Cisco ASA Series Command Reference
show ddns update interface -- show environment
Downloads: This chapterpdf (PDF - 449.0KB) The complete bookPDF (PDF - 31.85MB) | The complete bookePub (ePub - 2.33MB) | The complete bookMobi (Mobi - 9.5MB) | Feedback

Table of Contents

show ddns update interface through show environment Commands

s how ddns update interface

s how ddns update method

show debug

show debug mmp

s how dhcpd

s how dhcprelay state

s how dhcprelay statistics

s how disk

show dns

s how dns-hosts

show dynamic-filter data

show dynamic-filter dns-snoop

show dynamic-filter reports top

show dynamic-filter reports infected-hosts

show dynamic-filter statistics

show dynamic-filter updater-client

show eigrp events

show eigrp interfaces

show eigrp neighbors

show eigrp topology

show eigrp traffic

show environment

show ddns update interface through show environment Commands

show ddns update interface

To display the DDNS methods assigned to ASA interfaces, use the show ddns update interface command in privileged EXEC mode.

show ddns update interface [ interface-name ]

 
Syntax Description

interface-name

(Optional) The name of a network interface.

 
Defaults

Omitting the interface-name string displays the DDNS method assigned to each interface.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following example displays the DDNS method assigned to the inside interface:

ciscoasa# show ddns update interface inside
Dynamic DNS Update on inside:
Update Method Name Update Destination
ddns-2 not available
ciscoasa#

 
Related Commands

Command
Description

ddns (DDNS-update-

method mode)

Specifies a DDNS update method type for a created DDNS method.

ddns update (interface config mode)

Associates an ASA interface with a DDNS update method or a DDNS update hostname.

ddns update method (global config mode)

Creates a method for dynamically updating DNS resource records.

show ddns update method

Displays the type and interval for each configured DDNS method. a DHCP server to perform DDNS updates.

show running-config ddns

Displays the type and interval of all configured DDNS methods in the running configuration.

show ddns update method

To display the DDNS update methods in the running configuration, use the show ddns update method command in privileged EXEC mode.

show ddns update method [ method-name ]

 
Syntax Description

method-name

(Optional) The name of a configured DDNS update method.

 
Defaults

Omitting the method-name string displays all configured DDNS update methods.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.2(1)

This command was introduced.

Examples

The following example displays the DDNS method named ddns-2:

ciscoasa(config)# show ddns update method ddns-2
 

Dynamic DNS Update Method: ddns-2

IETF standardized Dynamic DNS 'A' and 'PTR' records update

Maximum update interval: 0 days 0 hours 10 minutes 0 seconds

ciscoasa(config)#

 
Related Commands

Command
Description

ddns (DDNS-update-

method mode)

Specifies a DDNS update method type for a created DDNS method.

ddns update (interface config mode)

Associates a ASA interface with a Dynamic DNS (DDNS) update method or a DDNS update hostname.

ddns update method (global config mode)

Creates a method for dynamically updating DNS resource records.

show ddns update interface

Displays the interfaces associated with each configured DDNS method.

show running-config ddns

Displays the type and interval of all configured DDNS methods in the running configuration.

show debug

To show the current debugging configuration, use the show debug command.

show debug [ command [ keywords ]]

 
Syntax Description

command

(Optional) Specifies the debug command whose current configuration you want to view.

keywords

(Optional) For each command , the keywords following the command are identical to the keywords supported by the associated debug command.

 
Defaults

This command has no default settings.

 
Command Modes

The following table shows the modes in which you can enter the command.

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  
  •  
  •  
  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

8.0(2)

The eigrp keyword was added to the list of possible command values.

8.4(1)

The route keyword was added to the list of possible command values.

 
Usage Guidelines

For each command , the keywords following the command are identical to the keywords supported by the associated debug command. For information about the supported syntax, see the associated debug command.


Note The availability of each command depends on the command modes that support the applicable debug command.


The valid command values are as follows:

  • aaa
  • appfw
  • arp
  • asdm
  • context
  • crypto
  • ctiqbe
  • ctm
  • dhcpc
  • dhcpd
  • dhcprelay
  • disk
  • dns
  • eigrp
  • email
  • entity
  • fixup
  • fover
  • fsm
  • ftp
  • generic
  • gtp
  • h323
  • http
  • http-map
  • icmp
  • igmp
  • ils
  • imagemgr
  • ipsec-over-tcp
  • ipv6
  • iua-proxy
  • kerberos
  • ldap
  • mfib
  • mgcp
  • mrib
  • ntdomain
  • ntp
  • ospf
  • parser
  • pim
  • pix
  • pptp
  • radius
  • rip
  • route
  • rtsp
  • sdi
  • sequence
  • sip
  • skinny
  • smtp
  • sqlnet
  • ssh
  • ssl
  • sunrpc
  • tacacs
  • timestamps
  • vpn-sessiondb
  • webvpn
  • xdmcp
  • xml

Examples

You can use the show debug command to view all debugging configurations, a debugging configuration for a specific feature, and a debugging configuration for a portion of a feature.

The following commands enable debugging for authentication, accounting, and flash memory:

ciscoasa# debug aaa authentication
debug aaa authentication enabled at level 1
ciscoasa# debug aaa accounting
debug aaa accounting enabled at level 1
ciscoasa# debug disk filesystem
debug disk filesystem enabled at level 1
ciscoasa# show debug
debug aaa authentication enabled at level 1
debug aaa accounting enabled at level 1
debug disk filesystem enabled at level 1
ciscoasa# show debug aaa
debug aaa authentication enabled at level 1
debug aaa authorization is disabled.
debug aaa accounting enabled at level 1
debug aaa internal is disabled.
debug aaa vpn is disabled.
ciscoasa# show debug aaa accounting
debug aaa accounting enabled at level 1
ciscoasa#

 
Related Commands

Command
Description

debug

Displays all debug commands.

show debug mmp

To display current debug settings for the MMP inspection module, use the show debug mmp command in privileged EXEC mode.

show debug mmp

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  

 
Command History

Release
Modification

8.0(4)

The command was introduced.

Examples

The following example shows the use of the show debug mmp command to displaythe current debug settings for the MMP inspection module:

ciscoasa# show debug mmp
debug mmp enabled at level 1
 

 
Related Commands

Command
Description

debug mmp

Display inspect MMP events.

inspect mmp

Configures the MMP inspection engine.

show dhcpd

To view DHCP binding, state, and statistical information, use the show dhcpd command in privileged EXEC or global configuration mode.

show dhcpd { binding [ IP_address ] | state | statistics }

 
Syntax Description

binding

Displays binding information for a given server IP address and its associated client hardware address and lease length.

IP_address

Shows the binding information for the specified IP address.

state

Displays the state of the DHCP server, such as whether it is enabled in the current context and whether it is enabled on each of the interfaces.

statistics

Displays statistical information, such as the number of address pools, bindings, expired bindings, malformed messages, sent messages, and received messages.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  
  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

If you include the optional IP address in the show dhcpd binding command, only the binding for that IP address is shown.

The show dhcpd binding | state | statistics commands are also available in global configuration mode.

Examples

The following is sample output from the show dhcpd binding command:

ciscoasa# show dhcpd binding
IP Address Client-id Lease Expiration Type
10.0.1.100 0100.a0c9.868e.43 84985 seconds automatic
 

The following is sample output from the show dhcpd state command:

ciscoasa# show dhcpd state
Context Not Configured for DHCP
Interface outside, Not Configured for DHCP
Interface inside, Not Configured for DHCP
 

The following is sample output from the show dhcpd statistics command:

ciscoasa# show dhcpd statistics
 
DHCP UDP Unreachable Errors: 0
DHCP Other UDP Errors: 0
 
Address pools 1
Automatic bindings 1
Expired bindings 1
Malformed messages 0
 
Message Received
BOOTREQUEST 0
DHCPDISCOVER 1
DHCPREQUEST 2
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 0
 
Message Sent
BOOTREPLY 0
DHCPOFFER 1
DHCPACK 1
DHCPNAK 1
 

 
Related Commands

Command
Description

clear configure dhcpd

Removes all DHCP server settings.

clear dhcpd

Clears the DHCP server bindings and statistic counters.

dhcpd lease

Defines the lease length for DHCP information granted to clients.

show running-config dhcpd

Displays the current DHCP server configuration.

show dhcprelay state

To view the state of the DHCP relay agent, use the show dhcprelay state command in privileged EXEC or global configuration mode.

show dhcprelay state

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

This command displays the DHCP relay agent state information for the current context and each interface.

Examples

The following is sample output from the show dhcprelay state command:

ciscoasa# show dhcprelay state
 
Context Configured as DHCP Relay
Interface outside, Not Configured for DHCP
Interface infrastructure, Configured for DHCP RELAY SERVER
Interface inside, Configured for DHCP RELAY
 

 
Related Commands

Command
Description

show dhcpd

Displays DHCP server statistics and state information.

show dhcprelay statistics

Displays the DHCP relay statistics.

show running-config dhcprelay

Displays the current DHCP relay agent configuration.

show dhcprelay statistics

To display the DHCP relay statistics, use the show dhcprelay statistics command in privileged EXEC mode.

show dhcprelay statistics

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

7.0(1)

This command was introduced.

 
Usage Guidelines

The output of the show dhcprelay statistics command increments until you enter the clear dhcprelay statistics command.

Examples

The following shows sample output for the show dhcprelay statistics command:

ciscoasa# show dhcprelay statistics
 
DHCP UDP Unreachable Errors: 0
DHCP Other UDP Errors: 0
 
Packets Relayed
BOOTREQUEST 0
DHCPDISCOVER 7
DHCPREQUEST 3
DHCPDECLINE 0
DHCPRELEASE 0
DHCPINFORM 0
 
BOOTREPLY 0
DHCPOFFER 7
DHCPACK 3
DHCPNAK 0
ciscoasa#
 

 
Related Commands

Command
Description

clear configure dhcprelay

Removes all DHCP relay agent settings.

clear dhcprelay statistics

Clears the DHCP relay agent statistic counters.

debug dhcprelay

Displays debug information for the DHCP relay agent.

show dhcprelay state

Displays the state of the DHCP relay agent.

show running-config dhcprelay

Displays the current DHCP relay agent configuration.

show disk

To display the contents of the flash memory for the adaptive security appliance only, use the show disk command in privileged EXEC mode.

show disk [ 0 | 1 ] [ filesys | all ] controller

 
Syntax Description

0 | 1

Specifies the internal flash memory (0, the default) or the external flash memory (1).

all

Shows the contents of flash memory plus the file system information.

controller

Specifies the flash controller model number.

filesys

Shows information about the compact flash card.

 
Defaults

By default, this command shows the internal flash memory.

 
Command Modes

The following table shows the modes in which you can enter the command.

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show disk command:

ciscoasa# show disk
-#- --length-- -----date/time------ path
11 1301 Feb 21 2005 18:01:34 test.cfg
12 1949 Feb 21 2005 20:13:36 test1.cfg
13 2551 Jan 06 2005 10:07:36 test2.cfg
14 609223 Jan 21 2005 07:14:18 test3.cfg
15 1619 Jul 16 2004 16:06:48 test4.cfg
16 3184 Aug 03 2004 07:07:00 old_running.cfg
17 4787 Mar 04 2005 12:32:18 test5.cfg
20 1792 Jan 21 2005 07:29:24 test6.cfg
21 7765184 Mar 07 2005 19:38:30 test7.cfg
22 1674 Nov 11 2004 02:47:52 test8.cfg
23 1863 Jan 21 2005 07:29:18 test9.cfg
24 1197 Jan 19 2005 08:17:48 test10.cfg
25 608554 Jan 13 2005 06:20:54 backupconfig.cfg
26 5124096 Feb 20 2005 08:49:28 cdisk1
27 5124096 Mar 01 2005 17:59:56 cdisk2
28 2074 Jan 13 2005 08:13:26 test11.cfg
29 5124096 Mar 07 2005 19:56:58 cdisk3
30 1276 Jan 28 2005 08:31:58 lead
31 7756788 Feb 24 2005 12:59:46 asdmfile.dbg
32 7579792 Mar 08 2005 11:06:56 asdmfile1.dbg
33 7764344 Mar 04 2005 12:17:46 asdmfile2.dbg
34 5124096 Feb 24 2005 11:50:50 cdisk4
35 15322 Mar 04 2005 12:30:24 hs_err.log
 
10170368 bytes available (52711424 bytes used)
 

The following is sample output from the show disk filesys command:

ciscoasa# show disk filesys
******** Flash Card Geometry/Format Info ********
 
COMPACT FLASH CARD GEOMETRY
Number of Heads: 4
Number of Cylinders 978
Sectors per Cylinder 32
Sector Size 512
Total Sectors 125184
 
COMPACT FLASH CARD FORMAT
Number of FAT Sectors 61
Sectors Per Cluster 8
Number of Clusters 15352
Number of Data Sectors 122976
Base Root Sector 123
Base FAT Sector 1
Base Data Sector 155
 

The following is sample output from the show disk controller command:

ciscoasa# show disk:1 controller
Flash Model: TOSHIBA THNCF064MBA
 

 
Related Commands

Command
Description

dir

Displays the directory contents.

show dns

To show the current resolved DNS addresses for all or specified fully qualified domain name (FQDN) hosts, use the show dns command in privileged EXEC mode.

show dns [ host fqdn_name ]

 
Syntax Description

fqdn_name

(Optional) Specifies the FQDN of the selected host.

host

(Optional) Indicates the IP address of the specified host.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show dns command:

ciscoasa# show dns
Name: www.example1.com
Address: 10.1.3.1 TTL 00:03:01
Address: 10.1.3.3 TTL 00:00:36
Address: 10.4.1.2 TTL 00:01:01
Name: www.example2.com
Address: 10.2.4.1 TTL 00:25:13
Address: 10.5.2.1 TTL 00:25:01
Name: server.ddns-exampleuser.com
Address: fe80::21e:8cff:feb5:4faa TTL 00:00:41
Address: 10.10.10.2 TTL 00:25:01
 

Note If the FQDN host has not been activated yet, this command shows no output.


The following is sample output from the show dns host command:

hostname# show dns host www.example.com
Name: www.example.com
Address: 10.1.3.1 TTL 00:03:01
Address: 10.1.9.5 TTL 00:00:36
Address: 10.1.1.2 TTL 00:01:01
 

 
Related Commands

Command
Description

clear dns-hosts

Clears the DNS cache.

dns domain-lookup

Enables the ASA to perform a name lookup.

dns name-server

Configures a DNS server address.

show dns-hosts

To show the DNS cache, use the show dns-hosts command in privileged EXEC mode. The DNS cache includes dynamically learned entries from a DNS server and manually entered names and IP addresses.

show dns-hosts

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

7.0(1)

This command was introduced.

Examples

The following is sample output from the show dns-hosts command:

ciscoasa# show dns-hosts
Host Flags Age Type Address(es)
ns2.example.com (temp, OK) 0 IP 10.102.255.44
ns1.example.com (temp, OK) 0 IP 192.168.241.185
snowmass.example.com (temp, OK) 0 IP 10.94.146.101
server.example.com (temp, OK) 0 IP 10.94.146.80
 

 
Related Commands

Command
Description

clear dns-hosts

Clears the DNS cache.

dns domain-lookup

Enables the ASA to perform a name lookup.

dns name-server

Configures a DNS server address.

dns retries

Specifies the number of times to retry the list of DNS servers when the ASA does not receive a response.

dns timeout

Specifies the amount of time to wait before trying the next DNS server.

Table 11 shows each field description.

 

Table 49-1 show dns-hosts Fields

Field
Description

Host

Shows the hostname.

Flags

Shows the entry status as a combination of the following:

  • temp—This entry is temporary because it comes from a DNS server. The ASA removes this entry after 72 hours of inactivity.
  • perm—This entry is permanent because it was added with the name command.
  • OK—This entry is valid.
  • ??—This entry is suspect and needs to be revalidated.
  • EX—This entry is expired.

Age

Shows the number of hours since this entry was last referenced.

Type

Shows the type of DNS record; this value is always IP.

Address(es)

The IP addresses.

 
Related Commands

Command
Description

clear dns-hosts

Clears the DNS cache.

dns domain-lookup

Enables the ASA to perform a name lookup.

dns name-server

Configures a DNS server address.

dns retries

Specifies the number of times to retry the list of DNS servers when the ASA does not receive a response.

dns timeout

Specifies the amount of time to wait before trying the next DNS server.

show dynamic-filter data

To show information about the Botnet Traffic Filter dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries, use the show dynamic-filter data command in privileged EXEC mode.

show dynamic-filter data

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.2(1)

This command was introduced.

 
Usage Guidelines

To view dynamic database information, first enable use and download of the database with the dynamic-filter use-database and dynamic-filter updater-client enable commands.

Examples

The following is sample output from the show dynamic-filter data command:

ciscoasa# show dynamic-filter data
 
Traffic filter is using downloaded database version '907'
Fetched at 18:00:16 UTC Jan 22 2009, size: 674381
Sample names from downloaded database:
example.com, example.net, example.org,
cisco.example, cisco.invalid, bad.example.com
bad.example.net, bad.example.org, bad.cisco.example
bad.cisco.ivalid
Total entries in Dynamic Filter database:
Dynamic data: 40909 domain names , 1080 IPv4 addresses
Local data: 0 domain names , 0 IPv4 addresses
Active rules in Dynamic Filter asp table:
Dynamic data: 0 domain names , 1080 IPv4 addresses
Local data: 0 domain names , 0 IPv4 addresses

 
Related Commands

Command
Description

address

Adds an IP address to the blacklist or whitelist.

clear configure dynamic-filter

Clears the running Botnet Traffic Filter configuration.

clear dynamic-filter dns-snoop

Clears Botnet Traffic Filter DNS snooping data.

clear dynamic-filter reports

Clears Botnet Traffic filter report data.

clear dynamic-filter statistics

Clears Botnet Traffic filter statistics.

dns domain-lookup

Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.

dns server-group

Identifies a DNS server for the ASA.

dynamic-filter ambiguous-is-black

Treats greylisted traffic as blacklisted traffic for action purposes.

dynamic-filter blacklist

Edits the Botnet Traffic Filter blacklist.

dynamic-filter database fetch

Manually retrieves the Botnet Traffic Filter dynamic database.

dynamic-filter database find

Searches the dynamic database for a domain name or IP address.

dynamic-filter database purge

Manually deletes the Botnet Traffic Filter dynamic database.

dynamic-filter drop blacklist

Automatically drops blacklisted traffic.

dynamic-filter enable

Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.

dynamic-filter updater-client enable

Enables downloading of the dynamic database.

dynamic-filter use-database

Enables use of the dynamic database.

dynamic-filter whitelist

Edits the Botnet Traffic Filter whitelist.

inspect dns dynamic-filter-snoop

Enables DNS inspection with Botnet Traffic Filter snooping.

name

Adds a name to the blacklist or whitelist.

show asp table dynamic-filter

Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.

show dynamic-filter data

Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.

show dynamic-filter reports

Generates reports of the top 10 botnet sites, ports, and infected hosts.

show dynamic-filter statistics

Shows how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and greylist.

show dynamic-filter updater-client

Shows information about the updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed.

show running-config dynamic-filter

Shows the Botnet Traffic Filter running configuration.

show dynamic-filter dns-snoop

To show the Botnet Traffic Filter DNS snooping summary, or the actual IP addresses and names, use the show dynamic-filter dns-snoop command in privileged EXEC mode.

show dynamic-filter dns-snoop [ detail ]

 
Syntax Description

detail

(Optional) Shows the IP addresses and names snooped from DNS responses.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.2(1)

This command was introduced.

 
Usage Guidelines

All inspected DNS data is included in this output, and not just matching names in the blacklist. DNS data from static entries are not included.

To clear the DNS snooping data, enter the clear dynamic-filter dns-snoop command.

Examples

The following is sample output from the show dynamic-filter dns-snoop command:

ciscoasa# show dynamic-filter dns-snoop
 
DNS Reverse Cache Summary Information:
75 addresses, 124 names, 997 dnsrc address buckets
 

The following is sample output from the show dynamic-filter dns-snoop detail command:

ciscoasa# show dynamic-filter dns-snoop detail
 
DNS Reverse Cache Summary Information:
75 addresses, 124 names, 997 dnsrc address buckets
DNS reverse Cache Information:
[10.67.22.34] flags=0x22, cat=2, unit=0 b:g:w=3:0:0, cookie=0xda148218
[www3.example.com] cat=2, ttl=3
[www.bad.example.com] cat=2, ttl=3
[www.example.com] cat=2, ttl=3
[10.6.68.133] flags=0x2, cat=2, unit=0 b:g:w=1:0:0, cookie=0xda13ed60
[cisco.example] cat=2, ttl=73
[10.166.226.25] flags=0x2, cat=2, unit=0 b:g:w=1:0:0, cookie=0xda608cb8
[cisco.invalid] cat=2, ttl=2

 
Related Commands

Command
Description

address

Adds an IP address to the blacklist or whitelist.

clear configure dynamic-filter

Clears the running Botnet Traffic Filter configuration.

clear dynamic-filter dns-snoop

Clears Botnet Traffic Filter DNS snooping data.

clear dynamic-filter reports

Clears Botnet Traffic filter report data.

clear dynamic-filter statistics

Clears Botnet Traffic filter statistics.

dns domain-lookup

Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.

dns server-group

Identifies a DNS server for the ASA.

dynamic-filter ambiguous-is-black

Treats greylisted traffic as blacklisted traffic for action purposes.

dynamic-filter blacklist

Edits the Botnet Traffic Filter blacklist.

dynamic-filter database fetch

Manually retrieves the Botnet Traffic Filter dynamic database.

dynamic-filter database find

Searches the dynamic database for a domain name or IP address.

dynamic-filter database purge

Manually deletes the Botnet Traffic Filter dynamic database.

dynamic-filter drop blacklist

Automatically drops blacklisted traffic.

dynamic-filter enable

Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.

dynamic-filter updater-client enable

Enables downloading of the dynamic database.

dynamic-filter use-database

Enables use of the dynamic database.

dynamic-filter whitelist

Edits the Botnet Traffic Filter whitelist.

inspect dns dynamic-filter-snoop

Enables DNS inspection with Botnet Traffic Filter snooping.

name

Adds a name to the blacklist or whitelist.

show asp table dynamic-filter

Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.

show dynamic-filter data

Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.

show dynamic-filter reports

Generates reports of the top 10 botnet sites, ports, and infected hosts.

show dynamic-filter statistics

Shows how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and greylist.

show dynamic-filter updater-client

Shows information about the updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed.

show running-config dynamic-filter

Shows the Botnet Traffic Filter running configuration.

show dynamic-filter reports top

To generate reports of the top 10 malware sites, ports, and infected hosts classified by the Botnet Traffic Filter, use the show dynamic-filter reports top command in privileged EXEC mode.

show dynamic-filter reports top [ malware-sites | malware-ports | infected-hosts ]

 
Syntax Description

malware-ports

(Optional) Shows a report for the top 10 malware ports.

malware-sites

(Optional) Shows a report for the top 10 malware sites.

infected-hosts

(Optional) Shows a report for the top 10 infected hosts.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

8.2(1)

This command was introduced.

8.2(2)

The botnet-sites and botnet-ports keywords were changed to malware-sites and malware-ports . The malware-sites report now includes the number of connections dropped, and the threat level and category of each site. A last clear timestamp was added. For threat events, the severity level was changed from a warning to a notification. Threat events can be triggered every five minutes.

 
Usage Guidelines

This report is a snapshot of the data, and may not match the top 10 items since the statistics started to be collected.

To clear the report data, enter the clear dynamic-filter reports top command.

Examples

The following is sample output from the show dynamic-filter reports top malware-sites command:

ciscoasa# show dynamic-filter reports top malware-sites
Site Connections logged dropped Threat Level Category
--------------------------------------------------------------------------------------
bad1.example.com (10.67.22.34) 11 0 2 Botnet
bad2.example.com (209.165.200.225) 8 8 3 Virus
bad1.cisco.example(10.131.36.158) 6 6 3 Virus
bad2.cisco.example(209.165.201.1) 2 2 3 Trojan
horrible.example.net(10.232.224.2) 2 2 3 Botnet
nono.example.org(209.165.202.130) 1 1 3 Virus
 
Last clearing of the top sites report: at 13:41:06 UTC Jul 15 2009
 

The following is sample output from the show dynamic-filter reports top malware-ports command:

ciscoasa# show dynamic-filter reports top malware-ports
Port Connections logged
----------------------------------------------------------------------
tcp 1000 617
tcp 2001 472
tcp 23 22
tcp 1001 19
udp 2000 17
udp 2001 17
tcp 8080 9
tcp 80 3
tcp >8192 2
 
Last clearing of the top ports report: at 13:41:06 UTC Jul 15 2009
 

The following is sample output from the show dynamic-filter reports top infected-hosts command:

ciscoasa# show dynamic-filter reports top infected-hosts
Host Connections logged
----------------------------------------------------------------------
10.10.10.51(inside) 1190
10.12.10.10(inside) 10
10.10.11.10(inside) 5
 
Last clearing of the top infected-hosts report: at 13:41:06 UTC Jul 15 2009

 
Related Commands

Command
Description

address

Adds an IP address to the blacklist or whitelist.

clear configure dynamic-filter

Clears the running Botnet Traffic Filter configuration.

clear dynamic-filter dns-snoop

Clears Botnet Traffic Filter DNS snooping data.

clear dynamic-filter reports

Clears Botnet Traffic filter report data.

clear dynamic-filter statistics

Clears Botnet Traffic filter statistics.

dns domain-lookup

Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.

dns server-group

Identifies a DNS server for the ASA.

dynamic-filter ambiguous-is-black

Treats greylisted traffic as blacklisted traffic for action purposes.

dynamic-filter blacklist

Edits the Botnet Traffic Filter blacklist.

dynamic-filter database fetch

Manually retrieves the Botnet Traffic Filter dynamic database.

dynamic-filter database find

Searches the dynamic database for a domain name or IP address.

dynamic-filter database purge

Manually deletes the Botnet Traffic Filter dynamic database.

dynamic-filter drop blacklist

Automatically drops blacklisted traffic.

dynamic-filter enable

Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.

dynamic-filter updater-client enable

Enables downloading of the dynamic database.

dynamic-filter use-database

Enables use of the dynamic database.

dynamic-filter whitelist

Edits the Botnet Traffic Filter whitelist.

inspect dns dynamic-filter-snoop

Enables DNS inspection with Botnet Traffic Filter snooping.

name

Adds a name to the blacklist or whitelist.

show asp table dynamic-filter

Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.

show dynamic-filter data

Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.

show dynamic-filter dns-snoop

Shows the Botnet Traffic Filter DNS snooping summary, or with the detail keyword, the actual IP addresses and names.

show dynamic-filter statistics

Shows how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and greylist.

show dynamic-filter updater-client

Shows information about the updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed.

show running-config dynamic-filter

Shows the Botnet Traffic Filter running configuration.

show dynamic-filter reports infected-hosts

To generate reports about infected hosts classified by the Botnet Traffic Filter, use the show dynamic-filter reports infected-hosts command in privileged EXEC mode.

show dynamic-filter reports infected-hosts { max-connections | latest-active | highest-threat | subnet ip_address netmask | all }

 
Syntax Description

all

Shows all buffered infected-hosts information. This display might include thousands of entries. You might want to use ASDM to generate a PDF file instead of using the CLI.

highest-threat

Shows the 20 hosts that connected to the malware sites with the highest threat level.

latest-active

Shows the 20 hosts with the most recent activity. For each host, the display shows detailed information about 5 visited malware sites.

max-connections

Shows the 20 infected hosts with the most number of connections.

subnet ip_address netmask

Shows up to 20 hosts within the specified subnet.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

8.2(2)

This command was introduced.

 
Usage Guidelines

These reports contain detailed history about infected hosts, showing the correlation between infected hosts, visited malware sites, and malware ports.

To clear the report data, enter the clear dynamic-filter reports infected-hosts command.

Examples

The following is sample output from the show dynamic-filter reports infected hosts all command:

ciscoasa# show dynamic-filter reports infected-hosts all
 
Total 2 infected-hosts in buffer
Host (interface) Latest malicious conn time, filter action Conn logged, dropped
=======================================================================================================
192.168.1.4 (internal) 15:39:40 UTC Sep 17 2009, dropped 3 3
Malware-sites connected to (not ordered)
Site Latest conn port, time, filter action Conn logged, dropped Threat-level Category
-------------------------------------------------------------------------------------------------------
10.73.210.27 (bad.example.com) 80, 15:39:31 UTC Sep 17 2009, dropped 2 2 very-high Malware
10.65.2.119 (bad2.example.com) 0, 15:39:40 UTC Sep 17 2009, dropped 1 1 very-high admin-added
=======================================================================================================
192.168.1.2 (internal) 15:39:01 UTC Sep 17 2009, dropped 5 5
Malware-sites connected to (not ordered)
Site Latest conn port, time, filter action Conn logged, dropped Threat-level Category
-------------------------------------------------------------------------------------------------------
10.131.36.158 (bad.example.com) 0, 15:37:46 UTC Sep 17 2009, dropped 1 1 very-high admin-added
10.65.2.119 (bad2.example.com) 0, 15:37:53 UTC Sep 17 2009, dropped 1 1 very-high admin-added
20.73.210.27 (bad3.example.com) 80, 15:39:01 UTC Sep 17 2009, dropped 3 3 very-high Malware
=======================================================================================================
 
Last clearing of the infected-hosts report: Never
 

 
Related Commands

Command
Description

address

Adds an IP address to the blacklist or whitelist.

clear configure dynamic-filter

Clears the running Botnet Traffic Filter configuration.

clear dynamic-filter dns-snoop

Clears Botnet Traffic Filter DNS snooping data.

clear dynamic-filter reports

Clears Botnet Traffic filter report data.

clear dynamic-filter statistics

Clears Botnet Traffic filter statistics.

dns domain-lookup

Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.

dns server-group

Identifies a DNS server for the ASA.

dynamic-filter ambiguous-is-black

Treats greylisted traffic as blacklisted traffic for action purposes.

dynamic-filter blacklist

Edits the Botnet Traffic Filter blacklist.

dynamic-filter database fetch

Manually retrieves the Botnet Traffic Filter dynamic database.

dynamic-filter database find

Searches the dynamic database for a domain name or IP address.

dynamic-filter database purge

Manually deletes the Botnet Traffic Filter dynamic database.

dynamic-filter drop blacklist

Automatically drops blacklisted traffic.

dynamic-filter enable

Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.

dynamic-filter updater-client enable

Enables downloading of the dynamic database.

dynamic-filter use-database

Enables use of the dynamic database.

dynamic-filter whitelist

Edits the Botnet Traffic Filter whitelist.

inspect dns dynamic-filter-snoop

Enables DNS inspection with Botnet Traffic Filter snooping.

name

Adds a name to the blacklist or whitelist.

show asp table dynamic-filter

Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.

show dynamic-filter data

Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.

show dynamic-filter dns-snoop

Shows the Botnet Traffic Filter DNS snooping summary, or with the detail keyword, the actual IP addresses and names.

show dynamic-filter statistics

Shows how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and greylist.

show dynamic-filter updater-client

Shows information about the updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed.

show running-config dynamic-filter

Shows the Botnet Traffic Filter running configuration.

show dynamic-filter statistics

To show how many connections were classified as whitelist, blacklist, and greylist connections using the Botnet Traffic Filter, use the show dynamic-filter statistics command in privileged EXEC mode.

show dynamic-filter statistics [ interface name ] [ detail ]

 
Syntax Description

detail

(Optional) Shows how many packets at each threat level were classified or dropped.

interface name

(Optional) Shows statistics for a particular interface.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

8.2(1)

This command was introduced.

8.2(2)

The detail keyword was added to show how many packets at each threat level were classified or dropped. For threat events, the severity level was changed from a warning to a notification. Threat events can be triggered every five minutes.

 
Usage Guidelines

The greylist includes addresses that are associated with multiple domain names, but not all of these domain names are on the blacklist.

To clear the statistics, enter the clear dynamic-filter statistics command.

Examples

The following is sample output from the show dynamic-filter statistics command:

ciscoasa# show dynamic-filter statistics
Enabled on interface outside
Total conns classified 11, ingress 11, egress 0
Total whitelist classified 0, ingress 0, egress 0
Total greylist classified 0, dropped 0, ingress 0, egress 0
Total blacklist classified 11, dropped 5, ingress 11, egress 0
Enabled on interface inside
Total conns classified 1182, ingress 1182, egress 0
Total whitelist classified 3, ingress 3, egress 0
Total greylist classified 0, dropped 0, ingress 0, egress 0
Total blacklist classified 1179, dropped 1000, ingress 1179, egress 0
 

The following is sample output from the show dynamic-filter statistics interface outside detail command:

ciscoasa# show dynamic-filter statistics interface outside detail
Enabled on interface outside
Total conns classified 2108, ingress 2108, egress 0
Total whitelist classified 0, ingress 0, egress 0
Total greylist classified 1, dropped 1, ingress 0, egress 0
Threat level 5 classified 1, dropped 1, ingress 0, egress 0
Threat level 4 classified 0, dropped 0, ingress 0, egress 0
...
Total blacklist classified 30, dropped 20, ingress 11, egress 2
Threat level 5 classified 6, dropped 6, ingress 4, egress 2
Threat level 4 classified 5, dropped 5, ingress 5, egress 0
 

