Table Of Contents

show isakmp ipsec-over-tcp stats through show route Commands

show isakmp ipsec-over-tcp stats

show isakmp sa

show isakmp stats

show kernel process

show local-host

show logging

show logging rate-limit

show mac-address-table

show management-access

show memory

show memory binsize

show memory delayed-free-poisoner

show memory profile

show memory webvpn

show memory-caller address

show mfib

show mfib active

show mfib count

show mfib interface

show mfib reserved

show mfib status

show mfib summary

show mfib verbose

show mgcp

show mmp

show mode

show module

show mrib client

show mrib route

show mroute

show nac-policy

show nameif

show nat

show ntp associations

show ntp status

show ospf

show ospf border-routers

show ospf database

show ospf flood-list

show ospf interface

show ospf neighbor

show ospf request-list

show ospf retransmission-list

show ospf summary-address

show ospf virtual-links

show perfmon

show phone-proxy

show pim df

show pim group-map

show pim interface

show pim join-prune statistic

show pim neighbor

show pim range-list

show pim topology

show pim topology reserved

show pim topology route-count

show pim traffic

show pim tunnel

show power inline

show priority-queue statistics

show processes

show reload

show resource allocation

show resource types

show resource usage

show rip database

show route

show isakmp ipsec-over-tcp stats through show route Commands

---

show isakmp ipsec-over-tcp stats

To display runtime statistics for IPsec over TCP, use the show isakmp ipsec-over tcp stats command in global configuration mode or privileged EXEC mode.

show isakmp ipsec-over-tcp stats

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	The show isakmp ipsec-over-tcp stats command was introduced.
7.2(1)	The show isakmp ipsec-over-tcp stats command was deprecated. The show crypto isakmp ipsec-over-tcp stats command replaces it.

Usage Guidelines

The output from this command includes the following fields:

•Embryonic connections

•Active connections

•Previous connections

•Inbound packets

•Inbound dropped packets

•Outbound packets

•Outbound dropped packets

•RST packets

•Received ACK heart-beat packets

•Bad headers

•Bad trailers

•Timer failures

•Checksum errors

•Internal errors

Examples

The following example, issued in global configuration mode, displays ISAKMP statistics:

hostname(config)# show isakmp ipsec-over-tcp stats

Global IPSec over TCP Statistics

--------------------------------

Embryonic connections: 2

Active connections: 132

Previous connections: 146

Inbound packets: 6000

Inbound dropped packets: 30

Outbound packets: 0

Outbound dropped packets: 0

RST packets: 260

Received ACK heart-beat packets: 10

Bad headers: 0

Bad trailers: 0

Timer failures: 0

Checksum errors: 0

Internal errors: 0

hostname(config)# 

Related Commands

Command	Description
clear configure crypto isakmp	Clears all the ISAKMP configuration.
clear configure crypto isakmp policy	Clears all ISAKMP policy configuration.
clear crypto isakmp sa	Clears the IKE runtime SA database.
crypto isakmp enable	Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the security appliance.
show running-config crypto isakmp	Displays all the active ISAKMP configuration.

show isakmp sa

To display the IKE runtime SA database, use the show isakmp sa command in global configuration mode or privileged EXEC mode.

show isakmp sa [detail]

Syntax Description

detail

Displays detailed output about the SA database.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	The show isakmp sa command was introduced.
7.2(1)	This command was deprecated. The show crypto isakmp sa command replaces it.

Usage Guidelines

The output from this command includes the following fields:

IKE Peer	Type	Dir	Rky	State
209.165.200.225	L2L	Init	No	MM_Active

Detail not specified.

IKE Peer	Type	Dir	Rky	State	Encrypt	Hash	Auth	Lifetime
209.165.200.225	L2L	Init	No	MM_Active	3des	md5	preshrd	86400

Detail specified.

Examples

The following example, entered in global configuration mode, displays detailed information about the SA database:

hostname(config)# show isakmp sa detail

IKE Peer	  Type  Dir   Rky  State      Encrypt Hash  Auth    Lifetime

1 209.165.200.225 User  Resp  No   AM_Active  3des    SHA   preshrd 86400

IKE Peer	  Type  Dir   Rky  State      Encrypt Hash  Auth    Lifetime

2 209.165.200.226 User  Resp  No   AM_ACTIVE  3des    SHA   preshrd 86400

IKE Peer	  Type  Dir   Rky  State      Encrypt Hash  Auth    Lifetime

3 209.165.200.227 User  Resp  No   AM_ACTIVE  3des    SHA   preshrd 86400

IKE Peer	  Type  Dir   Rky  State      Encrypt Hash  Auth    Lifetime

4 209.165.200.228 User  Resp  No   AM_ACTIVE  3des    SHA   preshrd 86400

hostname(config)# 

Related Commands

Command	Description
clear configure isakmp	Clears all the ISAKMP configuration.
clear configure isakmp policy	Clears all ISAKMP policy configuration.
clear isakmp sa	Clears the IKE runtime SA database.
isakmp enable	Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the security appliance.
show running-config isakmp	Displays all the active ISAKMP configuration.

show isakmp stats

To display runtime statistics, use the show isakmp stats command in global configuration mode or privileged EXEC mode.

show isakmp stats

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	The show isakmp stats command was introduced.
7.2(1)	This command was deprecated. The show crypto isakmp stats command replaces it.

Usage Guidelines

The output from this command includes the following fields:

•Global IKE Statistics

•Active Tunnels

•In Octets

•In Packets

•In Drop Packets

•In Notifys

•In P2 Exchanges

•In P2 Exchange Invalids

•In P2 Exchange Rejects

•In P2 Sa Delete Requests

•Out Octets

•Out Packets

•Out Drop Packets

•Out Notifys

•Out P2 Exchanges

•Out P2 Exchange Invalids

•Out P2 Exchange Rejects

•Out P2 Sa Delete Requests

•Initiator Tunnels

•Initiator Fails

•Responder Fails

•System Capacity Fails

•Auth Fails

•Decrypt Fails

•Hash Valid Fails

•No Sa Fails

Examples

The following example, issued in global configuration mode, displays ISAKMP statistics:

hostname(config)# show isakmp stats

Global IKE Statistics

Active Tunnels: 132

Previous Tunnels: 132

In Octets: 195471

In Packets: 1854

In Drop Packets: 925

In Notifys: 0

In P2 Exchanges: 132

In P2 Exchange Invalids: 0

In P2 Exchange Rejects: 0

In P2 Sa Delete Requests: 0

Out Octets: 119029

Out Packets: 796

Out Drop Packets: 0

Out Notifys: 264

Out P2 Exchanges: 0

Out P2 Exchange Invalids: 0

Out P2 Exchange Rejects: 0

Out P2 Sa Delete Requests: 0

Initiator Tunnels: 0

Initiator Fails: 0

Responder Fails: 0

System Capacity Fails: 0

Auth Fails: 0

Decrypt Fails: 0

Hash Valid Fails: 0

No Sa Fails: 0

hostname(config)# 

Related Commands

Command	Description
clear configure isakmp	Clears all the ISAKMP configuration.
clear configure isakmp policy	Clears all ISAKMP policy configuration.
clear isakmp sa	Clears the IKE runtime SA database.
isakmp enable	Enables ISAKMP negotiation on the interface on which the IPSec peer communicates with the security appliance.
show running-config isakmp	Displays all the active ISAKMP configuration.

show kernel process

To display the current status of the active kernel processes running on the security appliance, use the show kernel process command in privileged EXEC mode.

show kernel process

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
8.0(0)	This command was introduced.

Usage Guidelines

Use the show kernel process command to troubleshoot issues with the kernel running on the security appliance.

The output from the show kernel process command is lined up in the console output.

Examples

The following example displays output from the show kernel process command:

hostname# show kernel process

PID PPID PRI NI      VSIZE      RSS      WCHAN STAT  RUNTIME COMMAND

  1    0  16  0     991232      268 3725684979    S       78 init

  2    1  34 19          0        0 3725694381    S        0 ksoftirqd/0

  3    1  10 -5          0        0 3725736671    S        0 events/0

  4    1  20 -5          0        0 3725736671    S        0 khelper

  5    1  20 -5          0        0 3725736671    S        0 kthread

  7    5  10 -5          0        0 3725736671    S        0 kblockd/0

  8    5  20 -5          0        0 3726794334    S        0 kseriod

 66    5  20  0          0        0 3725811768    S        0 pdflush

 67    5  15  0          0        0 3725811768    S        0 pdflush

 68    1  15  0          0        0 3725824451    S        2 kswapd0

 69    5  20 -5          0        0 3725736671    S        0 aio/0

171    1  16  0     991232       80 3725684979    S        0 init

172  171  19  0     983040      268 3725684979    S        0 rcS

201  172  21  0    1351680      344 3725712932    S        0 lina_monitor

202  201  16  0 1017602048   899932 3725716348    S      212 lina

203  202  16  0 1017602048   899932          0    S        0 lina

204  203  15  0 1017602048   899932          0    S        0 lina

205  203  15  0 1017602048   899932 3725712932    S        6 lina

206  203  25  0 1017602048   899932          0    R 13069390 lina

hostname# 

Table 27-1shows each field description.

Table 27-1 show kernel process Fields

Field	Description
PID	The process ID.
PPID	The parent process ID.
PRI	The priority of the process.
NI	The nice value, which is used in priority computation. The values range from 19 (nicest) to -19 (not nice to others),
VSIZE	The virtual memory size in bytes.
RSS	The resident set size of the process, in kilobytes.
WCHAN	The channel in which the process is waiting.
STAT	The state of the process: •R—Running •S—Sleeping in an interruptible wait •D—Waiting in an uninterruptible disk sleep •Z—zombie •T—Traced or stopped (on a signal) •P—Paging
RUNTIME	The number of jiffies that the process has been scheduled in user mode and kernel mode. The runtime is the sum of utime and stime.
COMMAND	The process name.

show local-host

To display the network states of local hosts, use the show local-host command in privileged EXEC mode.

show local-host [ip_address] [detail] [all][brief] [connection {tcp <start>[-<end>] | udp <start>[-<end>] | embryonic <start>[-<end>]}]

Syntax Description

all	(Optional) Includes local hosts connecting to the security appliance and from the security appliance.
brief	(Optional) Displays brief informationon local hosts.
connection	(Optional) Displays three typs of filters based on the number and type of connetcions: tcp, udp and embryonic. These filters can be used individually or jointly.
detail	(Optional) Displays the detailed network states of local host information, including more information about active xlates and network connections.
ip_address	(Optional) Specifies the local host IP address.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.2(1)	For models with host limits, this command now shows which interface is considered to be the outside interface.
7.2(4)	Two new options, connection and brief, were added to the show local-host command so that the output is filtered by the number of connections for the inside hosts.

Usage Guidelines

The show local-host command lets you display the network states of local hosts. A local-host is created for any host that forwards traffic to, or through, the security appliance.

This command lets you show the translation and connection slots for the local hosts. This command provides information for hosts that are configured with the nat 0 access-list command when normal translation and connection states may not apply.

This command also displays the connection limit values. If a connection limit is not set, the value displays as 0 and the limit is not applied.

For models with host limits, In routed mode, hosts on the inside (Work and Home zones) count towards the limit only when they communicate with the outside (Internet zone). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Work and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit.

In the event of a SYN attack (with TCP intercept configured), the show local-host command output includes the number of intercepted connections in the usage count. This field typically displays only full open connections.

In the show local-host command output, the TCP embryonic count to host counter is used when a maximum embryonic limit (TCP intercept watermark) is configured for a host using a static connection. This counter shows the total embryonic connections to the host from other hosts. If this total exceeds the maximum configured limit, TCP intercept is applied to new connections to the host.

Examples

The following sample output is displayed by the show local-host command:

hostname# show local-host

Interface inside: 0 active, 0 maximum active, 0 denied

Interface outside: 1 active, 2 maximum active, 0 denied

The following sample output is displayed by the show local-host command on a security appliance with host limits:

hostname# show local-host

Detected interface 'outside' as the Internet interface. Host limit applies to all other 
interfaces.

Current host count: 3, towards licensed host limit of: 50

Interface inside: 1 active, 1 maximum active, 0 denied

Interface outside: 0 active, 0 maximum active, 0 denied

The following sample output is displayed by the show local-host command on a security appliance with host limits, but without a default route, the host limits apply to all interfaces. The default route interface might not be detected if the default route or the interface that the route uses is down.

hostname# show local-host

Unable to determine Internet interface from default route. Host limit applied to all 
interfaces.

Current host count: 3, towards licensed host limit of: 50

Interface c1in: 1 active, 1 maximum active, 0 denied

Interface c1out: 0 active, 0 maximum active, 0 denied

The following sample output is displayed by the show local-host command on a security appliance with unlimited hosts:

hostname# show local-host

Licensed host limit: Unlimited

Interface c1in: 1 active, 1 maximum active, 0 denied

Interface c1out: 0 active, 0 maximum active, 0 denied

The following examples show how to display the network states of local hosts:

hostname# show local-host all

Interface outside: 1 active, 2 maximum active, 0 denied

local host: <11.0.0.4>,

TCP flow count/limit = 0/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 0/unlimited 

Conn:

105 out 11.0.0.4 in 11.0.0.3 idle 0:01:42 bytes 4464

105 out 11.0.0.4 in 11.0.0.3 idle 0:01:44 bytes 4464

Interface inside: 1 active, 2 maximum active, 0 denied

local host: <17.3.8.2>,

TCP flow count/limit = 0/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 0/unlimited 

Conn:

105 out 17.3.8.2 in 17.3.8.1 idle 0:01:42 bytes 4464

105 out 17.3.8.2 in 17.3.8.1 idle 0:01:44 bytes 4464

Interface NP Identity Ifc: 2 active, 4 maximum active, 0 denied

local host: <11.0.0.3>,

TCP flow count/limit = 0/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 0/unlimited 

Conn:

105 out 11.0.0.4 in 11.0.0.3 idle 0:01:44 bytes 4464

105 out 11.0.0.4 in 11.0.0.3 idle 0:01:42 bytes 4464

local host: <17.3.8.1>,

TCP flow count/limit = 0/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 0/unlimited 

Conn:

105 out 17.3.8.2 in 17.3.8.1 idle 0:01:44 bytes 4464

105 out 17.3.8.2 in 17.3.8.1 idle 0:01:42 bytes 4464

hostname# show local-host 10.1.1.91

Interface third: 0 active, 0 maximum active, 0 denied

Interface inside: 1 active, 1 maximum active, 0 denied

local host: <10.1.1.91>,

TCP flow count/limit = 1/unlimited

TCP embryonic count to (from) host = 0 (0)

TCP intercept watermark = unlimited

UDP flow count/limit = 0/unlimited

Xlate:

PAT Global 192.150.49.1(1024) Local 10.1.1.91(4984)

Conn:

TCP out 192.150.49.10:21 in 10.1.1.91:4984 idle 0:00:07 bytes 75 flags UI Interface

outside: 1 active, 1 maximum active, 0 denied

hostname# show local-host 10.1.1.91 detail

Interface third: 0 active, 0 maximum active, 0 denied

Interface inside: 1 active, 1 maximum active, 0 denied

local host: <10.1.1.91>,

TCP flow count/limit = 1/unlimited

TCP embryonic count to (from) host = 0 (0)

