Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence
Note: For quick reference, I put all the commands below as a cheat sheet PDF: Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence
I don’t work on the command line of CUCM often, but when the need arises here is the short list of commands to keep.
For ssh connection you use the OS Administration username/password created during the CUCM installation. BTW the CLI commands below are valid for all the products: Cisco Unified Collaboration Manager (CUCM), Cisco Unity Connection (CUC) and IM & Presence as well.
As Cisco do not want us to mess with the underlying OS, our interaction is limited to a very restricted kind of shell (you get admin: prompt after entering it). So you don’t have access to the Linux commands, but you do have a predefined set of CUCM commands of which I present most useful ones here.
When in doubt about the command syntax - use tab/? completion to get all possible options.
- General health status info, the first command I run to see unusual CPU/IO load , uptime:
show status
admin:show status
Host Name : CUCMPUB
Date : Fri Oct 11, 2019 09:51:53
Time Zone : Israel Daylight Time (Asia/Jerusalem)
Locale : en_US.UTF-8
Product Ver : 11.5.1.14900-11
Unified OS Version : 6.0.0.0-2
Uptime:
09:51:55 up 403 days, 20:41, 1 user, load average: 0.12, 0.09, 0.09
CPU Idle: 97.44% System: 01.54% User: 01.03%
IOWAIT: 00.00% IRQ: 00.00% Soft: 00.00%
Memory Total: 8062468K
Free: 124588K
Used: 7937880K
Cached: 3378724K
Shared: 278436K
Buffers: 303324K
Total Free Used
Disk/active 19805456K 6083384K 13519528K (69%)
Disk/inactive 19805456K 16939384K 1853336K (10%)
Disk/logging 69235192K 35162600K 30548960K (47%)
- Checking the NTP time status (NTP source, synchronization, stratum)
utils ntp status
admin:utils ntp status
ntpd (pid 15265) is running...
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.17.250 216.239.35.0 2 u 588 1024 377 0.624 -0.579 0.845
synchronised to NTP server (192.168.17.250) at stratum 3
time correct to within 84 ms
polling server every 1024 s
Current time in UTC is : Fri Oct 11 06:54:15 UTC 2019
Current time in Asia/Jerusalem is : Fri Oct 11 09:54:15 IDT 2019
Here:
192.168.17.250 - NTP time data source for the CUCM and most probably for the IP phones
216.239.35.0 - NTP source from which the 192.168.17.250 server gets its time in turn. It has stratum 2 here.
- The best friend in need - ping, to debug reachability/packet loss/latency issues:
utils network ping ?
Syntax:
ping dest [count VALUE] [size VALUE]
dest mandatory dotted IP or host name
count optional count value (default is 4)
size optional size of ping packet in bytes (default is 56)
utils network ping 8.8.8.8 count 10 size 1300
PING 8.8.8.8 (8.8.8.8) 1300(1328) bytes of data.
1308 bytes from 8.8.8.8: icmp_seq=0 ttl=50 time=58.2 ms
1308 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=57.8 ms
- Close friend of ping - traceroute:
utils network traceroute 8.8.8.8
1 192.168.17.254 (192.168.10.254) 0.336 ms 0.296 ms 0.331 ms
< cut for clarity> ...
- Show routing table:
show tech network routes
-------------------- show platform network --------------------
Routes:
192.168.17.0/24 dev eth0 proto kernel scope link src 192.168.17.1
169.254.0.0/16 dev eth0 scope link
default via 192.168.17.254 dev eth0
- Show established connections with the process using the port:
show network status [process nodns search [search term]]
Here I search for all established connections on port 5060 of CUCM (192.168.17.1) (namely SIP phones and SIP trunks):
show network status process nodns search 5060
tcp 0 0 192.168.17.1:5060 192.168.211.29:51971 ESTABLISHED 28364/ccm
tcp 0 0 192.168.17.1:5060 192.168.211.30:50617 ESTABLISHED 28364/ccm
tcp 0 0 192.168.17.1:5060 192.168.211.38:51212 ESTABLISHED 28364/ccm
tcp 0 0 192.168.17.1:5060 192.168.209.73:51438 ESTABLISHED 28364/ccm
- Working with ARP table:
utils network arp delete - delete some ARP entry
utils network arp list - list the ARP table
utils network arp set
utils network arp list
Address HWtype HWaddress Flags Mask Iface
192.168.10.198 ether E0:5F:B9:XX:XX:XX C eth0
192.168.10.254 ether 44:D3:CA:XX:XX:XX C eth0
- Show open and accessible over the network ports with listening daemons:
show network ipprefs public
Application IPProtocol PortValue Type XlatedPort Status Description
------------ ------------ ------------ ------------ ------------ ------------ ------------
sshd tcp 22 public - enabled sftp and ssh access
clm udp 8500 public - enabled cluster manager
clm tcp 8500 public - enabled cluster manager
tomcat tcp 8443 translated 443 enabled secure web access
tomcat tcp 8080 translated 80 enabled web access
ntpd udp 123 public - enabled network time sync<!-- more -->
taps tcp 9050 public - enabled Cisco TAPS service
soapmonitor tcp 5007 public - enabled soapmonitor port
dhcpd udp 67 public - enabled DHCP server port
ccm tcp 8002 public - enabled CCM SDL Link
ccm tcp 1720 public - enabled H225 SIGNAL
ccm tcp 2000 public - enabled SCCP-SIG
ccm tcp 2001 public - enabled TITAN CONVERT
ccm tcp 2002 public - enabled VEGA CONVERT
ccm udp 2427 public - enabled MGCP
ccm tcp 2428 public - enabled MGCPBH
ccm tcp 5060 public - enabled SIP Listener Port for TCP
