cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4533
Views
5
Helpful
7
Replies

How to enable a command?

us3rn4me0923
Level 1
Level 1

how do I enable a priv exec command that is disabled by default?

As an example: how do I enable "show DMVPN". It appears from below that it needs to be "enabled". I am using a variety of IOS post 12.4 Thanks

show dmvpn

To display Dynamic Multipoint VPN (DMVPN) specific session information, use the show dmvpn command in privileged EXEC mode.

show dmvpn [peer [nbma | tunnel {ip-address}] | [network {ip-address} {mask}]] [vrf {vrf-name}] [interface {tunnel number}] [detail] [static] [debug-condition]

Command Default

This command is not enabled.

Command Modes

Privileged EXEC

Command History

Release Modification

12.4(9)T

This command was introduced.

1 Accepted Solution

Accepted Solutions

Jeff

Thank you for posting the additional information. It helps to make clear what the problem is. It does make clear that the command is not available on your router. And the reason is clear based on this posting of additional information. In your original post you included this information:

Command History

Release Modification

12.4(9)T

This command was introduced.

Note that the code was introduced in the T train of code not the mainline. In this post you gave us part of show version:

R1#sh ver

Cisco IOS Software, 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1)

and this indicates that you are running 12.4(18) which is main line code. To get this command you will have to change the image that you are running and run something from the 12.4T train of code.

HTH

Rick

HTH

Rick

View solution in original post

7 Replies 7

spremkumar
Level 9
Level 9

hi

can you revert back whether you are logging in using the user id/password with limited privileges or limited access ???

If you are logging in with such an user id you are restricted to the commands which you are allowed to execute.

You wont get the output of the command if you are executing from a privilege level which is not configured or permitted to do so...

regds

Connecting via console with enable password and with local account / priv 15 access level.

From my perspective - I have no reason to believe it is a limited priv level issue. The command show DMVPN doesn't even come up as an available command.

I agree - if I was using an account with limited access - it makes sense not to be able to execute the command.

Jeff

Perhaps you can clarify a few things for us:

- are you using on line help and saying the command is not available because it does not show up or are you attempting to enter the command and getting a response of invalid input? (I have seen many instances where on line help did not show a command which executed just fine if you enter the command)?

- is DMVPN supported in the version and feature set that you are running? Perhaps you can post the output of show version so that we can see what version and what feature set you are running?

- Is DMVPN configured and running on this router? I am not clear from the excerpt from the documentation quoted in the original post what it takes to enable the command but believe that I have seen situations before where some command was not enabled until the feature that it related to was configured.

HTH

Rick

HTH

Rick

Thank you for the questions

Show DMVPN does not show up as an available command. I rechecked the feature set and it supports DMVPN phase 1. I have DMVPN configured on R1 as Hub and R2, R3 as Spokes.

Example:

R1#sh dmvpn

^

% Invalid input detected at '^' marker.

R1#sh d?

dampening data-corruption debugging derived-config

dhcp diag dial-peer dialer

dialplan diffserv dnsix dot1x

dspfarm dss dtp dxi

R1#sh ver

Cisco IOS Software, 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1)

R1#sh crypto sess

Crypto session current status

Interface: Tunnel0

Session status: UP-ACTIVE

Peer: 60.60.2.1 port 500

IKE SA: local 60.60.1.1/500 remote 60.60.2.1/500 Active

IPSEC FLOW: permit 47 host 60.60.1.1 host 60.60.2.1

Active SAs: 2, origin: crypto map

Interface: Tunnel0

Session status: UP-ACTIVE

Peer: 60.60.3.1 port 500

IKE SA: local 60.60.1.1/500 remote 60.60.3.1/500 Active

IPSEC FLOW: permit 47 host 60.60.1.1 host 60.60.3.1

Active SAs: 4, origin: crypto map

R1#sh ip nhrp

172.16.31.2/32 via 172.16.31.2, Tunnel0 created 00:10:15, expire 00:05:17

Type: dynamic, Flags: authoritative unique registered

NBMA address: 60.60.2.1

172.16.31.3/32 via 172.16.31.3, Tunnel0 created 00:10:15, expire 00:06:50

Type: dynamic, Flags: authoritative unique registered

NBMA address: 60.60.3.1

R1#sh crypto isakmp sa

dst src state conn-id slot status

60.60.1.1 60.60.3.1 QM_IDLE 2 0 ACTIVE

60.60.1.1 60.60.2.1 QM_IDLE 1 0 ACTIVE

Hub t0

R1#sh run int t0

Building configuration...

Current configuration : 419 bytes

!

interface Tunnel0

description DMVPN Connection to the Internet

bandwidth 100000

ip address 172.16.31.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication cisco123

ip nhrp map multicast dynamic

ip nhrp network-id 48202

ip nhrp holdtime 450

ip tcp adjust-mss 1360

delay 1000

tunnel source FastEthernet3/0

tunnel mode gre multipoint

tunnel key 2332

tunnel protection ipsec profile dmvpn

end

Jeff

Thank you for posting the additional information. It helps to make clear what the problem is. It does make clear that the command is not available on your router. And the reason is clear based on this posting of additional information. In your original post you included this information:

Command History

Release Modification

12.4(9)T

This command was introduced.

Note that the code was introduced in the T train of code not the mainline. In this post you gave us part of show version:

R1#sh ver

Cisco IOS Software, 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1)

and this indicates that you are running 12.4(18) which is main line code. To get this command you will have to change the image that you are running and run something from the 12.4T train of code.

HTH

Rick

HTH

Rick

Thank you for your help. I'll go back to the drawing board on understanding the differences in code and features.

Jeff

There are many different code trains in IOS and I agree that sometimes it is difficult to understand them. In very general terms the main line code is the versions of code with no letters at the end of the name. Other code trains are identified by some combination of letters at the end of the release identifier. Within a version of main line code in the major releases (12.1, 12.2, 12.3, and 12.4) Cisco attempts to keep the features supported pretty much the same and different minor releases (12.4(9) or 12.4(18) have mostly bug fixes and preformance enhancements. The new features get introduced in the T train (sometimes referred to as the Technology train - or maybe as the Testing train). So features that were inroduced in 12.3T become the base line of features supported in 12.4. And the show dmvpn that was introduced in 12.4T will become a main line feature in whatever major release follows 12.4.

Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that they will read responses which successfully resolved the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco