Cisco Hidden Commands

Some days ago I received an e-mail from my colleague M.Farag about a hidden command on Cisco router’s IOS, this command allows us to achieve the BGP multipath loadsharing on two different ISPs, I didn’t know anything about this commands, so I decided to search about it and know what is it?

What is a hidden command?

The configuration of Cisco hardware is performed from the command line. Unlike other hardware devices that have a GUI (Graphical User Interface) to use for configuration, Cisco makes no attempt at making it easy. Indeed, there are hundreds of commands that a Cisco Engineer must learn in order to configure the device. These commands, moreover, are frequently not intuitive – at least not intuitive enough to make one say that if you learn one, you can learn the others because they are similar.

Most common commands can be discovered with the “?”. But hidden commands cannot be uncovered with that marker, “?”. The Tab key used for autocomplete cannot be used either. Hidden commands are not documented in Cisco PDFs or on websites. Some of the output is used strictly for engineering purposes. Finally, they are not supported by Cisco, which means that the results cannot be guaranteed.

Cisco hidden commands were put in place by engineers who were designing the Internetwork Operating System (IOS). They were interested in testing the IOS to see if it was performing as expected.


let’s start with the most impressive command (according to me), this command which we talked about earlier: bgp bestpath as-path multipath-relax

Cisco documentation describing BGP multipath load sharing states:

For multiple paths to the same destination to be considered as multipaths, the following criteria must be met:

  • All attributes must be the same. The attributes include weight, local preference, autonomous system path (entire attribute and not just length), origin code, Multi Exit Discriminator (MED), and Interior Gateway Protocol (IGP) distance.
  • The next hop router for each multipath must be different.

These restrictions work well when we load share to one ISP over multiple links. Unfortunately requirement of having identical AS paths doesn’t work well for situation when we want to load share to two different ISPs.

Fortunately, Cisco has this undocumented command that allows us to bypass this requirement (AS paths still have to be te same length, but don’t have to be identical)…

For more hidden commands: Elemental Net


CCIE Lounge blog

Wiki Nil

Bright Hub

Enjoy it… 😉