Cisco ASA Series Command Reference
show running-config -- show running-config ctl-provider
Downloads: This chapterpdf (PDF - 400.0KB) The complete bookPDF (PDF - 31.85MB) | The complete bookePub (ePub - 2.33MB) | The complete bookMobi (Mobi - 9.5MB) | Feedback

Table of Contents

show running-config through show running-config cts Commands

show running-config

s how running-config aaa

s how running-config aaa-server

s how running-config aaa-server host

s how running-config access-group

s how running-config access-list

s how running-config alias

s how running-config arp

s how running-config arp timeout

s how running-config arp-inspection

s how running-config asdm

s how running-config auth-prompt

s how running-config auto-update

s how running-config banner

s how running-config call-home

s how running-config class

s how running-config class-map

s how running-config client-update

s how running-config clock

show running-config cluster

s how running-config command-alias

show running-config compression

s how running-config console timeout

s how running-config context

s how running-config crypto

s how running-config crypto dynamic-map

show running-config crypto engine

show running-config crypto ipsec

s how running-config crypto isakmp

s how running-config crypto map

show running-config ctl-file

show running-config cts

show running-config through show running-config cts Commands

show running-config

To display the configuration that is currently running on the ASA, use the show running-config command in privileged EXEC mode.

show running-config [ all ] [ command ]

 
Syntax Description

all

Displays the entire operating configuration, including defaults.

command

Displays the configuration associated with a specific command.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was modified.

8.3(1)

The command output displays encrypted passwords.

 
Usage Guidelines

The show running-config command displays the active configuration in memory (including saved configuration changes) on the ASA.

You can use the running-config keyword only in the show running-config command. You cannot use this keyword with no or clear , or as a standalone command, because the CLI treats it as an unsupported command. When you enter the ? , no ? , or clear ? keywords, the running-config keyword is not listed in the command list.

To display the saved configuration in flash memory on the ASA, use the show configuration command.

The show running-config command output displays encrypted, masked, or clear text passwords when password encryption is either enabled or disabled.


Note ASDM commands appear in the configuration after you use it to connect to or configure the ASA.


Examples

The following is sample output from the show running-config command:

ciscoasa# show running-config
: Saved
:
ASA Version 9.0(1)
names
!
interface Ethernet0
nameif test
security-level 10
ip address 10.1.1.2 255.255.255.254
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.1.1.3 255.255.254.0
!
interface Ethernet2
shutdown
no nameif
security-level 0
no ip address
!
interface Ethernet3
shutdown
no nameif
security-level 0
no ip address
!
interface Ethernet4
shutdown
no nameif
security-level 0
no ip address
!
interface Ethernet5
shutdown
no nameif
security-level 0
no ip address
!
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname example1
domain-name example.com
boot system flash:/cdisk.bin
ftp mode passive
pager lines 24
mtu test 1500
mtu inside 1500
monitor-interface test
monitor-interface inside
ASDM image flash:ASDM
no ASDM history enable
arp timeout 14400
route inside 0.0.0.0 0.0.0.0 10.1.1.2
timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 1:00:00 udp 0:02:00 icmp 1:00:00 rpc 1:00:00 h3
23 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02
:00
timeout uauth 0:00:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
fragment size 200 test
fragment chain 24 test
fragment timeout 5 test
fragment size 200 inside
fragment chain 24 inside
fragment timeout 5 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 1440
ssh timeout 5
console timeout 0
group-policy todd internal
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map abc_global_fw_policy
class inspection_default
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect mgcp
inspect netbios
inspect rpc
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect tftp
inspect xdmcp
inspect ctiqbe
inspect cuseeme
inspect icmp
!
terminal width 80
service-policy abc_global_fw_policy global
Cryptochecksum:bfecf4b9d1b98b7e8d97434851f57e14
: end

 
Related Commands

Command
Description

configure

Configures the ASA from the terminal.

show running-config aaa

To show the AAA configuration in the running configuration, use the show running-config aaa command in privileged EXEC mode.

show running-config aaa [ accounting | authentication | authorization | mac-exempt | proxy-limit ]

 
Syntax Description

accounting

(Optional) Show accounting-related AAA configuration.

authentication

(Optional) Show authentication-related AAA configuration.

authorization

(Optional) Show authorization-related AAA configuration.

mac-exempt

(Optional) Show MAC address exemption AAA configuration.

proxy-limit

(Optional) Show the number of concurrent proxy connections allowed per user.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show running-config aaa command:

ciscoasa# show running-config aaa
aaa authentication match infrastructure_authentication_radiusvrs infrastructure radiusvrs
aaa accounting match infrastructure_authentication_radiusvrs infrastructure radiusvrs
aaa authentication secure-http-client
aaa local authentication attempts max-fail 16
ciscoasa#

 
Related Commands

Command
Description

aaa authentication match

Enables authentication for traffic that is identified by an access list.

aaa authorization match

Enables authorization for traffic that is identified by an access list.

aaa accounting match

Enables accounting for traffic that is identified by an access list.

aaa max-exempt

Specifies the use of a predefined list of MAC addresses to exempt from authentication and authorization.

aaa proxy-limit

Configure the uauth session limit by setting the maximum number of concurrent proxy connections allowed per user.

show running-config aaa-server

To display AAA server configuration, use the show running-config aaa-server command in privileged EXEC mode.

show running-config [ all ] aaa-server [ server-tag ] [ ( interface-name ) ] [ host hostname ]

 
Syntax Description

all

(Optional) Shows the running configuration, including default configuration values.

host hostname

(Optional) The symbolic name or IP address of the particular host for which you want to display AAA server statistics.

(interface-name)

(Optional) The network interface where the AAA server resides.

server-tag

(Optional) The symbolic name of the server group.

 
Defaults

Omitting the server-tag value displays the configurations for all AAA servers.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  

  •  

 
Command History

Release
Modification

7.0(1)

This command was modified to adhere to CLI guidelines.

 
Usage Guidelines

Use this command to display the settings for a particular server group. Use the all parameter to display the default as well as the explicitly configured values.

Examples

To display the running configuration for the default AAA server group, use the following command:

ciscoasa(config)# show running-config default aaa-server
 
aaa-server group1 protocol tacacs+ accounting-mode simultaneous

reactivation-mode depletion deadtime 10

max-failed-attempts 4

ciscoasa(config)#

 
Related Commands

Command
Description

show aaa-server

Displays AAA server statistics.

clear configure aaa-server

Clears the AAA server configuration.

show running-config aaa-server host

To display AAA server statistics for a particular server, use the show running-config aaa-server command in global configuration or privileged EXEC mode.

show/clear aaa-server

show running-config [ all ] aaa-server server-tag [( interface-name )] host hostname

 
Syntax Description

all

(Optional) Shows the running configuration, including default configuration values.

server-tag

The symbolic name of the server group.

 
Defaults

Omitting the default keyword displays only the explicitly configured configuration values, not the default values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  

  •  

Global configuration

  •  
  •  

  •  

 
Command History

Release
Modification

7.0(1)

This command was modified to adhere to CLI guidelines.

 
Usage Guidelines

Use this command to display the statistics for a particular server group. Use the default parameter to display the default as well as the explicitly configured values.

Examples

To display the running configuration for the server group svrgrp1, use the following command:

ciscoasa(config)# show running-config default aaa-server svrgrp1
 

 
Related Commands

Command
Description

show running-config aaa-server

Displays AAA server settings for the indicated server, group, or protocol.

clear configure aaa

Removes the settings for all AAA servers across all groups.

show running-config access-group

To display the access group information, use the show running-config access-group command in privileged EXEC mode.

show running-config access-group

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show running-config access-group command:

ciscoasa# show running-config access-group
access-group 100 in interface outside
 

 
Related Commands

Command
Description

access-group

Binds an access list to an interface.

clear configure access-group

Removes access groups from all the interfaces.

show running-config access-list

To display the access-list configuration that is running on the ASA, use the show running-config access-list command in privileged EXEC mode.

show running-config [ default ] access-list [ alert-interval | deny-flow-max ]

show running-config [ default ] access-list id [ saddr_ip ]

 
Syntax Description

alert-interval

Shows the alert interval for generating syslog message 106001, which alerts that the system has reached a deny flow maximum.

deny-flow-max

Shows the maximum number of concurrent deny flows that can be created.

id

Identifies the access list that is displayed.

saddr_ip

Shows the access list elements that contain the specified source IP address.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

Added keyword running-config .

 
Usage Guidelines

The show running-config access-list command allows you to display the current running access list configuration on the ASA.

Examples

The following is sample output from the show running-config access-list command:

ciscoasa# show running-config access-list
access-list allow-all extended permit ip any any

 
Related Commands

Command
Description

access-list ethertype

Configures an access list that controls traffic based on its EtherType.

access-list extended

Adds an access list to the configuration and configures policy for IP traffic through the firewall.

access-list ethertype

Configures an access list that controls traffic based on its EtherType.

clear access-list

Clears an access list counter.

clear configure access-list

Clears an access list from the running configuration.

show running-config alias

To display the overlapping addresses with dual NAT commands in the configuration, use the show running-config alias command in privileged EXEC mode.

show running-config alias { interface_name }

 
Syntax Description

interface_name

Internal network interface name that the destination_ip overwrites.