 
Related Commands

Command
Description

address

Adds an IP address to the blacklist or whitelist.

clear configure dynamic-filter

Clears the running Botnet Traffic Filter configuration.

clear dynamic-filter dns-snoop

Clears Botnet Traffic Filter DNS snooping data.

clear dynamic-filter reports

Clears Botnet Traffic filter report data.

clear dynamic-filter statistics

Clears Botnet Traffic filter statistics.

dns domain-lookup

Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.

dns server-group

Identifies a DNS server for the ASA.

dynamic-filter ambiguous-is-black

Treats greylisted traffic as blacklisted traffic for action purposes.

dynamic-filter blacklist

Edits the Botnet Traffic Filter blacklist.

dynamic-filter database fetch

Manually retrieves the Botnet Traffic Filter dynamic database.

dynamic-filter database find

Searches the dynamic database for a domain name or IP address.

dynamic-filter database purge

Manually deletes the Botnet Traffic Filter dynamic database.

dynamic-filter drop blacklist

Automatically drops blacklisted traffic.

dynamic-filter enable

Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.

dynamic-filter updater-client enable

Enables downloading of the dynamic database.

dynamic-filter use-database

Enables use of the dynamic database.

dynamic-filter whitelist

Edits the Botnet Traffic Filter whitelist.

inspect dns dynamic-filter-snoop

Enables DNS inspection with Botnet Traffic Filter snooping.

name

Adds a name to the blacklist or whitelist.

show asp table dynamic-filter

Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.

show dynamic-filter data

Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.

show dynamic-filter dns-snoop

Shows the Botnet Traffic Filter DNS snooping summary, or with the detail keyword, the actual IP addresses and names.

show dynamic-filter reports

Generates reports of the top 10 botnet sites, ports, and infected hosts.

show dynamic-filter updater-client

Shows information about the updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed.

show running-config dynamic-filter

Shows the Botnet Traffic Filter running configuration.

show dynamic-filter updater-client

To show information about the Botnet Traffic Filter updater server, including the server IP address, the next time the ASA will connect with the server, and the database version last installed, use the show dynamic-filter updater-client command in privileged EXEC mode.

show dynamic-filter updater-client

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

No default behavior or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

 
Command History

Release
Modification

8.2(1)

This command was introduced.

Examples

The following is sample output from the show dynamic-filter updater-client command:

ciscoasa# show dynamic-filter updater-client
 
Traffic Filter updater client is enabled
Updater server url is https://10.15.80.240:446
Application name: trafmon, version: 1.0
Encrypted UDI:
0bb93985f42d941e50dc8f022350d1a8de96ba6c1f6d45f4bc0ead02a7d5990be32f483b
5715cd80a215cedadd4e5ffe
Next update is in 00:02:00
Database file version is '907' fetched at 22:51:41 UTC Oct 16 2006,
size: 521408

 
Related Commands

Command
Description

address

Adds an IP address to the blacklist or whitelist.

clear configure dynamic-filter

Clears the running Botnet Traffic Filter configuration.

clear dynamic-filter dns-snoop

Clears Botnet Traffic Filter DNS snooping data.

clear dynamic-filter reports

Clears Botnet Traffic filter report data.

clear dynamic-filter statistics

Clears Botnet Traffic filter statistics.

dns domain-lookup

Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.

dns server-group

Identifies a DNS server for the ASA.

dynamic-filter ambiguous-is-black

Treats greylisted traffic as blacklisted traffic for action purposes.

dynamic-filter blacklist

Edits the Botnet Traffic Filter blacklist.

dynamic-filter database fetch

Manually retrieves the Botnet Traffic Filter dynamic database.

dynamic-filter database find

Searches the dynamic database for a domain name or IP address.

dynamic-filter database purge

Manually deletes the Botnet Traffic Filter dynamic database.

dynamic-filter drop blacklist

Automatically drops blacklisted traffic.

dynamic-filter enable

Enables the Botnet Traffic Filter for a class of traffic or for all traffic if you do not specify an access list.

dynamic-filter updater-client enable

Enables downloading of the dynamic database.

dynamic-filter use-database

Enables use of the dynamic database.

dynamic-filter whitelist

Edits the Botnet Traffic Filter whitelist.

inspect dns dynamic-filter-snoop

Enables DNS inspection with Botnet Traffic Filter snooping.

name

Adds a name to the blacklist or whitelist.

show asp table dynamic-filter

Shows the Botnet Traffic Filter rules that are installed in the accelerated security path.

show dynamic-filter data

Shows information about the dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries.

show dynamic-filter dns-snoop

Shows the Botnet Traffic Filter DNS snooping summary, or with the detail keyword, the actual IP addresses and names.

show dynamic-filter reports

Generates reports of the top 10 botnet sites, ports, and infected hosts.

show dynamic-filter statistics

Shows how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and greylist.

show running-config dynamic-filter

Shows the Botnet Traffic Filter running configuration.

show eigrp events

To display the EIGRP event log, use the show eigrp events command in privileged EXEC mode.

show eigrp [ as-number ] events [{ start end } | type ]

 
Syntax Description

as-number

(Optional) Specifies the autonomous system number of the EIGRP process for which you are viewing the event log. Because the ASA only supports one EIGRP routing process, you do not need to specify the autonomous system number.

end

(Optional) Limits the output to the entries with starting with the start index number and ending with the end index number.

start

(Optional) A number specifying the log entry index number. Specifying a start number causes the output to start with the specified event and end with the event specified by the end argument. Valid values are from 1 to 4294967295.

type

(Optional) Displays the events that are being logged.

 
Defaults

If a start and end is not specified, all log entries are shown.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

8.0(2)

This command was introduced.

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

The show eigrp events output displays up to 500 events. Once the maximum number of events has been reached, new events are added to the bottom of the output and old events are removed from the top of the output.

You can use the clear eigrp events command to clear the EIGRP event log.

The show eigrp events type command displays the logging status of EIGRP events. By default, neighbor changes, neighbor warning, and DUAL FSM messages are logged. You can disable neighbor change event logging using the no eigrp log-neighbor-changes command. You can disable neighbor warning event logging using the no eigrp log-neighbor-warnings command. You cannot disable the logging of DUAL FSM events.

Examples

The following is sample output from the show eigrp events command:

ciscoasa# show eigrp events
 
Event information for AS 100:
1 12:11:23.500 Change queue emptied, entries: 4
2 12:11:23.500 Metric set: 10.1.0.0/16 53760
3 12:11:23.500 Update reason, delay: new if 4294967295
4 12:11:23.500 Update sent, RD: 10.1.0.0/16 4294967295
5 12:11:23.500 Update reason, delay: metric chg 4294967295
6 12:11:23.500 Update sent, RD: 10.1.0.0/16 4294967295
7 12:11:23.500 Route install: 10.1.0.0/16 10.130.60.248
8 12:11:23.500 Find FS: 10.1.0.0/16 4294967295
9 12:11:23.500 Rcv update met/succmet: 53760 28160
10 12:11:23.500 Rcv update dest/nh: 10.1.0.0/16 10.130.60.248
11 12:11:23.500 Metric set: 10.1.0.0/16 4294967295
 

The following is sample output from the show eigrp events command with a start and stop number defined:

ciscoasa# show eigrp events 3 8
 
Event information for AS 100:
3 12:11:23.500 Update reason, delay: new if 4294967295
4 12:11:23.500 Update sent, RD: 10.1.0.0/16 4294967295
5 12:11:23.500 Update reason, delay: metric chg 4294967295
6 12:11:23.500 Update sent, RD: 10.1.0.0/16 4294967295
7 12:11:23.500 Route install: 10.1.0.0/16 10.130.60.248
8 12:11:23.500 Find FS: 10.1.0.0/16 4294967295
 

The following is sample output from the show eigrp events command when there are no entries in the EIGRP event log:

ciscoasa# show eigrp events
 
Event information for AS 100: Event log is empty.
 

The following is sample output from the show eigrp events type command:

ciscoasa# show eigrp events type
 
EIGRP-IPv4 Event Logging for AS 100:
Log Size 500
Neighbor Changes Enable
Neighbor Warnings Enable
Dual FSM Enable
 

 
Related Commands

Command
Description

clear eigrp events

Clears the EIGRP event logging buffer.

eigrp log-neighbor-changes

Enables the logging of neighbor change events.

eigrp log-neighbor-warnings

Enables the logging of neighbor warning events.

show eigrp interfaces

To display the interfaces participating in EIGRP routing, use the show eigrp interfaces command in privileged EXEC mode.

show eigrp [ as-number ] interfaces [ if-name ] [ detail ]

 
Syntax Description

as-number

(Optional) Specifies the autonomous system number of the EIGRP process for which you are displaying active interfaces. Because the ASA only supports one EIGRP routing process, you do not need to specify the autonomous system number.

detail

(Optional) Displays detail information.

if-name

(Optional) The name of an interface as specified by the nameif command. Specifying an interface name limits the display to the specified interface.

