Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS

From: George Robbins (grr@shandakor.tharsis.com)
Date: Tue May 29 2001 - 07:13:42 EDT


Well, the nature of "undocumented commands" is that problems don't
neccesarily turn into caveats. The general trend is to make "useful"
state and stats visible with normal exec-level commands, though
obviously this isn't a big priority.

I don't think there's any non-vip command to show memory and cpu, but
there's supposed to be a new mib object with "per cpu" data somewhere
along the line.

I don't thing there's anything inherently hazardous about using if-con
to access most vip status, but it's up to the user to map out what's
"safe" as a normal operation vs. what's useful for debugging or for
pre-reload poking around.

                                                George

> From cisco-nsp-request@puck.nether.net Mon May 28 14:27:14 2001
> Resent-Date: Mon, 28 May 2001 14:27:09 -0400
> Received-Date: Mon, 28 May 2001 14:24:40 -0400
> Date: Mon, 28 May 2001 13:24:31 -0500 (CDT)
> From: Rob Thomas <robt@cymru.com>
> X-X-Sender: <robt@bilbo.sauron.net>
> To: "Basa, Angelito A." <BasaAA@etpi.com.ph>
> cc: Cisco List <cisco-nsp@puck.nether.net>
> Subject: Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS
> In-Reply-To: <3D71888D0D75D2119C4800A0C9C569C60287E84A@ETPI_NT_38>
> Resent-From: cisco-nsp@puck.nether.net
> X-Mailing-List: <cisco-nsp@puck.nether.net> archive/latest/6481
> X-Loop: cisco-nsp@puck.nether.net
> Precedence: list
> Resent-Sender: cisco-nsp-request@puck.nether.net
>
> > just the command I've been looking for for last week but forgot to follow it
> > up
> > (though there is a slight error on the document,
> > the command is only available on privilege-exec mode).
>
> Good point - I assumed priv. mode based on the example, but I should
> know better than to assume anything. :-) I'll add that bit to the
> document. Thanks!
>
> > the "if-con" command is not listed int the 7513 help. I need it
> > to check our VIP2-50's CPU and memory. I'm still looking for possible
> > caveats if any.
> > Found one only for 12.0T for possible router reload if the "show line"
> > command is issued.
>
> Be very careful here. As with all undocumented IOS commands, there
> are risks with each revision of the IOS code.
>
> --
> Rob Thomas
> http://www.cymru.com/~robt
> cmn_err(CE_PANIC, "Out of coffee...");
>
>
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:39 EDT