Table Of Contents

show parameter-map type inspect

show parameter-map type protocol-info

show parameter-map type trend-global

show parameter-map type urlf-glob

show parameter-map type urlfilter

show parameter-map type urlfpolicy

show parser view

show platform hardware qfp act feature ipsec datapath memory

show platform software ipsec f0 encryption-processor registers

show policy-map type inspect

show policy-map type inspect urlfilter

show policy-map type inspect zone-pair

show policy-map type inspect zone-pair urlfilter

show port-security

show ppp queues

show private-hosts access-lists

show private-hosts configuration

show private-hosts interface configuration

show private-hosts mac-list

show privilege

show radius local-server statistics

show radius server-group

show radius statistics

show radius table attributes

show redundancy linecard-group

show running-config

show running-config vrf

show secure bootset

show snmp mib nhrp status

show ssh

show ssl-proxy module state

show tacacs

show tcp intercept connections

show tcp intercept statistics

show tech-support

show tech-support ipsec

show tms controller

show tms controller group

show tunnel endpoints

show usb controllers

show usb device

show usb driver

show usb port

show usb tree

show usbtoken

show user-group

show users

show parameter-map type inspect

To display user-configured or default inspect type parameter maps, use the show parameter-map type inspect command in privileged EXEC mode.

show parameter-map type inspect [default]

Syntax Description

default

(Optional) Displays the default inspect type parameter map values. Note Use this keyword when a parameter map is not specified with the inspect action.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.4(6)T	This command was introduced.

Examples

The following example shows sample output from the show parameter-map type inspect command:

Router# show parameter-map type inspect 

parameter-map type inspect abc

 audit-trail on

 alert on

 max-incomplete low 400

 max-incomplete high 500

 one-minute low 400

 one-minute high 500

 udp idle-time 30

 icmp idle-time 10

 dns-timeout 5

 tcp idle-time 3600

 tcp finwait-time 5

 tcp synwait-time 30

 tcp max-incomplete host 50 block-time 0

The following example shows sample output with the default keyword issued:

Router# show parameter-map type inspect default 

parameter-map type inspect default values

 audit-trail off

 alert on

 max-incomplete low 400 

 max-incomplete high 500 

 one-minute low 400

 one-minute high 500

 udp idle-time 30

 icmp idle-time 10

 dns-timeout 5

 tcp idle-time 3600

 tcp finwait-time 5

 tcp synwait-time 30

 tcp max-incomplete host 50 block-time 0

show parameter-map type protocol-info

To display details of an instant messenger (IM) protocol-specific parameter map, use the show parameter-map type protocol-info command in privileged EXEC mode.

show parameter-map type protocol-info [parameter-map-name [dns-cache] | dns-cache zone-pair zone-pair]

Syntax Description

parameter-map-name	(Optional) Displays details only for a specified parameter map. If a parameter map is not specified, details for all configured IM-specific parameters are displayed.
dns-cache	(Optional) Lists resolved IP address for the servers in the parameter map.
dns-cache zone-pair zone-pair	(Optional) Displays resolved IP addresses for a specified zone pair.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.4(9)T	This command was introduced.

Examples

The following example shows how to enable the show parameter-map type protocol-info command:

Router# show parameter-map type protocol-info

show parameter-map type trend-global

To display the parameter map for the global parameters for a Trend Micro URL filtering policy, use the show parameter-map type trend-global command in privileged EXEC mode.

show parameter-map type trend-global [parameter-map-name] [default]

Syntax Description

parameter-map-name	(Optional) The name of the parameter map for which to display parameters.
default	(Optional) Specifies that the default values for the global Trend Micro filtering parameters be displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(15)XZ	This command was introduced.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T.

Usage Guidelines

Use the show parameter-map type trend-global command to display the global parameters for Trend Micro URL filtering policies.

Examples

The following is sample output from the show parameter-map type trend-global default command:

Router# show parameter-map type trend-global default 

parameter-map type trend-global default values

   server trps.trendmicro.com http-port 80 https-port 443 retrans 3 timeout 60 

   alert on

   cache-size 256 KB

   cache-lifetime 24

The following is sample output from the show parameter-map type trend-global command when the server name and maximum cache size have been specified in the parameter map Global-Parameters:

Router# show parameter-map type trend-global Global-Parameters 

parameter-map type trend-global Global-Parameters

   server trps1.example.com http-port 80 https-port 443 retrans 3 timeout 60 

   alert on

   cache-size 300 KB

   cache-lifetime 24

Related Commands

Command	Description
show parameter-map type urlfpolicy	Displays the parameters for a URL filtering policy.

show parameter-map type urlf-glob

To display the parameter maps for local URL filtering, use the show parameter-map type urlf-glob command in privileged EXEC mode.

show parameter-map type urlf-glob [parameter-map-name]

Syntax Description

parameter-map-name

(Optional) Name of the URL filtering parameter map to display.

Command Default

The parameter maps for all local URL filtering policies are displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(15)XZ	This command was introduced.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T.

Usage Guidelines

Use the show parameter-map type urlf-glob command to display the parameter maps for local URL filtering policies.

Examples

The following is sample output from the show parameter-map type urlf-glob command when two parameter maps for local URL filtering have been configured:

Router# show parameter-map type urlf-glob 

parameter-map type urlf-glob trusted-domain-param

 pattern www.example.com

 pattern *.example1.com

parameter-map type urlf-glob untrusted-domain-param

 pattern www.example3.com

 pattern *.example4.com

Related Commands

Command	Description
show parameter-map type trend-global	Displays the global parameters for a Trend Micro URL filtering policy.
show parameter-map type urlfpolicy	Displays the parameters for a URL filtering policy.

show parameter-map type urlfilter

---

Note Effective with Cisco IOS Release 12.4(15)XZ, the show parameter-map type urlfilter command is not available in Cisco IOS software.

---

To display user-configured or default URL filter type parameter maps, use the show parameter-map type urlfilter command in privileged EXEC mode.

show parameter-map type urlfilter [default]

Syntax Description

default

(Optional) Displays the default urlfilter parameter map values. Note If this keyword is not issued, user-configured parameter maps will be displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(6)T	This command was introduced.
12.4(15)XZ	This command was removed.

Examples

The following example shows sample output from the show parameter-map type urlfilter command:

Router# show parameter-map type urlfilter 

 parameter-map type urlfilter default values

  urlf-server-log off

  audit-trail off

  alert on

  max-request 1000

  max-resp-pak 200

  source-interface default

  allow-mode off

  cache 5000

The following example shows sample output from the show parameter-map type urlfilter default command:

Router# show parameter-map type urlfilter default

parameter-map type urlfilter default values

 urlf-server-log off

 audit-trail off

 alert on

 max-request 1000

 max-resp-pak 200

 source-interface default

 allow-mode off

 cache 5000

show parameter-map type urlfpolicy

To display the parameter maps associated with a URL filtering policy, use the show parameter-map type urlfpolicy command in privileged EXEC mode.

show parameter-map type urlfpolicy {local | trend | n2h2 | websense}
[parameter-map-name] [default]

Syntax Description

local	Specifies that the parameters for local URL filtering policies be displayed.
trend	Specifies that the parameters for Trend Micro URL filtering policies be displayed.
n2h2	Specifies that the parameters for SmartFilter URL filtering policies be displayed.
websense	Specifies that the parameters for Websense URL filtering policies be displayed.
parameter-map-name	(Optional) The name of the parameter map for a URL filtering policy to be displayed.
default	(Optional) Displays the default values for the URL filtering policy. Note If this keyword is not issued, user-configured values will be displayed.

Command Default

The parameter maps for all URL filtering policies of the type specified (local, trend, n2h2, or websense) are displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(15)XZ	This command was introduced.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T.

Examples

The following example shows the default values for a Websense URL filtering policy:

Router# show parameter-map type urlfpolicy websense default

 parameter-map type urlfilter websense default values

  urlf-server-log off

  audit-trail off

  alert on

  max-request 1000

  max-resp-pak 200

  source-interface default

  allow-mode off

  cache 5000

show parser view

To display command-line interface (CLI) view information, use the show parser view command in privileged EXEC mode.

show parser view [all]

Syntax Description

all	(Optional) Displays information about all CLI views that are configured on the router.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(7)T	This command was introduced.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.

Usage Guidelines

The show parser view command will display information only about the view that the user is currently in. This command is available for both root view users and lawful intercept view users—except for the all keyword, which is available only to root view users. However, the all keyword can be configured by a user in root view to be available for users in lawful intercept view.

The show parser view command cannot be excluded from any view.

Examples

The following example shows how to display information from the root view and the CLI view "first":

Router# enable view

Router# 

01:08:16:%PARSER-6-VIEW_SWITCH:successfully set to view 'root'.

Router# 

! Enable the show parser view command from the root view

Router# show parser view 

Current view is 'root'

! Enable the show parser view command from the root view to display all views

Router# show parser view all 

Views Present in System:

View Name:   first 

View Name:   second 

! Switch to the CLI view "first."

Router# enable view first 

Router#

01:08:09:%PARSER-6-VIEW_SWITCH:successfully set to view 'first'.

! Enable the show parser view command from the CLI view "first."

Router# show parser view

Current view is 'first'

Related Commands

Command	Description
parser view	Creates or changes a CLI view and enters view configuration mode.

show platform hardware qfp act feature ipsec datapath memory

To display debugging information about the consumption of IPsec datapath memory, use the show platform hardware qfp act feature ipsec datapath memory command in privileged EXEC or diagnostic mode.

show platform hardware qfp act feature ipsec datapath memory

Command Default

No default behavior or values

Command Modes

Privileged EXEC (#)

Diagnostic (diag)

Command History

Release	Modification
Cisco IOS XE Release 2.4.2	This command was introduced on the Cisco ASR 1000 Series Routers.

Usage Guidelines

This command displays the consumption of dynamic random access memory (DRAM) on the IPSec Cisco QuantumFlow Processor (QFP) datapath.

show platform hardware qfp act feature ipsec datapath memory

pstate chunk totalfree: 80000, allocated: 0

Related Commands

Command	Description
show platform software ipsec f0 encryption-processor registers	Displays dubugging information about the crypto engine processor registers.

show platform software ipsec f0 encryption-processor registers

To display debugging information about the crypto engine processor registers, use the show platform software ipsec f0 encryption-processor registers command in privileged EXEC or diagnostic mode.

show platform software ipsec f0 encryption-processor registers

Command Default

No default behavior or values

Command Modes

Privileged EXEC (#)

Diagnostic (diag)

Command History

Release	Modification
Cisco IOS XE Release 2.4.2	This command was introduced on the Cisco ASR 1000 Series Routers.

Usage Guidelines

This command displays debugging information for crypto engine processor registers.

show platform software ipsec f0 encryption-processor registers

Forwarding Manager Encryption-processor Registers

     reg_addr : 00000000,    reg_val  : 0000ca5b

     reg_addr : 00000008,    reg_val  : 00000000

     reg_addr : 00000010,    reg_val  : 00000000

     reg_addr : 00000018,    reg_val  : 22f10038

     reg_addr : 00000020,    reg_val  : 00000800

     reg_addr : 00000028,    reg_val  : 00002040

     reg_addr : 00000030,    reg_val  : 00000000

     reg_addr : 00000038,    reg_val  : 23158838 

Related Commands

Command	Description
show platform hardware qfp act feature ipsec datapath memory	Displays debugging information about the consumption of IPsec datapath memory.

show policy-map type inspect

To display a specified policy map, use the show policy-map type inspect command in privileged EXEC mode.

show policy-map type inspect [policy-map-name] [class class-map-name]

Syntax Description

policy-map-name	(Optional) Name of the policy map.
class class-map-name	(Optional) Name of the class map.

Command Default

If a policy-map name is not specified, all Level 7 policy maps are displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.4(6)T	This command was introduced.

Examples

The following example displays the policy map for policy map p1:

Router # show policy-map type inspect p1 

 Policy Map type inspect p1

  Class c1

   Inspect

The following example shows sample command output:

Router# show policy-map type inspect p_inside 

Policy Map type inspect p_inside

 Description: Policy map with inspect action

 Class c_permit

  Pass

 Class c_test

 Class class-default

Table 143 describes the significant fields shown in the display.

Table 143 show policy-map type inspect Field Descriptions 

Field	Description
p_inside	Name of the policy map.
Description	Description of the policy map.
Class	Name of the class map.
Pass	Allows packets to be sent to the router without being inspected.

show policy-map type inspect urlfilter

To display the details of a URL filtering policy map, use the show policy-map type inspect urlfilter command in privileged EXEC mode.

show policy-map type inspect urlfilter [policy-map-name]

Syntax Description

policy-map-name

(Optional) Name of the policy map for which details are displayed.

Command Default

The details of all URL filtering policy maps are displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(15)XZ	This command was introduced.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T.

Usage Guidelines

Use the show policy-map type inspect urlfilter command to display the details of all URL filtering policy maps. To display the details of a particular URL filtering policy map, specify the name of the policy map.

Examples

The following is sample output from the show policy-map type inspect urlfilter command for a policy map named websense-policy:

Router# show policy-map type inspect urlfilter websense-policy

policy-map type inspect urlfilter url-websense-policy

  parameter-map urlfpolicy websense websense-parameter-map

  class type urlfilter trusted-domain-lists

   allow

  class type urlfilter untrusted-domain-lists

   reset

  class type urlfilter block-url-keyword-lists

   reset 

  class type urlfilter websense websense-map

   server-specified-action

show policy-map type inspect zone-pair

To display the runtime inspect type policy map statistics and other information such as sessions existing on a specified zone pair, use the show policy-map type inspect zone-pair command in privileged EXEC mode.

show policy-map type inspect zone-pair [zone-pair-name] [sessions]

Syntax Description

zone-pair-name	(Optional) Zone pair for which the system will display the runtime inspect type policy-map statistics. Default: The requested information is shown for all zone pairs.
sessions	(Optional) Displays the Cisco IOS stateful packet inspection sessions created because of the policy-map application on the specified zone pair.

Command Default

Information about policy maps for all zone pairs is displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(6)T	This command was introduced.
12.4(9)T	The output from this command was enhanced to display the police action configuration.
12.4(15)XZ	This command was implemented on the following platforms: Cisco 881 and Cisco 888.

Usage Guidelines

If you do not specify a zone-pair name (via the zone-pair-name argument), the policy maps on all zone pairs are displayed.

When packets are matched to an access group (match access-group), protocol (match protocol) or class map (match class-map), a traffic rate is generated for these packets. In a zone-based firewall policy, only the first packet that creates a session matches the policy. Subsequent packets in this flow do not match the filters in the configured policy, but instead match the session directly. The statistics related to subsequent packets are shown as part of the 'inspect' action. This information is shown when using the show policy-map type inspect zone-pair sessions command.

Command Limitations

The cumulative counters in the show policy-map type inspect zone-pair command output do not increment for match statements in a nested class-map configuration in Cisco IOS Releases 12.4(20)T and 12.4(15)T. The problem with the counters exists regardless of whether the top level class-map uses the match-any or match-all keywords.

The following configuration example causes the match counter problem in the show policy-map type inspect zone-pair command output:

class-map type inspect match-any y

 match protocol tcp

 match protocol icmp

class-map type inspect match-all x

 match class y

However, cumulative counters for the above configuration is displayed in the show policy-map type inspect zone-pair command output if the class-map matches any class-map:

#show policy-map type inspect zone session

policy exists on zp zp

 Zone-pair: zp

  Service-policy inspect : fw

    Class-map: x (match-any)

      Match: class-map match-any y

        2 packets, 48 bytes   <======== Cumulative class map counters are incrementing.

        30 second rate 0 bps

        Match: protocol tcp

          0 packets, 0 bytes     <===== The match for the protocol is not incrementing.

          30 second rate 0 bps

        Match: protocol icmp

          0 packets, 0 bytes

          30 second rate 0 bps

   Inspect

      Number of Established Sessions = 1

      Established Sessions

        Session 53105C0 (1.1.1.2:19180)=>(2.1.1.2:23) tacacs:tcp SIS_OPEN

          Created 00:00:02, Last heard 00:00:02

          Bytes sent (initiator:responder) [30:69]

    Class-map: class-default (match-any)

      Match: any 

      Drop

        0 packets, 0 bytes

Examples

The following example shows sample output when a zone pair name is specified:

Router# show policy-map type inspect zone-pair zp 

 Zone-pair: zp

  Service-policy : p1

   Class-map: c1 (match-all)

    Match: protocol tcp

    Inspect

     Session creations since subsystem startup or last reset 0

     Current session counts (estab/half-open/terminating) [0:0:0]

     Maxever session counts (estab/half-open/terminating) [0:0:0]

     Last session created never

     Last statistic reset never

     Last session creation rate 0

     half-open session total 0   

   Class-map: c2 (match-all)

    Match: protocol udp

    Pass

     0 packets, 0 bytes

   Class-map: class-default (match-any)

    Match: any

    Drop

     0 packets, 0 bytes

The following example shows sample output when the sessions keyword is specified:

---

Note The information shown under the class-map field is the traffic rate (bits per second) of the traffic belonging to the connection initiating traffic only. Unless the connection setup rate is significantly high and sustained for multiple intervals over which the rate is computed, no significant data is shown for the connection.

---

Router# show policy-map type inspect zone-pair sessions 

Zone-pair: zp_inside

 Service-policy inspect : p_inside

  Class-map: c_permit (match-all)

   Match: access-group 110

   Pass

    0 packets, 0 bytes

  Class-map: c_test (match-any)

   Match: protocol ftp

    7 packets, 196 bytes

    30 second rate 0 bps

   Inspect

    Established Sessions

     Session 663D2098 (192.168.5.1:59391)=>(192.168.105.1:1024) ftp

SIS_OPEN

 Created 00:00:40, Last heard 00:00:00

 Bytes sent (initiator:responder) [71:475]

 Session 663D1B48 (192.168.5.1:59393)=>(192.168.105.1:1026) ftp

SIS_OPEN

 Created 00:00:35, Last heard 00:00:00

 Bytes sent (initiator:responder) [71:414]

 Session 663D18A0 (192.168.105.1:20)=>(192.168.5.1:59395)

ftp-data SIS_OPEN

         Created 00:00:00, Last heard 00:00:00

         Bytes sent (initiator:responder) [319488:0]

        Session 663D15F8 (192.168.105.1:41789)=>(192.168.5.1:59396)

ftp-data SIS_OPEN

 Created 00:00:00, Last heard 00:00:00

 Bytes sent (initiator:responder) [322004:0]

 Session 663D1DF0 (192.168.5.1:59392)=>(192.168.105.1:1025) ftp

SIS_OPEN

 Created 00:00:39, Last heard 00:00:01

 Bytes sent (initiator:responder) [71:475]

 Session 663D2340 (192.168.5.1:59390)=>(192.168.105.1:21) ftp

SIS_OPEN

 Created 00:00:44, Last heard 00:00:01

 Bytes sent (initiator:responder) [71:221]

 Session 663D10A8 (192.168.105.1:41791)=>(192.168.5.1:59398)

ftp-data SIS_OPEN

 Created 00:00:01, Last heard 00:00:00

 Bytes sent (initiator:responder) [195312:0]

 Session 663D1350 (192.168.105.1:41790)=>(192.168.5.1:59397)

ftp-data SIS_OPEN

 Created 00:00:01, Last heard 00:00:00

 Bytes sent (initiator:responder) [240408:0]

  Class-map: class-default (match-any)

   Match: any 

   Drop (default action)

    4 packets, 104 bytes

Zone-pair: zp_outside

Service-policy inspect : p_outside

  Class-map: c_permit (match-all)

   Match: access-group 110

   Pass

    2 packets, 128 bytes

  Class-map: class-default (match-any)

   Match: any 

   Drop (default action)

    0 packets, 0 bytes

The following example is sample output from the show policy-map type inspect zone-pair command, which can now be used to verify the police action configuration:

Router# show policy-map type inspect zone-pair 

Zone-pair: zp

Service-policy inspect : test-udp

  Class-map: check-udp (match-all)

   Match: protocol udp

   Inspect

    Packet inspection statistics [process switch:fast switch]

    udp packets: [3:4454]

    Session creations since subsystem startup or last reset 92

    Current session counts (estab/half-open/terminating) [5:33:0]

    Maxever session counts (estab/half-open/terminating) [5:59:0]

    Last session created 00:00:06

    Last statistic reset never

    Last session creation rate 61

    Last half-open session total 33

   Police

   rate 8000 bps,1000 limit 

   conformed 2327 packets, 139620 bytes; actions: transmit

   exceeded 36601 packets, 2196060 bytes; actions: drop

   conformed 6000 bps, exceed 61000 bps

  Class-map: class-default (match-any)

   Match: any 

   Drop (default action)

   0 packets, 0 bytes 

show policy-map type inspect zone-pair urlfilter

To display the details of a URL filtering policy map—URL filter state, URL filter statistics, and URL filter server details—use the show policy-map type inspect zone-pair urlfilter command in privileged EXEC mode.

show policy-map type inspect zone-pair [zone-pair-name] urlfilter cache [detail]

Syntax Description

zone-pair-name	(Optional) Zone pair for which the system will display the runtime inspect type policy-map statistics. Default: The requested information is shown for all zone pairs.
cache	Displays information about the URL filter cache.
detail	(Optional) Displays each entry in the cache. Because cache entries can be long, only the first few bytes are displayed.

Command Default

The URL filter information for all zone pairs is displayed. Details about the URL filtering cache are not displayed.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(6)T	This command was introduced.
12.4(15)XZ	This command was implemented on the following platforms: Cisco 881 and Cisco 888. The detail keyword was added to show more information about the URL filtering cache.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T. The detail keyword was added to show more information about the URL filtering cache.

Examples

The following example shows sample output for a Websense URL filtering server:

Router# show policy-map type inspect zone-pair urlfilter cache 

Zone-pair: zp

 Urlfilter

 Websense URL Filtering is ENABLED

 Websense Primary server: 10.3.3.3(port : 15868)   

 recount: 0

 Current packet buffer count(in use): 0

 Current cache entry count: 0

 Maxever request count: 0

 Maxever packet buffer count: 0

 Maxever cache entry count: 0

 Total requests sent to URL Filter Server :0

 Total responses received from URL Filter Server :0

 Total requests allowed: 0

 Total requests blocked: 0

Drop (default action)

 packets, 0 bytes

 Service-policy inspect : test

  Class-map: test (match-all)

   Match: protocol http

  Class-map: class-default (match-any)

   Match: any 

The following example shows sample output for a Trend Micro URL filtering server, including the cache details:

Router# show policy-map type inspect zone-pair urlfilter cache detail 

policy exists on zp zp_in

 Zone-pair: zp_in

 Service-policy inspect : trend-global-policy

  Class-map: http-class (match-all)

   Match: protocol http

   Match: access-group 101

 Inspect

   Packet inspection statistics [process switch:fast switch]

   tcp packets: [3353:0]

   Session creations since subsystem startup or last reset 21

   Current session counts (estab/half-open/terminating) [3:0:0]

   Maxever session counts (estab/half-open/terminating) [4:1:1]

   Last session created 00:00:22

   Last statistic reset never

   Last session creation rate 7

   Maxever session creation rate 14

   Last half-open session total 0

   Maximum number of bytes in cache: 131072000

   Time to live for eache cache entry (in hrs): 1

   Total number of bytes used by cache: 442

   Number of bytes used by domain type cache: 442

   Number of bytes used by directory type cache: 0

   ------------------------------------------------------------

   URL                                  Age   Access #/  Cat::Rep

   (Directory cache end with /)   (day:h:m:s)    Idle Time

   ------------------------------------------------------------

   example.com             0:00:00:23      28   58::100                                                                                  

   example1.com            0:00:00:25       1   56::100                                                                                  

   example.example2.com    0:00:00:34       1   56::100                                                                                  

  Class-map: class-default (match-any)

   Match: any

   Drop

     0 packets, 0 bytes

policy exists on zp zp_out

 Zone-pair: zp_out

 Service-policy inspect : icmp_permit

  Class-map: icmp_permit (match-all)

   Match: access-group 110

   Pass

    0 packets, 0 bytes

  Class-map: class-default (match-any)

   Match: any

   Drop

    0 packets, 0 bytes

show port-security

To display information about the port-security setting in EXEC command mode, use the show port-security command.

show port-security [interface interface interface-number]

show port-security [interface interface interface-number] {address | vlan}

Syntax Description

interface interface	(Optional) Specifies the interface type; possible valid values are ethernet, fastethernet, gigabitethernet, and longreachethernet.
interface-number	Interface number. Valid values are 1 to 6.
address	Displays all the secure MAC addresses that are configured on all the switch interfaces or on a specified interface with aging information for each address.
vlan	Virtual LAN.

Defaults

This command has no default settings.

Command Modes

EXEC

Command History

Release	Modification
12.2(14)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(18)SXE	The address keyword was added to display the maximum number of MAC addresses configured per VLAN on a trunk port on the Supervisor Engine 720 only.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.

Usage Guidelines

The vlan keyword is supported on trunk ports only and displays per-Vlan maximums set on a trunk port.

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.

Examples

This example shows the output from the show port-security command when you do not enter any options:

Router# show port-security

Secure Port      MaxSecureAddr  CurrentAddr  SecurityViolation  Security

Action

                    (Count)        (Count)      (Count)

----------------------------------------------------------------------------

     Fa5/1           11            11            0            Shutdown

     Fa5/5           15            5             0            Restrict

     Fa5/11          5             4             0            Protect

----------------------------------------------------------------------------

Total Addresses in System: 21

Max Addresses limit in System: 128

Router# 

This example shows how to display port-security information for a specified interface:

Router# show port-security interface fastethernet 5/1

Port Security: Enabled

Port status: SecureUp

Violation mode: Shutdown

Maximum MAC Addresses: 11

Total MAC Addresses: 11

Configured MAC Addresses: 3

Aging time: 20 mins

Aging type: Inactivity

SecureStatic address aging: Enabled

Security Violation count: 0

Router# 

This example show how to display all the secure MAC addresses that are configured on all the switch interfaces or on a specified interface with aging information for each address:

Router# show port-security address

Default maximum: 10 

VLAN Maximum Current 

1    5       3 

2    4       4 

3    6       4

Router#

Related Commands

Command	Description
clear port-security	Deletes configured secure MAC addresses and sticky MAC addresses from the MAC address table.

show ppp queues

To monitor the number of requests processed by each authentication, authorization, and accounting (AAA) background process, use the show ppp queues command in privileged EXEC mode.

show ppp queues

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
11.3(2)AA	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use the show ppp queues command to display the number of requests handled by each AAA background process, the average amount of time it takes to complete each request, and the requests still pending in the work queue. This information can help you balance the data load between the network access server and the AAA server.

This command displays information about the background processes configured by the aaa processes global configuration command. Each line in the display contains information about one of the background processes. If there are AAA requests in the queue when you enter this command, the requests will be printed as well as the background process data.

Examples

The following example shows output from the show ppp queues command:

Router# show ppp queues

Proc #0   pid=73  authens=59   avg. rtt=118s. authors=160  avg. rtt=94s.

Proc #1   pid=74  authens=52   avg. rtt=119s. authors=127  avg. rtt=115s.

Proc #2   pid=75  authens=69   avg. rtt=130s. authors=80   avg. rtt=122s.

Proc #3   pid=76  authens=44   avg. rtt=114s. authors=55   avg. rtt=106s.

Proc #4   pid=77  authens=70   avg. rtt=141s. authors=76   avg. rtt=118s.

Proc #5   pid=78  authens=64   avg. rtt=131s. authors=97   avg. rtt=113s.

Proc #6   pid=79  authens=56   avg. rtt=121s. authors=57   avg. rtt=117s.

Proc #7   pid=80  authens=43   avg. rtt=126s. authors=54   avg. rtt=105s.

Proc #8   pid=81  authens=139  avg. rtt=141s. authors=120  avg. rtt=122s.

Proc #9   pid=82  authens=63   avg. rtt=128s. authors=199  avg. rtt=80s.

queue len=0 max len=499

Table 144 describes the fields shown in the example.

Table 144 show ppp queues Field Descriptions

Field	Description
Proc #	Identifies the background process allocated by the aaa processes command to handle AAA requests for PPP. All of the data in this row relates to this process.
pid=	Identification number of the background process.
authens=	Number of authentication requests the process has performed.
avg. rtt=	Average delay (in seconds) until the authentication request was completed.
authors=	Number of authorization requests the process has performed.
avg. rtt=	Average delay (in seconds) until the authorization request was completed.
queue len=	Current queue length.
max len=	Maximum length the queue ever reached.

Related Commands

Command	Description
aaa processes	Allocates a specific number of background processes to be used to process AAA authentication and authorization requests for PPP.

show private-hosts access-lists

To display the access lists for your Private Hosts configuration, use the show private-hosts access-lists command in privileged EXEC mode.

show private-hosts access-lists

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRB	This command was introduced.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Examples

The following example shows how to display the Private Hosts access lists for your configuration:

Router# show private-hosts access-lists 

Promiscuous ACLs

Action Permit   Sequence # 010

    Source:0000.1111.4001 0000.0000.0000 Destination:0000.0000.0000 ffff.ffff.ffff

Action Deny     Sequence # 020

    Source:0000.0000.0000 ffff.ffff.ffff Destination:0000.0000.0000 ffff.ffff.ffff

Isolated ACLs

Action Deny     Sequence # 010

    Source:0000.1111.4001 0000.0000.0000 Destination:0000.0000.0000 ffff.ffff.ffff

Action Permit   Sequence # 020

    Source:0000.0000.0000 ffff.ffff.ffff Destination:0000.1111.4001 0000.0000.0000 Action 
Redirect Sequence # 030 Redirect index 6

    Source:0000.0000.0000 ffff.ffff.ffff Destination:ffff.ffff.ffff 0000.0000.0000

Action Permit   Sequence # 040

    Source:0000.0000.0000 ffff.ffff.ffff Destination:0100.5e00.0000 0000.007f.ffff

    Source:0000.0000.0000 ffff.ffff.ffff Destination:3333.0000.0000 0000.ffff.ffff

Action Deny     Sequence # 050

    Source:0000.0000.0000 ffff.ffff.ffff Destination:0000.0000.0000 ffff.ffff.ffff

Mixed ACLs

Action Permit   Sequence # 010

    Source:0000.1111.4001 0000.0000.0000 Destination:ffff.ffff.ffff 0000.0000.0000 Action 
Redirect Sequence # 020 Redirect index 6

    Source:0000.0000.0000 ffff.ffff.ffff Destination:ffff.ffff.ffff 0000.0000.0000

Action Permit   Sequence # 030

    Source:0000.1111.4001 0000.0000.0000 Destination:0000.0000.0000 ffff.ffff.ffff

Action Permit   Sequence # 040

    Source:0000.0000.0000 ffff.ffff.ffff Destination:0000.1111.4001 0000.0000.0000

Action Deny     Sequence # 050

    Source:0000.0000.0000 ffff.ffff.ffff Destination:0000.0000.0000 ffff.ffff.ffff

Related Commands

Command	Description
show fm private-hosts	Displays information about the Private Hosts feature manager.
show private-hosts configuration	Displays Private Hosts configuration information for the networking device.
show private-hosts interface configuration	Displays Private Hosts configuration information for individual interfaces.

show private-hosts configuration

To display information about the Private Hosts configuration on the router, use the show private-hosts configuration command in privileged EXEC mode.

show private-hosts configuration

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(33)SRB	This command was introduced.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Examples

The following example shows sample command output:

Router# show private-hosts configuration 

Private hosts enabled. BR INDEX 6 State 0000000F

Privated hosts vlans lists:

200

Privated promiscuous MAC configuration:

A '*' mark behind the mac list indicates non-existent mac-list

--------------------------------------------------------------------------------

MAC-list                      VLAN list

--------------------------------------------------------------------------------

bras-list                    *** Uses the isolated vlans (if any) ***

The following example shows sample command output:

Router# show private-hosts configuration

Private-hosts enabled

Isolated vlan-list 10,12,15,200-300

Promiscuous MAC configuration:

------------------------------------------------------------------------------------

MAC-List               VLAN List 

-----------------------------------------------------------------------------------

Bras_list              10,12,15,200-300

Mcast_server_list      10,12,15

Router#

Related Commands

Command	Description
private-hosts	Enables or configures the Private Hosts feature.
private-hosts mode	Sets the switchport mode.
show fm private-hosts interface configuration	Displays the FM-related Private Hosts information.
show private-hosts interface configuration	Displays Private Hosts configuration information for individual interfaces.

show private-hosts interface configuration

To display information about the Private Hosts configuration on individual interfaces (ports), use the show private-hosts interface configuration command in privileged EXEC mode.

show private-hosts interface configuration

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRB	This command was introduced.
12.2(33)SXH	This command was integrated in Cisco IOS Release 12.2(33)SXH.

Examples

The following example shows sample command output:

Router# show private-hosts interface configuration 

Private hosts enabled

Debug Events: 0 Acl: 0 API: 0

Promiscuous interface list

--------------------------

GigabitEthernet1/1 promiscuous connected Facing BRAS Jupiter

Isolated interface list

-------------------------

FastEthernet3/1-14 isolated connected Facing DSLAM AB-125-1

Mixed mode interface list

--------------------------

GigabitEthernet1/4-5 mixed connected Facing Server Mars

Router#

Related Commands

Command	Description
private-hosts	Enables or configures the Private Hosts feature.
private-hosts mode	Sets the switchport mode.
show fm private-hosts	Displays the FM-related Private Hosts information.
show private-hosts configuration	Displays Private Hosts configuration information for the router.

show private-hosts mac-list

To display the contents of the MAC address lists defined for Private Hosts, use the show private-hosts mac-list command in privileged EXEC mode.

show private-hosts mac-list [list-name]

Syntax Description

list-name

(Optional) The name of the MAC address list whose contents you want to display.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRB	This command was introduced.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Examples

The following example shows sample command output:

Router# show private-hosts mac-list 

MAC-List: bras-list

------------------------------------------------------------------

MAC address    Description

------------------------------------------------------------------

0000.1111.1111 BRAS-SERVER

Related Commands

Command	Description
private-hosts mac-list	Creates a MAC address list that identifies a content server that is being used to provide broadband services to isolated hosts.

show privilege

To display your current level of privilege, use the show privilege command in EXEC mode.

show privilege

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
10.3	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example shows sample output from the show privilege command. The current privilege level is 15.

Router# show privilege

Current privilege level is 15

Related Commands

Command	Description
enable password	Sets a local password to control access to various privilege levels.
enable secret	Specifies an additional layer of security over the enable password command.

show radius local-server statistics

To display the statistics for the local authentication server, use the show radius local-server statistics command in privileged EXEC mode.

show radius local-server statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(11)JA	This command was introduced on the Cisco Aironet Access Point 1100 and the Cisco Aironet Access Point 1200.
12.3(11)T	This command was integrated into Cisco IOS Release 12.3(11)T and implemented on the following platforms: Cisco 2600XM, Cisco 2691, Cisco 2811, Cisco 2821, Cisco 2851, Cisco 3700, and Cisco 3800 series routers.

Examples

The following output displays statistics for the local authentication server.

Router# show radius local-server statistics

Successes              : 11262       Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 8

Unknown NAS            : 0           Invalid packet from NAS: 0

NAS : 10.0.0.1

Successes              : 11262       Unknown usernames      : 0

Client blocks          : 0           Invalid passwords      : 8

Corrupted packet       : 0           Unknown RADIUS message : 0

No username attribute  : 0           Missing auth attribute : 0

Shared key mismatch    : 0           Invalid state attribute: 0

Unknown EAP message    : 0           Unknown EAP auth type  : 0

PAC refresh            : 0           Invalid PAC received   : 0

Maximum number of configurable users: 50, current user count: 11

Username                  Successes  Failures  Blocks

vayu-ap-1                      2235         0       0

vayu-ap-2                      2235         0       0

vayu-ap-3                      2246         0       0

vayu-ap-4                      2247         0       0

vayu-ap-5                      2247         0       0

vayu-11                           3         0       0

vayu-12                           5         0       0

vayu-13                           5         0       0

vayu-14                          30         0       0

vayu-15                           3         0       0

scm-test                          1         8       0

The first section of statistics lists cumulative statistics from the local authenticator.

The second section lists statistics for each access point (NAS) authorized to use the local authenticator. The EAP-FAST statistics in this section include the following:

•Auto provision success—the number of PACs generated automatically

•Auto provision failure—the number of PACs not generated because of an invalid handshake packet or invalid username or password

•PAC refresh—the number of PACs renewed by clients

•Invalid PAC received—the number of PACs received that were expired, that the authenticator could not decrypt, or that were assigned to a client username not in the authenticator's database

The third section lists stats for individual users. If a user is blocked and the lockout time is set to infinite, blocked appears at the end of the stat line for that user. If the lockout time is not infinite, Unblocked in x seconds appears at the end of the stat line for that user.

Use the clear radius local-server statistics command in privileged EXEC mode to reset local authenticator statistics to zero.

Related Commands

Command	Description
block count	Configures the parameters for locking out members of a group to help protect against unauthorized attacks.
clear radius local-server	Clears the statistics display or unblocks a user.
debug radius local-server	Displays the debug information for the local server.
group	Enters user group configuration mode and configures shared setting for a user group.
nas	Adds an access point or router to the list of devices that use the local authentication server.
radius-server host	Specifies the remote RADIUS server host.
radius-server local	Enables the access point or router to be a local authentication server and enters into configuration mode for the authenticator.
reauthentication time	Specifies the time (in seconds) after which access points or wireless-aware routers must reauthenticate the members of a group.
ssid	Specifies up to 20 SSIDs to be used by a user group.
user	Authorizes a user to authenticate using the local authentication server.
vlan	Specifies a VLAN to be used by members of a user group.

show radius server-group

To display properties for the RADIUS server group, use the show radius server-group command in user EXEC or privileged EXEC mode.

show radius server-group {server-group-name | all | 123}

Syntax Description

server-group-name	Displays properties for the server group named. The character string used to name the group of servers must be defined using the aaa group server radius command.
all	Displays properties for all the server group.
server	Displays properties for a specific server or servers in the group.

Command Modes

User EXEC (>)
Privileged EXEC (#)

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.2(33)SRA	The server argument was introduced.

Usage Guidelines

Use the show radius server-group command to display the server groups that you defined by using the aaa group server radius command.

Examples

The following show radius server-group command output displays properties for the server group "rad_sg":

Router# show radius server-group rad_sg

server group rad-sg

 Sharecount = 1  sg_unconfigured = FALSE

 Type = standard  Memlocks = 1

The following show radius server-group command output displays the properties for two server groups, 123 and 456, respectively. Using the aaa group server radius command, the configuration of each server group is also shown.

Router(config)# aaa new-model

!

!

Router(config)# aaa group server radius 123

 server 10.9.8.1 auth-port 1645 acct-port 1646

!

Router(config)# aaa group server radius 456

 server 10.9.8.2 auth-port 1645 acct-port 1646

Router(config)# exit

Router# show radius server-group all

Server group 123

 Sharecount = 1  sg_unconfigured = FALSE

 Type = standard 

Server group 456

 Sharecount = 1  sg_unconfigured = FALSE

 Type = standard  

Router# show radius server-group 123

Server group 123

 Sharecount = 1  sg_unconfigured = FALSE

 Type = standard 

Table 145 describes the significant fields shown in the display.

Table 145 show radius server-group command Field Descriptions 

Field	Description
Server group	Name of the server group.
Sharecount	Number of method lists that are sharing this server group. For example, if one method list uses a particular server group, the sharecount would be 1. If two method lists use the same server group, the sharecount would be 2.
sg_unconfigured	Server group has been unconfigured.
Type	The type can be either "standard" or "nonstandard". The type indicates whether the servers in the group accept nonstandard attributes. If all servers within the group are configured with the nonstandard option, the type will be shown as "nonstandard".
Memlocks	An internal reference count for the server-group structure that is in memory. The number represents how many internal data structure packets or transactions are holding references to this server group. Memlocks is used internally for memory management purposes.

Related Commands

Command	Description
aaa group server radius	Groups different RADIUS server hosts into distinct lists and distinct methods.
show aaa servers	Displays information about the number of packets sent to and received from AAA servers.
show radius statistics	Displays the RADIUS statistics for accounting and authentication packets.

show radius statistics

To display the RADIUS statistics for accounting and authentication packets, use the show radius statistics command in EXEC mode.

show radius statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(3)T	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example is sample output for the show radius statistics command:

Router# show radius statistics

                                   Auth.      Acct.       Both

		Maximum inQ length:          NA         NA          1

       Maximum waitQ length:         NA         NA          2

       Maximum doneQ length:         NA         NA          1

       Total responses seen:         33         67        100

     Packets with responses:         33         67        100

  Packets without responses:          0          0          0

  Access Rejects           :          0

Average response delay(ms) :       1331        124        523

 Maximum response delay(ms):       5720       4800       5720

  Number of Radius timeouts:          8          2         10

       Duplicate ID detects:          0          0          0

 Buffer Allocation Failures:          0          0          0

Maximum Buffer Size (bytes):        156        327        327

Malformed Responses        :          0          0          0

Bad Authenticators         :          0          0          0

 Source Port Range: (2 ports only)

 1645 - 1646

 Last used Source Port/Identifier:

 1645/33

 1646/69

Table 146 describes significant fields shown in the display.

Table 146 show radius statistics Field Descriptions 

Field	Description
Auth.	Statistics for authentication packets.
Acct.	Statistics for accounting packets.
Both	Combined statistics for authentication and accounting packets.
Maximum inQ length	Maximum number of entries allowed in the queue, that holds the RADIUS messages not yet sent.
Maximum waitQ length	Maximum number of entries allowed in the queue, that holds the RADIUS messages that have been sent and are waiting for a response.
Maximum doneQ length	Maximum number of entries allowed in the queue, that holds the messages that have received a response and will be forwarded to the code that is waiting for the messages.
Total responses seen	Number of RADIUS responses seen from the server. In addition to the expected packets, this includes repeated packets and packets that do not have a matching message in the waitQ.
Packets with responses	Number of packets that received a response from the RADIUS server.
Packets without responses	Number of packets that never received a response from any RADIUS server.
Access Rejects	Number of times access requests have been rejected by a radius server.
Average response delay	Average time from when the packet was first transmitted to when it received a response. If the response timed out and the packet was sent again, this value includes the timeout. If the packet never received a response, this is not included in the average.
Maximum response delay	Maximum delay observed while gathering average response delay information.
Number of RADIUS timeouts	Number of times a server did not respond, and the RADIUS server re-sent the packet.
Duplicate ID detects	RADIUS has a maximum of 255 unique IDs. In some instances there can be more than 255 outstanding packets. When a packet is received, the doneQ is searched from the oldest entry to the youngest. If the IDs are the same, further techniques are used to see if this response matches this entry. If it is determined that this does not match, the duplicate ID detect counter is increased.
Buffer Allocation Failures	Number of times the buffer failed to get allocated.
Maximum Buffer Size (bytes)	Displays the maximum size of the buffer.
Malformed Responses	Number of corrupted responses, mostly due to bad authenticators.
Bad Authenticators	Number of authentication failures due to shared secret mismatches.
Source Port Range: (2 ports only)	Displays the port numbers.
Last used Source Port/Identifier	The ports that were last used by radius server for authentication.

Related Commands

Command	Description
radius-server host	Specifies a RADIUS server host.
radius-server retransmit	Specifies how many times the Cisco IOS software searches the list of RADIUS server hosts before giving up.
radius-server timeout	Sets the interval for which a router waits for a server host to reply.

show radius table attributes

To display a list of all attributes supported by the RADIUS subsystem, use the show radius table attributes command in user EXEC or privileged EXEC mode.

show radius table attributes

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)
Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRA	This command was introduced.

Usage Guidelines

This command enables you to verify that a required RADIUS attribute is supported in a specific release.

Examples

The following example displays the complete table attribute list from the show radius table attributes command.

Router# show radius table attributes 

IETF ATTRIBUTE LIST:

    Name User-Name                      Format String

    Name User-Password                  Format Binary

    Name CHAP-Password                  Format Binary

    Name NAS-IP-Address                 Format IPv4 Address

    Name NAS-Port                       Format Ulong

    Name Service-Type                   Format Enum

    Name Framed-Protocol                Format Enum

    Name Framed-IP-Address              Format IPv4 Address

    Name Framed-IP-Netmask              Format IPv4 Address

    Name Framed-Routing                 Format Ulong

    Name Filter-Id                      Format Binary

    Name Framed-MTU                     Format Ulong

    Name Framed-Compression             Format Enum

    Name login-ip-addr-host             Format IPv4 Address

    Name Login-Service                  Format Enum

    Name login-tcp-port                 Format Ulong

    Name Reply-Message                  Format Binary

    Name Callback-Number                Format String

    Name Framed-Route                   Format String

    Name Framed-IPX-Network             Format IPv4 Address

    Name State                          Format Binary

    Name Class                          Format Binary

    Name Vendor-Specific                Format Binary

    Name Session-Timeout                Format Ulong

    Name Idle-Timeout                   Format Ulong

    Name Termination-Action             Format Boolean

    Name Called-Station-Id              Format String

    Name Calling-Station-Id             Format String

    Name Nas-Identifier                 Format String

    Name Acct-Status-Type               Format Enum

    Name Acct-Delay-Time                Format Ulong

    Name Acct-Input-Octets              Format Ulong

    Name Acct-Output-Octets             Format Ulong

    Name Acct-Session-Id                Format String

    Name Acct-Authentic                 Format Enum

    Name Acct-Session-Time              Format Ulong

    Name Acct-Input-Packets             Format Ulong

    Name Acct-Output-Packets            Format Ulong

    Name Acct-Terminate-Cause           Format Enum

    Name Multilink-Session-ID           Format String

    Name Acct-Link-Count                Format Ulong

    Name Acct-Input-Giga-Words          Format Ulong

    Name Acct-Output-Giga-Words         Format Ulong

    Name Event-Timestamp                Format Ulong

    Name CHAP-Challenge                 Format Binary

    Name NAS-Port-Type                  Format Enum

    Name Port-Limit                     Format Ulong

    Name Tunnel-Type                    Format Enum

    Name Tunnel-Medium-Type             Format Enum

    Name Tunnel-Client-Endpoint         Format String

    Name Tunnel-Server-Endpoint         Format String

    Name Acct-Tunnel-Connection         Format String

    Name Tunnel-Password                Format Binary

    Name Prompt                         Format Enum

    Name Connect-Info                   Format String

    Name EAP-Message                    Format Binary

    Name Message-Authenticator          Format Binary

    Name Tunnel-Private-Group-Id        Format String

    Name Tunnel-Assignment-Id           Format String

    Name Tunnel-Preference              Format Ulong

    Name Acct-Interim-Interval          Format Ulong

    Name Tunnel-Packets-Lost            Format Ulong

    Name NAS-Port-Id                    Format String

    Name Tunnel-Client-Auth-ID          Format String

    Name Tunnel-Server-Auth-ID          Format String

    Name Framed-Interface-Id            Format Binary

    Name Framed-IPv6-Prefix             Format Binary

    Name login-ip-addr-host             Format Binary

    Name Framed-IPv6-Route              Format String

    Name Framed-IPv6-Pool               Format String

    Name Dynamic-Author-Error-Cause     Format Enum

Non Standard ATTRIBUTE LIST:

    Name Old-Password                   Format Binary

    Name Ascend-Filter-Required         Format Enum

    Name Ascend-Cache-Refresh           Format Enum

    Name Ascend-Cache-Time              Format Ulong

    Name Ascend-Auth-Type               Format Ulong

    Name Ascend-Redirect-Number         Format String

    Name Ascend-Private-Route           Format String

    Name Ascend-Shared-Profile-Enable   Format Boolean

    Name Ascend-Client-Primary-DNS      Format IPv4 Address

    Name Ascend-Client-Secondary-DNS    Format IPv4 Address

    Name Ascend-Client-Assign-DNS       Format Ulong

    Name Ascend-Session-Svr-Key         Format String

    Name Ascend-Multicast-Rate-Limit    Format Ulong

    Name Ascend-Multicast-Client        Format Ulong

    Name Ascend-Multilink-Session-ID    Format Ulong

    Name Ascend-Num-In-Multilink        Format Ulong

    Name Ascend-Presession-Octets-In    Format Ulong

    Name Ascend-Presession-Octets-Out   Format Ulong

    Name Ascend-Presession-Packets-In   Format Ulong

    Name Ascend-Presession-Packets-Out  Format Ulong

    Name Ascend-Max-Time                Format Ulong

    Name Ascend-Disconnect-Cause        Format Enum

    Name Ascend-Connection-Progress     Format Enum

    Name Ascend-Data-Rate               Format Ulong

    Name Ascend-Presession-Time         Format Ulong

    Name Ascend-Require-Auth            Format Ulong

    Name Ascend-PW-Liftime              Format Ulong

    Name Ascend-IP-Direct               Format IPv4 Address

    Name Ascend-PPP-VJ-Slot-Comp        Format Boolean

    Name Ascend-Asyncmap                Format Ulong

    Name Ascend-Send-Secret             Format Binary

    Name ascend_pool_definition         Format String

    Name Ascend-IP-Pool                 Format Ulong

    Name Ascend-Dial-Number             Format String

    Name Ascend-Route-IP                Format Boolean

    Name Ascend-Send-Auth               Format Enum

    Name Ascend-Link-Compression        Format Enum

    Name Ascend-Target-Util             Format Ulong

    Name Ascend-Max-Channels            Format Ulong

    Name Ascend-Data-Filter             Format Binary

    Name Ascend-Call-Filter             Format Binary

    Name Ascend-Idle-Limit              Format Ulong

    Name Ascend-Data-Service            Format Ulong

    Name Ascend-Force-56                Format Ulong

    Name Ascend-Xmit-Rate               Format Ulong

Cisco VSA ATTRIBUTE LIST:

    Name Cisco AVpair                   Format String

    Name cisco-nas-port                 Format String

    Name fax_account_id_origin          Format String

    Name fax_msg_id                     Format String

    Name fax_pages                      Format String

    Name fax_modem_time                 Format String

    Name fax_connect_speed              Format String

    Name fax_mdn_address                Format String

    Name fax_mdn_flag                   Format String

    Name fax_auth_status                Format String

    Name email_server_address           Format String

    Name email_server_ack_flag          Format String

    Name gateway_id                     Format String

    Name call_type                      Format String

    Name port_used                      Format String

    Name abort_cause                    Format String

    Name h323-remote-address            Format String

    Name Conf-Id                        Format String

    Name h323-setup-time                Format String

    Name h323-call-origin               Format String

    Name h323-call-type                 Format String

    Name h323-connect-time              Format String

    Name h323-disconnect-time           Format String

    Name h323-disconnect-cause          Format String

    Name h323-voice-quality             Format String

    Name h323-gw-id                     Format String

    Name Cisco AVpair                   Format Binary

    Name Cisco encrypted string vsa     Format String

    Name Sub_Policy_In                  Format String

    Name Sub_Policy_Out                 Format String

    Name h323-credit-amount             Format String

    Name h323-credit-time               Format String

    Name h323-return-code               Format String

    Name h323-prompt-id                 Format String

    Name h323-time-and-day              Format String

    Name h323-redirect-number           Format String

    Name h323-preferred-lang            Format String

    Name h323-redirect-ip-address       Format String

    Name h323-billing-model             Format String

    Name h323-currency                  Format String

    Name ssg-account-info               Format String

    Name ssg-service-info               Format String

    Name ssg-command-code               Format Binary

    Name ssg-control-info               Format String

Microsoft VSA ATTRIBUTE LIST:

    Name MS-CHAP-Response               Format Binary

    Name MS-CHAP-ERROR                  Format Binary

    Name MS-CHAP-CPW-1                  Format Binary

    Name MS-CHAP-CPW-2                  Format Binary

    Name MS-CHAP-LM-Enc-PW              Format Binary

    Name MS-CHAP-NT-Enc-PW              Format Binary

    Name MS-MPPE-Enc-Policy             Format Binary

    Name MS-MPPE-Enc-Type               Format Binary

    Name MS-RAS-Vendor                  Format String

    Name MS-CHAP-DOMAIN                 Format String

    Name MSCHAP_Challenge               Format Binary

    Name MS-CHAP-MPPE-Keys              Format Binary

    Name MS-BAP-Usage                   Format Binary

    Name MS-Link-Util-Thresh            Format Binary

    Name MS-Link-Drop-Time-Limit        Format Binary

    Name MS-MPPE-Send-Key               Format Binary

    Name MS-MPPE-Recv-Key               Format Binary

    Name MS-RAS-Version                 Format String

    Name MS-Old-ARAP-Password           Format Binary

    Name New-ARAP-Password              Format Binary

    Name MS-ARAP-PW-Change-Reason       Format Binary

    Name MS-Filter                      Format Binary

    Name MS-Acct-Auth-Type              Format Binary

    Name MS-MPPE-EAP-Type               Format Binary

    Name MS-CHAP-V2-Response            Format Binary

    Name MS-CHAP-V2-Success             Format String

    Name MS-CHAP-CPW-2                  Format Binary

    Name MS-Primary-DNS                 Format IPv4 Address

    Name MS-Secondary-DNS               Format IPv4 Address

    Name MS-1st-NBNS-Server             Format IPv4 Address

    Name MS-2nd-NBNS-Server             Format IPv4 Address

    Name MS-ARAP-Challenge              Format Binary

3GPP VSA ATTRIBUTE LIST:

    Name Charging-ID                    Format Ulong

    Name PDP Type                       Format Enum

    Name Charging-Gateway-Address       Format IPv4 Address

    Name GPRS-QoS-Profile               Format String

    Name SGSN-Address                   Format IPv4 Address

    Name GGSN-Address                   Format IPv4 Address

    Name IMSI-MCC-MNC                   Format String

    Name GGSN-MCC-MNC                   Format String

    Name NSAPI                          Format String

    Name Session-Stop-Ind               Format Binary

    Name Selection-Mode                 Format String

    Name Charging-Characteristics       Format String

3GPP2 VSA ATTRIBUTE LIST:

    Name cdma-reverse-tnl-spec          Format Ulong

    Name cdma-diff-svc-class-opt        Format Ulong

    Name cdma-container                 Format String

    Name cdma-ha-ip-addr                Format IPv4 Address

    Name cdma-pcf-ip-addr               Format IPv4 Address

    Name cdma-bs-msc-addr               Format String

    Name cdma-user-id                   Format Ulong

    Name cdma-forward-mux               Format Ulong

    Name cdma-reverse-mux               Format Ulong

    Name cdma-forward-rate              Format Ulong

    Name cdma-reverse-rate              Format Ulong

    Name cdma-service-option            Format Ulong

    Name cdma-forward-type              Format Ulong

    Name cdma-reverse-type              Format Ulong

    Name cdma-frame-size                Format Ulong

    Name cdma-forward-rc                Format Ulong

    Name cdma-reverse-rc                Format Ulong

    Name cdma-ip-tech                   Format Ulong

    Name cdma-comp-flag                 Format Enum

    Name cdma-reason-ind                Format Enum

    Name cdma-bad-frame-count           Format Ulong

    Name cdma-num-active                Format Ulong

    Name cdma-sdb-input-octets          Format Ulong

    Name cdma-sdb-output-octets         Format Ulong

    Name cdma-numsdb-input              Format Ulong

    Name cdma-numsdb-output             Format Ulong

    Name cdma-ip-qos                    Format Ulong

    Name cdma-airlink-qos               Format Ulong

    Name cdma-rp-session-id             Format Ulong

    Name cdma-hdlc-layer-bytes-in       Format Ulong

    Name cdma-correlation-id            Format String

    Name cdma-moip-inbound              Format Ulong

    Name cdma-moip-outbound             Format Ulong

    Name cdma-session-continue          Format Ulong

    Name cdma-active-time               Format Ulong

    Name cdma-frame-size                Format Ulong

    Name cdma-esn                       Format String

    Name cdma-mn-ha-spi                 Format Ulong

    Name cdma-mn-ha-shared-key          Format Binary

    Name cdma-sess-term-capability      Format Ulong

    Name cdma-disconnect-reason         Format Ulong

Verizon VSA ATTRIBUTE LIST:

    Name mip-key-data                   Format Binary

    Name aaa-authenticator              Format Binary

    Name public-key-invalid             Format Binary

Table 145 describes the significant fields shown in the display.

Table 147 show radius table attributes Field Descriptions 

Field	Description
User-Name	The name of the user on the system. The format is String.
User-Password	The password of the user on the system. The format is Binary.
CHAP-Password	Challenge Handshake Authentication Protocol (CHAP) password. The format is Binary.
NAS-IP-Address	Network-Attached Storage (NAS) IP address. The format is IPv4 Address.
NAS-Port	The RADIUS Attribute 5 (NAS-Port) format specified on a per-server group level. The format is Ulong.
Service-Type	Sets the service type. The format is Enum.
Framed-Protocol	Indicates the framing to be used for framed access. It may be used in both Access-Request and Access-Accept packets. The format is Enum.
Framed-IP-Address	Indicates the address to be configured for the user. It may be used in Access-Accept packets. The format is IPv4 Address.
Framed-IP-Netmask	Indicates the IP netmask to be configured for the user when the user is a router to a network. The format is IPv4 Address.
Framed-Routing	Indicates the routing method for the user when the user is a router to a network. The format is Ulong.
Filter-Id	To disable, enable, get, or set a filter, the filter ID must be valid. The format is Binary.
Framed-MTU	Indicates the maximum transmission unit to be configured for the user, when it is not negotiated by some other means (such as PPP). The format is Ulong.
Framed-Compression	Indicates a compression protocol to be used for the link. The format is Enum.
login-ip-addr-host	Indicates the host to which the user will connect when the Login-Service attribute is included. The format is IPv4 Address.
Login-Service	The Login-IP-Host AVP (AVP Code 14) is of type Address and contains the system with which to connect the user, when the Login-Service AVP is included. The format is Enum.
login-tcp-port	The Login-TCP-Port AVP (AVP Code 16) is of type Integer32 and contains the TCP port with which the user is to be connected, when the Login-Service AVP is also present. The format is Ulong.
Reply-Message	Indicates text that may be displayed to the user. The format is Binary.
Callback-Number	Indicates a dialing string to be used for callback. The format is String.
Framed-Route	Provides routing information to be configured for the user on the NAS. The format is String.
Framed-IPX-Network	The Framed-IPX-Network AVP (AVP Code 23) is of type Unsigned32, and contains the IPX Network number to be configured for the user. The format is Pv4 Address.
State	Is available to be sent by the server to the client in an Access-Challenge and must be sent unmodified from the client to the server in the new Access-Request reply to that challenge, if any. The format is Binary.
Class	Is available to be sent by the server to the client in an Access-Accept and should be sent unmodified by the client to the accounting server as part of the Accounting-Request packet if accounting is supported. The format is Binary.
Vendor-Specific	Is available to allow vendors to support their own extended attributes not suitable for general usage. The format is Binary.
Session-Timeout	Sets the maximum number of seconds of service to be provided to the user before termination of the session or prompt. The format is Ulong.
Idle-Timeout	Sets the maximum number of consecutive seconds of idle connection allowed to the user before termination of the session or prompt. The format is Ulong.
Termination-Action	Indicates what action the NAS should take when the specified service is completed. The format is Boolean.
Called-Station-Id	The Called-Station-Id AVP (AVP Code 30) is of type String and allows the NAS to send in the request the phone number that the user called, using Dialed Number Identification (DNIS) or a similar technology. The format is String.
Calling-Station-Id	The Calling-Station-Id AVP (AVP Code 31) is of type String and allows the NAS to send in the request the phone number that the call came from, using Automatic Number Identification (ANI) or a similar technology. The format is String.
Nas-Identifier	Contains a string identifying the NAS originating the access request. The format is String.
Acct-Status-Type	Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). The format is Enum.
Acct-Delay-Time	Indicates how many seconds the client has been trying to send this record for, and can be subtracted from the time of arrival on the server to find the approximate time of the event generating this Accounting-Request. (Network transit time is ignored.) The format is Ulong.
Acct-Input-Octets	Indicates how many octets have been received from the port over the course of this service being provided, and can only be present in Accounting-Request records where Acct-Status-Type is set to Stop. The format is Ulong.
Acct-Output-Octets	Indicates how many octets have been sent to the port in the course of delivering this service, and can only be present in Accounting-Request records where Acct-Status-Type is set to Stop. The format is Ulong.
Acct-Session-Id	Is a unique accounting ID to make it easy to match start and stop records in a log file. The format is String.
Acct-Authentic	Indicate how the user was authenticated, whether by Radius, the NAS itself, or another remote authentication protocol. It may be included in an Accounting-Request. The format is Enum.
Acct-Session-Time	Indicates how many seconds the user has received service for, and can only be present in Accounting-Request records where Acct-Status-Type is set to Stop. The format is Ulong.
Acct-Input-Packets	Indicates how many packets have been received from the port over the course of this service being provided to a framed user, and can only be present in Accounting-Request records where Acct-Status-Type is set to Stop. The format is Ulong.
Acct-Output-Packets	Indicates how many packets have been sent to the port in the course of delivering this service to a framed user, and can only be present in Accounting-Request records where Acct-Status-Type is set to Stop. The format is Ulong.
Acct-Terminate-Cause	Indicates how the session was terminated, and can only be present in Accounting-Request records where Acct-Status-Type is set to Stop. The format is Enum.
Multilink-Session-ID	Indicates the service to use to connect the user to the login host. It is only used in Access-Accept packets. The format is String.
Acct-Link-Count	Gives the count of links which are known to have been in a given multilink session at the time the accounting record is generated. The format is Ulong.
Acct-Input-Giga-Words	Indicates how many times the Acct-Input-Octets counter has wrapped around 2^32 over the course of this service being provided, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop or Interim-Update. The format is Ulong.
Acct-Output-Giga-Words	Indicates how many times the Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop or Interim-Update. The format is Ulong.
Event-Timestamp	Use to include the Event-Timestamp attribute in Acct-Start or Acct-Stop messages. The format is Ulong.
CHAP-Challenge	The CHAP is used to verify periodically the identity of the peer using a 3-way handshake. The format is Binary.
NAS-Port-Type	Indicates the physical port number of the NAS which is authenticating the user. The format is Enum.
Port-Limit	Sets the maximum number of ports to be provided to the user by the NAS. The format is Ulong.
Tunnel-Type	Indicates the tunneling protocol(s) to be used (in the case of a tunnel initiator) or the the tunneling protocol in use (in the case of a tunnel terminator). The format is Enum.
Tunnel-Medium-Type	Indicates which transport medium to use when creating a tunnel for those protocols (such as L2TP) that can operate over multiple transports. The format is Enum.
Tunnel-Client-Endpoint	Contains the address of the initiator end of the tunnel. The format is String.
Tunnel-Server-Endpoint	Indicates the address of the server end of the tunnel. The format is String.
Acct-Tunnel-Connection	Indicates the identifier assigned to the tunnel session. The format is String.
Tunnel-Password	Can contain a password to be used to authenticate to a remote server. The format is Binary.
Prompt	Used only in Access-Challenge packets, and indicates to the NAS whether it should echo the user's response as it is entered, or not echo it. The format is Enum.
Connect-Info	Is sent from the NAS to indicate the nature of the user's connection. The format is String.
EAP-Message	Encapsulates Extensible Authentication Protocol packets so as to allow the NAS to authenticate dial-in users via EAP without having to understand the protocol. The format is Binary.
Message-Authenticator	Can be used to authenticate and integrity-protect Access-Requests in order to prevent spoofing. The format is Binary.
Tunnel-Private-Group-Id	Indicates the group ID for a particular tunneled session. The format is String.
Tunnel-Assignment-Id	Used to indicate to the tunnel initiator the particular tunnel to which a session is to be assigned. The format is String.
Tunnel-Preference	Should be included in each set to indicate the relative preference assigned to each tunnel if more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator. The format is Ulong.
Acct-Interim-Interval	Indicates the number of seconds between each interim update in seconds for this specific session. The format is Ulong.
Tunnel-Packets-Lost	Indicates the number of packets lost on a given link. The format is Ulong.
NAS-Port-Id	Used to identify the IEEE 802.1X Authenticator port which authenticates the Supplicant. The format is String.
Tunnel-Client-Auth-ID	Specifies the name used by the tunnel initiator during the authentication phase of tunnel establishment. The format is String.
Tunnel-Server-Auth-ID	Specifies the name used by the tunnel terminator during the authentication phase of tunnel establishment. The format is String.
Framed-Interface-Id	Indicates the IPv6 interface identifier to be configured for the user. The format is Binary.
Framed-IPv6-Prefix	Indicates an IPv6 prefix (and corresponding route) to be configured for the user. The format is Binary.
Framed-IPv6-Route	Provides routing information to be configured for the user on the NAS. The format is String.
Framed-IPv6-Pool	Contains the name of an assigned pool that should be used to assign an IPv6 prefix for the user. The format is String.
Dynamic-Author-Error-Cause	Specifies the error causes associated with dynamic authorization. The format is Enum.
Old-Password	Is 16 octets in length. It contains the encrypted Lan Manager hash of the old password. The format is Binary.
Ascend-Filter-Required	Specifies whether the call should be permitted if the specified filter is not found. If present, this attribute will be applied after any authentication, authorization, and accounting (AAA) filter method-list. The format is Enum.
Ascend-Cache-Refresh	Specifies whether cache entries should be refreshed each time an entry is referenced by a new session. This attribute corresponds to the cache refresh command. The format is Enum.
Ascend-Cache-Time	Specifies the idle time out, in minutes, for cache entries. This attribute corresponds to the cache clear age command. The format is Ulong.
Ascend-Auth-Type	Indicates the type of name and password (PPP) authorization to use. The format Ulong.
Ascend-Redirect-Number	Indicates the original number in the information sent to the authentication server when the number dialed by a device is redirected to another number for authentication. The format is String.
Ascend-Private-Route	Specifies whether IP routing is allowed for the user profile. The format is String.
Ascend-Shared-Profile-Enable	Specifies whether multiple incoming callers can share a single RADIUS user profile. The format is Boolean.
Ascend-Client-Primary-DNS	Specifies a primary DNS server address to send to any client connecting to the MAX TNT. The format is IPv4 Address.
Ascend-Client-Secondary-DNS	Specifies a secondary DNS server address to send to any client connecting to the MAX TNT. The format is IPv4 Address.
Ascend-Client-Assign-DNS	Specifies whether or not the MAX TNT sends the Ascend-Client-Primary-DNS and Ascend-Client-Secondary-DNS values during connection negotiation. The format is Ulong.
Ascend-Session-Svr-Key	Specifies the session key that identifies the user session. You can specify up to 16 characters. The default value is null. The format is String.
Ascend-Multicast-Rate-Limit	Specifies how many seconds the MAX waits before accepting another packet from the multicast client. The format is Ulong.
Ascend-Multicast-Client	Specifies whether the user is a multicast client of the MAX. The format is Ulong.
Ascend-Multilink-Session-ID	Specifies the ID number of the Multilink bundle when the session closes. A Multilink bundle is a multichannel MP or MP+ call. The format is Ulong.
Ascend-Num-In-Multilink	Indicates the number of sessions remaining in a Multilink bundle when the session closes. A Multilink bundle is a multichannel MP or MP+ call. The format is Ulong.
Ascend-Presession-Octets-In	Reports the number of octets received before authentication. The value reflects only the data delivered by PPP or other encapsulation. It does not include the header or other protocol-dependent components of the packet. The format is Ulong.
Ascend-Presession-Octets-Out	Reports the number of octets transmitted before authentication. The value reflects only the data delivered by PPP or other encapsulation. It does not include the header or other protocol-dependent components of the packet. The format is Ulong.
Ascend-Presession-Packets-In	Reports the number of packets received before authentication. The packets are counted before the encapsulation is removed. The attribute's value does not include maintenance packets, such as keepalive or management packets. The format is Ulong.
Ascend-Presession-Packets-Out	Reports the number of packets transmitted before authentication. The packets are counted before the encapsulation is removed. The attribute's value does not include maintenance packets, such as keepalive or management packets. The format is Ulong.
Ascend-Max-Time	Specifies the maximum length of time in seconds that any session can remain online. Once a session reaches the time limit, its connection goes offline. The format is Ulong.
Ascend-Disconnect-Cause	Indicates the reason a connection went offline. The format is Enum.
Ascend-Connection-Progress	Indicates the state of the connection before it disconnects. The format is Enum.
Ascend-Data-Rate	Specifies the rate of data received on the connection in bits per second. The format is Ulong.
Ascend-Presession-Time	Reports the length of time in seconds from when a call connected to when it completes authentication. The format is Ulong.
Ascend-Require-Auth	Specifies whether the MAX TNT requires additional authentication after Calling-Line ID (CLID) or called-number authentication. The format is Ulong.
Ascend-PW-Liftime	Specifies the number of days that a password is valid. The format is Ulong.
Ascend-IP-Direct	Specifies the IP address to which the MAX TNT redirects packets from the user. When you include this attribute in a user profile, the MAX TNT bypasses all internal routing tables, and simply sends all packets it receives on the connection's WAN interface to the specified IP address. The format is IPv4 Address.
Ascend-PPP-VJ-Slot-Comp	Instructs the MAX TNT to not use slot compression when sending VJ-compressed packets. The format is Boolean.
Ascend-Asyncmap	The format is Ulong.
Ascend-Send-Secret	Specifies the password that the RADIUS server sends to the remote end of a connection on an outgoing call. It is encrypted when passed between the RADIUS server and the MAX TNT. The format is Binary.
Ascend_pool_definition	Specifies all the addresses in the pool. The format is String.
Ascend-IP-Pool	Specifies the first address in an IP address pool, as well as the number of addresses in the pool. The format is Ulong.
Ascend-Dial-Number	Specifies the phone number the MAX TNT dials to reach the router or node at the remote end of the link. The format is String.
Ascend-Route-IP	Specifies whether IP routing is allowed for the user profile. The format is Boolean.
Ascend-Send-Auth	Specifies the authentication protocol that the MAX TNT requests when initiating a PPP or MP+ connection. The answering side of the connection determines which authentication protocol, if any, the connection uses. The format is Enum.
Ascend-Link-Compression	Turns data compression on or off for a PPP link. The format is Enum.
Ascend-Target-Util	Specifies the percentage of bandwidth use at which the MAX TNT adds or subtracts bandwidth. The format is Ulong.
Ascend-Max-Channels	Specifies the maximum number of channels allowed on an MP+ call. The format is Ulong.
Ascend-Data-Filter	Specifies the characteristics of a data filter in a RADIUS user profile. The MAX TNT uses the filter only when it places or receives a call associated with the profile that includes the filter definition. The format is Binary.
Ascend-Call-Filter	Specifies the characteristics of a call filter in a RADIUS user profile. The MAX TNT uses the filter only when it places a call or receives a call associated with the profile that includes the filter definition. The format is Binary.
Ascend-Idle-Limit	Specifies the number of seconds the MAX TNT waits before clearing a call when a session is inactive. The format is Ulong.
Ascend-Data-Service	Specifies the type of data service the link uses for outgoing calls. The format is Ulong.
Ascend-Force-56	Indicates whether the MAX uses only the 56-kbps portion of a channel, even when all 64-kbps appear to be available. The format is Ulong.
Ascend-Xmit-Rate	Specifies the rate of data transmitted on the connection in bits per second. For ISDN calls, Ascend-Xmit-Rate indicates the transmit data rate. For analog calls, it indicates the modem baud rate at the time of the initial connection. The format is Ulong.
Cisco AVpair	The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. Cisco's vendor-ID is 9, and the supported option has vendor-type 1, which is named "cisco-avpair". The format is String.
cisco-nas-port	Enables the display of physical interface information and parent interface details as part of the of the cisco-nas-port vendor-specific attribute (VSA) for login calls. The format is String.
fax_account_id_origin	Indicates the account ID origin as defined by system administrator for the mmoip aaa receive-id or the mmoip aaa send-id command. The format is String.
fax_msg_id	Indicates a unique fax message identification number assigned by Store and Forward Fax. The format is String.
fax_pages	Indicates the number of pages transmitted or received during this fax session. This page count includes cover pages. The format is String.
fax_modem_time	Indicates the amount of time in seconds the modem sent fax data (x) and the amount of time in seconds of the total fax session (y), which includes both fax-mail and PSTN time, in the form x/y. For example, 10/15 means that the transfer time took 10 seconds, and the total fax session took 15 seconds. The format is String.
fax_connect_speed	Indicates the modem speed at which this fax-mail was initially transmitted or received. Possible values are 1200, 4800, 9600, and 14400. The format is String.
fax_mdn_address	Indicates the address to which message delivery notifications (MDNs) will be sent. The format is String.
fax_mdn_flag	Indicates whether or not MDNs has been enabled. True indicates that MDN had been enabled; false means that MDN had not been enabled. The format is String.
fax_auth_status	Indicates whether or not authentication for this fax session was successful. Possible values for this field are success, failed, bypassed, or unknown. The format is String.
email_server_address	Indicates the IP address of the e-mail server handling the on-ramp fax-mail message. The format is String.
email_server_ack_flag	Indicates that the on-ramp gateway has received a positive acknowledgment from the e-mail server accepting the fax-mail message. The format is String.
gateway_id	Indicates the name of the gateway that processed the fax session. The name appears in the following format: hostname.domain-name. The format is String.
call_type	Describes the type of fax activity: fax receive or fax send. The format is String.
port_used	Indicates the slot/port number of the Cisco AS5300 used to either transmit or receive this fax-mail. The format is String.
abort_cause	If the fax session aborts, indicates the system component that signaled the abort. Examples of system components that could trigger an abort are FAP (Fax Application Process), TIFF (the TIFF reader or the TIFF writer), fax-mail client, fax-mail server, ESMTP client, or ESMTP server. The format is String.
h323-remote-address	Indicates the IP address of the remote gateway. The format is String.
Conf-Id	Indicates a unique call identifier generated by the gateway. Used to identify the separate billable events (calls) within a single calling session. The format is String.
h323-setup-time	Indicates the setup time in NTP format: hour, minutes, seconds, microseconds, time_zone, day, month, day_of_month, year. The format is String.
h323-call-origin	Indicates the gateway's behavior in relation to the connection that is active for this leg. The format is String.
h323-call-type	Indicates the protocol type or family used on this leg of the call. The format is String.
h323-connect-time	Indicates the connect time in Network Time Protocol (NTP) format: hour, minutes, seconds, microseconds, time_zone, day, month, day_of_month, and year. The format is String.
h323-disconnect-time	Indicates the disconnect time in NTP format: hour, minutes, seconds, microseconds, time_zone, day, month, day_of_month, year. The format is String.
h323-disconnect-cause	Indicates the Q.931 disconnect cause code retrieved from CCAPI. The source of the code is the disconnect location such as a PSTN, terminating gateway, or SIP. The format is String.
h323-voice-quality	Indicates the ICPIF of the voice quality. The format is String.
h323-gw-id	Indicate the name of the tenor. The format is String.
Cisco AVpair	The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. Cisco's vendor-ID is 9, and the supported option has vendor-type 1, which is named "cisco-avpair". The format is String.
Cisco encrypted string vsa	Cisco allows several forms of sub-attribute encryption. The only method supported is the Cisco Encrypted String VSA Format also supported by an IETF draft for Salt-Encryption of RADIUS attributes. The format is String.
Sub_Policy_In	Defines the service policy input. The format is String.
Sub_Policy_Out	Defines the service policy output. The format is String.
h323-credit-amount	Indicates the amount of credit (in currency) that the account contains. The format is String.
h323-credit-time	Indicates the number of seconds for which the call is authorized. The format is String.
h323-return-code	Return codes are instructions from the RADIUS server to the voice gateway. The format is String.
h323-prompt-id	Indexes into an array that selects prompt files used at the gateway. The format is String.
h323-time-and-day	Indicates the time of day at the dialed number or at the remote gateway in the format: hour, minutes, seconds. The format is String.
h323-redirect-number	Indicates the phone number to which the call is redirected; for example, to a toll-free number or a customer service number. The format is String.
h323-preferred-lang	Indicates the language to use when playing the audio prompt specified by the h323-prompt-id. The format is String.
h323-redirect-ip-address	Indicates the IP address for an alternate or redirected call. The format is String.
h323-billing-model	Indicates the type of billing service for a specific call. The format is String.
h323-currency	Indicates the currency to use with h323-credit-amount. The format is String.
ssg-account-info	Subscribes the subscriber to the specified service and indicates that the subscriber should be automatically connected to this service after successful logon. The format is String.
ssg-service-info	SSG redirects the user's HTTP traffic to a server in the specified server group. All the service features (such as quality of service (QoS) and prepaid billing) are applied to the HTTP traffic. The format is String.
ssg-command-code	Specifies account logon and logoff, session query, and service activate and deactivate information. The format is Binary.
ssg-control-info	Indicates the control-info code for prepaid quota. The format is String.
MS-CHAP-Response	This attribute contains the response value provided by a PPP Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) user in response to the challenge. The format is Binary.
MS-CHAP-ERROR	Contains error data related to the preceding MS-CHAP exchange. The format is Binary.
MS-CHAP-CPW-1	Allows the user to change their password if it has expired. The format is Binary.
MS-CHAP-CPW-2	Allows the user to change their password if it has expired. The format is Binary.
MS-CHAP-LM-Enc-PW	Contains the new Windows NT password encrypted with the old LAN Manager password hash. The format is Binary.
MS-CHAP-NT-Enc-PW	Contains the new Windows NT password encrypted with the old Windows NT password hash. The format is Binary.
MS-MPPE-Enc-Policy	The MS-MPPE-Encryption-Policy attribute may be used to signify whether the use of encryption is allowed or required. The format is Binary.
MS-MPPE-Enc-Type	The MS-MPPE-Encryption-Types attribute is used to signify the types of encryption available for use with Microsoft Point-to-Point Encryption (MPPE). The format is Binary.
MS-RAS-Vendor	Used to indicate the manufacturer of the RADIUS client machine. The format is Binary.
MS-CHAP-DOMAIN	Indicates the Windows NT domain in which the user was authenticated. The format is Binary.
MSCHAP_Challenge	Contains the challenge sent by a NAS to a MS-CHAP user. The format is Binary.
MS-CHAP-MPPE-Keys	Contains two session keys for use by the MPPE. The format is Binary.
MS-BAP-Usage	Describes whether the use of Bandwidth Allocation Protocol (BAP) is allowed, disallowed or required on new multilink calls. The format is Binary.
MS-Link-Util-Thresh	Represents the percentage of available bandwidth utilization below which the link must fall before the link is eligible for termination. The format is Binary.
MS-Link-Drop-Time-Limit	Indicates the length of time (in seconds) that a link must be underutilized before it is dropped. The format is Binary.
MS-MPPE-Send-Key	Contains a session key for use by the MPPE. The format is Binary.
MS-MPPE-Recv-Key	Contains a session key for use by the MPPE. The format is Binary.
MS-RAS-Version	Used to indicate the version of the RADIUS client software. The format is Binary.
MS-Old-ARAP-Password	Used to transmit the old Apple Remote Access Protocol (ARAP) password during an ARAP password change operation. The format is Binary.
New-ARAP-Password	Used to transmit the new ARAP password during an ARAP password change operation. The format is Binary.
MS-ARAP-PW-Change-Reason	Used to indicate reason for a server-initiated password change. The format is Binary.
MS-Filter	Used to transmit traffic filters. The format is Binary.
MS-Acct-Auth-Type	Used to represent the method used to authenticate the dial-up user. The format is Binary.
MS-MPPE-EAP-Type	Used to represent the EAP type used to authenticate the dial-up user. The format is Binary.
MS-CHAP-V2-Response	This attribute is identical in format to the standard CHAP Response packet. The format is Binary.
MS-CHAP-V2-Success	Contains a 42-octet authenticator response string and must be included in the Message field packet sent from the NAS to the peer. The format is Binary.
MS-CHAP-CPW-2	Allows the user to change their password if it has expired. The format is Binary.
MS-Primary-DNS	Used to indicate the address of the primary DNS server to be used by the PPP peer. The format is IPv4 Address.
MS-Secondary-DNS	Used to indicate the address of the secondary DNS server to be used by the PPP peer. The format is IPv4 Address.
MS-1st-NBNS-Server	Used to indicate the address of the primary NetBIOS Name Server (NBNS) server to be used by the PPP peer. The format is IPv4 Address.
MS-2nd-NBNS-Server	Used to indicate the address of the secondary NBNS server to be used by the PPP peer. The format is IPv4 Address.
MS-ARAP-Challenge	Only present in an Access-Request packet containing a Framed-Protocol Attribute with the value 3 (ARAP). The format is Binary.
Charging-ID	Generated for each activated context. It is a unique four octet value generated by the GGSN when a PDP Context is activated. The format is Ulong.
PDP Type	Indicates the Packet Data Protocol (PDP) is to be used by the mobile for a certain service. The format is Enum.
Charging-Gateway-Address	The IP address of the recommended Charging Gateway Functionality to which the SGSN should transfer the Charging Detail Records (CDR) for this PDP Context. The format is IPv4 Address.
GPRS-QoS-Profile	Controls the QoS negotiated values. The format is String.
SGSN-Address	This is the IP address of the SGSN that is used by the GTP control plane for handling control messages. The format is IPv4 Address.
GGSN-Address	IP address of the GGSN that is used by the GTP control plane for the context establishment. This address is the same as the GGSN IP address used in G-CDRs. The format is IPv4 Address.
IMSI-MCC-MNC	The MCC and MNC extracted from the user's IMSI number (the first 5 or 6 digits depending on the IMSI). The format is String.
GGSN-MCC-MNC	The MCC and MNC of the network to which the GGSN belongs. The format is String.
NSAPI	Identifies a particular PDP context for the associated PDN and MSISDN/IMSI from creation to deletion. The format is String.
Session-Stop-Ind	Indicates to the AAA server that the last PDP context of a session is released and that the PDP session has been terminated. The format is Binary
Selection-Mode	Contains the selection mode for this PDP Context received in the Create PDP Context Request Message. The format is String.
Charging-Characteristics	Contains the charging characteristics for this PDP Context received in the Create PDP Context Request Message (only available in R99 and later releases). The format is String.
cdma-reverse-tnl-spec	Indicates the style of reverse tunneling that is required, and optionally appears in a RADIUS Access-Accept message. The format is Ulong.
cdma-diff-svc-class-opt	This attribute is deprecated and is replaced by the Allowed Differentiated Services Marking attribute. The Home RADIUS server authorizes differentiated services via the Differentiated Services Class Options attribute, and optionally appears in a RADIUS Access-Accept message. The format is Ulong.
cdma-container	Contains embedded 3GPP2 VSAs and/or RADIUS accounting attributes. The format is String.
cdma-ha-ip-addr	A Home Agent (HA) IP address used during a MIP session by the user as defined in IETF RFC 2002. The format is IPv4 Address.
cdma-pcf-ip-addr	The IP address of the serving PCF (the PCF in the serving RN). The format is IPv4 Address.
cdma-bs-msc-addr	The Base Station (BS) Mobile Switching Center (MSC) address. The format is String.
cdma-user-id	The name of the user on the system. The format is Ulong.
cdma-forward-mux	Forwards FCH multiplex option. The format is Ulong.
cdma-reverse-mux	Reverses FCH multiplex option. The format is Ulong.
cdma-forward-rate	The format and structure of the radio channel in the forward Dedicated Control Channel. A set of forward transmission formats that are characterized by data rates, modulation characterized, and spreading rates. The format is Ulong.
cdma-reverse-rate	The format and structure of the radio channel in the reverse Dedicated Control Channel. A set of reverse transmission formats that are characterized by data rates, modulation characterized, and spreading rates. The format is Ulong.
cdma-service-option	Code Division Multiple Access (CDMA) service option as received from the RN. The format is Ulong.
cdma-forward-type	Forward direction traffic type. It is either Primary or Secondary. The format is Ulong.
cdma-reverse-type	Reverse direction traffic type. It is either Primary or Secondary. The format is Ulong.
cdma-frame-size	Specifies the Fundamental Channel (FCH) frame size. The format is Ulong.
cdma-forward-rc	The format and structure of the radio channel in the forward FCH. A set of forward transmission formats that are characterized by data rates, modulation characterized, and spreading rates. The format is Ulong.
cdma-reverse-rc	The format and structure of the radio channel in the reverse FCH. A set of reverse transmission formats that are characterized by data rates, modulation characterized, and spreading rates. The format is Ulong.
cdma-ip-tech	Identifies the IP technology to use for the call: Simple IP or Mobile IP. The format is Ulong.
cdma-comp-flag	Indicates the type of compulsory tunnel. The format is Ulong.
cdma-reason-ind	Indicates the reasons for a stop record. The format is Ulong.
cdma-bad-frame-count	The total number of PPP frames from the MS dropped by the Packet Data Serving Node (PDSN) due to uncorrectable errors. The format is Ulong.
cdma-num-active	The number of active transitions. The format is Ulong.
cdma-sdb-input-octets	This is the Short Data Burst (SDB) octet count reported by the RN in the SDB Airlink Record. The format is Ulong.
cdma-sdb-output-octets	The SDB octet count reported by the RN in the SDB Airlink Record. The format is Ulong.
cdma-numsdb-input	The number of terminating SDBs. The format is Ulong.
cdma-numsdb-output	The number of originating SDBs. The format is Ulong.
cdma-ip-qos	Indicates the IP Quality of Service (QoS). The format is Ulong.
cdma-airlink-qos	Identifies Airlink Priority associated with the user. This is the user's priority associated with the packet data service. The format is Ulong.
cdma-rp-session-id	Identifies the resource reservation protocol type session identifier. The format is Ulong.
cdma-hdlc-layer-bytes-in	The count of all octets received in the reverse direction by the High-Level Data Link Control (HDLC) layer in the PDSN. The format is Ulong.
cdma-correlation-id	Indicates a unique accounting ID created by the Serving PDSN for each packet data session that allows multiple accounting events for each associated R-P connection or P-P connection to be correlated.The format is String.
cdma-moip-inbound	This is the total number of octets in registration requests and solicitations sent by the MS. The format is Ulong.
cdma-moip-outbound	This is the total number of octets in registration replies and agent advertisements, sent to the MS. The format is Ulong.
cdma-session-continue	This attribute when set to "true" means it is not the end of a Session and an Accounting Stop is immediately followed by an Account Start Record. "False" means end of a session. The format is Ulong.
cdma-active-time	The total active connection time on traffic channel in seconds. The format is Ulong.
cdma-frame-size	Specifies the FSH frame size. The format is Ulong.
cdma-esn	Indicates the Electronic Serial Number (ESN). The format is String.
cdma-mn-ha-spi	The SPI for the MN-HA shared key that optionally appears in a RADIUS Access-Request message. It is used to request an MN-HA shared key. The format is Ulong.
cdma-mn-ha-shared-key	A shared key for MN-HA that may appear in a RADIUS Access-Accept message. The MN-HA shared key is encrypted using a method based on the RSA Message Digest Algorithm MD5 [RFC 1321] as described in Section 3.5 of RFC 2868. The format is Binary.
cdma-sess-term-capability	The value shall be bitmap encoded rather than a raw integer. This attribute shall be included in a RADIUS Access-Request message to the Home RADIUS server and shall contain the value 3 to indicate that the PDSN and HA support both Dynamic authorization with RADIUS and Registration Revocation for Mobile IPv4. The attribute shall also be included in the RADIUS Access-Accept message and shall contain the preferred resource management mechanism by the home network, which shall be used for the session and may include values 1 to 3. The format is Ulong.
cdma-disconnect-reason	Indicates the reason for disconnecting the user. This attribute may be included in a RADIUS Disconnect-Request message from Home RADIUS server to the PDSN. The format is Ulong.
mip-key-data	This is the key data payload containing the encrypted MN_AAA key, MN_HA key, CHAP key, MN_Authenticator, and AAA_Authenticator. The format is Binary.
aaa-authenticator	This is the 64-bit AAA_Authenticator value decrypted by the Home RADIUS AAA Server. The format is Binary.
public-key-invalid	The home RADIUS AAA Server includes this attribute to indicate that the Public key used by the MN is not valid. The format is Binary.

Related Commands

Command	Description
show radius	Displays information about the RADIUS servers that are configured in the system.

show redundancy linecard-group

To display the components of a Blade Failure Group, use the show redundancy linecard-group command in privileged EXEC mode.

show redundancy linecard-group group-id

Syntax Description

group-id

Group ID.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(18)SXE2	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example shows the components of a Blade Failure Group:

Router# show redundancy linecard-group 1

Line Card Redundancy Group:1 Mode:feature-card

Class:load-sharing

Cards:

Slot:3 Subslot:0

Slot:5 Subslot:0

Related Commands

Command	Description
linecard-group feature card	Assigns a group ID to a Blade Failure Group.

show running-config

To display the contents of the current running configuration file or the configuration for a specific module, Layer 2 VLAN, class map, interface, map class, policy map, or virtual circuit (VC) class, use the show running-config command in user EXEC or privileged EXEC mode.

show running-config [options]

Syntax Description

options

(Optional) The following optional keywords can be entered with the show running-config command to customize the output according to your specific needs. Availability of these options varies by platform and Cisco IOS release. All options listed here may not be available on your specific platform and release. •all—Expands the output to include the commands that are configured with default parameters. If the all keyword is not used, the output does not display commands configured with default parameters. •brief—Displays the configuration without certification data. The brief keyword can be used with the linenum keyword. •class-map name [linenum]—Displays class map information. The linenum keyword can be used with the class-map name option. •full—Displays the full configuration. The full keyword can be used with the linenum keyword. •interface type number [linenum]—Displays interface-specific configuration information. If you use the interface keyword, you must specify the interface type and the interface number (for example, interface ethernet 0). Common interfaces include async, ethernet, fastEthernet, group-async, loopback, null, serial, and virtual-template. Use the show run interface ? command to determine the interfaces available on your system. The linenum keyword can be used with the interface type number option. •linenum—Displays line numbers in the output. The brief or full keyword can be used with the linenum keyword. The linenum keyword can be used with the class-map, interface, map-class, policy-map, and vc-class keywords. •map-class [linenum]—Displays map class information. This option is described separately; see the show running-config map-class command page. •policy-map name [linenum]—Displays policy map information. The linenum keyword can be used with the policy-map name option. •vc-class name [linenum]—Displays VC class information (display is available only on certain routers such as the Cisco 7500 series—display is not available on all platforms). The linenum keyword can be used with the vc-class name option. •view full—Enables the display of a full running configuration. This is for view-based users who typically can view only configuration commands that they are entitled to access for that particular view. •module number—Specifies the module number. •vlan vlan-id—Specifies the VLAN information to display; valid values are from 1 to 4094.

Command Default

The default syntax, show running-config, displays the contents of the running configuration file, except commands configured with default parameters.

Command Modes

User EXEC (>)
Privileged EXEC (#)

Command History

Release	Modification
11.0	This command was introduced.
12.0	This command was replaced by the more system:running-config command.
12.0(1)T	This command was integrated into Cisco IOS Release 12.0(1)T, and the output modifier (|) was added.
12.2(4)T	The linenum keyword was added.
12.3(8)T	The view full option was added.
12.2(14)SX	This command was integrated into Cisco IOS Release 12.2(14)SX. The module number and vlan vlan-id keywords and arguments were added for the Supervisor Engine 720.
12.2(17d)SXB	This command was integrated into Release 12.2(17d)SXB and implemented on the Supervisor Engine 2.
12.2(33)SXH	The all keyword was added.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2. This command was enhanced to display configuration information for traffic shaping overhead accounting for ATM and was implemented on the Cisco 10000 series router for the PRE3.
12.2(33)SRC	This command was integrated into Cisco IOS Release 12.2(33)SRC.
12.2(33)SB	Support for the Cisco 7300 series router was added.

Usage Guidelines

The show running-config command is technically a command alias (substitute or replacement syntax) of the more system:running-config command. Although more commands are recommended (due to their uniform structure across platforms and their expandable syntax), the show running-config command remains enabled to accommodate its widespread use, and to allow typing shortcuts such as show run.

The show running-config interface command is useful when there are multiple interfaces and you want to look at the configuration of a specific interface.

The linenum keyword causes line numbers to be displayed in the output. This option is useful for identifying a particular portion of a very large configuration.

You can enter additional output modifiers in the command syntax by including a pipe character (|) after the optional keyword. For example, show running-config interface serial 2/1 linenum | begin 3. To display output modifiers that are available for a keyword, enter | ? after the keyword.

Prior to Cisco IOS Release 12.2(33)SXH, show running-config command output omitted configuration commands set with default values. Effective with Release 12.2(33)SXH, the show running-config all command displays more complete configuration information, including default settings and values. For example, if the Cisco Discovery Protocol (abbreviated as CDP in the output) holdtime value is set to its default of 180:

•The show running-config command does not display this value.

•The show running-config all displays this output: cdp holdtime 180.

If the Cisco Discovery Protocol holdtime is changed to a nondefault value (for example, 100), the output of the show running-config and show running-config all commands is the same; that is, the configured parameter is displayed.

---

Note In Release 12.2(33)SXH, implementation of the all keyword expands the output to include some of the commands that are configured with default values. In subsequent Cisco IOS releases, additional configuration commands that are configured with default values will be added to the output of the show running-config all command.

---

Cisco 7600 Series Router

In some cases, you might see a difference in the duplex mode that is displayed between the show interfaces command and the show running-config command. The duplex mode that is displayed in the show interfaces command is the actual duplex mode that the interface is running. The show interfaces command displays the operating mode for an interface, and the show running-config command displays the configured mode for an interface.

The show running-config command output for an interface might display the duplex mode but no configuration for the speed. This output indicates that the interface speed is configured as auto and that the duplex mode shown becomes the operational setting once the speed is configured to something other than auto. With this configuration, it is possible that the operating duplex mode for that interface does not match the duplex mode that is displayed with the show running-config command.

Examples

The following example shows the configuration for serial interface 1:

Router# show running-config interface serial 1

Building configuration...

Current configuration:

!

interface Serial1

 no ip address

 no ip directed-broadcast

 no ip route-cache

 no ip mroute-cache

 shutdown

end

The following example shows the configuration for Ethernet interface 0/0. Line numbers are displayed in the output.

Router# show running-config interface ethernet 0/0 linenum

Building configuration...

Current configuration : 104 bytes

 1 : !

 2 : interface Ethernet0/0

 3 :  ip address 10.4.2.63 255.255.255.0

 4 :  no ip route-cache

 5 :  no ip mroute-cache

 6 : end 

The following example shows how to set line numbers in the command output and then use the output modifier to start the display at line 10:

Router# show running-config linenum | begin 10 

   10 : boot-start-marker

   11 : boot-end-marker

   12 : !

   13 : no logging buffered

   14 : enable password #####

   15 : !

   16 : spe 1/0 1/7

   17 :  firmware location bootflash:mica-modem-pw.172.16.0.0.bin

   18 : !

   19 : !

   20 : resource-pool disable

   21 : !

   22 : no aaa new-model

   23 : ip subnet-zero

   24 : ip domain name cisco.com

   25 : ip name-server 172.16.11.48

   26 : ip name-server 172.16.2.133

   27 : !

   28 : !

   29 : isdn switch-type primary-5ess

   30 : !

   .

   .

   .

   126 : end 

The following example shows how to display the module and status configuration for all modules on a Cisco 7600 series router:

Router# show running-config

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Router

!

boot buffersize 126968

boot system flash slot0:7600r

boot bootldr bootflash:c6msfc-boot-mz.120-6.5T.XE1.0.83.bin

enable password lab

!

clock timezone Pacific -8

clock summer-time Daylight recurring

redundancy

 main-cpu

  auto-sync standard

!                                       

ip subnet-zero

!

ip multicast-routing

ip dvmrp route-limit 20000

ip cef

mls flow ip destination

mls flow ipx destination

cns event-service server

!

spanning-tree portfast bpdu-guard

spanning-tree uplinkfast

spanning-tree vlan 200 forward-time 21

port-channel load-balance sdip

!

!

!

 shutdown

!

!

.

.

.

In the following sample output from the show running-config command, the shape average command indicates that traffic shaping overhead accounting for ATM is enabled. The BRAS-DSLAM encapsulation type is qinq and the subscriber line encapsulation type is snap-rbe based on the AAL5 service.

Router# show running-config

.

.

.

subscriber policy recording rules limit 64

no mpls traffic-eng auto-bw timers frequency 0

call rsvp-sync

!

controller T1 2/0

framing sf

linecode ami

!

controller T1 2/1

framing sf

linecode ami

!

!

policy-map unit-test

class class-default

shape average percent 10 account qinq aal5 snap-rbe 

!

Related Commands

Command	Description
bandwidth	Specifies or modifies the bandwidth allocated for a class belonging to a policy map, and enables ATM overhead accounting.
boot config	Specifies the device and filename of the configuration file from which the router configures itself during initialization (startup).
configure terminal	Enters global configuration mode.
copy running-config startup-config	Copies the running configuration to the startup configuration. (Command alias for the copy system:running-config nvram:startup-config command.)
shape	Shapes traffic to the indicated bit rate according to the algorithm specified, and enables ATM overhead accounting.
show interfaces	Displays statistics for all interfaces configured on the router or access server.
show policy-map	Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps, and displays ATM overhead accounting information, if configured.
show startup-config	Displays the contents of NVRAM (if present and valid) or displays the configuration file pointed to by the CONFIG_FILE environment variable. (Command alias for the more:nvram startup-config command.)

show running-config vrf

To display the subset of the running configuration of a router that is linked to a specific Virtual Private Network (VPN) routing and forwarding (VRF) instance or to all VRFs configured on the router, use the show running-config vrf command in user EXEC or privileged EXEC mode.

show running-config vrf [vrf-name]

Syntax Description

vrf-name

(Optional) Name of the VRF configuration that you want to display.

Command Default

If you do not specify a vrf-name argument, the running configurations of all VRFs on the router are displayed.

Command Modes

User EXEC (>)
Privileged EXEC (#)

Command History

Release	Modification
12.2(28)SB	This command was introduced.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T.

Usage Guidelines

Use the show running-config vrf command to display a specific VRF configuration or to display all VRF configurations on the router. To display the configuration of a specific VRF, enter the name of the VRF as an argument to the command.

This command displays the following elements of the VRF configuration:

•The VRF submode configuration

•The routing protocol and static routing configurations associated with the VRF

•The configuration of the interfaces in the VRF, which includes the configuration of any owning controller and physical interface for a subinterface

Examples

The following is sample output from the show running-config vrf command. It includes a base VRF configuration for VRF vpn3 and Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF) configurations associated with VRF vpn3.

Router# show running-config vrf vpn3

Building configuration...

Current configuration : 604 bytes

ip vrf vpn3

 rd 100:3

 route-target export 100:3

 route-target import 100:3

!

!

interface Loopback1

 ip vrf forwarding vpn3

 ip address 10.43.43.43 255.255.255.255

!

interface Ethernet6/0

 ip vrf forwarding vpn3

 ip address 172.17.0.1 255.0.0.0

 no ip redirects

 duplex half

!

router bgp 100

!

address-family ipv4 vrf vpn3

 redistribute connected

 redistribute ospf 101 match external 1 external 2

 no auto-summary

 no synchronization

 exit-address-family

 !

router ospf 101 vrf vpn3

 log-adjacency-changes

 area 1 sham-link 10.43.43.43 10.23.23.23 cost 10

 network 172.17.0.0 0.255.255.255 area 1

!

end

Table 148 describes the significant fields shown in the display.

Table 148 show running-config vrf Field Descriptions 

Field	Description
Current configuration: 604 bytes	Number of bytes (604) in the VRF vpn3 configuration.
ip vrf vpn3	Name of the VRF (vpn3) for which the configuration is displayed.
rd 100:3	Identifies the route distinguisher (100:3) for VRF vpn3.
route-target export 100:3 route-target import 100:3	Specifies the route-target extended community for VRF vpn3. •Routes tagged with route-target export 100:3 are exported from VRF vpn3. •Routes tagged with the route-target import 100:3 are imported into VRF vpn3.
interface Loopback1	Virtual interface associated with VRF vpn3.
ip vrf forwarding vpn3	Associates VRF vpn3 with the named interface.
ip address 10.43.43.43 255.255.255.255	IP address of the loopback interface.
interface Ethernet6/0	Interface associated with VRF vpn3.
ip address 172.17.0.1 255.0.0.0	IP address of the Ethernet interface.
router bgp 100	Sets up a BGP routing process for the router with autonomous system number 100.
address-family ipv4 vrf vpn3	Sets up a routing session for VRF vpn3 using standard IP Version 4 address prefixes.
redistribute connected	Redistributes routes automatically established by IP on an interface into the BGP routing domain.
redistribute ospf 101 match external 1 external 2	Redistribute routes from the OSPF 101 routing domain into the BGP routing domain.
router ospf 101 vrf vpn3	Set up an OSPF routing process and associates VRF vpn3 with OSPF VRF processes.
area 1 sham-link 10.43.43.43 10.23.23.23 cost 10	Configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) VPN backbone. •1 is the ID number of the OSPF area assigned to the sham-link. •10.43.43.43 is the IP address of the source PE router. •10.23.23.23 is the IP address of the destination PE router. •10 is the OSPF cost to send IP packets over the sham-link interface.
network 172.17.0.0 0.255.255.255 area 1	Defines the interfaces on which OSPF runs and defines the area ID for those interfaces.

Related Commands

Command	Description
ip vrf	Configures a VRF routing table.
show ip interface	Displays the usability status of interfaces configured for IP.
show ip vrf	Displays the set of defined VRFs and associated interfaces.
show running-config interface	Displays the configuration for a specific interface.

show secure bootset

To display the status of Cisco IOS image and configuration resilience, use the show secure bootset command in privileged EXEC mode.

show secure bootset

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(8)T	This command was introduced.

Usage Guidelines

Use the show secure bootset command instead of the dir command, the Cisco IOS directory listing command, to verify the existence of an image archive. This command will also display output that shows whether the image or configuration archive is ready for upgrade.

Examples

The following is self-explanatory sample output from the show secure bootset command:

Router# show secure bootset

%IOS image and configuration resilience is not active

Router# show secure bootset

IOS resilience router id JMX0704L5GH

IOS image resilience version 12.3 activated at 08:16:51 UTC Sun Jun 16 2002

Secure archive slot0:c3745-js2-mz type is image (elf) []

  file size is 25469248 bytes, run size is 25634900 bytes

  Runnable image, entry point 0x80008000, run from ram

IOS configuration resilience version 12.3 activated at 08:17:02 UTC Sun Jun 16 2002

Secure archive slot0:.runcfg-20020616-081702.ar type is config

configuration archive size 1059 bytes

Related Commands

Command	Description
dir	Displays a list of files on a file system.
secure boot-config	Saves a secure copy of the router running configuration in persistent storage.
secure boot-image	Enables Cisco IOS image resilience.

show snmp mib nhrp status

To display status information about the Next Hop Resolution Protocol (NHRP) MIB, use the show snmp mib nhrp status command in privileged EXEC mode.

show snmp mib nhrp status

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.

Usage Guidelines

This command is used to display the status of the MIB for NHRP and whether the NHRP MIB is enabled or disabled.

Examples

The following output is from the show snmp mib nhrp status command:

Spoke_103# show snmp mib nhrp status 

NHRP-SNMP Agent Feature: Enabled

NHRP-SNMP Tree State: Good

ListEnqueue Count = 0 Node Malloc Counts = 1

Spoke_103#

Table 1 describes the significant fields shown in the display.

Table 149 show snmp mib nhrp status Field Descriptions 

Field	Description
NHRP-SNMP Agent Feature:	Shows the status of the NHRP MIB. "Enabled" indicates that the NHRP MIB is enabled. If the NHRP MIB was disabled, it would display "Disabled".
ListEnqueue Count	Indicates how many nodes have been queued for freeing.
Node Malloc Counts	Indicates how many nodes are allocated.

Related Commands

Command	Description
show snmp mib	Displays a list of the MIB OIDs registered on the system.

show ssh

To display the status of Secure Shell (SSH) server connections, use the show ssh command in privileged EXEC mode.

show ssh

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(5)T	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use the show ssh command to display the status of the SSH connections on your router. This command does not display any SSH configuration data; use the show ip ssh command for SSH configuration information such as timeouts and retries.

Examples

The following is sample output from the show ssh command with SSH enabled:

Router# show ssh

Connection     Version      Encryption     State              Username

0              1.5          3DES           Session Started    guest

The following is sample output from the show ssh command with SSH disabled:

Router# show ssh

%No SSH server connections running.

Related Commands

Command	Description
show ip ssh	Displays the version and configuration data for SSH.

show ssl-proxy module state

To display the spanning-tree state for the specified VLAN, enter the show ssl-proxy module state command in EXEC mode.

show ssl-proxy module mod state

Syntax Description

mod	Module number.

Defaults

This command has no default settings.

Command Modes

EXEC

Command History

Release	Modification
12.2(18)SXD	Support for this command was introduced on the Supervisor Engine 720.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is supported on Cisco 7600 series routers that are configured with a Secure Sockets Layer (SSL) Services Module only.

Examples

This example shows how to verify that the VLAN information displayed matches the VLAN configuration:

Router# show ssl-proxy module 6 state

SSL-services module 6 data-port:

 Switchport:Enabled

Administrative Mode:trunk

Operational Mode:trunk

Administrative Trunking Encapsulation:dot1q

Operational Trunking Encapsulation:dot1q

Negotiation of Trunking:Off

Access Mode VLAN:1 (default)

Trunking Native Mode VLAN:1 (default)

Trunking VLANs Enabled:100

Pruning VLANs Enabled:2-1001

Vlans allowed on trunk:100

Vlans allowed and active in management domain:100

Vlans in spanning tree forwarding state and not pruned:

100

Allowed-vlan :100 

Router#

Related Commands

Command	Description
ssl-proxy module allowed-vlan	Adds the VLANs allowed over the trunk to the SSL Services Module.

show tacacs

To display statistics for a TACACS+ server, use the show tacacs command in EXEC mode.

show tacacs

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
11.2	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example is sample output for the show tacacs command:

Router# show tacacs 

Tacacs+ Server            : 172.19.192.80/49

              Socket opens:          3

             Socket closes:          3

             Socket aborts:          0

             Socket errors:          0

           Socket Timeouts:          0

   Failed Connect Attempts:          0

        Total Packets Sent:          7

        Total Packets Recv:          7

          Expected Replies:          0

  No current connection

Table 150 describes the significant fields shown in the display.

Table 150 show tacacs Field Descriptions 

Field	Description
Tacacs+ Server	IP address of the TACACS+ server.
Socket opens	Number of successful TCP socket connections to the TACACS+ server.
Socket closes	Number of successfully closed TCP socket attempts.
Socket aborts	Number of premature TCP socket closures to the TACACS+ server; that is, the peer did not wait for a reply from the server after a the peer sent its request.
Socket errors	Any other socket read or write errors, such as incorrect packet format and length.
Failed Connect Attempts	Number of failed TCP socket connections to the TACACS+ server.
Total Packets Sent	Number of packets sent to the TACACS+ server.
Total Packets Recv	Number of packets received from the TACACS+ server.
Expected replies	Number of outstanding replies from the TACACS+ server.

Related Commands

Command	Description
tacacs-server host	Specifies a TACACS+ host.

show tcp intercept connections

To display TCP incomplete and established connections, use the show tcp intercept connections command in EXEC mode.

show tcp intercept connections

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
11.2 F	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use the show tcp intercept connections command to display TCP incomplete and established connections.

Examples

The following is sample output from the show tcp intercept connections command:

Router# show tcp intercept connections 

Incomplete:

Client                Server                State    Create   Timeout  Mode

172.19.160.17:58190   10.1.1.30:23          SYNRCVD  00:00:09 00:00:05 I

172.19.160.17:57934   10.1.1.30:23          SYNRCVD  00:00:09 00:00:05 I

Established:

Client                Server                State    Create   Timeout  Mode

172.16.232.23:1045    10.1.1.30:23          ESTAB    00:00:08 23:59:54 I

Table 151 describes significant fields shown in the display.

Table 151 show tcp intercept connections Field Descriptions 

Field	Description
Incomplete:	Rows of information under "Incomplete" indicate connections that are not yet established.
Client	IP address and port of the client.
Server	IP address and port of the server being protected by TCP intercept.
State	SYNRCVD—establishing with client. SYNSENT—establishing with server. ESTAB—established with both, passing data.
Create	Hours:minutes:seconds since the connection was created.
Timeout	Hours:minutes:seconds until the retransmission timeout.
Mode	I—intercept mode. W—watch mode.
Established:	Rows of information under "Established" indicate connections that are established. The fields are the same as those under "Incomplete" except for the Timeout field described below.
Timeout	Hours:minutes:seconds until the connection will timeout, unless the software sees a FIN exchange, in which case this indicates the hours:minutes:seconds until the FIN or RESET timeout.

Related Commands

Command	Description
ip tcp intercept connection-timeout	Changes how long a TCP connection will be managed by the TCP intercept after no activity.
ip tcp intercept finrst-timeout	Changes how long after receipt of a reset or FIN-exchange the software ceases to manage the connection.
ip tcp intercept list	Enables TCP intercept.
show tcp intercept statistics	Displays TCP intercept statistics.

show tcp intercept statistics

To display TCP intercept statistics, use the show tcp intercept statistics command in EXEC mode.

show tcp intercept statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
11.2 F	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use the show tcp intercept statistics command to display TCP intercept statistics.

Examples

The following is sample output from the show tcp intercept statistics command:

Router# show tcp intercept statistics

intercepting new connections using access-list 101

2 incomplete, 1 established connections (total 3)

1 minute connection request rate 2 requests/sec

Related Commands

Command	Description
ip tcp intercept connection-timeout	Changes how long a TCP connection will be managed by the TCP intercept after no activity.
ip tcp intercept finrst-timeout	Changes how long after receipt of a reset or FIN-exchange the software ceases to manage the connection.
ip tcp intercept list	Enables TCP intercept.
show tcp intercept connections	Displays TCP incomplete and established connections.

show tech-support

To display general information about the router when it reports a problem, use the show tech-support command in privileged EXEC mode.

show tech-support [page] [password] [cef | ipc | ipmulticast [vrf vrf-name] | isis | mpls | ospf [process-id | detail] | rsvp]

Cisco 7600 Series

show tech-support [cef | ipmulticast [vrf vrf-name] | isis | password [page] | platform | page | rsvp]

Syntax Description

page	(Optional) Causes the output to display a page of information at a time.
password	(Optional) Leaves passwords and other security information in the output.
cef	(Optional) Displays show command output specific to Cisco Express Forwarding.
ipc	(Optional) Displays show command output specific to Inter-Process Communication (IPC).
ipmulticast	(Optional) Displays show command output related to the IP Multicast configuration, including Protocol Independent Multicast (PIM) information, Internet Group Management Protocol (IGMP) information, and Distance Vector Multicast Routing Protocol (DVMRP) information.
vrf vrf-name	(Optional) Specifies a multicast Virtual Private Network (VPN) routing and forwarding instance (VRF).
isis	(Optional) Displays show command output specific to Connectionless Network Service (CLNS) and Intermediate System-to-Intermediate System Protocol (IS-IS).
mpls	(Optional) Displays show command output specific to Multiprotocol Label Switching (MPLS) forwarding and applications.
ospf [process-id | detail]	(Optional) Displays show command output specific to Open Shortest Path First Protocol (OSPF) networking.
rsvp	(Optional) Displays show command output specific to Resource Reservation Protocol (RSVP) networking.
platform	(Optional) Displays platform-specific show command output.

Defaults

The output scrolls without page breaks.
Passwords and other security information are removed from the output.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
11.2	This command was introduced.
11.3(7), 11.2(16)	The output for this command was expanded to show additional information for boot, bootflash, context, and traffic for all enabled protocols.
12.0	The output for this command was expanded to show additional information for boot, bootflash, context, and traffic for all enabled protocols. The cef, ipmulticast, isis, mlps, and ospf keywords were added to this command.
12.2(13)T	Support for AppleTalk EIGRP, Apollo Domain, Banyan VINES, Novell Link-State Protocol, and XNS was removed from Cisco IOS software.
12.2(14)SX	Support for this command was added for the Supervisor Engine 720.
12.3(4)T	The output of this command was expanded to include the output from the show inventory command.
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(30)S	The show tech-support ipmulticast command was changed as follows: •Support for bidirectional PIM and Multicast VPN (MVPN) was added. •The vrf vrf-name option was added. The output of the show tech-support ipmulticast command (without the vrf vrf-name keyword and argument) was changed to include the output from these commands: •show ip pim int df •show ip pim mdt •show ip pim mdt bgp •show ip pim rp metric
12.3(16)	This command was integrated into Cisco IOS Release 12.3(16).
12.2(18)SXF	The show tech-support ipmulticast command was changed as follows: •Support for bidirectional PIM and MVPN was added. •The vrf vrf-name option was added. The output of the show tech-support ipmulticast vrf command was changed to include the output from these commands: •show mls ip multicast rp-mapping gm-cache •show mmls gc process •show mmls msc rpdf-cache The output of the show tech-support ipmulticast command (without the vrf vrf-name keyword and argument) was changed to include the output from these commands: •show ip pim int df •show ip pim mdt •show ip pim mdt bgp •show ip pim rp metric Support to interrupt and terminate the show tech-support output was added.
12.4(4)T	This command was integrated into Cisco IOS Release 12.4(4)T.
12.4(7)	This command was integrated into Cisco IOS Release 12.4(7).
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(9)T	The output of this command was expanded to include partial show dmvpn details command output.

Usage Guidelines

To interrupt and terminate the show tech-support output, simultaneously press and release the CTRL, ALT, and 6 keys.

Press the Return key to display the next line of output, or press the Spacebar to display the next page of information. If you do not enter the page keyword, the output scrolls (that is, it does not stop for page breaks).

If you do not enter the password keyword, passwords and other security-sensitive information in the output are replaced with the label "<removed>."

The show tech-support command is useful for collecting a large amount of information about your routing device for troubleshooting purposes. The output of this command can be provided to technical support representatives when reporting a problem.

---

Note This command can generate a very large amount of output. You may want to redirect the output to a file using the show inventory | redirect url command syntax extension. Redirecting the output to a file also makes sending this output to your technical support representative easier. See the command documentation for show <command> | redirect for more information on this option.

---

The show tech-support command displays the output of a number of show commands at once. The output from this command varies depending on your platform and configuration. For example, access servers display voice-related show command output. Additionally, the show protocol traffic commands are displayed for only the protocols enabled on your device. For a sample display of the output of the show tech-support command, see the individual show command listed.

If you enter the show tech-support command without arguments, the output displays, but is not limited to, the equivalent of these show commands:

•show appletalk traffic

•show bootflash

•show bootvar

•show buffers

•show cdp neighbors

•show cef

•show clns traffic

•show context

•show controllers

•show decnet traffic

•show disk0: all

•show dmvpn details

•show environment

•show fabric channel-counters

•show file systems

•show interfaces

•show interfaces switchport

•show interfaces trunk

•show ip interface

•show ip traffic

•show logging

•show mac-address-table

•show module

•show power

•show processes cpu

•show processes memory

•show running-config

•show spanning-tree

•show stacks

•show version

•show vlan

---

Note Crypto information is not duplicated by the show dmvpn details command output.

---

If you enter the show tech-support command on a virtual switch (VS), the output displays the output of the show module command and the show power command for both the active and standby switches.

Use of the optional cef, ipc, ipmulticast, isis, mpls, ospf, or rsvp keywords provides a way to display a number of show commands specific to a particular protocol or process in addition to the show commands listed previously.

For example, if your Technical Assistance Center (TAC) support representative suspects that you may have a problem in your Cisco Express Forwarding (CEF) configuration, you may be asked to provide the output of the show tech-support cef command. The show tech-support [page] [password] cef command will display the output from the following commands in addition to the output for the standard show tech-support command:

•show adjacency summary

•show cef drop

•show cef events

•show cef interface

•show cef not-cef-switched

•show cef timers

•show interfaces stats

•show ip cef events summary

•show ip cef inconsistency records detail

•show ip cef summary

If you enter the ipmulticast keyword, the output displays, but is not limited to, these show commands:

•show ip dvmrp route

•show ip igmp groups

•show ip igmp interface

•show ip mcache

•show ip mroute

•show ip mroute count

•show ip pim interface

•show ip pim interface count

•show ip pim interface df

•show ip pim mdt

•show ip pim mdt bgp

•show ip pim neighbor

•show ip pim rp

•show ip pim rp metric

•show mls ip multicast rp-mapping gm-cache

•show mmls gc process

•show mmls msc rpdf-cache

Examples

For a sample display of the output from the show tech-support command, refer to the documentation for the show commands listed in the "Usage Guidelines" section.

Related Commands

Command	Description
dir	Displays a list of files on a file system.
show appletalk traffic	Displays statistics about AppleTalk traffic, including MAC IP traffic.
show bootflash	Displays the contents of boot flash memory.
show bootvar	Displays the contents of the BOOT environment variable, the name of the configuration file pointed to by the CONFIG_FILE environment variable, the contents of the BOOTLDR environment variable, and the configuration register setting.
show buffers	Displays statistics for the buffer pools on the network server.
show cdp neighbors	Displays detailed information about neighboring devices discovered using Cisco Discovery Protocol.
show cef	Displays information about packets forwarded by Cisco Express Forwarding.
show clns traffic	Displays a list of the CLNS packets this router has seen.
show <command> | redirect	Redirects the output of any show command to a file.
show context	Displays context data.
show controllers	Displays information that is specific to the hardware.
show controllers tech-support	Displays general information about a VIP card for problem reporting.
show decnet traffic	Displays the DECnet traffic statistics (including datagrams sent, received, and forwarded).
show disk:0	Displays flash or file system information for a disk located in slot 0:
show dmvpn details	Displays detail DMVPN information for each session, including Next Hop Server (NHS) and NHS status, crypto session information, and socket details.
show environment	Displays temperature, voltage, and blower information on the Cisco 7000 series routers, Cisco 7200 series routers, Cisco 7500 series routers, Cisco 7600 series routers, Cisco AS5300 series access servers, and the Gigabit Switch Router.
show fabric channel counters	Displays the fabric channel counters for a module.
show file system	Lists available file systems.
show interfaces	Displays statistics for all interfaces configured on the router or access server.
show interfaces switchport	Displays the administrative and operational status of a switching (nonrouting) port.
show interfaces trunk	Displays the interface-trunk information.
show inventory	Displays the product inventory listing and UDI of all Cisco products installed in the networking device.
show ip interface	Displays the usability status of interfaces configured for IP.
show ip traffic	Displays statistics about IP traffic.
show logging	Displays the state of syslog and the contents of the standard system logging buffer.
show mac-address table	Displays the MAC address table.
show module	Displays module status and information.
show power	Displays the current power status of system components.
show processes cpu	Displays information about the active processes.
show processes memory	Displays the amount of memory used.
show running-config	Displays the current configuration of your routing device.
show spanning-tree	Displays information about the spanning tree state.
show stacks	Displays the stack usage of processes and interrupt routines.
show version	Displays the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images.
show vlan	Displays VLAN information.

show tech-support ipsec

To display IP Security (IPsec) information to assist in troubleshooting, use the show tech-support ipsec command in privileged EXEC mode.

show tech-support ipsec [peer ipv4address | vrf vrf-name]

Syntax Description

peer ipv4address	(Optional) Displays information for the specified IPv4 peer.
vrf vrf-name	(Optional) Displays information for the specified Virtual Private Network (VPN) routing and forwarding (VRF) instance.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
Cisco IOS XE Release 2.4	This command was implemented on the Cisco ASR 1000 series routers.

Usage Guidelines

The show tech-support ipsec simplifies the collection of the IPsec related information if you are troubleshooting a problem. There are three variations of the show tech-support ipsec command:

•show tech-support ipsec

•show tech-support ipsec peer ipv4address

•show tech-support ipsec vrf vrf-name

Output of the show tech-support ipsec Command

If you enter the show tech-support ipsec command without any keywords, the command output displays the following show commands, in order of output:

•show version

•show running-config

•show crypto isakmp sa count

•show crypto ipsec sa count

•show crypto session summary

•show crypto session detail

•show crypto isakmp sa detail

•show crypto ipsec sa detail

•show crypto isakmp peers

•show crypto ruleset detail

•show processes memory | include Crypto IKMP

•show processes cpu | include Crypto IKMP

•show crypto eli

•show crypto engine accelerator statistic

Output of the show tech-support ipsec peer Command

If you enter the show tech-support ipsec command with the peer keyword and the ipv4address argument, the output displays the following show commands, in order of output for the specified peer:

•show version

•show running-config

•show crypto session remote ipv4address detail

•show crypto isakmp sa peer ipv4address detail

•show crypto ipsec sa peer ipv4address detail

•show crypto isakmp peers ipv4address

•show crypto ruleset detail

•show processes memory | include Crypto IKMP

•show processes cpu | include Crypto IKMP

•show crypto eli

•show crypto engine accelerator statistic

Output of the show tech-support ipsec vrf Command

If you enter the show tech-support ipsec command with the vrf keyword and the vrf-name argument, the output displays the following show commands, in order of output for the specified VRF:

•show version

•show running-config

•show crypto isakmp sa count vrf vrf-name

•show crypto ipsec sa count vrf vrf-name

•show crypto session ivrf ivrf-name detail

•show crypto session fvrf fvrf-name detail

•show crypto isakmp sa vrf vrf-name detail

•show crypto ipsec sa vrf vrf-name detail

•show crypto ruleset detail

•show processes memory | include Crypto IKMP

•show processes cpu | include Crypto IKMP

•show crypto eli

•show crypto engine accelerator statistic

Examples

For a sample display of the output from the show tech-support ipsec command, see the documentation for the individual show commands listed in the "Usage Guidelines" section.

Related Commands

Command	Description
show tech-support	Displays general information about the router when it reports a problem.

show tms controller

To display TIDP Based Mitigation Services (TMS) information on a TMS controller, use the show tms controller command in privileged EXEC mode.

show tms controller

Syntax Description

This command has no arguments or keywords.

Command Default

TMS information on a TMS controller is not displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.4(6)T	This command was introduced.

Usage Guidelines

The output from this command displays the TMS groups and consumers for which the controller performs. This information includes specific consumer membership information and registration status.

Examples

The following is sample output from the show tms controller command:

Router# show tms controller 

TIDP-Group     TMS-Consumer-IP        Status

----------    -----------------       ------

10            10.3.3.2                 Registered Successfully

10            10.1.1.2                 Registered Successfully

20            10.3.3.2                 Registered Successfully

20            10.1.1.2                 Registered Successfully

Table 152 describes the significant fields shown in the display.

Table 152 show tms controller Field Descriptions 

Field	Description
TIDP-Group	Number of the TIDP group associated with the TMS consumer.
TMS-Consumer-IP	IP address of the TMS consumer.
Status	Registration status of the TMS consumer. The registration status is shown as "Configured Available" or "Registered Successfully."

Related Commands

Command	Description
show tms consumer	Displays TMS information on a TMS consumer.

show tms controller group

To display TIDP Based Mitigation Services (TMS) group information on a TMS controller, use the show tms controller group command in privileged EXEC mode.

show tms controller group {group-id [owner {owner-id | any} tid {threat-id | all} [consumer ipv4 ip-address] [verbose] | threats] | all owner {owner-id | any} tid {threat-id | all} [consumer ipv4 ip-address] [verbose]}

Syntax Description

group-id	Displays information for the group specified by the ID number.
owner	Indicates that threat owner configuration parameters will follow.
owner-id	Displays information for the specified owner ID number.
any	Displays information for any owner ID number.
tid	Indicates that threat ID configuration parameters will follow.
threat-id	Displays the Threat Information Message specified by the ID number.
all	Displays all Threat Information Messages.
consumer ipv4 ip-address	Displays information related to the TMS consumer specified with the IP address argument.
verbose	Displays verbose information.
threats	Displays information about all threats that have been sent to all consumers in the group. Both active and inactive threats are displayed.

Command Default

TMS group information on a TMS controller is not displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.4(6)T	This command was introduced.

Usage Guidelines

This command is used to display specific information about Threat Information Messages (TIMs) sent to a TMS consumer or group from the controller. This information includes the threat ID (TID) number, the message version number, the TMS group ID number, the controller IP address, the active or inactive registration status, and the mitigation enforcement action.

Examples

The following is sample output from the show tms controller group command:

Router# show tms controller group 10 

TMS-Controller# show tms controller group all owner any tid all verbose     

OwnerID      TID   Ver  Group       Consumer          Status  		ActionTaken 

--------     ----  ---- ------      ---------        --------		-------------- 

1          	  1      1                           Load  Active 

1            	1      1    10        10.1.1.2           Active  		Redirect 172.16.1.1 

1            	2      1                           Load  Active 

1           	 2      1    10        10.1.1.2  			 		     Active 	    	Redirect NULL 

1           	 3      1                           Load  Active 

1          	  3      1    10              10.1.1.2    Inactive      Threat Inactive 

2           	10      1                           Load  Active 

2           	10      1    10              10.1.1.2     Active  	ACL-Drop 

2           	20      1                           Load  Active 

2          	 20      1    10              10.1.1.2     Active  	ACL-Drop 

Table 153 describes the significant fields shown in the display.

Table 153 show tms controller group Field Descriptions 

Field	Description
OwnerID	ID number of the threat owner.
TID	Threat ID number.
Ver	Threat version number.
Group	TMS group ID number.
Consumer	IP address of the TMS consumer.
Status	Threat status listed as "Load," "Active," or "Inactive."
ActionTaken	The threat mitigation enforcement action associated with the threat ID number.

show tunnel endpoints

To display the contents of the tunnel endpoint database that is used for tunnel endpoint address resolution, when running a tunnel in multipoint generic routing encapsulation (mGRE) mode, use the show tunnel endpoints command in privileged EXEC mode.

show tunnel endpoints [tunnel tunnel-number]

Syntax Description

tunnel	(Optional) Specifies the tunnel interface. If a tunnel is specified, only the endpoint database for that tunnel is displayed. If a tunnel is not specified, endpoint databases for all tunnels are displayed.
tunnel-number	(Optional) Tunnel interface number. The range is from 0 to 2147483647.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(27)S	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.(33)SRA.
12.4(11)T	This command was integrated into Cisco IOS Release 12.4(11)T.
Cisco IOS XE Release 2.1	This command was implemented on the Cisco ASR 1000 series routers.

Usage Guidelines

The output of show tunnel endpoints command displays the tunnel destination and transport address together with any overlay or virtual private network (VPN) address that resolves to it.

Examples

The following example shows that there are two tunnel endpoints in the database that are associated with tunnel 1 (192.0.2.0 and 192.0.2.1). Through these endpoints, VPN destination 192.0.2.3 is reachable by tunneling to endpoint 192.0.2.0 and VPN destination 192.0.2.2 is reachable by tunneling to endpoint 192.0.2.1.

Router# show tunnel endpoints

Tunnel0 running in multi-GRE/IP mode

 Endpoint transport 20.20.20.20 Refcount 4 Base 0x55BCC5E8 Create Time 00:01:08

   overlay ::FFFF:20.20.20.20 Refcount 2 Parent 0x55BCC5E8 Create Time 00:01:08

   overlay 20.20.20.20 Refcount 2 Parent 0x55BCC5E8 Create Time 00:01:08

Table 154 describes the significant fields shown in the display..

Table 154 show tunnel endpoints Field Descriptions

Field	Description
Transport	Displays the transport address.
Refcount	Number of overlay addresses that are resolving through the destination address.
Base	Displays the base address.
Overlay	Displays the overlay address.
Parent	Reference to the tunnel endpoint.

Related Commands

Command	Description
tunnel mode	Sets the encapsulation mode for the tunnel interface.
tunnel protection	Associates a tunnel interface with an IPSec profile.

show usb controllers

To display USB host controller information, use the show usb controllers command in privileged EXEC mode.

show usb controllers [controller-number]

Syntax Description

controller-number

(Optional) Displays information only for the specified controller.

Defaults

Information about all controllers on the system are displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(14)T	This command was introduced.
12.4(11)T	This command was integrated into the Cisco 7200VXR NPE-G2 platform.

Usage Guidelines

Use the show usb controllers command to display content such as controller register specific information, current asynchronous buffer addresses, and period scheduling information. You can also use this command to verify that copy operations are occurring successfully onto a USB flash module.

Examples

The following example is sample output from the show usb controllers command:

Router# show usb controllers

Name:1362HCD

Controller ID:1

Controller Specific Information:

    Revision:0x11

    Control:0x80

    Command Status:0x0

    Hardware Interrupt Status:0x24

    Hardware Interrupt Enable:0x80000040

    Hardware Interrupt Disable:0x80000040

    Frame Interval:0x27782EDF

    Frame Remaining:0x13C1

    Frame Number:0xDA4C

    LSThreshold:0x628

    RhDescriptorA:0x19000202

    RhDescriptorB:0x0

    RhStatus:0x0

    RhPort1Status:0x100103

    RhPort2Status:0x100303

    Hardware Configuration:0x3029

    DMA Configuration:0x0

    Transfer Counter:0x1

    Interrupt:0x9

    Interrupt Enable:0x196

    Chip ID:0x3630

    Buffer Status:0x0

    Direct Address Length:0x80A00

    ATL Buffer Size:0x600

    ATL Buffer Port:0x0

    ATL Block Size:0x100

    ATL PTD Skip Map:0xFFFFFFFF

    ATL PTD Last:0x20

    ATL Current Active PTD:0x0

    ATL Threshold Count:0x1

    ATL Threshold Timeout:0xFF

Int Level:1

Transfer Completion Codes:

         Success              :920              CRC             :0       

         Bit Stuff            :0                Stall           :0       

         No Response          :0                Overrun         :0       

         Underrun             :0                Other           :0       

         Buffer Overrun       :0                Buffer Underrun :0       

Transfer Errors:

         Canceled Transfers   :2                Control Timeout :0       

Transfer Failures:

         Interrupt Transfer   :0                Bulk Transfer   :0       

         Isochronous Transfer :0                Control Transfer:0       

Transfer Successes:

         Interrupt Transfer   :0                Bulk Transfer   :26      

         Isochronous Transfer :0                Control Transfer:894     

USBD Failures:

         Enumeration Failures :0                No Class Driver Found:0       

         Power Budget Exceeded:0       

USB MSCD SCSI Class Driver Counters:

         Good Status Failures :3                Command Fail    :0       

         Good Status Timed out:0                Device not Found:0       

         Device Never Opened  :0                Drive Init Fail :0       

         Illegal App Handle   :0                Bad API Command :0       

         Invalid Unit Number  :0                Invalid Argument:0       

         Application Overflow :0                Device in use   :0       

         Control Pipe Stall   :0                Malloc Error    :0       

         Device Stalled       :0                Bad Command Code:0       

         Device Detached      :0                Unknown Error   :0       

         Invalid Logic Unit Num:0       

USB Aladdin Token Driver Counters:

         Token Inserted       :1                Token Removed   :0       

         Send Insert Msg Fail :0                Response Txns   :434     

         Dev Entry Add Fail   :0                Request Txns    :434     

         Dev Entry Remove Fail:0                Request Txn Fail:0       

         Response Txn Fail    :0                Command Txn Fail:0       

         Txn Invalid Dev Handle:0       

USB Flash File System Counters:

         Flash Disconnected   :0                Flash Connected :1       

         Flash Device Fail    :0                Flash Ok        :1       

         Flash startstop Fail :0                Flash FS Fail   :0       

USB Secure Token File System Counters:

         Token Inserted       :1                Token Detached  :0       

         Token FS success     :1                Token FS Fail   :0       

         Token Max Inserted   :0                Create Talker Failures:0       

         Token Event          :0                Destroy Talker Failures:0       

         Watched Boolean Create Failures:0 

show usb device

To display USB device information, use the show usb device command in privileged EXEC mode.

show usb device [controller-ID [device-address]]

Syntax Description

controller-ID	(Optional) Displays information only for the devices under the specified controller.
device-address	(Optional) Displays information only for the device with the specified address.

Defaults

Information for all devices attached to the system are displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(14)T	This command was introduced.
12.4(11)T	This command was integrated into the Cisco 7200VXR NPE-G2 platform.

Usage Guidelines

Use the show usb device command to display information for either a USB flash drive or a USB eToken, as appropriate.

Examples

The following example is sample output from the show usb device command:

Router# show usb device 

Host Controller:1

Address:0x1

Device Configured:YES

Device Supported:YES

Description:DiskOnKey

Manufacturer:M-Sys

Version:2.0

Serial Number:0750D84030316868

Device Handle:0x1000000

USB Version Compliance:2.0

Class Code:0x0

Subclass Code:0x0

Protocol:0x0

Vendor ID:0x8EC

Product ID:0x15

Max. Packet Size of Endpoint Zero:64

Number of Configurations:1

Speed:Full

Selected Configuration:1

Selected Interface:0

Configuration:

    Number:1

    Number of Interfaces:1

    Description:

    Attributes:None

    Max Power:140 mA

    Interface:

        Number:0

        Description:

        Class Code:8