Table Of Contents
same-security-traffic permit inter-interface
set ip next-hop (route map submode)
set metric (route map submode)
set metric-type (route map submode)
show default-information originate
show ip ospf retransmission-list
same-security-traffic permit inter-interface
To enable the same-security level interface communication, use the same-security-traffic permit inter-interface command. To disable the same-security interfaces, use the no form of this command.
[no] same-security-traffic permit inter-interface
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: configuration mode
Firewall Mode: transparent firewall mode
Command History
Examples
This example shows how to enable the same-security interface communication:
fwsm/context_name(config)# same-security-traffic permit inter-interfaceRelated Commands
service
To enable system services, use the service command. To disable system services, use the no form of this command.
[no] service {resetinbound | resetoutside}
Syntax Description
resetinbound
Sends a reset to a denied inbound TCP packet.
resetoutside
Sends a reset to a denied TCP packet to the outside interface.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The service command works with all inbound TCP connections to static interfaces whose access lists or uauth (user authorization) do not allow inbound connections. One use is for resetting identity request (IDENT) connections. If an inbound TCP connection is attempted and denied, you can use the service resetinbound command to return an RST (reset flag in the TCP header) to the source. Without the keyword, the FWSM drops the packet without returning an RST.
The FWSM sends a TCP RST to the host connecting inbound and stops the incoming IDENT process so that outbound e-mail can be transmitted without having to wait for IDENT to time out. The FWSM sends a syslog message stating that the incoming connection was denied. Without entering the service resetinbound command, the FWSM drops packets that are denied and generates a syslog message stating that the SYN was denied. However, outside hosts keep retransmitting the SYN until the IDENT times out.
When an IDENT connection times out, the connections slow down. Perform a trace to determine that IDENT is causing the delay and then enter the service command.
Use the service resetinbound command to handle an IDENT connection through the FWSM. These methods for handling IDENT connections are ranked from most secure to the least secure:
1.
Use the service resetinbound command.
2.
3.
When using the aaa command, if the first attempt at authorization fails and a second attempt causes a timeout, use the service resetinbound command to reset the client that failed the authorization so that it will not retransmit any connections. An example authorization timeout message in Telnet is as follows:
Unable to connect to remote host: Connection timed outIf you use the resetoutside command, the FWSM actively resets denied TCP packets that terminate at the FWSMs least-secure interface. By default, these packets are silently discarded. We recommend that you use the resetoutside keyword with dynamic or static interface Port Address Translation (PAT). The static interface PAT is available with FWSM version 6.0 and higher. This keyword allows the FWSM to terminate the IDENT from an external SMTP or FTP server. Actively resetting these connections avoids the 30-second timeout delay.
To remove the service commands from the configuration, use the clear service command.
Examples
This example shows how to enable system services:
fwsm/context_name(config)# service resetinboundRelated Commands
set (route map submode)
To specify the values in the destination routing protocol for a route map, use the set command in the route-map submode. To delete an entry, use the no form of this command.
[no] set metric [+ | -] metric_value metric-type {type-1 | type-2 | internal | external} ip next-hop ip-address [ip-address]
Syntax Description
Defaults
Default metric value; valid values are from -2147483647 to 2147483647.
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The ip_address must be the address of an adjacent router.
Examples
This example shows how to send packets passed by a match clause of a route map:
fwsm(config-route-map)# set ip next-hop 123.24.30.10Related Commands
match (route map submode)
route-map
set metric (route map submode)
set metric-type (route map submode)
show route-map
show setset ip next-hop (route map submode)
To specify where to send packets that pass a match clause of a route map, use the set ip next-hop subcommand. To delete an entry, use the no form of this command.
set ip next-hop ip-address [ip-address]
no set ip next-hop ip-address
Syntax Description
ip-address
Specifies the IP address of the next hop to which to output packets.
ip-address
(Optional) Specifies the IP address of the secondary next hop.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode
Command History
Usage Guidelines
The ip_address must be the address of an adjacent router.
Examples
This example shows how to send packets passed by a match clause of a route map:
fwsm/context_name(config)# set ip next-hop 123.24.30.10Related Commands
match (route map submode)
route-map
set metric (route map submode)
set metric-type (route map submode)
show route-map
show setset metric (route map submode)
To set the metric value for a routing protocol, use the set metric subcommand. To return to the default metric value, use the no form of this command.
set metric [+ | -] metric_value
[no] set metric value
Syntax Description
+ or -
Specifies positive or negative values.
metric_value
Metric value; valid values are from 0 to 2147483647.
value
Default metric value; valid values are from -2147483647 to 2147483647.
Defaults
-2147483647 to 2147483647.
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode
Command History
Usage Guidelines
The no set metric value subcommand allows you to return to the default metric value. In this context, the value is an integer from -2147483647 to 2147483647.
Examples
This example shows how to configure a route map for OSPF routing:
fwsm(config)# route-map maptag1 permit 8fwsm(config-route-map)# set metric 5fwsm(config-route-map)# match metric 5fwsm(config-route-map)# set metric-type type-2fwsm(config-route-map)# show route-maproute-map maptag1 permit 8set metric 5set metric-type type-2match metric 5fwsm(config-route-map)# exitfwsm(config)#Related Commands
match (route map submode)
route-map
set ip next-hop (route map submode)
set metric-type (route map submode)
show route-map
show setset metric-type (route map submode)
To specify the type of OSPF metric routes, use the set metric-type subcommand. To return to the default setting, use the no form of this command.
set metric-type {type-1 | type-2 | internal | external}
no set metric-type
Syntax Description
Defaults
type-2
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode
Command History
Examples
This example show how to configure a route map for OSPF routing:
fwsm(config)# route-map maptag1 permit 8fwsm(config-route-map)# set metric 5fwsm(config-route-map)# match metric 5fwsm(config-route-map)# set metric-type type-2fwsm(config-route-map)# show route-maproute-map maptag1 permit 8set metric 5set metric-type type-2match metric 5fwsm(config-route-map)# exitfwsm(config)#Related Commands
route-map
set ip next-hop (route map submode)
set metric (route map submode)
set metric-type (route map submode)
show route-map
show setsetup
To preconfigure the FWSM through interactive prompts, use the setup command.
setup
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The FWSM requires some preconfiguration before the PDM can connect to it. The setup dialog automatically appears at boot time if there is no configuration in the Flash partition. Once you enter the setup command, you are asked for the setup information in Table 2-13.
The host and domain names are used to generate the default certificate for the Secure Socket Layer (SSL) connection. The interface type is determined by the hardware.
Examples
This example shows how to complete the setup command prompts:
fwsm(config)# setupPre-configure FWSM Firewall now through interactive prompts [yes]? y Enable Password [<use current password>]: ciscofwsm Inside IP address: 192.168.1.1 Inside network mask: 255.255.255.0 Host name: accounting_fwsm Domain name: example.com IP address of host running FWSM Device Manager: 192.168.1.2 The following configuration will be used: Enable Password: ciscofwsm Clock (UTC): 22:47:37 Sep 12 2001Inside IP address: ...192.168.1.1 Inside network mask: ...255.255.255.0 Host name: ...accounting_fwsm Domain name: ...example.com IP address of host running Device Manager: ...192.168.1.2 Use this configuration and write to flash? yRelated Commands
show
To display the information about the commands, use the show command.
show command_keywords [|{include | exclude | begin | grep [-v]} regexp]
show ?
Syntax Description
Defaults
See each command for the default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show command_keywords [|{include | exclude | begin | grep} regexp] command runs the show command keyword specified. Only the first "|" is a pipe character in this syntax. This character represents piping output to the filter. When "|" is present, a filtering keyword and a regular expression must also be present.
The CLI syntax and semantics of the show output filtering options are the same as in Cisco IOS software and are available through the console, Telnet, or SSH sessions.
Most commands have a show command form where the command name is used as a show keyword. For example, the global command has an associated show global command.
The show ? command displays a list of all commands that are available on the FWSM.
Do not enclose the regexp argument in quotes or double quotes. Additionally, trailing white spaces (between keywords) are taken as part of the regular expression.