TCP intercept watermark = unlimited

UDP flow count/limit = 0/unlimited

Xlate:

TCP PAT from inside:10.1.1.91/4984 to outside:192.150.49.1/1024 flags ri

Conn:

TCP outside:192.150.49.10/21 inside:10.1.1.91/4984 flags UI Interface outside: 1 active, 1 
maximum active, 0 denied

The following example shows all hosts who have at least four udp connections and have between one 
to 10 tcp connections at the same time:

hostname# show local-host connection udp 4 tcp 1-10 

Interface mng: 0 active, 3 maximum active, 0 denied 

Interface INSIDE: 4 active, 5 maximum active, 0 denied 

local host: <10.1.1.11>, 

TCP flow count/limit = 1/unlimited TCP embryonic count to host = 0 TCP intercept 
watermark = unlimited UDP flow count/limit = 4/unlimited 

Xlate: 

Global 192.168.1.24 Local 10.1.1.11 Conn: UDP out 192.168.1.10:80 in 
10.1.1.11:1730 idle 0:00:21 bytes 0 flags - UDP out 192.168.1.10:80 in 
10.1.1.11:1729 idle 0:00:22 bytes 0 flags - UDP out 192.168.1.10:80 in 
10.1.1.11:1728 idle 0:00:23 bytes 0 flags - UDP out 192.168.1.10:80 in 
10.1.1.11:1727 idle 0:00:24 bytes 0 flags - TCP out 192.168.1.10:22 in 
10.1.1.11:27337 idle 0:01:55 bytes 2641 flags UIO Interface OUTSIDE: 3 active, 5 
maximum active, 0 denied 

The following example shows local-host addresses and connection counters using the brief option:

hostname# show local-host connection udp 2 

Interface mng: 0 active, 3 maximum active, 0 denied 

Interface INSIDE: 4 active, 5 maximum active, 0 denied 

local host: <10.1.1.11>, 

TCP flow count/limit = 1/unlimited 

TCP embryonic count to host = 0 

TCP intercept watermark = unlimited UDP flow count/limit = 4/unlimited 

Interface OUTSIDE: 3 active, 5 maximum active, 0 denied 

The following examples shows the output when using the brief and connection syntax:

hostname#show local-host brief 

Interface inside: 1 active, 1 maximum active, 0 denied

Interface outside: 1 active, 1 maximum active, 0 denied

Interface mgmt: 5 active, 6 maximum active, 0 denied

hostname# show local-host connection  

Interface inside: 1 active, 1 maximum active, 0 denied

Interface outside: 1 active, 1 maximum active, 0 denied

Interface mgmt: 5 active, 6 maximum active, 0 denied

Related Commands

Command	Description
clear local-host	Releases network connections from local hosts displayed by the show local-host command.
nat	Associates a network with a pool of global IP addresses.

show logging

To show the logs in the buffer or other logging settings, use the show logging command in privileged EXEC mode.

show logging [message [syslog_id | all] | asdm | queue | setting]

Syntax Description

all	(Optional) Displays all system log message IDs, along with whether they are enabled or disabled.
asdm	(Optional) Displays ASDM logging buffer content.
message	(Optional) Displays messages that are at a non-default level. See the logging message command to set the message level.
queue	(Optional) Displays the system log message queue.
setting	(Optional) Displays the logging setting, without displaying the logging buffer.
syslog_id	(Optional) Specifies a message number to display.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0	This command was introduced.
8.0(2)	Indicates whether a syslog server is configured to use an SSL/TLS connection.

Usage Guidelines

If the logging buffered command is in use, the show logging command without any keywords shows the current message buffer and the current settings.

The show logging queue command allows you to display the following:

•Number of messages that are in the queue

•Highest number of messages recorded that are in the queue

•Number of messages that are discarded because block memory was not available to process them

---

Note Zero is an acceptable number for the configured queue size, and represents the maximum queue size allowed. The output for the show logging queue command will display the actual queue size if the the configured queue size is zero.