 
Defaults

If you do not specify an interface name, information for all EIGRP interfaces is displayed.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

8.0(2)

This command was introduced.

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

Use the show eigrp interfaces command to determine on which interfaces EIGRP is active, and to learn information about EIGRP relating to those interfaces.

If an interface is specified, only that interface is displayed. Otherwise, all interfaces on which EIGRP is running are displayed.

If an autonomous system is specified, only the routing process for the specified autonomous system is displayed. Otherwise, all EIGRP processes are displayed.

Examples

The following is sample output from the show eigrp interfaces command:

ciscoasa# show eigrp interfaces
 
EIGRP-IPv4 interfaces for process 100
 
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
mgmt 0 0/0 0 11/434 0 0
outside 1 0/0 337 0/10 0 0
inside 1 0/0 10 1/63 103 0
 

Table 49-2 describes the significant fields shown in the display.

 

Table 49-2 show eigrp interfaces Field Descriptions

Field
Description

process

Autonomous system number for the EIGRP routing process.

Peers

Number of directly-connected peers.

Xmit Queue Un/Reliable

Number of packets remaining in the Unreliable and Reliable transmit queues.

Mean SRTT

Mean smooth round-trip time interval (in seconds).

Pacing Time Un/Reliable

Pacing time (in seconds) used to determine when EIGRP packets should be sent out the interface (unreliable and reliable packets).

Multicast Flow Timer

Maximum number of seconds in which the ASA will send multicast EIGRP packets.

Pending Routes

Number of routes in the packets in the transmit queue waiting to be sent.

 
Related Commands

Command
Description

network

Defines the networks and interfaces that participate in the EIGRP routing process.

show eigrp neighbors

To display the EIGRP neighbor table, use the show eigrp neighbors command in privileged EXEC mode.

show eigrp [ as-number ] neighbors [ detail | static ] [ if-name ]

 
Syntax Description

as-number

(Optional) Specifies the autonomous system number of the EIGRP process for which you are deleting neighbor entries. Because the ASA only supports one EIGRP routing process, you do not need to specify the autonomous system number.

detail

(Optional) Displays detail neighbor information.

if-name

(Optional) The name of an interface as specified by the nameif command. Specifying an interface name displays all neighbor table entries that were learned through that interface.

static

(Optional) Displays EIGRP neighbors that are statically defined using the neighbor command.

 
Defaults

If you do not specify an interface name, the neighbors learned through all interfaces are displayed.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

8.0(2)

This command was introduced.

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

You can use the clear eigrp neighbors command to clear the dynamically learned neighbors from the EIGRP neighbor table.

Static neighbors are not included in the output unless you use the static keyword.

Examples

The following is sample output from the show eigrp neighbors command:

ciscoasa# show eigrp neighbors
 
EIGRP-IPv4 Neighbors for process 100
Address Interface Holdtime Uptime Q Seq SRTT RTO
(secs) (h:m:s) Count Num (ms) (ms)
172.16.81.28 Ethernet1 13 0:00:41 0 11 4 20
172.16.80.28 Ethernet0 14 0:02:01 0 10 12 24
172.16.80.31 Ethernet0 12 0:02:02 0 4 5 20
 

Table 49-2 describes the significant fields shown in the display.

 

Table 49-3 show eigrp neighbors Field Descriptions

Field
Description

process

Autonomous system number for the EIGRP routing process.

Address

IP address of the EIGRP neighbor.

Interface

Interface on which the ASA receives hello packets from the neighbor.

Holdtime

Length of time (in seconds) that the ASA waits to hear from the neighbor before declaring it down. This hold time is received from the neighbor in the hello packet, and begins decreasing until another hello packet is received from the neighbor.

If the neighbor is using the default hold time, this number will be less than 15. If the peer configures a non-default hold time, the non-default hold time will be displayed.

If this value reaches 0, the ASA considers the neighbor unreachable.

Uptime

Elapsed time (in hours:minutes: seconds) since the ASA first heard from this neighbor.

Q Count

Number of EIGRP packets (update, query, and reply) that the ASA is waiting to send.

Seq Num

Sequence number of the last update, query, or reply packet that was received from the neighbor.

SRTT

Smooth round-trip time. This is the number of milliseconds required for an EIGRP packet to be sent to this neighbor and for the ASA to receive an acknowledgment of that packet.

RTO

Retransmission timeout (in milliseconds). This is the amount of time the ASA waits before resending a packet from the retransmission queue to a neighbor.

The following is sample output from the show eigrp neighbors static command:

ciscoasa# show eigrp neighbors static
 
EIGRP-IPv4 neighbors for process 100
Static Address Interface
192.168.1.5 management
 

Table 49-4 describes the significant fields shown in the display.

 

Table 49-4 show ip eigrp neighbors static Field Descriptions

Field
Description

process

Autonomous system number for the EIGRP routing process.

Static Address

IP address of the EIGRP neighbor.

Interface

Interface on which the ASA receives hello packets from the neighbor.

The following is sample output from the show eigrp neighbors detail command:

 
ciscoasa# show eigrp neighbors detail
 
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq Tye
(sec) (ms) Cnt Num
3 1.1.1.3 Et0/0 12 00:04:48 1832 5000 0 14
Version 12.2/1.2, Retrans: 0, Retries: 0
Restart time 00:01:05
0 10.4.9.5 Fa0/0 11 00:04:07 768 4608 0 4 S
Version 12.2/1.2, Retrans: 0, Retries: 0
2 10.4.9.10 Fa0/0 13 1w0d 1 3000 0 6 S
Version 12.2/1.2, Retrans: 1, Retries: 0
1 10.4.9.6 Fa0/0 12 1w0d 1 3000 0 4 S
Version 12.2/1.2, Retrans: 1, Retries: 0
 

Table 49-5 describes the significant fields shown in the display.

 

Table 49-5 show ip eigrp neighbors details Field Descriptions

Field
Description

process

Autonomous system number for the EIGRP routing process.

H

This column lists the order in which a peering session was established with the specified neighbor. The order is specified with sequential numbering starting with 0.

Address

IP address of the EIGRP neighbor.

Interface

Interface on which the ASA receives hello packets from the neighbor.

Holdtime

Length of time (in seconds) that the ASA waits to hear from the neighbor before declaring it down. This hold time is received from the neighbor in the hello packet, and begins decreasing until another hello packet is received from the neighbor.

If the neighbor is using the default hold time, this number will be less than 15. If the peer configures a non-default hold time, the non-default hold time will be displayed.

If this value reaches 0, the ASA considers the neighbor unreachable.

Uptime

Elapsed time (in hours:minutes: seconds) since the ASA first heard from this neighbor.

SRTT

Smooth round-trip time. This is the number of milliseconds required for an EIGRP packet to be sent to this neighbor and for the ASA to receive an acknowledgment of that packet.

RTO

Retransmission timeout (in milliseconds). This is the amount of time the ASA waits before resending a packet from the retransmission queue to a neighbor.

Q Count

Number of EIGRP packets (update, query, and reply) that the ASA is waiting to send.

Seq Num

Sequence number of the last update, query, or reply packet that was received from the neighbor.

Version

The software version that the specified peer is running.

Retrans

The number of times that a packet has been retransmitted.

Retries

The number of times an attempt was made to retransmit a packet.

Restart time

Elapsed time (in hours:minutes:seconds) since the specified neighbor has restarted.

 
Related Commands

Command
Description

clear eigrp neighbors

Clears the EIGRP neighbor table.

debug eigrp neighbors

Displays EIGRP neighbor debugging messages.

debug ip eigrp

Displays EIGRP packet debugging messages.

show eigrp topology

To display the EIGRP topology table, use the show eigrp topology command in privileged EXEC mode.

show eigrp [ as-number ] topology [ ip-addr [ mask ] | active | all-links | pending | summary | zero-successors ]

 
Syntax Description

active

(Optional) Displays only active entries in the EIGRP topology table.

all-links

(Optional) Displays all routes in the EIGRP topology table, even those that are not feasible successors.

as-number

(Optional) Specifies the autonomous system number of the EIGRP process. Because the ASA only supports one EIGRP routing process, you do not need to specify the autonomous system number.

ip-addr

(Optional) Defines the IP address from the topology table to display. When specified with a mask, a detailed description of the entry is provided.

mask

(Optional) Defines the network mask to apply to the ip-addr argument.

pending

(Optional) Displays all entries in the EIGRP topology table that are waiting for an update from a neighbor or are waiting to reply to a neighbor.

summary

(Optional) Displays a summary of the EIGRP topology table.

zero-successors

(Optional) Displays available routes in the EIGRP topology table.

