This command displays the debug points that have been set.
This command displays ISA group information.
Table 18 describes the show command output fields:
Label | Description |
ISA-AA Group Index | Indicates the group number of this group of MDAs. |
Description | |
Primary ISA-AA | Displays the primary slot and card number and whether the status is up or down and is either active or standby. |
Backup ISA-AA | Displays the backup slot and card number and whether the status is up or down and is either active or standby. The status should be up and standby. |
Last Active change | Indicates the last time a successful change was performed. |
Admin State | Displays the administrative state, up or down. |
Oper State | Displays the operational state, up or down. |
Diverted FCs | Displays the forwarding class to be diverted. |
Fail to mode | Displays how traffic is handled when there are no available ISA-AA cards to handle the traffic, either failToWire or failToOpen. |
Partitions | Indicates whether partitions are enabled or disabled within an ISA-AA group. When the value of this object is set to enabled, partitions can be created in the tmnxBsxAaGrpPartTable. |
Egress from subscriber | |
Pool | Displays the buffer pool as defined in TIMETRA-PORT-MIB::tmnxObjectAppPool for subscriber to network traffic egressing towards the ISA-AA MDA. |
Reserved Cbs | Displays the percentage of the buffer pool reserved for high priority traffic for subscriber to network traffic egressing towards the ISA-AA MDA. |
Slope Policy | Displays the policy as defined in TIMETRA-QOS-MIB::tSlopePolicyTable for subscriber to network traffic egressing towards the ISA-AA MDA. |
Queue Policy | Displays the policy as defined in TIMETRA-QOS-MIB::tNetworkQueueTable for subscriber to network traffic egressing towards the ISA-AA MDA. |
Scheduler Policy | Displays the policy as defined in TIMETRA-QOS-MIB::tSlopePolicyTable for network to subscriber traffic egressing towards the ISA-AA MDA |
Egress to subscriber | |
Pool | Displays the buffer pool as defined in TIMETRA-PORT-MIB::tmnxObjectAppPool for network to subscriber traffic egressing towards the ISA-AA MDA. |
Reserved Cbs | Displays the percentage of the buffer pool reserved for high priority traffic for network to subscriber traffic egressing towards the ISA-AA MDA. |
Slope Policy | Displays the policy as defined in TIMETRA-QOS-MIB::tSlopePolicyTable for network to subscriber traffic egressing towards the ISA-AA MDA. |
Queue Policy | Displays the policy as defined in TIMETRA-QOS-MIB::tNetworkQueueTable for network to subscriber traffic egressing towards the ISA-AA MDA. |
Scheduler Policy | Displays the policy as defined in TIMETRA-QOS-MIB::tSchedulerPolicyTable for network to subscriber traffic egressing towards the ISA-AA MDA. |
Overload Sub-quarantine | Displays the overload quarantine state, up or down. |
Overload Cut Through | Displays the overload cut through state, enabled or disabled. |
This command displays the Application Assurance Redundancy Protocol (AARP) instance status.
This command enables the context to display application-assurance group information.
This command displays AA interface information.
<mda-id> | <slot>/<mda> |
slot | [1 to 10] (depending on platform) |
mda | [1 to 2] |
This command displays per-subscriber statistics.
The following is an example of show output for the aa-sub command.
This command displays AA subscriber lists.
The following is an example show output for the aa-sub-list command.
This command displays per-subscriber special study statistics.
This command displays per-application-group statistics. System-wide statistics displayed account for all flows completed and the last internal snapshot of the active flows.
The following is an example show output for the app-group command.
This command displays per-application statistics. The system-wide statistics displayed account for all flows completed and the last internal snapshot of the active flows.
Subscriber statistics are available for special-study subscribers and account for all completed and active flows at the moment of this statistics request.
The following is an example show output for the application command.
This command enables the context to display cflowd output.
This command enables the context to display cflowd output.
The following is an example show output for the collector command.
