Table Of Contents
show debug through show ipv6 traffic Commands
show debug
show dhcprelay state
show dhcprelay statistics
show disk
show dns-hosts
show failover
show file
show firewall
show fragment
show gc
show h225
show h245
show h323-ras
show history
show idb
show igmp groups
show igmp traffic
show interface
show interface ip brief
show ip address
show ip verify statistics
show ipsec sa
show ipsec sa summary
show ipsec stats
show ipv6 access-list
show ipv6 interface
show ipv6 neighbor
show ipv6 route
show ipv6 routers
show ipv6 traffic
show debug through show ipv6 traffic Commands
show debug
To show the current debugging configuration in privileged EXEC mode, use the show debug command.
show debug [command [keywords]]
Syntax Description
command [keywords]
|
(Optional) Specifies the debug command whose current configuration you want to view. For each command, the syntax following command is identical to the syntax supported by the associated debug command. For example, valid keywords following show debug aaa are the same as the valid keywords for the debug aaa command. Thus, show debug aaa supports an accounting keyword, which lets you specify that you want to see the debugging configuration for that portion of AAA debugging.
|
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
•
|
•
|
Command History
Release
|
Modification
|
1.1(1)
|
This command was introduced.
|
Usage Guidelines
The valid command values follow. For information about valid syntax after command, see the entry for debug command, as applicable.
Note
The availability of each command value depends upon the command modes that support the applicable debug command.
•
aaa
•
appfw
•
arp
•
asdm
•
context
•
crypto
•
ctiqbe
•
ctm
•
dhcpc
•
dhcpd
•
dhcprelay
•
disk
•
dns
•
email
•
entity
•
fixup
•
fover
•
fsm
•
ftp
•
generic
•
gtp
•
h323
•
http
•
http-map
•
icmp
•
igmp
•
ils
•
imagemgr
•
ipsec-over-tcp
•
ipv6
•
iua-proxy
•
kerberos
•
ldap
•
mfib
•
mgcp
•
mrib
•
ntdomain
•
ntp
•
ospf
•
parser
•
pim
•
pix
•
pptp
•
radius
•
rip
•
rtsp
•
sdi
•
sequence
•
sip
•
skinny
•
smtp
•
sqlnet
•
ssh
•
ssl
•
sunrpc
•
tacacs
•
timestamps
•
vpn-sessiondb
•
xdmcp
Examples
The following commands enable debugging for authentication, accounting, and Flash memory. The show debug command is used in three ways to demonstrate how you can use it to view all debugging configuration, debugging configuration for a specific feature, and even debugging configuration for a subset of a feature.
hostname# debug aaa authentication
debug aaa authentication enabled at level 1
hostname# debug aaa accounting
debug aaa accounting enabled at level 1
hostname# debug disk filesystem
debug disk filesystem enabled at level 1
debug aaa authentication enabled at level 1
debug aaa accounting enabled at level 1
debug disk filesystem enabled at level 1
debug aaa authentication enabled at level 1
debug aaa authorization is disabled.
debug aaa accounting enabled at level 1
debug aaa internal is disabled.
debug aaa vpn is disabled.
hostname# show debug aaa accounting
debug aaa accounting enabled at level 1
Related Commands
Command
|
Description
|
debug
|
See all debug commands.
|
show dhcprelay state
To view the state of the DHCP relay agent, use the show dhcprelay state command in privileged EXEC or global configuration mode.
show dhcprelay state
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC or global configuration
|
•
|
—
|
•
|
•
|
—
|
Command History
Release
|
Modification
|
2.2(1)
|
This command was introduced.
|
3.1(1)
|
This command was changed from show dhcprelay.
|
Usage Guidelines
This command displays the DHCP relay agent state information for the current context and each interface.
Examples
The following is sample output from the show dhcprelay state command:
hostname# show dhcprelay state
Context Configured as DHCP Relay
Interface outside, Not Configured for DHCP
Interface infrastructure, Configured for DHCP RELAY SERVER
Interface inside, Configured for DHCP RELAY
Related Commands
Command
|
Description
|
show dhcpd
|
Displays DHCP server statistics and state information.
|
show dhcprelay statistics
|
Displays the DHCP relay statistics.
|
show running-config dhcprelay
|
Displays the current DHCP relay agent configuration.
|
show dhcprelay statistics
To display the DHCP relay statistics, use the show dhcprelay statistics command in privileged EXEC mode.
show dhcprelay statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
—
|
•
|
•
|
—
|
Command History
Release
|
Modification
|
2.2(1)
|
This command was introduced.
|
3.1(1)
|
This command was changed from show dhcprelay.
|
Usage Guidelines
The output of the show dhcprelay statistics command increments until you enter the clear dhcprelay statistics command.
Examples
The following is sample output for the show dhcprelay statistics command:
hostname# show dhcprelay statistics
DHCP UDP Unreachable Errors: 0
Related Commands
Command
|
Description
|
clear configure dhcprelay
|
Removes all DHCP relay agent settings.
|
clear dhcprelay statistics
|
Clears the DHCP relay agent statistic counters.
|
debug dhcprelay
|
Displays debug information for the DHCP relay agent.
|
show dhcprelay state
|
Displays the state of the DHCP relay agent.
|
show running-config dhcprelay
|
Displays the current DHCP relay agent configuration.
|
show disk
To display the contents of the Flash memory, use the show disk command in privileged EXEC mode.
show disk [filesys | all]
Syntax Description
filesys
|
Shows information about the compact Flash card.
|
all
|
Shows the contents of Flash memory plus the file system information,
|
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
—
|
•
|
Command History
Release
|
Modification
|
2.2(1)
|
This command was introduced.
|
Examples
The following is sample output from the show disk command:
-#- --length-- -----date/time------ path
11 1301 Feb 21 2005 18:01:34 test.cfg
12 1949 Feb 21 2005 20:13:36 test1.cfg
13 2551 Jan 06 2005 10:07:36 test2.cfg
14 609223 Jan 21 2005 07:14:18 test3.cfg
15 1619 Jul 16 2004 16:06:48 test4.cfg
16 3184 Aug 03 2004 07:07:00 old_running.cfg
17 4787 Mar 04 2005 12:32:18 test5.cfg
20 1792 Jan 21 2005 07:29:24 test6.cfg
21 7765184 Mar 07 2005 19:38:30 test7.cfg
22 1674 Nov 11 2004 02:47:52 test8.cfg
23 1863 Jan 21 2005 07:29:18 test9.cfg
24 1197 Jan 19 2005 08:17:48 test10.cfg
25 608554 Jan 13 2005 06:20:54 backupconfig.cfg
26 5124096 Feb 20 2005 08:49:28 cdisk1
27 5124096 Mar 01 2005 17:59:56 cdisk2
28 2074 Jan 13 2005 08:13:26 test11.cfg
29 5124096 Mar 07 2005 19:56:58 cdisk3
30 1276 Jan 28 2005 08:31:58 lead
31 7756788 Feb 24 2005 12:59:46 asdmfile.dbg
32 7579792 Mar 08 2005 11:06:56 asdmfile1.dbg
33 7764344 Mar 04 2005 12:17:46 asdmfile2.dbg
34 5124096 Feb 24 2005 11:50:50 cdisk4
35 15322 Mar 04 2005 12:30:24 hs_err.log
10170368 bytes available (52711424 bytes used)
The following is sample output from the show disk filesys command:
hostname# show disk filesys
******** Flash Card Geometry/Format Info ********
COMPACT FLASH CARD GEOMETRY
COMPACT FLASH CARD FORMAT
Number of Data Sectors 122976
Related Commands
Command
|
Description
|
dir
|
Displays the directory contents.
|
show dns-hosts
To show the DNS cache, use the show dns-hosts command in privileged EXEC mode.The DNS cache includes dynamically learned entries from a DNS server as well as manually entered name and IP addresses using the name command.
show dns-hosts
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
•
|
—
|
Command History
Release
|
Modification
|
3.1(1)
|
This command was introduced.
|
Usage Guidelines
See the "Examples" section for a description of the display output.
Examples
The following is sample output from the show dns-hosts command:
Host Flags Age Type Address(es)
ns2.example.com (temp, OK) 0 IP 10.102.255.44
ns1.example.com (temp, OK) 0 IP 192.168.241.185
snowmass.example.com (temp, OK) 0 IP 10.94.146.101
server.example.com (temp, OK) 0 IP 10.94.146.80
The show dns-hosts field descriptions are as follows:
Field
|
Description
|
Host
|
Shows the hostname.
|
Flags
|
Shows the entry status, as a combination of the following:
• temp—This entry is temporary because it comes from a DNS server. The FWSM removes this entry after 72 hours of inactivity.
• perm—This entry is permanent because it was added with the name command.
• OK—This entry is valid.
• ??—This entry is suspect and needs to be revalidated.
• EX—This entry is expired.
|
Age
|
Shows the number of hours since this entry was last referenced.
|
Type
|
Shows the type of DNS record; this value is always IP.
|
Address(es)
|
The IP addresses.
|
Related Commands
Command
|
Description
|
clear dns-hosts cache
|
Clears the DNS cache.
|
dns domain-lookup
|
Enables the FWSM to perform a name lookup.
|
dns name-server
|
Configures a DNS server address.
|
dns retries
|
Specifies the number of times to retry the list of DNS servers when the FWSM does not receive a response.
|
dns timeout
|
Specifies the amount of time to wait before trying the next DNS server.
|
show failover
To display information about the failover status of the unit, use the show failover command in privileged EXEC mode.
show failover [group num | history | interface | state | statistics]
Syntax Description
group
|
Displays the running state of the specified failover group.
|
history
|
Displays failover history. The failover history displays past failover state changes and the reason for the state change.
|
interface
|
Displays failover command and stateful link information.
|
num
|
Failover group number.
|
state
|
Displays the failover state of both failover units. The information displayed includes the primary or secondary status of the unit, the Active/Standby status of the unit, and, if a unit is in the failed state, the reason for the failure.
|
statistics
|
Displays transmit and receive packet count of failover command interface.
|
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
•
|
•
|
Command History
Release
|
Modification
|
1.1(1)
|
This command was introduced.
|
2.1(1)
|
Support for the Autostate feature and suspend configuration synchronization were added.
|
3.1(1)
|
This command was modified to include failover groups. The output includes additional information.
|
Usage Guidelines
The show failover command displays the dynamic failover information, interface status, and Stateful Failover statistics. The Stateful Failover Logical Update Statistics output appears only when Stateful Failover is enabled. The "xerr" and "rerr" values do not indicate errors in failover, but rather the number of packet transmit or receive errors.
In the show failover command output, the fields have the following values:
•
Stateful Obj has these values:
–
xmit—Indicates the number of packets transmitted.
–
xerr—Indicates the number of transmit errors.
–
rcv—Indicates the number of packets received.
–
rerr—Indicates the number of receive errors.
•
Each row is for a particular object static count as follows:
–
General—Indicates the sum of all stateful objects.
–
sys cmd—Refers to the logical update system commands, such as login or stay alive.
–
up time—Indicates the value for the FWSM up time, which the active FWSM passes on to the standby FWSM.
–
RPC services—Remote Procedure Call connection information.
–
TCP conn—Dynamic TCP connection information.
–
UDP conn—Dynamic UDP connection information.
–
ARP tbl—Dynamic ARP table information.
–
Xlate_Timeout—Indicates connection translation timeout information.
–
VPN IKE upd—IKE connection information.
–
VPN IPSEC upd—IPSec connection information.
–
VPN CTCP upd—cTCP tunnel connection information.
–
VPN SDI upd—SDI AAA connection information.
–
VPN DHCP upd—Tunneled DHCP connection information.
If you do not enter a failover IP address, the show failover command displays 0.0.0.0 for the IP address, and monitoring of the interfaces remain in a "waiting" state. You must set a failover IP address for failover to work.
In multiple configuration mode, only the show failover command is available in a security context; you cannot enter the optional keywords.
Examples
The following is sample output from the show failover command for Active/Standby Failover.
Failover LAN Interface: fover Vlan 101 (up)
Unit Poll frequency 1 seconds, holdtime 3 seconds
Interface Poll frequency 15 seconds
Monitored Interfaces 2 of 250 maximum
failover replication http
Last Failover at: 22:44:03 UTC Dec 8 2004
This host: Primary - Active
Interface inside (10.130.9.3): Normal
Interface outside (10.132.9.3): Normal
Other host: Secondary - Standby Ready
Interface inside (10.130.9.4): Normal
Interface outside (10.132.9.4): Normal
Stateful Failover Logical Update Statistics
Link : fover Vlan 101 (up)
Stateful Obj xmit xerr rcv rerr
Logical Update Queue Information
The following is sample output from the show failover command for Active/Active Failover.
Failover LAN Interface: third Vlan 101(up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 4 seconds
Monitored Interfaces 8 of 250 maximum
failover replication http
Group 1 last failover at: 13:40:18 UTC Dec 9 2004
Group 2 last failover at: 13:40:06 UTC Dec 9 2004
Group 2 State: Standby Ready
admin Interface outside (10.132.8.5): Normal
admin Interface third (10.132.9.5): Normal
admin Interface inside (10.130.8.5): Normal
admin Interface fourth (10.130.9.5): Normal
ctx1 Interface outside (10.1.1.1): Normal
ctx1 Interface inside (10.2.2.1): Normal
ctx2 Interface outside (10.3.3.2): Normal
ctx2 Interface inside (10.4.4.2): Normal
Group 1 State: Standby Ready
admin Interface outside (10.132.8.6): Normal
admin Interface third (10.132.9.6): Normal
admin Interface inside (10.130.8.6): Normal
admin Interface fourth (10.130.9.6): Normal
ctx1 Interface outside (10.1.1.2): Normal
ctx1 Interface inside (10.2.2.2): Normal
ctx2 Interface outside (10.3.3.1): Normal
ctx2 Interface inside (10.4.4.1): Normal
Stateful Failover Logical Update Statistics
Link : third Vlan 101 (up)
Stateful Obj xmit xerr rcv rerr
Logical Update Queue Information
Related Commands
Command
|
Description
|
show running-config failover
|
Displays the failover commands in the current configuration.