 
Defaults

This command has no default settings.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

  •  
  •  

  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

This example shows how to display alias information:

ciscoasa# show running-config alias

 
Related Commands

Command
Description

alias

Creates an alias.

clear configure alias

Deletes an alias.

show running-config arp

To show static ARP entries created by the arp command in the running configuration, use the show running-config arp command in privileged EXEC mode.

show running-config arp

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show running-config arp command:

ciscoasa# show running-config arp
arp inside 10.86.195.11 0008.023b.9893
 

 
Related Commands

Command
Description

arp

Adds a static ARP entry.

arp-inspection

For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.

show arp

Shows the ARP table.

show arp statistics

Shows ARP statistics.

show running-config arp timeout

To view the ARP timeout configuration in the running configuration, use the show running-config arp timeout command in privileged EXEC mode.

show running-config arp timeout

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was changed from show arp timeout .

Examples

The following is sample output from the show running-config arp timeout command:

ciscoasa# show running-config arp timeout
arp timeout 20000 seconds
 

 
Related Commands

Command
Description

arp

Adds a static ARP entry.

arp timeout

Sets the time before the ASA rebuilds the ARP table.

arp-inspection

For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.

show arp statistics

Shows ARP statistics.

show running-config arp-inspection

To view the ARP inspection configuration in the running configuration, use the show running-config arp-inspection command in privileged EXEC mode.

show running-config arp-inspection

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was changed from show arp timeout .

Examples

The following is sample output from the show running-config arp-inspection command:

ciscoasa# show running-config arp-inspection
 
arp-inspection inside1 enable no-flood
 

 
Related Commands

Command
Description

arp

Adds a static ARP entry.

arp-inspection

For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.

clear configure arp-inspection

Clears the ARP inspection configuration.

firewall transparent

Sets the firewall mode to transparent.

show arp statistics

Shows ARP statistics.

show running-config asdm

To display the asdm commands in the running configuration, use the show running-config asdm command in privileged EXEC mode.

show running-config asdm [ group | location ]

 
Syntax Description

group

(Optional) Limits the display to the asdm group commands in the running configuration.

location

(Optional) Limits the display to the asdm location commands in the running configuration.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

This command was changed from the show running-config pdm command to the show running-config asdm command.

 
Usage Guidelines

To remove the asdm commands from the configuration, use the clear configure asdm command.


Note On ASAs running in multiple context mode, the show running-config asdm group and show running-config asdm location commands are only available in the system execution space.


Examples

The following is sample output from the show running-configuration asdm command:

ciscoasa# show running-config asdm
asdm image flash:/ASDM
asdm history enable
ciscoasa#
 

 
Related Commands

Command
Description

show asdm image

Displays the current ASDM image file.

show running-config auth-prompt

To display the current authentication prompt challenge text, use the show running-config auth-prompt command in global configuration mode.

show running-config [ default ] auth-prompt

 
Syntax Description

default

(Optional) Display the default authentication prompt challenge text.

 
Defaults

Display the configured authentication prompt challenge text.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

  •  
  •  

  •  

 
Command History

Release
Modification

7.0(1)

This command was modified for this release to conform to CLI guidelines.

 
Usage Guidelines

After you configure the authentication prompt with the auth-prompt command, use the show running-config auth-prompt command to view the current prompt text.

Examples

The following example shows the output of the show running-config auth-prompt command:

ciscoasa(config)# show running-config auth-prompt
auth-prompt prompt Please login:
auth-prompt accept You're in!
auth-prompt reject Try again.
ciscoasa(config)#

 
Related Commands

auth-prompt

Set the user authorization prompts.

clear configure auth-prompt

Reset the user authorization prompts to the default value.

show running-config auto-update

To display the current Auto Update Server certificate status, use the show running-config auto-update command in global configuration mode.

show running-config auto-update [ verify-certificate ]

 
Syntax Description

verify-certificate

(Optional) Shows that the Auto Update Server certificate has been verified.

 
Defaults

Displays the verify-certificate option after the ASA boots.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

  •  
  •  

  •  

 
Command History

Release
Modification

9.0(1)

This command was introduced.

 
Usage Guidelines

This command allows you to display the Auto Update Server certificate status.

Examples

The following examples show output from the show running-config auto-update command:

ciscoasa(config)# auto-update server https://10.86.195.49/autoupdate verify-certificate
ciscoasa(config)# show run auto-update
auto-update server https://10.86.195.49/autoupdate verify-certificate
 

 
Related Commands

auto-update server

Verifies the certificate provided via an HTTPS connection.

show running-config banner

To display the specified banner and all the lines that are configured for it, use the show running-config banner command in privileged EXEC mode.

show running-config banner [ exec | login | motd ]

 
Syntax Description

exec

(Optional) Displays the banner before the enable prompt.

login

(Optional) Displays the banner before the password login prompt when accessing the ASA using Telnet.

motd

(Optional) Displays the message-of-the-day banner.

 
Defaults

This command has no default settings.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

The running-config keyword was added.

 
Usage Guidelines

The show running-config banner command displays the specified banner keyword and all the lines configured for it. If a keyword is not specified, then all banners display.

