Table Of Contents

packet-tracer through pwd Commands

packet-tracer

page style

pager

parameters

participate

passive-interface

passive-interface (EIGRP)

passwd

password (crypto ca trustpoint)

password-management

password-parameter

password-prompt

password-storage

peer-id-validate

perfmon

periodic

permit errors

permit response

pfs

phone-proxy

pim

pim accept-register

pim bidir-neighbor-filter

pim dr-priority

pim hello-interval

pim join-prune-interval

pim neighbor-filter

pim old-register-checksum

pim rp-address

pim spt-threshold infinity

ping

police

policy

policy-map

policy-map type inspect

policy-server-secret

polltime interface

pop3s

port

port-forward

port-forward-name

port-object

post-max-size

pppoe client route distance

pppoe client route track

pppoe client secondary

preempt

prefix-list

prefix-list description

prefix-list sequence-number

pre-shared-key

primary

priority

priority (vpn load balancing)

priority-queue

privilege

prompt

protocol-enforcement

protocol http

protocol ldap

protocol scep

protocol-object

protocol-violation

proxy-bypass

proxy-ldc-issuer

proxy-server

publish-crl

pwd

packet-tracer through pwd Commands

---

packet-tracer

To enable packet tracing capabilities for packet sniffing and network fault isolation, use the packet-tracer commandin privileged EXEC configuration mode. To disable packet capture capabilities, use the no form of this command.

packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]

no packet-tracer

Syntax Description

input src_int	Specifies the source interface for the packet trace.
protocol	Specifies the protocol type for the packet trace. Available protocol type keywords are icmp, rawip, tcp or udp.
src_addr	Specifies the source address for the packet trace.
src_port	Specifies the source port for the packet trace.
dest_addr	Specifies the destination address for the packet trace.
dest_port	Specifies the destination port for the packet trace.
detailed	(Optional) Provides detailed packet trace information.
xml	(Optional) Displays the trace capture in XML format.

Defaults

This command has no default settings.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Priveleged EXEC mode	•	—	•	•	•

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

In addition to capturing packets, it is possible to trace the lifespan of a packet through the security appliance to see if it is behaving as expected. The packet-tracer command lets you do the following:

•Debug all packet drops in production network.

•Verify the configuration is working as intended.

•Show all rules applicable to a packet along with the CLI lines which caused the rule addition.

•Show a time line of packet changes in a data path.

•Inject tracer packets into the data path.

The packet-tracer command provides detailed information about the packets and how they are processed by the security appliance. In the instance that a command from the configuration did not cause the packet to drop, the packet-tracer command will provide information about the cause in an easily readable manner. For example if a packet was dropped because of an invalid header validation, a message is displayed that says, "packet dropped due to bad ip header (reason)."

Examples

To enable packet tracing from inside host 10.2.25.3 to external host 209.165.202.158 with detailed information, enter the following:

hostname# packet-tracer input inside tcp 10.2.25.3 www 209.165.202.158 aol detailed

Related Commands

Command	Description
capture	Captures packet information, including trace packets.
show capture	Displays the capture configuration when no options are specified.

page style

To customize the WebVPN page displayed to WebVPN users when they connect to the security appliance, use the page style command in webvpn customization configuration mode. To remove the command from the configuration and cause the value to be inherited, use the no form of this command.

page style value

[no] page style value

Syntax Description

value

Cascading Style Sheet (CSS) parameters (maximum 256 characters).

Defaults

The default page style is background-color:white;font-family:Arial,Helv,sans-serif

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Webvpn customization configuration	•	—	•	—	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Usage Guidelines

The style option is expressed as any valid Cascading Style Sheet (CSS) parameters. Describing these parameters is beyond the scope of this document. For more information about CSS parameters, consult CSS specifications at the World Wide Web Consortium (W3C) website at www.w3.org. Appendix F of the CSS 2.1 Specification contains a convenient list of CSS parameters, and is available at www.w3.org/TR/CSS21/propidx.html.

Here are some tips for making the most common changes to the WebVPN pages—the page colors:

•You can use a comma-separated RGB value, an HTML color value, or the name of the color if recognized in HTML.

•RGB format is 0,0,0, a range of decimal numbers from 0 to 255 for each color (red, green, blue); the comma separated entry indicates the level of intensity of each color to combine with the others.

•HTML format is #000000, six digits in hexadecimal format; the first and second represent red, the third and fourth green, and the fifth and sixth represent blue.

---

Note To easily customize the WebVPN pages, we recommend that you use ASDM, which has convenient features for configuring style elements, including color swatches and preview capabilities.

