Almost all of the commands the Cisco Active Advisor scanner executes on
devices it finds are SHOW commands. The only exceptions would be where
the device itself does not run IOS (some Wireless APs and WLCs) or
specific models where other commands are available that are useful (like
SMB 500 & 300 Switches where the scanner can use a terminal
- show arp
- show cdp neighbors
- show health-monitor
- show inventory
- show ip int brief
- show int description
- show mac address-table [synchronize statistics]
- show module switch [1|2]
- show running-config [all]
- show switch
- show system
- show tech-support wireless (if successful also then runs "show tech-support")
- show version
- show vtp [status|password]
This is not the complete list, but rather a sample of commands for different devices. It is important to note scanner does not run every one of these commands on every device.
Generally, even if some of the above commands spike the CPU to 100%, they are typically low priority EXEC processes and will consume CPU cycles only where available and not serving interrupt or input traffic (such as packet processing). There are some scenarios where a "show run" can take a long time (5 minutes even) to complete, if the device were already operating under heavy load.
Scanner will attempt to log into your devices and retrieve the output of several privileged commands, such as 'show running-config', from which the device's enabled features, and host name are learned. The scanner will presently only wait for up to 15 seconds for a command to start issuing output before it gives up and moves on to the next command in a list of commands to be tried.
Some device configurations (and stacks of devices) can take several seconds, to several minutes, in order to produce the output for 'show running-config'. As these commands are consider low-priority by IOS, high CPU load (show proc cpu hist) can also affect the time it takes to generate the running-configuration.
It's worth noting that although such commands as 'show running-config' may cause the CPU load to climb or reach 100% on a device, the CPU time given to these low-priority processes are preempted by other higher-priority processes, as to not impact packet processing.
There may be a workaround available to you, depending
on the IOS/IOS-XE version your devices are running. Please see the
document below about enabling 'parser config cache interface' in your
running-config, which can dramatically speed up NVGEN-type commands such
as 'show running-config':
Please note that after enabling the command, you should perform a 'show running-config' once in order to establish the cache. Subsequent executions (including by CAA scanner) are then able to speed up significantly (and automatically) by the presence of the cache.