-
Cisco IOS XR Virtual Firewall Command Reference, Release 3.7
-
Preface
-
Virtual Firewall Commands on Cisco IOS XR Software
-
Class Map Commands
-
Access Control List Commands
-
Policy Map Commands
-
Virtual Firewall Interface Commands
-
Virtualization Commands
-
Authentication and Accounting Commands
-
High Availability Commands
-
TCP/IP Normalization and IP Reassembly Parameters Commands
-
Parameter Map Commands
-
Terminal and Session Commands
-
System and File Management Commands
-
SNMP Commands
-
Logging Commands
-
VASI Commands on Cisco IOS XR Software
-
Index
-
Table Of Contents
High Availability Commands on the Virtual Firewall
High Availability Commands on the Virtual Firewall
This module describes the commands necessary to configure redundant multiservice blade (MSB) modules to provide high-availability (HA) capability for the VFW feature.
Note
The commands described in this module are SanOS (Linux) commands used on the VFW application. Before you can access any of these commands, you must attach from the route processor to the VFW application using the service firewall attach location command. For more information, see the "Attaching to the VFW Application" section in Cisco IOS XR Virtual Firewall Configuration Guide.
associate-context
To associate a context with a fault-tolerant (FT) group, use the associate-context command in FT group configuration mode. To remove a context from an FT group, use the no form of this command.
associate-context name
no associate-context name
Syntax Description
name
Identifier of the context that you want to associate with the FT group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
Defaults
No default behavior or values
Command Modes
FT group configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The associate-context command can be used in the Admin context only.
Use the associate-context command to associate a context with an FT group. You need to make this association for each of the two redundant contexts in an FT group.
Before you can remove a context from an FT group, you must first take the group out of service using the no inservice command.
Examples
The following example shows how to associate a context with an FT group:
firewall/Admin(config-ft-group)# associate-context C1Related Commands
clear ft
To clear the fault-tolerant (FT) statistics or history, use the clear ft command in EXEC mode.
clear ft {history {cfg_cntlr | ha_dp_mgr | ha_mgr} | stats}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to clear the fault-tolerant statistics:
firewall/Admin# clear ft statsRelated Commands
ft auto-sync
To enable automatic synchronization of the running-configuration and the startup-configuration files in a redundancy configuration, use the ft auto-sync command in configuration mode. To disable the automatic synchronization of the running-configuration file or the startup-configuration file, use the no form of this command.
ft auto-sync {running-config | startup-config}
no ft auto-sync {running-config | startup-config}
Syntax Description
Defaults
The VFW application automatically updates the running configuration on the standby context of an FT group with any changes that occur to the running configuration of the active context.
Command Modes
Configuration
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
By default, the VFW application automatically updates the running configuration on the standby context of an FT group with any changes that occur to the running configuration of the active context. If you disable the ft auto-sync command, you need to update the configuration of the standby context manually. For more information about configuration synchronization and configuring redundancy, see Cisco IOS XR Firtual Firewall Configuration Guide.
Caution
Examples
The following example shows how to enable autosynchronization of the running-configuration file in the C1 context:
firewall/C1(config)# ft auto-sync running-configRelated Commands
ft group
To create a fault-tolerant (FT) group for redundancy, use the ft group command in configuration mode. To remove an FT group from the configuration, use the no form of this command.
ft group group_id
no ft group group_id
Syntax Description
Defaults
No default behavior or values
Command Modes
Configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The ft group command can be used in the Admin context only.
You must configure the same group ID on both peer modules.
On each VFW application, you can create multiple FT groups, up to a maximum of 256 groups. Each group consists of a maximum of two members (contexts): one active context on one module and one standby context on the peer module.
Examples
The following example shows how to configure a fault-tolerant group:
firewall/Admin(config)# ft group 1firewall/Admin(config-ft-group)#Related Commands
ft interface
To create a fault-tolerant (FT) interface and access FT interface configuration mode, use the ft interface command in configuration mode. To remove an FT interface from the redundancy configuration, use the no form of this command.
ft interface interface_name
no ft interface interface_name
Syntax Description
Defaults
No default behavior or values
Command Modes
Configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the System feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The ft interface command can be used in the Admin context only.
To remove an FT interface from the redundancy configuration, first dissociate it from the FT peer using the no form of the ft-interface command. Then, use the no ft interface command in configuration mode.
Examples
The following example shows how to configure an FT interface and access FT group configuration mode:
firewall/Admin(config)# ft interface xyzfirewall/Admin(config-ft-intf)#The following example shows how to delete the FT interface configuration:
firewall/Admin(config)# no ft interface xyzRelated Commands
Displays the FT or redundancy statistics per context.
Displays the interface information.
Displays the running configuration information associated with the current context.
ft-interface
To associate an existing fault-tolerant (FT) interface with a peer, use the ft-interface command in FT peer configuration mode. To remove the FT interface from the peer configuration, use the no form of this command.
ft-interface interface_name
no ft-interface interface_name
Syntax Description
Defaults
No default behavior or values
Command Modes
FT peer configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The ft-interface command can be used in the Admin context only.
Examples
The following example shows how to associate an existing FT interface with a peer:
firewall/Admin(config)# ft peer 1firewall/Admin(config-ft-peer)# ft-interface xyzRelated Commands
Configures an FT peer and enters FT peer configuration mode.
Displays the FT or redundancy statistics per context.
ft peer
To configure a fault-tolerant (FT) peer and access FT peer configuration mode, use the ft peer command in configuration mode. To remove an FT group from the configuration, use the no form of this command.
ft peer peer_id
no ft peer peer_id
Syntax Description
Defaults
No default behavior or values
Command Modes
Configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The ft peer command can be used in the Admin context only.
Examples
The following example shows how to configure an FT peer and access FT peer configuration mode:
firewall/Admin(config)# ft peer 1firewall/Admin(config-ft-peer)#Related Commands
ft switchover
To purposely cause a switchover, perhaps to make a particular context active, use the ft switchover command in EXEC mode.
ft switchover [force | group_id]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT (fault-tolerant) group, thereby causing the switchover.
You may need to cause a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully becoming the active member of the FT group, a switchover occurs. You must configure no preempt to use this command. (Use the preempt command in FT group configuration mode.)
The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context:
•
•
Examples
The following example shows how to cause a switchover from the active module to the standby module of FT group1:
firewall/Admin# ft switchover 1Related Commands
heartbeat
To configure the heartbeat interval and count for verification timing between active and standby fault-tolerant (FT) peers, use the heartbeat command in FT peer configuration mode. To remove the FT interface from the peer configuration, use the no form of this command.
heartbeat {count number | interval frequency}
no heartbeat {count number | interval frequency}
Syntax Description
Defaults
No default behavior or values
Command Modes
FT peer configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The heartbeat command can be used in the Admin context only.
If the standby member of the FT group does not receive a heartbeat packet from the active member, a time period equal to count number times interval frequency must elapse before a switchover can occur.
Examples
The following example shows how to set a heartbeat count of 20:
firewall/Admin(config)# ft peer 1firewall/Admin(config-ft-peer)# heartbeat count 20The following example shows how to set a heartbeat interval of 200 milliseconds:
firewall/Admin(config-ft-peer)# heartbeat interval 200Related Commands
Configures an FT peer and enters FT peer configuration mode.
Displays the FT or redundancy statistics per context.
inservice
To place a fault-tolerant (FT) group in service, use the inservice command in FT group configuration mode. To take the FT group out of service, use the no form of this command.
inservice
no inservice
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
FT group configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The inservice command can be used in the Admin context only.
Before you place an FT group in service, be sure that you have associated one or two contexts with the FT group and have properly configured the two peers.
Examples
The following example shows how to place an FT group in service:
firewall/Admin(config)# ft group 1firewall/Admin(config-ft-group)# inserviceRelated Commands
peer
To associate a peer VFW application with a fault-tolerant (FT) group, use the peer command in FT group configuration mode. To remove the peer association with the FT group, use the no form of this command.
peer peer_id
no peer peer_id
Syntax Description
Defaults
No default behavior or values
Command Modes
FT group configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The peer designation is used to denote the remote standby member of the FT group. A context in a redundant configuration can have only one peer context.
The peer command can be used in the Admin context only.
Examples
The following example shows how to associate a peer module with an FT group:
firewall/Admin(config)# ft group 1firewall/Admin(config-ft-group)# peer 1Related Commands
Creates a fault-tolerant (FT) group for redundancy.
Displays the FT or redundancy statistics per context.
peer ip
To configure an IP address for the remote peer to allow the local member of the fault-tolerant (FT) group to communicate with the remote peer, use the peer ip command in FT interface configuration mode. To remove the IP address from the peer configuration, use the no form of this command.
peer ip address ip_address netmask
no peer ip address ip_address netmask
Syntax Description
address ip_address
Specifies the IP address of the remote peer. Enter an IP address in dotted-decimal notation.
netmask
Subnet mask of the remote peer. Enter a subnet mask in dotted-decimal notation.
Defaults
No default behavior or values
Command Modes
FT interface configuration
Admin context only
Command History
Usage Guidelines
This command requires the system feature in your user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The peer ip command can be used in the Admin context only.
Examples
The following example shows how to configure an IP address for the remote peer:
firewall/Admin(config-ft-intf)# peer ip address 192.168.12.15 255.255.255.0Related Commands
Assigns an IP address on a VFW management or fault-tolerant (FT) interface.
Displays the interface information.
preempt
To configure preemption after it has been disabled, use the preempt command in fault-tolerant (FT) group configuration mode. To disable preemption, use the no form of this command.
preempt
no preempt
Syntax Description
This command has no arguments or keywords.
Defaults
Preemption is enabled.
Command Modes
FT group configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The preempt command can be used in the Admin context only.
Preemption ensures that the group member with the higher priority always asserts itself and becomes the active member. By default, preemption is enabled.
If you disable preemption and a member with a higher priority is found after the other member has become active, the newly elected member becomes the standby member even though it has a higher priority.
Examples
The following example shows how to reenable preemption after its default setting was disabled:
firewall/Admin(config)# ft group 1firewall/Admin(config-ft-group)# preemptRelated Commands
Creates a fault-tolerant (FT) group for redundancy.
Configures the priority of the active group members.
Displays the FT or redundancy statistics per context.
priority
To configure the priority of the active group member, use the priority command in fault-tolerant (FT) group configuration mode. To restore the default priority of 100, use the no form of this command.
priority number
no priority number
Syntax Description
Defaults
The default priority is 100.
Command Modes
FT group configuration
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
The priority command can be used in the Admin context only.
You must configure the priority of a group on both peer modules. Configure a higher priority for the group on the module where you want the active member to initially reside.
Examples
The following example shows how to set the priority of the FT group on the active member to a value of 150:
firewall/Admin(config)# ft group 1firewall/Admin(config-ft-group)# priority 150Related Commands
Creates a fault-tolerant (FT) group for redundancy.
Configures preemption after it has been disabled.
Displays the FT or redundancy statistics per context.
show ft group
To display the fault-tolerant (FT) or redundancy peer statistics, use the show ft group command in EXEC mode.
show ft group {[group_id] {detail | status | summary} | brief}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
In the Admin context, the show ft group command displays statistics for all FT groups in the VFW application. Also, in the Admin context, you can specify an FT group number to display statistics for an individual group. In a user context, this command displays statistics only for the FT group to which the user context belongs.
Examples
The following example shows sample output from the show ft group command with the status keyword:
firewall/Admin# show ft group statusFT Group : 1Configured Status : in-serviceMaintenance mode : MAINT_MODE_OFFMy State : FSM_FT_STATE_ACTIVEPeer State : FSM_FT_STATE_STANDBY_HOTPeer Id : 1No. of Contexts : 1FT Group : 2Configured Status : in-serviceMaintenance mode : MAINT_MODE_OFFMy State : FSM_FT_STATE_ACTIVEPeer State : FSM_FT_STATE_STANDBY_HOTPeer Id : 1...The following example shows sample output from the show ft group command for a specific group:
firewall/Admin# show ft group 2 statusFT Group : 2Configured Status : in-serviceMaintenance mode : MAINT_MODE_OFFMy State : FSM_FT_STATE_ACTIVEPeer State : FSM_FT_STATE_STANDBY_HOTPeer Id : 1No. of Contexts : 1The following example shows sample output from the show ft group command with the summary keyword:
firewall/Admin# show ft group summaryFT Group : 1Configured Status : in-serviceMaintenance mode : MAINT_MODE_OFFMy State : FSM_FT_STATE_ACTIVEMy Config Priority : 100My Net Priority : 100My Preempt : DisabledPeer State : FSM_FT_STATE_STANDBY_HOTPeer Config Priority : 100Peer Net Priority : 100Peer Preempt : DisabledPeer Id : 1No. of Contexts : 1FT Group : 2Configured Status : in-serviceMaintenance mode : MAINT_MODE_OFFMy State : FSM_FT_STATE_ACTIVEMy Config Priority : 100My Net Priority : 100My Preempt : DisabledPeer State : FSM_FT_STATE_STANDBY_HOTPeer Config Priority : 100Peer Net Priority : 100Peer Preempt : DisabledPeer Id : 1No. of Contexts : 1...The following example shows sample output from the show ft group command with the brief keyword:
firewall/Admin# show ft group briefFT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_STANDBY_HOTContext Name: ctx1 Context Id: 1FT Group ID: 2 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_STANDBY_HOTContext Name: ctx2 Context Id: 451FT Group ID: 3 My State:FSM_FT_STATE_INIT Peer State:FSM_FT_STATE_INITContext Name: ctx3 Context Id: 223FT Group ID: 4 My State:FSM_FT_STATE_INIT Peer State:FSM_FT_STATE_INITContext Name: ctx4 Context Id: 334FT Group ID: 5 My State:FSM_FT_STATE_INIT Peer State:FSM_FT_STATE_INITContext Name: ctx5 Context Id: 396FT Group ID: 6 My State:FSM_FT_STATE_INIT Peer State:FSM_FT_STATE_INITContext Name: ctx6 Context Id: 407FT Group ID: 7 My State:FSM_FT_STATE_INIT Peer State:FSM_FT_STATE_INITContext Name: ctx7 Context Id: 418Related Commands
show ft history
To display a history of internal redundancy software statistics, use the show ft history command in EXEC mode.
show ft history {cfg_cntlr | ha_dp_mgr | ha_mgr}
Syntax Description
cfg_cntlr
Displays the configuration controller debug log.
ha_dp_mgr
Displays the high-availability (HA) dataplane manager debug log.
ha_mgr
Displays the HA manager debug log.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the configuration controller debug log:
firewall/Admin# show ft group history cfg_cntlrRelated Commands
show ft memory
To display the high-availability (HA) manager memory statistics, use the show ft memory command in EXEC mode.
show ft memory [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Admin context only
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the detailed HA manager memory statistics:
firewall/Admin# show ft group memory detailRelated Commands
show ft peer
To display the fault-tolerant (FT) peer information, use the show ft command in EXEC mode.
show ft peer [peer_id] {detail | status | summary}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the detailed statistics for all peers:
firewall/Admin# show ft peer detailRelated Commands
show ft stats
To display the fault-tolerant (FT) or redundancy statistics per context, use the show ft command in EXEC mode.
show ft stats [group_id]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display statistics for FT group 1:
firewall/Admin# show ft stats 1Related Commands
show ft idmap
To display the IDMAP table, use the show ft idmap command in EXEC mode.
show ft idmap
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Command History
Release 3.5.0
This command was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.
Release 3.6.0
No modification.
Release 3.7.0
No modification.
Usage Guidelines
This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the "Configuring Virtualization on the Virtual Firewall" module in Cisco IOS XR Virtual Firewall Configuration Guide.
Examples
The following example shows how to display the IDMAP table:
firewall/Admin# show ft idmapRelated Commands