This command enables the context to display cflowd direct-export output.
This command enables the context to display cflowd direct-export collector output.
The following is an example show output for the collector command.
This command displays status information.
The following is an example show output for the status command.
This command displays the application assurance DNS IP cache statistics and status information.
Table 19 describes the show command output fields.
Label | Description |
Admin Status | Indicates the administrative status of the DNS IP cache. [Up | Down] |
Domain expressions | Indicates the number of DNS domain expressions configured. |
Server addresses | Indicates the number of server-addresses configured |
High-Watermark | Indicates the value, in percentage, of the configured high watermark. |
Low-Watermark | Indicates the value, in percentage, of the configured low watermark. |
Cache-size | Indicates the value of the configured maximum cache size. |
Usage | Indicates the value, in percentage, of the total for the number of entries in the cache. |
Alarm State | Indicates the status of the alarm related to the DNS IP cache high/low watermark utilization. The alarm is raised when the high watermark is crossed; it is cleared when it goes below the low watermark. [Clear | Raised] |
Hit-Count | Indicates the number of times an IP address lookup in this cache was successful. |
Total responses | Indicates the total number of DNS responses analyzed. |
Domain name matched | Indicates the number of times a domain name defined in the DNS match criteria matched a DNS response. |
Domain & server matched | Indicates the number of times both the domain name and server address defined in the DNS match criteria matched a DNS response. |
Total entries added | Indicates the total number of IP entries added in the cache. |
Total entries removed | Indicates the total number of IP entries removed from the cache after the entry expired. |
Full count | Indicates the total number of IP entries in the cache. |
Hit Count | Indicates the number of times an IP address lookup in this cache was successful. The IP address lookup is performed in app-filters and is successful if the server address DNS IP cache criteria is met. |
Miss Count | Indicates the number of times an IP address lookup in this cache was unsuccessful. The IP address lookup is performed in app-filters and is unsuccessful if the server address DNS IP cache criteria is not met. |
This command displays event log information.
The following is a sample output displaying event log information:
This command displays GTP (General packet radio service (GPRS) Tunneling Protocol) information.
This command displays HTTP enrichment information.
The following is an example output for the http-enrich command.
This command displays detailed HTTP Enrichment information.
This command displays HTTP enrichment field information.
This command displays HTTP enrichment fields.
This command displays summarized HTTP enrichment information.
This command displays per-subscriber app-group application and protocol statistics.
The following is an example output for the count command.
This command displays the application-assurance policy uncommitted changes.
The following is an example output for the admin command.
This command displays application-assurance policy filter information.
This command displays application-assurance policy application group information.
This command displays application-assurance policy application profile information.
This command displays application-assurance policy application QoS policy information.
This command displays application-assurance policy application service option information.
This command displays application-assurance policy application information.
This command displays application-assurance policy application information.
This command displays application-assurance policy custom protocol information.
This command displays application-assurance policy summary information.
This command displays policer configuration information.
The following is an example output for the policers command.
This command displays application-assurance policy summary information.
This command displays per-protocol statistics. The system-wide statistics displayed account for all flows completed and the last internal snapshot of the active flows.
Subscriber statistics are available for special study subscribers and account for all completed and active flows at the moment of this statistics request.
The following is an example output for the protocol command.
This command displays Stream Control Transmission Protocol (SCTP) filter information
This command displays session filter information.
The following is an example show output for the session-filter command.
This command displays a summary of statistics for a specific aa-sub.
The following is an example show output for the summary command.
This command displays per-subscriber usage-monitoring statistics.
This command displays system statistics.
The following is an example show output for the status command.
This command displays TCP validation policy information.
When the mda-id parameter is included, only TCP validation policy information for the specified adapter card is displayed.
The following output is an example of TCP validation policy information.
This command displays per traffic type statistics.
This command displays transit IP policy information.
This command displays transit prefix policy information.