---

Examples

The following example shows the output from the show logging command:

hostname(config)# show logging 

Syslog logging: enabled

                           Timestamp logging: disabled

                           Console logging: disabled

                           Monitor logging: disabled

                           Buffer logging: level debugging, 37 messages logged

                           Trap logging: disabled

305001: Portmapped translation built for gaddr 209.165.201.5/0 laddr 192.168.1.2/256

...

The following example shows the output from the show logging command with a secure syslog server configured:

hostname(config)# logging host inside 10.0.0.1 TCP/1500 secure

hostname(config)# show logging 

Syslog logging: disabled

	Facility:

	Timestamp logging: disabled

	Deny Conn when Queue Full: disabled

	Console logging: level debugging, 135 messages logged

	Monitor logging: disabled

	Buffer logging: disabled

	Trap logging: list show _syslog, facility, 20, 21 messages logged

		Logging to inside 10.0.0.1 tcp/1500 SECURE

	History logging: disabled

	Device ID: disabled

	Mail logging: disabled

	ASDM logging disabled

The following example shows the output from the show logging message all command:

hostname(config)# show logging message all

syslog 111111: default-level alerts (enabled)

syslog 101001: default-level alerts (enabled)

syslog 101002: default-level alerts (enabled)

syslog 101003: default-level alerts (enabled)

syslog 101004: default-level alerts (enabled)

syslog 101005: default-level alerts (enabled)

syslog 102001: default-level alerts (enabled)

syslog 103001: default-level alerts (enabled)

syslog 103002: default-level alerts (enabled)

syslog 103003: default-level alerts (enabled)

syslog 103004: default-level alerts (enabled)

syslog 103005: default-level alerts (enabled)

syslog 103011: default-level alerts (enabled)

syslog 103012: default-level informational (enabled)

Related Commands

Command	Description
logging asdm	Enables logging to ASDM
logging buffered	Enables logging to the buffer.
logging host	Defines a syslog server.
logging message	Sets the message level, or disables messages.
logging queue	Configures the logging queue.

show logging rate-limit

To display the disallowed system log messages to the original set, use the show logging rate-limit command in privileged EXEC mode.

show logging rate-limit

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

After the information is cleared, nothing more displays until the hosts reestablish their connections.

Examples

This example shows how to display the disallowed system log messages:

hostname(config)# show logging rate-limit

Related Commands

Command	Description
show logging	Displays the enabled logging options.

show mac-address-table

To show the MAC address table, use the show mac-address-table command in privileged EXEC mode.

show mac-address-table [interface_name | count | static]

Syntax Description

count	(Optional) Lists the total number of dynamic and static entries.
interface_name	(Optional) Identifies the interface name for which you want to view MAC address table entries.
static	(Optional) Lists only static entries.

Defaults

If you do not specify an interface, all interface MAC address entries are shown.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show mac-address-table command:

hostname# show mac-address-table

interface				    mac address				       type			      Time Left

-----------------------------------------------------------------------

outside					0009.7cbe.2100				   static				-

inside					0010.7cbe.6101				   static				-

inside					0009.7cbe.5101				   dynamic				10

The following is sample output from the show mac-address-table command for the inside interface:

hostname# show mac-address-table inside

interface				    mac address       type			      Time Left

-----------------------------------------------------------------------

inside					0010.7cbe.6101				   static				-

inside					0009.7cbe.5101				   dynamic				10

The following is sample output from the show mac-address-table count command:

hostname# show mac-address-table count

Static     mac-address bridges (curr/max): 0/65535

Dynamic    mac-address bridges (curr/max): 103/65535

Related Commands

Command	Description
firewall transparent	Sets the firewall mode to transparent.
mac-address-table aging-time	Sets the timeout for dynamic MAC address entries.
mac-address-table static	Adds a static MAC address entry to the MAC address table.
mac-learn	Disables MAC address learning.