Examples

This example shows how to display the message-of-the-day (motd) banner:

ciscoasa# show running-config banner motd

 
Related Commands

Command
Description

banner

Creates a banner.

clear configure banner

Deletes a banner.

show running-config call-home

To display the Call Home running configuration, use the show running-config call-home command in privileged EXEC mode.

[ cluster exec ] show running-config call-home

 
Syntax Description

cluster exec

(Optional) In a clustering environment, enables you to issue the show running-config call-home command in one unit and run the command in all the other units at the same time.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

8.2(2)

This command was introduced.

9.1(3)

A new type of Smart Call Home message has been added to include the output of the show cluster history command and show cluster info command.

Examples

The following is sample output from the cluster exec show running-config call-home command:

hostname# cluster exec show running-config call-home
A(LOCAL):*************************************************************
service call-home
call-home
contact-email-addr test@yahoo.com
mail-server 10.105.206.139 priority 5
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 5
subscribe-to-alert-group configuration periodic monthly 5
subscribe-to-alert-group telemetry periodic daily
profile test
destination address email user2@mail.cisco.com
destination transport-method email
subscribe-to-alert-group configuration periodic daily
 
 
B:********************************************************************
service call-home
call-home
contact-email-addr test@yahoo.com
mail-server 10.105.206.139 priority 5
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 24
subscribe-to-alert-group configuration periodic monthly 24
subscribe-to-alert-group telemetry periodic daily
profile test
destination address email user2@mail.cisco.com
destination transport-method email
subscribe-to-alert-group configuration periodic daily
 
 
C:********************************************************************
service call-home
call-home
contact-email-addr test@yahoo.com
mail-server 10.105.206.139 priority 5
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 1
subscribe-to-alert-group configuration periodic monthly 1
subscribe-to-alert-group telemetry periodic daily
profile test
destination address email user2@mail.cisco.com
destination transport-method email
subscribe-to-alert-group configuration periodic daily
 
 
D:********************************************************************
service call-home
call-home
contact-email-addr test@yahoo.com
mail-server 10.105.206.139 priority 5
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 5
subscribe-to-alert-group configuration periodic monthly 5
subscribe-to-alert-group telemetry periodic daily
profile test
destination address email user2@mail.cisco.com
destination transport-method email
subscribe-to-alert-group configuration periodic daily
 

 
Related CommandsA(LOCAL):*************************************************************

 
Related CommandsMessage Types Total Email HTTP

 
Related Commands-------------------- ---------------- ---------------- ----------------

 
Related Commands Total Success 3 3 0

 
Related Commands test 3 3 0

 
Related Commands

 
Related Commands Total In-Delivering 0 0 0

 
Related Commands

 
Related Commands Total In-Queue 0 0 0

 
Related Commands

 
Related CommandsTotal Dropped 8 8 0

 
Related Commands Tx Failed 8 8 0

 
Related Commands configuration 2 2 0

 
Related Commands test 6 6 0

 
Related Commands

 
Related Commands

 
Related CommandsEvent Types Total

 
Related Commands-------------------- ----------------

 
Related Commands Total Detected 10

 
Related Commands configuration 1

 
Related Commands test 9

 
Related Commands

 
Related Commands Total In-Processing 0

 
Related Commands

 
Related Commands Total In-Queue 0

 
Related Commands

 
Related CommandsTotal Dropped 0

 
Related Commands

 
Related CommandsLast call-home message sent time: 2013-04-15 05:37:16 GMT+00:00

 
Related Commands

 
Related Commands

 
Related Commands

 
Related CommandsB:********************************************************************

 
Related CommandsMessage Types Total Email HTTP

 
Related Commands-------------------- ---------------- ---------------- ----------------

 
Related Commands Total Success 1 1 0

 
Related Commands test 1 1 0

 
Related Commands

 
Related Commands Total In-Delivering 0 0 0

 
Related Commands

 
Related Commands Total In-Queue 0 0 0

 
Related Commands

 
Related CommandsTotal Dropped 2 2 0

 
Related Commands Tx Failed 2 2 0

 
Related Commands configuration 2 2 0

 
Related Commands

 
Related Commands

 
Related CommandsEvent Types Total

 
Related Commands-------------------- ----------------

 
Related Commands Total Detected 2

 
Related Commands configuration 1

 
Related Commands test 1

 
Related Commands

 
Related Commands Total In-Processing 0

 
Related Commands

 
Related Commands Total In-Queue 0

 
Related Commands

 
Related CommandsTotal Dropped 0

 
Related Commands

 
Related CommandsLast call-home message sent time: 2013-04-15 05:36:16 GMT+00:00

 
Related Commands

 
Related Commands

 
Related Commands

 
Related CommandsC:********************************************************************

 
Related CommandsMessage Types Total Email HTTP

 
Related Commands-------------------- ---------------- ---------------- ----------------

 
Related Commands Total Success 0 0 0

 
Related Commands

 
Related Commands Total In-Delivering 0 0 0

 
Related Commands

 
Related Commands Total In-Queue 0 0 0

 
Related Commands

 
Related CommandsTotal Dropped 2 2 0

 
Related Commands Tx Failed 2 2 0

 
Related Commands configuration 2 2 0

 
Related Commands

 
Related Commands

 
Related CommandsEvent Types Total

 
Related Commands-------------------- ----------------

 
Related Commands Total Detected 1

 
Related Commands configuration 1

 
Related Commands

 
Related Commands Total In-Processing 0

 
Related Commands

 
Related Commands Total In-Queue 0

 
Related Commands

 
Related CommandsTotal Dropped 0

 
Related Commands

 
Related CommandsLast call-home message sent time: n/a

 
Related Commands

 
Related Commands

 
Related Commands

 
Related CommandsD:********************************************************************

 
Related CommandsMessage Types Total Email HTTP

 
Related Commands-------------------- ---------------- ---------------- ----------------

 
Related Commands Total Success 1 1 0

 
Related Commands test 1 1 0

 
Related Commands

 
Related Commands Total In-Delivering 0 0 0

 
Related Commands

 
Related Commands Total In-Queue 0 0 0

 
Related Commands

 
Related CommandsTotal Dropped 2 2 0

 
Related Commands Tx Failed 2 2 0

 
Related Commands configuration 2 2 0

 
Related Commands

 
Related Commands

 
Related CommandsEvent Types Total

 
Related Commands-------------------- ----------------

 
Related Commands Total Detected 2

 
Related Commands configuration 1

 
Related Commands test 1

 
Related Commands

 
Related Commands Total In-Processing 0

 
Related Commands

 
Related Commands Total In-Queue 0

 
Related Commands

 
Related CommandsTotal Dropped 0

 
Related Commands

 
Related CommandsLast call-home message sent time: 2013-04-15 05:35:34 GMT+00:00

 
Related Commands

 
Related Commandsfw-cluster(config)#

 
Related Commands configuration

Command
Description

call-home

Enters call home configuration mode.

call-home send alert-group

Sends a specific alert group message.

service call-home

Enables or disables Call Home.

show running-config class

To show the resource class configuration, use the show running-config class command in privileged EXEC mode.

show running-config class

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following is sample output from the show running-config class command:

ciscoasa# show running-config class
 
class default
limit-resource All 0
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
 

 
Related Commands

Command
Description

class

Configures a resource class.

clear configure class

Clears the class configuration.

context

Configures a security context.

limit-resource

Sets the resource limit for a class.

member

Assigns a context to a resource class.

show running-config class-map

To display the information about the class map configuration, use the show running-config class-map command in privileged EXEC mode.

show running-config [ all ] class-map [ class_map_name | type { management | regex | inspect [ protocol ]}]

 
Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.

class_map_name

(Optional) Shows the running configuration for a class map name.

inspect

(Optional) Shows inspection class maps.

management

(Optional) Shows management class maps.

protocol

(Optional) Specifies the type of application map you want to show. Available types include:

  • dns
  • ftp
  • h323
  • http
  • im
  • p2p-donkey
  • sip

regex

(Optional) Shows regular expression class maps.

type

(Optional) Specifies the type of class map you want to show. To show Layer 3/4 class maps, to not specify the type.

 
Defaults

The class-map class-default command, which contains a single match any command is the default class map.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

Added keyword running-config .

Examples

The following is sample output from the show running-config class-map command:

ciscoasa# show running-config class-map
class-map tcp-port
match port tcp eq ftp
ciscoasa#
 

 
Related Commands

Command
Description

class-map

Applies a traffic class to an interface.

clear configure class-map

Removes all of the traffic map definitions.

show running-config client-update

To display global client-update configuration information, use the show running-config client-update command in global configuration mode or in tunnel-group ipsec-attributes configuration mode.

show running-config client-update

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

  •  
  •  

  •  

Tunnel-group ipsec-attributes configuration

  •  

  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

7.1(1)

Added tunnel-group ipsec-attributes configuration mode.

 
Usage Guidelines

Use this command to display global client-update configuration information.

Examples

This example shows a show running-config client-update command in global configuration mode and its output for a configuration with client-update enabled:

ciscoasa(config)# show running-config client-update
ciscoasa(config)# client-update enable
 

 
Related Commands

Command
Description

clear configure client-update

Clears the entire client-update configuration.

client-update

Configures client-update.

show running-config clock

To show the clock configuration in the running configuration, use the show running-config clock command in privileged EXEC mode.

show running-config [ all ] clock

 
Syntax Description

all

(Optional) Shows all clock commands, including the commands you have not changed from the default.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The all keyword also displays the exact day and time for the clock summer-time command, as well as the default setting for the offset, if you did not originally set it.

