Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 4.1
show running-config -- show running-config isakmp
Downloads: This chapterpdf (PDF - 861.0KB) The complete bookPDF (PDF - 15.43MB) | Feedback

show running-config through show running-config isakmp Commands

Table Of Contents

show running-config through show running-config isakmp Commands

show running-config

show running-config aaa

show running-config aaa-server

show running-config aaa-server host

show running-config access-group

show running-config access-list

show running-config alias

show running-config arp

show running-config arp timeout

show running-config arp-inspection

show running-config asdm

show running-config auth-prompt

show running-config auto-update

show running-config class

show running-config banner

show running-config class-map

show running-config command-alias

show running-config console timeout

show running-config context

show running-config crypto

show running-config crypto dynamic-map

show running-config crypto ipsec

show running-config crypto isakmp

show running-config crypto map

show running-config dhcpd

show running-config dhcprelay

show running-config dns

show running-config domain-name

show running-config enable

show running-config established

show running-config failover

show running-config filter

show running-config fragment

show running-config ftp mode

show running-config ftp-map

show running-config global

show running-config group-delimiter

show running-config group-policy

show running-config gtp-map

show running-config http

show running-config http-map

show running-config icmp

show running-config interface

show running-config interface bvi

show running-config ip address

show running-config ip local pool

show running-config ip verify reverse-path

show running-config ipv6

show running-config isakmp


show running-config through show running-config isakmp Commands


show running-config

To display the configuration that is running on the FWSM, use the show running-config command in privileged EXEC mode.

show running-config [all] [command]

Syntax Description

all

Displays the entire operating configuration, including defaults.

command

Displays the configuration associated with a specific command.


Defaults

If no arguments or keywords are specified, the entire non-default FWSM configuration displays.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

Support for this command was introduced.


Usage Guidelines

The show running-config command displays the current running configuration on the FWSM.

You can use the running-config keyword only in the show running-config command. You cannot use this keyword with no or clear, or as a standalone command, because the CLI treats it as a nonsupported command. When you enter the ?, no ?, or clear ? keywords, a running-config keyword is not listed in the command list.


Note The device manager commands appear in the configuration after you use it to connect to or configure the FWSM.


Examples

This example show how to display the configuration that is running on the FWSM:

hostname# show running-config
: Saved
:
FWSM Version 3.1(0)
names
!
interface Ethernet0
 nameif test
 security-level 10
 ip address 10.10.88.50 255.255.255.254
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 10.86.194.176 255.255.254.0
!
interface Ethernet2
 shutdown
 no nameif
 security-level 0
 no ip address
!
interface Ethernet3
 shutdown
 no nameif
 security-level 0
 no ip address
!
interface Ethernet4
 shutdown
 no nameif
 security-level 0
 no ip address
!
interface Ethernet5
 shutdown
 no nameif
 security-level 0
 no ip address
!
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname FWSM
domain-name example.com
boot system flash:/cdisk.bin
ftp mode passive
pager lines 24
mtu test 1500
mtu inside 1500
monitor-interface test
monitor-interface inside
ASDM image flash:ASDM
no ASDM history enable
arp timeout 14400
route inside 0.0.0.0 0.0.0.0 10.86.194.1 1
timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 1:00:00 udp 0:02:00 icmp 1:00:00 rpc 1:00:00 h3
23 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02
:00
timeout uauth 0:00:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
fragment size 200 test
fragment chain 24 test
fragment timeout 5 test
fragment size 200 inside
fragment chain 24 inside
fragment timeout 5 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 1440
ssh timeout 5
console timeout 0
group-policy todd internal
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map fwsm_global_fw_policy
 class inspection_default
  inspect dns
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect http
  inspect ils
  inspect mgcp
  inspect netbios
  inspect rpc
  inspect rsh
  inspect rtsp
  inspect sip
  inspect skinny
  inspect sqlnet
  inspect tftp
  inspect xdmcp
  inspect ctiqbe
  inspect cuseeme
  inspect icmp
!
terminal width 80
service-policy fwsm_global_fw_policy global
Cryptochecksum:bfecf4b9d1b98b7e8d97434851f57e14
: end

Related Commands

Command
Description

configure

Configures the FWSM from the terminal.


show running-config aaa

To show the AAA configuration in the running configuration, use the show running-config aaa command in privileged EXEC mode.

show running-config aaa [accounting | authentication | authorization | mac-exempt | proxy-limit]

Syntax Description

accounting

(Optional) Show accounting-related AAA configuration.

authentication

(Optional) Show authentication-related AAA configuration.

authorization

(Optional) Show authorization-related AAA configuration.

mac-exempt

(Optional) Show MAC address exemption AAA configuration.

proxy-limit

(Optional) Show the number of concurrent proxy connections allowed per user.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show aaa command was introduced.

2.2(1)

The show aaa command was modified to support a LOCAL method.

3.1(1)

This command was changed from show aaa.


Examples

The following is sample output from the show running-config aaa command:

hostname# show running-config aaa
aaa authentication match infrastructure_authentication_radiusvrs infrastructure radiusvrs
aaa accounting match infrastructure_authentication_radiusvrs infrastructure radiusvrs
aaa authentication secure-http-client
aaa local authentication attempts max-fail 16

Related Commands

Command
Description

aaa authentication match

Enables authentication for traffic that is identified by an access list.

aaa authorization match

Enables authorization for traffic that is identified by an access list.

aaa accounting match

Enables accounting for traffic that is identified by an access list.

aaa max-exempt

Specifies the use of a predefined list of MAC addresses to exempt from authentication and authorization.

aaa proxy-limit

Configure the uauth session limit by setting the maximum number of concurrent proxy connections allowed per user.


show running-config aaa-server

To display AAA server configuration, use the show running-config aaa-server command in privileged EXEC mode.

show running-config [all] aaa-server [server-tag] [(interface-name)]

Syntax Description

all

(Optional) Shows defaults values, which are otherwise omitted from command output.

(interface-name)

(Optional) The network interface where the AAA server resides.

server-tag

(Optional) The symbolic name of the server group.


Defaults

Omitting the all keyword displays only the explicitly configured configuration values, not the default values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show aaa-server command was introduced.

3.1(1)

This command was changed from show aaa-server.


Usage Guidelines

Use this command to display the settings for a particular server group. Use the all keyword to display default values as well as the explicitly configured values.

Examples

To display the running configuration for the default AAA server group, use the following command:

hostname(config)# show running-config default aaa-server

aaa-server group1 protocol tacacs+ accounting-mode simultaneous 

reactivation-mode depletion deadtime 10

max-failed-attempts 4

Related Commands

Command
Description

show aaa-server

Displays AAA server statistics.

show running-config aaa-server host

Displays AAA server settings for a specific AAA server.

clear configure aaa-server

Clears the AAA server configuration.


show running-config aaa-server host

To display AAA server statistics for a particular AAA server, use the show running-config aaa-server host command in global configuration or privileged EXEC mode.

show running-config [all] aaa-server server-tag [(interface-name)] host aaa-server-name

Syntax Description

all

(Optional) Shows the running configuration, including default configuration values.

host aaa-server-name

Specifies the AAA server by hostname or IP address.

(interface-name)

(Optional) The network interface where the AAA server resides.

server-tag

The symbolic name of the server group.


Defaults

Omitting the all keyword displays only the explicitly configured configuration values, not the default values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

Global configuration


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

Use this command to display the statistics for a particular server group. Use the all keyword to display default values as well as the explicitly configured values.

Examples

To display the running configuration for the server group svrgrp1, use the following command:

hostname(config)# show running-config all aaa-server svrgrp1

Related Commands

Command
Description

show running-config aaa-server

Displays AAA server settings.

clear configure aaa

Removes the settings for all AAA servers across all groups.


show running-config access-group

To display the access group information, use the show running-config access-group command in privileged EXEC mode.

show running-config access-group

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show access-group.


Examples

The following is sample output from the show running-config access-group command:

hostname# show running-config access-group
access-group 100 in interface outside

Related Commands

Command
Description

access-group

Binds an access list to an interface.

clear configure access-group

Removes access groups from all the interfaces.


show running-config access-list

To display the access-list configuration that is running on the FWSM, use the show running-config access-list command in privileged EXEC mode.

show running-config [default] access-list [alert-interval | deny-flow-max]

show running-config [default] access-list [id] [saddr_ip | optimization]

Syntax Description

alert-interval

Shows the alert interval for generating syslog message 106001, which alerts that the system has reached a deny flow maximum.

deny-flow-max

Shows the maximum number of concurrent deny flows that can be created.

id

Identifies the access list that is displayed.

optimization

Shows optimized access lists.

saddr_ip

Shows the access list elements that contain the specified source IP address.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.

4.0(1)

Keyword optimization added.


Usage Guidelines

The show running-config access-list command lets you display the current running access list configuration on the FWSM.

Examples

The following is sample output from the show running-config access-list command:

hostname# show running-config access-list
access-list allow-all extended permit ip any any

Related Commands

Command
Description

access-list ethertype

Configures an access list that controls traffic based on its EtherType.

access-list extended

Adds an access list to the configuration and configures policy for IP traffic through the firewall.

access-list ethertype

Configures an access list that controls traffic based on its EtherType.

clear access-list

Clears an access list counter.

clear configure access-list

Clears an access list from the running configuration.


show running-config alias

To display the alias configuration, use the show running-config alias command in privileged EXEC mode.

show running-config [all] alias [interface_name]

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.

interface_name

(Optional) Shows the alias commands for the specified interface.


Defaults

This command has no default settings.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show alias.


Examples

This example shows how to display alias information:

hostname# show running-config alias

Related Commands

Command
Description

alias

Creates an alias.

clear configure alias

Deletes an alias.


show running-config arp

To show static ARP entries created by the arp command in the running configuration, use the show running-config arp command in privileged EXEC mode.

show running-config [all] arp

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-config arp command:

hostname# show running-config arp
arp inside 10.86.195.11 0008.023b.9893

Related Commands

Command
Description

arp

Adds a static ARP entry.

arp-inspection

For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.

show arp

Shows the ARP table.

show arp statistics

Shows ARP statistics.


show running-config arp timeout

To view the ARP timeout configuration in the running configuration, use the show running-config arp timeout command in privileged EXEC mode.

show running-config [all] arp timeout

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show arp timeout.


