IOS XE Command qualied for use in

Cisco IOS XE Additional parameters

The terminal from which you locally congure the

The following example starts conguration for virtual

The following example conguration shows how to

To congure line parameters for the auxiliary port,

The following example starts conguration for a range

login authentication { default }

no login authentication { default }

default Uses the default list created with the aaa

Line conguration (cong-line)

Cisco IOS XE Command qualied for use in

The default option for login authentication

For usage guidelines, see the Cisco IOS XE login

The following example species that the default AAA

login on-success log

login on-success log [ every | number ]

no login on-success log [ every | number ]

every Optional command.

Device(config)# login on-success log eve

Table 2. Related Commands

mac address-table aging-time

mac address-table aging-time seconds

no mac-address-table aging-time seconds

seconds MAC address table entry maximum age.

Cisco IOS XE Command qualied for use in

This command cannot be disabled.

The following example shows how to congure aging

mac address-table aging-time 300

mac address-table static

mac address-table static mac-address vlan vlan-id

no mac-address-table static mac-address vlan

mac- Address to add to the MAC address

vlan Species the VLAN associated with the

interface Species the interface type and the slot

Cisco IOS XE Catalyst Command qualied for use