Examples
This example shows how to use a show command output filter keyword, where the "|" is the UNIX pipe symbol:
fwsm(config)# show config | grep access-listaccess-list 101 permit tcp any host 10.1.1.3 eq wwwaccess-list 101 permit tcp any host 10.1.1.3 eq smtpThis example shows sample output from the show ? command:
fwsm(config)# show ?At the end of show <command>, use the pipe character '|' followed by:begin|include|exclude|grep [-v] <regular_exp>, to filter show output.aaa Enable, disable, or view TACACS+, RADIUS or LOCALuser authentication, authorization and accountingaaa-server Define AAA Server groupaccess-group Bind an access-list to an interface to filter inbound trafficaccess-list Add an access listactivation-key Modify activation-key.age This command is deprecated. See ipsec, isakmp, map, ca commandsalias Administer overlapping addresses with dual NAT.apply Apply outbound lists to source or destination IP addressesarp Change or view arp table, set arp timeout value and view statusauth-prompt Customize authentication challenge, reject or acceptance promptauto-update Configure auto update supportbanner Configure login/session bannersblocks Show system buffer utilizationca CEP (Certificate Enrollment Protocol)Create and enroll RSA key pairs into a PKI (Public Key Infrastr.capture Capture inbound and outbound packets on one or more interfaceschecksum View configuration information cryptochecksumchunkstat Display chunk statsclock Show and set the date and time of FWSMconfigure Configure from terminal, floppy, memory, network, orfactory-default. The configuration will be merged with theactive configuration except for factory-default in which casethe active configuration is cleared first.conn Display connection informationconsole Set idle timeout for the serial console of the FWSMcpu Display cpu usageCrashinfo Read, write and configure crash write to flash.crypto Configure IPsec, IKE, and CActiqbe Show the current data stored for each CTIQBE session.curpriv Display current privilege leveldebug Debug packets or ICMP tracings through the FWSM Firewall.dhcpd Configure DHCP Serverdhcprelay Configure DHCP relay agentdomain-name Change domain namedynamic-map Specify a dynamic crypto map templateeeprom show or reprogram the 525 onboard i82559 devicesenable Configure enable passwordsestablished Allow inbound connections based on established connectionsfailover Enable/disable FWSM failover feature to a standby FWSMfilter Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filgfips-mode Enable or disable FIPS modefixup Add or delete FWSM service and feature defaultsflashfs Show, destroy, or preserve filesystem informationfragment Configure the IP fragment databaseglobal Specify, delete or view global address pools,or designate a PAT(Port Address Translated) addressh225 Show the current h225 data stored for each connection.h245 List the h245 connections.h323-ras Show the current h323 ras data stored for each connection.history Display the session command historyhttp Configure HTTP servericmp Configure access for ICMP traffic that terminates at an interfaeinterface Set network interface paremeters and configure VLANsigmp Clear or display IGMP groupsip Set the ip address and mask for an interfaceDefine a local address poolConfigure Unicast RPF on an interfaceConfigure the Intrusion Detection Systemipsec Configure IPSec policyisakmp Configure ISAKMP policylocal-host Display or clear the local host network informationlogging Enable logging facilitymac-list Add a list of mac addresses using first match searchmap Configure IPsec crypto mapmemory System memory utilizationmgcp Configure the Media Gateway Control Protocol fixupmroute Configure a multicast routemtu Specify MTU(Maximum Transmission Unit) for an interfacemulticast Configure multicast on an interfacename Associate a name with an IP addressnameif Assign a name to an interfacenames Enable, disable or display IP address to name conversionnat Associate a network with a pool of global IP addressesntp Configure Network Time Protocolobject-group Create an object group for use in 'access-list', etcospf Show OSPF information or clear ospf items.outbound Create an outbound access listpager Control page length for paginationpasswd Change Telnet console access passwordpdm Configure FWSMDevice Managerprefix-list Configure a prefix-listprivilege Configure/Display privilege levels for commandsprocesses Display processesrip Broadcast default route or passive RIProute Enter a static route for an interfaceroute-map Create a route-map.router Create/configure OSPF routing processrouting Configure interface specific unicast routing parameters.running-config Display the current running configurationservice Enable system servicessession Access an internal AccessPro router consoleshun Manages the filtering of packets from undesired hostssip Show the current data stored for each SIP session.skinny Show the current data stored for each Skinny session.snmp-server Provide SNMP and event informationssh Add SSH access to FWSM console, set idle timeout, displaylist of active SSH sessions & terminate a SSH sessionstartup-config Display the startup configurationstatic Configure one-to-one address translation ruletcpstat Display status of tcp stack and tcp connectionstech-support Tech supporttelnet Add telnet access to FWSM console and set idle timeoutterminal Set terminal line parameterstftp-server Specify default TFTP server address and directorytimeout Set the maximum idle timestraffic Counters for traffic statisticsuauth Display or clear current user authorization informationurl-cache Enable URL cachingurl-block Enable URL pending block buffer and long URL supporturl-server Specify a URL filter serverusername Configure user authentication local databaseversion Display FWSM system software versionvirtual Set address for authentication virtual serversvpdn Configure VPDN (PPTP, L2TP, PPPoE) Policyvpnclient Configure Easy VPN Remotevpngroup Configure group settings for Cisco VPN Clients andCisco Easy VPN Remote productswho Show active administration sessions on FWSMxlate Display current translation and connection slot informationshow aaa
To display the local, TACACS+, or RADIUS user accounting, use the show aaa command.
show aaa
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
1.1(1)
Support for this command was introduced on the FWSM.
2.2(1)
This command was modified to support a second LOCAL method for AAA configurations.
Examples
This example shows how to display local, TACACS+, or RADIUS user accounting:
fwsm/context_name(config)# show aaaRelated Commands
aaa accounting match
aaa authentication
aaa authorization
auth-prompt
password/passwd
service
ssh
telnet
virtualshow aaa proxy-limit
To display the number of concurrent proxy connections that are allowed per user, use the show aaa proxy-limit command.
show aaa proxy-limit
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show aaa proxy-limit command allows you to display the number of outstanding authentication requests that are allowed or indicates that the proxy limit is disabled if you disabled it.
Examples
This example shows how to display the number of concurrent proxy connections that are allowed per server:
fwsm/context_name(config)# show aaa proxy-limitRelated Commands
aaa accounting match
aaa authentication
aaa authorization
auth-prompt
password/passwd
service
ssh
telnet
virtualshow aaa-server
To display the AAA server configuration information, use the show aaa-server command.
show aaa-server
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
1.1(1)
Support for this command was introduced on the FWSM.
2.2(1)
This command was modified to support a second LOCAL method for AAA configurations.
Examples
This example shows how to display the AAA server configuration information:
fwsm/context_name(config)# show aaa-serverRelated Commands
aaa accounting match
aaa authentication
aaa authorization
auth-prompt
password/passwd
service
ssh
telnet
virtualshow access-group
To display the context group members, use the show access-group command.
show access-group [access-list]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the context group members:
fwsm/context_name(config)# show access-groupaccess-group 100 in interface outsideRelated Commands
show access-list
To display the access list entries by number, use the show access-list command.
show access-list id
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how the FWSM numbers the access list entries (ACEs) and remarks are inserted. The remarks are not assigned a line number.
fwsm(config)# show access-list acaccess-list ac; 2 elementsaccess-list ac line 1 permit ip any any (hitcnt=0)access-list ac line 2 permit tcp any any (hitcnt=0)Related Commands
access-list extended
clear access-list
show access-list modeshow access-list mode
To display the compilation mode for the system, use the show access-list mode command.
show access-list mode
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how display the access list compilation mode for the FWSM:
fwsm(config)# show access-list modeaccess-list mode manual-commitRelated Commands
access-list extended
access-list mode
clear access-list
show access-listshow activation-key
To display the commands in the configuration for features that are enabled by your activation key, including the number of contexts allowed, use the show activation-key command.
show activation-key
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show activation-key command output indicates the status of the activation key as follows:
•
The flash activation key is the SAME as the running key.•
The flash activation key is DIFFERENT from the running key.The flash activation key takes effect after the next reload.•
The flash image is DIFFERENT from the running image.The two images must be the same in order to examine the flash activation key.•
•
Examples
This example shows how to display the commands in the configuration for features that are enabled by your activation key:
fwsm(config)# show activation-keyRunning Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000Licensed Features:Failover: EnabledVPN-DES: EnabledVPN-3DES: EnabledMaximum Interfaces: 100 (per security context)Cut-through Proxy: EnabledGuards: EnabledURL-filtering: EnabledThroughput: UnlimitedISAKMP peers: UnlimitedSecurity Contexts: 2This machine has an Unrestricted (UR) license.The flash activation key is the SAME as the running key.fwsm(config)#Related Commands
show admin-context
To display which context is designated as the administration context, use the show admin-context command.
show admin-context
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the designated administration context:
fwsm(config)# show admin-contextAdmin: admin disk:/admin.cfgRelated Commands
show alias
To display the overlapping addresses with dual NAT commands in the configuration, use the show alias command.
show alias
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display alias information:
fwsm/context_name(config)# show aliasRelated Commands
show area
To display the area commands in the configuration, use the show area command.
show area
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode
Command History
Examples
This example shows how to display area command configuration information:
fwsm/context_name(config)# show areaRelated Commands
show arp
To list the entries in the ARP table, use the show arp command.
show arp [timeout | statistics]
Syntax Description
timeout
(Optional) Specifies ARP timeout information.
statistics
(Optional) Specifies ARP statistics.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode
Command History
Examples
This example shows how to list the entries in the ARP table:
fwsm(config)# show arp statisticsDropped blocks in ARP: 6Maximum Queued blocks: 3Queued blocks: 1Interface collision ARPs Received: 5ARP-defense Gratuitous ARPS sent: 4Total ARP retries: 15Unresolved hosts: 1Maximum Unresolved hosts: 2Related Commands
show auth-prompt
To display the current AAA challenge text, use the show auth-prompt command.
show auth-prompt
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the AAA challenge text:
fwsm/context_name(config)# show auth-promptRelated Commands
show banner
To display the specified banner and all the lines that are configured for it, use the show banner command.
show banner [{exec | login | motd}]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show banner {motd | exec | login} command allows you to display the specified banner keyword and all the lines that are configured for it. If you do not specify a banner keyword, then all the banners are displayed.
Examples
This example shows how to display the message-of-the-day (motd) banner:
fwsm/context_name(config)# show banner motdRelated Commands
show blocks
To display the blocks in the preallocated system buffer, use the show blocks command.
show blocks
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show blocks command allows you to determine whether the FWSM is being overloaded similarly to the show cpu command. The show blocks command allows you to display preallocated system buffer utilization.
In the show blocks command listing, the SIZE column displays the block type. The MAX column is the maximum number of allocated blocks. The LOW column is the fewest blocks that are available since the last reboot. The CNT column is the current number of available blocks. A zero in the LOW column indicates a previous event where memory is full. A zero in the CNT column means memory is full now. A full memory condition is not a problem as long as traffic is moving through the FWSM.
You can use the show conn command to see if traffic is moving. If traffic is not moving and the memory is full, there may be a problem.
You can also display the information from the show blocks command using SNMP.
Packet-Processing Blocks (1550 and 16384 Bytes)
When a packet enters an FWSM's interface, it is placed on the input interface queue, passed up to the operating system, and placed in a block. For Ethernet packets, the 1550-byte blocks are used; if the packet comes in on a 66-MHz Gigabit Ethernet card, the 16384-byte blocks are used. The FWSM determines whether the packet should be permitted or denied based on the adaptive security algorithm (ASA) and processes the packet through to the output queue on the outbound interface. If the FWSM is having trouble keeping up with the traffic load, the number of available 1550-byte blocks (or 16384-byte blocks for 66-MHz GE) will hover close to 0 (as shown in the CNT column of the command output). When the CNT column is zero, the FWSM attempts to allocate more blocks, up to a maximum of 8192. If no more blocks are available, the FWSM drops the packet.
Failover and Syslog Blocks (256 Bytes)
The 256-byte blocks are mainly used for stateful failover messages. The active FWSM generates and sends packets to the standby FWSM to update the translation and connection table. In bursty traffic, where high rates of connections are created or torn down, the number of available 256-byte blocks may drop to 0. This situation indicates that one or more connections were not updated to the standby FWSM. The stateful failover protocol will catch the missing xlate or connection the next time. If the CNT column for 256-byte blocks stays at or near 0 for extended periods of time, then the FWSM is having trouble keeping the translation and connection tables synchronized because of the number of connections per second that the FWSM is processing. If this situation happens consistently, you might upgrade the FWSM to a faster model.
Syslog messages sent out from the FWSM also use the 256-byte blocks, but they are generally not released in such quantity to cause a depletion of the 256-byte block pool. If the CNT column shows that the number of 256-byte blocks is near 0, ensure that you are not logging at Debugging (level 7) to the syslog server. This is indicated by the logging trap line in the FWSM configuration. We recommend that you set logging at Notification (level 5) or lower, unless you require additional information for debugging purposes.
Table 2-14 describes the columns in the show blocks display.
Table 2-15 describes the rows in the show blocks display.
Examples
This example show how to display preallocated system buffer memory blocks:
fwsm(config)# show blocksSIZE MAX LOW CNT4 1600 1600 160080 100 97 97256 80 79 791550 788 402 40465536 8 8 82048 1000 994 1000show ca
To display the certificate authorization information, use the show ca command.
show ca {certificate | crl | configure | identity | mypubkey rsa | subject-name | verifycertdn}
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the current status of requested certificates. The CA certificate stems from a Microsoft CA server that was previously generated for this FWSM.
fwsm(config)# show ca certificateRA Signature CertificateStatus:AvailableCertificate Serial Number:6106e08a000000000005Key Usage:SignatureCN = SCEPOU = VSECO = CiscoL = San JoseST = CAC = USEA =<16> username@example.comValidity Date:start date:17:17:09 Jul 11 2000end date:17:27:09 Jul 11 2001CertificateStatus:AvailableCertificate Serial Number:1f80655400000000000aKey Usage:General PurposeSubject NameName:firewall.example.comValidity Date:start date:20:06:23 Jul 17 2000end date:20:16:23 Jul 17 2001CA CertificateStatus:AvailableCertificate Serial Number:25b81813efe58fb34726eec44ae82365Key Usage:SignatureCN = MSCAOU = CiscoO = VSECL = San JoseST = CAC = USEA =<16> username@example.comValidity Date:start date:17:07:34 Jul 11 2000RA KeyEncipher CertificateStatus:AvailableCertificate Serial Number:6106e24c000000000006Key Usage:EncryptionCN = SCEPOU = VSECO = CiscoL = San JoseST = CAC = USEA =<16> username@example.comValidity Date:start date:17:17:10 Jul 11 2000end date:17:27:10 Jul 11 01Table 2-16 describes strings within the show ca certificate command sample output.
This example shows how to display certificate information. See Table 2-16 for descriptions of the strings within the following sample output.
fwsm(config)# show ca crlCRL:CRL Issuer Name:CN = MSCA, OU = Cisco, O = VSEC, L = San Jose, ST = CA, C = US, EA=<16> username@example.comLastUpdate:17:07:40 Jul 11 2000NextUpdate:05:27:40 Jul 19 2000This example shows how to display information about the RSA keys. Special-usage RSA keys were previously generated for this FWSM using the ca generate rsa command.
fwsm(config)# show ca mypubkey rsa% Key pair was generated at: 15:34:55 Aug 05 1999Key name: firewall.example.comUsage: Signature KeyKey Data:305c300d 06092a86 4886f70d 01010105 00034b00 30480241 00c31f4a ad32f60d6e7ed9a2 32883ca9 319a4b30 e7470888 87732e83 c909fb17 fb5cae70 3de738cf6e2fd12c 5b3ffa98 8c5adc59 1ec84d78 90bdb53f 2218cfe7 3f020301 0001% Key pair was generated at: 15:34:55 Aug 05 1999Key name: firewall.example.comUsage: Encryption KeyKey Data:305c300d 06092a86 4886f70d 01010105 00034b00 30480241 00d8a6ac cc64e57a48dfb2c1 234661c7 76380bd5 72ae62f7 1706bdab 0eedd0b5 2e5feef0 76319d98908f50b4 85a291de 247b6711 59b30026 453bfa3c 45234991 5d020301 0001This example shows how display a certificate with a CRL string. See Table 2-16 for descriptions of the strings within the following sample output.
fwsm(config)# show ca crlCRL:CRL Issuer Name:CN = MSCA, OU = Cisco, O = VSEC, L = San Jose, ST = CA, C = US, EA=<16> username@example.comLastUpdate:17:07:40 Jul 11 2000NextUpdate:05:27:40 Jul 19 2000Related Commands
show capture
To display the capture configuration when no options are specified, use the show capture command.
show capture [capture_name] [access-list access_list_name] [count number] [detail] [dump]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
If you specify the capture_name, then the capture buffer contents for that capture are displayed.
The dump keyword does not display MAC information in the hexadecimal dump.
The decoded output of the packets depend on the protocol of the packet. In Table 2-17, the bracketed output is displayed when you specify the detail keyword.
Examples
This example shows how to display the capture configuration:
fwsm(config)# show capturecapture arp ethernet-type arp interface outsidecapture http access-list http packet-length 74 interface insideThis example shows how to display the packets that are captured by an ARP capture:
fwsm(config)# show capture arp2 packets captured19:12:23.478429 arp who-has 171.69.38.89 tell 171.69.38.1019:12:26.784294 arp who-has 171.69.38.89 tell 171.69.38.102 packets shownRelated Commands
show checksum
To display the configuration checksum, use the show checksum command.
show checksum
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: Unprivileged
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show checksum command allows you to display four groups of hexadecimal numbers that act as a digital summary of the configuration contents. This same information is stored with the configuration when you store the configuration in the Flash partition. By using the show config command, viewing the checksum at the end of the configuration listing, and using the show checksum command, you can compare the numbers to see if the configuration has changed. The FWSM tests the checksum to determine if a configuration has not been corrupted.
If a dot (".") appears before the checksum in the show config or show checksum command output, the output indicates a normal configuration load or write mode indicator (when loading from or writing to the FWSM Flash partition). The "." shows that the FWSM is preoccupied with the operation but is not "hung up." This message is similar to a "system processing, please wait" message.
Examples
This example shows how to display the configuration or the checksum:
fwsm(config)# show checksumCryptochecksum: 1a2833c0 129ac70b 1a88df85 650dbb81show chunkstat
To display the chunk statistics, use the show chunkstat command.
show chunkstat
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the chunk statistics:
fwsm(config)# show chunkstatChunk statistics: created 1, destroyed: 0,sibs created: 0, sibs trimmed: 0Dump of chunk at 0cc835e4, name "Radix trie mask chunks", data start @ 0cc845dc,end @ 0cc8845cflink: 013ef300, blink: 013ef300next: 00000000, next_sibling: 00000000, prev_sibling: 00000000flags 00000001maximum chunk elt's: 1000, elt size: 16, index first free 997# chunks in use: 3, HWM of total used: 3, alignment: 0Chunk statistics: created 1, destroyed: 0,sibs created: 0, sibs trimmed: 0Dump of chunk at 0cbd77ec, name "IP subnet NDB entry", data start @ 0cbd8014, end @ 0cc66954flink: 00000000, blink: 00ed81c8next: 00000000, next_sibling: 00000000, prev_sibling: 00000000flags 00000009maximum chunk elt's: 500, elt size: 1156, index first free 500# chunks in use: 0, HWM of total used: 0, alignment: 0show class
To display the class configuration, use the show class command.
show class
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: Multiple
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display class configuration information:
fwsm(config)# show classClass Name Members ID Flagsdefault All 1 0001fwsm(config)#Related Commands
show clock
To display the FWSM clock for use with the FWSM Syslog Server (PFSS) and the Public Key Infrastructure (PKI) protocol, use the show clock command.
show clock
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the FWSM clock for use with the PFSS and PKI protocols:
fwsm/context_name(config)# show clock08:46:48 [0] Jul 16 2003show compatible rfc1583
To display the method that is used to calculate the summary route costs per RFC 1583, use the show compatible rfc1583 command.
show compatible rfc1583
Syntax Description
This command has no arguments or keywords.
Defaults
The defaults are as follows:
•
•
Command Modes
Security Context Mode: single context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display calculation methods for summary route costs per RFC 1583:
fwsm/context_name(config)# show compatible rfc1583Related Commands
show configure
To display the startup configuration of the FWSM, use the show configure command.
show configure
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show configure and show startup-config commands allow you to display the startup configuration of the FWSM. The write terminal and show running-config commands allow you to display the configuration that is currently running on the FWSM.
Examples
This example shows how to display the startup configuration of the FWSM:
fwsm/context_name(config)# show configure: Saved: Written by enable_15 at 16:17:31 Jun 26 2003fwsm Version 2.2(0)141enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptedhostname sw8fx1ftp mode passivenamesaccess-list deny-flow-max 4096access-list alert-interval 300no pagerlogging history debuggingclass defaultlimit-resource All 0!admin-context admincontext adminlogical-interface vlan300config-url disk:admin.cfg!context my_contextlogical-interface vlan300config-url disk:my_context.cfg!context my_contextlogical-interface vlan300config-url disk:my_context.cfg!failoverfailover lan unit secondaryfailover lan interface failover vlan 500failover polltime unit 15failover polltime interface 15failover interface-policy 50 percentfailover interface ip failover 192.168.1.1 255.255.255.0 standby 192.168.1.2no pdm history enablearp timeout 14400!timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:01:00 rpc 0:10:00 h23 0:05:00 h225 1:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00timeout uauth 0:00:00 absoluteaaa-server TACACS+ protocol tacacs+aaa-server RADIUS protocol radiusaaa-server LOCAL protocol localfloodguard enableno sysopt route dnatterminal width 511gdb enablemgcp command-queue 0Cryptochecksum:03266426306f5ed3d9eb48b859a7263cRelated Commands
show conn
To display the connections used and those that are available, use the show conn command.
show conn [count] | [protocol {TCP | UDP | icmp}] [{foreign | local} ip [-ip2]] [netmask mask] [{lport | fport} port1 [-port2]]
show conn [state up [,finin][,finout][,http_get][,smtp_data][,data_in][,data_out][,...]]
Syntax Description
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show conn command allows you to display the number of, and information about, active TCP connections. When specifying multiple show conn state keywords, use commas without spaces to list as follows:
fwsm(config)# show conn state up,rpc,h323,sipIf you insert spaces, the FWSM does not recognize the command.
You can also display the connection count information from the show conn command using SNMP.
The accuracy of the displayed count may vary depending on the traffic volume and the type of traffic that is passing through the FWSM.
See the "Specifying Port Values" section in Appendix B, "Port and Protocol Values," for a list of valid port literal names.
When you enter the show conn command, the following active connections are displayed by their current state (listed in bold print):
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
protocol is a protocol that is specified by number. See the "Specifying Protocol Values" section in Appendix B, "Port and Protocol Values," for a list of valid protocol literal names.
The show conn detail command displays the following information:
{UDP | TCP} outside_ifc:real_addr/real-port [(map_addr/port)] inside_ifc:real_addr/real_port [(map-addr/port)] flags flagsThe connection flags are defined in Table 2-18.
Examples
This example shows a TCP session connection from inside host 10.1.1.15 to the outside Telnet server at 192.150.49.10. Because there is no B flag, the connection is initiated from the inside. The U, I, and O flags indicate that the connection is active and has received inbound and outbound data.
fwsm(config)# show conn2 in use, 2 most usedTCP out 192.150.49.10:23 in 10.1.1.15:1026 idle 0:00:22Bytes 1774 flags UIOUDP out 192.150.49.10:31649 in 10.1.1.15:1028 idle 0:00:14flags D-This example shows a UDP connection from outside host 192.150.49.10 to inside host 10.1.1.15. The D flag indicates a DNS connection. The number 1028 is the DNS ID over the connection.
fwsm(config)# show conn detail2 in use, 2 most usedFlags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,B - initial SYN from outside, D - DNS, d - dump,E - outside back connection, f - inside FIN, F - outside FIN,G - group, H - H.323, I - inbound data, M - SMTP data,O - outbound data, P - inside back connection,q - SQL*Net data, R - outside acknowledged FIN,R - UDP RPC, r - inside acknowledged FIN, S - awaiting inside SYN,s - awaiting outside SYN, U - upTCP outside:192.150.49.10/23 inside:10.1.1.15/1026 flags UIOUDP outside:192.150.49.10/31649 inside:10.1.1.15/1028 flags dDThis example shows sample output from the show conn command:
show conn6 in use, 6 most usedTCP out 209.165.201.1:80 in 10.3.3.4:1404 idle 0:00:00 Bytes 11391TCP out 209.165.201.1:80 in 10.3.3.4:1405 idle 0:00:00 Bytes 3709TCP out 209.165.201.1:80 in 10.3.3.4:1406 idle 0:00:01 Bytes 2685TCP out 209.165.201.1:80 in 10.3.3.4:1407 idle 0:00:01 Bytes 2683TCP out 209.165.201.1:80 in 10.3.3.4:1403 idle 0:00:00 Bytes 15199TCP out 209.165.201.1:80 in 10.3.3.4:1408 idle 0:00:00 Bytes 2688UDP out 209.165.201.7:24 in 10.3.3.4:1402 idle 0:01:30UDP out 209.165.201.7:23 in 10.3.3.4:1397 idle 0:01:30UDP out 209.165.201.7:22 in 10.3.3.4:1395 idle 0:01:30Host 10.3.3.4 on the inside has accessed a website at 209.165.201.1. The global address on the outside interface is 209.165.201.7.
This example shows how to display connections to the FWSM that are in the up state:
fwsm/context_name(config)# show conn state up0 in use, 0 most usedNetwork Processor 1 connectionsNetwork Processor 2 connectionsRelated Commands
show console-output
To display the currently configured console timeout value, use the show console-output command.
show console-output
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the console output:
fwsm(config)# show console-outputMessage #1 : Initializing debugger......: Message #2 : Found PCI card in slot:bus:2 dev:9 (vendor:0x8086 deviceid:0x1001)Message #3 : Found PCI card in slot:2 bus:2 dev:8 (vendor:0x8086 deviceid:0x100)Message #4 : Found PCI card in slot:3 bus:1 dev:6 (vendor:0x1014 deviceid:0x1e8Message #5 : Ignoring PCI card in slot:3 (vendor:0x1014 deviceid:0x1e8)Message #6 : Found PCI card in slot:4 bus:1 dev:5 (vendor:0x1014 deviceid:0x1e8Message #7 : Ignoring PCI card in slot:4 (vendor:0x1014 deviceid:0x1e8)Message #8 : Found PCI card in slot:5 bus:1 dev:4 (vendor:0x1014 deviceid:0x1e8Message #9 : Ignoring PCI card in slot:5 (vendor:0x1014 deviceid:0x1e8)Message #10 : Found PCI card in slot:7 bus:0 dev:2 (vendor:0x1011 deviceid:0x22Message #11 : PCI-2-PCI bridge in slot:7 (vendor:0x1011 deviceid:0x22)Message #12 : IBM NP4GS3 in slot:7 dev:4 (vendor:0x1014 deviceid:0x1e8)Message #13 : IBM NP4GS3 in slot:7 dev:5 (vendor:0x1014 deviceid:0x1e8)Message #14 : IBM NP4GS3 in slot:7 dev:6 (vendor:0x1014 deviceid:0x1e8)Message #15 : Found PCI card in slot:8 bus:0 dev:1 (vendor:0x1022 deviceid:0x200)Message #16 : The NICs as we know them:Message #17 : Nic 0: driver 2, bus 2, dev 9, irq 5, media 4, mediaIndex 0Message #18 : Nic 1: driver 2, bus 2, dev 8, irq 7, media 4, mediaIndex 1Message #19 : Nic 2: driver 3, bus 0, dev 1, irq 11, media 1, mediaIndex 0Message #20 : write addr 0xa0000240, data 0x80000000Message #21 : write addr 0xa0000240, data 0x80000000Message #22 : write addr 0xa0000240, data 0x80000000Related Commands
show context
To display the currently configured contexts, use the show context command.
show context [detail] [name | admin | count]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: Multiple
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display detailed information about the configured contexts:
fwsm/context_name(config)# show context my_contextContext Name Class Interfaces URLmy_context default 30 disk:my_context.cfgfwsm/context_name(config)# show contextContext Name Class Interfaces URL*admin default 30,40 disk:admin.cfgmy_context default 30 disk:my_context.cfgfwsm/context_name(config)# show context countTotal active contexts: 2fwsm(config)# changeto context my_contextfwsm/my_context(config)# show contextContext Name Class Interfaces URLmy_context default 30 disk:my_context.cfgRelated Commands
show counters
To display and clear the protocol stack counters, use the show counters command.
show counters [context context-name | top N | all | summary] [protocol protocol_name [:counter_name]| detail] [threshold count_threshold]
Syntax Description
Defaults
show counters summary detail threshold 1
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display all counters:
fwsm# show counters allProtocol Counter Value ContextIOS_IPC IN_PKTS 2 single_vfIOS_IPC OUT_PKTS 2 single_vffwsm(config)# show countersProtocol Counter Value ContextNPCP IN_PKTS 7195 SummaryNPCP OUT_PKTS 7603 SummaryIOS_IPC IN_PKTS 869 SummaryIOS_IPC OUT_PKTS 865 SummaryIP IN_PKTS 380 SummaryIP OUT_PKTS 411 SummaryIP TO_ARP 105 SummaryIP TO_UDP 9 SummaryUDP IN_PKTS 9 SummaryUDP DROP_NO_APP 9 SummaryFIXUP IN_PKTS 202 SummaryThis example shows how to display a summary of counters:
fwsm# show counters summaryProtocol Counter Value ContextIOS_IPC IN_PKTS 2 SummaryIOS_IPC OUT_PKTS 2 SummaryThis example shows how to display counters for a context:
fwsm# show counters context single_vfProtocol Counter Value ContextIOS_IPC IN_PKTS 4 single_vfIOS_IPC OUT_PKTS 4 single_vfRelated Commands
show cpu
To display the CPU utilization information, use the show cpu usage command.
In system context:
show cpu [usage] context
show cpu [usage] [context {all | context_name}]
In a context:
show cpu [usage]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show cpu usage command displays the CPU usage information. When the command displays per-context CPU usage, the value is displayed with one decimal digit of precision instead of an integer value.
This command displays how the CPU usage is spread across all of the contexts and system-level (system and kernel) processes. The columns will always total 100%. In an idle system, all of the CPU usage is displayed in the system and kernel processes as shown in the examples.
In the system context:
•
•
•
In a context, the show cpu command displays the percentage of CPU time used by that context.
Examples
This example shows how to diaply the CPU utilization for the FWSM:
fwsm(config)# show cpu usageCPU utilization for 5 seconds = 1%; 1 minute: 0%; 5 minutes: 0%The percentage usage prints as NA (not applicable) if the usage is unavailable for the specified time interval. This situation can occur if you ask for CPU usage before the 5-second, 1-minute, or 5-minute time interval has elapsed.
This example shows how to diaply the CPU utilization for a context:
fwsm/context_name(config)# show cpu usage context adminCPU utilization for 5 seconds = 1%; 1 minute: 0%; 5 minutes: 0%This example shows how to diaply the CPU utilization for all contexts:
fwsm(config)# show cpu usage context allCPU utilization for 5 seconds = 1%; 1 minute: 0%; 5 minutes: 0%5 sec 1 min 5 min Context Name0% 0% 0% admin59% 59% 59% system41% 41% 41% <kernel>show crashdump
To display the crash information file that is stored in the Flash partition of the FWSM, use the show crashdump command.
show crashdump [save]
Syntax Description
save
(Optional) Displays whether or not the FWSM is configured to save crash information to the Flash partition.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show crashdump save command allows you to display whether or not the FWSM is configured to save crash information to the Flash partition.
The show crashdump command allows you to display the crash information file that is stored in the Flash partition of the FWSM. If the crash information file is from a test crash (from the crashdump test command), the first string of the crash information file is ": Saved_Test_Crash" and the last one is ": End_Test_Crash". If the crash information file is from a real crash, the first string of the crash information file is ": Saved_Crash" and the last one is ": End_Crash" (this includes crashes from the crashdump force page-fault or crashdump force watchdog commands).
Examples
This example shows how to display the current crash information configuration:
fwsm(config)# show crashdump savecrashdump save enableThis example shows the output for a crash information file test. (However, this test does not actually crash the FWSM. It provides a simulated example file.)
fwsm(config)# crashdump testfwsm(config)# exitfwsm(config)# show crashdump: Saved_Test_CrashThread Name: ci/console (Old pc 0x001a6ff5 ebp 0x00e88920)Traceback:0: 003231431: 0032321b2: 0010885c3: 0010763c4: 001078db5: 001035856: 00000000vector 0x000000ff (user defined)edi 0x004f20c4esi 0x00000000ebp 0x00e88c20esp 0x00e88bd8ebx 0x00000001edx 0x00000074ecx 0x00322f8beax 0x00322f8berror code n/aeip 0x0010318ccs 0x00000008eflags 0x00000000CR2 0x00000000Stack dump: base:0x00e8511c size:16384, active:14760x00e89118: 0x004f1bb40x00e89114: 0x001078b4...0x00e88b5c: 0x000000000x00e88b58: 0x00000008Cisco Firewall Version 2.2Cisco Device Manager Version 2.2Compiled on Fri 15-Nov-02 14:35 by rootFWSM up 10 days 0 hoursHardware: FWSM, 64 MB RAM, CPU Pentium 200 MHzFlash i28F640J5 @ 0x300, 16MBBIOS Flash AT29C257 @ 0xfffd8000, 32KB0: ethernet0: address is 0003.e300.73fd, irq 101: ethernet1: address is 0003.e300.73fe, irq 72: ethernet2: address is 00d0.b7c8.139e, irq 9Licensed Features:Failover: DisabledVPN-DES: EnabledVPN-3DES-AES: DisabledMaximum Interfaces: 3Cut-through Proxy: EnabledGuards: EnabledURL-filtering: EnabledInside Hosts: UnlimitedThroughput: UnlimitedIKE peers: UnlimitedThis FWSM has a Restricted (R) license.Serial Number: 480430455 (0x1ca2c977)Running Activation Key: 0xc2e94182 0xc21d8206 0x15353200 0x633f6734Configuration last modified by enable_15 at 13:49:42.148 UTC Wed Nov 20 2002------------------ show clock ------------------15:34:28.129 UTC Sun Nov 24 2002------------------ show memory ------------------Free memory: 50444824 bytesUsed memory: 16664040 bytes------------- ----------------Total memory: 67108864 bytes------------------ show conn count ------------------0 in use, 0 most used------------------ show xlate count ------------------0 in use, 0 most used------------------ show blocks ------------------SIZE MAX LOW CNT4 1600 1600 160080 400 400 400256 500 499 5001550 1188 795 927------------------ show interface ------------------Interface vlan20 "", is administratively down, line protocol is upMAC address 0000.0000.0000, MTU 0IP address 127.0.0.1, subnet mask 255.255.255.255Received 0 packets, 0 bytesTransmitted 0 packets, 0 bytesDropped 0 packetsInterface vlan40 "outside", is up, line protocol is upMAC address 0005.9a38.7400, MTU 1500IP address 40.7.12.1, subnet mask 255.255.0.0Received 684499 packets, 473311321 bytesTransmitted 512981 packets, 29781306 bytesDropped 0 packetsInterface vlan41 "inside", is up, line protocol is upMAC address 0005.9a38.7400, MTU 1500IP address 41.7.12.1, subnet mask 255.255.0.0Received 780297 packets, 70082987 bytesTransmitted 605699 packets, 473794675 bytesDropped 61 packetsInterface vlan2000 "", is administratively down, line protocol is downMAC address 0000.0000.0000, MTU 0IP address 127.0.0.1, subnet mask 255.255.255.255Received 0 packets, 0 bytesTransmitted 0 packets, 0 bytesDropped 0 packets------------------ show cpu usage ------------------CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%------------------ show process ------------------PC SP STATE Runtime SBASE Stack ProcessHsi 001e3329 00763e7c 0053e5c8 0 00762ef4 3784/4096 arp_timerLsi 001e80e9 00807074 0053e5c8 0 008060fc 3792/4096 FragDBGC...Hwe 001e5398 00f52c5c 00812054 0 00f51d64 3832/4096 tcp_thread/2Hwe 003d1a65 00f78284 008140f8 0 00f77fdc 300/1024 listen/http1Mwe 0035cafa 00f7a63c 0053e5c8 0 00f786c4 7640/8192 Crypto CA------------------ show failover ------------------No license for Failover------------------ show traffic ------------------outside:received (in 865565.090 secs):6139 packets 830375 bytes0 pkts/sec 0 bytes/sectransmitted (in 865565.090 secs):90 packets 6160 bytes0 pkts/sec 0 bytes/secinside:received (in 865565.090 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sectransmitted (in 865565.090 secs):1 packets 60 bytes0 pkts/sec 0 bytes/secintf2:received (in 865565.090 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sectransmitted (in 865565.090 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sec------------------ show perfmon ------------------PERFMON STATS: Current AverageXlates 0/s 0/sConnections 0/s 0/sTCP Conns 0/s 0/sUDP Conns 0/s 0/sURL Access 0/s 0/sURL Server Req 0/s 0/sTCP Fixup 0/s 0/sTCPIntercept 0/s 0/sHTTP Fixup 0/s 0/sFTP Fixup 0/s 0/sAAA Authen 0/s 0/sAAA Author 0/s 0/sAAA Account 0/s 0/s: End_Test_CrashRelated Commands
clear crashdump
crashdump forceshow crypto dynamic-map
To display a dynamic crypto map set, use the show crypto dynamic-map command.
show crypto dynamic-map [tag dynamic-map-name]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
For detailed help, refer to the subcommand help in the mode where the commands are available. For example, you can enter the following:
fwsm/context_name(config)# ca ?fwsm(config)# help ca.Examples
This example shows sample output for the show crypto dynamic-map command:
fwsm(config)# show crypto dynamic-mapCrypto Engine Connection Map:size = 8, free = 7, used = 0, active = 0The following partial configuration was in effect when the preceding show crypto dynamic-map command was issued:
crypto ipsec security-association lifetime seconds 120crypto ipsec transform-set t1 esp-des esp-md5-hmaccrypto ipsec transform-set tauth ah-sha-hmaccrypto dynamic-map dyn1 10 set transform-set tauth t1crypto dynamic-map dyn1 10 match address 152crypto map to-firewall local-address Ethernet0crypto map to-firewall 10 ipsec-isakmpcrypto map to-firewall 10 set peer 172.21.114.123crypto map to-firewall 10 set transform-set tauth t1crypto map to-firewall 10 match address 150crypto map to-firewall 20 ipsec-isakmp dynamic dyn1access-list 150 permit ip host 172.21.114.67 host 172.21.114.123access-list 150 permit ip host 15.15.15.1 host 172.21.114.123access-list 150 permit ip host 15.15.15.1 host 8.8.8.1access-list 152 permit ip host 172.21.114.67 anyThis example shows output from the show crypto map command for a crypto map named "mymap":
fwsm(config)# show crypto mapCrypto Map: "mymap" interfaces: { outside }Crypto Map "mymap" 1 ipsec-isakmpPeer = 171.69.231.241access-list no-nat; 1 elementsaccess-list no-nat permit ip 192.168.0.0 255.255.255.0 1.1.1.0 255.255.255.0 (hitcnt=0)Current peer: 171.69.231.241Security association lifetime: 4608000 kilobytes/28800 secondsPFS (Y/N): YDH group: group5Transform sets={ mycrypt, }Related Commands
clear crypto dynamic-map
crypto dynamic-mapshow crypto engine
To display the cryptography engine usage statistics or run the Known Answer Test (KAT), use the show crypto engine command.
show crypto engine [verify]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show crypto engine command allows you to display the usage statistics for the cryptography engine that is used by the FWSM.
Examples
This example shows sample output for the show crypto engine command:
fwsm(config)# show crypto engineCrypto Engine Connection Map:size = 8, free = 7, used = 0, active = 0Related Commands
show crypto interface
To display the VPN accelerator cards (VACs) installed in the FWSM chassis and to display the packet, payload byte, queue length, and moving average counters for traffic moving through the card for VAC+, use the show crypto interface command.
show crypto interface [counters]
Syntax Description
counters
(Optional) Displays the packet count, byte queue, and moving averages for traffic through a VAC+.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show crypto interface command allows you to display VACs that are installed in the FWSM chassis.
The show crypto interface counters command allows you to display information (see Table 2-19) for the FWSM VAC+ only.
Examples
This example shows sample output from the show crypto interface and show crypto interface counters commands:
fwsm/context_name(config)# show crypto interfaceEncryption hardware device : Crypto5823 (revision 0x1)fwsm(config)# show crypto interface countersinterfaces: 1Crypto5823 (revision 0x1), maximum queue size 64packet count: 318657093payload bytes: 89861300946input queue (curr/max): 1336/1584interface queue (curr/max): 64/64output queue (curr/max): 0/64moving averages5second 128273 pkts/sec 289 Mbits/sec1minute 128326 pkts/sec 290 Mbits/sec5minute 128279 pkts/sec 289 Mbits/secThis example shows the same sample output after the clear crypto interface counters command has been used:
fwsm/context_name(config)# clear crypto interface countersfwsm/context_name(config)# show crypto interface countersinterfaces: 1Crypto5823 (revision 0x1), maximum queue size 64packet count: 355968payload bytes: 100382976input queue (curr/max): 1317/1537interface queue (curr/max): 64/64output queue (curr/max): 0/64moving averages5second NA pkts/sec NA Mbits/sec1minute NA pkts/sec NA Mbits/sec5minute NA pkts/sec NA Mbits/secThis example shows sample output from the show crypto interface and show crypto interface counters commands when a VAC+ is installed:
fwsm/context_name(config)# show crypto interfaceEncryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5fwsm/context_name(config)# show crypto interface countersno crypto interface counters availableThis example shows sample output from the show crypto interface and show crypto interface counters commands when no crypto interface card is installed (neither a VAC nor a VAC+):
fwsm(config)# show crypto interfacefwsm(config)# show crypto interface countersno crypto interface counters availableRelated Commands
show crypto ipsec
To display the configured transform sets, use the show crypto ipsec command.
show crypto ipsec security-association lifetime
show crypto ipsec transform-set [tag transform-set-name]
show crypto ipsec sa [map map-name | address | identity] [detail]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show crypto ipsec sa command allows you to display the settings that are used by the current security associations. If you do not enter a keyword, all security associations are displayed. They are sorted first by interface, and then by traffic flow (for example, source/destination address, mask, protocol, and port). Within a flow, the security associations are listed by protocol (ESP/AH) and direction (inbound/outbound). The identity keyword does not show the security association information.