Examples

The following is sample output from the show running-config arp timeout command:

hostname# show running-config arp timeout
arp timeout 20000 seconds

Related Commands

Command
Description

arp

Adds a static ARP entry.

arp timeout

Sets the time before the FWSM rebuilds the ARP table.

arp-inspection

For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.

show arp statistics

Shows ARP statistics.


show running-config arp-inspection

To view the ARP inspection configuration in the running configuration, use the show running-config arp-inspection command in privileged EXEC mode.

show running-config [all] arp-inspection

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-config arp-inspection command:

hostname# show running-config arp-inspection

arp-inspection inside1 enable no-flood

Related Commands

Command
Description

arp

Adds a static ARP entry.

arp-inspection

For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.

clear configure arp-inspection

Clears the ARP inspection configuration.

firewall transparent

Sets the firewall mode to transparent.

show arp statistics

Shows ARP statistics.


show running-config asdm

To display the asdm commands in the running configuration, use the show running-config asdm command in privileged EXEC mode.

show running-config asdm [group | location]

Syntax Description

group

(Optional) Limits the display to the asdm group commands in the running configuration.

location

(Optional) Limits the display to the asdm location commands in the running configuration.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced (as show running-config pdm).

3.1(1)

This command was changed from the show running-config pdm command to the show running-config asdm command.


Usage Guidelines

To remove the asdm commands from the configuration, use the clear configure asdm command.


Note On FWSMs running in multiple context mode, the show running-config asdm group and show running-config asdm location commands are only available in the system execution space.


Examples

The following is sample output from the show running-configuration asdm command:

hostname# show running-config asdm
asdm history enable
hostname#

Related Commands

Command
Description

clear configure asdm

Removes all asdm commands from the running configuration.


show running-config auth-prompt

To displays the current authentication prompt challenge text, use the show running-config auth-prompt command in global configuration mode.

show running-config [default] auth-prompt

Syntax Description

default

(Optional) Display the default authentication prompt challenge text.


Defaults

Display the configured authentication prompt challenge text.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration


Command History

Release
Modification

1.1(1)

The show auth-prompt command was introduced.

3.1(1)

This command was changed from show auth-prompt.


Usage Guidelines

After you set the authentication prompt, use the show running-config auth-prompt command to view the current prompt text.

Examples

This example shows the use of the show running-config auth-prompt command to show the authentication prompt configuration:

hostname(config)# show running-config auth-prompt
auth-prompt prompt Please sign in.
auth-prompt accept Welcome. Unauthorized access strictly prohibited.
auth-prompt reject Credentials invalid.
hostname(config)#

Related Commands

auth-prompt

Set the user authentication prompts.

clear configure auth-prompt

Reset the user authentication prompts to the default value.


show running-config auto-update

To display the auto-update commands in the running configuration, use the show running-config auto-update command in privileged EXEC mode.

show running-config [all] auto-update

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-configuration auto-update command:

hostname# show running-config auto-update
auto-update poll-period 1 1
auto-update server http://10.1.1.1:1741/

Related Commands

Command
Description

auto-update device-id

Sets the FWSM device ID for use with an Auto Update Server.

auto-update poll-period

Sets how often the FWSM checks for updates from an Auto Update Server.

auto-update server

Identifies the Auto Update Server.

auto-update timeout

Stops traffic from passing through the FWSM if the Auto Update Server is not contacted within the timeout period.

clear configure auto-update

Clears the Auto Update Server configuration


show running-config class

To display the resource class configuration, use the show running-config class command in privileged EXEC mode.

show running-config [all] class [class_name]

Syntax Description

all

(Optional) Show all running resource class configuration, including default.

class_name

(Optional) Text for the class name; the text can be up to 20 characters in length.


Defaults

By default, all classes are shown.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

N/A

N/A


Command History

Release
Modification

2.2(1)

This command was introduced.


Examples

The following is sample output from the show running-config class command:

hostname# show running-config class gold
limit-resource all 3%
limit-resource rate syslogs 500


Related Commands

Command
Description

clear configure class

Clears the class configuration.

context

Configures a security context.

limit-resource

Sets the resource limit for a class.

member

Assigns a context to a resource class.

show class

Shows the contexts assigned to a class.


show running-config banner

To display the specified banner and all the lines that are configured for it, use the show running-config banner command in privileged EXEC mode.

show running-config banner [exec | login | motd]

Syntax Description

exec

(Optional) Displays the banner before the enable prompt.

login

(Optional) Displays the banner before the password login prompt when accessing the FWSM using Telnet.

motd

(Optional) Displays the message-of-the-day banner.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show banner command was introduced.

3.1(1)

This command was changed to show running-config banner.


Usage Guidelines

The show running-config banner command displays the specified banner keyword and all the lines configured for it. If a keyword is not specified, then all banners display.

Examples

This example shows how to display the message-of-the-day (motd) banner:

hostname# show running-config banner motd

Related Commands

Command
Description

banner

Creates a banner.

clear configure banner

Deletes a banner.


show running-config class-map

To display the information about the class map configuration, use the show running-config class-map command in privileged EXEC mode.

show running-config [all] class-map [class_map_name | type {regex | inspect [protocol]}]

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.

class_map_name

(Optional) Shows the running configuration for a class map name.

inspect

(Optional) Shows inspection class maps.

protocol

(Optional) Specifies the type of application map you want to show. Available types include:

http

sip

regex

(Optional) Shows regular expression class maps.

type

(Optional) Specifies the type of class map you want to show. To show Layer 3/4 class maps, to not specify the type.


Defaults

The class-map class-default command, which contains a single match any command is the default class map.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.

4.0(1)

The type keyword was added.


Examples

The following is sample output from the show running-config class-map command:

hostname# show running-config class-map
class-map tcp-port
  match port tcp eq ftp
hostname# 

Related Commands

Command
Description

class-map

Applies a traffic class to an interface.

clear configure class-map

Removes all of the traffic map definitions.


show running-config command-alias

To display the command aliases that are configured, use the show running-config command-alias command in privileged EXEC mode.

show running-config [all] command-alias

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

If you do not enter the all keyword, only non-default command aliases display.

Examples

The following example displays all command aliases that are configured on the FWSM, including defaults:

hostname# show running-config all command-alias
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
command-alias exec save copy running-config startup-config

The following example displays all command aliases that are configured on the FWSM, excluding defaults:

hostname# show running-config command-alias
command-alias exec save copy running-config startup-config
hostname#

Related Commands

Command
Description

command-alias

Creates a command alias.

clear configure command-alias

Deletes all non-default command aliases.


show running-config console timeout

To display the console connection timeout value, use the show running-config console timeout command in privileged EXEC mode.

show running-config console timeout

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show console timeout command was introduced.

3.1(1)

This command was changed to show running-config console timeout.


Examples

The following example shows how to display the console connection timeout setting:

hostname# show running-config console timeout
console timeout 0

Related Commands

Command
Description

console timeout

Sets the idle timeout for a console connection to the FWSM.

clear configure console

Resets the console connection settings to defaults.


show running-config context

To show the context configuration in the system execution space, use the show running-config context command in privileged EXEC mode.

show running-config [all] context

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

N/A

N/A


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-config context command:

hostname# show running-config context

admin-context admin
context admin
  allocate-interface vlan100 
  config-url disk:/admin.cfg
!

context A
  allocate-interface vlan200
  config-url disk:/A.cfg
!

Related Commands

Command
Description

admin-context

Sets the admin context.

allocate-interface

Assigns interfaces to a context.

changeto

Changes between contexts or the system execution space.

config-url

Specifies the location of the context configuration.

context

Creates a security context in the system configuration and enters context configuration mode.


show running-config crypto

To display the entire crypto configuration including IPSec, crypto maps, dynamic crypto maps, and ISAKMP, use the show running-config crypto command in global configuration or privileged EXEC mode.

show running-config crypto

Syntax Description

This command has no keywords or arguments.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following example entered in privileged EXEC mode, displays all crypto configuration information:

hostname# show running-config crypto map
crypto map abc 1 match address xyz
crypto map abc 1 set peer 209.165.200.225
crypto map abc 1 set transform-set ttt
crypto map abc interface test
isakmp enable inside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
hostname# 

Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the FWSM.

show isakmp sa

Displays IKE runtime SA database with additional information.


show running-config crypto dynamic-map

To view a dynamic crypto map, use the show running-config crypto dynamic-map command in global configuration or privileged EXEC mode.

show running-config crypto dynamic-map

Syntax Description

This command has no keywords or arguments.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show crypto dynamic-map.


Examples

The following example entered in global configuration mode, displays all configuration information about crypto dynamic maps:

hostname(config)# show running-config crypto dynamic-map

Crypto Map Template "dyn1" 10

        access-list 152 permit ip host 172.21.114.67 any
        Current peer: 0.0.0.0
        Security association lifetime: 4608000 kilobytes/120 seconds
        PFS (Y/N): N
        Transform sets={      tauth, t1,      }
hostname(config)# 

Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the FWSM.

show isakmp sa

Displays IKE runtime SA database with additional information.


show running-config crypto ipsec

To display the complete IPSec configuration, use the show running-config crypto ipsec command in global configuration or privileged EXEC mode.

show running-config crypto ipsec

Syntax Description

This command has no default behavior or values.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show crypto ipsec command was introduced.

3.1(1)

This command was changed to show running-config crypto ipsec.


Examples

The following example issued in global configuration mode, displays information about the IPSec configuration:

hostname(config)# show running-config crypto ipsec
crypto ipsec transform-set ttt esp-3des esp-md5-hmac
hostname(config)# 

Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the FWSM.

show isakmp sa

Displays IKE runtime SA database with additional information.


show running-config crypto isakmp

To display the complete ISAKMP configuration, use the show running-config crypto isakmp command in global configuration or privileged EXEC mode.

show running-config crypto isakmp

Syntax Description

This command has no default behavior or values.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show crypto isakmp command was introduced.

3.1(1)

This command was changed to show running-config crypto isakmp.


Examples

The following example issued in global configuration mode, displays information about the ISAKMP configuration:

hostname(config)# show running-config crypto isakmp
isakmp enable inside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
hostname(config)# 

Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the FWSM.

show isakmp sa

Displays IKE runtime SA database with additional information.


show running-config crypto map

To display all configuration for all crypto maps, use the show running-config crypto map command in global configuration or privileged EXEC mode.

show running-config crypto map

Syntax Description

This command has no keywords or arguments.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show crypto map.


Examples

The following example entered in privileged EXEC mode, displays all configuration information for all crypto maps:

hostname# show running-config crypto map
crypto map abc 1 match address xyz
crypto map abc 1 set peer 209.165.200.225
crypto map abc 1 set transform-set ttt
crypto map abc interface test
hostname# 

Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the FWSM.

show isakmp sa

Displays IKE runtime SA database with additional information.


show running-config dhcpd

To show the DHCP configuration, use the show running-config dhcpd command in privileged EXEC or global configuration mode.

show running-config dhcpd

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC or global configuration


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config dhcpd command displays the DHCP commands entered in the running configuration. To see DHCP binding, state, and statistical information, use the show dhcpd command.

Examples

The following is sample output from the show running-config dhcpd command:

hostname# show running-config dhcpd

dhcpd address 10.0.1.100-10.0.1.108 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd dns 209.165.201.2 209.165.202.129
dhcpd enable inside

Related Commands

Command
Description

clear configure dhcpd

Removes all DHCP server settings.

debug dhcpd

Displays debug information for the DHCP server.

show dhcpd

Displays DHCP binding, statistic, or state information.


show running-config dhcprelay

To view the current DHCP relay agent configuration, use the show running-config dhcprelay command in privileged EXEC mode.

show running-config dhcprelay

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config dhcprelay command displays the current DHCP relay agent configuration. To show DHCP relay agent packet statistics, use the show dhcprelay statistics command.

Examples

The following is sample output from the show running-config dhcprelay command:

hostname(config)# show running-config dhcprelay

dhcprelay server 10.1.1.1
dhcprelay enable inside
dhcprelay timeout 90

Related Commands

Command
Description

clear configure dhcprelay

Removes all DHCP relay agent settings.

clear dhcprelay statistics

Clears the DHCP relay agent statistic counters.

debug dhcprelay

Displays debug information for the DHCP relay agent.

show dhcprelay statistics

Displays DHCP relay agent statistic information.


show running-config dns

To show the DNS configuration in the running configuration, use the show running-config dns command in privileged EXEC mode.

show running-config dns

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-config dns command:

hostname# show running-config dns
dns domain-lookup inside
dns name-server 
dns retries 2
dns timeout 15
dns name-server 10.1.1.1

Related Commands

Command
Description

dns domain-lookup

Enables the FWSM to perform a name lookup.

dns name-server

Configures a DNS server address.

dns retries

Specifies the number of times to retry the list of DNS servers when the FWSM does not receive a response.

dns timeout

Specifies the amount of time to wait before trying the next DNS server.

show dns-hosts

Shows the DNS cache.


show running-config domain-name

To show the domain name configuration in the running configuration, use the show running-config domain-name command in privileged EXEC mode.

show running-config domain-name

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show domain-name command was introduced.

3.1(1)

This command was changed to showrunning-config domain-name.


Examples

The following is sample output from the show running-config domain-name command:

hostname# show running-config domain-name
example.com

Related Commands

Command
Description

domain-name

Sets the default domain name.

hostname

Sets the FWSM hostname.


show running-config enable

To show the encrypted enable passwords, use the show running-config enable command in privileged EXEC mode.

show running-config enable

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show enable command was introduced.

3.1(1)

This command was changed to show running-config enable.


Usage Guidelines

The password is saved to the configuration in encrypted form, so you cannot view the original password after you enter it. The password displays with the encrypted keyword to indicate that the password is encrypted.

Examples

The following is sample output from the show running-config enable command:

hostname# show running-config enable
enable password 2AfK9Kjr3BE2/J2r level 10 encrypted
enable password 8Ry2YjIyt7RRXU24 encrypted

Related Commands

Command
Description

disable

Exits privileged EXEC mode.

enable

Enters privileged EXEC mode.

enable password

Sets the enable password.


show running-config established

To display the allowed inbound connections that are based on established connections, use the show running-config established command in privileged EXEC mode.

show running-config [all] established

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show established.


Examples

This example shows how to display inbound connections that are based on established connections:

hostname# show running-config established

Related Commands

Command
Description

established

Permits return connections on ports that are based on an established connection.

clear configure established

Removes all established commands.


show running-config failover

To display the failover commands in the configuration, use the show running-config failover command in privileged EXEC mode.

show running-config [all] failover

Syntax Description

all

(Optional) Shows all failover commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config failover command displays the failover commands in the running configuration. It does not display the monitor-interface or join-failover-group commands.

Examples

The following example shows the default failover configuration before failover has been configured:

hostname# show running-config all failover
no failover
failover lan unit secondary
failover polltime unit 15 holdtime 45
failover polltime interface 15
failover interface policy 1
hostname#

Related Commands

Command
Description

show failover

Displays failover state and statistics.


show running-config filter

To show the filtering configuration, use the show running-config filter command in privileged EXEC mode.

show running-config filter

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show filter.


Usage Guidelines

The show running-config filter command displays the filtering configuration for the FWSM.

Examples

The following is sample output from the show running-config filter command, and shows the filtering configuration for the FWSM:

hostname# show running-config filter
!
filter activex 80 10.86.194.170 255.255.255.255 10.1.1.0 255.255.255.224
!

This example shows ActiveX filtering is enabled on port80 for the address 10.86.194.170.

Related Commands

Commands
Description

filter activex

Removes ActiveX objects from HTTP traffic passing through the FWSM.

filter ftp

Identifies the FTP traffic to be filtered by a URL filtering server.

filter https

Identifies the HTTPS traffic to be filtered by a Websense server.

filter java

Removes Java applets from HTTP traffic passing through the FWSM.

filter url

Directs traffic to a URL filtering server.


show running-config fragment

To display the current configuration of the fragment databases, use the show running-config fragment command in privileged EXEC mode.

show running-config fragment [interface]

Syntax Description

interface

(Optional) Specifies the FWSM interface.


Defaults

If an interface is not specified, the command applies to all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show fragment command was introduced.

3.1(1)

This command was changed to show running-config fragment.


Usage Guidelines

The show running-config fragment command displays the current configuration of the fragment databases. If you specify an interface name, only information for the database residing at the specified interface displays. If you do not specify an interface name, the command applies to all interfaces.

Use the show running-config fragment command to display this information:

Size—Maximum number of packets set by the size keyword. This value is the maximum number of fragments that are allowed on the interface.

Chain—Maximum number of fragments for a single packet set by the chain keyword.

Timeout—Maximum number of seconds set by the timeout keyword. This is the maximum number of seconds to wait for an entire fragmented packet to arrive. The timer starts after the first fragment of a packet arrives. If all fragments of the packet do not arrive by the number of seconds specified, all fragments of the packet that were already received will be discarded.

Examples

The following example shows how to display the states of the fragment databases on all interfaces:

hostname# show running-config fragment
fragment size 200 inside
fragment chain 24 inside
fragment timeout 5 inside
fragment size 200 outside1
fragment chain 24 outside1
fragment timeout 5 outside1
fragment size 200 outside2
fragment chain 24 outside2
fragment timeout 5 outside2
fragment size 200 outside3
fragment chain 24 outside3
fragment timeout 5 outside3

The following example shows how to display the states of the fragment databases on interfaces that start with the name "outside":


Note In this example, the interfaces named "outside1", "outside2", and "outside3" display.


hostname# show running-config fragment outside
fragment size 200 outside1
fragment chain 24 outside1
fragment timeout 5 outside1
fragment size 200 outside2
fragment chain 24 outside2
fragment timeout 5 outside2
fragment size 200 outside3
fragment chain 24 outside3
fragment timeout 5 outside3

The following example shows how to display the states of the fragment databases on the interfaces named "outside1" only:

hostname# show running-config fragment outside1
fragment size 200 outside1
fragment chain 24 outside1
fragment timeout 5 outside1

Related Commands

Command
Description

clear configure fragment

Resets all the IP fragment reassembly configurations to defaults.

clear fragment

Clears the operational data of the IP fragment reassembly module.

fragment

Provides additional management of packet fragmentation and improves compatibility with NFS.

show fragment

Displays the operational data of the IP fragment reassembly module.


show running-config ftp mode

To show the client mode configured for FTP, use the show running-config ftp mode command in privileged EXEC mode.

show running-config ftp mode

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config ftp mode command displays the client mode that is used by the FWSM when accessing an FTP server.

Examples

The following examples shows sample output from the show running-config ftp-mode command:

hostname# show running-config ftp-mode
!
ftp-mode passive
!

Related Commands

Commands
Description

copy

Uploads or downloads image files or configuration files to or from an FTP server.

debug ftp client

Displays detailed information about FTP client activity.

ftp mode passive

Sets the FTP client mode used by the FWSM when accessing an FTP server.


show running-config ftp-map

To show the FTP maps that have been configured, use the show running-config ftp-map command in privileged EXEC mode.

show running-config ftp-map map_name

Syntax Description

map_name

Displays configuration for the specified FTP map.


.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config ftp - map command displays the FTP maps that have been configured.

Examples

The following is sample output from the show running-config ftp-map command:

hostname# show running-config ftp-map ftp-policy
!
ftp-map ftp-policy
request-command deny put stou appe
!

Related Commands

Commands
Description

class-map

Defines the traffic class to which to apply security actions.

ftp-map

Defines an FTP map and enables FTP map configuration mode.

inspect ftp

Applies a specific FTP map to use for application inspection.

mask-syst-reply

Hides the FTP server response from clients.

request-command deny

Specifies FTP commands to disallow.


show running-config global

To display the global commands in the configuration, use the show running-config global command in privileged EXEC mode.

show running-config global

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show global.


Examples

The following is sample output from the show running-config global command:

hostname# show running-config global
global (outside1) 10 interface

Related Commands

Command
Description

clear configure global

Removes global commands from the configuration.

global

Creates entries from a pool of global addresses.


show running-config group-delimiter

To display the current delimiter to be used when parsing group names from the usernames that are received when tunnels are being negotiated, use the show running-config group-delimiter command in global configuration mode.

show running-config group-delimiter

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

Use this command to display the currently configured group-delimiter.

Examples

The following example shows a show running-config group-delimiter command and its output:

hostname(config)# show running-config group-delimiter
group-delimiter @

Related Commands

Command
Description

group-delimiter

Enables group-name parsing and specifies the delimiter to be used when parsing group names from the usernames that are received when tunnels are being negotiated.


show running-config group-policy

To display the running configuration for a particular group policy, use the show running-config group-policy command in privileged EXEC mode.

show running-config [all] group-policy [name]

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.

name

Specifies the name of the group policy.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following example shows how to display the running configuration, including default values, for the group policy named FirstGroup:

hostname# show running-config all group-policy FirstGroup

Related Commands

Command
Description

group-policy

Creates, edits, or removes a group policy.

group-policy attributes

Enters group-policy attributes mode, which lets you configure AVPs for a specified group policy.

clear config group-policy

Removes the configuration for a particular group policy or for all group policies.


show running-config gtp-map

To show the GTP maps that have been configured, use the show running-config gtp-map command in privileged EXEC mode.

show running-config gtp-map map_name

Syntax Description

map_name

Displays configuration for the specified GTP map.


.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config gtp - map command displays the GTP maps that have been configured.

Examples

The following is sample output from the show running-config gtp-map command:

hostname# show running-config gtp-map gtp-policy
!
gtp-map gtp-policy
 request-queue 300
 message-length min 20 max 300
 drop message 20
 tunnel-limit 10000
!

Related Commands

Commands
Description

clear service-policy inspect gtp

Clears global GTP statistics.

debug gtp

Displays detailed information about GTP inspection.

gtp-map

Defines a GTP map and enables GTP map configuration mode.

inspect gtp

Applies a specific GTP map to use for application inspection.

show service-policy inspect gtp

Displays the GTP configuration.


show running-config http

To display the current set of configured http commands, use the show running-config http command in privileged EXEC mode.

show running-config http

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

Global configuration


Command History

Release
Modification

3.1(1)

Support for this command was introduced.


Usage Guidelines

Examples

The following sample output shows how to use the show running-config http command:

hostname# show running-config http
http server enabled
0.0.0.0 0.0.0.0 inside

Related Commands

Command
Description

clear http

Remove the HTTP configuration: disable the HTTP server and remove hosts that can access the HTTP server.

http

Specifies hosts that can access the HTTP server by IP address and subnet mask. Specifies the FWSM interface through which the host accesses the HTTP server.

http authentication-certificate

Requires authentication via certificate from users who are establishing HTTPS connections to the FWSM.

http server enable

Enables the HTTP server.


show running-config http-map

To show the HTTP maps that have been configured, use the show running-config http-map command in privileged EXEC mode.

show running-config http-map map_name

Syntax Description

map_name

Displays configuration for the specified HTTP map.


.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config http - map command displays the HTTP maps that have been configured.

Examples

The following is sample output from the show running-config http-map command:

hostname# show running-config http-map http-policy
!
http-map http-policy
content-length min 100 max 2000 action reset log
content-type-verification match-req-rsp reset log
max-header-length request bytes 100 action log reset
max-uri-length 100 action reset log
!

Related Commands

Commands
Description

class-map

Defines the traffic class to which to apply security actions.

debug http-map

Displays detailed information about traffic associated with an HTTP map.

http-map

Defines an HTTP map for configuring enhanced HTTP inspection.

inspect http

Applies a specific HTTP map to use for application inspection.

policy-map

Associates a class map with specific security actions.


show running-config icmp

To show the access rules configured for ICMP traffic, use the show running-config icmp command in privileged EXEC mode.

show running-config icmp map_name

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

The show running-config icmp command displays the access rules configured for ICMP traffic.

Examples

The following example shows sample output from the show running-config icmp command:

hostname# show running-config icmp
!
icmp permit host 172.16.2.15 echo-reply outside 
icmp permit 172.22.1.0 255.255.0.0 echo-reply outside 
icmp permit any unreachable outside
!

Related Commands

Commands
Description

clear configure icmp

Clears the ICMP configuration.

debug icmp

Enables the display of debug information for ICMP.

show icmp

Displays ICMP configuration.

timeout icmp

Configures the idle timeout for ICMP.


show running-config interface

To show the interface configuration in the running configuration, use the show running-config interface command in privileged EXEC mode.

show running-config [all] interface [ mapped_name | interface_name]

Syntax Description

all

(Optional) Shows all interface commands, including the commands you have not changed from the default.

interface_name

(Optional) Identifies the interface name set with the nameif command.

mapped_name

(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command.


Defaults

If you do not specify an interface, this command shows the configuration for all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

The show interface command was introduced.

3.1(1)

This command was changed to show running-config interface.


Usage Guidelines

You cannot use the interface name in the system execution space, because the nameif command is only available within a context. Similarly, if you mapped the interface ID to a mapped name using the allocate-interface command, you can only use the mapped name in a context.

Examples

The following is sample output from the show running-config interface command. The following example shows the running configuration for all interfaces. The Vlan 35and 37 interfaces have not been configured yet, and show the default configuration.

hostname# show running-config interface
!
interface Vlan20
 nameif inside
 security-level 100
 ip address 10.86.194.60 255.255.254.0
!
interface Vlan22
 shutdown
 nameif test
 security-level 0
 ip address 10.10.4.200 255.255.0.0
!
interface Vlan35
 shutdown
 no nameif
 security-level 0
 no ip address
!
interface Vlan37
 shutdown
 no nameif
 security-level 0
 no ip address
!

