-
Cisco Security Appliance Command Reference, Version 7.2
-
About this Guide
-
Using the Command Line Interface
-
aaa accounting command through accounting-server-group Commands
-
acl-netmask-convert through auto-update timeout Commands
-
backup interface through browse networks Commands
-
cache through clear compression Commands
-
clear conn through clear configure vpn-load-balancing Commands
-
clear console-output through clear xlate Commands
-
client-access-rule through crl-configure Commands
-
crypto ca authenticate through customization Commands
-
ddns through debug xdmcp Commands
-
default through duplex Commands
-
email through functions Commands
-
gateway through hw-module module shutdown Commands
-
icmp through imap4s Commands
-
inspect ctiqbe through inspect xdmcp Commands
-
intercept-dhcp through issuer-name Commands
-
java-trustpoint through kill Commands
-
l2tp tunnel hello through log-adj-changes Commands
-
logging asdm through logout message Commands
-
mac-address through multicast-routing Commands
-
name through override-account-disable Commands
-
packet-tracer through pwd Commands
-
queue-limit through router rip Commands
-
same-security-traffic through show asdm sessions Commands
-
show asp drop through show curpriv Commands
-
show ddns through show ipv6 traffic Commands
-
show isakmp sa through show route Commands
-
show running-config through show running-config isakmp Commands
-
show running-config ldap through show running-config webvpn auto-signon Commands
-
show service-policy through show xlate Commands
-
shun through sysopt radius ignore-secret Commands
-
tcp-map through tx-ring-limit Commands
-
urgent-flag through write terminal Commands
-
Table Of Contents
show running-config through show running-config isakmp Commands
show running-config aaa-server
show running-config aaa-server host
show running-config access-group
show running-config access-list
show running-config arp timeout
show running-config arp-inspection
show running-config auth-prompt
show running-config client-update
show running-config command-alias
show running-config compression
show running-config console timeout
show running-config crypto dynamic-map
show running-config crypto ipsec
show running-config crypto isakmp
show running-config crypto map
show running-config dhcp-client
show running-config dns server-group
show running-config domain-name
show running-config established
show running-config group-delimiter
show running-config group-policy
show running-config ip address
show running-config ip audit attack
show running-config ip audit info
show running-config ip audit interface
show running-config ip audit name
show running-config ip audit signature
show running-config ip local pool
show running-config ip verify reverse-path
show running-config through show running-config isakmp Commands
show running-config aaa
To show the AAA configuration in the running configuration, use the show running-config aaa command in privileged EXEC mode.
show running-config aaa [ accounting | authentication | authorization | mac-exempt | proxy-limit ]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show running-config aaa command:
hostname# show running-config aaaaaa authentication match infrastructure_authentication_radiusvrs infrastructure radiusvrsaaa accounting match infrastructure_authentication_radiusvrs infrastructure radiusvrsaaa authentication secure-http-clientaaa local authentication attempts max-fail 16hostname#Related Commands
show running-config aaa-server
To display AAA server configuration, use the show running-config aaa-server command in privileged EXEC mode.
show running-config [all] aaa-server [server-tag] [(interface-name)] [host hostname]
Syntax Description
Defaults
Omitting the server-tag value displays the configurations for all AAA servers.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
Use this command to display the settings for a particular server group. Use the all parameter to display the default as well as the explicitly configured values.
Examples
To display the running configuration for the default AAA server group, use the following command:
hostname(config)# show running-config default aaa-serveraaa-server group1 protocol tacacs+ accounting-mode simultaneousreactivation-mode depletion deadtime 10
max-failed-attempts 4
hostname(config)#
Related Commands
show aaa-server
Displays AAA server statistics.
clear configure aaa-server
Clears the AAA server configuration.
show running-config aaa-server host
To display AAA server statistics for a particular server, use the show running-config aaa-server command in global configuration or privileged EXEC mode.
show/clear aaa-server
show running-config [all] aaa-server server-tag [(interface-name)] host hostname
Syntax Description
all
(Optional) Shows the running configuration, including default configuration values.
server-tag
The symbolic name of the server group.
Defaults
Omitting the default keyword displays only the explicitly configured configuration values, not the default values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Global configuration
•
•
—
—
•
Command History
Usage Guidelines
Use this command to display the statistics for a particular server group. Use the default parameter to display the default as well as the explicitly configured values.
Examples
To display the running configuration for the server group svrgrp1, use the following command:
hostname(config)# show running-config default aaa-server svrgrp1hostname(config)#Related Commands
show running-config access-group
To display the access group information, use the show running-config access-group command in privileged EXEC mode.
show running-config access-group
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show running-config access-group command:
hostname# show running-config access-groupaccess-group 100 in interface outsideRelated Commands
access-group
Binds an access list to an interface.
clear configure access-group
Removes access groups from all the interfaces.
show running-config access-list
To display the access-list configuration that is running on the security appliance, use the show running-config access-list command in privileged EXEC mode.
show running-config [default] access-list [alert-interval | deny-flow-max]
show running-config [default] access-list id [saddr_ip]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The show running-config access-list command allows you to display the current running access list configuration on the security appliance.
Examples
The following is sample output from the show running-config access-list command:
hostname# show running-config access-listaccess-list allow-all extended permit ip any anyRelated Commands
show running-config all
To display the entire operating configuration, including defaults, that is running on the security appliance, use the show running-config all command in privileged EXEC mode.
show running-config all [command]
Syntax Description
Defaults
If no arguments or keywords are specified, the entire non-default security appliance configuration displays.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show running-config all command displays the current running configuration on the security appliance.
Note
Examples
This example show how to display the configuration that is running on the security appliance:
hostname# show running-config all: Saved:XXX Version X.X(X)names!interface Ethernet0nameif testsecurity-level 10ip address 10.10.88.50 255.255.255.254!interface Ethernet1nameif insidesecurity-level 100ip address 10.86.194.176 255.255.254.0!interface Ethernet2shutdownno nameifsecurity-level 0no ip address!interface Ethernet3shutdownno nameifsecurity-level 0no ip address!interface Ethernet4shutdownno nameifsecurity-level 0no ip address!interface Ethernet5shutdownno nameifsecurity-level 0no ip address!enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptedhostname XXXdomain-name XXX.comboot system flash:/cdisk.binftp mode passivepager lines 24mtu test 1500mtu inside 1500monitor-interface testmonitor-interface insideASDM image flash:ASDMno ASDM history enablearp timeout 14400route inside 0.0.0.0 0.0.0.0 10.86.194.1 1timeout xlate 3:00:00timeout conn 2:00:00 half-closed 1:00:00 udp 0:02:00 icmp 1:00:00 rpc 1:00:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00timeout uauth 0:00:00 absolutehttp server enablehttp 0.0.0.0 0.0.0.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmpfragment size 200 testfragment chain 24 testfragment timeout 5 testfragment size 200 insidefragment chain 24 insidefragment timeout 5 insidetelnet 0.0.0.0 0.0.0.0 insidetelnet timeout 1440ssh timeout 5console timeout 0group-policy todd internal!class-map inspection_defaultmatch default-inspection-traffic!!policy-map xxx_global_fw_policyclass inspection_defaultinspect dnsinspect ftpinspect h323 h225inspect h323 rasinspect httpinspect ilsinspect mgcpinspect netbiosinspect rpcinspect rshinspect rtspinspect sipinspect skinnyinspect sqlnetinspect tftpinspect xdmcpinspect ctiqbeinspect cuseemeinspect icmp!terminal width 80service-policy xxx_global_fw_policy globalCryptochecksum:bfecf4b9d1b98b7e8d97434851f57e14: endRelated Commands
show running-config alias
To display the overlapping addresses with dual NAT commands in the configuration, use the show running-config alias command in privileged EXEC mode.
show running-config alias {interface_name}
Syntax Description
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
—
•
•
Command History
Examples
This example shows how to display alias information:
hostname# show running-config aliasRelated Commands
show running-config arp
To show static ARP entries created by the arp command in the running configuration, use the show running-config arp command in privileged EXEC mode.
show running-config arp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show running-config arp command:
hostname# show running-config arparp inside 10.86.195.11 0008.023b.9893Related Commands
show running-config arp timeout
To view the ARP timeout configuration in the running configuration, use the show running-config arp timeout command in privileged EXEC mode.
show running-config arp timeout
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show running-config arp timeout command:
hostname# show running-config arp timeoutarp timeout 20000 secondsRelated Commands
show running-config arp-inspection
To view the ARP inspection configuration in the running configuration, use the show running-config arp-inspection command in privileged EXEC mode.
show running-config arp-inspection
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
—
•
•
•
—
Command History
Examples
The following is sample output from the show running-config arp-inspection command:
hostname# show running-config arp-inspectionarp-inspection inside1 enable no-floodRelated Commands
show running-config asdm
To display the asdm commands in the running configuration, use the show running-config asdm command in privileged EXEC mode.
show running-config asdm [group | location]
Syntax Description
group
(Optional) Limits the display to the asdm group commands in the running configuration.
location
(Optional) Limits the display to the asdm location commands in the running configuration.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
7.0(1)
This command was changed from the show running-config pdm command to the show running-config asdm command.
Usage Guidelines
To remove the asdm commands from the configuration, use the clear configure asdm command.
Note
Examples
The following is sample output from the show running-configuration asdm command:
hostname# show running-config asdmasdm image flash:/ASDMasdm history enablehostname#Related Commands
show running-config auth-prompt
To displays the current authentication prompt challenge text, use the show running-config auth-prompt command in global configuration mode.
show running-config [default] auth-prompt
Syntax Description
Defaults
Display the configured authentication prompt challenge text.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
—
—
•
Command History
7.0(1)
This command was modified for this release to conform to CLI guidelines.
Usage Guidelines
After you configure the authentication prompt with the auth-prompt command, use the show running-config auth-prompt command to view the current prompt text.
Examples
The following example shows the output of the show running-config auth-prompt command:
hostname(config)# show running-config auth-promptauth-prompt prompt Please login:auth-prompt accept You're in!auth-prompt reject Try again.hostname(config)#Related Commands
auth-prompt
Set the user authorization prompts.
clear configure auth-prompt
Reset the user authorization prompts to the default value.
show running-config banner
To display the specified banner and all the lines that are configured for it, use the show running-config banner command in privileged EXEC mode.
show running-config banner [exec | login | motd]
Syntax Description
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show running-config banner command displays the specified banner keyword and all the lines configured for it. If a keyword is not specified, then all banners display.
Examples
This example shows how to display the message-of-the-day (motd) banner:
hostname# show running-config banner motdRelated Commands
show running-config class
To show the resource class configuration, use the show running-config class command in privileged EXEC mode.
show running-config class
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Examples
The following is sample output from the show running-config class command:
hostname# show running-config classclass defaultlimit-resource All 0limit-resource Mac-addresses 65535limit-resource ASDM 5limit-resource SSH 5limit-resource Telnet 5Related Commands
show running-config class-map
To display the information about the class map configuration, use the show running-config class-map command in privileged EXEC mode.
show running-config [all] class-map [class_map_name | type {management | regex | inspect [protocol]}]
Syntax Description