ccm udp 5060 public - enabled SIP Listener Port for UDP
ALL tcp 32768:61000 public - enabled generic ephemeral tcp ports
ALL udp 32768:61000 public - enabled generic ephemeral udp ports
CTIManager tcp 2748 public - enabled CTIManager QBE TCP
CTIManager tcp 8003 public - enabled CTI SDL Link
acserver tcp 1101 public - enabled Attendent Console RMI callback
acserver tcp 1102 public - enabled Attendent Console RMI server
acserver udp 3223 public - enabled Attendent Console Call Control
ctftp udp 69 public - enabled TFTP access to CUCM TFTP Server
ctftp tcp 6970 public - enabled HTTP access to CUCM TFTP Server
ipvms udp 24576:32767 public - enabled IP Voice Media Streaming Driver RTP
ma tcp 2912 public - enabled IP Manager Assistant
snmpdm udp 161 public - enabled SNMP
Also:
show open ports
show open ports all
show open ports regexp
- Show number of open connections . While the number of connections does NOT equal number of registered phones, if there is some network connectivity issue this number will be unusually low. E.g. on this CUCM there are 52 SIP registered phones:
show network ip_conntrack
301
- Show the hardware server on which the CUCM is installed:
show hardware
HW Platform : VMware Virtual Machine
Processors : 2
Type : Intel(R) Xeon(R) Silver 4114 CPU @ 2.20GHz
CPU Speed : 2200
Memory : 8192 MBytes
Object ID : 1.3.6.1.4.1.9.1.1348
OS Version : UCOS 6.0.0.0-2.i386
Serial Number : VMware-56 4d 7a aa bb cc dd ee-ee ff 11 22 33 44 55 77
- Show list of running processes (Linux style):
show process list
PID ARGS
PID COMMAND
1 init [3]
2 [migration/0]
<cut for brevity>
- Show I/O stats:
utils iostat
Executing command... Please be patient
Linux 2.6.32-573.18.1.el6.x86_64 (CUCMPUB) 10/11/2019 _x86_64_ (2 CPU)
10/11/2019 10:06:07 AM
avg-cpu: %user %nice %system %iowait %steal %idle
5.64 0.00 4.21 0.01 0.00 90.14
Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util
scd0 0.00 0.00 0.00 0.00 0.00 0.00 8.00 0.00 1.16 1.16 0.00
sda 0.02 19.67 0.22 42.42 2.48 496.75 11.71 0.01 0.22 0.03 0.14
- And the last resort - restarting specific service or the whole CUCM. Usually when things go rough and it is not possible to access GUI - be it weird CPU overload or web service stuck, I do restart to the whole CUCM with:
utils system {restart | shutdown | switch-version}
in VMware you can also reboot the virtual machine hosting CUCM.
- Stop/start specific service, but be aware the services list is limited to:
utils service stop
Invalid service name for start/stop, valid names are:
System SSH
Cluster Manager
Service Manager
A Cisco DB
Cisco Tomcat
Cisco Database Layer Monitor
Cisco CallManager Serviceability
<cut for brevity>
utils service
utils service auto-restart
utils service list
utils service restart
utils service start
utils service stop
-
Get the disk usage:
show diskusage activelog -
Show logged in admins:
show logins
administ pts/0 192.168.7.1 Wed Aug 12 09:56 still logged in
- Changing password for yourself/another user . Be very careful with changing password of course.
set password { age* | complexity* | expiry* | inactivity* | user* }
- Show user expiration:
show password expiry user list
show password expiry user list
Password age limits for OS CLI users are:
=================================================
|MAX-age| MIN-age|
| Days | Days | UserID
|=======| ========| =============================
| 99999 | 0 | administrator
The commands below are mostly relevant to the now EOL hardware server used for CUCM Cisco 7800 Series Media Convergence Servers
- Show the status of the fans (irrelevant for VMware based install):
show environment fans
(RPMS) Lower Critical
ID Current Threshold Status
Fan Sensor 1 7800 4200 OK
Fan Sensor 2 7950 4200 OK
Fan Sensor 3 7800 4200 OK
Fan Sensor 4 7350 4200 OK
Fan Sensor 5 7200 4200 OK
- Show the server temperature (irrelevant for VMware based install):
show environment temperatures
(Celcius) Non-Critical Critical Threshold Threshold
ID Current Lower Upper Lower Upper Location Temperature Sensor
1 24 53 54 55 62 1
- Show the server hardware (irrelevant for VMware based install):
show hardware
HW Platform : 7825I4
Processors : 1
Type : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
CPU Speed : 3000
Memory : 2048 MBytes
- Show physical memory (irrelevant for VMware based install):
show memory modules
Bank Locator Size Active Status
DIMM 1 DIMM 1 1024 MB TRUE OK
DIMM 3 DIMM 3 1024 MB TRUE OK
- Show interface status to see whether it is duplex full or not etc. (more useful for hardware based servers than VMware ones):
show network eth0
Ethernet 0
DHCP : disabled Status : up
IP Address : 192.168.10.1 IP Mask : 255.255.255.000
Link Detected: yes Mode : Auto enabled, Full, 100 Mbits/s
Duplicate IP : no
DNS Not configured.
Gateway : 192.168.10.254 on Ethernet 0
- Show the firewall status. Being a Red Hat server CUCM includes iptables to work with firewall which is on by default, but I never had the need to change rules or turn it off:
utils firewall ipv4 debug
utils firewall ipv4 disable
utils firewall ipv4 enable
utils firewall ipv4 list - List all the rules
utils firewall ipv4 status - see whether the firewall on or off
Additional Resources
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.