Related Commands

Command
Description

allocate-interface

Assigns interfaces and subinterfaces to a security context.

clear configure interface

Clears the interface configuration.

interface

Configures an interface and enters interface configuration mode.

nameif

Sets the interface name.

show interface

Displays the runtime status and statistics of interfaces.


show running-config interface bvi

To view the bridge virtual interface configuration in the running configuration, use the show running-config interface bvi command in privileged EXEC mode.

show running-config [all] interface bvi bridge_group_number

Syntax Description

all

(Optional) Shows all commands, including the commands you have not changed from the default.

bridge_group_number

Specifies the bridge group number as an integer between 1 and 100.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-config interface bvi command:

hostname# show running-config interface bvi 1

interface BVI1

Related Commands

Command
Description

bridge-group

Groups two transparent firewall interfaces into a bridge group.

clear configure interface bvi

Clears the bridge virtual interface configuration.

interface

Configures an interface.

interface bvi

Enters the interface configuration mode for a bridge group so you can set the management IP address.

ip address

Sets the management IP address for a bridge group.


show running-config ip address

To show the IP address configuration in the running configuration, use the show running-config ip address command in privileged EXEC mode.

show running-config ip address [mapped_name | interface_name]

Syntax Description

interface_name

(Optional) Identifies the interface name set with the nameif command.

mapped_name

(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command.


Defaults

If you do not specify an interface, this command shows the IP address configuration for all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

In multiple context mode, if you mapped the interface ID in the allocate-interface command, you can only specify the mapped name or the interface name in a context.

In transparent firewall mode, do not specify an interface because the transparent firewall does not have IP addresses associated with the interfaces.

This display also shows the nameif command and security-level command configuration.

Examples

The following is sample output from the show running-config ip address command:

hostname# show running-config ip address
!
interface GigabitEthernet0
 nameif inside
 security-level 100
 ip address 10.86.194.60 255.255.254.0
!
interface GigabitEthernet1
 nameif test
 security-level 0
 ip address 10.10.4.200 255.255.0.0
!

Related Commands

Command
Description

clear configure interface

Clears the interface configuration.

interface

Configures an interface and enters interface configuration mode.

ip address

Sets the IP address for the interface or sets the management IP address for a transparent firewall.

nameif

Sets the interface name.

security-level

Sets the security level for the interface.


show running-config ip local pool

To display IP address pools, use the show running-config ip local pool command in privileged EXEC mode.

show running-config ip local pool [poolname]

Syntax Description

poolname

(Optional) Specifies the name of the IP address pool.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

EXEC

Global configuration


Command History

Release
Modification

3.1(1)

Support for this command was introduced.


Examples

The following is sample output from the show running-config ip local pool command:

hostname(config)# show running-config ip local pool firstpool

Pool            Begin           End             Mask             Free    In use
firstpool               10.20.30.40     10.20.30.50     255.255.255.0      11
	0
Available Addresses:
10.20.30.40
10.20.30.41
10.20.30.42
10.20.30.43
10.20.30.44
10.20.30.45
10.20.30.46
10.20.30.47
10.20.30.48
10.20.30.49
10.20.30.50

hostname(config)# 

Related Commands

Command
Description

clear configure ip local pool

Removes all ip local pools

ip local pool

Configures an IP address pool.


show running-config ip verify reverse-path

To show the ip verify reverse-path configuration in the running configuration, use the show running-config ip verify reverse-path command in privileged EXEC mode.

show running-config ip verify reverse-path [interface interface_name]

Syntax Description

interface interface_name

(Optional) Shows the configuration for the specified interface.


Defaults

This command shows the configuration for all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC

·

·

·


Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

This command was changed from show ip verify reverse-path.


Examples

The following is sample output from the show ip verify statistics command:

hostname# show running-config ip verify reverse-path
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip verify reverse-path interface dmz

Related Commands

Command
Description

clear configure ip verify reverse-path

Clears the ip verify reverse-path configuration.

clear ip verify statistics

Clears the Unicast RPF statistics.

ip verify reverse-path

Enables the Unicast Reverse Path Forwarding feature to prevent IP spoofing.

show ip verify statistics

Shows the Unicast RPF statistics.


show running-config ipv6

To display the IPv6 commands in the running configuration, use the show running-config ipv6 command in privileged EXEC mode.

show running-config [all] ipv6

Syntax Description

all

(Optional) Shows all ipv6 commands, including the commands you have not changed from the default, in the running configuration.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following is sample output from the show running-config ipv6 command:

hostname# show running-config ipv6
ipv6 unicast-routing
ipv6 route vlan101 ::/0 fec0::65:0:0:a0a:6575
ipv6 access-list outside_inbound_ipv6 permit ip any any
ipv6 access-list vlan101_inbound_ipv6 permit ip any any 
hostname#

Related Commands

Command
Description

debug ipv6

Displays IPv6 debug messages.

show ipv6 access-list

Displays the IPv6 access list.

show ipv6 interface

Displays the status of the IPv6 interfaces.

show ipv6 route

Displays the contents of the IPv6 routing table.

show ipv6 traffic

Displays IPv6 traffic statistics.


show running-config isakmp

To display the complete ISAKMP configuration, use the show running-config isakmp command in privileged EXEC mode.

show running-config isakmp

Syntax Description

This command has no default behavior or values.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Examples

The following example issued in global configuration mode, displays information about the ISAKMP configuration:

hostname(config-if)# show running-config isakmp
isakmp enable inside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
hostname(config)# 

Related Commands

Command
Description

clear configure isakmp

Clears all the ISAKMP configuration.

clear configure isakmp policy

Clears all ISAKMP policy configuration.

clear isakmp sa

Clears the IKE runtime SA database.

isakmp enable

Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the FWSM.

show isakmp sa

Displays IKE runtime SA database with additional information.