This command displays information about the configured url-list providing the following information:
Table 20 describes the show command output fields:
Label | Description |
Admin Status | [Up | Down] - Administrative status of the url-list |
Oper Status | [Up | Down] - Operational status of the url-list |
Oper Flags | [admin-down | file-does-not-exist | invalid-file-format | too-many-urls | switch-over-error] |
File Deployed to ISA | [Yes | No] - This flag describes if the file located in the compact flash is the one deployed in the ISA, in the event the file is overwritten and before the admin upgrade command is used this flag will display “No”. |
Upgrade Statistics | |
Last Success | Last time the list was successfully upgraded |
File Name | File name for the last successful upgrade |
URL Entries | Number of URLs loaded at the last success |
Blank/Comment Lines | Number of blank or commented out lines |
Last Attempt | Last time the operator tried to upgrade the list |
Result | Success | Failure. Result of the last upgrade |
File Name | File name for the last upgrade attempt |
Error Line | Line error resulting in a failure to upgrade. |
Reason | [invalid-file-format | too-many-urls] - Reason for the failure to upgrade |
Detail | Details related to the failed upgrade (example: decryption failed) |
This command displays information about the configured url-filter policy along with some associated raw statistics. These output statistics are:
In addition to these counters the system will count the type of action taken by the url-filter policy (allow, block, redirect, default) as well as the type of responses received from the icap server (allow, block, redirect, late).
The following is an example show output for the url-filter command.
This command displays information about the configured URL list.
The following output examples show URL list information.
Table 21 describes the URL list show command output fields.
Label | Description |
Size | [standard | extended] Specifies the size parameter for the URL list |
Admin Status | [Up | down] - Administrative status of the URL list |
Oper Status | [Up | down] - Operational status of the URL list |
Oper Flags | [admin-down | file-does-not-exist |invalid-file-format | too-many-urls | switch-over-error] |
File Deployed to ISA | [Yes | No] - This flag describes if the file located in the compact flash is the one deployed in the ISA, in the event the file is overwritten and before the admin upgrade command is used this flag will display "No". |
Upgrade Statistics | |
Last Success | Last time the list was successfully upgraded |
File Name | File name for the last successful upgrade |
URL Entries | Number of URLs loaded at the last success and percentage to full |
URL Characters | Number of characters loaded at the last success and percentage to full |
Blank/CommentLines | Number of blank or commented out lines |
Last Attempt | Last time the operator tried to upgrade the list |
Result | [Success | Failure]. Result of the last upgrade |
File Name | File name for the last upgrade attempt |
Error Line | Line error resulting in a failure to upgrade |
Reason | [invalid-file-format | too-many-urls] - Reason for the failure to upgrade |
Detail | Details related to the failed upgrade (example: decryption failed) |
This command displays application-assurance group charging group information.
This command displays information about the configured http-notification policy with associated raw statistics:
The following is an example show output for the http-notification command.
This command displays information about the configured http-notification policy with associated raw statistics summed over all partitions.
The following is an example show output for the http-notification command.
This command displays partition information.
This command displays application-assurance policer information.
The following is an example show output for the policer command.
This command enables the context to display application-assurance policy configuration information.
This command enables the context to display http-error-redirect static definitions.
The following is an example show output for the policy command.
This command displays application assurance http-redirect statistics and status information.
The following table describes the show command output fields:
Label | Description |
Template | Specifies HTTP redirect template id information. Each HTTP redirect template returns a specific HTTP redirect message such as HTTP 302 or Javascript and can optionally use macro substitution. |
Redirect URL | Specifies the address the subscriber will be redirected to. |
Captive Redirect | Specifies Yes if captive redirect is used and No if captive redirect is not used. |
Redirect HTTPS | Specifies Yes if redirect https is used and No if redirect https is not used. |
VLAN ID | Specifies the AA interface VLAN id used for captive redirect. |
Admin Status | Specifies the administrative status (Up/Down) of the HTTP redirect policy. |
AQP Ref | Specifies Yes if the HTTP redirect policy is referenced in AQP, and No if it is not. |
This command displays http-error-redirect error-codes.
The following output example shows HTTP error redirect error code information, and Table 23 describes the fields.
Label | Description |
Description | Describes the error |
Default | Indicates what the default is for the error |
custom-msg-size (Custom Message Size) | The size of the message |
This command displays http-error-redirect template information.
The following is an example show output for the policer command.
This command displays http-notification template information.
This command displays http-redirect template information.
This command displays application-assurance policy protocols loaded from the isa-aa.tim file.
The following is an example show output for the protocol command.
This command displays RADIUS accounting policy information.
This command displays information about threshold crossing alerts.
The following output example shows application assurance threshold crossing alert information.
This command displays the versions of the isa-aa.tim used by the CPM and the AA ISAs.
The following is an example show output for the version command.
This command displays MDA information.
If no command line options are specified, a summary output of all MDAs is displayed in table format.
Table 24 describes MDA output fields.
Label | Description |
Slot | The chassis slot number. |
MDA | The MDA slot number. |
Provisioned type | The MDA type provisioned. |
Equipped type | The MDA type actually installed. |
Admin State | Up — Administratively up. |
Down — Administratively down. | |
Operational State | Up — Operationally up. |
Down — Operationally down. |
This command displays application subscriber information.
The following is an example show output for the aa-sub-using command.
This command displays information about SAPs using the specified application profile.
The following is an example show output for the sap-using app profile command.
This command displays SAP information for a specific AARP ID.
This command displays SAP information for a specific transit IP policy or transit prefix policy.
This command displays SDP information for a specific AARP instance ID.
This command displays the SDP and associated services diverted to Application Assurance using a specific app profile name.
This command displays SDP information for an IP transit IP policy or a transit prefix policy.
This command displays the subscribers and associated services diverted to Application Assurance using a specific app profile name.
This command dumps application-assurance AARP information for a specified instance.
This command dumps application-assurance information within a group.
The following output displays group resources information.
This command dumps application-assurance information within a group/partition.
aa-group-id: | partion:aa-group-id[:partition-id] | |
aa-group-id | 1 to 255 | |
partition-id | 1 to 65535 |
This command displays the list of active ANLs detected by AA along with the associated conditions (for example, congestion, measured rate, and number of subscribers).
The following output displays aa-anl-list information.
This command displays AA subscriber information for a specific ISA.
The following output display AA subscriber information.
This command displays the AA subscriber list for a specific ISA.
The following output displays AA subscriber list information.
This command displays application-assurance admit-deny statistics.
The following output is an example of AA admit-deny statistics information.
This command displays per-subscriber per-app-group statistics.
This command displays per-subscriber per-application statistics.
This command displays per-subscriber per-charging-group statistics.
This command displays subscriber summary information.
This command displays AA aa-sub information.
The following output display AA aa-sub information.
This command displays the list of IP addresses stored in a DNS IP cache.
local-url | remote-url | local-url | [<cflash-id>/][<file-path>] | |
200 chars max, including cflash-id | |||
directory length 99 chars max each | |||
remote-url | [{ftp://|tftp://}<login>:<pswd>@<remote-locn>/][<file-path>] | ||
255 chars max | |||
directory length 99 chars max each | |||
remote-locn | [ <hostname> | <ipv4-address> | <ipv6-address> ] | ||
ipv4-address | a.b.c.d | ||
ipv6-address | x:x:x:x:x:x:x:x[-interface] | ||
x:x:x:x:x:x:d.d.d.d[-interface] | |||
x - [0..FFFF]H | |||
d - [0..255]D | |||
interface - 32 chars max, for link | |||
local addresses | |||
cflash-id | flash slot ID |
Table 25 describes the command output fields.
