Table Of Contents

D through F Commands

debug aaa

debug arp

debug arp-inspection

debug asdm history

debug cmgr

debug context

debug cplane

debug crypto ca

debug crypto engine

debug crypto ipsec

debug crypto isakmp

debug ctiqbe

debug dhcpc

debug dhcpd

debug dhcprelay

debug disk

debug dns

debug entity

debug fixup

debug fover

debug fsm

debug ftp client

debug generic

debug gtp

debug h323

debug http

debug http-map

debug icmp

debug igmp

debug ils

debug imagemgr

debug ipsec-over-tcp

debug ipsec-pass-thru

debug ipv6

debug iua-proxy

debug kerberos

debug ldap

debug mac-address-table

debug menu

debug mfib

debug mgcp

debug module-boot

debug mrib

debug ntdomain

debug ntp

debug ospf

debug parser cache

debug pim

debug pix pkt2pc

debug pix process

debug pptp

debug radius

debug rip

debug rtsp

debug sdi

debug sequence

debug session-command

debug sip

debug skinny

debug smtp

debug sqlnet

debug ssh

debug ssl

debug sunrpc

debug tacacs

debug tcp-map

debug timestamps

debug vpn-sessiondb

debug xdmcp

default

default (crl configure)

default (time-range)

default enrollment

default-domain

default-group-policy

default-group-policy (webvpn)

default-idle-timeout

default-information originate

delete

deny version

description

dhcp-network-scope

dhcp-server

dhcpd address

dhcpd auto_config

dhcpd dns

dhcpd domain

dhcpd enable

dhcpd lease

dhcpd option

dhcpd ping_timeout

dhcpd wins

dhcprelay enable

dhcprelay server

dhcprelay setroute

dhcprelay timeout

dir

disable

distance ospf

dns domain-lookup

dns-guard

dns name-server

dns retries

dns timeout

dns-server

domain-name

downgrade

drop

duplex

email

enable

enable (webvpn)

enable password

enforcenextupdate

enrollment retry count

enrollment retry period

enrollment terminal

enrollment url

erase

established

exceed-mss

exit

failover

failover active

failover group

failover interface ip

failover interface-policy

failover key

failover lan enable

failover lan interface

failover lan unit

failover link

failover mac address

failover polltime

failover reload-standby

failover replication http

failover reset

failover timeout

filter

filter activex

filter ftp

filter https

filter java

filter url

fips enable

fips self-test poweron

firewall transparent

format

fqdn

fragment

ftp-map

ftp mode passive

functions

D through F Commands

---

debug aaa

To show debug messages for AAA, use the debug aaa command in privileged EXEC mode. To stop showing AAA messages, use the no form of this command.

debug aaa [ accounting | authentication | authorization | internal | vpn [ level ] ]

no debug aaa

Syntax Description

accounting	(Optional) Show debug messages for accounting only.
authentication	(Optional) Show debug messages for authentication only.
authorization	(Optional) Show debug messages for authorization only.
internal	(Optional) Show debug messages for AAA functions supported by the local database only.
level	(Optional) Specifies the debug level. Valid with the vpn keyword only.
vpn	(Optional) Show debug messages for VPN-related AAA functions only.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0	This command was modified to include new keywords.

Usage Guidelines

The debug aaa command displays detailed information about AAA activity. The no debug all or undebug all commands turn off all enabled debugs.

Examples

The following example enables debugging for AAA functions supported by the local database:

hostname(config)# debug aaa internal

debug aaa internal enabled at level 1

hostname(config)# uap allocated. remote address: 10.42.15.172, Session_id: 2147483841 

uap freed for user . remote address: 10.42.15.172, session id: 2147483841

Related Commands

Command	Description
show running-config aaa	Displays running configuration related to AAA.

debug arp

To show debug messages for ARP, use the debug arp command in privileged EXEC mode. To stop showing debug messages for ARP, use the no form of this command.

debug arp

no debug arp

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for ARP:

hostname# debug arp

Related Commands

Command	Description
arp	Adds a static ARP entry.
show arp statistics	Shows ARP statistics.
show debug	Shows all enabled debuggers.

debug arp-inspection

To show debug messages for ARP inspection, use the debug arp-inspection command in privileged EXEC mode. To stop showing debug messages for ARP inspection, use the no form of this command.

debug arp-inspection

no debug arp-inspection

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0	This command was introduced.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for ARP inspection:

hostname# debug arp-inspection

Related Commands

Command	Description
arp	Adds a static ARP entry.
arp-inspection	For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
show debug	Shows all enabled debuggers.

debug asdm history

To view debug information for ASDM, use the debug asdm history command in privileged EXEC mode.

debug asdm history level

Syntax Description

level

(Optional) Specifies the debug level.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0	This command was changed from the debug pdm history command to the debug asdm history command.

