Table Of Contents

Displaying Virtualization Configuration and Statistics

Displaying Context Configurations

Displaying Domain Configurations

Displaying Resource Class Configurations

Displaying Role Configurations

Displaying Context Information

Displaying Resource Allocation

Displaying Resource Usage

Displaying User Roles

Displaying Domains

Displaying User Information

Logging Out a User

Clearing All Statistics in a Context

Displaying Virtualization Configuration and Statistics

---

This chapter describes the show commands that allow you to display a range of configuration and statistical information for the contexts configured on your Cisco 4700 Series Application Control Engine (ACE) appliance.

This chapter contains the following major sections:

•Displaying Context Configurations

•Displaying Domain Configurations

•Displaying Resource Class Configurations

•Displaying Role Configurations

•Displaying Context Information

•Displaying Resource Allocation

•Displaying Resource Usage

•Displaying User Roles

•Displaying Domains

•Displaying User Information

•Logging Out a User

•Clearing All Statistics in a Context

Displaying Context Configurations

You can display context configurations by using the show running-config context command in Exec mode. This command displays all configured user contexts and their descriptions, resource classes, and allocated VLANs. The syntax of this command is as follows:

show running-config context

For example, enter:

host1/Admin# show running-config context

Displaying Domain Configurations

You can display domain configurations by using the show running-config domain command in Exec mode. This command displays all configured domains and their objects (access control lists [ACLs], class maps, interfaces, and so on). The syntax of this command is as follows:

show running-config domain

For example, enter:

host1/Admin# show running-config domain

Displaying Resource Class Configurations

You can display resource-class configurations by using the show running-config resource-class command in Exec mode. This command displays all configured resource classes and their resource allocation statements. The syntax of this command is as follows:

show running-config resource-class

For example, enter:

host1/Admin# show running-config resource-class

Displaying Role Configurations

You can display role configurations by using the show running-config role command in Exec mode. This command displays all configured roles, their descriptions, and associated rules. The syntax of this command is as follows:

show running-config role

For example, enter:

host1/Admin# show running-config role

Displaying Context Information

You can display a list of contexts including the name, description, resource class, and interfaces by using the show context command in Exec mode. The syntax of this command is as follows:

show context name

For the name argument, enter the unique identifier of an existing context as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/Admin# show context C1

Table 3-1 describes the fields in the show context command output.

Table 3-1 Field Descriptions for the show context Command Output 

Field	Description
Name	Lists identifiers of all configured contexts. If you specify the name argument, the ACE displays the name of the context that you specify only.
Description	Previously configured text description of the context.
Resource-class	Resource class of which the context is a member.
VLANs	VLANs allocated to a user context from the Admin context.

Displaying Resource Allocation

You can view the allocation for each resource across all resource classes and class members by using the show resource allocation command in Exec mode. The syntax of this command is as follows:

show resource allocation

This command shows the resource allocation but does not show the actual resources being used. See the "Displaying Resource Usage" section for more information about actual resource usage.

For example, enter:

host1/Admin# show resource allocation

Table 3-2 describes the fields in the show resource allocation command output.

Table 3-2 Field Descriptions for the show resource allocation Command Output 

Field	Description
Parameter	Name of the resource that you can limit. See Chapter 2, Configuring Virtualization, for more information about each resource name.
Min	Minimum percentage of the total system resources that is allocated for a parameter in the specified resource class. For the default resource class, the minimum value for each resource is 0.00 percent.
Max	Maximum percentage of the total system resources that is allocated to a parameter in the specified resource class. For the default resource class, the Max value for each resource is equal to the total Max value of all contexts using the default resource class. For example, if you configure two user contexts and do not associate them with a resource class, the ACE automatically assigns the default resource class. If the Admin context also uses the default resource class, the Max value would equal 300% for each resource.
Class	Name of the resource class.

Displaying Resource Usage

You can display the resource usage for each context from the Admin context by using the show resource usage command in Exec mode. The syntax of this command is as follows:

show resource usage [all | [[context name | summary | top number] [resource {acc-connections | acl-memory | all | conc-connections | mgmt-connections | probes | proxy-connections | rate {bandwidth | connections | inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog} | regexp | sticky | syslogbuffer | xlates}]]] [counter [all | current | denied | peak [count_threshold]]]

The keywords, arguments, and options are as follows:

•all—(Optional) Displays the resource usage for each context individually. This is the default setting.

•context name—(Optional) Displays the resource usage for the specified context. The name argument is case sensitive.

•summary—(Optional) Displays the total resource usage for all contexts. For example, the denied column shows the items that have been denied for each context limit.

•top number—(Optional) Displays the greatest n users of a single resource arranged from the highest to the lowest percentage of resources used. You must specify a single resource type. You cannot use the resource all keywords with this option.

•resource—(Optional) Displays statistics for one of the following specified resources:

–acc-connections—Displays the number of application acceleration connections.

–acl-memory—Displays the ACL memory usage.

–all—Displays the resource usage for all resources used by the specified context or contexts.

–conc-connections—Displays the resource usage for the number of simultaneous connections.

–mgmt-connections—Displays the resource usage for the number of management connections.

–probes—Displays the resource usage for the probes.

–proxy-connections—Displays the resource usage for the proxy connections.

–rate—Displays the rate per second for the specified connections or syslog messages.

---

Note The syslog message statistics do not include the syslogs generated from the dataplane when you enable the logging of connection setup and teardown syslog messages through the logging fastpath command (see the Cisco 4700 Series Application Control Engine Appliance System Message Guide).

---

–regexp—Displays the resource usage for the regular expressions.

–sticky—Displays the resource usage for the sticky entries.

–syslogbuffer—Displays the resource usage for the syslog buffer.

–xlates—Displays the resource usage by Network Address Translation (NAT) and Port Address Translation (PAT) entries.

•counter—(Optional) Specify one of the following keywords as the counter name:

–all—(Optional) Displays all statistics. This is the default setting.

–current—(Optional) Displays the active concurrent instances or the current rate of the resource.

–denied—(Optional) Displays the number of denied uses of the resource since the resource statistics were last cleared.

–peak—(Optional) Displays the peak concurrent instances, or the peak rate of the resource since the statistics were last cleared, either by using the clear resource usage command or because the device rebooted.

•count_threshold—(Optional) Number above which resources are shown. Enter an integer from 0 to 4294967295. The default is 1. If the usage of the resource is below the number that you set, then the resource is not shown. If you specify all for the counter name, then the count_threshold applies to the current usage. To show all resources, set the count_threshold to 0.

For example, enter:

host1/Admin# show resource usage context C1 resource conc-connections 
counter denied 0

Table 3-3 describes the fields in the show resource usage command output.

Table 3-3 Field Descriptions for the show resource usage Command
Output 

Field	Description
Resource	The name of the limited resource in each context. See Chapter 2, Configuring Virtualization, for more information about each resource name.
Current	Active concurrent instances or the current rate of the resource.
Peak	Highest value of resource usage.
Allocation (Min/Max)	Allocation minimum value that indicates the resource units that are guaranteed to be available to each context. The allocation maximum value indicates the resource units that may be available to each context and are shared among all contexts from the oversubscription pool. When you configure the maximum value as equal-to-minimum, the maximum value is automatically set to 0. When the allocation maximum value is 0, no additional resource units are available beyond the allocation minimum value to each context.
Denied	Number of denied resources because of oversubscription or resource depletion.

Displaying User Roles

You can display the roles (predefined and user-configured) by using the show role command. The syntax of this command is as follows:

show role [name]

For the optional name argument, enter the unique identifier of the role as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. This parameter displays only the named role that you specify. To display all roles, enter the command without a name.

For example, to display all roles, enter:

host1/C1# show role

Table 3-4 describes the fields in the show role command output.

Table 3-4 Field Descriptions for the show role Command Output 

Field	Description
Role	Name of the role (for example, Admin).
Description	Text that describes the role (for example, Administrator).
Number of Rules	Number of rules associated with the role.
Rule	Sequence number of the rule.
Type	Type of rule. Possible values are Permit or Deny.
Permission	Permission level of the rule. The possible permission values ranked from highest to lowest, are Create, Modify, Debug, and Monitor.
Feature	Software feature associated with the rule (for example, access-list).

Displaying Domains

You can display information about the configured domains in the ACE by using the show domain command. The syntax of this command is as follows:

show domain [name]

For the optional name argument, enter the unique identifier of an existing domain as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/C1# show domain D1

Table 3-5 describes the fields in the show domain command output.

Table 3-5 Field Descriptions for the show domain Command Output 

Field	Description
Name	Unique identifier of the domain.
Object Type	List of objects associated with the domain (for example, Class-map).
Object Name	Configured identifier of the object.

Displaying User Information

You can display information for users who are currently logged in to the ACE by using the show users command. The syntax of this command is as follows:

show users [name]

For the optional name argument, enter the unique identifier of a user as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/Admin# show users admin

Table 3-6 describes the fields in the show users name command output.

Table 3-6 Field Descriptions for the show users name
Command Output 

Field	Description
User	Name of user.
Context	Name of the context associated with the user.
Line	Port through which the user connected to the ACE (for example, pts/1).
Login Time	Month, day, and time that the user logged in to the ACE (for example, Dec 7 20:11).
Location	Location of the user expressed as an IP address.
Role	Role assigned to the user (for example, Admin).
Domain(s)	Domain associated with the user (for example, default-domain).

To display user account information, use the show user-account command in Exec mode. The syntax of this command is as follows:

show user-account name

For the optional name argument, enter the unique identifier of a user as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/Admin# show user-account admin

Table 3-7 describes the fields in the show user-account command output.

Table 3-7 Field Descriptions for the show user-account Command
Output 

Field	Description
User	Name of the user.
Account Expiry	Date, if any, that the user account expires.
Roles	Role assigned to the user (for example, Admin).
Domain	Domain associated with the user (for example, default-domain).
Context	Name of the context associated with the user (for example, Admin).

Logging Out a User

You can force a user to log out (clear the user session) by using the clear user command in Exec mode. The syntax of this command is as follows:

clear user name

For the name argument, enter the name of an existing user as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, to log out the user named John, enter:

host1/Admin# clear user John

Clearing All Statistics in a Context

You can clear all statistical information in a context by using the clear stats all command in Exec mode. The syntax of this command is as follows:

clear stats all

For example, to clear all statistical information for context C1, enter:

host1/Admin# clear statistics all