-
Cisco Security Appliance Command Reference, Version 7.2
-
About this Guide
-
Using the Command Line Interface
-
aaa accounting command through accounting-server-group Commands
-
acl-netmask-convert through auto-update timeout Commands
-
backup interface through browse networks Commands
-
cache through clear compression Commands
-
clear configure through clear configure vpn-load-balancing Commands
-
clear conn through clear xlate Commands
-
client-access-rule through crl-configure Commands
-
crypto ca authenticate through customization Commands
-
ddns through debug xdmcp Commands
-
default through duplex Commands
-
email through functions Commands
-
gateway through hw-module module shutdown Commands
-
icmp through imap4s Commands
-
inspect ctiqbe through inspect xdmcp Commands
-
intercept-dhcp through issuer-name Commands
-
java-trustpoint through kill Commands
-
l2tp tunnel hello through log-adj-changes Commands
-
logging asdm through logout message Commands
-
mac-address through multicast-routing Commands
-
name through override-account-disable Commands
-
packet-tracer through pwd Commands
-
queue-limit through router rip Commands
-
same-security-traffic through show asdm sessions Commands
-
show asp drop through show curpriv Commands
-
show ddns through show ipv6 traffic Commands
-
show isakmp sa through show route Commands
-
show running-config through show running-config isakmp Commands
-
show running-config ldap through show running-config webvpn auto-signon Commands
-
show service-policy through show xlate Commands
-
shun through sysopt radius ignore-secret Commands
-
tcp-map through tx-ring-limit Commands
-
urgent-flag through write terminal Commands
-
Table Of Contents
ddns through debug xdmcp Commands
ddns update (interface configuration)
ddns update method (global configuration mode)
ddns through debug xdmcp Commands
ddns (DDNS-update-method)
To specify a DDNS update method type, use the ddns command in DDNS-update-method mode. To remove an update method type from the running configuration, use the no form of this command.
ddns [both]
no ddns [both]
Syntax Description
Defaults
Update only A RRs.
Command Modes
The following table shows the modes in which you can enter the command:
DDNS-update-method
•
—
•
•
—
Command History
Usage Guidelines
Dynamic DNS (DDNS) updates the name to address and address to name mappings maintained by DNS. Of the two methods for performing DDNS updates—the IETF standard defined by RFC 2136 and a generic HTTP method—the security appliance supports the IETF method in this release.
Name and address mappings are contained in two types of resource records (RR):
•
•
DDNS updates can be used to maintain consistent information between the A and PTR RR types.
When issued in DDNS-update-method configuration mode, the ddns command defines whether the update is just to A RR, or to both A RR and PTR RR.
Examples
The following example configures updating to both the A and PTR RRs for the DDNS update method named ddns-2:
hostname(config)# ddns update method ddns-2hostname(DDNS-update-method)# ddns bothRelated Commands
ddns update (interface configuration)
To associate a dynamic DNS (DDNS) update method with a security appliance interface or an update hostname, use the ddns update command in interface configuration mode. To remove the association between the DDNS update method and the interface or the hostname from the running configuration, use the no form of this command.
ddns update [method-name | hostname hostname]
no ddns update [method-name | hostname hostname]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Interface configuration
•
—
•
•
—
Command History
Usage Guidelines
After defining a DDNS update method, you must associate it with a security appliance interface to trigger DDNS updates.
A hostname could be a Fully Qualified Domain Name (FQDN) or just a hostname. If just a hostname, the security appliance appends a domain name to the hostname to create a FQDN.
Examples
The following example associates the interface GigabitEthernet0/2 with the DDNS update method named ddns-2 and the hostname hostname1.example.com:
hostname(config)# interface GigabitEthernet0/2hostname(config-if)# ddns update ddns-2hostname(config-if)# ddns update hostname hostname1.example.comRelated Commands
ddns update method (global configuration mode)
To create a method for dynamically updating a DNS resource records (RRs), use the ddns update method command in global configuration mode. To remove a dynamic DNS (DDNS) update method from the running configuration, use the no form of this command.
ddns update method name
no ddns update method name
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
—
•
•
—
Command History
Usage Guidelines
DDNS updates the name to address and address to name mappings maintained by DNS. The update method configured by the ddns update method command determines what and how often dynamic DNS updates are performed. Of the two methods for performing DDNS updates—the IETF standard defined by RFC 2136 and a generic HTTP method—the security appliance supports the IETF method in this release.
Name and address mappings are contained in two types of resource records (RR):
•
•
DDNS updates can be used to maintain consistent information between the A and PTR RR types.
Note
Examples
The following example configures the DDNS update method named ddns-2:
hostname(config)# ddns update method ddns-2Related Commands
debug aaa
To show debug messages for AAA, use the debug aaa command in privileged EXEC mode. To stop showing AAA messages, use the no form of this command.
debug aaa [ accounting | authentication | authorization | common | internal | vpn [ level ] ]
no debug aaa
Syntax Description
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The debug aaa command displays detailed information about AAA activity. The no debug all or undebug all commands turn off all enabled debugs.
Examples
The following example enables debugging for AAA functions supported by the local database:
hostname(config)# debug aaa internaldebug aaa internal enabled at level 1hostname(config)# uap allocated. remote address: 10.42.15.172, Session_id: 2147483841uap freed for user . remote address: 10.42.15.172, session id: 2147483841Related Commands
debug appfw
To display detailed information about application inspection, use the debug appfw command in privileged EXEC mode. To disable debugging, Use the no form of this command.
debug appfw [chunk | event | eventverb | regex]
no debug appfw [chunk | event | eventverb | regex]
Syntax Description
Defaults
All options are enabled by default.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The debug appfw command displays detailed information about HTTP application inspection. The no debug all or undebug all commands turn off all enabled debugs.
Examples
The following example enables the display of detailed information about application inspection:
hostname# debug appfwRelated Commands
http-map
Defines an HTTP map for configuring enhanced HTTP inspection.
inspect http
Applies a specific HTTP map to use for application inspection.
debug arp
To show debug messages for ARP, use the debug arp command in privileged EXEC mode. To stop showing debug messages for ARP, use the no form of this command.
debug arp
no debug arp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for ARP:
hostname# debug arpRelated Commands
arp
Adds a static ARP entry.
show arp statistics
Shows ARP statistics.
show debug
Shows all enabled debuggers.
debug arp-inspection
To show debug messages for ARP inspection, use the debug arp-inspection command in privileged EXEC mode. To stop showing debug messages for ARP inspection, use the no form of this command.
debug arp-inspection
no debug arp-inspection
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
—
•
•
•
—
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for ARP inspection:
hostname# debug arp-inspectionRelated Commands
arp
Adds a static ARP entry.
arp-inspection
For transparent firewall mode, inspects ARP packets to prevent ARP spoofing.
show debug
Shows all enabled debuggers.
debug asdm history
To view debug information for ASDM, use the debug asdm history command in privileged EXEC mode.
debug asdm history level
Syntax Description
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
7.0(1)
This command was changed from the debug pdm history command to the debug asdm history command.
Usage Guidelines
Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Examples
The following example enables level 1 debugging of ASDM:
hostname# debug asdm historydebug asdm history enabled at level 1hostname#Related Commands
debug context
To show debug messages when you add or delete a security context, use the debug context command in privileged EXEC mode. To stop showing debug messages for contexts, use the no form of this command.
debug context [level]
no debug context [level]
Syntax Description
level
(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for context management:
hostname# debug contextRelated Commands
debug cplane
To show debug messages about the control plane that connects internally to an SSM, use the debug cplane command in privileged EXEC mode. To stop showing debug messages for the control plane, use the no form of this command.
debug cplane [level]
no debug cplane [level]
Syntax Description
level
(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for the control plane:
hostname# debug cplaneRelated Commands
debug crypto ca
To show debug messages for PKI activity (used with CAs), use the debug crypto ca command in privileged EXEC mode. To stop showing debug messages for PKI, use the no form of this command.
debug crypto ca [messages | transactions] [level]
no debug crypto ca [messages | transactions] [level]
Syntax Description
Defaults
By default, this command shows all debug messages. The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for PKI:
hostname# debug crypto caRelated Commands
debug crypto engine
Shows debug messages for the crypto engine.
debug crypto ipsec
Shows debug messages for IPSec.
debug crypto isakmp
Shows debug messages for ISAKMP.
debug crypto engine
To show debug messages for the crypto engine, use the debug crypto engine command in privileged EXEC mode. To stop showing debug messages for the crypto engine, use the no form of this command.
debug crypto engine [level]
no debug crypto engine [level]
Syntax Description
level
(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for the crypto engine:
hostname# debug crypto engineRelated Commands
debug crypto ca
Shows debug messages for the CA.
debug crypto ipsec
Shows debug messages for IPSec.
debug crypto isakmp
Shows debug messages for ISAKMP.
debug crypto ipsec
To show debug messages for IPSec, use the debug crypto ipsec command in privileged EXEC mode. To stop showing debug messages for IPSec, use the no form of this command.
debug crypto ipsec [level]
no debug crypto ipsec [level]
Syntax Description
level
(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
—
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for IPSec:
hostname# debug crypto ipsecRelated Commands
debug crypto ca
Shows debug messages for the CA.
debug crypto engine
Shows debug messages for the crypto engine.
debug crypto isakmp
Shows debug messages for ISAKMP.
debug crypto isakmp
To show debug messages for ISAKMP, use the debug crypto isakmp command in privileged EXEC mode. To stop showing debug messages for ISAKMP, use the no form of this command.
debug crypto isakmp [timers] [level]
no debug crypto isakmp [timers] [level]
Syntax Description
Defaults
The default level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
—
Command History
Usage Guidelines
Using debug commands might slow down traffic on busy networks.
Examples
The following example enables debug messages for ISAKMP:
hostname# debug crypto isakmpRelated Commands
debug crypto ca
Shows debug messages for the CA.
debug crypto engine
Shows debug messages for the crypto engine.
debug crypto ipsec
Shows debug messages for IPSec.
debug ctiqbe
To show debug messages for CTIQBE application inspection, use the debug ctiqbe command in privileged EXEC mode. To stop showing debug messages for CTIQBE application inspection, use the no form of this command.
debug ctiqbe [level]
no debug ctiqbe [level]
Syntax Description
level
(Optional) Sets the debug message level to display, between 1 and 255. The default is 1. To display additional messages at higher levels, set the level to a higher number.
Defaults
The default value for level is 1.
Command Modes
The following table shows the modes in which you can enter the command:
