Cisco Cisco Packet Data Gateway (PDG)
System Security
Test-Commands ▀
ASR 5500 System Administration Guide, StarOS Release 18 ▄
109
Test-Commands
Users with Security Administrator or Administrator privilege can enable the display of previously hidden test-
commands. The CLI test-commands mode displays new command keywords for existing commands, as well as new
commands.
commands. The CLI test-commands mode displays new command keywords for existing commands, as well as new
commands.
Caution:
CLI test-commands are intended for diagnostic use only. Access to these commands is not required
during normal system operation. These commands are intended for use by Cisco TAC personnel only. Some of these
commands can slow system performance, drop subscribers, and/or render the system inoperable.
commands can slow system performance, drop subscribers, and/or render the system inoperable.
Enabling cli test-commands Mode
To enable access to test-commands, a Security Administrator must log into the Global Configuration mode and enter cli
hidden.
hidden.
This command sequence is shown below.
[local]host_name# config
[local]host_name(config)# cli hidden
[local]host_name(config)#
[local]host_name(config)# cli hidden
[local]host_name(config)#
By default cli-hidden is disabled.
Important:
Low-level diagnostic and test commands/keywords will now be visible to a user with Administrator
or higher privilege. There is no visual indication on the CLI that the test-commands mode has been enabled.
Enabling Password for Access to CLI-test commands
A Security Administrator can set a plain-text or encrypted password for access to CLI test commands. The password
value is stored in /flash along with the boot configuration information. The show configuration and save configuration
commands will never output this value in plain text.
value is stored in /flash along with the boot configuration information. The show configuration and save configuration
commands will never output this value in plain text.
The Global Configuration mode command tech-support test-commands [encrypted] password new_password sets an
encrypted or plain-text password for access to CLI test-commands.
encrypted or plain-text password for access to CLI test-commands.
This command sequence is shown below.
[local]host_name# config
[local]host_name(config)# tech-support test-commands password new_password
[local]host_name(config)#
[local]host_name(config)# tech-support test-commands password new_password
[local]host_name(config)#
When a test-commands password is configured, the Global Configuration mode command cli test-commands [
encrypted ] password password requires the entry of the password keyword. If the encrypted keyword is specified, the
password argument is interpreted as an encrypted string containing the password value. If the encrypted keyword is not
specified, the password argument is interpreted as the actual plain text value
encrypted ] password password requires the entry of the password keyword. If the encrypted keyword is specified, the
password argument is interpreted as an encrypted string containing the password value. If the encrypted keyword is not
specified, the password argument is interpreted as the actual plain text value
Important:
If tech-support test-commands password is never configured, cli-test commands will always fail.
If the password keyword is not entered for cli test-commands, the user is prompted (no-echo) to enter the password.
Also, cli hidden must be enabled by a Security Administrator to access the CLI test-commands.
Also, cli hidden must be enabled by a Security Administrator to access the CLI test-commands.