Note
The show crypto ipsec sa command allows you to display the Payload Compression Protocol (PCP) in its output.Examples
This example shows how to display the security-association lifetime value:
fwsm/context_name(config)# show crypto ipsec security-association lifetimeSecurity-association lifetime: 4608000 kilobytes/120 secondsThis configuration was in effect when the preceding show crypto ipsec security-association lifetime command was issued:
fwsm/context_name(config)# crypto ipsec security-association lifetime seconds 120This example shows how to display the configured transform sets:
fwsm/context_name(config)# show crypto ipsec transform-setTransform set combined-des-sha: { esp-des esp-sha-hmac }will negotiate = { Tunnel, },Transform set combined-des-md5: { esp-des esp-md5-hmac }will negotiate = { Tunnel, },Transform set t1: { esp-des esp-md5-hmac }will negotiate = { Tunnel, },Transform set t100: { ah-sha-hmac }will negotiate = { Tunnel, },Transform set t2: { ah-sha-hmac }will negotiate = { Tunnel, },{ esp-des }will negotiate = { Tunnel, },This configuration was in effect when the preceding show crypto ipsec transform-set command was issued:
fwsm/context_name(config)# crypto ipsec transform-set combined-des-sha esp-des esp-sha-hmacfwsm/context_name(config)# crypto ipsec transform-set combined-des-md5 esp-des esp-md5-hmacfwsm/context_name(config)# crypto ipsec transform-set t1 esp-des esp-md5-hmacfwsm/context_name(config)# crypto ipsec transform-set t100 ah-sha-hmacfwsm/context_name(config)# crypto ipsec transform-set t2 ah-sha-hmac esp-desThis example shows how to display the settings that are used by the current security associations:
fwsm/context_name(config)# show crypto ipsec sainterface: outsideCrypto map tag: firewall-alice, local addr. 172.21.114.123local ident (addr/mask/prot/port): (172.21.114.123/255.255.255.255/0/0)remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0)current_peer: 172.21.114.67PERMIT, flags={origin_is_acl,}#pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10#pkts decaps: 10, #pkts decrypt: 10, #pkts verify 10#send errors 10, #recv errors 0local crypto endpt.: 172.21.114.123, remote crypto endpt.: 172.21.114.67/500path mtu 1500, media mtu 1500current outbound spi: 20890A6Finbound esp sas:spi: 0x257A1039(628756537)transform: esp-des esp-md5-hmac ,in use settings ={Tunnel UDP-Encaps, }slot: 0, conn id: 26, crypto map: firewall-alicesa timing: remaining key lifetime (k/sec): (4607999/90)IV size: 8 bytesreplay detection support: Yinbound ah sas:outbound esp sas:spi: 0x20890A6F(545852015)transform: esp-des esp-md5-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 27, crypto map: firewall-alicesa timing: remaining key lifetime (k/sec): (4607999/90)IV size: 8 bytesreplay detection support: Youtbound ah sas:interface: insideCrypto map tag: firewall-alice, local addr. 172.21.114.123local ident (addr/mask/prot/port): (172.21.114.123/255.255.255.255/0/0)remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0)current_peer: 172.21.114.67PERMIT, flags={origin_is_acl,}#pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10#pkts decaps: 10, #pkts decrypt: 10, #pkts verify 10#send errors 10, #recv errors 0local crypto endpt.: 172.21.114.123, remote crypto endpt.: 172.21.114.67path mtu 1500, media mtu 1500current outbound spi: 20890A6Finbound esp sas:spi: 0x257A1039(628756537)transform: esp-des esp-md5-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 26, crypto map: firewall-alicesa timing: remaining key lifetime (k/sec): (4607999/90)IV size: 8 bytesreplay detection support: Yinbound ah sas:outbound esp sas:spi: 0x20890A6F(545852015)transform: esp-des esp-md5-hmac ,in use settings ={Tunnel, }slot: 0, conn id: 27, crypto map: firewall-alicesa timing: remaining key lifetime (k/sec): (4607999/90)IV size: 8 bytesreplay detection support: Youtbound ah sas:Related Commands
crypto ipsec security-association lifetime
crypto ipsec transform-setshow crypto map
To display the crypto map configuration, use the show crypto map command.
show crypto map [interface interface-name | tag map-name]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the crypto map configuration:
fwsm/context_name(config)# show crypto mapCrypto Map: "firewall-alice" pif: outside local address: 172.21.114.123Crypto Map "firewall-alice" 10 ipsec-isakmpPeer = 172.21.114.67access-list 141 permit ip host 172.21.114.123 host 172.21.114.67Current peer: 172.21.114.67Security-association lifetime: 4608000 kilobytes/120 secondsPFS (Y/N): NTransform sets={ t1, }This configuration was in effect when the preceding show crypto map command was issued:
fwsm/context_name(config)# crypto map firewall-alice 10 ipsec-isakmpfwsm/context_name(config)# crypto map firewall-alice 10 set peer 172.21.114.67fwsm/context_name(config)# crypto map firewall-alice 10 set transform-set t1fwsm/context_name(config)# crypto map firewall-alice 10 match address 141This example shows the sample output for the show crypto map command when manually established security associations are used:
fwsm/context_name(config)# show crypto mapCrypto Map "multi-peer" 20 ipsec-manualPeer = 172.21.114.67access-list 120 permit ip host 1.1.1.1 host 1.1.1.2Current peer: 172.21.114.67Transform sets={ t2, }Inbound esp spi: 0,cipher key: ,auth_key: ,Inbound ah spi: 256,key: 010203040506070809010203040506070809010203040506070809,Outbound esp spi: 0cipher key: ,auth key: ,Outbound ah spi: 256,key: 010203040506070809010203040506070809010203040506070809,This configuration was in effect when the preceding show crypto map command was issued:
fwsm/context_name(config)# crypto map multi-peer 20 ipsec-manualfwsm/context_name(config)# crypto map multi-peer 20 set peer 172.21.114.67fwsm/context_name(config)# crypto map multi-peer 20 set session-key inbound ah 256010203040506070809010203040506070809010203040506070809fwsm/context_name(config)# crypto map multi-peer 20 set session-key outbound ah 256010203040506070809010203040506070809010203040506070809fwsm/context_name(config)# crypto map multi-peer 20 set transform-set t2fwsm/context_name(config)# crypto map multi-peer 20 match address 120Related Commands
show curpriv
To display the current user privileges, use the show curpriv command.
show curpriv
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: Unprivileged
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
These examples show output from the show curpriv command when a user named enable_15 is at different privilege levels. The username indicates the name that the user entered when the user logged in, P_PRIV indicates that the user has entered the enable command, and P_CONF indicates that the user has entered the config terminal command.
fwsm(config)# show curprivUsername : enable_15Current privilege level : 15Current Mode/s : P_PRIV P_CONFfwsm(config)# exitfwsm(config)# show curprivUsername : enable_15Current privilege level : 15Current Mode/s : P_PRIVfwsm(config)# exitfwsm(config)# show curprivUsername : enable_1Current privilege level : 1Current Mode/s : P_UNPRfwsm(config)#Related Commands
show default-information originate
To display a type 7 default in the not-so-stubby area (NSSA), use the show default-information originate command.
show default-information originate
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
This command is supported on an NSSA ABR or an NSSA autonomous system boundary router (ASBR) only.
The show ip ospf command displays the configured router ospf subcommands.
Examples
This example shows how to display NSSA information:
fwsm/context_name(config)# show default-information originateRelated Commands
default-information originate (route OSPF subcommand)
router ospf
show ip ospfshow dbg
To display the debug information, use the show dbg command.
show dbg
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display debug information:
fwsm(config)# show dbgi82557 isri82557 queuesip configip openip closeip putip getip ioctlip arpinip arpreqip inip answerip route...ci configRelated Commands
show debug
To display the debug information, use the show debug command.
show debug
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display debug information:
fwsm(config)# show debugRelated Commands
show dhcpd
To display the binding and statistics information associated with all of the dhcpd commands, use the show dhcpd command.
show dhcpd [binding | statistics]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example show how to display DHCPD statistics:
fwsm/context_name(config)# show dhcpd statisticsRelated Commandsdhcpd
show dhcprelay
To display the Dynamic Host Configuration Protocol (DHCP) relay statistics, use the show dhcprelay command.
show dhcprelay [statistics]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode
Command History
Usage Guidelines
The output of the show dhcprelay command increments until you enter the clear dhcprelay statistics command.
Examples
This example show how to display DHCPD statistics:
fwsm/context_name(config)# show dhcprelayRelated Commands
show disk
To display the information about the disk file system, use the show disk command.
show disk all | filesys
Syntax Description
all
Displays all files in the file system and the geometry of the partitions.
filesys
Displays only the geometry of the partitions.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the disk file system information:
fwsm(config)# show disk-#- --length-- -----date/time------ path1 1519 10:03:50 Jul 14 2003 my_context.cfg2 1516 10:04:02 Jul 14 2003 my_context.cfg3 1516 10:01:34 Jul 14 2003 admin.cfg60973056 bytes available (12288 bytes used)This example shows how to display all disk file system information and the partition information:
fwsm(config)# show disk all-#- --length-- -----date/time------ path1 1519 10:03:50 Jul 14 2003 my_context.cfg2 1516 10:04:02 Jul 14 2003 my_context.cfg3 1516 10:01:34 Jul 14 2003 admin.cfg60973056 bytes available (12288 bytes used)******** Flash Card Geometry/Format Info ********COMPACT FLASH CARD GEOMETRYNumber of Heads: 8Number of Cylinders 467Sectors per Cylinder 32Sector Size 512Total Sectors 119552COMPACT FLASH CARD FORMATNumber of FAT Sectors 59Sectors Per Cluster 8Number of Clusters 14889Number of Data Sectors 119264Base Root Sector 119Base FAT Sector 1Base Data Sector 151This example shows how to display the partition information:
fwsm(config)# show disk filesys******** Flash Card Geometry/Format Info ********COMPACT FLASH CARD GEOMETRYNumber of Heads: 8Number of Cylinders 467Sectors per Cylinder 32Sector Size 512Total Sectors 119552COMPACT FLASH CARD FORMATNumber of FAT Sectors 59Sectors Per Cluster 8Number of Clusters 14889Number of Data Sectors 119264Base Root Sector 119Base FAT Sector 1Base Data Sector 151: Savedshow dispatch stats
To display all the dispatch layer statistics, use the show dispatch stats command.
show dispatch stats [funcid]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the dispatch statistics table:
fwsm(config)# show dispatch statsDispatch Level Stats:Total pkts received : 4855Total bytes received : 332519Total pkts dropped : 0Total Control Channels Created : 0Total primary_sessions_created : 0Total secondary_sessions_created Created : 0Total sessions freed : 0Total embryonic sessions created : 0Total session moved to full open : 0Total embryonic session timeouts : 0Total zombie created : 0Total zombie reused : 0Total zombie freed : 0Max conn hash chain length : 0Total delete indications Received : 0Total buffer overflow count : 0Total url filtering connections : 0Fixup Error Stats:Invalid Ethernet Type : 0Packet Received in Indication : 0Invalid TLV Length : 0Unknown TLV : 0Invalid Packet Length : 0Invalid L4 protocol in packet : 0Invalid conn ptr in indication : 0Unsolicited delete indication : 0Host object lookup failure for indication : 0Invalid internal interface in indication : 0Invalid PIF in session info TLV : 0Conn lookup failure for delte indication : 0Fragments received for missing conn object : 0Session ID mismatch existing connection : 0Xlate ID mismatch for existing connnection : 0Packets received for deleted connections : 0Connection object allocation failures : 0Host object allocation failures : 0Xlate allocation failures : 0Xlate missing for conn : 0full open in zombie : 0Junk pointer in session TLV : 0error in setting VCID : 0Related Commands
show dispatch table
To display all the dispatch layer statistics, use the show dispatch table command.
show dispatch table
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the dispatch statistics table:
fwsm(config)# show dispatch table------------------------------------------------------------------------NAT TABLE ENTRIESFID CBACK FUNC QUEUE Channel MAX_CONN LINK STATUS------------------------------------------------------------------------1 url_filter TASK SWITCH f682d0 1000 ACTIVE2 domain FAST SWITCH f684b0 1000 ACTIVE4 ftp FAST SWITCH f684b0 1000 ACTIVE5 http TASK SWITCH f68258 1000 ACTIVE6 h323_h225 TASK SWITCH f68280 1000 ACTIVE7 h323_ras TASK SWITCH f68398 1000 ACTIVE8 ils FAST SWITCH f684b0 1000 ACTIVE9 rpc FAST SWITCH f684b0 1000 ACTIVE10 rsh TASK SWITCH f68294 1000 ACTIVE11 rtsp TASK SWITCH f682e4 1000 ACTIVE12 smtp FAST SWITCH f684b0 1000 ACTIVE13 sqlnet TASK SWITCH f682a8 1000 ACTIVE14 sip TASK SWITCH f68320 1000 ACTIVE15 skinny TASK SWITCH f68334 1000 ACTIVE16 udp_domain FAST SWITCH f684b0 1000 ACTIVE17 rpc_udp FAST SWITCH f684b0 1000 ACTIVE18 xdmcp FAST SWITCH f684b0 1000 ACTIVE19 udp_sip TASK SWITCH f683fc 1000 ACTIVE20 netbios FAST SWITCH f684b0 1000 ACTIVE21 ftp_filter_command TASK SWITCH f68438 1000 ACTIVE22 https_filter TASK SWITCH f6844c 1000 ACTIVE23 mgcp TASK SWITCH f68474 1000 ACTIVE33 indication handler TASK SWITCH f684c4 1000 ACTIVE34 AAA/events TASK SWITCH f684d8 1000 ACTIVE35 np/show TASK SWITCH f684ec 1000 ACTIVE36 pkt to IPstack TASK SWITCH f68500 1000 ACTIVE37 syslog_entry TASK SWITCH f68514 1000 ACTIVE38 fornax_pk_lu_process TASK SWITCH f68528 1000 ACTIVE----------------------------------------------------------------------PAT TABLE ENTRIESFID CBACK FUNC QUEUE Channel MAX_CONN LINK STATUS------------------------------------------------------------------------129 url_filter TASK SWITCH f682d0 1000 ACTIVE130 domain TASK SWITCH f6830c 1000 ACTIVE132 ftp FAST SWITCH f684b0 1000 ACTIVE133 http TASK SWITCH f68258 1000 ACTIVE134 h323_h225 TASK SWITCH f68280 1000 ACTIVE135 h323_ras TASK SWITCH f68398 1000 ACTIVE136 ils TASK SWITCH f68348 1000 ACTIVE137 rpc TASK SWITCH f68460 1000 ACTIVE138 rsh TASK SWITCH f68294 1000 ACTIVE140 smtp TASK SWITCH f6826c 1000 ACTIVE141 sqlnet TASK SWITCH f682a8 1000 ACTIVE142 sip TASK SWITCH f68320 1000 ACTIVE143 skinny TASK SWITCH f68334 1000 ACTIVE144 udp_domain TASK SWITCH f68410 1000 ACTIVE145 rpc_udp TASK SWITCH f68370 1000 ACTIVE146 xdmcp TASK SWITCH f68384 1000 ACTIVE147 udp_sip TASK SWITCH f683fc 1000 ACTIVE148 netbios TASK SWITCH f683d4 1000 ACTIVE149 ftp_filter_command TASK SWITCH f68438 1000 ACTIVE150 https_filter TASK SWITCH f6844c 1000 ACTIVE----------------------------------------------------------------------Related Commands
clear dispatch stats
show dispatch stats
show distance
To display the OSPF route administrative distances based on route type, use the show distance command.
show distance
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode
Command History
Examples
This example shows how to display OSPF route administrative distances:
fwsm(config)# show distanceRelated Commands
distance (router submode)
router ospf
show ip ospfshow domain-name
To display the IPSec domain name, use the show domain-name command..
show domain-name name
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The domain-name command allows you to change the IPSec domain name.
Note
Examples
This example shows how to display the IPSec domain name:
fwsm/context_name(config)# show domain-name example.comRelated Commands
show dynamic-map
To display a dynamic crypto map entry, use the show dynamic-map command.
show dynamic-map
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display dynamic crypto map entries.
fwsm/context_name(config)# show dynamic-mapNo crypto map templates found.Related Commands
show enable
To display the password configuration for privilege levels, use the show enable command.
show enable
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the password configuration:
fwsm/context_name(config)# show enableenable password 8Ry2YjIyt7RRXU24 encryptedRelated Commands
show established
To display the allowed inbound connections that are based on established connections, use the show established command.
show established
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display inbound connections that are based on established connections:
fwsm/context_name(config)# show establishedRelated Commands
show failover
To verify the status of the connection and to determine which module is active, use the show failover command.
show failover [statistics | state | interface | history]
Syntax Description
statistics
Displays failover statistics.
state
Displays the failover state.
interface
Displays the interface configuration.
history
Displays the configuration history.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show failover command allows you to display the dynamic failover information, interface status, and logical interface update status. In the show failover output, the fields have the following values:
•
–
–
–
–
•
–
–
–
–
–
–
–
–
The Standby Logical Update Statistics output that is displayed when you use the show failover command describes only the stateful failover. The "xerrs" value does not indicate an error in failover, but rather the number of packet transmit errors.
If you do not enter a failover IP address, the show failover command displays 0.0.0.0 for the IP address, and monitoring of the interfaces remain in a "waiting" state. You must set a failover IP address for failover to work.
Examples
This example shows how to display failover information:
fwsm(config)# show failoverFailover OffFailover unit SecondaryFailover LAN Interface not ConfiguredUnit Poll frequency 1 secondsInterface Poll frequency 15 secondsInterface Policy 50%Monitored Interfaces 0 of 250 maximumRelated Commands
clear failover
failover
failover interface ip
failover interface-policy
failover lan interface
failover lan unit
failover link
failover polltime
failover reset
monitor-interface
show failover
write standbyshow file
To display the information about the file system, use the show file command.
show file descriptors | system
Syntax Description
descriptors
Displays all open file descriptors.
system
Displays the size, bytes available, type of media, flags, and prefix information about the disk file system.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the file system information:
fwsm(config)# show file descriptorsNo open file descriptorsfwsm(config)# show file systemFile Systems:Size(b) Free(b) Type Flags Prefixes* 60985344 60973056 disk rw disk:Related Commands
cd
copy disk
copy flash
copy tftp
copy tftp
dir
format
mkdir
more
pwd
rename
rmdirshow filter
To display the URL, Java, or HTTPS filtering information, use the show filter command.
show filter
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display filtering information:
fwsm/context_name(config)# show filterRelated Commands
clear filter
filter ftp
filter https
filter urlshow firewall
To display the FWSM mode, use the show firewall command.
show firewall [transparent]
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the firewall mode:
fwsm(config)# show firewallFirewall mode: RouterRelated Commands
show fixup
To display the fixup configuration and port values, use the show fixup command.
show fixup
show fixup protocol {protocol [protocol] | mgcp}
Syntax Description
protocol protocol
(Optional) Displays the port values for the protocol specified.
mgcp
(Optional) Displays the configured MGCP fixups.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show fixup command allows you to display the current fixup configuration and port values.
The show fixup protocol protocol [protocol] command allows you to display the port values for the individual protocol specified.
The show fixup protocol mgcp command allows you to display the configured MGCP fixups.
Examples
This example shows how to display the current fixup configuration and port values:
fwsm(config)# show fixupfixup protocol ftp 21fixup protocol http 80fixup protocol h323 h225 1720fixup protocol h323 ras 1718-1719fixup protocol ils 389fixup protocol rsh 514fixup protocol rtsp 554fixup protocol smtp 25fixup protocol sqlnet 1521fixup protocol sip 5060fixup protocol skinny 2000fixup protocol pptp 1723fixup protocol sip udp 5060This example shows the configured MGCP fixups:
fwsm(config)# show fixup protocol mgcpfixup protocol mgcp 2427fixup protocol mgcp 2727Related Commands
show flashfs
To display the file system information, use the show flashfs command.
show flashfs
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show flashfs command displays the size in bytes of each file system sector and the current state of the file system. The data in each sector is as follows:
•
•
•
•
•
The origin values are integer multiples of the underlying file system sector size.
Examples
This example shows how to display file system information:
fwsm(config)# show flashfsflash file system: version:2 magic:0x12345679file 0: origin: 0 length:1511480file 1: origin: 2883584 length:3264file 2: origin: 0 length:0file 3: origin: 3014656 length:4444164file 4: origin: 8257536 length:280Related Commands
show floodguard
To display the flood guard status, use the show floodguard command.
show floodguard
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the flood guard status:
fwsm/context_name(config)# show floodguardfloodguard enableRelated Commands
show fragment
To display the states of the fragment databases, use the show fragment command.
show fragment [interface]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show fragment command allows you to display the states of the fragment databases. If you specify the interface name, only information for the database residing at the specified interface is displayed. If you do not specify the interface name, the command will apply to all interfaces.
Use the show fragment command to display this information:
•
•
•
•
•
•
•
•
Examples
This example shows how to display the states of the fragment databases:
fwsm(config)# show fragment outsideInterface:outsideSize:2000, Chain:45, Timeout:10Queue:1060, Assemble:809, Fail:0, Overflow:0Related Commands
show ftp
To display the FTP mode, use the show ftp command.
show ftp
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the FTP mode:
fwsm(config)# show ftpftp mode passiveRelated Commands
show gc
To display the garbage collection process statistics, use the show gc command.
show gc
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display garbage collection process statistics:
fwsm(config)# show gcGarbage collection process stats:Total tcp conn delete response : 0Total udp conn delete response : 0Total number of zombie cleaned : 0Total number of embryonic conn cleaned : 0Total error response : 0Total queries generated : 0Total queries with conn present response : 0Total number of sweeps : 946Total number of invalid vcid : 0Total number of zombie vcid : 0Related Commands
show global
To display the global commands in the configuration, use the show global command.
show global
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode
Command History
Examples
This example shows how to display the global commands:
fwsm/context_name(config)# show globalRelated Commands
show h225
To display the H225 statistics, use the show h225 command.
show h225
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the H225 statistics:
fwsm/context_name(config)# show h225Total: 0LOCAL TPKT FOREIGN TPKTRelated Commands
show h245
To display the H245 statistics, use the show h245 command.
show h245
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This command shows how to display the H245 statistics:
fwsm/context_name(config)# show h245Total: 0LOCAL TPKT FOREIGN TPKTRelated Commands
show h323-ras
To display the H323-ras statistics, use the show h323-ras command.
show h323-ras
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This command shows how to display the H323-ras statistics:
fwsm/context_name(config)# show h323-rasTotal: 0GK CallerRelated Commands
show history
To display the previously entered commands, use the show history command.
show history
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: Unprivileged
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The show history command allows you to display previously entered commands. You can examine commands individually with the up and down arrows, enter ^p to display previously entered lines, or enter ^n to display the next line.
Examples
This example shows how to display previously entered commands when you are in unprivileged mode:
fwsm> show historyshow historyhelpshow historyThis example shows how to display previously entered commands when you are in privileged mode:
fwsm/context_name(config)# show historyshow historyhelpshow historyenableshow historyThis example shows how to display previously entered commands when you are in configuration mode:
fwsm(config)# show historyshow historyhelpshow historyenableshow historyconfig t show historyshow http
To display the HTTP server information, use the show http command.
show http
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: configuration mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display HTTP server information:
fwsm/context_name(config)# show httphttp server disabledRelated Commands
show hw
To display the FWSM hardware version, use the show hw command.
show hw
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the FWSM hardware version:
fwsm/context_name(config)# show hwFWSM Firewall Version 2.2(0)141c6000-fwm-2-1-0-141 #126: Wed Jun 18 16:31:27 MDT 2003msgreene@boulder-view3:/users/msgreene/projects/firecat/mainline/XFWSM/objsw8fx1 up 1 hour 9 minsConfiguration last modified by enable_15 at 12:46:55 Jul 18 2003Related Commands
show icmp
To display the ICMP information, use the show icmp command.
show icmp
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display ICMP information:
fwsm/context_name(config)# show icmpicmp permit any mgmtRelated Commands
show igmp
To display the Internet Group Management Protocol (IGMP) information for a multicast group, whether statically configured or dynamically created, use the show igmp command.
show igmp [group | interface interface_name] [detail]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: System
Command Mode: Global
Command History
Examples
This example shows how to display the IGMP information for a multicast group:
fwsm(config)# show igmpIGMP is enabled on interface insideCurrent IGMP version is 2IGMP query interval is 60 secondsIGMP querier timeout is 125 secondsIGMP max query response time is 10 secondsLast member query response interval is 1 secondsInbound IGMP access group isIGMP activity: 0 joins, 0 leavesIGMP querying router is 10.1.3.1 (this system)IGMP Connected Group MembershipGroup Address Interface Uptime Expires Last ReportedRelated Commands
show ignore lsa mospf
To display the link-state advertisement (LSA) for type 6 Multicast OSPF (MOSPF) packets that you did not want sent to the syslog, use the show ignore lsa mospf subcommand.
show ignore lsa mospf
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Examples
This example shows how to display the link-state advertisement (LSA) for type 6 Multicast OSPF (MOSPF) packets that you do not want to syslog:
fwsm/context_name(config)# show ignore lsa mospfRelated Commands
ignore lsa mospf
router ospf
show ip ospfshow interface
To display the information about the VLAN configuration, use the show interface command.
show interface [interface] [running-config | detail | stats | {ip [brief]}]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
You can use this command to display the status of interfaces. You can specify the id (as either the VLAN or the mapped name) or the name of the interface. The interface argument identifies a particular interface.
The dropped packets statistic in the display shows a record of those packets that arrived on the interface, but were not destined for the FWSM. These packets include traffic flooded by the switch, multicast and broadcast traffic (unless the FWSM is configured to relay those) and packets that fail sanity checks such as incorrect IP length versus Layer 2 length or checksums. This counter does not record packets dropped by the security policy.
Examples
This example shows how to display the interface activity:
fwsm(config)# show interfaceInterface int450 "", is administratively down, line protocol is upAvailable but not configured via nameifInterface int901 "share1", is administratively down, line protocol is downAvailable but not assigned from SupervisorMAC address 0005.9a38.7400, MTU 1500IP address 1.1.1.1, subnet mask 255.255.0.0Received 0 packets, 0 bytesTransmitted 0 packets, 0 bytesDropped 0 packetsInterface int902 "", is administratively down, line protocol is downAvailable but not assigned from Supervisor or configured via nameifInterface Vlan10 "mgmt", is up, line protocol is upMAC address 0005.9a38.7400, MTU 1500IP address 10.7.12.1, subnet mask 255.255.0.0Received 565 packets, 109547 bytesTransmitted 0 packets, 0 bytesDropped 812 packetsInterface Vlan40 "outside", is administratively down, line protocol is upMAC address 0005.9a38.7400, MTU 1500IP address 40.7.12.1, subnet mask 255.255.0.0Received 0 packets, 0 bytesTransmitted 0 packets, 0 bytesDropped 0 packetsInterface Vlan41 "inside", is administratively down, line protocol is downMAC address 0005.9a38.7400, MTU 1500IP address 41.7.12.1, subnet mask 255.255.0.0Received 0 packets, 0 bytesTransmitted 0 packets, 0 bytesDropped 0 packetsIn this context:int450 = vlan450 - trunked from the cat6k, but no nameif has been doneint901 = vlan901 - NOT trunked from cat6k and a nameif has been doneint902 = vlan902 - NOT trunked from cat6k but no nameif has been donevlan10 - trunked and nameif'dvlan40 - trunked and namei'd, but shutvlan41 - trunked and nameif'd, but the vlan has been shut from system.fwsm(config)#This example shows how to display the interface statistics:
fwsm(config)# show interface vlan10 statsInterface vlan10 "", is administratively down, line protocol is upMAC address 0000.0000.0000, MTU 0IP address 127.0.0.1, subnet mask 255.255.255.255Received 0 packets, 0 bytesTransmitted 0 packets, 0 bytesDropped 0 packetsRelated Commands
clear interface stats
interfaceshow ip address
To display the IP addresses that are assigned to the network interfaces, use the show ip address command.
show ip address [interface_name]
Syntax Description
interface_name
(Optional) Specifies an interface name to display detailed information; valid values are dhcp and pppoe.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode and multiple context mode
Access Location: context command line
Command Mode: privileged mode
Firewall Mode: routed firewall mode and transparent firewall mode
Command History
Usage Guidelines
The dhcp keyword displays detailed information about the Dynamic Host Configuration Protocol (DHCP) lease.
The pppoe keyword displays detailed information about the Point-to-Point Protocol Over Ethernet (PPPOE) connection.
Examples
This example shows how to display the IP addresses assigned to the network interfaces:
fwsm(config)# show ip addressSystem IP Addresses:ip address outside 209.165.201.2 255.255.255.224ip address inside 192.168.2.1 255.255.255.0ip address perimeter 192.168.70.3 255.255.255.0Current IP Addresses:ip address outside 209.165.201.2 255.255.255.224ip address inside 192.168.2.1 255.255.255.0ip address perimeter 192.168.70.3 255.255.255.0The current IP addresses are the same as the system IP addresses on the failover active module. When the primary module fails, the current IP addresses become the IP addresses of the standby module.
Related Commands
clear ip address
clear ip verify reverse-path
ip address
ip prefix-list
ip verify reverse-path
show ip address
show ip verifyshow ip ospf
To display the general information about the OSPF routing processes, use the show ip ospf command.
show ip ospf [pid]
Syntax Description
Defaults
Lists all OSPF processes if no pid is specified.
Command Modes
Security Context Mode: single context mode
Access Location: system and context command line
Command Mode: privileged mode
Firewall Mode: Routed
Command History
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the FWSM. You do not need to be in an OSPF configuration submode to use the OSPF-related show commands.
If the pid is included, only information for the specified routing process is included.
Examples
These examples show how to display general information about the OSPF routing processes:
fwsm(config)# show ip ospf 5Routing Process "ospf 5" with ID 127.0.0.1 and Domain ID 0.0.0.5Supports only single TOS(TOS0) routesSupports opaque LSASPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x 0Number of opaque AS LSA 0. Checksum Sum 0x 0Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 0. 0 normal 0 stub 0 nssaExternal flood list length 0fwsm(config)# show ip ospfRouting Process "ospf 5" with ID 127.0.0.1 and Domain ID 0.0.0.5Supports only single TOS(TOS0) routesSupports opaque LSASPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x 0Number of opaque AS LSA 0. Checksum Sum 0x 0Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 0. 0 normal 0 stub 0 nssaExternal flood list length 0Routing Process "ospf 12" with ID 172.23.59.232 and Domain ID 0.0.0.12Supports only single TOS(TOS0) routesSupports opaque LSASPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x 0Number of opaque AS LSA 0. Checksum Sum 0x 0Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 0. 0 normal 0 stub 0 nssaExternal flood list length 0Related Commands
clear ip ospf
ospf (interface submode)
route-map
router ospf
routing interface
show ip ospf border-routers
show ip ospf database
show ip ospf flood-list
show ip ospf interface
show ip ospf neighbor
show ip ospf request-list
show ip ospf retransmission-list
show ip ospf summary-address
show ip ospf virtual-links
show routingshow ip ospf border-routers
To display the internal OSPF routing table entries to an area border router (ABR) and autonomous system boundary router (ASBR), use the show ip ospf border-routers command.
show ip ospf border-routers
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Security Context Mode: single context mode
Access Location: system and context command line
Command Mode: privileged mode