Usage Guidelines

Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

Examples

The following example enables level 1 debugging of ASDM:

hostname# debug asdm history

debug asdm history enabled at level 1

hostname#

Related Commands

Command	Description
show asdm history	Displays the contents of the ASDM history buffer.

debug cmgr

To show debug messages about the SSM card manager, use the debug cmgr command in privileged EXEC mode. To stop showing debug messages for the card manager, use the no form of this command.

debug cmgr [level]

no debug cmgr [level]

Syntax Description

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0	This command was introduced.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for the card manager:

hostname# debug cmgr

Related Commands

Command	Description
hw-module module recover	Recovers an AIP SSM by loading a recovery image from a TFTP server.
hw-module module reset	Shuts down an AIP SSM and performs a hardware reset.
hw-module module reload	Reloads the AIP SSM software.
hw-module module shutdown	Shuts down the AIP SSM software in preparation for being powered off without losing configuration data.
show module	Shows SSM information.

debug context

To show debug messages when you add or delete a security context, use the debug context command in privileged EXEC mode. To stop showing debug messages for contexts, use the no form of this command.

debug context [level]

no debug context [level]

Syntax Description

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0	This command was introduced.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for context management:

hostname# debug context

Related Commands

Command	Description
context	Creates a security context in the system configuration and enters context configuration mode.
show context	Shows context information.
show debug	Shows all enabled debuggers.

debug cplane

To show debug messages about the control plane that connects internally to an SSM, use the debug cplane command in privileged EXEC mode. To stop showing debug messages for the control plane, use the no form of this command.

debug cplane [level]

no debug cplane [level]

Syntax Description

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0	This command was introduced.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for the control plane:

hostname# debug cplane

Related Commands

Command	Description
hw-module module recover	Recovers an intelligent SSM by loading a recovery image from a TFTP server.
hw-module module reset	Shuts down an SSM and performs a hardware reset.
hw-module module reload	Reloads the intelligent SSM software.
hw-module module shutdown	Shuts down the SSM software in preparation for being powered off without losing configuration data.
show module	Shows SSM information.

debug crypto ca

To show debug messages for PKI activity (used with CAs), use the debug crypto ca command in privileged EXEC mode. To stop showing debug messages for PKI, use the no form of this command.

debug crypto ca [messages | transactions] [level]

no debug crypto ca [messages | transactions] [level]

Syntax Description

messages	(Optional) Shows only debug messages for PKI input and output messages.
transactions	(Optional) Shows only debug messages for PKI transactions.
level	(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number. Level 1 (the default) shows messages only when errors occur. Level 2 shows warnings. Level 3 shows informational messages. Levels 4 and up show additional information for troubleshooting.

Defaults

By default, this command shows all debug messages. The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for PKI:

hostname# debug crypto ca

Related Commands

Command	Description
debug crypto engine	Shows debug messages for the crypto engine.
debug crypto ipsec	Shows debug messages for IPSec.
debug crypto isakmp	Shows debug messages for ISAKMP.

debug crypto engine

To show debug messages for the crypto engine, use the debug crypto engine command in privileged EXEC mode. To stop showing debug messages for the crypto engine, use the no form of this command.

debug crypto engine [level]

no debug crypto engine [level]

Syntax Description

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0	This command was introduced.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for the crypto engine:

hostname# debug crypto engine

Related Commands

Command	Description
debug crypto ca	Shows debug messages for the CA.
debug crypto ipsec	Shows debug messages for IPSec.
debug crypto isakmp	Shows debug messages for ISAKMP.

debug crypto ipsec

To show debug messages for IPSec, use the debug crypto ipsec command in privileged EXEC mode. To stop showing debug messages for IPSec, use the no form of this command.

debug crypto ipsec [level]

no debug crypto ipsec [level]

Syntax Description

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for IPSec:

hostname# debug crypto ipsec

Related Commands

Command	Description
debug crypto ca	Shows debug messages for the CA.
debug crypto engine	Shows debug messages for the crypto engine.
debug crypto isakmp	Shows debug messages for ISAKMP.

debug crypto isakmp

To show debug messages for ISAKMP, use the debug crypto isakmp command in privileged EXEC mode. To stop showing debug messages for ISAKMP, use the no form of this command.

debug crypto isakmp [timers] [level]

no debug crypto isakmp [timers] [level]

Syntax Description

timers

(Optional) Shows debug messages for ISAKMP timer expiration.

