Cisco Security Appliance Command Reference, Version 8.0
show running-config ldap -- show running-config webvpn auto-signon
Download this chapter
show running-config ldap -- show running-config webvpn auto-signonshow running-config ldap -- show running-config webvpn auto-signon
Download the complete book
Cisco Security Appliance Command Reference Book, Version 8.0--Whole Book PDFCisco Security Appliance Command Reference Book, Version 8.0--Whole Book PDF (PDF - 23 MB)
give_us_feedback

Table Of Contents

show running-config ldap through show running-config wccp Commands

show running-config ldap

show running-config logging

show running-config mac-address

show running-config mac-address-table

show running-config mac-learn

show running-config mac-list

show running-config management-access

show running-config monitor-interface

show running-config mroute

show running-config mtu

show running-config multicast-routing

show running-config nac-policy

show running-config name

show running-config nameif

show running-config names

show running-config nat

show running-config nat-control

show running-config ntp

show running-config object-group

show running-config passwd

show running-config phone-proxy

show running-config pim

show running-config policy-map

show running-config pop3s

show running-config prefix-list

show running-config priority-queue

show running-config privilege

show running-config regex

show running-config route

show running-config route-map

show running-config router

show running-config same-security-traffic

show running-config service

show running-config service-policy

show running-config sla monitor

show running-config smtps

show running-config snmp-map

show running-config snmp-server

show running-config ssh

show running-config ssl

show running-config static

show running-config sunrpc-server

show running-config sysopt

show running-config tcp-map

show running-config telnet

show running-config terminal

show running-config tftp-server

show running-config threat-detection

show running-config timeout

show running-config tls-proxy

show running-config track

show running-config tunnel-group

show running-config url-block

show running-config url-cache

show running-config url-server

show running-config username

show running-config virtual

show running-config vpn load-balancing

show running-config webvpn

show running-config webvpn auto-signon

show running-config zonelabs-integrity

show running-config vpdn

show running-configuration vpn-sessiondb

show running-config wccp


show running-config ldap through show running-config wccp Commands

show running-config ldap

To display the LDAP attribute name and value mappings in running LDAP attribute maps, use the show running-config ldap command in privileged EXEC mode.

show running-config [all] ldap attribute-map name

Syntax Description

Syntax DescriptionSyntax Description

all

Displays all LDAP attribute maps.

name

Specifies an individual LDAP attribute map for display.


Defaults

By default, all attribute maps, mapped names, and mapped values display.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.1(1)

This command was introduced.


Usage Guidelines

Use this command to display the LDAP attribute name and value mappings contained in attribute maps running on your security appliance. You can display all the attribute maps using the all option, or you can display a single attribute map by specifying the map name. If you enter neither the all option nor an LDAP attribute map name, all attribute maps, mapped names, and mapped values display.

Examples

The following example, entered in privileged EXEC mode, displays the attribute name and value mappings for a specific running attribute map, "myldapmap": 

hostname# show running-config ldap attribute-map myldapmap

map-name Hours cVPN3000-Access-Hours

map-value Hours workDay Daytime

The following command displays all attribute name and value mappings within all running attribute maps: 

hostname# show running-config all ldap attribute-map

Related Commands

Command
Description

ldap attribute-map (global config mode)

Creates and names an LDAP attribute map for mapping user-defined attribute names to Cisco LDAP attribute names.

ldap-attribute-map (aaa-server host mode)

Binds an LDAP attribute map to an LDAP server.

map-name

Maps a user-defined LDAP attribute name with a Cisco LDAP attribute name.

map-value

Maps a user-defined attribute value to a Cisco attribute.

clear configure ldap attribute-map

Removes all LDAP attribute maps.


show running-config logging

To display all currently running logging configurations, use the show runnig-config logging command in privileged EXEC mode.

show running-config [all] logging [level | disabled]

Syntax Description

all

(Optional) Displays the logging configuration, including commands whose settings that you have not changed from the default.

disabled

(Optional) Displays only the disabled system log message configuration.

level

(Optional) Displays only the configuration for system log messages with a non-default severity level.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0 (1)

This command was changed from the show logging command.


Examples

The following is an example of the show running-config logging disabled command: 

hostname# show running-config logging disabled


no logging message 720067

Related Commands

Command
Description

logging message

Configures logging.

show logging

Shows the log buffer and other logging settings.


show running-config mac-address

To show the mac-address auto configuration in the running configuration, use the show running-config mac-address command in privileged EXEC mode.

show running-config mac-address

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.2(1)

This command was introduced.


Examples

The following is sample output from the show running-config mac-address command: 

hostname# show running-config mac-address

no mac-address auto

Related Commands

Command
Description

failover mac address

Sets the active and standby MAC address of a physical interface for Active/Standby failover.

mac address

Sets the active and standby MAC address of a physical interface for Active/Active failover.

mac-address

Manually sets the MAC address (active and standby) for a physical interface or subinterface. In multiple context mode, you can set different MAC addresses in each context for the same interface.

mac-address auto

Auto-generates MAC addresses (active and standby) for shared interfaces in multiple context mode.

show interface

Shows the interface characteristics, including the MAC address.


show running-config mac-address-table

To view the mac-address-table static and mac-address-table aging-time configuration in the running configuration, use the show running-config mac-address-table command in privileged EXEC mode.

show running-config mac-address-table

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was introduced.


Examples

The following is sample output from the show running-config mac-learn command: 

hostname# show running-config mac-address-table

mac-address-table aging-time 50

mac-address-table static inside1 0010.7cbe.6101

Related Commands

Command
Description

firewall transparent

Sets the firewall mode to transparent.

mac-address-table aging-time

Sets the timeout for dynamic MAC address entries.

mac-address-table static

Adds static MAC address entries to the MAC address table.

mac-learn

Disables MAC address learning.

show mac-address-table

Shows the MAC address table, including dynamic and static entries.


show running-config mac-learn

To view the mac-learn configuration in the running configuration, use the show running-config mac-learn command in privileged EXEC mode.

show running-config mac-learn

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was introduced.


Examples

The following is sample output from the show running-config mac-learn command: 

hostname# show running-config mac-learn

mac-learn disable

Related Commands

Command
Description

firewall transparent

Sets the firewall mode to transparent.

mac-address-table static

Adds static MAC address entries to the MAC address table.

mac-learn

Disables MAC address learning.

show mac-address-table

Shows the MAC address table, including dynamic and static entries.


show running-config mac-list

To display a list of MAC addresses previously specified in a mac-list command with the indicated MAC list number, use the show running-config mac-list command in privileged EXEC mode.

show running-config mac-list id

Syntax Description

id

A hexadecimal MAC address list number.


Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was modified to conform to CLI guidelines.


Usage Guidelines

The show running-config aaa command displays the mac-list command statements as part of the AAA configuration.

Examples

The following example shows how to display a MAC address list with the id equal to adc: 

hostname(config)# show running-config mac-list adc

mac-list adc permit 00a0.cp5d.0282 ffff.ffff.ffff

mac-list adc deny 00a1.cp5d.0282 ffff.ffff.ffff

mac-list ac permit 0050.54ff.0000 ffff.ffff.0000

mac-list ac deny 0061.54ff.b440 ffff.ffff.ffff

mac-list ac deny 0072.54ff.b440 ffff.ffff.ffff

Related Commands

Command
Description

mac-list

Add a list of MAC addresses using a first-match search.

clear configure mac-list

Remove the indicated mac-list command statements.

show running-config aaa

Display the running AAA configuration values.


show running-config management-access

To display the name of the internal interface configured for management access, use the show running-config management-access command in privileged EXEC mode.

show running-config management-access

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

Preexisting

This command was preexisting.


Usage Guidelines

The management-access command lets you define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The interface names are defined by the nameif command and displayed in quotes, " ", in the output of the show interface command.)

Examples

The following example shows how to configure a firewall interface named "inside" as the management access interface and display the result: 

hostname# management-access inside

hostname# show running-config management-access

management-access inside

Related Commands

Command
Description

clear configure management-access

Removes the configuration of an internal interface for management access of the security appliance.

management-access

Configures an internal interface for management access.


show running-config monitor-interface

To display all monitor-interface commands in the running configuration, use the show running-config monitor-interface command in privileged EXEC mode.

show running-config [all] monitor-interface

Syntax Description

all

(Optional) Shows all monitor-interface commands, including the commands you have not changed from the default.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was introduced.


Usage Guidelines

The monitor-interface command is enabled on all physical interfaces by default. You need to use the all keyword with this command to view this default configuration.

Examples

The following is sample output from the show running-config monitor-interface command. The first time the command is entered without the all keyword, so only the interface that has monitoring enabled appears in the output. The second time the command is entered with the all keyword, so the default monitor-interface configuration is also show. 

hostname# show running-config monitor-interface

no monitor-interface outside

hostname#

hostname# show running-config all monitor-interface

monitor-interface inside

no monitor-interface outside

hostname#

Related Commands

Command
Description

monitor-interface

Enables health monitoring of a designated interface for failover purposes.

clear configure monitor-interface

Removes the no monitor-interface commands in the running configuration and restores the default interface health monitoring stance.


show running-config mroute

To display the static multicast route table in the configuration use the show running-config mroute command in privileged EXEC mode.

show running-config mroute [ dst [ src ]]

Syntax Description

dst

The Class D address of the multicast group.

src

The IP address of the multicast source.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

Added keyword running-config.


Examples

The following is sample output from the show running-config mroute command: 

hostname# show running-config mroute

Related Commands

Command
Description

mroute

Configures a static multicast route.


show running-config mtu

To display the current maximum transmission unit block size, use the show running-config mtu command in privileged EXEC mode.

show running-config mtu [interface_name]

Syntax Description

interface_name

(Optional) Internal or external network interface name.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

Preexisting

This command was preexisting.


Examples

The following is sample output from the show running-config mtu command: 

hostname# show running-config mtu

mtu outside 1500

mtu inside 1500

mtu dmz 1500

hostname# show running-config mtu outside

mtu outside 1500

Related Commands

Command
Description

clear configure mtu

Clears the configured maximum transmission unit values on all interfaces.

mtu

Specifies the maximum transmission unit for an interface.


show running-config multicast-routing

To display the multicast-routing command, if present, in the running configuration, use the show running-config multicast-routing command in privileged EXEC mode.

show running-config multicast-routing

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was introduced.


Usage Guidelines

The show running-config multicast-routing command displays the multicast-routing command in the running configuration. Enter the clear configure multicast-routing command to remove the multicast-routing command from the running configuration.

Examples

The following is sample output from the show running-config multicast-routing command: 

hostname# show running-config multicast-routing


multicast-routing

Related Commands

Command
Description

clear configure multicast-routing

Removes the multicast-routing command from the running configuration.

multicast-routing

Enables multicast routing on the security appliance.


show running-config nac-policy

To show the configuration of each NAC policy on the security appliance, use the show running-config nac-policy command in privileged EXEC mode.

show running-config [all] nac-policy [nac-policy-name]

Syntax Description

all

Displays the entire operating configuration of the NAC policy, including default settings.

nac-policy-name

Name of the NAC policy present in the configuration of the security appliance.


Defaults

By default, the CLI displays the name and configuration of each NAC policy if you do not specify the nac-policy-name.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

8.0(2)

This command was introduced.


Examples

The following example shows the configuration of NAC policies named nacapp1 and nacapp2: 

hostname# show running-config nac-policy

nac-policy framework nac-framework

 default-acl acl-1

 reval-period 36000

 sq-period 300

 exempt-list os "Windows XP" filter acl-2

nac-policy nacapp1 nacapp

 auth-vlan 1

 cas 209.165.202.129

 cam outside 209.165.201.22 community secretword

timeout 10

hostname#

The first line of each NAC policy indicates its name and type. The types are as follows:

nacapp uses a Cisco NAC Appliance to provide a network access policy for remote hosts. Table 29-1 explains the nacapp attributes displayed in response to the show running-config nac-policy command.

nac-framework uses a Cisco Access Control Server to provide a network access policy for remote hosts. Table 29-2 explains the nac-framework attributes displayed in response to the show running-config nac-policy command.