---

Examples

The following example customizes the page style to large:

F1-asa1(config)# webvpn

F1-asa1(config-webvpn)# customization cisco

F1-asa1(config-webvpn-custom)# page style font-size:large

Related Commands

Command	Description
logo	Customizes the logo on the WebVPN page.
title	Customizes the title of the WebVPN page

pager

To set the default number of lines on a page before the "---more---" prompt appears for Telnet sessions, use the pager command in global configuration mode.

pager [lines] lines

Syntax Description

[lines] lines

Sets the number of lines on a page before the "---more---" prompt appears. The default is 24 lines; 0 means no page limit. The range is 0 through 2147483647 lines. The lines keyword is optional and the command is the same with or without it.

Defaults

The default is 24 lines.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from a privileged EXEC mode command to a global configuration mode command. The terminal pager command was added as the privileged EXEC mode command.

Usage Guidelines

This command changes the default pager line setting for Telnet sessions. If you want to temporarily change the setting only for the current session, use the terminal pager command.

If you Telnet to the admin context, then the pager line setting follows your session when you change to other contexts, even if the pager command in a given context has a different setting. To change the current pager setting, enter the terminal pager command with a new setting, or you can enter the pager command in the current context. In addition to saving a new pager setting to the context configuration, the pager command applies the new setting to the current Telnet session.

Examples

The following example changes the number of lines displayed to 20:

hostname(config)# pager 20

Related Commands

Command	Description
clear configure terminal	Clears the terminal display width setting.
show running-config terminal	Displays the current terminal settings.
terminal	Allows system log messsages to display on the Telnet session.
terminal pager	Sets the number of lines to display in a Telnet session before the "---more---" prompt. This command is not saved to the configuration.
terminal width	Sets the terminal display width in global configuration mode.

parameters

To enter parameters configuration mode to set parameters for an inspection policy map, use the parameters command in policy-map configuration mode.

parameters

Syntax Description

This command has no arguments or keywords.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Policy-map configuration	•	•	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

Modular Policy Framework lets you configure special actions for many application inspections. When you enable an inspection engine using the inspect command in the Layer 3/4 policy map (the policy-map command), you can also optionally enable actions as defined in an inspection policy map created by the policy-map type inspect command. For example, enter the inspect dns dns_policy_map command where dns_policy_map is the name of the inspection policy map.

An inspection policy map may support one or more parameters commands. Parameters affect the behavior of the inspection engine. The commands available in parameters configuration mode depend on the application.

Examples

The following example shows how to set the maximum message length for DNS packets in the default inspection policy map:

hostname(config)# policy-map type inspect dns preset_dns_map

hostname(config-pmap)# parameters

hostname(config-pmap-p)# message-length maximum 512

Related Commands

Command	Description
class	Identifies a class map name in the policy map.
class-map type inspect	Creates an inspection class map to match traffic specific to an application.
policy-map	Creates a Layer 3/4 policy map.
show running-config policy-map	Display all current policy map configurations.

participate

To force the device to participate in the virtual load-balancing cluster, use the participate command in VPN load-balancing configuration mode. To remove a device from participation in the cluster, use the no form of this command.

participate

no participate

Syntax Description

This command has no arguments or keywords.

Defaults

The default behavior is that the device does not participate in the vpn load-balancing cluster.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
VPN load-balancing configuration	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

You must first configure the interface using the interface and nameif commands, and use the vpn load-balancing command to enter VPN load-balancing mode. You must also have previously configured the cluster IP address using the cluster ip command and configured the interface to which the virtual cluster IP address refers.

This command forces this device to participate in the virtual load-balancing cluster. You must explicitly issue this command to enable participation for a device.

All devices that participate in a cluster must share the same cluster-specific values: ip address, encryption settings, encryption key, and port.

---

Note When using encryption, you must have previously configured the command isakmp enable inside, where inside designates the load-balancing inside interface. If isakmp is not enabled on the load-balancing inside interface, you get an error message when you try to configure cluster encryption.

If isakmp was enabled when you configured the cluster encryption command, but was disabled before you configured the participate command, you get an error message when you enter the participate command, and the local device will not participate in the cluster.

---

Examples

The following is an example of a VPN load-balancing command sequence that includes a participate command that enables the current device to participate in the vpn load-balancing cluster:

hostname(config)# interface GigabitEthernet 0/1

hostname(config-if)# ip address 209.165.202.159 255.255.255.0

hostname(config)# nameif test

hostname(config)# interface GigabitEthernet 0/2

hostname(config-if)# ip address 209.165.201.30 255.255.255.0

hostname(config)# nameif foo

hostname(config)# vpn load-balancing

hostname(config-load-balancing)# interface lbpublic test

hostname(config-load-balancing)# interface lbprivate foo

hostname(config-load-balancing)# cluster ip address 209.165.202.224

hostname(config-load-balancing)# participate

Related Commandshostname(config-load-balancing)# participate

Command	Description
vpn load-balancing	Enter VPN load-balancing mode.

passive-interface

To disable the transmission of RIP routing updates on an interface, use the passive-interface command in router configuration mode. To reenable RIP routing updates on an interface, use the no form of this command.

passive-interface {default | if_name}

no passive-interface {default | if_name}

Syntax Description

default	(Optional) Set all interfaces to passive mode.
if_name	(Optional) Sets the specified interface to passive mode.

Defaults

All interfaces are enabled for active RIP when RIP is enabled.

If an interface or the default keyword is not specified, the commands defaults to default and appears in the configuration as passive-interface default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Router configuration	•	—	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

Enables passive RIP on the interface. The interface listens for RIP routing broadcasts and uses that information to populate the routing tables but does not broadcast routing updates.

Examples

The following example sets the outside interface to passive RIP. The other interfaces on the security appliance send and receive RIP updates.

hostname(config)# router rip

hostname(config-router)# network 10.0.0.0

hostname(config-router)# passive-interface outside

Related Commands

Command	Description
clear configure rip	Clears all RIP commands from the running configuration.
router rip	Enables the RIP routing process and enters RIP router configuration mode.
show running-config rip	Displays the RIP commands in the running configuration.

passive-interface (EIGRP)

To disable the sending and receiving of EIGRP routing updates on an interface, use the passive-interface command in router configuration mode. To reenable routing updates on an interface, use the no form of this command.

passive-interface {default | if_name}

no passive-interface {default | if_name}

Syntax Description

default	(Optional) Set all interfaces to passive mode.
if_name	(Optional) The name of the interface, as specified by the nameif command, to passive mode.

Defaults

All interfaces are enabled for active routing (sending and receiving routing updates) when routing is enabled for that interface.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Router configuration	•	—	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.
8.0(2)	Support for EIGRP routing was added.

Usage Guidelines

Enables passive routing on the interface. For EIGRP, this disables the transmission and reception of routing updates on that interface.

You can have more than one passive-interface command in the EIGRP configuration. You can use the passive-interface default command to disable EIGRP routing on all interfaces, and then use the no passive-interface command to enable EIGRP routing on specific interfaces.

Examples

The following example sets the outside interface to passive EIGRP. The other interfaces on the security appliance send and receive EIGRP updates.

hostname(config)# router eigrp 100

hostname(config-router)# network 10.0.0.0

hostname(config-router)# passive-interface outside

The following example sets all interfaces except the inside interface to passive EIGRP. Only the inside interface will send and receive EIGRP updates.

hostname(config)# router eigrp 100

hostname(config-router)# network 10.0.0.0

hostname(config-router)# passive-interface default

hostname(config-router)# no passive-interface inside

Related Commands

Command	Description
show running-config router	Displays the router configuration commands in the running configuration.

passwd

To set the login password, use the passwd command in global configuration mode. To set the password back to the default of "cisco," use the no form of this command. You are prompted for the login password when you access the CLI as the default user using Telnet or SSH. After you enter the login password, you are in user EXEC mode.

{passwd | password} password [encrypted]

no {passwd | password} password

Syntax Description

encrypted	(Optional) Specifies that the password is in encrypted form. The password is saved in the configuration in encrypted form, so you cannot view the original password after you enter it. If for some reason you need to copy the password to another security appliance but do not know the original password, you can enter the passwd command with the encrypted password and this keyword. Normally, you only see this keyword when you enter the show running-config passwd command.
passwd | password	You can enter either command; they are aliased to each other.
password	Sets the password as a case-sensitive string of up to 80 characters. The password must not contains spaces.

Defaults

The default password is "cisco."

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

This login password is for the default user. If you configure CLI authentication per user for Telnet or SSH using the aaa authentication console command, then this password is not used.

Examples

The following example sets the password to Pa$$w0rd:

hostname(config)# passwd Pa$$w0rd

The following example sets the password to an encrypted password that you copied from another security appliance:

hostname(config)# passwd jMorNbK0514fadBh encrypted

Related Commands

Command	Description
clear configure passwd	Clears the login password.
enable	Enters privileged EXEC mode.
enable password	Sets the enable password.
show curpriv	Shows the currently logged in username and the user privilege level.
show running-config passwd	Shows the login password in encrypted form.

password (crypto ca trustpoint)

To specify a challenge phrase that is registered with the CA during enrollment, use the password command in crypto ca trustpoint configuration mode. The CA typically uses this phrase to authenticate a subsequent revocation request. To restore the default setting, use the no form of the command.

password string

no password

Syntax Description

string

Specifies the name of the password as a character string. The first character cannot be a number. The string can contain any alphanumeric characters, including spaces, up to 80 characters. You cannot specify the password in the format number-space-anything. The space after the number causes problems. For example, "hello 21" is a legal password, but "21 hello" is not. The password checking is case sensitive. For example, the password "Secret" is different from the password "secret".

Defaults

The default setting is to not include a password.

Command Modes

The following table shows the modes in which you can enter the

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Crypto ca trustpoint configuration	•	•	•	•	•

command:

Command History

Release	Modification
7.0	This command was introduced.

Usage Guidelines

This command lets you specify the revocation password for the certificate before actual certificate enrollment begins. The specified password is encrypted when the updated configuration is written to NVRAM by the security appliance.

If this command is enabled, you will not be prompted for a password during certificate enrollment.

Examples

The following example enters crypto ca trustpoint configuration mode for trustpoint central, and includes a challenge phrase registered with the CA in the enrollment request for trustpoint central:

hostname(config)# crypto ca trustpoint central

hostname(ca-trustpoint)# password zzxxyy

Related Commands

Command	Description
crypto ca trustpoint	Enters trustpoint configuration mode.
default enrollment	Returns enrollment parameters to their defaults.

password-management

To enable password management, use the password-management command in tunnel-group general-attributes configuration mode. To disable password management, use the no form of this command. To reset the number of days to the default value, use the no form of the command with the password-expire-in-days keyword specified.

password-management [password-expire-in-days days]

no password-management

no password-management password-expire-in-days [days]

Syntax Description

days	Specifies the number of days (0 through 180) before the current password expires. This parameter is required if you specify the password-expire-in-days keyword.
password-expire-in- days	(Optional) Indicates that the immediately following parameter specifies the number of days before the current password expires that the security appliance starts warning the user about the pending expiration. This option is valid only for LDAP servers. See the Usage Notes section for more information.

Defaults

If you do not specify this command, no password management occurs. If you do not specify the password-expire-in-days keyword, the default length of time to start warning before the current password expires is 14 days.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Tunnel-group general-attributes configuration	•	—	•	—	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Usage Guidelines

The security appliance supports password management for the RADIUS and LDAP protocols. It supports the "password-expire-in-days" option for LDAP only.

You can configure password management for IPSec remote access and SSL VPN tunnel-groups.

When you configure the password-management command, the security appliance notifies the remote user at login that the user's current password is about to expire or has expired. The security appliance then offers the user the opportunity to change the password. If the current password has not yet expired, the user can still log in using that password.

This command is valid for AAA servers that support such notification. The security appliance ignores this command if RADIUS or LDAP authentication has not been configured.

---

Note Some RADIUS servers that support MSCHAP currently do not support MSCHAPv2. This command requires MSCHAPv2 so please check with your vendor.

---

The security appliance, releases 7.1 and later, generally supports password management for the following connection types when authenticating with LDAP or with any RADIUS configuration that supports MS-CHAPv2:

•AnyConnect VPN Client

•IPSec VPN Client

•Clientless SSL VPN

Password management is not supported for any of these connection types for Kerberos/Active Directory (Windows password) or NT 4.0 Domain. The RADIUS server (for example, Cisco ACS) could proxy the authentication request to another authentication server. However, from the security appliance perspective, it is talking only to a RADIUS server.

---

Note For LDAP, the method to change a password is proprietary for the different LDAP servers on the market. Currently, the security appliance implements the proprietary password management logic only for Microsoft Active Directory and Sun LDAP servers.

---

Native LDAP requires an SSL connection. You must enable LDAP over SSL before attempting to do password management for LDAP. By default, LDAP uses port 636.

Note that this command does not change the number of days before the password expires, but rather, the number of days ahead of expiration that the security appliance starts warning the user that the password is about to expire.

If you do specify the password-expire-in-days keyword, you must also specify the number of days.

Specifying this command with the number of days set to 0 disables this command. The security appliance does not notify the user of the pending expiration, but the user can change the password after it expires.

Examples

The following example sets the days before password expiration to begin warning the user of the pending expiration to 90 for the WebVPN tunnel group "testgroup":

hostname(config)# tunnel-group testgroup type webvpn

hostname(config)# tunnel-group testgroup general-attributes

hostname(config-tunnel-general)# password-management password-expire-in-days 90

hostname(config-tunnel-general)# 

The following example uses the default value of 14 days before password expiration to begin warning the user of the pending expiration for the IPSec remote access tunnel group "QAgroup":

hostname(config)# tunnel-group QAgroup type ipsec-ra

hostname(config)# tunnel-group QAgroup general-attributes

hostname(config-tunnel-general)# password-management

hostname(config-tunnel-general)# 

Related Commands

Command	Description
clear configure passwd	Clears the login password.
passwd	Sets the login password.
radius-with-expiry	Enables negotiation of password update during RADIUS authentication (Deprecated).
show running-config passwd	Shows the login password in encrypted form.
tunnel-group general-attributes	Configures the tunnel-group general-attributes values.

password-parameter

To specify the name of the HTTP POST request parameter in which a user password must be submitted for SSO authentication, use the password-parameter command in aaa-server- host configuration mode. This is an SSO with HTTP Forms command.

password-parameter string

---

Note To configure SSO with the HTTP protocol correctly, you must have a thorough working knowledge of authentication and HTTP protocol exchanges.

---

Syntax Description

Syntax DescriptionSyntax Description

string

The name of the password parameter included in the HTTP POST request. The maximum password length is 128 characters.

Defaults

There is no default value or behavior.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Aaa-server-host configuration	•	—	•	—	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Usage Guidelines

The WebVPN server of the security appliance uses an HTTP POST request to submit a single sign-on authentication request to an authenticating web server. The required command password-parameter specifies that the POST request must include a user password parameter for SSO authentication.

---

Note At login, the user enters the actual password value which is entered into the POST request and passed on to the authenticating web server.

---

Examples

The following example, entered in aaa-server-host configuration mode, specifies a password parameter named user_password:

hostname(config)# aaa-server testgrp1 host example.com

hostname(config-aaa-server-host)# password-parameter user_password

Related Commands

Command	Description
action-uri	Specifies a web server URI to receive a username and password for single sign-on authentication.
auth-cookie-name	Specifies a name for the authentication cookie.
hidden-parameter	Creates hidden parameters for exchange with the authenticating web server.
start-url	Specifies the URL at which to retrieve a pre-login cookie.
user-parameter	Specifies the name of the HTTP POST request parameter in which a username must be submitted for SSO authentication.

password-prompt

To customize the password prompt of the WebVPN page login box that is displayed to WebVPN users when they connect to the security appliance, use the password-prompt command from webvpn customization mode:

password-prompt {text | style} value

[no] password-prompt {text | style} value

To remove the command from the configuration and cause the value to be inherited, use the no form of the command.

Syntax Description

text	Specifies you are changing the text.
style	Specifies you are changing the style.
value	The actual text to display (maximum 256 characters), or Cascading Style Sheet (CSS) parameters (maximum 256 characters).

Defaults

The default text of the password prompt is "PASSWORD:".

The default style of the password prompt is color:black;font-weight:bold;text-align:right.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Webvpn customization	•	—	•	—	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Usage Guidelines

The style option is expressed as any valid Cascading Style Sheet (CSS) parameters. Describing these parameters is beyond the scope of this document. For more information about CSS parameters, consult CSS specifications at the World Wide Web Consortium (W3C) website at www.w3.org. Appendix F of the CSS 2.1 Specification contains a convenient list of CSS parameters, and is available at www.w3.org/TR/CSS21/propidx.html.

Here are some tips for making the most common changes to the WebVPN pages—the page colors:

•You can use a comma-separated RGB value, an HTML color value, or the name of the color if recognized in HTML.

•RGB format is 0,0,0, a range of decimal numbers from 0 to 255 for each color (red, green, blue); the comma separated entry indicates the level of intensity of each color to combine with the others.

•HTML format is #000000, six digits in hexadecimal format; the first and second represent red, the third and fourth green, and the fifth and sixth represent blue.

---

Note To easily customize the WebVPN pages, we recommend that you use ASDM, which has convenient features for configuring style elements, including color swatches and preview capabilities.

---

Examples

In the following example, the text is changed to "Corporate Password:", and the default style is changed with the font weight increased to bolder:

F1-asa1(config)# webvpn

F1-asa1(config-webvpn)# customization cisco

F1-asa1(config-webvpn-custom)# password-prompt text Corporate Username:

F1-asa1(config-webvpn-custom)# password-prompt style font-weight:bolder

Re