Examples

The following is sample output from the show running-config clock command. Only the clock summer-time command was set.

ciscoasa# show running-config clock
clock summer-time EDT recurring
 

The following is sample output from the show running-config all clock command. The default setting for the unconfigured clock timezone command displays, and the detailed information for the clock summer-time command displays.

ciscoasa# show running-config all clock
clock timezone UTC 0
clock summer-time EDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00 60

 
Related Commands

Command
Description

clock set

Manually sets the clock on the ASA.

clock summer-time

Sets the date range to show daylight saving time.

clock timezone

Sets the time zone.

show running-config cluster

To show the cluster configuration, use the show running-config cluster command in privileged EXEC mode.

show running-config [ all ] cluster

 
Syntax Description

all

(Optional) Shows the running configuration, including default configuration values.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

9.0(1)

We introduced this command.

 
Usage Guidelines

Use the clear configure cluster command to clear the cluster configuration.

Examples

The following is sample output from the show running-config cluster command:

ciscoasa(config)# show running-config cluster
cluster group cluster1
local-unit asa1
cluster-interface Port-channel2 ip 10.10.10.1 255.255.255.0
priority 2
health-check holdtime 0.9
clacp system-mac auto system-priority 5
 

 
Related Commands

Command
Description

clacp system-mac

When using spanned EtherChannels, the ASA uses cLACP to negotiate the EtherChannel with the neighbor switch.

clear configure cluster

Clears the cluster configuration.

cluster group

Names the cluster and enters cluster configuration mode.

cluster-interface

Specifies the cluster control link interface.

cluster interface-mode

Sets the cluster interface mode.

conn-rebalance

Enables connection rebalancing.

console-replicate

Enables console replication from slave units to the master unit.

enable (cluster group)

Enables clustering.

health-check

Enables the cluster health check feature, which includes unit health monitoring and interface health monitoring.

key

Sets an authentication key for control traffic on the cluster control link.

local-unit

Names the cluster member.

mtu cluster-interface

Specifies the maximum transmission unit for the cluster control link interface.

priority (cluster group)

Sets the priority of this unit for master unit elections.

show running-config command-alias

To display the command aliases that are configured, use the show running-config command-alias command in privileged EXEC mode.

show running-config [ all ] command-alias

 
Syntax Description

all

(Optional) Displays all command aliases configured, including defaults.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

If you do not enter the all keyword, only non-default command aliases appear.

Examples

The following is sample output from the show running-config all command-alias command, which displays all command aliases that are configured on the ASA, including defaults:

ciscoasa# show running-config all command-alias
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
command-alias exec save copy running-config startup-config
 

The following is sample output from the show running-config all command-alias command, which displays all command aliases that are configured on the ASA, excluding defaults:

ciscoasa# show running-config command-alias
command-alias exec save copy running-config startup-config
ciscoasa#

 
Related Commands

Command
Description

command-alias

Creates a command alias.

clear configure command-alias

Deletes all non-default command aliases.

show running-config compression

To display the compression configuration in the running configuration, use the show running-config compression command from privileged EXEC mode:

show running-config compression

 
Defaults

There is no default behavior for this command.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.1(1)

This command was introduced.

Examples

The following example shows the compression configuration within the running configuration:

hostname# show running-config compression
compression svc http-comp
 

 
Related Commands

Command
Description

compression

Enables compression for all SVC, WebVPN, and Port Forwarding connections.

show running-config console timeout

To display the console connection timeout value, use the show running-config console timeout command in privileged EXEC mode.

show running-config console timeout

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show running-config console timeout command:

ciscoasa# show running-config console timeout
console timeout 0
 

 
Related Commands

Command
Description

console timeout

Sets the idle timeout for a console connection to the ASA.

clear configure console

Resets the console connection settings to defaults.

show running-config context

To show the context configuration in the system execution space, use the show running-config context command in privileged EXEC mode.

show running-config [ all ] context

 
Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default. If you use the mac-address auto command, then you can view the assigned MAC addresses using the all keyword.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

8.0(5)/8.2(2)

When using the all keyword, you can view assigned MAC addresses to shared interfaces when you configure the mac-address auto command.

 
Usage Guidelines

If you use the mac-address auto command to generate unique MAC addresses for shared interfaces, the all option is required to view the assigned MAC addresses. Although the mac-address auto command is user-configurable in global configuration mode only, the mac-address auto command appears as a read-only entry in the configuration for each context along with the assigned MAC address. Only shared interfaces that are configured with a nameif command within the context have a MAC address assigned.


Note If you manually assign a MAC address to an interface, but also have auto-generation enabled, the auto-generated address continues to show in the configuration even though the manual MAC address is the one that is in use. If you later remove the manual MAC address, the auto-generated one shown will be used.