 
Defaults

Only routes that are feasible successors are displayed. Use the all-links keyword to display all routes, including those that are not feasible successors.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

8.0(2)

This command was introduced.

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

You can use the clear eigrp topology command to remove the dynamic entries from the topology table.

Examples

The following is sample output from the show eigrp topology command:

 
Command Historyciscoasa# show eigrp topology

 
EIGRP-IPv4 Topology Table for AS(100)/ID(192.168.1.1)
 
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
 
P 10.2.1.0 255.255.255.0, 2 successors, FD is 0
via 10.16.80.28 (46251776/46226176), Ethernet0
via 10.16.81.28 (46251776/46226176), Ethernet1
P 10.2.1.0 255.255.255.0, 1 successors, FD is 307200
via Connected, Ethernet1
via 10.16.81.28 (307200/281600), Ethernet1
via 10.16.80.28 (307200/281600), Ethernet0
 

Table 49-6 describes the significant fields shown in the displays.

 

Table 49-6 show eigrp topology Field Information

Field
Description

Codes

State of this topology table entry. Passive and Active refer to the EIGRP state with respect to this destination; Update, Query, and Reply refer to the type of packet that is being sent.

P - Passive

The route is known to be good and no EIGRP computations are being performed for this destination.

A - Active

EIGRP computations are being performed for this destination.

U - Update

Indicates that an update packet was sent to this destination.

Q - Query

Indicates that a query packet was sent to this destination.

R - Reply

Indicates that a reply packet was sent to this destination.

r - Reply status

Flag that is set after the software has sent a query and is waiting for a reply.

address mask

Destination IP address and mask.

successors

Number of successors. This number corresponds to the number of next hops in the IP routing table. If “successors” is capitalized, then the route or next hop is in a transition state.

FD

Feasible distance. The feasible distance is the best metric to reach the destination or the best metric that was known when the route went active. This value is used in the feasibility condition check. If the reported distance of the router (the metric after the slash) is less than the feasible distance, the feasibility condition is met and that path is a feasible successor. Once the software determines it has a feasible successor, it need not send a query for that destination.

via

IP address of the peer that told the software about this destination. The first n of these entries, where n is the number of successors, is the current successors. The remaining entries on the list are feasible successors.

( cost / adv_cost )

The first number is the EIGRP metric that represents the cost to the destination. The second number is the EIGRP metric that this peer advertised.

interface

The interface from which the information was learned.

The following is sample output from the show eigrp topology used with an IP address. The output shown is for an internal route.

ciscoasa# show eigrp topology 10.2.1.0 255.255.255.0
 
EIGRP-IPv4 (AS 100): Topology Default-IP-Routing-Table(0) entry for entry for 10.2.1.0 255.255.255.0
 
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 281600
Routing Descriptor Blocks:
0.0.0.0 (Ethernet0/0), from Connected, Send flag is 0x0
Composite metric is (281600/0), Route is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 1000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
 

The following is sample output from the show eigrp topology used with an IP address. The output shown is for an external route.

ciscoasa# show eigrp topology 10.4.80.0 255.255.255.0
 
 
EIGRP-IPv4 (AS 100): Topology Default-IP-Routing-Table(0) entry for entry for 10.4.80.0 255.255.255.0
 
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 409600
Routing Descriptor Blocks:
10.2.1.1 (Ethernet0/0), from 10.2.1.1, Send flag is 0x0
Composite metric is (409600/128256), Route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 6000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 10.89.245.1
AS number of route is 0
External protocol is Connected, external metric is 0
Administrator tag is 0 (0x00000000)
 

 
Related Commands

Command
Description

clear eigrp topology

Clears the dynamically discovered entries from the EIGRP topology table.

show eigrp traffic

To display the number of EIGRP packets sent and received, use the show eigrp traffic command in privileged EXEC mode.

show eigrp [ as-number ] traffic

 
Syntax Description

as-number

(Optional) Specifies the autonomous system number of the EIGRP process for which you are viewing the event log. Because the ASA only supports one EIGRP routing process, you do not need to specify the autonomous system number.

 
Defaults

No default behaviors or values.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

  •  

 
Command History

Release
Modification

8.0(2)

This command was introduced.

9.0(1)

Multiple context mode is supported.

 
Usage Guidelines

You can use the clear eigrp traffic command to clear the EIGRP traffic statistics.

Examples

The following is sample output from the show eigrp traffic command:

ciscoasa# show eigrp traffic
 
EIGRP-IPv4 Traffic Statistics for AS 100
Hellos sent/received: 218/205
Updates sent/received: 7/23
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 21/14
Input queue high water mark 0, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 1719439416
PDM Process ID: 1719439824
 

Table 49-4 describes the significant fields shown in the display.

 

Table 49-7 show eigrp traffic Field Descriptions

Field
Description

process

Autonomous system number for the EIGRP routing process.

Hellos sent/received

Number of hello packets sent and received.

Updates sent/received

Number of update packets sent and received.

Queries sent/received

Number of query packets sent and received.

Replies sent/received

Number of reply packets sent and received.

Acks sent/received

Number of acknowledgment packets sent and received.

Input queue high water mark/drops

Number of received packets that are approaching the maximum receive threshold and number of dropped packets.

SIA-Queries sent/received

Stuck-in-active queries sent and received.

SIA-Replies sent/received

Stuck-in-active replies sent and received.

 
Related Commands

Command
Description

debug eigrp packets

Displays debugging information for EIGRP packets sent and received.

debug eigrp transmit

Displays debugging information for EIGRP messages sent.

show environment

To display system environment information for system components, use the show environment command in privileged EXEC mode.

show environment [ driver | fans | power-supply | temperature ] [ chassis | cpu | voltage ]

 
Syntax Description

chassis

(Optional) Limits the temperature display to the chassis.

cpu

(Optional) Limits the temperature display to the processors. The ASA 5580-40 displays information for 4 processors. The ASA 5580-20 displays information for 2 processors.

driver

(Optional) Displays the environment monitoring (IPMI) driver status. The driver status can be one of the following:

  • RUNNING—The driver is operational.
  • STOPPED—An error has caused the driver to stop.

fans

(Optional) Displays the operational status of the cooling fans. The status is one of the following:

  • OK—The fan is operating normally.
  • Failed—The fan has failed and should be replaced.

power-supply

(Optional) Displays the operational status of the power supplies. The status for each power supply is one of the following:

  • OK—The power supply is operating normally.
  • Failed—The power supply has failed and should be replaced.
  • Not Present—The specified power supply is not installed.

The power supply redundancy status also displays. The redundancy status is one of the following:

  • OK—The unit is operating normally with full resources.
  • Lost—The unit has lost redundancy but is operating normally with minimum resources. Any further failures will result in a system shutdown.
  • N/A—The unit is not configured for power supply redundancy.

temperature

(Optional) Displays the temperature and status of the processors and chassis. The temperature is given in celsius. The status is one of the following:

  • OK—The temperature is within normal operating range.
  • Critical—The temperature is outside of normal operating range.

Operating ranges are categorized as follows:

  • Less than 70 degrees—OK
  • 70-80—Warm
  • 80-90—Critical
  • Greater than 90—Unrecoverable

voltage

(Optional) Displays the values for CPU voltage channels 1-24. Excludes the operational status.

 
Defaults

All operational information, except for the driver, is displayed if no keywords are specified.

 
Command Modes

The following table shows the modes in which you can enter the command:

 

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

 
Command History

Release
Modification

8.1(1)

This command was introduced.

8.4(2)

The output for an ASA 5585-X SSP was added. In addition, support for a dual SSP installation was added.

8.4.4(1)

Displayed power supply temperature values for the ASA 5515-X, ASA 5525-X, 5545-X, and ASA 5555-X have been changed in the output.

8.6(1)

The output for CPU voltage regulator thermal events in the ASA 5545-X and ASA 5555-X was added. The output for power supply input status was added. The output for voltage sensors was added.