Label | Description |
ip-address | Indicates the IP address stored in the DNS IP cache. The address is added into the cache if the DNS response meets the DNS IP cache match criteria (domain name and DNS server address). |
creationTime | Indicates the time at which the entry was created. The entry is created by a DNS response meeting the DNS IP cache match criteria (domain name and DNS server address). |
lastUpdated(UTC) | Indicates the time at which the entry was last updated, either from a new IP flow (fully classified) using the same IP address or a new DNS response meeting the DNS IP cache match criteria. |
numDNSResponses | Indicates the number of DNS responses including this IP address meeting the DNS IP cache match criteria. |
lastMatchTime(UTC) | Indicates the last time the IP address matched an app-filter with a server address DNS IP cache criteria. |
numTimesMatched | Indicates the number of times the IP address matched an app-filter with a server address DNS IP cache. |
This command displays application-assurance event-log information.
This command dumps application-assurance flow-records matching the specified criteria for a specific AA subscriber.
local-url | remote-url | |||
local-url | [<cflash-id>/][<file-path>] | ||
200 chars max, including cflash-id | |||
directory length 99 chars max each | |||
remote-url | [{ftp://|tftp://}<login>:<pswd>@<remote-locn>/][<file-path>] | ||
255 chars max | |||
directory length 99 chars max each | |||
remote-locn | [ <hostname> | <ipv4-address> | <ipv6-address> ] | ||
ipv4-address | a.b.c.d | ||
ipv6-address | x:x:x:x:x:x:x:x[-interface] | ||
x:x:x:x:x:x:d.d.d.d[-interface] | |||
x - [0..FFFF]H | |||
d - [0..255]D | |||
interface - 32 chars max, for link | |||
local addresses | |||
cflash-id | flash slot ID |
The following example displays flow record search information.
This command rebalances AA subscribers between ISAs within a group, in case imbalance occurs such as with the addition of new cards.
This command saves the http host values recorded by the tool into a file. The http-host-recorder is configured using debug commands.
local-url: | <cflash-id>/][<file-path>] | |
200 chars max, including cflash-id | ||
directory length 99 chars max each | ||
remote-url: | [{ftp://|tftp://}<login>:<pswd>@<remote-locn>/][<file-path>] | |
255 chars max | ||
directory length 99 chars max each | ||
remote-locn: | <hostname> | <ipv4-address> | <ipv6-address> ] | |
ipv4-address | a.b.c.d | |
ipv6-address | x:x:x:x:x:x:x:x[-interface] | |
x:x:x:x:x:x:d.d.d.d[-interface] | ||
x - [0..FFFF]H | ||
d - [0..255]D | ||
interface | 32 chars max, for link local addresses | |
cflash-id | flash slot ID |
This command displays the current status of the http-host-recorder with current-time, start-time, stop-time, sample-rates, filters, buffer as well as number of bytes and flows recorded for the specified AA ISA. The http-host-recorder is configured using debug commands.
This command configures dump application-assurance http-host-recorder information.
This command displays by bytes or flows top http-host recorded by the tool on a particular AA ISA.
This command displays rates for the policer for a specific day and time.
This command saves the port recorded by the tool into a file. The port-recorder is configured using debug commands.
local-url: | <cflash-id>/][<file-path>] | |
200 chars max, including cflash-id | ||
directory length 99 chars max each | ||
remote-url: | [{ftp://|tftp://}<login>:<pswd>@<remote-locn>/][<file-path>] | |
255 chars max | ||
directory length 99 chars max each | ||
remote-locn: | <hostname> | <ipv4-address> | <ipv6-address> ] | |
ipv4-address | a.b.c.d | |
ipv6-address | x:x:x:x:x:x:x:x[-interface] | |
x:x:x:x:x:x:d.d.d.d[-interface] | ||
x - [0..FFFF]H | ||
d - [0..255]D | ||
interface | 32 chars max, for link local addresses | |
cflash-id | flash slot ID |
This command displays the current status of the port-recorder with current-time, start-time, stop-time, sample-rates as well as number of bytes and flows for UDP and TCP traffic on the specified AA ISA card. The port-recorder is configured using debug commands.