|
show file
To display information about the file system, use the show file command in privileged EXEC mode.
show file descriptors | system | information filename
Syntax Description
descriptors
|
Displays all open file descriptors.
|
information
|
Displays information about a specific file.
|
filename
|
Specifies the filename.
|
system
|
Displays the size, bytes available, type of media, flags, and prefix information about the disk file system.
|
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
•
|
•
|
Command History
Release
|
Modification
|
3.1(1)
|
Support for this command was introduced.
|
Examples
The following example shows how to display the file system information:
hostname# show file descriptors
hostname# show file system
Size(b) Free(b) Type Flags Prefixes
* 60985344 60973056 disk rw disk:
Related Commands
Command
|
Description
|
dir
|
Displays the directory contents.
|
pwd
|
Displays the current working directory.
|
show firewall
To show the current firewall mode (routed or transparent), use the show firewall command in privileged EXEC mode.
show firewall
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
•
|
•
|
Command History
Release
|
Modification
|
2.2(1)
|
This command was introduced.
|
3.1(1)
|
In the system execution space, this command now shows the firewall mode for each context. You can now set the firewall mode independently for each context.
|
Examples
The following is sample output from the show firewall command in single mode or within a context:
The following is sample output from the show firewall command within a context:
-------------------------
Related Commands
Command
|
Description
|
firewall transparent
|
Sets the firewall mode.
|
show mode
|
Shows the current context mode, either single or multiple.
|
show fragment
To display the operational data of the IP fragment reassembly module, enter the show fragment command in privileged EXEC mode.
show fragment [interface]
Syntax Description
interface
|
(Optional) Specifies the FWSM interface.
|
Defaults
If an interface is not specified, the command applies to all interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC mode
|
·
|
·
|
·
|
·
|
|
Command History
Release
|
Modification
|
1.1(1)
|
This command was introduced.
|
3.1(1)
|
The command was separated into two commands, show fragment and show running-config fragment, to separate the configuration data from the operational data.
|
Examples
This example shows how to display the operational data of the IP fragment reassembly module:
Size: 200, Chain: 24, Timeout: 5, Threshold: 133
Queue: 0, Assembled: 0, Fail: 0, Overflow: 0
Size: 200, Chain: 24, Timeout: 5, Threshold: 133
Queue: 0, Assembled: 0, Fail: 0, Overflow: 0
Size: 200, Chain: 24, Timeout: 5, Threshold: 133
Queue: 0, Assembled: 0, Fail: 0, Overflow: 0
Size: 200, Chain: 24, Timeout: 5, Threshold: 133
Queue: 0, Assembled: 0, Fail: 0, Overflow: 0
Related Commands
Command
|
Description
|
clear configure fragment
|
Clears the IP fragment reassembly configuration and resets the defaults.
|
clear fragment
|
Clears the operational data of the IP fragment reassembly module.
|
fragment
|
Provides additional management of packet fragmentation and improves compatibility with NFS.
|
show running-config fragment
|
Displays the IP fragment reassembly configuration.
|
show gc
To display the garbage collection process statistics, use the show gc command in privileged EXEC mode.
show gc
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command Mode
|
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
Privileged EXEC
|
•
|
•
|
•
|
•
|
•
|
Command History
Release
|
Modification
|
1.1(1)
|
This command was introduced.
|
Examples
The following is sample output from the show gc command:
Garbage collection process stats:
Total tcp conn delete response : 0
Total udp conn delete response : 0
Total number of zombie cleaned : 0
Total number of embryonic conn cleaned : 0
Total queries generated : 0
Total queries with conn present response : 0
Total number of sweeps : 946
Total number of invalid vcid : 0
Total number of zombie vcid : 0
Related Commands
Command
|
Description
|
clear gc
|
Removes the garbage collection process statistics.
|
show h225
To display information for H.225 sessions established across the FWSM, use the show h225 command in privileged EXEC mode.
show h225
Syntax Description
This command has no arguments or keywords.