Table 29-1 show running-config nac-policy Command Fields for nacapp policies

Field
Description

auth-vlan

Authentication VLAN that provides the user with limited access while posture validation is in progress. Upon completion of the tunnel, the security appliance copies the value of the auth-vlan to the vlan attribute assigned to the session. Following a successful posture validation, the security appliance overwrites the value of the vlan attribute with the value of the access VLAN obtained from the NAC Appliance.

cam

This line shows the following values:

Interface on the security appliance through which to communicate with the Clean Access Manager.

IP address or hostname of the CAM.

SNMP community string on the CAM.

cas

IP address or hostname of the Clean Access Server.

timeout

Maximum number of minutes a user session can be assigned to an authentication VLAN.


Table 29-2 show running-config nac-policy Command Fields for nac-framework policies

Field
Description

default-acl

NAC default ACL applied before posture validation. Following posture validation, the security appliance replaces the default ACL with the one obtained from the Access Control Server for the remote host. It retains the default ACL if posture validation fails.

reval-period

Number of seconds between each successful posture validation in a NAC Framework session.

sq-period

Number of seconds between each successful posture validation in a NAC Framework session and the next query for changes in the host posture

exempt-list

Operating system names that are exempt from posture validation. Also shows an optional ACL to filter the traffic if the remote computer's operating system matches the name.

authentication-server-group

name of the of authentication server group to be used for NAC posture validation.


Related Commands

nac-policy

Creates and accesses a Cisco NAC policy, and specifies its type.

clear configure nac-policy

Removes all NAC policies from the running configuration except for those that are assigned to group policies.

show nac-policy

Displays NAC policy usage statistics on the security appliance.

show vpn-session_summary.db

Displays the number IPSec, Cisco AnyConnect, and NAC sessions, including VLAN mapping session data.

show vpn-session.db

Displays information about VPN sessions, including VLAN mapping and NAC results.


show running-config name

To display a list of names associated with IP addresses (configured with the name command), use the show running-config name command in privileged EXEC mode.

show running-config name

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was introduced.


Examples

This example shows how to display a list of names associated with IP addresses: 

hostname# show running-config name

name 192.168.42.3 sa_inside

name 209.165.201.3 sa_outside

Related Commands

Command
Description

clear configure name

Clears the list of names from the configuration.

name

Associates a name with an IP address.


show running-config nameif

To show the interface name configuration in the running configuration, use the show running-config nameif command in privileged EXEC mode.

show running-config nameif [physical_interface[.subinterface] | mapped_name]

Syntax Description

mapped_name

(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command.

physical_interface

(Optional) Identifies the interface ID, such as gigabitethernet0/1. See the interface command for accepted values.

subinterface

(Optional) Identifies an integer between 1 and 4294967293 designating a logical subinterface.


Defaults

If you do not specify an interface, this command shows the interface name configuration for all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was changed from show nameif.


Usage Guidelines

In multiple context mode, if you mapped the interface ID in the allocate-interface command, you can only specify the mapped name in a context.

This display also shows the security-level command configuration.

Examples

The following is sample output from the show running-config nameif command: 

hostname# show running-config nameif

!

interface GigabitEthernet0/0

 nameif inside

 security-level 100

!

interface GigabitEthernet0/1

 nameif test

 security-level 0

!

Related Commands

Command
Description

allocate-interface

Assigns interfaces and subinterfaces to a security context.

clear configure interface

Clears the interface configuration.

interface

Configures an interface and enters interface configuration mode.

nameif

Sets the interface name.

security-level

Sets the security level for the interface.


show running-config names

To display the IP address-to-name conversions, use the show running-config names command in privileged EXEC mode.

show running-config names

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent