Note: For quick reference, I put all the commands below as a cheat sheet PDF: Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence
I don’t work on the command line of CUCM often, but when the need arises here is the short list of commands to keep. For ssh connection you use the OS Administration username/password created during the CUCM installation. BTW the CLI commands below are valid for all the products: Cisco Unified Collaboration Manager (CUCM), Cisco Unity Connection (CUC) and IM & Presence as well.
As Cisco do not want us to mess with the underlying OS, our interaction is limited to a very restricted kind of shell (you get admin: prompt after entering it). So you don’t have access to the Linux commands, but you do have a predefined set of CUCM commands of which I present most useful ones here.When in doubt about the command syntax - use tab/? completion to get all possible options.
- General health status info, the first command I run to see unusual CPU/IO load , uptime:
show status
admin:show statusHost Name : CUCMPUBDate : Fri Oct 11, 2019 09:51:53Time Zone : Israel Daylight Time (Asia/Jerusalem)Locale : en_US.UTF-8Product Ver : 11.5.1.14900-11Unified OS Version : 6.0.0.0-2Uptime: 09:51:55 up 403 days, 20:41, 1 user, load average: 0.12, 0.09, 0.09CPU Idle: 97.44% System: 01.54% User: 01.03% IOWAIT: 00.00% IRQ: 00.00% Soft: 00.00%Memory Total: 8062468K Free: 124588K Used: 7937880K Cached: 3378724K Shared: 278436K Buffers: 303324K Total Free UsedDisk/active 19805456K 6083384K 13519528K (69%)Disk/inactive 19805456K 16939384K 1853336K (10%)Disk/logging 69235192K 35162600K 30548960K (47%)- Checking the NTP time status (NTP source, synchronization, stratum)
utils ntp status
admin:utils ntp statusntpd (pid 15265) is running... remote refid st t when poll reach delay offset jitter==============================================================================*192.168.17.250 216.239.35.0 2 u 588 1024 377 0.624 -0.579 0.845synchronised to NTP server (192.168.17.250) at stratum 3 time correct to within 84 ms polling server every 1024 sCurrent time in UTC is : Fri Oct 11 06:54:15 UTC 2019Current time in Asia/Jerusalem is : Fri Oct 11 09:54:15 IDT 2019Here:192.168.17.250 - NTP time data source for the CUCM and most probably for the IP phones216.239.35.0 - NTP source from which the 192.168.17.250 server gets its time in turn. It has stratum 2 here.
- The best friend in need - ping, to debug reachability/packet loss/latency issues:
utils network ping ?
Syntax:ping dest [count VALUE] [size VALUE]
dest mandatory dotted IP or host name
count optional count value (default is 4)
size optional size of ping packet in bytes (default is 56)
utils network ping 8.8.8.8 count 10 size 1300
PING 8.8.8.8 (8.8.8.8) 1300(1328) bytes of data.1308 bytes from 8.8.8.8: icmp_seq=0 ttl=50 time=58.2 ms1308 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=57.8 ms- Close friend of ping - traceroute:
utils network traceroute 8.8.8.8
1 192.168.17.254 (192.168.10.254) 0.336 ms 0.296 ms 0.331 ms< cut for clarity> ...- Show routing table:
show tech network routes
-------------------- show platform network --------------------Routes:192.168.17.0/24 dev eth0 proto kernel scope link src 192.168.17.1169.254.0.0/16 dev eth0 scope linkdefault via 192.168.17.254 dev eth0- Show established connections with the process using the port:
show network status [process nodns search [search term]]
Here I search for all established connections on port 5060 of CUCM (192.168.17.1) (namely SIP phones and SIP trunks):
show network status process nodns search 5060tcp 0 0 192.168.17.1:5060 192.168.211.29:51971 ESTABLISHED 28364/ccmtcp 0 0 192.168.17.1:5060 192.168.211.30:50617 ESTABLISHED 28364/ccmtcp 0 0 192.168.17.1:5060 192.168.211.38:51212 ESTABLISHED 28364/ccmtcp 0 0 192.168.17.1:5060 192.168.209.73:51438 ESTABLISHED 28364/ccm- Working with ARP table:
utils network arp delete - delete some ARP entry
utils network arp list - list the ARP table
utils network arp set
utils network arp list
Address HWtype HWaddress Flags Mask Iface192.168.10.198 ether E0:5F:B9:XX:XX:XX C eth0192.168.10.254 ether 44:D3:CA:XX:XX:XX C eth0- Show open and accessible over the network ports with listening daemons:
show network ipprefs public
Application IPProtocol PortValue Type XlatedPort Status Description------------ ------------ ------------ ------------ ------------ ------------ ------------sshd tcp 22 public - enabled sftp and ssh accessclm udp 8500 public - enabled cluster managerclm tcp 8500 public - enabled cluster managertomcat tcp 8443 translated 443 enabled secure web accesstomcat tcp 8080 translated 80 enabled web accessntpd udp 123 public - enabled network time sync<!-- more -->taps tcp 9050 public - enabled Cisco TAPS servicesoapmonitor tcp 5007 public - enabled soapmonitor portdhcpd udp 67 public - enabled DHCP server portccm tcp 8002 public - enabled CCM SDL Linkccm tcp 1720 public - enabled H225 SIGNALccm tcp 2000 public - enabled SCCP-SIGccm tcp 2001 public - enabled TITAN CONVERTccm tcp 2002 public - enabled VEGA CONVERTccm udp 2427 public - enabled MGCPccm tcp 2428 public - enabled MGCPBHccm tcp 5060 public - enabled SIP Listener Port for TCPccm udp 5060 public - enabled SIP Listener Port for UDPALL tcp 32768:61000 public - enabled generic ephemeral tcp portsALL udp 32768:61000 public - enabled generic ephemeral udp portsCTIManager tcp 2748 public - enabled CTIManager QBE TCPCTIManager tcp 8003 public - enabled CTI SDL Linkacserver tcp 1101 public - enabled Attendent Console RMI callbackacserver tcp 1102 public - enabled Attendent Console RMI serveracserver udp 3223 public - enabled Attendent Console Call Controlctftp udp 69 public - enabled TFTP access to CUCM TFTP Serverctftp tcp 6970 public - enabled HTTP access to CUCM TFTP Serveripvms udp 24576:32767 public - enabled IP Voice Media Streaming Driver RTPma tcp 2912 public - enabled IP Manager Assistantsnmpdm udp 161 public - enabled SNMPAlso:
show open ports
show open ports all
show open ports regexp
- Show number of open connections . While the number of connections does NOT equal number of registered phones, if there is some network connectivity issue this number will be unusually low. E.g. on this CUCM there are 52 SIP registered phones:
show network ip_conntrack
301- Show the hardware server on which the CUCM is installed:
show hardware
HW Platform : VMware Virtual MachineProcessors : 2Type : Intel(R) Xeon(R) Silver 4114 CPU @ 2.20GHzCPU Speed : 2200Memory : 8192 MBytesObject ID : 1.3.6.1.4.1.9.1.1348OS Version : UCOS 6.0.0.0-2.i386Serial Number : VMware-56 4d 7a aa bb cc dd ee-ee ff 11 22 33 44 55 77- Show list of running processes (Linux style):
show process list
PID ARGS PID COMMAND1 init [3]2 [migration/0]<cut for brevity>- Show I/O stats:
utils iostat
Executing command... Please be patientLinux 2.6.32-573.18.1.el6.x86_64 (CUCMPUB) 10/11/2019 _x86_64_ (2 CPU)10/11/2019 10:06:07 AMavg-cpu: %user %nice %system %iowait %steal %idle 5.64 0.00 4.21 0.01 0.00 90.14Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %utilscd0 0.00 0.00 0.00 0.00 0.00 0.00 8.00 0.00 1.16 1.16 0.00sda 0.02 19.67 0.22 42.42 2.48 496.75 11.71 0.01 0.22 0.03 0.14- And the last resort - restarting specific service or the whole CUCM. Usually when things go rough and it is not possible to access GUI - be it weird CPU overload or web service stuck, I do restart to the whole CUCM with:
utils system {restart | shutdown | switch-version}
in VMware you can also reboot the virtual machine hosting CUCM.
- Stop/start specific service, but be aware the services list is limited to:
utils service stop
Invalid service name for start/stop, valid names are: System SSH Cluster Manager Service Manager A Cisco DB Cisco Tomcat Cisco Database Layer Monitor Cisco CallManager Serviceability <cut for brevity>utils service
utils service auto-restart
utils service list
utils service restart
utils service start
utils service stop
Get the disk usage:
show diskusage activelog
Show logged in admins:
show logins
administ pts/0 192.168.7.1 Wed Aug 12 09:56 still logged in- Changing password for yourself/another user . Be very careful with changing password of course.
set password { age* | complexity* | expiry* | inactivity* | user* }
- Show user expiration:
show password expiry user list
show password expiry user listPassword age limits for OS CLI users are:=================================================|MAX-age| MIN-age|| Days | Days | UserID|=======| ========| =============================| 99999 | 0 | administratorThe commands below are mostly relevant to the now EOL hardware server used for CUCM Cisco 7800 Series Media Convergence Servers
- Show the status of the fans (irrelevant for VMware based install):
show environment fans
(RPMS) Lower CriticalID Current Threshold StatusFan Sensor 1 7800 4200 OKFan Sensor 2 7950 4200 OKFan Sensor 3 7800 4200 OKFan Sensor 4 7350 4200 OKFan Sensor 5 7200 4200 OK- Show the server temperature (irrelevant for VMware based install):
show environment temperatures
(Celcius) Non-Critical Critical Threshold Threshold ID Current Lower Upper Lower Upper Location Temperature Sensor 1 24 53 54 55 62 1- Show the server hardware (irrelevant for VMware based install):
show hardware
HW Platform : 7825I4Processors : 1Type : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHzCPU Speed : 3000Memory : 2048 MBytes- Show physical memory (irrelevant for VMware based install):
show memory modules
Bank Locator Size Active StatusDIMM 1 DIMM 1 1024 MB TRUE OKDIMM 3 DIMM 3 1024 MB TRUE OK- Show interface status to see whether it is duplex full or not etc. (more useful for hardware based servers than VMware ones):
show network eth0
Ethernet 0DHCP : disabled Status : upIP Address : 192.168.10.1 IP Mask : 255.255.255.000Link Detected: yes Mode : Auto enabled, Full, 100 Mbits/sDuplicate IP : noDNS Not configured.Gateway : 192.168.10.254 on Ethernet 0- Show the firewall status. Being a Red Hat server CUCM includes iptables to work with firewall which is on by default, but I never had the need to change rules or turn it off:
utils firewall ipv4 debug
utils firewall ipv4 disable
utils firewall ipv4 enable
utils firewall ipv4 list - List all the rules
utils firewall ipv4 status - see whether the firewall on or off
Additional Resources
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.