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number. Level 1 (the default) shows messages only when errors occur. Levels 2 through 7 show additional information. Level 254 shows decrypted ISAKMP packets in a human readable format. Level 255 shows hexadecimal dumps of decrypted ISAKMP packets.

Defaults

The default level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

Using debug commands might slow down traffic on busy networks.

Examples

The following example enables debug messages for ISAKMP:

hostname# debug crypto isakmp

Related Commands

Command	Description
debug crypto ca	Shows debug messages for the CA.
debug crypto engine	Shows debug messages for the crypto engine.
debug crypto ipsec	Shows debug messages for IPSec.

debug ctiqbe

To show debug messages for CTIQBE application inspection, use the debug ctiqbe command in privileged EXEC mode. To stop showing debug messages for CTIQBE application inspection, use the no form of this command.

debug ctiqbe [level]

no debug ctiqbe [level]

Syntax Description

level

(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.

Defaults

The default value for level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

To see the current debug command settings, enter the show debug command. To stop the debug output, enter the no debug command. To stop all debug messages from being displayed, enter the no debug all command.

---

Note Enabling the debug ctiqbe command may slow down traffic on busy networks.

---

Examples

The following example enables debug messages at the default level (1) for CTIQBE application inspection:

hostname# debug ctiqbe

Related Commands

Command	Description
inspect ctiqbe	Enables CTIQBE application inspection.
show ctiqbe	Displays information about CTIQBE sessions established through the security appliance.
show conn	Displays the connection state for different connection types.
timeout	Sets the maximum idle time duration for different protocols and session types.

debug dhcpc

To enable debugging of the DHCP client, use the debug dhcpc command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug dhcpc {detail | packet | error} [level]

no debug dhcpc {detail | packet | error} [level]

Syntax Description

detail	Displays detail event information that is associated with the DHCP client.
error	Displays error messages that are associated with the DHCP client.
level	(Optional) Specifies the debug level. Valid valuse range from 1 to 255.
packet	Displays packet information that is associated with the DHCP client.

Defaults

The default debug level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

Displays DHCP client debug information.

Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

Examples

The following example shows how to enable debugging for the DHCP client:

hostname# debug dhcpc detail 5

debug dhcpc detail enabled at level 5

Related Commands

Command	Description
show ip address dhcp	Displays detailed information about the DHCP lease for an interface.
show running-config interface	Displays the running configuration of the specified interface.

debug dhcpd

To enable debugging of the DHCP server, use the debug dhcpd command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug dhcpd {event | packet} [level]

no debug dhcpd {event | packet} [level]

Syntax Description

event	Displays event information that is associated with the DHCP server.
level	(Optional) Specifies the debug level. Valid valuse range from 1 to 255.
packet	Displays packet information that is associated with the DHCP server.

Defaults

The default debug level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

The debug dhcpd event command displays event information about the DHCP server. The debug dhcpd packet command displays packet information about the DHCP server.

Use the no form of the debug dhcpd commands to disable debugging.

Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

Examples

The following shows an example of enabling DHCP event debugging:

hostname# debug dhcpd event

debug dhcpd event enabled at level 1

Related Commands

Command	Description
show dhcpd	Displays DHCP binding, statistic, or state information.
show running-config dhcpd	Displays the current DHCP server configuration.

debug dhcprelay

To enable debugging of the DHCP relay server, use the debug dhcpreleay command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug dhcprelay {event | packet | error} [level]

no debug dhcprelay {event | packet | error} [level]

Syntax Description

error	Displays error messages that are associated with the DHCP relay agent.
event	Displays event information that is associated with the DHCP relay agent.
level	(Optional) Specifies the debug level. Valid valuse range from 1 to 255.
packet	Displays packet information that is associated with the DHCP relay agent.

Defaults

The default debug level is 1.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

Examples

The following example shows how to enable debugging for DHCP relay agent error messages:

hostname# debug dhcprelay error

debug dhcprelay error enabled at level 1

Related Commands

Command	Description
clear configure dhcprelay	Removes all DHCP relay agent settings.
clear dhcprelay statistics	Clears the DHCP relay agent statistic counters.
show dhcprelay statistics	Displays DHCP relay agent statistic information.
show running-config dhcprelay	Displays the current DHCP relay agent configuration.

debug disk

To display file system debug information, use the debug disk command in privileged EXEC mode. To disable the display of debug information, use the no form of this command.

debug disk {file | file-verbose | filesystem} [level]

no debug disk {file | file-verbose | filesystem}

Syntax Description

file	Enables file-level disk debug messages.
file-verbose	Enables verbose file-level disk debug messages
filesystem	Enables file system debug messages.
level	(Optional) Sets the debug message level to display, between 1