-
Cisco ASA 5500 Series Command Reference, 8.2
-
About This Guide
-
Using the Command Line Interface
- A through B Commands
- C Commands
- D through F Commands
- G through I Commands
- J through L Commands
- M through O Commands
- P through R Commands
-
S Commands
-
same-security-traffic -- show asdm sessions
-
show asp drop -- show curpriv
-
show ddns -- show ipv6 traffic
-
show isakmp sa -- show route
-
show running-config -- show running-config isakmp
-
show running-config ldap -- show running-config webvpn auto-signon
-
show service-policy -- show xlate
-
shun -- sysopt radius ignore-secret
-
- T through Z Commands
-
Table Of Contents
show ddns update interface through show ipv6 traffic Commands
show dynamic-filter statistics
show dynamic-filter updater-client
show ddns update interface through show ipv6 traffic Commands
show ddns update interface
To display the DDNS methods assigned to adaptive security appliance interfaces, use the show ddns update interface command in privileged EXEC mode.
show ddns update interface [interface-name]
Syntax Description
Defaults
Omitting the interface-name string displays the DDNS method assigned to each interface.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following example displays the DDNS method assigned to the inside interface:
hostname# show ddns update interface insideDynamic DNS Update on inside:Update Method Name Update Destinationddns-2 not availablehostname#Related Commands
show ddns update method
To display the DDNS update methods in the running configuration, use the show ddns update method command in privileged EXEC mode.
show ddns update method [method-name]
Syntax Description
Defaults
Omitting the method-name string displays all configured DDNS update methods.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following example displays the DDNS method named ddns-2:
hostname(config)# show ddns update method ddns-2Dynamic DNS Update Method: ddns-2
IETF standardized Dynamic DNS 'A' and 'PTR' records update
Maximum update interval: 0 days 0 hours 10 minutes 0 seconds
hostname(config)#
Related Commands
show debug
To show the current debugging configuration, use the show debug command.
show debug [command [keywords]]
Syntax Description
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Preexisting
This command was preexisting.
8.0(2)
The eigrp keyword was added to the list of possible command values.
Usage Guidelines
The valid command values follow. For each command, the syntax following command is identical to the syntax supported by the associated debug command. Refer to the associated debug command for information about the supported syntax.
Note
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Examples
The following commands enable debugging for authentication, accounting, and Flash memory. The show debug command is used in three ways to demonstrate how you can use it to view all debugging configuration, debugging configuration for a specific feature, and even debugging configuration for a subset of a feature.
hostname# debug aaa authenticationdebug aaa authentication enabled at level 1hostname# debug aaa accountingdebug aaa accounting enabled at level 1hostname# debug disk filesystemdebug disk filesystem enabled at level 1hostname# show debugdebug aaa authentication enabled at level 1debug aaa accounting enabled at level 1debug disk filesystem enabled at level 1hostname# show debug aaadebug aaa authentication enabled at level 1debug aaa authorization is disabled.debug aaa accounting enabled at level 1debug aaa internal is disabled.debug aaa vpn is disabled.hostname# show debug aaa accountingdebug aaa accounting enabled at level 1hostname#Related Commands
show debug mmp
To display current debug settings for the MMP inspection module, use the show debug mmp command in privileged EXEC mode.
show debug mmp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following example shows the use of the show debug mmp command to displaythe current debug settings for the MMP inspection module:
hostname# show debug mmpdebug mmp enabled at level 1Related Commands
debug mmp
Display inspect MMP events.
inspect mmp
Configures the MMP inspection engine.
show dhcpd
To view DHCP binding, state, and statistical information, use the show dhcpd command in privileged EXEC or global configuration mode.
show dhcpd {binding [IP_address] | state | statistics}
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
If you include the optional IP address in the show dhcpd binding command, only the binding for that IP address is shown.
The show dhcpd binding | state | statistics commands are also available in global configuration mode.
Examples
The following is sample output from the show dhcpd binding command:
hostname# show dhcpd bindingIP Address Hardware Address Lease Expiration Type10.0.1.100 0100.a0c9.868e.43 84985 seconds automaticThe following is sample output from the show dhcpd state command:
hostname# show dhcpd stateContext Not Configured for DHCPInterface outside, Not Configured for DHCPInterface inside, Not Configured for DHCPThe following is sample output from the show dhcpd statistics command:
hostname# show dhcpd statisticsDHCP UDP Unreachable Errors: 0DHCP Other UDP Errors: 0Address pools 1Automatic bindings 1Expired bindings 1Malformed messages 0Message ReceivedBOOTREQUEST 0DHCPDISCOVER 1DHCPREQUEST 2DHCPDECLINE 0DHCPRELEASE 0DHCPINFORM 0Message SentBOOTREPLY 0DHCPOFFER 1DHCPACK 1DHCPNAK 1Related Commands
show dhcprelay state
To view the state of the DHCP relay agent, use the show dhcprelay state command in privileged EXEC or global configuration mode.
show dhcprelay state
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
This command displays the DHCP relay agent state information for the current context and each interface.
Examples
The following is sample output from the show dhcprelay state command:
hostname# show dhcprelay stateContext Configured as DHCP RelayInterface outside, Not Configured for DHCPInterface infrastructure, Configured for DHCP RELAY SERVERInterface inside, Configured for DHCP RELAYRelated Commands
show dhcprelay statistics
To display the DHCP relay statistics, use the show dhcprelay statistics command in privileged EXEC mode.
show dhcprelay statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
The output of the show dhcprelay statistics command increments until you enter the clear dhcprelay statistics command.
Examples
The following shows sample output for the show dhcprelay statistics command:
hostname# show dhcprelay statisticsDHCP UDP Unreachable Errors: 0DHCP Other UDP Errors: 0Packets RelayedBOOTREQUEST 0DHCPDISCOVER 7DHCPREQUEST 3DHCPDECLINE 0DHCPRELEASE 0DHCPINFORM 0BOOTREPLY 0DHCPOFFER 7DHCPACK 3DHCPNAK 0hostname#Related Commands
show disk
To display the contents of the flash memory for the adaptive security appliance only, use the show disk command in privileged EXEC mode.
show disk[0 | 1] [filesys | all] controller
Syntax Description
Defaults
Shows the internal flash memory by default.
Command Modes
The following table shows the modes in which you can enter the command.
Privileged EXEC
•
•
•
—
•
Command History
Examples
The following is sample output from the show disk command:
hostname# show disk-#- --length-- -----date/time------ path11 1301 Feb 21 2005 18:01:34 test.cfg12 1949 Feb 21 2005 20:13:36 test1.cfg13 2551 Jan 06 2005 10:07:36 test2.cfg14 609223 Jan 21 2005 07:14:18 test3.cfg15 1619 Jul 16 2004 16:06:48 test4.cfg16 3184 Aug 03 2004 07:07:00 old_running.cfg17 4787 Mar 04 2005 12:32:18 test5.cfg20 1792 Jan 21 2005 07:29:24 test6.cfg21 7765184 Mar 07 2005 19:38:30 test7.cfg22 1674 Nov 11 2004 02:47:52 test8.cfg23 1863 Jan 21 2005 07:29:18 test9.cfg24 1197 Jan 19 2005 08:17:48 test10.cfg25 608554 Jan 13 2005 06:20:54 backupconfig.cfg26 5124096 Feb 20 2005 08:49:28 cdisk127 5124096 Mar 01 2005 17:59:56 cdisk228 2074 Jan 13 2005 08:13:26 test11.cfg29 5124096 Mar 07 2005 19:56:58 cdisk330 1276 Jan 28 2005 08:31:58 lead31 7756788 Feb 24 2005 12:59:46 asdmfile.dbg32 7579792 Mar 08 2005 11:06:56 asdmfile1.dbg33 7764344 Mar 04 2005 12:17:46 asdmfile2.dbg34 5124096 Feb 24 2005 11:50:50 cdisk435 15322 Mar 04 2005 12:30:24 hs_err.log10170368 bytes available (52711424 bytes used)The following is sample output from the show disk filesys command:
hostname# show disk filesys******** Flash Card Geometry/Format Info ********COMPACT FLASH CARD GEOMETRYNumber of Heads: 4Number of Cylinders 978Sectors per Cylinder 32Sector Size 512Total Sectors 125184COMPACT FLASH CARD FORMATNumber of FAT Sectors 61Sectors Per Cluster 8Number of Clusters 15352Number of Data Sectors 122976Base Root Sector 123Base FAT Sector 1Base Data Sector 155The following is sample output from the show disk controller command:
hostname# show disk:1 controllerFlash Model: TOSHIBA THNCF064MBARelated Commands
show dns-hosts
To show the DNS cache, use the show dns-hosts command in privileged EXEC mode.The DNS cache includes dynamically learned entries from a DNS server as well as manually entered name and IP addresses using the name command.
show dns-hosts
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show dns-hosts command:
hostname# show dns-hostsHost Flags Age Type Address(es)ns2.example.com (temp, OK) 0 IP 10.102.255.44ns1.example.com (temp, OK) 0 IP 192.168.241.185snowmass.example.com (temp, OK) 0 IP 10.94.146.101server.example.com (temp, OK) 0 IP 10.94.146.80Table 11 shows each field description.
Related Commands
show dynamic-filter data
To show information about the Botnet Traffic Filter dynamic database, including when the dynamic database was last downloaded, the version of the database, how many entries the database contains, and 10 sample entries, use the show dynamic-filter data command in privileged EXEC mode.
show dynamic-filter data
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
—
•
Command History
Usage Guidelines
To view dynamic database information, first enable use and download of the database with the dynamic-filter use-database and dynamic-filter updater-client enable commands.
Examples
The following is sample output from the show dynamic-filter data command:
hostname# show dynamic-filter dataTraffic filter is using downloaded database version '907'Fetched at 18:00:16 UTC Jan 22 2009, size: 674381Sample names from downloaded database:example.com, example.net, example.org,cisco.example, cisco.invalid, bad.example.combad.example.net, bad.example.org, bad.cisco.examplebad.cisco.ivalidTotal entries in Dynamic Filter database:Dynamic data: 40909 domain names , 1080 IPv4 addressesLocal data: 0 domain names , 0 IPv4 addressesActive rules in Dynamic Filter asp table:Dynamic data: 0 domain names , 1080 IPv4 addressesLocal data: 0 domain names , 0 IPv4 addressesRelated Commands
show dynamic-filter dns-snoop
To show the Botnet Traffic Filter DNS snooping summary, or the actual IP addresses and names, use the show dynamic-filter dns-snoop command in privileged EXEC mode.
show dynamic-filter dns-snoop [detail]
Syntax Description
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
—
Command History
Usage Guidelines
All inspected DNS data is included in this output, and not just matching names in the blacklist. DNS data from static entries are not included.
To clear the DNS snooping data, enter the clear dynamic-filter dns-snoop command.
Examples
The following is sample output from the show dynamic-filter dns-snoop command:
hostname# show dynamic-filter dns-snoopDNS Reverse Cache Summary Information:75 addresses, 124 names, 997 dnsrc address bucketsThe following is sample output from the show dynamic-filter dns-snoop detail command:
hostname# show dynamic-filter dns-snoop detailDNS Reverse Cache Summary Information:75 addresses, 124 names, 997 dnsrc address bucketsDNS reverse Cache Information:[10.67.22.34] flags=0x22, cat=2, unit=0 b:g:w=3:0:0, cookie=0xda148218[www3.example.com] cat=2, ttl=3[www.bad.example.com] cat=2, ttl=3[www.example.com] cat=2, ttl=3[10.6.68.133] flags=0x2, cat=2, unit=0 b:g:w=1:0:0, cookie=0xda13ed60[cisco.example] cat=2, ttl=73[10.166.226.25] flags=0x2, cat=2, unit=0 b:g:w=1:0:0, cookie=0xda608cb8[cisco.invalid] cat=2, ttl=2Related Commands
show dynamic-filter reports
To generate reports of the top 10 botnet sites, ports, and infected hosts, use the show dynamic-filter reports top command in privileged EXEC mode.
show dynamic-filter reports top [botnet-sites | botnet-ports | infected-hosts]
Syntax Description
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
—
Command History
Usage Guidelines
This report is a snapshot of the data, and may not match the top 10 items since the statistics started to be collected. For hosts, the timeout value is 1 hour (non-configurable) to reduce the memory impact. The site and port reports do not have a timeout value.
To clear the report data, enter the clear dynamic-filter reports command.
Examples
The following is sample output from the show dynamic-filter reports top botnet-sites command:
hostname# show dynamic-filter reports top botnet-sitesSite Connections logged----------------------------------------------------------------------bad1.example.com (10.67.22.34) 11bad2.example.com (209.165.200.225) 8bad1.cisco.example(10.131.36.158) 6bad2.cisco.example(209.165.201.1) 2horrible.example.net(10.232.224.2) 2nono.example.org(209.165.202.130) 1The following is sample output from the show dynamic-filter reports top botnet-ports command:
hostname# show dynamic-filter reports top botnet-portsPort Connections logged----------------------------------------------------------------------tcp 1000 617tcp 2001 472tcp 23 22tcp 1001 19udp 2000 17udp 2001 17tcp 8080 9tcp 80 3tcp >8192 2The following is sample output from the show dynamic-filter reports top infected-hosts command:
hostname# show dynamic-filter reports top infected-hostsHost Connections logged----------------------------------------------------------------------10.10.10.51(inside) 119010.12.10.10(inside) 1010.10.11.10(inside) 5Related Commands
show dynamic-filter statistics
To show how many connections were monitored with the Botnet Traffic Filter, and how many of those connections match the whitelist, blacklist, and graylist, use the show dynamic-filter statistics command in privileged EXEC mode.
show dynamic-filter statistics [interface name]
Syntax Description
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
—
Command History
Usage Guidelines
The graylist includes addresses that are associated with multiple domain names, but not all of these domain names are on the blacklist.
To clear the statistics, enter the clear dynamic-filter statistics command.
Examples
The following is sample output from the show dynamic-filter statistics command:
hostname# show dynamic-filter statisticsEnabled on interface outsideTotal conns classified 2108, ingress 2108, egress 0Total whitelist hits 0, ingress 0, egress 0Total greylist hits 0, ingress 0, egress 0Total blacklist hits 11, ingress 11, egress 0Enabled on interface insideTotal conns classified 4908, ingress 4908, egress 0Total whitelist hits 3, ingress 3, egress 0Total greylist hits 0, ingress 0, egress 0Total blacklist hits 1179, ingress 1179, egress 0Related Commands
show dynamic-filter updater-client
To show information about the Botnet Traffic Filter updater server, including the server IP address, the next time the adaptive security appliance will connect with the server, and the database version last installed, use the show dynamic-filter updater-client command in privileged EXEC mode.
show dynamic-filter updater-client
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
—
•
Command History
Examples
The following is sample output from the show dynamic-filter updater-client command:
hostname# show dynamic-filter updater-clientTraffic Filter updater client is enabledUpdater server url is https://10.15.80.240:446Application name: trafmon, version: 1.0Encrypted UDI:0bb93985f42d941e50dc8f022350d1a8de96ba6c1f6d45f4bc0ead02a7d5990be32f483b5715cd80a215cedadd4e5ffeNext update is in 00:02:00Database file version is '907' fetched at 22:51:41 UTC Oct 16 2006,size: 521408Related Commands
show eigrp events
To display the EIGRP event log, use the show eigrp events command in privileged EXEC mode.
show eigrp [as-number] events [{start end} | type]
Syntax Description
Defaults
If a start and end is not specified, all log entries are shown.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
The show eigrp events output displays up to 500 events. Once the maximum number of events has been reached, new events are added to the bottom of the output and old events are removed from the top of the output.
You can use the clear eigrp events command to clear the EIGRP event log.
The show eigrp events type command displays the logging status of EIGRP events. By default, neighbor changes, neighbor warning, and DUAL FSM messages are logged. You can disable neighbor change event logging using the no eigrp log-neighbor-changes command. You can disable neighbor warning event logging using the no eigrp log-neighbor-warnings command. You cannot disable the logging of DUAL FSM events.
Examples
The following is sample output from the show eigrp events command:
hostname# show eigrp eventsEvent information for AS 100:1 12:11:23.500 Change queue emptied, entries: 42 12:11:23.500 Metric set: 10.1.0.0/16 537603 12:11:23.500 Update reason, delay: new if 42949672954 12:11:23.500 Update sent, RD: 10.1.0.0/16 42949672955 12:11:23.500 Update reason, delay: metric chg 42949672956 12:11:23.500 Update sent, RD: 10.1.0.0/16 42949672957 12:11:23.500 Route install: 10.1.0.0/16 10.130.60.2488 12:11:23.500 Find FS: 10.1.0.0/16 42949672959 12:11:23.500 Rcv update met/succmet: 53760 2816010 12:11:23.500 Rcv update dest/nh: 10.1.0.0/16 10.130.60.24811 12:11:23.500 Metric set: 10.1.0.0/16 4294967295The following is sample output from the show eigrp events command with a start and stop number defined:
hostname# show eigrp events 3 8Event information for AS 100:3 12:11:23.500 Update reason, delay: new if 42949672954 12:11:23.500 Update sent, RD: 10.1.0.0/16 42949672955 12:11:23.500 Update reason, delay: metric chg 42949672956 12:11:23.500 Update sent, RD: 10.1.0.0/16 42949672957 12:11:23.500 Route install: 10.1.0.0/16 10.130.60.2488 12:11:23.500 Find FS: 10.1.0.0/16 4294967295The following is sample output from the show eigrp events command when there are no entries in the EIGRP event log:
hostname# show eigrp eventsEvent information for AS 100: Event log is empty.The following is sample output from the show eigrp events type command:
hostname# show eigrp events typeEIGRP-IPv4 Event Logging for AS 100:Log Size 500Neighbor Changes EnableNeighbor Warnings EnableDual FSM EnableRelated Commands
show eigrp interfaces
To display the interfaces participating in EIGRP routing, use the show eigrp interfaces command in privileged EXEC mode.
show eigrp [as-number] interfaces [if-name] [detail]
Syntax Description
Defaults
If you do not specify an interface name, information for all EIGRP interfaces is displayed.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
Use the show eigrp interfaces command to determine on which interfaces EIGRP is active, and to learn information about EIGRP relating to those interfaces.
If an interface is specified, only that interface is displayed. Otherwise, all interfaces on which EIGRP is running are displayed.
If an autonomous system is specified, only the routing process for the specified autonomous system is displayed. Otherwise, all EIGRP processes are displayed.
Examples
The following is sample output from the show eigrp interfaces command:
hostname# show eigrp interfacesEIGRP-IPv4 interfaces for process 100Xmit Queue Mean Pacing Time Multicast PendingInterface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routesmgmt 0 0/0 0 11/434 0 0outside 1 0/0 337 0/10 0 0inside 1 0/0 10 1/63 103 0Table 25-2 describes the significant fields shown in the display.
Related Commands
network
Defines the networks and interfaces that participate in the EIGRP routing process.
show eigrp neighbors
To display the EIGRP neighbor table, use the show eigrp neighbors command in privileged EXEC mode.
show eigrp [as-number] neighbors [detail | static] [if-name]
Syntax Description
Defaults
If you do not specify an interface name, the neighbors learned through all interfaces are displayed.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
You can use the clear eigrp neighbors command to clear the dynamically-learned neighbors from the EIGRP neighbor table.
Static neighbors are not included in the output unless you use the static keyword.
Examples
The following is sample output from the show eigrp neighbors command:
hostname# show eigrp neighborsEIGRP-IPv4 Neighbors for process 100Address Interface Holdtime Uptime Q Seq SRTT RTO(secs) (h:m:s) Count Num (ms) (ms)172.16.81.28 Ethernet1 13 0:00:41 0 11 4 20172.16.80.28 Ethernet0 14 0:02:01 0 10 12 24172.16.80.31 Ethernet0 12 0:02:02 0 4 5 20Table 25-2 describes the significant fields shown in the display.
The following is sample output from the show eigrp neighbors static command:
hostname# show eigrp neighbors staticEIGRP-IPv4 neighbors for process 100Static Address Interface192.168.1.5 managementTable 25-4 describes the significant fields shown in the display.
The following is sample output from the show eigrp neighbors detail command:
hostname# show eigrp neighbors detailEIGRP-IPv4 neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq Tye(sec) (ms) Cnt Num3 1.1.1.3 Et0/0 12 00:04:48 1832 5000 0 14Version 12.2/1.2, Retrans: 0, Retries: 0Restart time 00:01:050 10.4.9.5 Fa0/0 11 00:04:07 768 4608 0 4 SVersion 12.2/1.2, Retrans: 0, Retries: 02 10.4.9.10 Fa0/0 13 1w0d 1 3000 0 6 SVersion 12.2/1.2, Retrans: 1, Retries: 01 10.4.9.6 Fa0/0 12 1w0d 1 3000 0 4 SVersion 12.2/1.2, Retrans: 1, Retries: 0Table 25-5 describes the significant fields shown in the display.
Related Commands
clear eigrp neighbors
Clear the EIGRP neighbor table.
debug eigrp neighbors
Display EIGRP neighbor debug messages.
debug ip eigrp
Display EIGRP packet debug messages.
show eigrp topology
To display the EIGRP topology table, use the show eigrp topology command in privileged EXEC mode.
show eigrp [as-number] topology [ip-addr [mask] | active | all-links | pending | summary | zero-successors]
Syntax Description
Defaults
Only routes that are feasible successors are displayed. Use the all-links keyword to display all routes, including those that are not feasible successors.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
You can use the clear eigrp topology command to remove the dynamic entries from the topology table.
Examples
The following is sample output from the show eigrp topology command:
hostname# show eigrp topologyEIGRP-IPv4 Topology Table for AS(100)/ID(192.168.1.1)Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - Reply statusP 10.16.90.0 255.255.255.0, 2 successors, FD is 0via 10.16.80.28 (46251776/46226176), Ethernet0via 10.16.81.28 (46251776/46226176), Ethernet1P 10.16.81.0 255.255.255.0, 1 successors, FD is 307200via Connected, Ethernet1via 10.16.81.28 (307200/281600), Ethernet1via 10.16.80.28 (307200/281600), Ethernet0Table 25-6 describes the significant fields shown in the displays.
The following is sample output from the show eigrp topology used with an IP address. The output shown is for an internal route.
hostname# show eigrp topology 10.2.1.0 255.255.255.0EIGRP-IPv4 (AS 100): Topology Default-IP-Routing-Table(0) entry for entry for 10.2.1.0 255.255.255.0State is Passive, Query origin flag is 1, 1 Successor(s), FD is 281600Routing Descriptor Blocks:0.0.0.0 (Ethernet0/0), from Connected, Send flag is 0x0Composite metric is (281600/0), Route is InternalVector metric:Minimum bandwidth is 10000 KbitTotal delay is 1000 microsecondsReliability is 255/255Load is 1/255Minimum MTU is 1500Hop count is 0The following is sample output from the show eigrp topology used with an IP address. The output shown is for an external route.
hostname# show eigrp topology 10.4.80.0 255.255.255.0EIGRP-IPv4 (AS 100): Topology Default-IP-Routing-Table(0) entry for entry for 10.4.80.0 255.255.255.0State is Passive, Query origin flag is 1, 1 Successor(s), FD is 409600Routing Descriptor Blocks:10.2.1.1 (Ethernet0/0), from 10.2.1.1, Send flag is 0x0Composite metric is (409600/128256), Route is ExternalVector metric:Minimum bandwidth is 10000 KbitTotal delay is 6000 microsecondsReliability is 255/255Load is 1/255Minimum MTU is 1500Hop count is 1External data:Originating router is 10.89.245.1AS number of route is 0External protocol is Connected, external metric is 0Administrator tag is 0 (0x00000000)Related Commands
clear eigrp topology
Clears the dynamically discovered entries from the EIGRP topology table.
show eigrp traffic
To display the number of EIGRP packets sent and received, use the show eigrp traffic command in privileged EXEC mode.
show eigrp [as-number] traffic
Syntax Description
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
You can use the clear eigrp traffic command to clear the EIGRP traffic statistics.
Examples
The following is sample output from the show eigrp traffic command:
hostname# show eigrp trafficEIGRP-IPv4 Traffic Statistics for AS 100Hellos sent/received: 218/205Updates sent/received: 7/23Queries sent/received: 2/0Replies sent/received: 0/2Acks sent/received: 21/14Input queue high water mark 0, 0 dropsSIA-Queries sent/received: 0/0SIA-Replies sent/received: 0/0Hello Process ID: 1719439416PDM Process ID: 1719439824Table 25-4 describes the significant fields shown in the display.
Related Commands
debug eigrp packets
Displays debug information for EIGRP packets sent and received.
debug eigrp transmit
Displays debug information for EIGRP messages sent.
show failover
To display information about the failover status of the unit, use the show failover command in privileged EXEC mode.
show failover [group num | history | interface | state | statistics]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show failover command displays the dynamic failover information, interface status, and Stateful Failover statistics. The Stateful Failover Logical Update Statistics output appears only when Stateful Failover is enabled. The "xerr" and "rerr" values do not indicate errors in failover, but rather the number of packet transmit or receive errors.
Note
In the show failover command output, the stateful failover fields have the following values:
•
–
–
–
–
•
–
–
–
–
–
–
–
–
–
–
–
–
–
–
If you do not enter a failover IP address, the show failover command displays 0.0.0.0 for the IP address, and monitoring of the interfaces remain in a "waiting" state. You must set a failover IP address for failover to work.
Table 25-8 describes the interface states for failover.
In multiple configuration mode, only the show failover command is available in a security context; you cannot enter the optional keywords.
Examples
The following is sample output from the show failover command for Active/Standby Failover. The adaptive security appliances are ASA 5500 series adaptive adaptive security appliances, each equipped with a CSC SSM as shown in the details for slot 1 of each adaptive security appliance.
hostname# show failoverFailover OnCable status: N/A - LAN-based failover enabledFailover unit PrimaryFailover LAN Interface: fover Ethernet2 (up)Unit Poll frequency 1 seconds, holdtime 3 secondsInterface Poll frequency 15 secondsInterface Policy 1Monitored Interfaces 2 of 250 maximumfailover replication httpLast Failover at: 22:44:03 UTC Dec 8 2004This host: Primary - ActiveActive time: 13434 (sec)slot 0: ASA5520 hw/sw rev (1.0/7.1(0)10) status (Up Sys)Interface inside (10.130.9.3): NormalInterface outside (10.132.9.3): Normalslot 1: ASA-SSM-20 hw/sw rev (1.0/CSC-SSM 5.0 (Build#1176)) status (Up/Up)Logging port IP: 10.0.0.3/24CSC-SSM, 5.0 (Build#1176)Other host: Secondary - Standby ReadyActive time: 0 (sec)slot 0: ASA5520 hw/sw rev (1.0/7.1(0)10) status (Up Sys)Interface inside (10.130.9.4): NormalInterface outside (10.132.9.4): Normalslot 1: ASA-SSM-20 hw/sw rev (1.0/CSC-SSM 5.0 (Build#1176)) status (Up/Up)Logging port IP: 10.0.0.4/24CSC-SSM, 5.0 (Build#1176)Stateful Failover Logical Update StatisticsLink : fover Ethernet2 (up)Stateful Obj xmit xerr rcv rerrGeneral 0 0 0 0sys cmd 1733 0 1733 0up time 0 0 0 0RPC services 0 0 0 0TCP conn 6 0 0 0UDP conn 0 0 0 0ARP tbl 106 0 0 0Xlate_Timeout 0 0 0 0VPN IKE upd 15 0 0 0VPN IPSEC upd 90 0 0 0VPN CTCP upd 0 0 0 0VPN SDI upd 0 0 0 0VPN DHCP upd 0 0 0 0SIP Session 0 0 0 0Logical Update Queue InformationCur Max TotalRecv Q: 0 2 1733Xmit Q: 0 2 15225The following is sample output from the show failover command for Active/Active Failover:
hostname# show failoverFailover OnFailover unit PrimaryFailover LAN Interface: third GigabitEthernet0/2 (up)Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 4 secondsInterface Policy 1Monitored Interfaces 8 of 250 maximumfailover replication httpGroup 1 last failover at: 13:40:18 UTC Dec 9 2004Group 2 last failover at: 13:40:06 UTC Dec 9 2004This host: PrimaryGroup 1 State: ActiveActive time: 2896 (sec)Group 2 State: Standby ReadyActive time: 0 (sec)slot 0: ASA-5530 hw/sw rev (1.0/7.0(0)79) status (Up Sys)slot 1: SSM-IDS-20 hw/sw rev (1.0/5.0(0.11)S91(0.11)) status (Up)admin Interface outside (10.132.8.5): Normaladmin Interface third (10.132.9.5): Normaladmin Interface inside (10.130.8.5): Normaladmin Interface fourth (10.130.9.5): Normalctx1 Interface outside (10.1.1.1): Normalctx1 Interface inside (10.2.2.1): Normalctx2 Interface outside (10.3.3.2): Normalctx2 Interface inside (10.4.4.2): NormalOther host: SecondaryGroup 1 State: Standby ReadyActive time: 190 (sec)Group 2 State: ActiveActive time: 3322 (sec)slot 0: ASA-5530 hw/sw rev (1.0/7.0(0)79) status (Up Sys)slot 1: SSM-IDS-20 hw/sw rev (1.0/5.0(0.1)S91(0.1)) status (Up)admin Interface outside (10.132.8.6): Normaladmin Interface third (10.132.9.6): Normaladmin Interface inside (10.130.8.6): Normaladmin Interface fourth (10.130.9.6): Normalctx1 Interface outside (10.1.1.2): Normalctx1 Interface inside (10.2.2.2): Normalctx2 Interface outside (10.3.3.1): Normalctx2 Interface inside (10.4.4.1): NormalStateful Failover Logical Update StatisticsLink : third GigabitEthernet0/2 (up)Stateful Obj xmit xerr rcv rerrGeneral 0 0 0 0sys cmd 380 0 380 0up time 0 0 0 0RPC services 0 0 0 0TCP conn 1435 0 1450 0UDP conn 0 0 0 0ARP tbl 124 0 65 0Xlate_Timeout 0 0 0 0VPN IKE upd 15 0 0 0VPN IPSEC upd 90 0 0 0VPN CTCP upd 0 0 0 0VPN SDI upd 0 0 0 0VPN DHCP upd 0 0 0 0SIP Session 0 0 0 0Logical Update Queue InformationCur Max TotalRecv Q: 0 1 1895Xmit Q: 0 0 1940The following is sample output from the show failover command on the ASA 5505 series adaptive adaptive security appliance:
Failover OnFailover unit PrimaryFailover LAN Interface: fover Vlan150 (up)Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 5 seconds, holdtime 25 secondsInterface Policy 1Monitored Interfaces 4 of 250 maximumVersion: Ours 7.2(0)55, Mate 7.2(0)55Last Failover at: 19:59:58 PST Apr 6 2006This host: Primary - ActiveActive time: 34 (sec)slot 0: ASA5505 hw/sw rev (1.0/7.2(0)55) status (Up Sys)Interface inside (192.168.1.1): NormalInterface outside (192.168.2.201): NormalInterface dmz (172.16.0.1): NormalInterface test (172.23.62.138): Normalslot 1: emptyOther host: Secondary - Standby ReadyActive time: 0 (sec)slot 0: ASA5505 hw/sw rev (1.0/7.2(0)55) status (Up Sys)Interface inside (192.168.1.2): NormalInterface outside (192.168.2.211): NormalInterface dmz (172.16.0.2): NormalInterface test (172.23.62.137): Normalslot 1: emptyThe following is sample output from the show failover state command:
hostname# show failover state====My State===Primary | Active |====Other State===Secondary | Standby |====Configuration State===Sync Done====Communication State===Mac set=========Failed Reason==============My Fail Reason:Other Fail Reason:Service Card FailureTable 25-9 describes the output of the show failover state command.
The following is sample output from the show failover history command:
hostname# show failover history==========================================================================From State To State Reason==========================================================================At 16:28:50 UTC Sep 9 2006Not Detected Negotiation No ErrorAt 16:29:18 UTC Sep 9 2006Negotiation Cold Standby Detected an Active mateAt 16:29:19 UTC Sep 9 2006Cold Standby Sync Config Detected an Active mateAt 16:29:31 UTC Sep 9 2006Sync Config Sync File System Detected an Active mateAt 16:29:31 UTC Sep 9 2006Sync File System Bulk Sync Detected an Active mateAt 16:29:36 UTC Sep 9 2006Bulk Sync Standby Ready Detected an Active mateAt 16:30:52 UTC Sep 9 2006Standby Ready Just Active Set by the CI config cmdAt 16:30:52 UTC Sep 9 2006Just Active Active Drain Set by the CI config cmdAt 16:30:52 UTC Sep 9 2006Active Drain Active Applying Config Set by the CI config cmdAt 16:30:52 UTC Sep 9 2006Active Applying Config Active Config Applied Set by the CI config cmdAt 16:30:52 UTC Sep 9 2006Active Config Applied Active Set by the CI config cmdAt 16:30:55 UTC Sep 9 2006Active Disabled Set by the CI config cmd==========================================================================Each entry provides the time and date the state change occurred, the beginning state, the resulting state, and the reason for the state change. The newest entries are located at the bottom of the display. Older entries appear at the top. A maximum of 60 entries can be displayed. Once the maximum number of entries has been reached, the oldest entries are removed from the top of the output as new entries are added to the bottom.
Table 25-10 shows the failover states. There are two types of states—stable and transient. Stable states are states that the unit can remain in until some occurrence, such as a failure, causes a state change. A transient state is a state that the unit passes through while reaching a stable state.
Each state change is followed by a reason for the state change. The reason typically remains the same as the unit progresses through the transient states to the stable state. The following are the possible state change reasons:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Related Commands
show running-config failover
Displays the failover commands in the current configuration.
show failover exec
To display the failover exec command mode for the specified unit, use the show failover exec command in privileged EXEC mode.
show failover exec {active | standby | mate}
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The failover exec command creates a session with the specified device. By default, that session is in global configuration mode. You can change the command mode of that session by sending the appropriate command (such as the interface command) using the failover exec command. Changing failover exec command modes for the specified device does not change the command mode for the session you are using to access the device. Changing commands modes for your current session to the device does not affect the command mode used by the failover exec command.
The show failover exec command displays the command mode on the specified device in which commands sent with the failover exec command are executed.
Examples
The following is sample output from the show failover exec command. This example demonstrates that the command mode for the unit where the failover exec commands are being entered does not have to be the same as the failover exec command mode where the commands are being executed.
In this example, an administrator logged into the standby unit adds a name to an interface on the active unit. The second time the show failover exec mate command is entered in this example shows the peer device in interface configuration mode. Commands sent to the device with the failover exec command are executed in that mode.
hostname(config)# show failover exec mateActive unit Failover EXEC is at config mode! The following command changes the standby unit failover exec mode! to interface configuration mode.hostname(config)# failover exec mate interface GigabitEthernet0/1hostname(config)# show failover exec mateActive unit Failover EXEC is at interface sub-command mode! Because the following command is sent to the active unit, it is replicated! back to the standby unit.hostname(config)# failover exec mate nameif testRelated Commands
failover exec
Executes the supplied command on the designated unit in a failover pair.
show file
To display information about the file system, use the show file command in privileged EXEC mode.
show file descriptors | system | information filename
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command.
Privileged EXEC
•
•
•
•
•
Command History
7.0(1)
This command was introduced.
8.2(1)
The capability to view information about partner application package files was added.
Examples
The following is sample output from the show file descriptors command:
hostname# show file descriptorsNo open file descriptorshostname# show file systemFile Systems:Size(b) Free(b) Type Flags Prefixes* 60985344 60973056 disk rw disk:The following is sample output fromthe show file info command:
hostname# show file info disk0:csc_embd1.0.1000.pkgtype is package (csc)file size is 17204149 bytes version 1Related Commands
dir
Displays the directory contents.
pwd
Displays the current working directory.
show firewall
To show the current firewall mode (routed or transparent), use the show firewall command in privileged EXEC mode.
show firewall
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Examples
The following is sample output from the show firewall command:
hostname# show firewallFirewall mode: RouterRelated Commands
firewall transparent
Sets the firewall mode.
show mode
Shows the current context mode, either single or multiple.
show flash
To display the contents of the internal Flash memory, use the show flash: command in privileged EXEC mode.
show flash:
Note
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command.
Privileged EXEC
•
•
•
•
•
Command History
Examples
The following is sample output from the show flash: command:
hostname# show flash:-#- --length-- -----date/time------ path11 1301 Feb 21 2005 18:01:34 test.cfg12 1949 Feb 21 2005 20:13:36 pepsi.cfg13 2551 Jan 06 2005 10:07:36 Leo.cfg14 609223 Jan 21 2005 07:14:18 rr.cfg15 1619 Jul 16 2004 16:06:48 hackers.cfg16 3184 Aug 03 2004 07:07:00 old_running.cfg17 4787 Mar 04 2005 12:32:18 admin.cfg20 1792 Jan 21 2005 07:29:24 Marketing.cfg21 7765184 Mar 07 2005 19:38:30 asdmfile-RLK22 1674 Nov 11 2004 02:47:52 potts.cfg23 1863 Jan 21 2005 07:29:18 r.cfg24 1197 Jan 19 2005 08:17:48 tst.cfg25 608554 Jan 13 2005 06:20:54 500kconfig26 5124096 Feb 20 2005 08:49:28 cdisk7010227 5124096 Mar 01 2005 17:59:56 cdisk7010428 2074 Jan 13 2005 08:13:26 negateACL29 5124096 Mar 07 2005 19:56:58 cdisk7010530 1276 Jan 28 2005 08:31:58 steel31 7756788 Feb 24 2005 12:59:46 asdmfile.50074.dbg32 7579792 Mar 08 2005 11:06:56 asdmfile.gusingh33 7764344 Mar 04 2005 12:17:46 asdmfile.50075.dbg34 5124096 Feb 24 2005 11:50:50 cdisk7010335 15322 Mar 04 2005 12:30:24 hs_err_pid2240.log10170368 bytes available (52711424 bytes used)Related Commands
dir
Displays the directory contents.
show disk0:
Displays the contents of the internal Flash memory.
show disk1:
Displays the contents of the external Flash memory card.
show flow-export counters
To display runtime counters associated with NetFlow data, use the show flow-export counters command in privileged EXEC mode.
show flow-export counters
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command.
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The runtime counters include statistical data as well as error data.
Examples
The following is sample output from the show flow-export counters command that shows runtime counters that are associated with NetFlow data:
hostname# show flow-export countersdestination: inside 209.165.200.224 2055Statistics:packets sent 1000Errors:block allocation failure 0invalid interface 0template send failure 0Related Commands
show fragment
To display the operational data of the IP fragment reassembly module, enter the show fragment command in privileged EXEC mode.
show fragment [interface]
Syntax Description
Defaults
If an interface is not specified, the command applies to all interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC mode
•
•
•
•
•
Command History
7.0(1)
The command was separated into two commands, show fragment and show running-config fragment, to separate the configuration data from the operational data.
Examples
This example shows how to display the operational data of the IP fragment reassembly module:
hostname# show fragmentInterface: insideSize: 200, Chain: 24, Timeout: 5, Threshold: 133Queue: 0, Assembled: 0, Fail: 0, Overflow: 0Interface: outside1Size: 200, Chain: 24, Timeout: 5, Threshold: 133Queue: 0, Assembled: 0, Fail: 0, Overflow: 0Interface: test1Size: 200, Chain: 24, Timeout: 5, Threshold: 133Queue: 0, Assembled: 0, Fail: 0, Overflow: 0Interface: test2Size: 200, Chain: 24, Timeout: 5, Threshold: 133Queue: 0, Assembled: 0, Fail: 0, Overflow: 0Related Commands
show gc
To display the garbage collection process statistics, use the show gc command in privileged EXEC mode.
show gc
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Examples
The following is sample output from the show gc command:
hostname# show gcGarbage collection process stats:Total tcp conn delete response : 0Total udp conn delete response : 0Total number of zombie cleaned : 0Total number of embryonic conn cleaned : 0Total error response : 0Total queries generated : 0Total queries with conn present response : 0Total number of sweeps : 946Total number of invalid vcid : 0Total number of zombie vcid : 0Related Commands
show h225
To display information for H.225 sessions established across the adaptive security appliance, use the show h225 command in privileged EXEC mode.
show h225
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show h225 command displays information for H.225 sessions established across the adaptive security appliance. Along with the debug h323 h225 event, debug h323 h245 event, and show local-host commands, this command is used for troubleshooting H.323 inspection engine issues.
Before using the show h225, show h245, or show h323-ras commands, we recommend that you configure the pager command. If there are a lot of session records and the pager command is not configured, it may take a while for the show output to reach its end. If there is an abnormally large number of connections, check that the sessions are timing out based on the default timeout values or the values set by you. If they are not, then there is a problem that needs to be investigated.
Examples
The following is sample output from the show h225 command:
hostname# show h225Total H.323 Calls: 11 Concurrent Call(s) for| Local: | 10.130.56.3/1040 | Foreign: 172.30.254.203/1720| 1. CRV 9861| Local: | 10.130.56.3/1040 | Foreign: 172.30.254.203/17200 Concurrent Call(s) for| Local: | 10.130.56.4/1050 | Foreign: 172.30.254.205/1720This output indicates that there is currently 1 active H.323 call going through the adaptive security appliance between the local endpoint 10.130.56.3 and foreign host 172.30.254.203, and for these particular endpoints, there is 1 concurrent call between them, with a CRV (Call Reference Value) for that call of 9861.
For the local endpoint 10.130.56.4 and foreign host 172.30.254.205, there are 0 concurrent Calls. This means that there is no active call between the endpoints even though the H.225 session still exists. This could happen if, at the time of the show h225 command, the call has already ended but the H.225 session has not yet been deleted. Alternately, it could mean that the two endpoints still have a TCP connection opened between them because they set "maintainConnection" to TRUE, so the session is kept open until they set it to FALSE again, or until the session times out based on the H.225 timeout value in your configuration.
Related Commands
show h245
To display information for H.245 sessions established across the adaptive security appliance by endpoints using slow start, use the show h245 command in privileged EXEC mode.
show h245
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show h245 command displays information for H.245 sessions established across the adaptive security appliance by endpoints using slow start. (Slow start is when the two endpoints of a call open another TCP control channel for H.245. Fast start is where the H.245 messages are exchanged as part of the H.225 messages on the H.225 control channel.) Along with the debug h323 h245 event, debug h323 h225 event, and show local-host commands, this command is used for troubleshooting H.323 inspection engine issues.
Examples
The following is sample output from the show h245 command:
hostname# show h245Total: 1| LOCAL | TPKT | FOREIGN | TPKT1 | 10.130.56.3/1041 | 0 | 172.30.254.203/1245 | 0| MEDIA: LCN 258 Foreign 172.30.254.203 RTP 49608 RTCP 49609| Local | 10.130.56.3 RTP 49608 RTCP 49609| MEDIA: LCN 259 Foreign 172.30.254.203 RTP 49606 RTCP 49607| Local | 10.130.56.3 RTP 49606 RTCP 49607There is currently one H.245 control session active across the adaptive security appliance. The local endpoint is 10.130.56.3, and we are expecting the next packet from this endpoint to have a TPKT header because the TPKT value is 0. (The TKTP header is a 4-byte header preceding each H.225/H.245 message. It gives the length of the message, including the 4-byte header.) The foreign host endpoint is 172.30.254.203, and we are expecting the next packet from this endpoint to have a TPKT header because the TPKT value is 0.
The media negotiated between these endpoints have a LCN (logical channel number) of 258 with the foreign RTP IP address/port pair of 172.30.254.203/49608 and a RTCP IP address/port of 172.30.254.203/49609 with a local RTP IP address/port pair of 10.130.56.3/49608 and a RTCP port of 49609.
The second LCN of 259 has a foreign RTP IP address/port pair of 172.30.254.203/49606 and a RTCP IP address/port pair of 172.30.254.203/49607 with a local RTP IP address/port pair of 10.130.56.3/49606 and RTCP port of 49607.
Related Commands
show h323-ras
To display information for H.323 RAS sessions established across the adaptive security appliance between a gatekeeper and its H.323 endpoint, use the show h323-ras command in privileged EXEC mode.
show h323-ras
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show h323-ras command displays information for H.323 RAS sessions established across the adaptive security appliance between a gatekeeper and its H.323 endpoint. Along with the debug h323 ras event and show local-host commands, this command is used for troubleshooting H.323 RAS inspection engine issues.
The show h323-ras command displays connection information for troubleshooting H.323 inspection engine issues, and is described in the inspect protocol h323 {h225 | ras} command page.
Examples
The following is sample output from the show h323-ras command:
hostname# show h323-rasTotal: 1| GK | Caller| 172.30.254.214 10.130.56.14hostname#This output shows that there is one active registration between the gatekeeper 172.30.254.214 and its client 10.130.56.14.
Related Commands
show history
To display the previously entered commands, use the show history command in user EXEC mode.
show history
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command.
User EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show history command lets you display previously entered commands. You can examine commands individually with the up and down arrows, enter ^p to display previously entered lines, or enter ^n to display the next line.
Examples
The following example shows sample output from the show history command in user EXEC mode:
hostname> show historyshow historyhelpshow historyThe following example shows sample output from the show history command in privileged EXEC mode:
hostname# show historyshow historyhelpshow historyenableshow historyThe following example shows sample output from the show history command in global configuration mode:
hostname(config)# show historyshow historyhelpshow historyenableshow historyconfig tshow historyRelated Commands
show icmp
To display the ICMP configuration, use the show icmp command in privileged EXEC mode.
show icmp
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show icmp command displays the ICMP configuration.
Examples
The following example shows the ICMP configuration:
hostname# show icmpRelated Commands
show idb
To display information about the status of interface descriptor blocks, use the show idb command in privileged EXEC mode.
show idb
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC
•
•
•
—
•
Command History
Usage Guidelines
IDBs are the internal data structure representing interface resources. See the "Examples" section for a description of the display output.
Examples
The following is sample output from the show idb command:
hostname# show idbMaximum number of Software IDBs 280. In use 23.HWIDBs SWIDBsActive 6 21Inactive 1 2Total IDBs 7 23Size each (bytes) 116 212Total bytes 812 4876HWIDB# 1 0xbb68ebc Control0/0HWIDB# 2 0xcd47d84 GigabitEthernet0/0HWIDB# 3 0xcd4c1dc GigabitEthernet0/1HWIDB# 4 0xcd5063c GigabitEthernet0/2HWIDB# 5 0xcd54a9c GigabitEthernet0/3HWIDB# 6 0xcd58f04 Management0/0SWIDB# 1 0x0bb68f54 0x01010001 Control0/0SWIDB# 2 0x0cd47e1c 0xffffffff GigabitEthernet0/0SWIDB# 3 0x0cd772b4 0xffffffff GigabitEthernet0/0.1PEER IDB# 1 0x0d44109c 0xffffffff 3 GigabitEthernet0/0.1PEER IDB# 2 0x0d2c0674 0x00020002 2 GigabitEthernet0/0.1PEER IDB# 3 0x0d05a084 0x00010001 1 GigabitEthernet0/0.1SWIDB# 4 0x0bb7501c 0xffffffff GigabitEthernet0/0.2SWIDB# 5 0x0cd4c274 0xffffffff GigabitEthernet0/1SWIDB# 6 0x0bb75704 0xffffffff GigabitEthernet0/1.1PEER IDB# 1 0x0cf8686c 0x00020003 2 GigabitEthernet0/1.1SWIDB# 7 0x0bb75dec 0xffffffff GigabitEthernet0/1.2PEER IDB# 1 0x0d2c08ac 0xffffffff 2 GigabitEthernet0/1.2SWIDB# 8 0x0bb764d4 0xffffffff GigabitEthernet0/1.3PEER IDB# 1 0x0d441294 0x00030001 3 GigabitEthernet0/1.3SWIDB# 9 0x0cd506d4 0x01010002 GigabitEthernet0/2SWIDB# 10 0x0cd54b34 0xffffffff GigabitEthernet0/3PEER IDB# 1 0x0d3291ec 0x00030002 3 GigabitEthernet0/3PEER IDB# 2 0x0d2c0aa4 0x00020001 2 GigabitEthernet0/3PEER IDB# 3 0x0d05a474 0x00010002 1 GigabitEthernet0/3SWIDB# 11 0x0cd58f9c 0xffffffff Management0/0PEER IDB# 1 0x0d05a65c 0x00010003 1 Management0/0Table 25-1 shows each field description.
Related Commands
interface
Configures an interface and enters interface configuration mode.
show interface
Displays the runtime status and statistics of interfaces.
show igmp groups
To display the multicast groups with receivers that are directly connected to the adaptive security appliance and that were learned through IGMP, use the show igmp groups command in privileged EXEC mode.
show igmp groups [[reserved | group] [if_name] [detail]] | summary]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
If you omit all optional arguments and keywords, the show igmp groups command displays all directly connected multicast groups by group address, interface type, and interface number.
Examples
The following is sample output from the show igmp groups command:
hostname#show igmp groupsIGMP Connected Group MembershipGroup Address Interface Uptime Expires Last Reporter224.1.1.1 inside 00:00:53 00:03:26 192.168.1.6Related Commands
show igmp interface
To display multicast information for an interface, use the show igmp interface command in privileged EXEC mode.
show igmp interface [if_name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
If you omit the optional if_name argument, the show igmp interface command displays information about all interfaces.
Examples
The following is sample output from the show igmp interface command:
hostname# show igmp interface insideinside is up, line protocol is upInternet address is 192.168.37.6, subnet mask is 255.255.255.0IGMP is enabled on interfaceIGMP query interval is 60 secondsInbound IGMP access group is not setMulticast routing is enabled on interfaceMulticast TTL threshold is 0Multicast designated router (DR) is 192.168.37.33No multicast groups joinedRelated Commands
show igmp groups
Displays the multicast groups with receivers that are directly connected to the adaptive security appliance and that were learned through IGMP.
show igmp traffic
To display IGMP traffic statistics, use the show igmp traffic command in privileged EXEC mode.
show igmp traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Examples
The following is sample output from the show igmp traffic command:
hostname# show igmp trafficIGMP Traffic CountersElapsed time since counters cleared: 00:02:30Received SentValid IGMP Packets 3 6Queries 2 6Reports 1 0Leaves 0 0Mtrace packets 0 0DVMRP packets 0 0PIM packets 0 0Errors:Malformed Packets 0Martian source 0Bad Checksums 0Related Commands
clear igmp counters
Clears all IGMP statistic counters.
clear igmp traffic
Clear the IGMP traffic counters.
show import webvpn
To list the WebVPN custom data and plug-ins that currently are present in flash memory on the adaptive security appliance, enter the show import webvpn (option) command in privileged EXEC mode.
show import webvpn | customization | plug-in | translation-table | url-list | webcontent
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC mode
•
—
•
—
—
Command History
Usage Guidelines
Use the show import webvpn command to identify the custom data and the Java-based client applications available to WebVPN users. The displayed list itemizes all of the requested data types that are in flash memory on the adaptive security appliance.
Each of the show import webvpn command displays the following currently loaded WebVPN data:
•
•
•
•
•
Example
The following illustrates the WebVPN data displayed by various show import webvpn command:
hostname# show import webvpn plug-insshrdpvnchostname#hostname# show import webvpn customizationTemplateDfltCustomizationhostname#hostname# show import webvpn translation-tableTranslation Tables' Templates:AnyConnectPortForwarderbannerscsdcustomizationurl-listwebvpnTranslation Tables:ru customizationua customizationhostname#hostname# show import webvpn url-listTemplateNo bookmarks are currently definedhostname#hostname# show import webvpn webcontentNo custom webcontent is loadedhostname#Related Commands
revert webvpn all
Removes all WebVPN data and plug-in current on the adaptive security appliance.
show interface
To view interface statistics, use the show interface command in privileged EXEC mode.
show interface [{physical_interface | redundantnumber}[.subinterface] | mapped_name | interface_name | vlan number] [stats | detail]
Syntax Description
Defaults
If you do not identify any options, this command shows basic statistics for all interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
If an interface is shared among contexts, and you enter this command within a context, the adaptive security appliance shows only statistics for the current context. When you enter this command in the system execution space for a physical interface, the adaptive security appliance shows the combined statistics for all contexts.
The number of statistics shown for subinterfaces is a subset of the number of statistics shown for a physical interface.
You cannot use the interface name in the system execution space, because the nameif command is only available within a context. Similarly, if you mapped the interface ID to a mapped name using the allocate-interface command, you can only use the mapped name in a context. If you set the visible keyword in the allocate-interface command, the adaptive security appliance shows the interface ID in the output of the show interface command.
Note
In the hardware count, the amount is retrieved directly from hardware, and reflects the Layer 2 packet size. While in traffic statistics, it reflects the Layer 3 packet size.
The count difference is varied based upon the design of the interface card hardware.
For example, for a Fast Ethernet card, the Layer 2 count is 14 bytes greater than the traffic count, because it includes the Ethernet header. On the Gigabit Ethernet card, the Layer 2 count is 18 bytes greater than the traffic count, because it includes both the Ethernet header and the CRC.See the "Examples" section for a description of the display output.
Examples
The following is sample output from the show interface command:
hostname# show interfaceInterface GigabitEthernet0/0 "outside", is up, line protocol is upHardware is i82546GB rev03, BW 1000 Mbps, DLY 1000 usecAuto-Duplex(Full-duplex), Auto-Speed(100 Mbps)MAC address 000b.fcf8.c44e, MTU 1500IP address 10.86.194.60, subnet mask 255.255.254.01328522 packets input, 124426545 bytes, 0 no bufferReceived 1215464 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort9 L2 decode drops124606 packets output, 86803402 bytes, 0 underruns0 output errors, 0 collisions0 late collisions, 0 deferred0 input reset drops, 0 output reset dropsinput queue (curr/max packets): hardware (0/7)output queue (curr/max packets): hardware (0/13)Traffic Statistics for "outside":1328509 packets input, 99873203 bytes124606 packets output, 84502975 bytes524605 packets dropped1 minute input rate 0 pkts/sec, 0 bytes/sec1 minute output rate 0 pkts/sec, 0 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 0 bytes/sec5 minute output rate 0 pkts/sec, 0 bytes/sec5 minute drop rate, 0 pkts/secInterface GigabitEthernet0/1 "inside", is administratively down, line protocol is downHardware is i82546GB rev03, BW 1000 Mbps, DLY 1000 usecAuto-Duplex, Auto-SpeedMAC address 000b.fcf8.c44f, MTU 1500IP address 10.10.0.1, subnet mask 255.255.0.00 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions0 late collisions, 0 deferred0 input reset drops, 0 output reset dropsinput queue (curr/max packets): hardware (0/0)output queue (curr/max packets): hardware (0/0)Traffic Statistics for "inside":0 packets input, 0 bytes0 packets output, 0 bytes0 packets dropped1 minute input rate 0 pkts/sec, 0 bytes/sec1 minute output rate 0 pkts/sec, 0 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 0 bytes/sec5 minute output rate 0 pkts/sec, 0 bytes/sec5 minute drop rate, 0 pkts/secInterface GigabitEthernet0/2 "faillink", is administratively down, line protocol is downHardware is i82546GB rev03, BW 1000 Mbps, DLY 1000 usecAuto-Duplex, Auto-SpeedDescription: LAN/STATE Failover InterfaceMAC address 000b.fcf8.c450, MTU 1500IP address 192.168.1.1, subnet mask 255.255.255.00 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions0 late collisions, 0 deferred0 input reset drops, 0 output reset dropsinput queue (curr/max packets): hardware (0/0)output queue (curr/max packets): hardware (0/0)Traffic Statistics for "faillink":0 packets input, 0 bytes1 packets output, 28 bytes0 packets dropped1 minute input rate 0 pkts/sec, 0 bytes/sec1 minute output rate 0 pkts/sec, 0 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 0 bytes/sec5 minute output rate 0 pkts/sec, 0 bytes/sec5 minute drop rate, 0 pkts/secInterface GigabitEthernet0/3 "", is administratively down, line protocol is downHardware is i82546GB rev03, BW 1000 Mbps, DLY 1000 usecAuto-Duplex, Auto-SpeedActive member of Redundant5MAC address 000b.fcf8.c451, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions0 late collisions, 0 deferred0 input reset drops, 0 output reset dropsinput queue (curr/max packets): hardware (0/0)output queue (curr/max packets): hardware (0/0)Interface Management0/0 "", is administratively down, line protocol is downHardware is i82557, BW 100 Mbps, DLY 1000 usecAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 000b.fcf8.c44d, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrierinput queue (curr/max packets): hardware (128/128) software (0/0)output queue (curr/max packets): hardware (0/0) software (0/0)Interface Redundant1 "", is down, line protocol is downRedundancy Information:Members unassignedInterface Redundant5 "redundant", is administratively down, line protocol is downHardware is i82546GB rev03, BW 1000 Mbps, DLY 1000 usecAuto-Duplex, Auto-SpeedMAC address 000b.fcf8.c451, MTU 1500IP address 10.2.3.5, subnet mask 255.255.255.00 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions0 late collisions, 0 deferred0 input reset drops, 0 output reset dropsinput queue (curr/max packets): hardware (0/0) software (0/0)output queue (curr/max packets): hardware (0/0) software (0/0)Traffic Statistics for "redundant":0 packets input, 0 bytes0 packets output, 0 bytes0 packets dropped1 minute input rate 0 pkts/sec, 0 bytes/sec1 minute output rate 0 pkts/sec, 0 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 0 bytes/sec5 minute output rate 0 pkts/sec, 0 bytes/sec5 minute drop rate, 0 pkts/secRedundancy Information:Member GigabitEthernet0/3(Active), GigabitEthernet0/2Last switchover at 15:15:26 UTC Oct 24 2006Interface Redundant5.1 "", is down, line protocol is downVLAN identifier noneAvailable but not configured with VLAN or via nameifTable 25-12 shows each field description.
