Table Of Contents

show ddns update interface through show ipv6 traffic Commands

show ddns update interface

show ddns update method

show debug

show dhcpd

show dhcprelay state

show dhcprelay statistics

show disk

show dns-hosts

show failover

show file

show firewall

show flash

show fragment

show gc

show h225

show h245

show h323-ras

show history

show icmp

show idb

show igmp groups

show igmp interface

show igmp traffic

show interface

show interface ip brief

show inventory

show ip address

show ip address dhcp

show ip address pppoe

show ip audit count

show ip verify statistics

show ipsec sa

show ipsec sa summary

show ipsec stats

show ipv6 access-list

show ipv6 interface

show ipv6 mld traffic

show ipv6 neighbor

show ipv6 route

show ipv6 routers

show ipv6 traffic

show ddns update interface through show ipv6 traffic Commands

---

show ddns update interface

To display the DDNS methods assigned to security appliance interfaces, use the show ddns update interface command in privileged EXEC mode.

show ddns update interface [interface-name]

Syntax Description

interface-name

(Optional) The name of a network interface.

Defaults

Omitting the interface-name string displays the DDNS method assigned to each interface.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example displays the DDNS method assigned to the inside interface:

hostname# show ddns update interface inside

Dynamic DNS Update on inside:

  Update Method Name            Update Destination

  ddns-2                        not available

hostname#

Related Commands

Command	Description
ddns (DDNS-update- method mode)	Specifies a DDNS update method type for a created DDNS method.
ddns update (interface config mode)	Associates a security appliance interface with a DDNS update method or a DDNS update hostname.
ddns update method (global config mode)	Creates a method for dynamically updating DNS resource records.
show ddns update method	Displays the type and interval for each configured DDNS method. a DHCP server to perform DDNS updates.
show running-config ddns	Displays the type and interval of all configured DDNS methods in the running configuration.

show ddns update method

To display the DDNS update methods in the running configuration, use the show ddns update method command in privileged EXEC mode.

show ddns update method [method-name]

Syntax Description

method-name

(Optional) The name of a configured DDNS update method.

Defaults

Omitting the method-name string displays all configured DDNS update methods.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following example displays the DDNS method named ddns-2:

hostname(config)# show ddns update method ddns-2

Dynamic DNS Update Method: ddns-2

IETF standardized Dynamic DNS 'A' and 'PTR' records update

Maximum update interval: 0 days 0 hours 10 minutes 0 seconds

hostname(config)#

Related Commands

Command	Description
ddns (DDNS-update- method mode)	Specifies a DDNS update method type for a created DDNS method.
ddns update (interface config mode)	Associates a security appliance interface with a Dynamic DNS (DDNS) update method or a DDNS update hostname.
ddns update method (global config mode)	Creates a method for dynamically updating DNS resource records.
show ddns update interface	Displays the interfaces associated with each configured DDNS method.
show running-config ddns	Displays the type and interval of all configured DDNS methods in the running configuration.

show debug

To show the current debugging configuration, use the show debug command.

show debug [command [keywords]]

Syntax Description

command

(Optional) Specifies the debug command whose current configuration you want to view. For each command, the syntax following command is identical to the syntax supported by the associated debug command. For example, valid keywords following show debug aaa are the same as the valid keywords for the debug aaa command. Thus, show debug aaa supports an accounting keyword, which allows you to specify that you want to see the debugging configuration for that portion of AAA debugging.

Defaults

This command has no default settings.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

The valid command values follow. For information about valid syntax after command, see the entry for debug command, as applicable.

---

Note The availability of each command value depends upon the command modes that support the applicable debug command.