 
Usage Guidelines

You can display operating environment information on the ASA 5545-X, 5555-X, 5580 and 5585-X. This information includes the operational status of the fans and power supplies, and temperature and status of the CPUs and chassis. The ASA 5580-40 displays information for 4 CPUs; the ASA 5580-20 displays information for 2 CPUs.


Note For a dual SSP installation, only the sensors for the chassis master show output for the cooling fans and power supplies.


Examples

The following is sample generic output from the show environment command:

ciscoasa# show environment
 
Cooling Fans:
-----------------------------------
Power Supplies:
--------------------------------
Left Slot (PS0): 6900 RPM - OK (Power Supply Fan)
Right Slot (PS1): 7000 RPM - OK (Power Supply Fan) Power Supplies:
-----------------------------------
Power Supply Unit Redundancy: OK
Temperature:
--------------------------------
Left Slot (PS0): 26 C - OK (Power Supply Temperature)
Right Slot (PS1): 27 C - OK (Power Supply Temperature)
Cooling Fans:
--------------------------------
Left Slot (PS0): 6900 RPM - OK (Power Supply Fan)
Right Slot (PS1): 7000 RPM - OK (Power Supply Fan)
Temperature:
-----------------------------------
Processors:
--------------------------------
Processor 1: 44.0 C - OK (CPU1 Core Temperature)
Processor 2: 45.0 C - OK (CPU2 Core Temperature)
Chassis:
--------------------------------
Ambient 1: 28.0 C - OK (Chassis Front Temperature)
Ambient 2: 40.5 C - OK (Chassis Back Temperature)
Ambient 3: 28.0 C - OK (CPU1 Front Temperature)
Ambient 4: 36.50 C - OK (CPU1 Back Temperature)
Ambient 5: 34.50 C - OK (CPU2 Front Temperature)
Ambient 6: 43.25 C - OK (CPU2 Back Temperature)
Power Supplies:
--------------------------------
Left Slot (PS0): 26 C - OK (Power Supply Temperature)
Right Slot (PS1): 27 C - OK (Power Supply Temperature)
 

The following is sample output from the show environment driver command:

ciscoasa# show environment driver
 
Cooling Fans:
-----------------------------------
 
Chassis Fans:
--------------------------------
Cooling Fan 1: 5888 RPM - OK
Cooling Fan 2: 5632 RPM - OK
Cooling Fan 3: 5888 RPM - OK
 
Power Supplies:
--------------------------------
Left Slot (PS0): N/A
Right Slot (PS1): 8448 RPM - OK
 
Power Supplies:
-----------------------------------
 
Left Slot (PS0): Not Present
Right Slot (PS1): Present
 
Left Slot (PS0): N/A
Right Slot (PS1): 33 C - OK
 
Left Slot (PS0): N/A
Right Slot (PS1): 8448 RPM - OK
 
Temperature:
-----------------------------------
 
Processors:
--------------------------------
Processor 1: 70.0 C - OK
 
Chassis:
--------------------------------
Ambient 1: 36.0 C - OK (Chassis Back Temperature)
Ambient 2: 31.0 C - OK (Chassis Front Temperature)
Ambient 3: 39.0 C - OK (Chassis Back Left Temperature)
 
Power Supplies:
--------------------------------
Left Slot (PS0): N/A
Right Slot (PS1): 33 C - OK
 
Voltage:
-----------------------------------
Channel 1: 1.168 V - (CPU Core 0.46V-1.4V)
Channel 2: 11.954 V - (12V)
Channel 3: 4.998 V - (5V)
Channel 4: 3.296 V - (3.3V)
Channel 5: 1.496 V - (DDR3 1.5V)
Channel 6: 1.048 V - (PCH 1.5V)
 

The following is sample output from the show environment command for an ASA 5555-X:

ciscoasa# show environment
 
Cooling Fans:
-----------------------------------
 
Chassis Fans:
--------------------------------
 
Power Supplies:
--------------------------------
Left Slot (PS0): 9728 RPM - OK
Right Slot (PS1): 0 RPM - OK
 
Power Supplies:
-----------------------------------
 
Left Slot (PS0): Present
Right Slot (PS1): Present
 
Power Input:
--------------------------------
Left Slot (PS0): OK
Right Slot (PS1): Failure Detected
 
Temperature:
--------------------------------
Left Slot (PS0): 29 C - OK
Right Slot (PS1): N/A
 
Processors:
--------------------------------
Processor 1: 81.0 C - OK
 
Chassis:
--------------------------------
Ambient 1: 39.0 C - OK (Chassis Back Temperature)
Ambient 2: 32.0 C - OK (Chassis Front Temperature)
Ambient 3: 47.0 C - OK (Chassis Back Left Temperature)
 
Power Supplies:
--------------------------------
Left Slot (PS0): 33 C - OK
Right Slot (PS1): -128 C - OK
 

The following is sample output from the show environment command for an ASA 5585-X chassis master in a dual SSP installation:

ciscoasa(config)# show environment
 
Cooling Fans:
-----------------------------------
 
Power Supplies:
--------------------------------
Left Slot (PS0): 7000 RPM - OK (Fan Module Fan)
Right Slot (PS1): 6900 RPM - OK (Power Supply Fan)
 
Power Supplies:
-----------------------------------
Power Supply Unit Redundancy: N/A
 
Power Supplies:
--------------------------------
Left Slot (PS0): 64 C - OK (Fan Module Temperature)
Right Slot (PS1): 64 C - OK (Power Supply Temperature)
 
Power Supplies:
--------------------------------
Left Slot (PS0): 7000 RPM - OK (Fan Module Fan)
Right Slot (PS1): 6900 RPM - OK (Power Supply Fan)
 
Temperature:
-----------------------------------
 
Processors:
--------------------------------
Processor 1: 48.0 C - OK (CPU1 Core Temperature)
Processor 2: 47.0 C - OK (CPU2 Core Temperature)
 
Chassis:
--------------------------------
Ambient 1: 25.5 C - OK (Chassis Front Temperature)
Ambient 2: 37.5 C - OK (Chassis Back Temperature)
Ambient 3: 31.50 C - OK (CPU1 Back Temperature)
Ambient 4: 27.75 C - OK (CPU1 Front Temperature)
Ambient 5: 38.25 C - OK (CPU2 Back Temperature)
Ambient 6: 34.0 C - OK (CPU2 Front Temperature)
 
Power Supplies:
--------------------------------
Left Slot (PS0): 64 C - OK (Fan Module Temperature)
Right Slot (PS1): 64 C - OK (Power Supply Temperature)
 
Voltage:
-----------------------------------
Channel 1: 3.310 V - (3.3V (U142 VX1))
Channel 2: 1.492 V - (1.5V (U142 VX2))
Channel 3: 1.053 V - (1.05V (U142 VX3))
Channel 4: 3.328 V - (3.3V_STDBY (U142 VP1))
Channel 5: 11.675 V - (12V (U142 VP2))
Channel 6: 4.921 V - (5.0V (U142 VP3))
Channel 7: 6.713 V - (7.0V (U142 VP4))
Channel 8: 9.763 V - (IBV (U142 VH))
Channel 9: 1.048 V - (1.05VB (U209 VX2))
Channel 10: 1.209 V - (1.2V (U209 VX3))
Channel 11: 1.109 V - (1.1V (U209 VX4))
Channel 12: 0.999 V - (1.0V (U209 VX5))
Channel 13: 3.324 V - (3.3V STDBY (U209 VP1))
Channel 14: 2.504 V - (2.5V (U209 VP2))
Channel 15: 1.799 V - (1.8V (U209 VP3))
Channel 16: 1.899 V - (1.9V (U209 VP4))
Channel 17: 9.763 V - (IBV (U209 VH))
Channel 18: 2.048 V - (VTT CPU0 (U83 VX2))
Channel 19: 2.048 V - (VTT CPU1 (U83 VX3))
Channel 20: 2.048 V - (VCC CPU0 (U83 VX4))
Channel 21: 2.048 V - (VCC CPU1 (U83 VX5))
Channel 22: 1.516 V - (1.5VA (U83 VP1))
Channel 23: 1.515 V - (1.5VB (U83 VP2))
Channel 24: 8.937 V - (IBV (U83 VH))
 

If the ASA was shut down because of a CPU voltage regulator thermal event, the following warning message appears:

WARNING: ASA was previously shut down due to a CPU Voltage Regulator running beyond the max thermal operating temperature. The chassis and CPU need to be inspected immediately for ventilation issues.
 

For more information, see syslog message 735024 in the syslog messages guide.

 
Related Commands

Command
Description

show version

Displays the hardware and software version.