This command displays by bytes or flows the top ports recorded by the tool on a particular AA ISA.
This command displays application-assurance traffic-capture information.
This command performs Application Assurance Redundancy Protocol instance operations.
This command performs application assurance group operations.
This command performs application assurance group aa-sub operations.
This command clears the specified AA subscriber from the quarantine state. If the specified AA subscriber is not in a quarantined state, an error message is generated. When this command is successfully executed, an SNMP trap is raised indicating that the AA-subscriber is no longer quarantined. If the quarantine table is full and the automatic detection algorithm identifies a new subscriber to be quarantined, the oldest quarantined AA subscriber is removed, a trap is raised and the newly identified AA subscriber is quarantined.
This command places the specified AA subscriber into the quarantine state. If the specified AA subscriber is already in a quarantined state, an error message is generated. If the quarantine table is full, the command generates an error message when the user tries to manually quarantine an AA subscriber. The user can manually clear-quarantine any quarantined AA subscriber to make space for the new AA subscriber. When this command is successfully executed, an SNMP trap is raised indicating that the AA-subscriber is now quarantined.
This command dumps application-assurance seen-ip information for a specified transit-ip policy.
This command clears application assurance group statistics or status.
This command clears application assurance RADIUS accounting statistics for the specified policy.
This command configures application-assurance within a group/partition debugging.
aa-group-id:parti* : aa-group-id[:partition-id] | |
aa-group-id | [1..255] |
partition-id | [1..65535] |
This command configures debugging for traffic capture.
This command configures debugging for traffic match criteria.
This command configures debugging on an application.
This command configures debugging of a client IP.
This command configures debugging of a client port.
This command configures debugging on a destination IP address.
This command configures debugging on a destination port.
This command configures debugging on IP address 1.
This command configures debugging on IP address 2.
This command configures debugging on an IP protocol number.
This command configures debugging on port 1.
This command configures debugging on port 2.
This command configures debugging on a servicer IP address.
This command configures debugging on a server port.
This command configures debugging on a source IP address.
This command configures debugging on a source port.
This command configures debugging on a mirror source.
This command configures traffic recording options.
This command records cut-through packet conditions.
This command records limit conditions.
This command records limit conditions.
This command administratively disables traffic capture.
This command configures an AA ISA group as a mirror source for this mirror service. Traffic is mirrored after AA processing takes place on AA ISAs of the group, therefore, any packets dropped as part of that AA processing are not mirrored.
This command displays persistence debug information.
This command enables the http-host-recorder feature on a particular group:partition.
The no form of the command disables the http-host-recorder feature.
This command configures recorder filter settings. This command specifies the filtering parameter for the http-host-recorder feature.
This command configures the recorder filter default action to either record or no-record. This parameter applies to http-host values not matching any expressions defined in the filter context.
This command configures the recorder filter expressions.
This command configures which http-host are selected for the http-host-recorder. It is either any http-host values going through the AA ISA or the http-host corresponding to flows not matching a string based app-filter.
For the feature to work it is required to configure at least one app-filter to catch the HTTP protocol signature.
This command configures the sampling rate for the recorded http host, a sampling rate of 10 will sample one out of 10 http-host.
The following configuration records http-host entries ending with “.com” as a result of the expression filter configuration. It will not record any other HTTP host values since the default-filter-action set to no-record. The http-host entries analyzed by the recorder in the first place are http-host-app-filter-candidates.
This commands allows to stop or start the http-host-recorder. To reset the recorded values execute shutdown followed by no shutdown.
This commands allows to stop or start the http-host-recorder. To reset the recorded values execute shutdown followed by no shutdown.
This commands specifies the applications used as input by the port-recorder. Applications responsible for unknown or unidentified traffic are meant to be used by this tool.
The following sample configuration records TCP and UDP port numbers for the application “Unidentified TCP”.