Examples

The following output from the show running-config all context admin command shows the primary and standby MAC address assigned to the Management0/0 interface:

ciscoasa# show running-config all context admin
 
context admin
allocate-interface Management0/0
mac-address auto Management0/0 a24d.0000.1440 a24d.0000.1441
config-url disk0:/admin.cfg
 

The following output from the show running-config all context command shows all the MAC addresses (primary and standby) for all context interfaces. Note that because the GigabitEthernet0/0 and GigabitEthernet0/1 main interfaces are not configured with a nameif command inside the contexts, no MAC addresses have been generated for them.

 
ciscoasa# show running-config all context
 
admin-context admin
context admin
allocate-interface Management0/0
mac-address auto Management0/0 a2d2.0400.125a a2d2.0400.125b
config-url disk0:/admin.cfg
!
 
context CTX1
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/0.1-GigabitEthernet0/0.5
mac-address auto GigabitEthernet0/0.1 a2d2.0400.11bc a2d2.0400.11bd
mac-address auto GigabitEthernet0/0.2 a2d2.0400.11c0 a2d2.0400.11c1
mac-address auto GigabitEthernet0/0.3 a2d2.0400.11c4 a2d2.0400.11c5
mac-address auto GigabitEthernet0/0.4 a2d2.0400.11c8 a2d2.0400.11c9
mac-address auto GigabitEthernet0/0.5 a2d2.0400.11cc a2d2.0400.11cd
allocate-interface GigabitEthernet0/1
allocate-interface GigabitEthernet0/1.1-GigabitEthernet0/1.3
mac-address auto GigabitEthernet0/1.1 a2d2.0400.120c a2d2.0400.120d
mac-address auto GigabitEthernet0/1.2 a2d2.0400.1210 a2d2.0400.1211
mac-address auto GigabitEthernet0/1.3 a2d2.0400.1214 a2d2.0400.1215
config-url disk0:/CTX1.cfg
!
 
context CTX2
allocate-interface GigabitEthernet0/0
allocate-interface GigabitEthernet0/0.1-GigabitEthernet0/0.5
mac-address auto GigabitEthernet0/0.1 a2d2.0400.11ba a2d2.0400.11bb
mac-address auto GigabitEthernet0/0.2 a2d2.0400.11be a2d2.0400.11bf
mac-address auto GigabitEthernet0/0.3 a2d2.0400.11c2 a2d2.0400.11c3
mac-address auto GigabitEthernet0/0.4 a2d2.0400.11c6 a2d2.0400.11c7
mac-address auto GigabitEthernet0/0.5 a2d2.0400.11ca a2d2.0400.11cb
allocate-interface GigabitEthernet0/1
allocate-interface GigabitEthernet0/1.1-GigabitEthernet0/1.3
mac-address auto GigabitEthernet0/1.1 a2d2.0400.120a a2d2.0400.120b
mac-address auto GigabitEthernet0/1.2 a2d2.0400.120e a2d2.0400.120f
mac-address auto GigabitEthernet0/1.3 a2d2.0400.1212 a2d2.0400.1213
config-url disk0:/CTX2.cfg
!

 
Related Commands

Command
Description

admin-context

Sets the admin context.

allocate-interface

Assigns interfaces to a context.

changeto

Changes between contexts or the system execution space.

config-url

Specifies the location of the context configuration.

context

Creates a security context in the system configuration and enters context configuration mode.

mac-address auto

Automatically generates unique MAC addresses for shared interfaces.

show running-config crypto

To display the entire crypto configuration including IPsec, crypto maps, dynamic crypto maps, and ISAKMP, use the show running-config crypto command in global configuration or privileged EXEC mode.

show running-config crypto

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

8.2(3)

Added crypto engine large-mod-accel command.

Examples

The following is sample output from the show running-config crypto command:

ciscoasa# show running-config crypto
crypto ipsec transform-set example1 esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto engine large-mod-accel
crypto map mymap 10 match address L2L
crypto map mymap 10 set peer 75.5.33.1
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set security-association lifetime seconds 28800
crypto map mymap 10 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
 

 
Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show isakmp sa

Displays IKE runtime SA database with additional information.

show running-config crypto dynamic-map

To view a dynamic crypto map, use the show running-config crypto dynamic-map command in global configuration or privileged EXEC mode.

show running-config crypto dynamic-map

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behaviors or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

Examples

The following example entered in global configuration mode, displays all configuration information about crypto dynamic maps:

ciscoasa(config)# show running-config crypto dynamic-map
 
Crypto Map Template "dyn1" 10
 
access-list 152 permit ip host 172.21.114.67 any
Current peer: 0.0.0.0
Security association lifetime: 4608000 kilobytes/120 seconds
PFS (Y/N): N
Transform sets={ tauth, t1, }
 

 
Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show isakmp sa

Displays IKE runtime SA database with additional information.

show running-config crypto engine

To show if large modulus operations are switched to hardware, use the crypto engine large-mod-accel command in privileged EXEC mode.

show running-config crypto engine

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

privileged EXEC

 
Command History

Release
Modification

8.2(3)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

 
Usage Guidelines

This command is available only with the ASA models 5510, 5520, 5540, and 5550. If the CLI displays crypto engine large-mod-accel in response, the ASA is configured to run large modulus operations on the hardware instead of the software. The crypto engine large-mod-accel command specifies this switch.

If you enter this command and the CLI responds only by redisplaying the prompt, the ASA is configured to run large modulus operations on the software.

Example

The following example response to this command shows that large modulus operations are configured to run on hardware:

ciscoasa# show running-config crypto engine
crypto engine large-mod-accel
 

 
Related Commands

Command
Description

crypto engine large-mod-accel

Switches large modulus operations from software to hardware.

clear configure crypto engine

Returns large modulus operations to software.

show running-config crypto ipsec

To display the complete IPsec configuration, use the show running-config crypto ipsec command in global configuration or privileged EXEC mode.

show running-config crypto ipsec

 
Syntax Description

This command has no default behavior or values.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

Examples

The following example issued in global configuration mode, displays information about the IPsec configuration:

ciscoasa(config)# show running-config crypto ipsec
crypto ipsec transform-set ttt esp-3des esp-md5-hmac
 

 
Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show isakmp sa

Displays IKE runtime SA database with additional information.

show running-config crypto isakmp

To display the complete ISAKMP configuration, use the show running-config crypto isakmp command in global configuration or privileged EXEC mode.

show running-config crypto isakmp

 
Syntax Description

This command has no default behavior or values.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

The show running-config isakmp command was introduced.

7.2(1)

This command was deprecated. The show running-config crypto isakmp command replaces it.

9.0(1)

Support for multiple context mode was added.

Examples

The following example issued in global configuration mode, displays information about the ISKAKMP configuration:

ciscoasa(config)# show running-config crypto isakmp
crypto isakmp enable inside
crypto isakmp policy 1 authentication pre-share
crypto isakmp policy 1 encryption 3des
crypto isakmp policy 1 hash md5
crypto isakmp policy 1 group 2
crypto isakmp policy 1 lifetime 86400
ciscoasa(config)#

 
Related Commands

Command
Description

clear configure crypto isakmp

Clears all the ISAKMP configuration.

clear configure crypto isakmp policy

Clears all ISAKMP policy configuration.

clear crypto isakmp sa

Clears the IKE runtime SA database.

crypto isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show crypto isakmp sa

Displays IKE runtime SA database with additional information.

show running-config crypto map

To display all configuration for all crypto maps, use the show running-config crypto map command in global configuration or privileged EXEC mode.

show running-config crypto map

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

9.0(1)

Support for multiple context mode was added.

Examples

The following example entered in privileged EXEC mode, displays all configuration information for all crypto maps:

ciscoasa# show running-config crypto map
crypto map abc 1 match address xyz
crypto map abc 1 set peer 209.165.200.225
crypto map abc 1 set transform-set ttt
crypto map abc interface test
 

 
Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPsec peer communicates with the ASA.

show isakmp sa

Displays IKE runtime SA database with additional information.

show running-config ctl-file

To show configured CTL file instances, use the show running-config ctl-file command in privileged EXEC mode.

show running-config [ all ] ctl-file [ ctl_name ]

 
Syntax Description

ctl_name

(Optional) Specifies the name of the CTL file instance.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

8.0(4)

The command was introduced.

Examples

The following example shows the use of the show running-config ctl-file command to show configured CTL file instances:

ciscoasa# show running-config all ctl-file asa_ctl
 

 
Related Commands

Command
Description

ctl-file (global)

Specifies the CTL file to create for Phone Proxy configuration or the CTL file to parse from Flash memory.

ctl-file (phone-proxy)

Specifies the CTL file to use for Phone Proxy configuration.

phone-proxy

Configures the Phone Proxy instance.

show running-config cts

To display all currently configured Cisco TrustSec (CTS) commands, use the show running-config cts command in privileged EXEC mode.

show running-config [ all ] cts [ server-group ] [ sxp ]

 
Syntax Description

all

Shows all default CTS configuration values and the Security eXchange Protocol (SXP) configuration.

server-group

Shows the server group configuration.

sxp

Shows the SXP configuration.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

9.0(1)

This command was introduced.

Examples

The following is sample output of the show running-config cts command:

ciscoasa# show running-config cts
cts server-group ise
cts sxp enable
cts sxp default password *****
cts sxp reconciliation period 10
cts sxp retry period 3
cts sxp connection peer 10.0.0.248 password default mode peer speaker
 

The following is sample output of the show running-config all cts command:

ciscoasa# show running-config all cts
 
cts server-group ctsgroup
 
no cts sxp enable
no cts sxp default password
cts sxp retry period 120
cts sxp reconcile period 120
 

 
Related Commands

Command
Description

show cts

Shows the SXP connections for the running configuration.

show cts environment

Shows the health and status of the environment data refresh operation.