---

•aaa

•appfw

•arp

•asdm

•context

•crypto

•ctiqbe

•ctm

•dhcpc

•dhcpd

•dhcprelay

•disk

•dns

•email

•entity

•fixup

•fover

•fsm

•ftp

•generic

•gtp

•h323

•http

•http-map

•icmp

•igmp

•ils

•imagemgr

•ipsec-over-tcp

•ipv6

•iua-proxy

•kerberos

•ldap

•mfib

•mgcp

•mrib

•ntdomain

•ntp

•ospf

•parser

•pim

•pix

•pptp

•radius

•rip

•rtsp

•sdi

•sequence

•sip

•skinny

•smtp

•sqlnet

•ssh

•ssl

•sunrpc

•tacacs

•timestamps

•vpn-sessiondb

•webvpn

•xdmcp

Examples

The following commands enable debugging for authentication, accounting, and Flash memory. The show debug command is used in three ways to demonstrate how you can use it to view all debugging configuration, debugging configuration for a specific feature, and even debugging configuration for a subset of a feature.

hostname# debug aaa authentication 

debug aaa authentication enabled at level 1

hostname# debug aaa accounting

debug aaa accounting enabled at level 1

hostname# debug disk filesystem

debug disk filesystem enabled at level 1

hostname# show debug

debug aaa authentication enabled at level 1

debug aaa accounting enabled at level 1

debug disk filesystem enabled at level 1

hostname# show debug aaa

debug aaa authentication enabled at level 1

debug aaa authorization is disabled.

debug aaa accounting enabled at level 1

debug aaa internal is disabled.

debug aaa vpn is disabled.

hostname# show debug aaa accounting

debug aaa accounting enabled at level 1

hostname# 

Related Commands

Command	Description
debug	See all debug commands.

show dhcpd

To view DHCP binding, state, and statistical information, use the show dhcpd command in privileged EXEC or global configuration mode.

show dhcpd {binding [IP_address] | state | statistics}

Syntax Description

binding	Displays binding information for a given server IP address and its associated client hardware address and lease length.
IP_address	Shows the binding information for the specified IP address.
state	Displays the state of the DHCP server, such as whether it is enabled in the current context and whether it is enabled on each of the interfaces.
statistics	Displays statistical information, such as the number of address pools, bindings, expired bindings, malformed messages, sent messages, and received messages.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

If you include the optional IP address in the show dhcpd binding command, only the binding for that IP address is shown.

The show dhcpd binding | state | statistics commands are also available in global configuration mode.

Examples

The following is sample output from the show dhcpd binding command:

hostname# show dhcpd binding

IP Address Hardware Address Lease Expiration Type

10.0.1.100 0100.a0c9.868e.43 84985 seconds automatic

The following is sample output from the show dhcpd state command:

hostname# show dhcpd state

Context Not Configured for DHCP

Interface outside, Not Configured for DHCP

Interface inside, Not Configured for DHCP

The following is sample output from the show dhcpd statistics command:

hostname# show dhcpd statistics

DHCP UDP Unreachable Errors: 0

DHCP Other UDP Errors: 0

Address pools        1

Automatic bindings   1

Expired bindings     1

Malformed messages   0

Message              Received

BOOTREQUEST          0

DHCPDISCOVER         1

DHCPREQUEST          2

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

Message              Sent

BOOTREPLY            0

DHCPOFFER            1

DHCPACK              1

DHCPNAK              1

Related Commands

Command	Description
clear configure dhcpd	Removes all DHCP server settings.
clear dhcpd	Clears the DHCP server bindings and statistic counters.
dhcpd lease	Defines the lease length for DHCP information granted to clients.
show running-config dhcpd	Displays the current DHCP server configuration.

show dhcprelay state

To view the state of the DHCP relay agent, use the show dhcprelay state command in privileged EXEC or global configuration mode.

show dhcprelay state

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

This command displays the DHCP relay agent state information for the current context and each interface.

Examples

The following is sample output from the show dhcprelay state command:

hostname# show dhcprelay state

Context  Configured as DHCP Relay

Interface outside, Not Configured for DHCP

Interface infrastructure, Configured for DHCP RELAY SERVER

Interface inside, Configured for DHCP RELAY

Related Commands

Command	Description
show dhcpd	Displays DHCP server statistics and state information.
show dhcprelay statistics	Displays the DHCP relay statistics.
show running-config dhcprelay	Displays the current DHCP relay agent configuration.

show dhcprelay statistics

To display the DHCP relay statistics, use the show dhcprelay statistics command in privileged EXEC mode.

show dhcprelay statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

The output of the show dhcprelay statistics command increments until you enter the clear dhcprelay statistics command.

Examples

The following shows sample output for the show dhcprelay statistics command:

hostname# show dhcprelay statistics

DHCP UDP Unreachable Errors: 0

DHCP Other UDP Errors: 0

Packets Relayed

BOOTREQUEST          0

DHCPDISCOVER         7

DHCPREQUEST          3

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0

BOOTREPLY            0

DHCPOFFER            7

DHCPACK              3

DHCPNAK              0

FeralPix(config)# 

Related Commands

Command	Description
clear configure dhcprelay	Removes all DHCP relay agent settings.
clear dhcprelay statistics	Clears the DHCP relay agent statistic counters.
debug dhcprelay	Displays debug information for the DHCP relay agent.
show dhcprelay state	Displays the state of the DHCP relay agent.
show running-config dhcprelay	Displays the current DHCP relay agent configuration.

show disk

To display the contents of the Flash memory for an adaptive security appliance only, use the show disk command in privileged EXEC mode. To display the contents of the Flash memory for a PIX security appliance, see the show flash command.

show disk[0 | 1] [filesys | all]

Syntax Description

0 | 1	Specifies the internal Flash memory (0, the default) or the external Flash memory (1).
filesys	Shows information about the compact Flash card.
all	Shows the contents of Flash memory plus the file system information,

Defaults

Shows the contents of the internal Flash memory by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show disk command:

hostname# show disk

-#- --length-- -----date/time------ path

 11 1301       Feb 21 2005 18:01:34 test.cfg

 12 1949       Feb 21 2005 20:13:36 test1.cfg

 13 2551       Jan 06 2005 10:07:36 test2.cfg

 14 609223     Jan 21 2005 07:14:18 test3.cfg

 15 1619       Jul 16 2004 16:06:48 test4.cfg

 16 3184       Aug 03 2004 07:07:00 old_running.cfg

 17 4787       Mar 04 2005 12:32:18 test5.cfg

 20 1792       Jan 21 2005 07:29:24 test6.cfg

 21 7765184    Mar 07 2005 19:38:30 test7.cfg

 22 1674       Nov 11 2004 02:47:52 test8.cfg

 23 1863       Jan 21 2005 07:29:18 test9.cfg

 24 1197       Jan 19 2005 08:17:48 test10.cfg

 25 608554     Jan 13 2005 06:20:54 backupconfig.cfg

 26 5124096    Feb 20 2005 08:49:28 cdisk1

 27 5124096    Mar 01 2005 17:59:56 cdisk2

 28 2074       Jan 13 2005 08:13:26 test11.cfg

 29 5124096    Mar 07 2005 19:56:58 cdisk3

 30 1276       Jan 28 2005 08:31:58 lead

 31 7756788    Feb 24 2005 12:59:46 asdmfile.dbg

 32 7579792    Mar 08 2005 11:06:56 asdmfile1.dbg

 33 7764344    Mar 04 2005 12:17:46 asdmfile2.dbg

 34 5124096    Feb 24 2005 11:50:50 cdisk4

 35 15322      Mar 04 2005 12:30:24 hs_err.log

10170368 bytes available (52711424 bytes used)

The following is sample output from the show disk filesys command:

hostname# show disk filesys

******** Flash Card Geometry/Format Info ********

COMPACT FLASH CARD GEOMETRY

   Number of Heads:            4

   Number of Cylinders       978

   Sectors per Cylinder       32

   Sector Size               512

   Total Sectors          125184

COMPACT FLASH CARD FORMAT

   Number of FAT Sectors      61

   Sectors Per Cluster         8

   Number of Clusters      15352

   Number of Data Sectors 122976

   Base Root Sector          123

   Base FAT Sector             1

   Base Data Sector          155

Related Commands

Command	Description
dir	Displays the directory contents.
show flash	Displays the contents of the internal Flash memory for the PIX security appliance only.

show dns-hosts

To show the DNS cache, use the show dns-hosts command in privileged EXEC mode.The DNS cache includes dynamically learned entries from a DNS server as well as manually entered name and IP addresses using the name command.

show dns-hosts

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

See the "Examples" section for a description of the display output.

Examples

The following is sample output from the show dns-hosts command:

hostname# show dns-hosts

Host                       Flags      Age Type   Address(es)

ns2.example.com            (temp, OK) 0    IP    10.102.255.44

ns1.example.com            (temp, OK) 0    IP    192.168.241.185

snowmass.example.com       (temp, OK) 0    IP    10.94.146.101

server.example.com         (temp, OK) 0    IP    10.94.146.80

Table 11 shows each field description.

Table 26-1 show dns-hosts Fields 

Field	Description
Host	Shows the hostname.
Flags	Shows the entry status, as a combination of the following: •temp—This entry is temporary because it comes from a DNS server. The security appliance removes this entry after 72 hours of inactivity. •perm—This entry is permanent because it was added with the name command. •OK—This entry is valid. •??—This entry is suspect and needs to be revalidated. •EX—This entry is expired.
Age	Shows the number of hours since this entry was last referenced.
Type	Shows the type of DNS record; this value is always IP.
Address(es)	The IP addresses.

Related Commands

Command	Description
clear dns-hosts	Clears the DNS cache.
dns domain-lookup	Enables the security appliance to perform a name lookup.
dns name-server	Configures a DNS server address.
dns retries	Specifies the number of times to retry the list of DNS servers when the security appliance does not receive a response.
dns timeout	Specifies the amount of time to wait before trying the next DNS server.

show failover

To display information about the failover status of the unit, use the show failover command in privileged EXEC mode.

show failover [group num | history | interface | state | statistics]

Syntax Description

group	Displays the running state of the specified failover group.
history	Displays failover history. The failover history displays past failover state changes and the reason for the state change. History information is cleared with the device is rebooted.
interface	Displays failover command and stateful link information.
num	Failover group number.
state	Displays the failover state of both failover units. The information displayed includes the primary or secondary status of the unit, the Active/Standby status of the unit, and the last reported reason for failover. The fail reason remains in the output even when the reason for failure is cleared.
statistics	Displays transmit and receive packet count of failover command interface.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was modified. The output includes additional information.

Usage Guidelines

The show failover command displays the dynamic failover information, interface status, and Stateful Failover statistics. The Stateful Failover Logical Update Statistics output appears only when Stateful Failover is enabled. The "xerr" and "rerr" values do not indicate errors in failover, but rather the number of packet transmit or receive errors.

---

Note Stateful Failover, and therefore Stateful Failover statistics output, is not available on the ASA 5505 series adaptive security appliance.

---

In the show failover command output, the Stateful Failover fields have the following values:

•Stateful Obj has these values:

–xmit—Indicates the number of packets transmitted.

–xerr—Indicates the number of transmit errors.

–rcv—Indicates the number of packets received.

–rerr—Indicates the number of receive errors.

•Each row is for a particular object static count as follows:

–General—Indicates the sum of all stateful objects.

–sys cmd—Refers to the logical update system commands, such as login or stay alive.

–up time—Indicates the value for the security appliance up time, which the active security appliance passes on to the standby security appliance.

–RPC services—Remote Procedure Call connection information.

–TCP conn—Dynamic TCP connection information.

–UDP conn—Dynamic UDP connection information.

–ARP tbl—Dynamic ARP table information.

–Xlate_Timeout—Indicates connection translation timeout information.

–VPN IKE upd—IKE connection information.

–VPN IPSEC upd—IPSec connection information.

–VPN CTCP upd—cTCP tunnel connection information.

–VPN SDI upd—SDI AAA connection information.

–VPN DHCP upd—Tunneled DHCP connection information.

If you do not enter a failover IP address, the show failover command displays 0.0.0.0 for the IP address, and monitoring of the interfaces remain in a "waiting" state. You must set a failover IP address for failover to work.

Table 26-2 describes the interface states for failover.

Table 26-2 Failover Interface States 

State	Description
Normal	The interface is up and receiving hello packets from the corresponding interface on the peer unit.
Normal (Waiting)	The interface is up but has not yet received a hello packet from the corresponding interface on the peer unit. Verify that a standby IP address has been configured for the interface and that there is connectivity between the two interfaces.
Normal (Not-Monitored)	The interface is up but is not monitored by the failover process. The failure of an interface that is not monitored does not trigger failover.
No Link	The physical link is down.
No Link (Waiting)	The physical link is down and the interface has not yet received a hello packet from the corresponding interface on the peer unit. After restoring the link, verify that a standby IP address has been configured for the interface and that there is connectivity between the two interfaces.
No Link (Not-Monitored)	The physical link is down but is not monitored by the failover process. The failure of an interface that is not monitored does not trigger failover.
Link Down	The physical link is up, but the interface is administratively down.
Link Down (Waiting)	The physical link is up, but the interface is administratively down and the interface has not yet received a hello packet from the corresponding interface on the peer unit. After bringing the interface up (using the no shutdown command in interface configuration mode), verify that a standby IP address has been configured for the interface and that there is connectivity between the two interfaces.
Link Down (Not-Monitored)	The physical link is up, but the interface is administratively down but is not monitored by the failover process. The failure of an interface that is not monitored does not trigger failover.
Testing	The interface is in testing mode due to missed hello packets from the corresponding interface on the peer unit.
Failed	Interface testing has failed and the interface is marked as failed. If the interface failure causes the failover criteria to be met, then the interface failure causes a failover to the secondary unit or failover group.

In multiple configuration mode, only the show failover command is available in a security context; you cannot enter the optional keywords.

Examples

The following is sample output from the show failover command for Active/Standby Failover. The security appliances are ASA 5500 series adaptive security appliances, each equipped with a CSC SSM as shown in the details for slot 1 of each security appliance.

hostname# show failover

Failover On

Cable status: N/A - LAN-based failover enabled 

Failover unit Primary 

Failover LAN Interface: fover Ethernet2 (up) 

Unit Poll frequency 1 seconds, holdtime 3 seconds 

Interface Poll frequency 15 seconds 

Interface Policy 1 

Monitored Interfaces 2 of 250 maximum 

failover replication http 

Last Failover at: 22:44:03 UTC Dec 8 2004

        This host: Primary - Active 

                Active time: 13434 (sec)

                slot 0: ASA5520 hw/sw rev (1.0/7.1(0)10) status (Up Sys)

                  Interface inside (10.130.9.3): Normal 

                  Interface outside (10.132.9.3): Normal 

                slot 1: ASA-SSM-20 hw/sw rev (1.0/CSC-SSM 5.0 (Build#1176)) status (Up/Up)

                  Logging port IP: 10.0.0.3/24

                  CSC-SSM, 5.0 (Build#1176)

        Other host: Secondary - Standby Ready 

                Active time: 0 (sec)

                slot 0: ASA5520 hw/sw rev (1.0/7.1(0)10) status (Up Sys)

                  Interface inside (10.130.9.4): Normal 

                  Interface outside (10.132.9.4): Normal 

                slot 1: ASA-SSM-20 hw/sw rev (1.0/CSC-SSM 5.0 (Build#1176)) status (Up/Up)

                  Logging port IP: 10.0.0.4/24

                  CSC-SSM, 5.0 (Build#1176)

Stateful Failover Logical Update Statistics

        Link : fover Ethernet2 (up)

        Stateful Obj    xmit       xerr       rcv        rerr      

        General         0          0          0          0         

        sys cmd         1733       0          1733       0         

        up time         0          0          0          0         

        RPC services    0          0          0          0         

        TCP conn        6          0          0          0         

        UDP conn        0          0          0          0         

        ARP tbl         106        0          0          0         

        Xlate_Timeout   0          0          0          0

        VPN IKE upd     15         0          0          0

        VPN IPSEC upd   90         0          0          0

        VPN CTCP upd    0          0          0          0

        VPN SDI upd     0          0          0          0

        VPN DHCP upd    0          0          0          0

        Logical Update Queue Information

                        Cur     Max     Total

        Recv Q:         0       2       1733

        Xmit Q:         0       2       15225

The following is sample output from the show failover command for Active/Active Failover:

hostname# show failover

Failover On

Failover unit Primary

Failover LAN Interface: third GigabitEthernet0/2 (up) 

Unit Poll frequency 1 seconds, holdtime 15 seconds